Doc

Fix extrafieldsline insert

.travis.yml

@@ -2,6 +2,7 @@
 # from Dolibarr GitHub repository.
 # For syntax, see http://about.travis-ci.org/docs/user/languages/php/
 
+dist: precise
 sudo: required
 
 language: php
@@ -10,7 +11,7 @@ php:
 - '5.3'
 - '5.4'
 - '5.5'
-- '5.6'
+- '5.6.29'
 - '7.0'
 - '7.1'
 - nightly

ChangeLog

@@ -2,6 +2,84 @@
 English Dolibarr ChangeLog
 --------------------------------------------------------------
 
+***** ChangeLog for 5.0.6 compared to 5.0.5 *****
+FIX: Removed a bad symbolic link into custom directory.
+FIX: Renaming a resouce ref rename also the directory of attached files.
+
+***** ChangeLog for 5.0.5 compared to 5.0.4 *****
+FIX: #7075 : bad path for document
+FIX: #7156
+FIX: #7173
+FIX: #7224
+FIX: #7226
+FIX: #7239
+FIX: add supplierproposaldet without price (new product)
+FIX: amount overlap other amount when a pagebreak is done due to an image at the bottom of page.
+FIX: Bad tax calculation with expense report
+FIX: Best buy price calculation
+FIX: Buying prices must always be in positive value.
+FIX: calculate correct remain to pay for planned bank transactions
+FIX: delete linked element on facture rec
+FIX: edit sociale was emptying label
+FIX: Error when updating thirdparty not returned
+FIX: holidays with postgresql like on rowid integer
+FIX: id of user not saved when making a payment of expense report
+FIX: invoice page list
+FIX: invoice situation VAT total rounding into PDF crabe
+FIX: PgSQL compatibility.
+FIX: remove order rights on invoice page
+FIX: status were wrong on product referent list
+FIX: supplier id was not passed to hooks
+FIX: Support of vat code when using price per customer
+FIX: User id correction on holiday request
+FIX: value of user id filled to 0 in llx_bank_url when recording an expense report.
+FIX: we have to check if contact doesn't already exist on add_contact() function
+FIX: We should be able to insert data with value '0' into const
+FIX: install process with DoliWamp
+
+***** ChangeLog for 5.0.4 compared to 5.0.3 *****
+FIX: #5640 Prices of a predefined product/service were incorrect under certain circumstances
+FIX: #6541 since 4.0.4 to 5.0.0 autofill zip/town not working
+FIX: #6880 #6925
+FIX: #6885
+FIX: #6926
+FIX: #7003
+FIX: #7012
+FIX: #7040
+FIX: #7048 #6075
+FIX: Can set supplier invoice to billed.
+FIX: Can't create invoice if PO disapproved
+FIX: contratligne update
+FIX: CVE-2017-7886
+FIX: default param
+FIX: Line of invoices not inserted when using POS module and VAT NPR.
+FIX: origin & originid on supplierproposal
+FIX: Redirect to payment page from member subscription page failed if a unique security key was defined.
+FIX: REST api to get project when user has permission to read all.
+FIX: situation_progress param default value must be 100 and not 0
+FIX: SQL injection on user/index.php parameter search_statut.
+FIX: vat code not saved during product creation.
+FIX: Warnings
+
+***** ChangeLog for 5.0.3 compared to 5.0.2 *****
+FIX: #6677 Expired contracts dashboard box does not show the name of the thirdparty
+FIX: #6813
+FIX: 6863
+FIX: #6877
+FIX: #6881
+FIX: Better sanitizing of search all parameter.
+FIX: Correction with author and validator user on orders
+FIX: dialog window with md theme must not be hidden by left menu part.
+FIX: doactions hook missing in invoice model page
+FIX: Fullname when member is a moral entity with no name.
+FIX: Link to files on bank account tab broken with multicompany FIX: Link to preview on thirdparty broken with multicompany
+FIX: New vat code not correctly implemented if "1 price per customer".
+FIX: Pagination of invoices
+FIX: pagination on resources
+FIX: REST API not possible to add agendaevents
+FIX: situation invoice broken due to the all percent application form inside addline form
+FIX: SQL injection on user/index.php parameter search_statut.
+FIX: XSS
 
 ***** ChangeLog for 5.0.2 compared to 5.0.1 *****
 FIX: #6468 + Fix missing translation
@@ -215,7 +293,29 @@ Dolibarr better:
 - Method commande->set_availability(user, availability_id) removed from commande class, use method commande->availability(availability_id, notrigger).
 
 Dolibarr 5.0 was frozen before PHP 7.1 was released. Unit tests are successful on PHP 7.1 but we don't have enough
-feedback to confirm all application is compatible. Current officiel supported PHP versions are PHP 5.3 to 7.0.
+feedback to confirm whole application is compatible. Current officiel supported PHP versions are PHP 5.3 to 7.0.
+
+
+***** ChangeLog for 4.0.6 to 4.0.5 *****
+FIX: #6613 Default subject for Supplier proposal emails is filled with a non-existing key
+FIX: #6623 User card shows "Return to list" link even if the user has no rights to list users
+FIX: #6636 Complete fix
+FIX: #6669 User with no permission to edit customer invoices can see a edit button in project entry
+FIX: #6671 Cannot remove thirdparty type with "#" in its name
+FIX: #6673 Missing "nature" table header in thirdparty list
+FIX: #6675 Restricted user with no agenda permissions can see a button to create appointment in thirdparty contact list
+FIX: #6677 Expired contracts dashboard box does not show the name of the thirdparty
+FIX: #6679 User with restricted supplier invoice permissions can edit project, payment conditions, payment mode
+FIX: #6680 User with restricted supplier invoice permissions sees "reopen" button even if he has no permission to do it
+FIX: #6813
+FIX: Correction with author and validator user on orders
+FIX: doactions hook missing in invoice model page
+FIX: dont get empty "Incoterms : - " string if no incoterm
+FIX: dont lose supplier ref if no supplier price in database
+FIX: forgotten parameter for right multicompany use
+FIX: global $dateSelector isn't the good one, then date selector on objectline_create tpl was hidden
+FIX: limit+1 dosn't show Total line
+FIX: supplier order line were always created with rang = 0
 
 
 ***** ChangeLog for 4.0.5 to 4.0.4 *****
@@ -441,7 +541,7 @@ NEW: Disabled users are striked.
 NEW: Enhance navigation of project module
 NEW: fichinter lines ordered by rang AND DATE
 NEW: hidden conf to use input file multiple from mail form
-NEW: hidden feature: SUPPLIERORDER_WITH_NOPRICEDEFINED allow supplier order even if no supplier price defined
+NEW: hidden feature: SUPPLIER_ORDER_WITH_NOPRICEDEFINED allow supplier order even if no supplier price defined
 NEW: Hidden option MAIN_LANDING_PAGE to choose the first page to show after login works as a "global" option (llx_const) and as a "per user" option (llx_user_param).
 NEW: Holiday is a now a RH module. All RH module provides by default visilibity on users of its hierarchy.
 NEW: If error is reported during migration process, you can ignore it to avoid to be locked.

build/debian/source/lintian-overrides

@@ -4,7 +4,12 @@ dolibarr: source-contains-prebuilt-javascript-object htdocs/includes/jsgantt/*
 dolibarr: source-contains-prebuilt-javascript-object htdocs/includes/jstz/*
 # Those are false positives, the files are their own sources since
 # they are not minified
-source-is-missing htdocs/includes/jsgantt/jsgantt.js *
-source-is-missing htdocs/includes/jquery/plugins/colorpicker/jquery.colorpicker.js *
-source-is-missing htdocs/includes/jquery/plugins/select2/select2.js *
-source-is-missing htdocs/includes/jquery/plugins/select2/select2_locale_ar.js *
+source-is-missing htdocs/includes/ckeditor/ckeditor/plugins/a11yhelp/dialogs/lang/*.js
+source-is-missing htdocs/includes/ckeditor/ckeditor/plugins/specialchar/dialogs/lang/*.js
+source-is-missing htdocs/includes/ckeditor/ckeditor/lang/*.js
+source-is-missing htdocs/includes/ckeditor/ckeditor/plugins/*/dialogs/*.js
+source-is-missing htdocs/includes/ckeditor/ckeditor/plugins/*/filter/*.js
+source-is-missing htdocs/includes/ckeditor/ckeditor/plugins/templates/templates/default.js
+source-is-missing htdocs/includes/mobiledetect/mobiledetectlib/Mobile_Detect.json
+source-is-missing htdocs/includes/restler/framework/Luracast/Restler/explorer/lib/*.js
+

build/exe/doliwamp/doliwamp.iss

@@ -353,10 +353,12 @@ begin
     begin
       // TODO Copy file or ask to install package ?
       //CustomMessage('YouWillInstallDoliWamp')+#13#13
-      MsgBox('The package vcredist_x86.exe must have been installed first. It seems it is not. Please install it first from <a href="http://ccc">http://www.microsoft.com/en-us/download/details.aspx?id=30679</a> then restart DoliWamp installation/upgrade.',mbInformation,MB_OK);
+      MsgBox('The package vcredist_x86.exe must have been installed first. It seems it is not. Please install it first from <a href="http://www.microsoft.com/en-us/download/details.aspx?id=30679">http://www.microsoft.com/en-us/download/details.aspx?id=30679</a> then restart DoliWamp installation/upgrade.',mbInformation,MB_OK);
     end;
-
-
+	// Pb seems similar with msvcp110.dll
+	//vcredist_x64.exe
+	
+	
     // If we have a new database version, we should only copy old my.ini file into new directory
     // and change only all basedir= strings to use new version. Like this, data dir is still correct.
     // Install of service and stop/start scripts are already rebuild by installer.

build/exe/doliwamp/install.forced.php.install

@@ -5,7 +5,7 @@
 // during install process to be used.
 //
 //
-$force_install_noedit=2;
+$force_install_noedit=2;		// 1=To block vars specific to distrib, 2 to block all technical parameters
 $force_install_message='KeepDefaultValuesWamp';
 $force_install_main_data_root='WAMPROOT/dolibarr_documents';
 $force_install_type='mysqli';

build/generate_filelist_xml.php

@@ -40,7 +40,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
  * Main
  */
 
-if (empty($argv[1])) 
+if (empty($argv[1]))
 {
     print "Usage: ".$script_file." release=x.y.z\n";
     exit -1;
@@ -54,7 +54,7 @@ if ($release != DOL_VERSION)
 }
 
 //$outputfile=dirname(__FILE__).'/../htdocs/install/filelist-'.$release.'.xml';
-$outputdir=dirname(__FILE__).'/../htdocs/install';
+$outputdir=dirname(dirname(__FILE__)).'/htdocs/install';
 print 'Delete current files '.$outputdir.'/filelist*.xml'."\n";
 dol_delete_file($outputdir.'/filelist*.xml',0,1,1);
 

build/makepack-dolibarr.pl

@@ -14,12 +14,12 @@
 #----------------------------------------------------------------------------
 
 use Cwd;
-
+use Term::ANSIColor;
 
 # Change this to defined target for option 98 and 99
 $PROJECT="dolibarr";
 $PUBLISHSTABLE="eldy,dolibarr\@frs.sourceforge.net:/home/frs/project/dolibarr";
-$PUBLISHBETARC="ldestailleur\@asso.dolibarr.org:/home/dolibarr/dolibarr.org/httpdocs/files";
+$PUBLISHBETARC="ldestailleur\@vmprod.dolibarr.org:/home/dolibarr/dolibarr.org/httpdocs/files";
 
 
 #@LISTETARGET=("TGZ","ZIP","RPM_GENERIC","RPM_FEDORA","RPM_MANDRIVA","RPM_OPENSUSE","DEB","APS","EXEDOLIWAMP","SNAPSHOT");   # Possible packages
@@ -313,20 +313,6 @@ foreach my $target (sort keys %CHOOSEDTARGET) {
 
 print "\n";
 
-# Build xml check file
-#-----------------------
-if ($CHOOSEDTARGET{'-CHKSUM'})
-{
-   	print 'Create xml check file with md5 checksum with command php '.$SOURCE.'/build/generate_filecheck_xml.php release='.$MAJOR.'.'.$MINOR.'.'.$BUILD."\n";
-  	$ret=`php $SOURCE/build/generate_filelist_xml.php release=$MAJOR.$MINOR.$BUILD`;
-  	print $ret."\n";
-  	# Copy to final dir
-  	$NEWDESTI=$DESTI;
-	print "Copy \"$SOURCE/htdocs/install/filelist-$MAJOR.$MINOR.$BUILD.xml\" to $NEWDESTI/signatures/filelist-$MAJOR.$MINOR.$BUILD.xml\n";
-    use File::Copy qw(copy);
-    copy "$SOURCE/htdocs/install/filelist-$MAJOR.$MINOR.$BUILD.xml", "$NEWDESTI/signatures/filelist-$MAJOR.$MINOR.$BUILD.xml";
-}
-
 
 #print join(',',sort keys %CHOOSEDTARGET)."\n";
 
@@ -335,7 +321,10 @@ if ($CHOOSEDTARGET{'-CHKSUM'})
 $nboftargetok=0;
 $nboftargetneedbuildroot=0;
 $nbofpublishneedtag=0;
+$nbofpublishneedchangelog=0;
+
 foreach my $target (sort keys %CHOOSEDTARGET) {
+	if ($target eq '-CHKSUM') { $nbofpublishneedchangelog++; }
 	if ($CHOOSEDTARGET{$target} < 0) { next; }
 	if ($target ne 'EXE' && $target ne 'EXEDOLIWAMP' && $target ne '-CHKSUM') 
 	{
@@ -345,34 +334,31 @@ foreach my $target (sort keys %CHOOSEDTARGET) {
 }
 foreach my $target (sort keys %CHOOSEDPUBLISH) {
 	if ($CHOOSEDPUBLISH{$target} < 0) { next; }
-	if ($target eq 'ASSO') { $nbofpublishneedtag++; }
-	if ($target eq 'SF') { $nbofpublishneedtag++; }
+	if ($target eq 'ASSO') { $nbofpublishneedchangelog++; }
+	if ($target eq 'SF') { $nbofpublishneedchangelog++; $nbofpublishneedtag++; }
 	$nboftargetok++;
 }
 
+
 if ($nboftargetok) {
 
-	# Update GIT tag if required
-	#---------------------------
-	if ($nbofpublishneedtag)
+	# Check Changelog
+	#----------------
+	if ($nbofpublishneedchangelog)
 	{
-		print "Go to directory $SOURCE\n";
-		$olddir=getcwd();
-		chdir("$SOURCE");
-		
 		# Test that the ChangeLog is ok
 		$TMPBUILDTOCHECKCHANGELOG=$BUILD;
 		$TMPBUILDTOCHECKCHANGELOG =~ s/\-rc\d*//;
 		$TMPBUILDTOCHECKCHANGELOG =~ s/\-beta\d*//;
-		print "Check if ChangeLog is ok for version $MAJOR.$MINOR\.$TMPBUILDTOCHECKCHANGELOG\n";
+		print "\nCheck if ChangeLog is ok for version $MAJOR.$MINOR\.$TMPBUILDTOCHECKCHANGELOG\n";
 		$ret=`grep "ChangeLog for $MAJOR.$MINOR\.$TMPBUILDTOCHECKCHANGELOG" "$SOURCE/ChangeLog" 2>&1`;
 		if (! $ret)
 		{
-			print "Error: The ChangeLogFile was not updated. Run the following command before building package for $MAJOR.$MINOR.$BUILD:\n";
+			print color("yellow"), "Error: The ChangeLogFile was not updated. Run the following command before building package for $MAJOR.$MINOR.$BUILD:\n", color('reset');
 		}
 		else
 		{
-			print "ChangeLog for $MAJOR.$MINOR\.$BUILD was found into '$SOURCE/ChangeLog. But you can regenerate it with commande:'\n";
+			print "ChangeLog for $MAJOR.$MINOR\.$BUILD was found into '$SOURCE/ChangeLog. But you can regenerate it with command:'\n";
 		}
 		if (! $BUILD || $BUILD eq '0-rc')	# For a major version
 		{
@@ -385,9 +371,39 @@ if ($nboftargetok) {
 		print "\n";
 		if (! $ret)
 		{
-			exit;
+			print "\nPress F to force and continue anyway (or other key to stop)... ";
+			my $WAITKEY=<STDIN>;
+			chomp($WAITKEY);
+			if ($WAITKEY ne 'F')
+			{
+				print "Canceled.\n";
+				exit;
+			}
 		}
-			
+	}
+		
+	# Build xml check file
+	#-----------------------
+	if ($CHOOSEDTARGET{'-CHKSUM'})
+	{
+	   	print 'Create xml check file with md5 checksum with command php '.$SOURCE.'/build/generate_filecheck_xml.php release='.$MAJOR.'.'.$MINOR.'.'.$BUILD."\n";
+	  	$ret=`php $SOURCE/build/generate_filelist_xml.php release=$MAJOR.$MINOR.$BUILD`;
+	  	print $ret."\n";
+	  	# Copy to final dir
+	  	$NEWDESTI=$DESTI;
+		print "Copy \"$SOURCE/htdocs/install/filelist-$MAJOR.$MINOR.$BUILD.xml\" to $NEWDESTI/signatures/filelist-$MAJOR.$MINOR.$BUILD.xml\n";
+	    use File::Copy qw(copy);
+	    copy "$SOURCE/htdocs/install/filelist-$MAJOR.$MINOR.$BUILD.xml", "$NEWDESTI/signatures/filelist-$MAJOR.$MINOR.$BUILD.xml";
+	}
+
+	# Update GIT tag if required
+	#---------------------------
+	if ($nbofpublishneedtag)
+	{
+		print "Go to directory $SOURCE\n";
+		$olddir=getcwd();
+		chdir("$SOURCE");
+		
 		print 'Run git tag -a -m "'.$MAJOR.'.'.$MINOR.'.'.$BUILD.'" "'.$MAJOR.'.'.$MINOR.'.'.$BUILD.'"'."\n";
 		$ret=`git tag -a -m "$MAJOR.$MINOR.$BUILD" "$MAJOR.$MINOR.$BUILD" 2>&1`;
 		if ($ret =~ /(already exists|existe déjà)/)
@@ -517,6 +533,7 @@ if ($nboftargetok) {
 		$ret=`rm -fr $BUILDROOT/$PROJECT/htdocs/dolimed*`;
 		$ret=`rm -fr $BUILDROOT/$PROJECT/htdocs/dolimod*`;
 		$ret=`rm -fr $BUILDROOT/$PROJECT/htdocs/factory*`;
+		$ret=`rm -fr $BUILDROOT/$PROJECT/htdocs/forceproject*`;
 		$ret=`rm -fr $BUILDROOT/$PROJECT/htdocs/lead*`;
 		$ret=`rm -fr $BUILDROOT/$PROJECT/htdocs/management*`;
 		$ret=`rm -fr $BUILDROOT/$PROJECT/htdocs/multicompany*`;
@@ -577,7 +594,9 @@ if ($nboftargetok) {
         
         print "Remove subdir of custom dir\n";
    	    print "find $BUILDROOT/$PROJECT/htdocs/custom/* -type d -exec rm -fr {} \\;\n";
-   	    $ret=`find $BUILDROOT/$PROJECT/htdocs/custom/* -type d -exec rm -fr {} \\; >/dev/null 2>&1`;	# For custom we want to keep dir
+   	    $ret=`find $BUILDROOT/$PROJECT/htdocs/custom/* -type d -exec rm -fr {} \\; >/dev/null 2>&1`;	# For custom we want to keep files only
+   	    print "find $BUILDROOT/$PROJECT/htdocs/custom/* -type l -exec rm -fr {} \\;\n";
+   	    $ret=`find $BUILDROOT/$PROJECT/htdocs/custom/* -type l -exec rm -fr {} \\; >/dev/null 2>&1`;	# For custom we want to keep files only
 	}
 
 	# Build package for each target

build/rpm/install.forced.php.fedora

@@ -1,7 +1,7 @@
 <?php
 
 $force_install_packager='rpmfedora';
-$force_install_noedit=1;	# 1 to block var specific to distrib, 2 to block every technical parameters
+$force_install_noedit=1;	// 1 to block var specific to distrib, 2 to block every technical parameters
 $force_install_message='KeepDefaultValuesDeb';
 $force_install_main_data_root='/var/lib/dolibarr/documents';
 $force_install_type='mysqli';

build/rpm/install.forced.php.generic

@@ -1,7 +1,7 @@
 <?php
 
 $force_install_packager='rpmgeneric';
-$force_install_noedit=1;	# 1 to block var specific to distrib, 2 to block every technical parameters
+$force_install_noedit=1;	// 1 to block var specific to distrib, 2 to block every technical parameters
 $force_install_message='KeepDefaultValuesDeb';
 $force_install_main_data_root='/var/lib/dolibarr/documents';
 $force_install_type='mysqli';

build/rpm/install.forced.php.mandriva

@@ -1,7 +1,7 @@
 <?php
 
 $force_install_packager='rpmmandriva';
-$force_install_noedit=1;	# 1 to block var specific to distrib, 2 to block every technical parameters
+$force_install_noedit=1;	// 1 to block var specific to distrib, 2 to block every technical parameters
 $force_install_message='KeepDefaultValuesDeb';
 $force_install_main_data_root='/var/lib/dolibarr/documents';
 $force_install_type='mysqli';

build/rpm/install.forced.php.opensuse

@@ -1,7 +1,7 @@
 <?php
 
 $force_install_packager='rpmopensuse';
-$force_install_noedit=1;	# 1 to block var specific to distrib, 2 to block every technical parameters
+$force_install_noedit=1;	// 1 to block var specific to distrib, 2 to block every technical parameters
 $force_install_message='KeepDefaultValuesDeb';
 $force_install_main_data_root='/var/lib/dolibarr/documents';
 $force_install_type='mysqli';

dev/skeletons/build_class_from_table.php

@@ -1,6 +1,7 @@
 #!/usr/bin/env php
 <?php
 /* Copyright (C) 2008-2014 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2017 Nicolas ZABOURI  <info@inovea-conseil.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -251,7 +252,7 @@ $cleanparam='';
 $i=0;
 foreach($property as $key => $prop)
 {
-	$i++;
+	
 	$addfield=1;
 	if ($prop['field'] == 'tms') $addfield=0;	// This is a field of type timestamp edited automatically
 	if ($prop['extra'] == 'auto_increment') $addfield=0;
@@ -263,6 +264,7 @@ foreach($property as $key => $prop)
 		$varprop.="';";
 		$varprop.="\n";
 	}
+	$i++;
 }
 $targetcontent=preg_replace('/\$sql \.= \' field1,\';/', $varprop, $targetcontent);
 $targetcontent=preg_replace('/\$sql \.= \' field2\';/', '', $targetcontent);
@@ -648,7 +650,7 @@ foreach ($skeletonfiles as $skeletonfile => $outfile)
     {
     	if ($prop['field'] != 'rowid' && $prop['field'] != 'id' && ! $prop['istime'])
     	{
-    	    $varprop.="print '<tr><td class=\"fieldrequired\">'.\$langs->trans(\"Field".$prop['field']."\").'</td><td>\$object->".$prop['field']."</td></tr>';\n";
+    	    $varprop.="print '<tr><td class=\"fieldrequired\">'.\$langs->trans(\"Field".$prop['field']."\").'</td><td>'.\$object->".$prop['field'].".'</td></tr>';\n";
     	}
     }
     $targetcontent=preg_replace('/LIST_OF_TD_LABEL_FIELDS_VIEW/', $varprop, $targetcontent);

dev/skeletons/skeleton_card.php

@@ -297,9 +297,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
 {
     $res = $object->fetch_optionals($object->id, $extralabels);
 
-	$head = commande_prepare_head($object);
-	dol_fiche_head($head, 'order', $langs->trans("CustomerOrder"), 0, 'order');
-		
+			
 	print load_fiche_titre($langs->trans("MyModule"));
     
 	dol_fiche_head();

dev/skeletons/skeleton_list.php

@@ -2,6 +2,7 @@
 /* Copyright (C) 2007-2016 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2014-2016 Juanjo Menent        <jmenent@2byte.es>
  * Copyright (C) 2016      Jean-François Ferry	<jfefe@aternatik.fr>
+ * Copyright (C) 2017      Nicolas ZABOURI	<info@inovea-conseil.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -440,17 +441,14 @@ while ($i < min($num, $limit))
         // Show here line of result
         print '<tr '.$bc[$var].'>';
         // LIST_OF_TD_FIELDS_LIST
-        /*
-        if (! empty($arrayfields['t.field1']['checked'])) 
-        {
-            print '<td>'.$obj->field1.'</td>';
-		    if (! $i) $totalarray['nbfield']++;
+        foreach ($arrayfields as $key => $value) {
+        	if (!empty($arrayfields[$key]['checked'])) {
+                	$key2 = str_replace('t.', '', $key);
+                	print '<td>' . $obj->$key2 . '</td>';
+                	if (!$i)
+                    	$totalarray['nbfield'] ++;
+            	}
         }
-        if (! empty($arrayfields['t.field2']['checked'])) 
-        {
-            print '<td>'.$obj->field2.'</td>';
-		    if (! $i) $totalarray['nbfield']++;
-        }*/
     	// Extra fields
 		if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label))
 		{
@@ -523,7 +521,7 @@ if (isset($totalarray['totalhtfield']))
         $i++;
         if ($i == 1)
         {
-            if ($num < $limit) print '<td align="left">'.$langs->trans("Total").'</td>';
+            if ($num < $limit && empty($offset)) print '<td align="left">'.$langs->trans("Total").'</td>';
             else print '<td align="left">'.$langs->trans("Totalforthispage").'</td>';
         }
         elseif ($totalarray['totalhtfield'] == $i) print '<td align="right">'.price($totalarray['totalht']).'</td>';

htdocs/.gitignore

@@ -4,6 +4,7 @@
 /dolimed*
 /ecommerce*
 /extensions*
+/forceproject*
 /google*
 /lead
 /multicompany*

htdocs/accountancy/journal/bankjournal.php

@@ -83,9 +83,9 @@ if ($user->societe_id > 0 && empty($id_bank_account))
 /*
  * Actions
  */
-	
+
 $error = 0;
-	
+
 $year_current = strftime("%Y", dol_now());
 $pastmonth = strftime("%m", dol_now()) - 1;
 $pastmonthyear = $year_current;
@@ -163,15 +163,16 @@ if ($result) {
 	// one line for bank jounral = tabbq
 	// one line for thirdparty journal = tabtp
 	$i = 0;
-	while ( $i < $num ) 
+	while ( $i < $num )
 	{
 		$obj = $db->fetch_object($result);
 
 		// Set accountancy code (for bank and thirdparty)
 		$compta_bank = $obj->account_number;
-		if ($obj->label == '(SupplierInvoicePayment)')
+		$compta_soc = 'NotDefined';
+		if ($obj->label == '(SupplierInvoicePayment)' || $obj->label == '(SupplierInvoicePaymentBack)')
 			$compta_soc = (! empty($obj->code_compta_fournisseur) ? $obj->code_compta_fournisseur : $account_supplier);
-		if ($obj->label == '(CustomerInvoicePayment)')
+		if ($obj->label == '(CustomerInvoicePayment)' || $obj->label == '(CustomerInvoicePaymentBack)')
 			$compta_soc = (! empty($obj->code_compta) ? $obj->code_compta : $account_customer);
 
 		$tabcompany[$obj->rowid] = array (
@@ -179,7 +180,7 @@ if ($result) {
 				'name' => $obj->name,
 		        'code_compta' => $compta_soc,
 		);
-		
+
 		$compta_user = (! empty($obj->accountancy_code) ? $obj->accountancy_code : $account_employee);
 
 		$tabuser[$obj->rowid] = array (
@@ -205,10 +206,10 @@ if ($result) {
 		if (is_array($links)) {
 		    // Now loop on each link of record in bank.
 			foreach ( $links as $key => $val ) {
-			    
+
 			    if (in_array($links[$key]['type'], array('sc', 'payment_sc', 'payment', 'payment_supplier', 'payment_vat', 'payment_expensereport')))     // So we excluded 'company' here
 			    {
-			        // We save tabtype for a future use, to remember what kind of payment it is 
+			        // We save tabtype for a future use, to remember what kind of payment it is
 			        $tabtype[$obj->rowid] = $links[$key]['type'];
 			    }
 
@@ -225,12 +226,12 @@ if ($result) {
 					$societestatic->id = $links[$key]['url_id'];
 					$societestatic->name = $links[$key]['label'];
 					$tabpay[$obj->rowid]["soclib"] = $societestatic->getNomUrl(1, '', 30);
-					$tabtp[$obj->rowid][$compta_soc] += $obj->amount;
+					if ($compta_soc) $tabtp[$obj->rowid][$compta_soc] += $obj->amount;
 				} else if ($links[$key]['type'] == 'user') {
 					$userstatic->id = $links[$key]['url_id'];
 					$userstatic->name = $links[$key]['label'];
 					$tabpay[$obj->rowid]["soclib"] = $userstatic->getNomUrl(1, '', 30);
-					$tabtp[$obj->rowid][$compta_user] += $obj->amount;
+					if ($compta_user) $tabtp[$obj->rowid][$compta_user] += $obj->amount;
 				} else if ($links[$key]['type'] == 'sc') {
 					$chargestatic->id = $links[$key]['url_id'];
 					$chargestatic->ref = $links[$key]['url_id'];
@@ -290,7 +291,7 @@ if ($result) {
 
 		$tabbq[$obj->rowid][$compta_bank] += $obj->amount;
 
-		
+
 		// Check account number is ok
 		/*if ($action == 'writebookkeeping')        // Make test now in such a case
 		{
@@ -309,7 +310,7 @@ if ($result) {
     	        setEventMessages($langs->trans('ErrorAccountancyCodeOnThirdPartyNotDefined'), null, 'errors');
     		}
 		}*/
-		
+
 		// if($obj->socid)$tabtp[$obj->rowid][$compta_soc] += $obj->amount;
 
 		$i ++;
@@ -330,16 +331,16 @@ if (! $error && $action == 'writebookkeeping') {
 
 	$error = 0;
 	foreach ( $tabpay as $key => $val ) {      // $key is rowid into llx_bank
-		
+
 	    $errorforline = 0;
-	    
+
 	    $db->begin();
-	    
+
 		// Bank
 		if (! $errorforline)
 		{
 		    // Line into bank account
-    		foreach ( $tabbq[$key] as $k => $mt ) 
+    		foreach ( $tabbq[$key] as $k => $mt )
     		{
     			if ($mt) {
         		    $bookkeeping = new BookKeeping($db);
@@ -357,10 +358,10 @@ if (! $error && $action == 'writebookkeeping') {
         			$bookkeeping->code_journal = $journal;
         			$bookkeeping->fk_user_author = $user->id;
         			$bookkeeping->date_create = $now;
-        
+
         			if ($tabtype[$key] == 'payment') {
         			    $bookkeeping->code_tiers = $tabcompany[$key]['code_compta'];
-    
+
         				$sqlmid = 'SELECT fac.facnumber';
         				$sqlmid .= " FROM " . MAIN_DB_PREFIX . "facture fac";
         				$sqlmid .= " INNER JOIN " . MAIN_DB_PREFIX . "paiement_facture as payfac ON payfac.fk_facture=fac.rowid";
@@ -374,7 +375,7 @@ if (! $error && $action == 'writebookkeeping') {
         				}
         			} else if ($tabtype[$key] == 'payment_supplier') {
         			    $bookkeeping->code_tiers = $tabcompany[$key]['code_compta'];
-    
+
         				$sqlmid = 'SELECT facf.ref_supplier, facf.ref';
         				$sqlmid .= " FROM " . MAIN_DB_PREFIX . "facture_fourn facf";
         				$sqlmid .= " INNER JOIN " . MAIN_DB_PREFIX . "paiementfourn_facturefourn as payfacf ON payfacf.fk_facturefourn=facf.rowid";
@@ -388,7 +389,7 @@ if (! $error && $action == 'writebookkeeping') {
         				}
         			} else if ($tabtype[$key] == 'payment_expensereport') {
         			    $bookkeeping->code_tiers = $tabuser[$key]['accountancy_code'];
-    
+
         				$sqlmid = 'SELECT e.ref';
         				$sqlmid .= " FROM " . MAIN_DB_PREFIX . "expensereport as e";
         				$sqlmid .= " INNER JOIN " . MAIN_DB_PREFIX . "payment_expensereport as payer ON payer.fk_expensereport=e.rowid";
@@ -400,7 +401,7 @@ if (! $error && $action == 'writebookkeeping') {
         					$bookkeeping->doc_ref = $objmid->ref; // Ref of expensereport
         				}
         			}
-        
+
         			$result = $bookkeeping->create($user);
         			if ($result < 0) {
         				if ($bookkeeping->error == 'BookkeepingRecordAlreadyExists')	// Already exists
@@ -419,7 +420,7 @@ if (! $error && $action == 'writebookkeeping') {
     			}
     		}
 		}
-		
+
 		// Third party
 		if (! $errorforline)
 		{
@@ -440,7 +441,7 @@ if (! $error && $action == 'writebookkeeping') {
         			$bookkeeping->code_journal = $journal;
         			$bookkeeping->fk_user_author = $user->id;
         			$bookkeeping->date_create = $now;
-        
+
         			if (in_array($tabtype[$key], array('sc', 'payment_sc'))) {   // If payment is payment of social contribution
         				$bookkeeping->code_tiers = '';
         				$bookkeeping->numero_compte = $k;
@@ -459,7 +460,7 @@ if (! $error && $action == 'writebookkeeping') {
         				$bookkeeping->code_tiers = $tabcompany[$key]['code_compta'];
         				$bookkeeping->numero_compte = $k;
         			} else if ($tabtype[$key] == 'payment_supplier') {           // If payment is payment of supplier invoice, we get ref of invoice
-        
+
         				$sqlmid = 'SELECT facf.ref_supplier,facf.ref';
         				$sqlmid .= " FROM " . MAIN_DB_PREFIX . "facture_fourn facf ";
         				$sqlmid .= " INNER JOIN " . MAIN_DB_PREFIX . "paiementfourn_facturefourn as payfacf ON  payfacf.fk_facturefourn=facf.rowid";
@@ -479,7 +480,7 @@ if (! $error && $action == 'writebookkeeping') {
         				//$bookkeeping->numero_compte = $conf->global->ACCOUNTING_ACCOUNT_CUSTOMER;
         				$bookkeeping->numero_compte = 'CodeNotDef';
         			}
-        
+
         			$result = $bookkeeping->create($user);
         			if ($result < 0) {
         				if ($bookkeeping->error == 'BookkeepingRecordAlreadyExists')	// Already exists
@@ -498,7 +499,7 @@ if (! $error && $action == 'writebookkeeping') {
     			}
     		}
 		}
-		
+
 		if (! $errorforline)
 		{
             $db->commit();
@@ -520,7 +521,7 @@ if (! $error && $action == 'writebookkeeping') {
 	{
 	    setEventMessages($langs->trans("GeneralLedgerSomeRecordWasNotRecorded"), null, 'warnings');
 	}
-	
+
 	$action = '';
 }
 
@@ -542,10 +543,10 @@ if ($action == 'export_csv') {
 			$date = dol_print_date($db->jdate($val["date"]), '%d%m%Y');
 
 			$reflabel = $val["ref"];
-			if ($reflabel == '(SupplierInvoicePayment)') {
+			if ($reflabel == '(SupplierInvoicePayment)' || $reflabel == '(SupplierInvoicePaymentBack)') {
 				$reflabel = $langs->trans('Supplier');
 			}
-			if ($reflabel == '(CustomerInvoicePayment)') {
+			if ($reflabel == '(CustomerInvoicePayment)' || $reflabel == '(CustomerInvoicePaymentBack)') {
 				$reflabel = $langs->trans('Customer');
 			}
 			if ($reflabel == '(SocialContributionPayment)') {
@@ -560,7 +561,7 @@ if ($action == 'export_csv') {
 			if ($reflabel == '(ExpenseReportPayment)') {
 				$reflabel = $langs->trans('Employee');
 			}
-			
+
 			$companystatic->id = $tabcompany[$key]['id'];
 			$companystatic->name = $tabcompany[$key]['name'];
 
@@ -704,7 +705,7 @@ if (empty($action) || $action == 'view') {
 	$invoicestatic = new Facture($db);
 	$invoicesupplierstatic = new FactureFournisseur($db);
 	$expensereportstatic = new ExpenseReport($db);
-	
+
 	llxHeader('', $langs->trans("FinanceJournal"));
 
 	$nom = $langs->trans("FinanceJournal") . ' - ' . $bank_code_journal->getNomUrl(1);
@@ -714,7 +715,7 @@ if (empty($action) || $action == 'view') {
 	$period = $form->select_date($date_start, 'date_start', 0, 0, 0, '', 1, 0, 1) . ' - ' . $form->select_date($date_end, 'date_end', 0, 0, 0, '', 1, 0, 1);
 
 	$varlink = 'id_account=' . $id_bank_account;
-	
+
 	report_header($nom, $nomlink, $period, $periodlink, $description, $builddate, $exportlink, array('action' => ''), '', $varlink);
 
 	/*if ($conf->global->ACCOUNTING_EXPORT_MODELCSV != 1 && $conf->global->ACCOUNTING_EXPORT_MODELCSV != 2) {
@@ -726,7 +727,7 @@ if (empty($action) || $action == 'view') {
     print '<div class="tabsAction">';
 	print '<input type="button" class="butAction" value="' . $langs->trans("WriteBookKeeping") . '" onclick="writebookkeeping();" />';
     print '</div>';
-    
+
 	// TODO Avoid using js. We can use a direct link with $param
 	print '
 	<script type="text/javascript">
@@ -769,12 +770,12 @@ if (empty($action) || $action == 'view') {
 		$date = dol_print_date($db->jdate($val["date"]), 'day');
 
 		$reflabel = $val["ref"];
-		if ($reflabel == '(SupplierInvoicePayment)') {
+		if ($reflabel == '(SupplierInvoicePayment)' || $reflabel == '(SupplierInvoicePaymentBack)') {
 			$reflabel = $langs->trans('Supplier');
 		}
-		if ($reflabel == '(CustomerInvoicePayment)') {
+		if ($reflabel == '(CustomerInvoicePayment)' || $reflabel == '(CustomerInvoicePaymentBack)') {
 			$reflabel = $langs->trans('Customer');
-		}		
+		}
 		if ($reflabel == '(SocialContributionPayment)') {
 			$reflabel = $langs->trans('SocialContribution');
 		}
@@ -787,7 +788,7 @@ if (empty($action) || $action == 'view') {
 		if ($reflabel == '(ExpenseReportPayment)') {
 			$reflabel = $langs->trans('Employee');
 		}
-		
+
 		$ref=$reflabel;
 		if ($tabtype[$key] == 'payment')
 		{
@@ -837,7 +838,7 @@ if (empty($action) || $action == 'view') {
 		$invoicestatic->ref = $val["ref"];
 		$invoicestatic->type = $val["type"];*/
 		// Bank
-		foreach ( $tabbq[$key] as $k => $mt ) 
+		foreach ( $tabbq[$key] as $k => $mt )
 		{
 		    print "<tr " . $bc[$var] . ">";
 		    print "<td><!-- Bank bank.rowid=".$key."--></td>";
@@ -896,7 +897,7 @@ if (empty($action) || $action == 'view') {
         		{
         		    print '<span class="error">'.$langs->trans("WaitAccountNotDefined").'</span>';
         		}
-				else print length_accountg($conf->global->ACCOUNTING_ACCOUNT_SUSPENSE); 
+				else print length_accountg($conf->global->ACCOUNTING_ACCOUNT_SUSPENSE);
 				print "</td>";
 				print "<td>" . $reflabel . "</td>";
 				print "<td>&nbsp;</td>";

htdocs/adherents/class/adherent.class.php

@@ -439,18 +439,18 @@ class Adherent extends CommonObject
         $sql.= ", town="   .($this->town?"'".$this->db->escape($this->town)."'":"null");
         $sql.= ", country=".($this->country_id>0?"'".$this->country_id."'":"null");
         $sql.= ", state_id=".($this->state_id>0?"'".$this->state_id."'":"null");
-        $sql.= ", email='".$this->email."'";
-        $sql.= ", skype='".$this->skype."'";
+        $sql.= ", email='".$this->db->escape($this->email)."'";
+        $sql.= ", skype='".$this->db->escape($this->skype)."'";
         $sql.= ", phone="   .($this->phone?"'".$this->db->escape($this->phone)."'":"null");
         $sql.= ", phone_perso=" .($this->phone_perso?"'".$this->db->escape($this->phone_perso)."'":"null");
         $sql.= ", phone_mobile=" .($this->phone_mobile?"'".$this->db->escape($this->phone_mobile)."'":"null");
         $sql.= ", note_private=" .($this->note_private?"'".$this->db->escape($this->note_private)."'":"null");
         $sql.= ", note_public=" .($this->note_public?"'".$this->db->escape($this->note_public)."'":"null");
         $sql.= ", photo="   .($this->photo?"'".$this->photo."'":"null");
-        $sql.= ", public='".$this->public."'";
+        $sql.= ", public='".$this->db->escape($this->public)."'";
         $sql.= ", statut="  .$this->statut;
         $sql.= ", fk_adherent_type=".$this->typeid;
-        $sql.= ", morphy='".$this->morphy."'";
+        $sql.= ", morphy='".$this->db->escape($this->morphy)."'";
         $sql.= ", birth="   .($this->birth?"'".$this->db->idate($this->birth)."'":"null");
         if ($this->datefin)   $sql.= ", datefin='".$this->db->idate($this->datefin)."'";		// Must be modified only when deleting a subscription
         if ($this->datevalid) $sql.= ", datevalid='".$this->db->idate($this->datevalid)."'";	// Must be modified only when validating a member
@@ -649,7 +649,7 @@ class Adherent extends CommonObject
         // Search for last subscription id and end date
         $sql = "SELECT rowid, datec as dateop, dateadh as datedeb, datef as datefin";
         $sql.= " FROM ".MAIN_DB_PREFIX."subscription";
-        $sql.= " WHERE fk_adherent='".$this->id."'";
+        $sql.= " WHERE fk_adherent=".$this->id;
         $sql.= " ORDER by dateadh DESC";	// Sort by start subscription date
 
         dol_syslog(get_class($this)."::update_end_date", LOG_DEBUG);

htdocs/adherents/class/adherent_type.class.php

@@ -127,7 +127,7 @@ class AdherentType extends CommonObject
         $sql.= "note = '".$this->db->escape($this->note)."',";
         $sql.= "vote = '".$this->vote."',";
         $sql.= "mail_valid = '".$this->db->escape($this->mail_valid)."'";
-        $sql .= " WHERE rowid =".$this->id;
+        $sql.= " WHERE rowid =".$this->id;
 
         $result = $this->db->query($sql);
         if ($result)
@@ -245,7 +245,7 @@ class AdherentType extends CommonObject
 
         $sql = "SELECT rowid, libelle";
         $sql.= " FROM ".MAIN_DB_PREFIX."adherent_type";
-        $sql.= " WHERE entity = ".$conf->entity;
+	$sql.= " WHERE entity IN (".getEntity('adherent').")";
 
         $resql=$this->db->query($sql);
         if ($resql)

htdocs/adherents/list.php

@@ -57,7 +57,7 @@ $type=GETPOST("type");
 $search_email=GETPOST("search_email");
 $search_categ = GETPOST("search_categ",'int');
 $catid        = GETPOST("catid",'int');
-$sall=GETPOST("sall");
+$sall=GETPOST('sall', 'alphanohtml');
 $optioncss = GETPOST('optioncss','alpha');
 
 if ($statut < -1) $statut = '';

htdocs/adherents/subscription.php

@@ -113,7 +113,6 @@ if ($action == 'confirm_create_thirdparty' && $confirm == 'yes' && $user->rights
 		if ($result < 0)
 		{
 			$langs->load("errors");
-			$errmsg=$langs->trans($company->error);
 			setEventMessages($company->error, $company->errors, 'errors');
 		}
 		else
@@ -123,7 +122,7 @@ if ($action == 'confirm_create_thirdparty' && $confirm == 'yes' && $user->rights
 	}
 	else
 	{
-		$errmsg=$object->error;
+		setEventMessages($object->error, $object->errors, 'errors');
 	}
 }
 
@@ -211,7 +210,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
     {
         $paymentdate=dol_mktime(0, 0, 0, $_POST["paymentmonth"], $_POST["paymentday"], $_POST["paymentyear"]);
     }
-    $subscription=$_POST["subscription"];	// Amount of subscription
+    $subscription=price2num(GETPOST("subscription",'alpha'));	// Amount of subscription
     $label=$_POST["label"];
 
     // Payment informations
@@ -229,6 +228,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
         $error++;
         $langs->load("errors");
         $errmsg=$langs->trans("ErrorBadDateFormat",$langs->transnoentitiesnoconv("DateSubscription"));
+        setEventMessages($errmsg, null, 'errors');
         $action='addsubscription';
     }
     if (GETPOST('end') && ! $datesubend)
@@ -236,6 +236,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
         $error++;
         $langs->load("errors");
         $errmsg=$langs->trans("ErrorBadDateFormat",$langs->transnoentitiesnoconv("DateEndSubscription"));
+        setEventMessages($errmsg, null, 'errors');
         $action='addsubscription';
     }
     if (! $datesubend)
@@ -246,16 +247,20 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
     {
         $error++;
         $errmsg=$langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("DatePayment"));
+        setEventMessages($errmsg, null, 'errors');
         $action='addsubscription';
     }
 
+    $amount = price2num(GETPOST("subscription",'alpha'));
+
     // Check if a payment is mandatory or not
     if (! $error && $adht->subscription)	// Member type need subscriptions
     {
-        if (! is_numeric($_POST["subscription"]))
+        if (! is_numeric($amount))
         {
             // If field is '' or not a numeric value
             $errmsg=$langs->trans("ErrorFieldRequired",$langs->transnoentities("Amount"));
+        	setEventMessages($errmsg, null, 'errors');
             $error++;
             $action='addsubscription';
         }
@@ -273,7 +278,11 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
                 {
                     if ($_POST["accountid"])   $errmsg=$langs->trans("ErrorDoNotProvideAccountsIfNullAmount");
                 }
-                if ($errmsg) $action='addsubscription';
+                if ($errmsg)
+                {
+        			setEventMessages($errmsg, null, 'errors');
+                	$action='addsubscription';
+                }
             }
         }
     }
@@ -319,6 +328,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
                         {
                             $error++;
                             $errmsg=$db->lasterror();
+        					setEventMessages($errmsg, null, 'errors');
                         }
                     }
                     else
@@ -326,14 +336,16 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
                         $error++;
                         $errmsg=$acct->error;
                         $errmsgs=$acct->errors;
-                    }
+        				setEventMessages($errmsg, $errmsgs, 'errors');
+					}
                 }
                 else
 				{
                     $error++;
                     $errmsg=$acct->error;
                     $errmsgs=$acct->errors;
-                }
+        			setEventMessages($errmsg, $errmsgs, 'errors');
+				}
             }
 
             // If option choosed, we create invoice
@@ -351,6 +363,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
                 	{
                 		$langs->load("errors");
                 		$errmsg=$langs->trans("ErrorMemberNotLinkedToAThirpartyLinkOrCreateFirst");
+        				setEventMessages($errmsg, null, 'errors');
                 		$error++;
                 	}
                 }
@@ -361,6 +374,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
 	                {
 	                    $errmsg=$customer->error;
 	                    $errmsgs=$acct->errors;
+        				setEventMessages($errmsg, $errmsgs, 'errors');
 	                    $error++;
 	                }
                 }
@@ -378,6 +392,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
 	                    {
 	                        $error++;
 	                        $errmsg='ErrorNoPaymentTermRECEPFound';
+        					setEventMessages($errmsg, null, 'errors');
 	                    }
 	                }
 	                $invoice->socid=$object->fk_soc;
@@ -389,12 +404,13 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
 	                {
 	                    $invoice->linked_objects = array_merge($invoice->linked_objects, $_POST['other_linked_objects']);
 	                }
-	                 
+
 	                $result=$invoice->create($user);
 	                if ($result <= 0)
 	                {
 	                    $errmsg=$invoice->error;
 	                    $errmsgs=$invoice->errors;
+        				setEventMessages($errmsg, $errmsgs, 'errors');
 	                    $error++;
 	                }
                 }
@@ -415,6 +431,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
 	                if ($result <= 0)
 	                {
 	                    $errmsg=$invoice->error;
+        				setEventMessages($errmsg, null, 'errors');
 	                    $error++;
 	                }
                 }
@@ -427,6 +444,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
 	                {
 	                    $errmsg=$invoice->error;
 	                    $errmsgs=$invoice->errors;
+        				setEventMessages($errmsg, $errmsgs, 'errors');
 	                    $error++;
 	                }
                 }
@@ -454,6 +472,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
                         {
                             $errmsg=$paiement->error;
                             $errmsgs=$paiement->errors;
+        					setEventMessages($errmsg, $errmsgs, 'errors');
                             $error++;
                         }
                     }
@@ -535,6 +554,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
                 if ($result < 0)
                 {
                 	$errmsg=$object->error;
+        			setEventMessages($errmsg, null, 'errors');
                 }
             }
 
@@ -581,12 +601,12 @@ if ($rowid > 0)
     dol_fiche_head($head, 'subscription', $langs->trans("Member"), 0, 'user');
 
     $linkback = '<a href="'.DOL_URL_ROOT.'/adherents/list.php">'.$langs->trans("BackToList").'</a>';
-    
+
     dol_banner_tab($object, 'rowid', $linkback);
-    
+
     print '<div class="fichecenter">';
     print '<div class="fichehalfleft">';
-    
+
     print '<div class="underbanner clearboth"></div>';
     print '<table class="border" width="100%">';
 
@@ -624,13 +644,13 @@ if ($rowid > 0)
 	}
 
     print '</table>';
-    
+
     print '</div>';
     print '<div class="fichehalfright"><div class="ficheaddleft">';
-   
+
     print '<div class="underbanner clearboth"></div>';
     print '<table class="border tableforfield" width="100%">';
-	
+
 	// Birthday
 	print '<tr><td class="titlefield">'.$langs->trans("Birthday").'</td><td class="valeur">'.dol_print_date($object->birth,'day').'</td></tr>';
 
@@ -677,7 +697,7 @@ if ($rowid > 0)
 	    }
 	}
 	print '</td></tr>';
-	
+
 	// Third party Dolibarr
 	if (! empty($conf->societe->enabled))
 	{
@@ -752,7 +772,7 @@ if ($rowid > 0)
 
 	print "</div></div></div>\n";
     print '<div style="clear:both"></div>';
-    
+
     dol_fiche_end();
 
     print '</form>';

htdocs/admin/agenda_other.php

@@ -40,7 +40,7 @@ $action = GETPOST('action','alpha');
 $value = GETPOST('value','alpha');
 $param = GETPOST('param','alpha');
 $cancel = GETPOST('cancel','alpha');
-$scandir = GETPOST('scandir','alpha');
+$scandir = GETPOST('scan_dir','alpha');
 $type = 'action';
 
 
@@ -286,7 +286,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL >= 2)
             			print '<td align="center">'."\n";
             			if ($conf->global->ACTION_EVENT_ADDON_PDF != "$name")
             			{
-            				print '<a href="'.$_SERVER["PHP_SELF"].'?action=del&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=action">';
+            				print '<a href="'.$_SERVER["PHP_SELF"].'?action=del&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=action">';
             				print img_picto($langs->trans("Enabled"),'switch_on');
             				print '</a>';
             			}
@@ -299,7 +299,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL >= 2)
             			else
             			{
             				print '<td align="center">'."\n";
-            				print '<a href="'.$_SERVER["PHP_SELF"].'?action=setmodel&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=action">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
+            				print '<a href="'.$_SERVER["PHP_SELF"].'?action=setmodel&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=action">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
             				print "</td>";
             			}
             			
@@ -311,7 +311,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL >= 2)
             			}
             			else
             			{
-            				print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=action"" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
+            				print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=action"" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
             			}
             			print '</td>';
             			

htdocs/admin/bank.php

@@ -43,7 +43,7 @@ if (!$user->admin)
 $action = GETPOST('action','alpha');
 $value = GETPOST('value','alpha');
 $label = GETPOST('label','alpha');
-$scandir = GETPOST('scandir','alpha');
+$scandir = GETPOST('scan_dir','alpha');
 $type = 'bankaccount';
 
 
@@ -324,7 +324,7 @@ foreach ($dirmodels as $reldir)
                                     print '</td>';
                                 } else {
                                     print '<td align="center">' . "\n";
-                                    print '<a href="' . $_SERVER["PHP_SELF"] . '?action=set&value=' . $name . '&amp;scandir=' . $module->scandir . '&amp;label=' . urlencode($module->name) . '">' . img_picto($langs->trans("Disabled"), 'switch_off') . '</a>';
+                                    print '<a href="' . $_SERVER["PHP_SELF"] . '?action=set&value=' . $name . '&amp;scan_dir=' . $module->scandir . '&amp;label=' . urlencode($module->name) . '">' . img_picto($langs->trans("Disabled"), 'switch_off') . '</a>';
                                     print "</td>";
                                 }
                                 
@@ -333,7 +333,7 @@ foreach ($dirmodels as $reldir)
                                 if ($conf->global->BANKADDON_PDF == $name) {
                                     print img_picto($langs->trans("Default"), 'on');
                                 } else {
-                                    print '<a href="' . $_SERVER["PHP_SELF"] . '?action=setdoc&value=' . $name . '&amp;scandir=' . $module->scandir . '&amp;label=' . urlencode($module->name) . '" alt="' . $langs->trans("Default") . '">' . img_picto($langs->trans("Disabled"), 'off') . '</a>';
+                                    print '<a href="' . $_SERVER["PHP_SELF"] . '?action=setdoc&value=' . $name . '&amp;scan_dir=' . $module->scandir . '&amp;label=' . urlencode($module->name) . '" alt="' . $langs->trans("Default") . '">' . img_picto($langs->trans("Disabled"), 'off') . '</a>';
                                 }
                                 print '</td>';
                                 

htdocs/admin/chequereceipts.php

@@ -189,7 +189,7 @@ foreach ($dirmodels as $reldir)
 							}
 							else
 							{
-								print '<a href="'.$_SERVER["PHP_SELF"].'?action=setmod&value='.preg_replace('/\.php$/','',$file).'&scandir='.$module->scandir.'&label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
+								print '<a href="'.$_SERVER["PHP_SELF"].'?action=setmod&value='.preg_replace('/\.php$/','',$file).'&scan_dir='.$module->scandir.'&label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
 							}
 							print '</td>';
 

htdocs/admin/commande.php

@@ -45,7 +45,7 @@ if (! $user->admin) accessforbidden();
 $action = GETPOST('action','alpha');
 $value = GETPOST('value','alpha');
 $label = GETPOST('label','alpha');
-$scandir = GETPOST('scandir','alpha');
+$scandir = GETPOST('scan_dir','alpha');
 $type = 'order';
 
 
@@ -490,7 +490,7 @@ foreach ($dirmodels as $reldir)
 	                            else
 	                            {
 	                                print '<td align="center">'."\n";
-	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
+	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
 	                                print "</td>";
 	                            }
 
@@ -502,7 +502,7 @@ foreach ($dirmodels as $reldir)
 	                            }
 	                            else
 	                            {
-	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
+	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
 	                            }
 	                            print '</td>';
 

htdocs/admin/contract.php

@@ -36,7 +36,7 @@ if (!$user->admin) accessforbidden();
 $action = GETPOST('action','alpha');
 $value = GETPOST('value','alpha');
 $label = GETPOST('label','alpha');
-$scandir = GETPOST('scandir','alpha');
+$scandir = GETPOST('scan_dir','alpha');
 $type='contract';
 
 if (empty($conf->global->CONTRACT_ADDON))
@@ -425,7 +425,7 @@ foreach ($dirmodels as $reldir)
 	                            else
 	                            {
 	                                print '<td align="center">'."\n";
-	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
+	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
 	                                print "</td>";
 	                            }
 
@@ -437,7 +437,7 @@ foreach ($dirmodels as $reldir)
 	                            }
 	                            else
 	                            {
-	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
+	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
 	                            }
 	                            print '</td>';
 

htdocs/admin/expedition.php

@@ -44,7 +44,7 @@ if (! $user->admin)
 $action=GETPOST('action','alpha');
 $value=GETPOST('value','alpha');
 $label = GETPOST('label','alpha');
-$scandir = GETPOST('scandir','alpha');
+$scandir = GETPOST('scan_dir','alpha');
 $type='shipping';
 
 if (empty($conf->global->EXPEDITION_ADDON_NUMBER))
@@ -291,7 +291,7 @@ foreach ($dirmodels as $reldir)
 						}
 						else
 						{
-							print '<a href="'.$_SERVER["PHP_SELF"].'?action=setmodel&amp;value='.$file.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'">';
+							print '<a href="'.$_SERVER["PHP_SELF"].'?action=setmodel&amp;value='.$file.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'">';
 							print img_picto($langs->trans("Disabled"),'switch_off');
 							print '</a>';
 						}
@@ -432,7 +432,7 @@ foreach ($dirmodels as $reldir)
 	                            else
 	                            {
 	                                print '<td align="center">'."\n";
-	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
+	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
 	                                print "</td>";
 	                            }
 
@@ -444,7 +444,7 @@ foreach ($dirmodels as $reldir)
 	                            }
 	                            else
 	                            {
-	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
+	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
 	                            }
 	                            print '</td>';
 
@@ -470,7 +470,7 @@ foreach ($dirmodels as $reldir)
 	                            print '<td align="center">';
 	                            if ($module->type == 'pdf')
 	                            {
-	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=specimen&module='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_object($langs->trans("Preview"),'sending').'</a>';
+	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=specimen&module='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_object($langs->trans("Preview"),'sending').'</a>';
 	                            }
 	                            else
 	                            {

htdocs/admin/expensereport.php

@@ -43,7 +43,7 @@ if (! $user->admin) accessforbidden();
 $action = GETPOST('action','alpha');
 $value = GETPOST('value','alpha');
 $label = GETPOST('label','alpha');
-$scandir = GETPOST('scandir','alpha');
+$scandir = GETPOST('scan_dir','alpha');
 $type='expensereport';
 
 
@@ -423,7 +423,7 @@ foreach ($dirmodels as $reldir)
 		    				if (in_array($name, $def))
 		    				{
 		    					print "<td align=\"center\">\n";
-		    					print '<a href="'.$_SERVER["PHP_SELF"].'?action=del&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'">';
+		    					print '<a href="'.$_SERVER["PHP_SELF"].'?action=del&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'">';
 		    					print img_picto($langs->trans("Enabled"),'switch_on');
 		    					print '</a>';
 		    					print "</td>";
@@ -431,7 +431,7 @@ foreach ($dirmodels as $reldir)
 		    				else
 		    				{
 		    					print "<td align=\"center\">\n";
-		    					print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
+		    					print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
 		    					print "</td>";
 		    				}
 
@@ -443,7 +443,7 @@ foreach ($dirmodels as $reldir)
 		    				}
 		    				else
 		    				{
-		    					print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
+		    					print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
 		    				}
 		    				print '</td>';
 

htdocs/admin/fichinter.php

@@ -43,7 +43,7 @@ if (! $user->admin) accessforbidden();
 $action = GETPOST('action','alpha');
 $value = GETPOST('value','alpha');
 $label = GETPOST('label','alpha');
-$scandir = GETPOST('scandir','alpha');
+$scandir = GETPOST('scan_dir','alpha');
 $type='ficheinter';
 
 
@@ -458,7 +458,7 @@ foreach ($dirmodels as $reldir)
 		    				if (in_array($name, $def))
 		    				{
 		    					print "<td align=\"center\">\n";
-		    					print '<a href="'.$_SERVER["PHP_SELF"].'?action=del&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'">';
+		    					print '<a href="'.$_SERVER["PHP_SELF"].'?action=del&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'">';
 		    					print img_picto($langs->trans("Enabled"),'switch_on');
 		    					print '</a>';
 		    					print "</td>";
@@ -466,7 +466,7 @@ foreach ($dirmodels as $reldir)
 		    				else
 		    				{
 		    					print "<td align=\"center\">\n";
-		    					print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
+		    					print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
 		    					print "</td>";
 		    				}
 
@@ -478,7 +478,7 @@ foreach ($dirmodels as $reldir)
 		    				}
 		    				else
 		    				{
-		    					print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
+		    					print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
 		    				}
 		    				print '</td>';
 

htdocs/admin/livraison.php

@@ -43,7 +43,7 @@ if (!$user->admin) accessforbidden();
 $action  = GETPOST('action','alpha');
 $value   = GETPOST('value','alpha');
 $label   = GETPOST('label','alpha');
-$scandir = GETPOST('scandir','alpha');
+$scandir = GETPOST('scan_dir','alpha');
 $type='delivery';
 
 /*
@@ -412,7 +412,7 @@ foreach ($dirmodels as $reldir)
 		    				if (in_array($name, $def))
 		    				{
 		    					print "<td align=\"center\">\n";
-		    					print '<a href="'.$_SERVER["PHP_SELF"].'?action=del&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'">';
+		    					print '<a href="'.$_SERVER["PHP_SELF"].'?action=del&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'">';
 		    					print img_picto($langs->trans("Enabled"),'switch_on');
 		    					print '</a>';
 		    					print "</td>";
@@ -420,7 +420,7 @@ foreach ($dirmodels as $reldir)
 		    				else
 		    				{
 		    					print "<td align=\"center\">\n";
-		    					print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
+		    					print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
 		    					print "</td>";
 		    				}
 
@@ -432,7 +432,7 @@ foreach ($dirmodels as $reldir)
 		    				}
 		    				else
 		    				{
-		    					print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
+		    					print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
 		    				}
 		    				print '</td>';
 

htdocs/admin/payment.php

@@ -36,7 +36,7 @@ if (! $user->admin) accessforbidden();
 $action = GETPOST('action','alpha');
 $value = GETPOST('value','alpha');
 $label = GETPOST('label','alpha');
-$scandir = GETPOST('scandir','alpha');
+$scandir = GETPOST('scan_dir','alpha');
 $type='invoice';
 
 if (empty($conf->global->PAYMENT_ADDON)) $conf->global->PAYMENT_ADDON = 'mod_payment_cicada.php';
@@ -201,7 +201,7 @@ foreach ($dirmodels as $reldir)
                             }
                             else
                             {
-                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=setmod&value='.preg_replace('/\.php$/','',$file).'&scandir='.$module->scandir.'&label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
+                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=setmod&value='.preg_replace('/\.php$/','',$file).'&scan_dir='.$module->scandir.'&label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
                             }
                             print '</td>';
 

htdocs/admin/perms.php

@@ -189,7 +189,7 @@ if ($result)
         $var=!$var;
         print '<tr '. $bc[$var].'>';
 
-        print '<td>'.img_object('',$picto).' '.$objMod->getName();
+        print '<td>'.img_object('',$picto,'class="pictoobjectwidth"').' '.$objMod->getName();
         print '<a name="'.$objMod->getName().'">&nbsp;</a>';
 
         $perm_libelle=($conf->global->MAIN_USE_ADVANCED_PERMS && ($langs->trans("PermissionAdvanced".$obj->id)!=("PermissionAdvanced".$obj->id))?$langs->trans("PermissionAdvanced".$obj->id):(($langs->trans("Permission".$obj->id)!=("Permission".$obj->id))?$langs->trans("Permission".$obj->id):$obj->libelle));

htdocs/admin/prelevement.php

@@ -332,7 +332,7 @@ foreach ($dirmodels as $reldir)
                                 else
                                 {
                                     print '<td align="center">'."\n";
-                                    print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
+                                    print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
                                     print "</td>";
                                 }
 
@@ -344,7 +344,7 @@ foreach ($dirmodels as $reldir)
                                 }
                                 else
                                 {
-                                    print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
+                                    print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
                                 }
                                 print '</td>';
 

htdocs/admin/propal.php

@@ -42,7 +42,7 @@ if (! $user->admin) accessforbidden();
 $action = GETPOST('action','alpha');
 $value = GETPOST('value','alpha');
 $label = GETPOST('label','alpha');
-$scandir = GETPOST('scandir','alpha');
+$scandir = GETPOST('scan_dir','alpha');
 $type='propal';
 
 /*
@@ -469,7 +469,7 @@ foreach ($dirmodels as $reldir)
 	                            else
 	                            {
 	                                print "<td align=\"center\">\n";
-	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
+	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
 	                                print "</td>";
 	                            }
 
@@ -481,7 +481,7 @@ foreach ($dirmodels as $reldir)
 	                            }
 	                            else
 	                            {
-	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
+	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
 	                            }
 	                            print '</td>';
 

htdocs/admin/supplier_invoice.php

@@ -43,7 +43,7 @@ accessforbidden();
 $type=GETPOST('type', 'alpha');
 $value=GETPOST('value', 'alpha');
 $action=GETPOST('action', 'alpha');
-$scandir = GETPOST('scandir','alpha');
+$scandir = GETPOST('scan_dir','alpha');
 
 $specimenthirdparty=new Societe($db);
 $specimenthirdparty->initAsSpecimen();
@@ -398,7 +398,7 @@ foreach ($dirmodels as $reldir)
                         //if ($conf->global->INVOICE_SUPPLIER_ADDON_PDF != "$name")
                         //{
                             // Even if choice is the default value, we allow to disable it: For supplier invoice, we accept to have no doc generation at all
-                            print '<a href="'.$_SERVER["PHP_SELF"].'?action=del&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=invoice_supplier">';
+                            print '<a href="'.$_SERVER["PHP_SELF"].'?action=del&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=invoice_supplier">';
                             print img_picto($langs->trans("Enabled"),'switch_on');
                             print '</a>';
                         /*}
@@ -411,7 +411,7 @@ foreach ($dirmodels as $reldir)
                     else
                     {
                         print '<td align="center">'."\n";
-                        print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=invoice_supplier">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
+                        print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=invoice_supplier">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
                         print "</td>";
                     }
 
@@ -421,11 +421,11 @@ foreach ($dirmodels as $reldir)
                     {
                         //print img_picto($langs->trans("Default"),'on');
                         // Even if choice is the default value, we allow to disable it: For supplier invoice, we accept to have no doc generation at all
-                        print '<a href="'.$_SERVER["PHP_SELF"].'?action=unsetdoc&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=invoice_supplier"" alt="'.$langs->trans("Disable").'">'.img_picto($langs->trans("Enabled"),'on').'</a>';
+                        print '<a href="'.$_SERVER["PHP_SELF"].'?action=unsetdoc&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=invoice_supplier"" alt="'.$langs->trans("Disable").'">'.img_picto($langs->trans("Enabled"),'on').'</a>';
                     }
                     else
                     {
-                        print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=invoice_supplier"" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
+                        print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=invoice_supplier"" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
                     }
                     print '</td>';
 

htdocs/admin/supplier_order.php

@@ -44,7 +44,7 @@ $type=GETPOST('type', 'alpha');
 $value=GETPOST('value', 'alpha');
 $label = GETPOST('label','alpha');
 $action=GETPOST('action', 'alpha');
-$scandir = GETPOST('scandir','alpha');
+$scandir = GETPOST('scan_dir','alpha');
 
 $specimenthirdparty=new Societe($db);
 $specimenthirdparty->initAsSpecimen();
@@ -420,7 +420,7 @@ foreach ($dirmodels as $reldir)
                         print '<td align="center">'."\n";
                         if ($conf->global->COMMANDE_SUPPLIER_ADDON_PDF != "$name")
                         {
-                            print '<a href="'.$_SERVER["PHP_SELF"].'?action=del&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=order_supplier">';
+                            print '<a href="'.$_SERVER["PHP_SELF"].'?action=del&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=order_supplier">';
                             print img_picto($langs->trans("Enabled"),'switch_on');
                             print '</a>';
                         }
@@ -433,7 +433,7 @@ foreach ($dirmodels as $reldir)
                     else
                     {
                         print '<td align="center">'."\n";
-                        print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=order_supplier">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
+                        print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=order_supplier">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
                         print "</td>";
                     }
 
@@ -445,7 +445,7 @@ foreach ($dirmodels as $reldir)
                     }
                     else
                     {
-                        print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=order_supplier"" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
+                        print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'&amp;type=order_supplier"" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
                     }
                     print '</td>';
 

htdocs/admin/supplier_payment.php

@@ -39,7 +39,7 @@ if (! $user->admin) accessforbidden();
 $action = GETPOST('action','alpha');
 $value = GETPOST('value','alpha');
 $label = GETPOST('label','alpha');
-$scandir = GETPOST('scandir','alpha');
+$scandir = GETPOST('scan_dir','alpha');
 
 
 /*
@@ -172,7 +172,7 @@ foreach ($dirmodels as $reldir)
                             }
                             else
                             {
-                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=setmod&value='.preg_replace('/\.php$/','',$file).'&scandir='.$module->scandir.'&label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
+                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=setmod&value='.preg_replace('/\.php$/','',$file).'&scan_dir='.$module->scandir.'&label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
                             }
                             print '</td>';
 

htdocs/admin/supplier_proposal.php

@@ -37,7 +37,7 @@ if (! $user->admin) accessforbidden();
 $action = GETPOST('action','alpha');
 $value = GETPOST('value','alpha');
 $label = GETPOST('label','alpha');
-$scandir = GETPOST('scandir','alpha');
+$scandir = GETPOST('scan_dir','alpha');
 $type='supplier_proposal';
 
 /*
@@ -274,7 +274,7 @@ foreach ($dirmodels as $reldir)
 
 			while (($file = readdir($handle))!==false)
 			{
-				if (substr($file, 0, 21) == 'mod_supplier_proposal_' && substr($file, dol_strlen($file)-3, 3) == 'php')
+				if (substr($file, 0, 22) == 'mod_supplier_proposal_' && substr($file, dol_strlen($file)-3, 3) == 'php')
 				{
 					$file = substr($file, 0, dol_strlen($file)-4);
 
@@ -446,7 +446,7 @@ foreach ($dirmodels as $reldir)
 	                            else
 	                            {
 	                                print "<td align=\"center\">\n";
-	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
+	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=set&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
 	                                print "</td>";
 	                            }
 
@@ -458,7 +458,7 @@ foreach ($dirmodels as $reldir)
 	                            }
 	                            else
 	                            {
-	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&amp;value='.$name.'&amp;scandir='.$module->scandir.'&amp;label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
+	                                print '<a href="'.$_SERVER["PHP_SELF"].'?action=setdoc&amp;value='.$name.'&amp;scan_dir='.$module->scandir.'&amp;label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'</a>';
 	                            }
 	                            print '</td>';
 

htdocs/admin/tools/export.php

@@ -88,6 +88,7 @@ if (!empty($ExecTimeLimit))
     @set_time_limit($ExecTimeLimit);   // Need more than 240 on Windows 7/64
     error_reporting($err);
 }
+$MemoryLimit=0;
 if (!empty($MemoryLimit))
 {
     @ini_set('memory_limit', $MemoryLimit);
@@ -120,10 +121,10 @@ $utils = new Utils($db);
 // MYSQL
 if ($what == 'mysql')
 {
-    
+
     $cmddump=GETPOST("mysqldump");	// Do not sanitize here with 'alpha', will be sanitize later by dol_sanitizePathName and escapeshellarg
     $cmddump=dol_sanitizePathName($cmddump);
-    
+
     if (! empty($dolibarr_main_restrict_os_commands))
     {
         $arrayofallowedcommand=explode(',', $dolibarr_main_restrict_os_commands);
@@ -142,13 +143,13 @@ if ($what == 'mysql')
             $errormsg=$langs->trans('CommandIsNotInsideAllowedCommands');
         }
     }
-    
+
     if (! $errormsg && $cmddump)
     {
         dolibarr_set_const($db, 'SYSTEMTOOLS_MYSQLDUMP', $cmddump,'chaine',0,'',$conf->entity);
     }
 
-    if (! $errormsg) 
+    if (! $errormsg)
     {
         $utils->dumpDatabase(GETPOST('compression','alpha'), $what, 0, $file);
         $errormsg=$utils->error;
@@ -172,13 +173,13 @@ if ($what == 'postgresql')
 {
     $cmddump=GETPOST("postgresqldump");	// Do not sanitize here with 'alpha', will be sanitize later by dol_sanitizePathName and escapeshellarg
     $cmddump=dol_sanitizePathName($cmddump);
-    
+
     if (! $errormsg && $cmddump)
     {
         dolibarr_set_const($db, 'SYSTEMTOOLS_POSTGRESQLDUMP', $cmddump,'chaine',0,'',$conf->entity);
     }
 
-    if (! $errormsg) 
+    if (! $errormsg)
     {
         $utils->dumpDatabase(GETPOST('compression','alpha'), $what, 0, $file);
         $errormsg=$utils->error;

htdocs/admin/tools/index.php

@@ -38,7 +38,7 @@ if (! $user->admin)
 $form = new Form($db);
 
 $title=$langs->trans("SystemToolsArea");
-if (GETPOST('leftmenu') == 'admintools') $title=$langs->trans("ModulesSystemTools");
+if (GETPOST('leftmenu',"aZ09") == 'admintools') $title=$langs->trans("ModulesSystemTools");
 
 llxHeader('', $title);
 

htdocs/api/admin/index.php

@@ -43,12 +43,29 @@ if ($action == 'setproductionmode')
 
 	if (dolibarr_set_const($db, 'API_PRODUCTION_MODE', $status, 'chaine', 0, '', $conf->entity) > 0)
 	{
-	    $result = dol_mkdir($conf->api->dir_temp);
-	    if ($result < 0)
-	    {
-	        setEventMessages($langs->trans("ErrorFaildToCreateDir", $conf->api->dir_temp), null, 'errors');
-	    }
-	    else
+		$error=0;
+
+		if ($status == 1)
+		{
+			$result = dol_mkdir($conf->api->dir_temp);
+			if ($result < 0)
+			{
+				setEventMessages($langs->trans("ErrorFailedToCreateDir", $conf->api->dir_temp), null, 'errors');
+				$error++;
+			}
+		}
+		else
+		{
+			// Delete the cache file otherwise it does not update
+			$result = dol_delete_file($conf->api->dir_temp.'/routes.php');
+			if ($result < 0)
+			{
+				setEventMessages($langs->trans("ErrorFailedToDeleteFile", $conf->api->dir_temp.'/routes.php'), null, 'errors');
+				$error++;
+			}
+		}
+
+	    if (!$error)
 	    {
     		header("Location: ".$_SERVER["PHP_SELF"]);
 	   	    exit;

htdocs/barcode/printsheet.php

@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2003	   Rodolphe Quiedeville <rodolphe@quiedeville.org>
  * Copyright (C) 2003	   Jean-Louis Bergamo	<jlb@j1b.org>
- * Copyright (C) 2006-2016 Laurent Destailleur	<eldy@users.sourceforge.net>
+ * Copyright (C) 2006-2017 Laurent Destailleur	<eldy@users.sourceforge.net>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -145,7 +145,7 @@ if ($action == 'builddoc')
 		// Load barcode class for generating barcode image
 		$classname = "mod".ucfirst($generator);
 		$module = new $classname($db);
-		if ($generator != 'tcpdfbarcode') 
+		if ($generator != 'tcpdfbarcode')
 		{
 		    // May be phpbarcode
 			$template = 'standardlabel';
@@ -374,19 +374,25 @@ jQuery(document).ready(function() {
 print '<input id="fillmanually" type="radio" '.((! GETPOST("selectorforbarcode") || GETPOST("selectorforbarcode")=='fillmanually')?'checked ':'').'name="selectorforbarcode" value="fillmanually" class="radiobarcodeselect"> '.$langs->trans("FillBarCodeTypeAndValueManually").' &nbsp; ';
 print '<br>';
 
-print '<input id="fillfromproduct" type="radio" '.((GETPOST("selectorforbarcode")=='fillfromproduct')?'checked ':'').'name="selectorforbarcode" value="fillfromproduct" class="radiobarcodeselect"> '.$langs->trans("FillBarCodeTypeAndValueFromProduct").' &nbsp; ';
-print '<br>';
-print '<div class="showforproductselector">';
-$form->select_produits(GETPOST('productid'), 'productid', '');
-print ' &nbsp; <input type="submit" id="submitproduct" name="submitproduct" class="button" value="'.(dol_escape_htmltag($langs->trans("GetBarCode"))).'">';
-print '</div>';
+if (! empty($user->rights->produit->lire) || ! empty($user->rights->service->lire))
+{
+    print '<input id="fillfromproduct" type="radio" '.((GETPOST("selectorforbarcode")=='fillfromproduct')?'checked ':'').'name="selectorforbarcode" value="fillfromproduct" class="radiobarcodeselect"> '.$langs->trans("FillBarCodeTypeAndValueFromProduct").' &nbsp; ';
+    print '<br>';
+    print '<div class="showforproductselector">';
+    $form->select_produits(GETPOST('productid'), 'productid', '');
+    print ' &nbsp; <input type="submit" id="submitproduct" name="submitproduct" class="button" value="'.(dol_escape_htmltag($langs->trans("GetBarCode"))).'">';
+    print '</div>';
+}
 
-print '<input id="fillfromthirdparty" type="radio" '.((GETPOST("selectorforbarcode")=='fillfromthirdparty')?'checked ':'').'name="selectorforbarcode" value="fillfromthirdparty" class="radiobarcodeselect"> '.$langs->trans("FillBarCodeTypeAndValueFromThirdParty").' &nbsp; ';
-print '<br>';
-print '<div class="showforthirdpartyselector">';
-print $form->select_company(GETPOST('socid'), 'socid', '', 'SelectThirdParty', 0, 0, array(), 0, 'minwidth300');
-print ' &nbsp; <input type="submit" id="submitthirdparty" name="submitthirdparty" class="button showforthirdpartyselector" value="'.(dol_escape_htmltag($langs->trans("GetBarCode"))).'">';
-print '</div>';
+if (! empty($user->rights->societe->lire))
+{
+    print '<input id="fillfromthirdparty" type="radio" '.((GETPOST("selectorforbarcode")=='fillfromthirdparty')?'checked ':'').'name="selectorforbarcode" value="fillfromthirdparty" class="radiobarcodeselect"> '.$langs->trans("FillBarCodeTypeAndValueFromThirdParty").' &nbsp; ';
+    print '<br>';
+    print '<div class="showforthirdpartyselector">';
+    print $form->select_company(GETPOST('socid'), 'socid', '', 'SelectThirdParty', 0, 0, array(), 0, 'minwidth300');
+    print ' &nbsp; <input type="submit" id="submitthirdparty" name="submitthirdparty" class="button showforthirdpartyselector" value="'.(dol_escape_htmltag($langs->trans("GetBarCode"))).'">';
+    print '</div>';
+}
 
 print '<br>';
 

htdocs/bookmarks/bookmarks.lib.php

@@ -40,7 +40,7 @@ function printBookmarksList($aDb, $aLangs)
 
 	$langs->load("bookmarks");
 
-	$url= $_SERVER["PHP_SELF"].(! empty($_SERVER["QUERY_STRING"])?'?'.$_SERVER["QUERY_STRING"]:'');
+	$url= $_SERVER["PHP_SELF"].(dol_escape_htmltag($_SERVER["QUERY_STRING"])?'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]):'');
 
 	$ret = '';
 	// Menu bookmark

htdocs/cashdesk/affContenu.php

@@ -34,8 +34,8 @@ if ( $_GET['id'] == 'NOUV' )
 // Recuperation, s'il existe, de l'objet contenant les infos de la vente en cours ...
 if (isset($_SESSION['serObjFacturation']))
 {
-	$obj_facturation = unserialize($_SESSION['serObjFacturation']);
-	unset($_SESSION['serObjFacturation']);
+    $obj_facturation = unserialize($_SESSION['serObjFacturation']);
+    unset($_SESSION['serObjFacturation']);
 }
 else
 {
@@ -43,7 +43,7 @@ else
 	$obj_facturation = new Facturation();
 }
 
-
+// $obj_facturation contains data for all invoice total + selection of current product
 
 $obj_facturation->calculTotaux();	// Redefine prix_total_ttc, prix_total_ht et montant_tva from $_SESSION['poscart']
 

htdocs/cashdesk/class/Facturation.class.php

@@ -99,17 +99,25 @@ class Facturation
         $product = new Product($db);
         $product->fetch($this->id);
 
-        
+
         $vatrowid = $this->tva();
-        
+
         $tmp = getTaxesFromId($vatrowid);
-        $vat_rate = $tmp['rate'];
+        $txtva = $tmp['rate'].(empty($tmp['code'])?'':' ('.$tmp['code'].')');
         $vat_npr = $tmp['npr'];
-        
+
         $localtaxarray = getLocalTaxesFromRate($vatrowid, 0, $societe, $mysoc, 1);
-        
+
+        // Clean vat code
+        $vat_src_code='';
+        if (preg_match('/\((.*)\)/', $txtva, $reg))
+        {
+            $vat_src_code = $reg[1];
+            $txtva = preg_replace('/\s*\(.*\)/', '', $txtva);    // Remove code into vatrate.
+        }
+
         // Define part of HT, VAT, TTC
-        $resultarray=calcul_price_total($this->qte, $this->prix(), $this->remisePercent(), $vat_rate, -1, -1, 0, 'HT', $use_npr, $product->type, $mysoc, $localtaxarray);
+        $resultarray=calcul_price_total($this->qte, $this->prix(), $this->remisePercent(), $txtva, -1, -1, 0, 'HT', $use_npr, $product->type, $mysoc, $localtaxarray);
 
         // Calcul du total ht sans remise
         $total_ht = $resultarray[0];
@@ -136,7 +144,7 @@ class Facturation
         $newcartarray[$i]['label']=$product->label;
         $newcartarray[$i]['price']=$product->price;
         $newcartarray[$i]['price_ttc']=$product->price_ttc;
-        
+
         if (! empty($conf->global->PRODUIT_MULTIPRICES))
         {
             if (isset($product->multiprices[$societe->price_level]))
@@ -148,7 +156,7 @@ class Facturation
 
         $newcartarray[$i]['fk_article']=$this->id;
         $newcartarray[$i]['qte']=$this->qte();
-        $newcartarray[$i]['fk_tva']=$this->tva();
+        $newcartarray[$i]['fk_tva']=$this->tva();   // Vat rowid
         $newcartarray[$i]['remise_percent']=$remise_percent;
         $newcartarray[$i]['remise']=price2num($montant_remise_ht);
         $newcartarray[$i]['total_ht']=price2num($total_ht,'MT');
@@ -220,7 +228,7 @@ class Facturation
         $this->prix_total_vat = $total_vat;
         $this->prix_total_localtax1 = $total_localtax1;
         $this->prix_total_localtax2 = $total_localtax2;
-        
+
         $this->montant_tva = $total_ttc - $total_ht;
         //print $this->prix_total_ttc.'eeee'; exit;
     }

htdocs/cashdesk/facturation.php

@@ -35,7 +35,7 @@
 $form=new Form($db);
 
 // Get list of articles (in warehouse '$conf_fkentrepot' if defined and stock module enabled)
-if ( GETPOST('filtre') ) {
+if ( GETPOST('filtre','alpha') ) {
 
 	// Avec filtre
 	$ret=array(); $i=0;
@@ -47,22 +47,23 @@ if ( GETPOST('filtre') ) {
 	$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
 	$sql.= " AND p.tosell = 1";
 	if(!$conf->global->CASHDESK_SERVICES) $sql.= " AND p.fk_product_type = 0";
-	$sql.= " AND (p.ref LIKE '%".$db->escape(GETPOST('filtre'))."%' OR p.label LIKE '%".$db->escape(GETPOST('filtre'))."%'";
-	if (! empty($conf->barcode->enabled)) {
-
-		$filtre = GETPOST('filtre');
+	$sql.= " AND (";
+	$sql.= "p.ref LIKE '%".$db->escape(GETPOST('filtre'))."%' OR p.label LIKE '%".$db->escape(GETPOST('filtre'))."%'";
+	if (! empty($conf->barcode->enabled))
+	{
+		$filtre = GETPOST('filtre','alpha');
 
 		//If the barcode looks like an EAN13 format and the last digit is included in it,
 		//then whe look for the 12-digit too
 		//As the twelve-digit string will also hit the 13-digit code, we only look for this one
 		if (strlen($filtre) == 13) {
 			$crit_12digit = substr($filtre, 0, 12);
-			$sql .= " OR p.barcode LIKE '%".$db->escape($crit_12digit)."%')";
+			$sql .= " OR p.barcode LIKE '%".$db->escape($crit_12digit)."%'";
 		} else {
-			$sql.= " OR p.barcode LIKE '%".$db->escape($filtre)."%')";
+			$sql.= " OR p.barcode LIKE '%".$db->escape($filtre)."%'";
 		}
 	}
-	else $sql.= ")";
+	$sql.= ")";
 	$sql.= " ORDER BY label";
 
 	dol_syslog("facturation.php", LOG_DEBUG);
@@ -154,34 +155,6 @@ global $mysoc;
 $ret=array();
 $i=0;
 
-$sql = "SELECT t.rowid, t.taux";
-$sql.= " FROM ".MAIN_DB_PREFIX."c_tva as t";
-$sql.= ", ".MAIN_DB_PREFIX."c_country as c";
-$sql.= " WHERE t.fk_pays = c.rowid";
-$sql.= " AND t.active = 1";
-$sql.= " AND c.code = '".$mysoc->country_code."'";
-//print $sql;
-
-$resql = $db->query($sql);
-if ($resql)
-{
-	while ( $tab = $db->fetch_array($resql) )
-	{
-		foreach ( $tab as $cle => $valeur )
-		{
-			$ret[$i][$cle] = $valeur;
-		}
-		$i++;
-	}
-	$db->free($resql);
-}
-else
-{
-	dol_print_error($db);
-}
-$tab_tva = $ret;
-
-
 // Reinitialisation du mode de paiement, en cas de retour aux achats apres validation
 $obj_facturation->getSetPaymentMode('RESET');
 $obj_facturation->montantEncaisse('RESET');

htdocs/cashdesk/facturation_verif.php

@@ -32,12 +32,12 @@ $obj_facturation = unserialize($_SESSION['serObjFacturation']);
 unset ($_SESSION['serObjFacturation']);
 
 
-switch ( $_GET['action'] )
+switch (GETPOST('action','alpha'))
 {
 	default:
 		if ( $_POST['hdnSource'] != 'NULL' )
 		{
-			$sql = "SELECT p.rowid, p.ref, p.price, p.tva_tx, p.recuperableonly";
+			$sql = "SELECT p.rowid, p.ref, p.price, p.tva_tx, p.default_vat_code, p.recuperableonly";
 			if (! empty($conf->stock->enabled) && !empty($conf_fkentrepot)) $sql.= ", ps.reel";
 			$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
 			if (! empty($conf->stock->enabled) && !empty($conf_fkentrepot)) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = ".$conf_fkentrepot;
@@ -54,7 +54,6 @@ switch ( $_GET['action'] )
 			}
 
 			$result = $db->query($sql);
-
 			if ($result)
 			{
 				// ... et enregistrement dans l'objet
@@ -67,62 +66,90 @@ switch ( $_GET['action'] )
 						$ret[$key] = $value;
 					}
                     // Here $ret['tva_tx'] is vat rate of product but we want to not use the one into table but found by function
-                    
+
 					$productid = $ret['rowid'];
 					$product = new Product($db);
                     $product->fetch($productid);
+                    $prod = $product;
 
 					$thirdpartyid = $_SESSION['CASHDESK_ID_THIRDPARTY'];
                     $societe = new Societe($db);
 					$societe->fetch($thirdpartyid);
 
-					$tva_tx = get_default_tva($mysoc,$societe,$productid);
-					$tva_npr = get_default_npr($mysoc,$societe,$productid);
+					// Update if prices fields are defined
+					$tva_tx = get_default_tva($mysoc, $societe, $product->id);
+					$tva_npr = get_default_npr($mysoc, $societe, $product->id);
 					if (empty($tva_tx)) $tva_npr=0;
-					dol_syslog('tva_tx='.$tva_tx.'-tva_npr='.$tva_npr);
-					
+
+					$pu_ht = $prod->price;
+					$pu_ttc = $prod->price_ttc;
+					$price_min = $prod->price_min;
+					$price_base_type = $prod->price_base_type;
+
+					// multiprix
 					if (! empty($conf->global->PRODUIT_MULTIPRICES) && ! empty($societe->price_level))
 					{
-						if(isset($product->multiprices[$societe->price_level]))
-						{
-							$ret['price'] = $product->multiprices[$societe->price_level];
-							$ret['price_ttc'] = $product->multiprices_ttc[$societe->price_level];
-							// $product->multiprices_min[$societe->price_level];
-							// $product->multiprices_min_ttc[$societe->price_level];
-							// $product->multiprices_base_type[$societe->price_level];
-							if (! empty($conf->global->PRODUIT_MULTIPRICES_USE_VAT_PER_LEVEL))  // using this option is a bug. kept for backward compatibility
-							{
-							    if (isset($prod->multiprices_tva_tx[$societe->price_level])) $tva_tx=$prod->multiprices_tva_tx[$societe->price_level];
-							    if (isset($prod->multiprices_recuperableonly[$societe->price_level])) $tva_npr=$prod->multiprices_recuperableonly[$societe->price_level];
-							    if (empty($tva_tx)) $tva_npr=0;
-							}
-						}
+					    $pu_ht = $prod->multiprices[$societe->price_level];
+					    $pu_ttc = $prod->multiprices_ttc[$societe->price_level];
+					    $price_min = $prod->multiprices_min[$societe->price_level];
+					    $price_base_type = $prod->multiprices_base_type[$societe->price_level];
+					    if (! empty($conf->global->PRODUIT_MULTIPRICES_USE_VAT_PER_LEVEL))  // using this option is a bug. kept for backward compatibility
+					    {
+					        if (isset($prod->multiprices_tva_tx[$societe->price_level])) $tva_tx=$prod->multiprices_tva_tx[$societe->price_level];
+					        if (isset($prod->multiprices_recuperableonly[$societe->price_level])) $tva_npr=$prod->multiprices_recuperableonly[$societe->price_level];
+					    }
+					}
+					elseif (! empty($conf->global->PRODUIT_CUSTOMER_PRICES))
+					{
+					    require_once DOL_DOCUMENT_ROOT . '/product/class/productcustomerprice.class.php';
+
+					    $prodcustprice = new Productcustomerprice($db);
+
+					    $filter = array('t.fk_product' => $prod->id,'t.fk_soc' => $societe->id);
+
+					    $result = $prodcustprice->fetch_all('', '', 0, 0, $filter);
+					    if ($result >= 0)
+					    {
+					        if (count($prodcustprice->lines) > 0)
+					        {
+					            $pu_ht = price($prodcustprice->lines [0]->price);
+					            $pu_ttc = price($prodcustprice->lines [0]->price_ttc);
+					            $price_base_type = $prodcustprice->lines [0]->price_base_type;
+					            $tva_tx = $prodcustprice->lines [0]->tva_tx;
+					        }
+					    }
+					    else
+					    {
+					        setEventMessages($prodcustprice->error, $prodcustprice->errors, 'errors');
+					    }
+					}
+
+					$tmpvat = price2num(preg_replace('/\s*\(.*\)/', '', $tva_tx));
+					$tmpprodvat = price2num(preg_replace('/\s*\(.*\)/', '', $prod->tva_tx));
+
+					// if price ht is forced (ie: calculated by margin rate and cost price). TODO Why this ?
+					if (! empty($price_ht)) {
+					    $pu_ht = price2num($price_ht, 'MU');
+					    $pu_ttc = price2num($pu_ht * (1 + ($tmpvat / 100)), 'MU');
+					}
+					// On reevalue prix selon taux tva car taux tva transaction peut etre different
+					// de ceux du produit par defaut (par exemple si pays different entre vendeur et acheteur).
+					elseif ($tmpvat != $tmpprodvat) {
+					    if ($price_base_type != 'HT') {
+					        $pu_ht = price2num($pu_ttc / (1 + ($tmpvat / 100)), 'MU');
+					    } else {
+					        $pu_ttc = price2num($pu_ht * (1 + ($tmpvat / 100)), 'MU');
+					    }
 					}
 
-					$ret['tva_tx'] = $tva_tx;
-					$ret['tva_npr'] = $tva_npr;
-                    //var_dump('tva_tx='.$ret['tva_tx'].'-tva_npr='.$ret['tva_npr'].'-'.$conf->global->PRODUIT_MULTIPRICES_USE_VAT_PER_LEVEL);exit;
-                    
 					$obj_facturation->id($ret['rowid']);
 					$obj_facturation->ref($ret['ref']);
 					$obj_facturation->stock($ret['reel']);
 					$obj_facturation->prix($ret['price']);
-					
-					// Use $ret['tva_tx'] / ret['tva_npr'] to find vat id
-					$vatrowid = null;
-					$sqlfindvatid = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'c_tva';
-					$sqlfindvatid.= ' WHERE taux = '.$ret['tva_tx'].' AND recuperableonly = '.(int) $ret['tva_npr'];
-					$sqlfindvatid.= ' AND fk_pays = '.$mysoc->country_id;
-					$resqlfindvatid=$db->query($sqlfindvatid);
-					if ($resqlfindvatid)
-					{
-					    $obj = $db->fetch_object($resqlfindvatid);
-					    if ($obj) $vatrowid = $obj->rowid;
-					}
-					else dol_print_error($db);
-					
-					dol_syslog("save vatrowid=".$vatrowid);
-					$obj_facturation->tva($vatrowid);     // Save vat it for next use
+
+
+					$vatrate = $tva_tx;
+					$obj_facturation->vatrate = $vatrate;       // Save vat rate (full text vat with code)
 
 					// Definition du filtre pour n'afficher que le produit concerne
 					if ( $_POST['hdnSource'] == 'LISTE' )
@@ -168,11 +195,11 @@ switch ( $_GET['action'] )
 		{
 		    dol_syslog("facturation_verif save vat ".$_POST['selTva']);
 			$obj_facturation->qte($_POST['txtQte']);
-			$obj_facturation->tva($_POST['selTva']);                 // Save VAT selected so we can use it for next product
+			$obj_facturation->tva($_POST['selTva']);     // id of vat. Saved so we can use it for next product
 			$obj_facturation->remisePercent($_POST['txtRemise']);
 			$obj_facturation->ajoutArticle();	// This add an entry into $_SESSION['poscart']
 			// We update prixTotalTtc
-			 
+
 		}
 
 		$redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation';

htdocs/cashdesk/tpl/facturation1.tpl.php

@@ -125,12 +125,12 @@ $langs->load("cashdesk");
     			<td><input class="texte1_off maxwidth50onsmartphone" type="text" name="txtTotal" value="" disabled /></td><td></td>
                 <!-- Choix du taux de TVA -->
                 <td class="select_tva">
-                <?php //var_dump($tab_tva); 
-					$tva_tx = $obj_facturation->tva();  // Try to get a previously entered VAT rowid. First time, this will return empty.
+                <?php
+					$vatrate = $obj_facturation->vatrate;      // To get vat rate we just have selected
+
 					$buyer = new Societe($db);
 					if ($_SESSION["CASHDESK_ID_THIRDPARTY"] > 0) $buyer->fetch($_SESSION["CASHDESK_ID_THIRDPARTY"]);
-					
-					echo $form->load_tva('selTva', (isset($_POST["selTva"])?GETPOST("selTva",'alpha',2):-1), $mysoc, $buyer, 0, 0, '', false, -1);
+					echo $form->load_tva('selTva', (isset($_POST["selTva"])?GETPOST("selTva",'alpha',2):$vatrate), $mysoc, $buyer, 0, 0, '', false, -1);
 			    ?>
                 </td>
 			</tr>

htdocs/cashdesk/validation_verif.php

@@ -165,6 +165,7 @@ switch ($action)
 			$tmp = getTaxesFromId($tab_liste[$i]['fk_tva']);
 			$vat_rate = $tmp['rate'];
 			$vat_npr = $tmp['npr'];
+			$vat_src_code = $tmp['code'];
 
 			$invoiceline=new FactureLigne($db);
 			$invoiceline->fk_product=$tab_liste[$i]['fk_article'];
@@ -173,15 +174,17 @@ switch ($action)
 			$invoiceline->remise_percent=$tab_liste[$i]['remise_percent'];
 			$invoiceline->price=$tab_liste[$i]['price'];
 			$invoiceline->subprice=$tab_liste[$i]['price'];
-			
+
 			$invoiceline->tva_tx=empty($vat_rate)?0:$vat_rate;	// works even if vat_rate is ''
 			$invoiceline->info_bits=empty($vat_npr)?0:$vat_npr;
-				
+			$invoiceline->vat_src_code=$vat_src_code;
+
 			$invoiceline->total_ht=$tab_liste[$i]['total_ht'];
 			$invoiceline->total_ttc=$tab_liste[$i]['total_ttc'];
 			$invoiceline->total_tva=$tab_liste[$i]['total_vat'];
 			$invoiceline->total_localtax1=$tab_liste[$i]['total_localtax1'];
 			$invoiceline->total_localtax2=$tab_liste[$i]['total_localtax2'];
+
 			$invoice->lines[]=$invoiceline;
 		}
 
@@ -205,7 +208,7 @@ switch ($action)
 			{
 				$warehouseidtodecrease=(isset($_SESSION["CASHDESK_ID_WAREHOUSE"])?$_SESSION["CASHDESK_ID_WAREHOUSE"]:0);
 				if (! empty($conf->global->CASHDESK_NO_DECREASE_STOCK)) $warehouseidtodecrease=0;	// If a particular stock is defined, we disable choice
-				
+
 				$resultvalid=$invoice->validate($user, $obj_facturation->numInvoice(), 0);
 
 				if ($warehouseidtodecrease > 0)
@@ -245,7 +248,7 @@ switch ($action)
 			{
 				$warehouseidtodecrease=(isset($_SESSION["CASHDESK_ID_WAREHOUSE"])?$_SESSION["CASHDESK_ID_WAREHOUSE"]:0);
 				if (! empty($conf->global->CASHDESK_NO_DECREASE_STOCK)) $warehouseidtodecrease=0;	// If a particular stock is defined, we disable choice
-				
+
 				$resultvalid=$invoice->validate($user, $obj_facturation->numInvoice(), 0);
 
 				if ($warehouseidtodecrease > 0)

htdocs/categories/class/categorie.class.php

@@ -52,7 +52,7 @@ class Categorie extends CommonObject
     const TYPE_ACCOUNT = 5;    // for bank account TODO Replace this value with 'account'
     const TYPE_PROJECT = 6;
     public $picto = 'category';
-    
+
 
 	/**
 	 * @var array ID mapping from type string
@@ -556,7 +556,7 @@ class Categorie extends CommonObject
 		        $error++;
 		    }
 		}
-		
+
 		if (! $error)
 		{
 			$sql  = "DELETE FROM ".MAIN_DB_PREFIX."categorie_lang";
@@ -1163,11 +1163,11 @@ class Categorie extends CommonObject
 				 */
 				if($obj[0] > 0 && $obj[0] != $this->id)
 				{
-					dol_syslog(get_class($this)."::already_exists category with name=".$this->label." exist rowid=".$obj[0]." current_id=".$this->id, LOG_DEBUG);
+					dol_syslog(get_class($this)."::already_exists category with name=".$this->label." and parent ".$this->fk_parent." exists: rowid=".$obj[0]." current_id=".$this->id, LOG_DEBUG);
 					return 1;
 				}
 			}
-			dol_syslog(get_class($this)."::already_exists no category with same name=".$this->label." rowid=".$obj[0]." current_id=".$this->id, LOG_DEBUG);
+			dol_syslog(get_class($this)."::already_exists no category with same name=".$this->label." and same parent ".$this->fk_parent.": rowid=".$obj[0]." current_id=".$this->id, LOG_DEBUG);
 			return 0;
 		}
 		else
@@ -1737,8 +1737,8 @@ class Categorie extends CommonObject
 	{
 	    return '';
 	}
-	
-	
+
+
     /**
      *  Initialise an instance with random values.
      *  Used to build previews or test instances.

htdocs/comm/action/card.php

@@ -1,12 +1,12 @@
 <?php
-/* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2016 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005      Simon TOSSER         <simon@kornog-computing.com>
- * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@capnetworks.com>
- * Copyright (C) 2010-2013 Juanjo Menent        <jmenent@2byte.es>
- * Copyright (C) 2013      Florian Henry        <florian.henry@open-concept.pro>
- * Copyright (C) 2014      Cedric GROSS         <c.gross@kreiz-it.fr>
- * Copyright (C) 2015	   Alexandre Spangaro   <aspangaro.dolibarr@gmail.com>
+/* Copyright (C) 2001-2005	Rodolphe Quiedeville	<rodolphe@quiedeville.org>
+ * Copyright (C) 2004-2016	Laurent Destailleur	<eldy@users.sourceforge.net>
+ * Copyright (C) 2005		Simon TOSSER			<simon@kornog-computing.com>
+ * Copyright (C) 2005-2017	Regis Houssin		<regis.houssin@capnetworks.com>
+ * Copyright (C) 2010-2013	Juanjo Menent		<jmenent@2byte.es>
+ * Copyright (C) 2013		Florian Henry		<florian.henry@open-concept.pro>
+ * Copyright (C) 2014		Cedric GROSS			<c.gross@kreiz-it.fr>
+ * Copyright (C) 2015		Alexandre Spangaro	<aspangaro.dolibarr@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -121,7 +121,7 @@ if (GETPOST('removedassigned') || GETPOST('removedassigned') == '0')
 	$donotclearsession=1;
 	if ($action == 'add') $action = 'create';
 	if ($action == 'update') $action = 'edit';
-	
+
 	$listUserAssignedUpdated = true;
 }
 
@@ -572,6 +572,11 @@ if ($action == 'mupdate')
 
 }
 
+// Actions to delete doc
+$upload_dir = $conf->agenda->dir_output.'/'.dol_sanitizeFileName($object->ref);
+$permissioncreate = ($user->rights->agenda->allactions->delete ||	(($object->authorid == $user->id || $object->userownerid == $user->id) && $user->rights->agenda->myactions->delete));
+include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php';
+
 
 /*
  * View
@@ -724,7 +729,7 @@ if ($action == 'create')
 	print '<div class="assignedtouser">';
 	print $form->select_dolusers_forevent(($action=='create'?'add':'update'), 'assignedtouser', 1, '', 0, '', '', 0, 0, 0, 'AND u.statut != 0');
 	print '</div>';
-	if (in_array($user->id,array_keys($listofuserid))) 
+	if (in_array($user->id,array_keys($listofuserid)))
 	{
 		print '<div class="myavailability">';
 		print $langs->trans("MyAvailability").': <input id="transparency" type="checkbox" name="transparency"'.(((! isset($_GET['transparency']) && ! isset($_POST['transparency'])) || GETPOST('transparency'))?' checked':'').'> '.$langs->trans("Busy");
@@ -851,11 +856,11 @@ if ($id > 0)
 	$result3=$object->fetch_contact();
 	$result4=$object->fetch_userassigned();
 	$result5=$object->fetch_optionals($id,$extralabels);
-	
-	if ($listUserAssignedUpdated || $donotclearsession) 
+
+	if ($listUserAssignedUpdated || $donotclearsession)
 	{
         $percentage=in_array(GETPOST('status'),array(-1,100))?GETPOST('status'):(in_array(GETPOST('complete'),array(-1,100))?GETPOST('complete'):GETPOST("percentage"));	// If status is -1 or 100, percentage is not defined and we must use status
-	
+
 		$datep=dol_mktime($fulldayevent?'00':$aphour, $fulldayevent?'00':$apmin, 0, $_POST["apmonth"], $_POST["apday"], $_POST["apyear"]);
 		$datef=dol_mktime($fulldayevent?'23':$p2hour, $fulldayevent?'59':$p2min, $fulldayevent?'59':'0', $_POST["p2month"], $_POST["p2day"], $_POST["p2year"]);
 
@@ -872,7 +877,7 @@ if ($id > 0)
 		//$object->societe->id = $_POST["socid"];			// deprecated
 		//$object->contact->id = $_POST["contactid"];		// deprecated
 		$object->fk_project  = GETPOST("projectid",'int');
-		
+
 		$object->note = GETPOST("note");
 	}
 
@@ -1064,11 +1069,11 @@ if ($id > 0)
 				$listofuserid=json_decode($_SESSION['assignedtouser'], true);
 			}
 		}
-		
+
 		print '<div class="assignedtouser">';
 		print $form->select_dolusers_forevent(($action=='create'?'add':'update'), 'assignedtouser', 1, '', 0, '', '', 0, 0, 0, 'AND u.statut != 0');
 		print '</div>';
-		if (in_array($user->id,array_keys($listofuserid))) 
+		if (in_array($user->id,array_keys($listofuserid)))
 		{
 			print '<div class="myavailability">';
 			print $langs->trans("MyAvailability").':  <input id="transparency" type="checkbox" name="transparency"'.($listofuserid[$user->id]['transparency']?' checked':'').'>'.$langs->trans("Busy");
@@ -1086,10 +1091,10 @@ if ($id > 0)
 
 		print '</table>';
 
-		
+
 		print '<br><br>';
 
-		
+
 		print '<table class="border" width="100%">';
 
 		// Thirdparty - Contact
@@ -1196,15 +1201,15 @@ if ($id > 0)
 		$out.=img_picto($langs->trans("ViewCal"),'object_calendar','class="hideonsmartphone pictoactionview"');
 		$out.='<a href="'.DOL_URL_ROOT.'/comm/action/index.php?action=show_month&year='.dol_print_date($object->datep,'%Y').'&month='.dol_print_date($object->datep,'%m').'&day='.dol_print_date($object->datep,'%d').'">'.$langs->trans("ViewCal").'</a>';
 		$out.=img_picto($langs->trans("ViewWeek"),'object_calendarweek','class="hideonsmartphone pictoactionview"');
-		$out.='<a href="'.DOL_URL_ROOT.'/comm/action/index.php?action=show_day&year='.dol_print_date($object->datep,'%Y').'&month='.dol_print_date($object->datep,'%m').'&day='.dol_print_date($object->datep,'%d').'">'.$langs->trans("ViewWeek").'</a>';
+		$out.='<a href="'.DOL_URL_ROOT.'/comm/action/index.php?action=show_week&year='.dol_print_date($object->datep,'%Y').'&month='.dol_print_date($object->datep,'%m').'&day='.dol_print_date($object->datep,'%d').'">'.$langs->trans("ViewWeek").'</a>';
 		$out.=img_picto($langs->trans("ViewDay"),'object_calendarday','class="hideonsmartphone pictoactionview"');
 		$out.='<a href="'.DOL_URL_ROOT.'/comm/action/index.php?action=show_day&year='.dol_print_date($object->datep,'%Y').'&month='.dol_print_date($object->datep,'%m').'&day='.dol_print_date($object->datep,'%d').'">'.$langs->trans("ViewDay").'</a>';
 		$linkback.=$out;
-		
+
 		dol_banner_tab($object, 'id', $linkback, ($user->societe_id?0:1), 'id', 'ref', '');
-		
+
 		print '<div class="underbanner clearboth"></div>';
-		
+
 		// Affichage fiche action en mode visu
 		print '<table class="border" width="100%">';
 
@@ -1268,7 +1273,7 @@ if ($id > 0)
 		print '<div class="assignedtouser">';
 		print $form->select_dolusers_forevent('view', 'assignedtouser', 1, '', 0, '', '', 0, 0, 0, '', 0, '', 'maxwidth300');
 		print '</div>';
-		if ($object->datep != $object->datef && in_array($user->id,array_keys($listofuserid))) 
+		if ($object->datep != $object->datef && in_array($user->id,array_keys($listofuserid)))
 		{
 			print '<div class="myavailability">';
 			print $langs->trans("MyAvailability").': '.(($object->userassigned[$user->id]['transparency'] > 0)?$langs->trans("Busy"):$langs->trans("Available"));	// We show nothing if event is assigned to nobody
@@ -1449,7 +1454,7 @@ if ($id > 0)
              */
 
             $filedir=$conf->agenda->multidir_output[$conf->entity].'/'.$object->id;
-            $urlsource=$_SERVER["PHP_SELF"]."?socid=".$object->id;
+            $urlsource=$_SERVER["PHP_SELF"]."?id=".$object->id;
 
             $genallowed=$user->rights->agenda->myactions->create;
 	        $delallowed=$user->rights->agenda->myactions->delete;

htdocs/comm/action/class/api_agendaevents.class.php

@@ -289,7 +289,7 @@ class AgendaEvents extends DolibarrApi
     function _validate($data)
     {
         $event = array();
-        foreach (Events::$FIELDS as $field) {
+        foreach (AgendaEvents::$FIELDS as $field) {
             if (!isset($data[$field]))
                 throw new RestException(400, "$field field missing");
             $event[$field] = $data[$field];

htdocs/comm/mailing/list.php

@@ -41,8 +41,8 @@ $pagenext = $page + 1;
 if (! $sortorder) $sortorder="DESC";
 if (! $sortfield) $sortfield="m.date_creat";
 
-$sall=GETPOST("sall","alpha");
-$sref=GETPOST("sref","alpha");
+$sall=GETPOST('sall', 'alphanohtml');
+$sref=GETPOST("sref", "alpha");
 $filteremail=GETPOST('filteremail','alpha');
 
 // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array

htdocs/comm/propal/card.php

@@ -750,7 +750,7 @@ if (empty($reshook))
 				$tva_tx = get_default_tva($mysoc, $object->thirdparty, $prod->id);
 				$tva_npr = get_default_npr($mysoc, $object->thirdparty, $prod->id);
 				if (empty($tva_tx)) $tva_npr=0;
-
+				
 				$pu_ht = $prod->price;
 				$pu_ttc = $prod->price_ttc;
 				$price_min = $prod->price_min;
@@ -775,15 +775,16 @@ if (empty($reshook))
 
 					$prodcustprice = new Productcustomerprice($db);
 
-					$filter = array('t.fk_product' => $prod->id,'t.fk_soc' => $object->thirdparty->id);
+					$filter = array('t.fk_product' => $prod->id, 't.fk_soc' => $object->thirdparty->id);
 
 					$result = $prodcustprice->fetch_all('', '', 0, 0, $filter);
 					if ($result) {
+					    // If there is some prices specific to the customer
 						if (count($prodcustprice->lines) > 0) {
 							$pu_ht = price($prodcustprice->lines[0]->price);
 							$pu_ttc = price($prodcustprice->lines[0]->price_ttc);
 							$price_base_type = $prodcustprice->lines[0]->price_base_type;
-							$tva_tx = $prodcustprice->lines[0]->tva_tx;
+							$tva_tx = ($prodcustprice->lines[0]->default_vat_code ? $prodcustprice->lines[0]->tva_tx . ' ('.$prodcustprice->lines[0]->default_vat_code.' )' : $prodcustprice->lines[0]->tva_tx);
 						}
 					}
 				}

htdocs/comm/propal/class/propal.class.php

@@ -947,7 +947,7 @@ class Propal extends CommonObject
             if ($this->id)
             {
                 $this->ref='(PROV'.$this->id.')';
-                $sql = 'UPDATE '.MAIN_DB_PREFIX."propal SET ref='".$this->ref."' WHERE rowid=".$this->id;
+                $sql = 'UPDATE '.MAIN_DB_PREFIX."propal SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".$this->id;
 
                 dol_syslog(get_class($this)."::create", LOG_DEBUG);
                 $resql=$this->db->query($sql);
@@ -1868,7 +1868,7 @@ class Propal extends CommonObject
             {
             	$this->oldcopy= clone $this;
             	$this->fk_availability = $id;
-            	$this->availability_id = $availability_id;
+            	$this->availability_id = $id;
             }
 
             if (! $notrigger && empty($error))
@@ -3931,14 +3931,14 @@ class PropaleLigne  extends CommonObjectLine
         $sql.= ", tva_tx='".price2num($this->tva_tx)."'";
         $sql.= ", localtax1_tx=".price2num($this->localtax1_tx);
         $sql.= ", localtax2_tx=".price2num($this->localtax2_tx);
-		$sql.= ", localtax1_type='".$this->localtax1_type."'";
-		$sql.= ", localtax2_type='".$this->localtax2_type."'";
+		$sql.= ", localtax1_type='".$this->db->escape($this->localtax1_type)."'";
+		$sql.= ", localtax2_type='".$this->db->escape($this->localtax2_type)."'";
         $sql.= ", qty='".price2num($this->qty)."'";
         $sql.= ", subprice=".price2num($this->subprice)."";
         $sql.= ", remise_percent=".price2num($this->remise_percent)."";
         $sql.= ", price=".price2num($this->price)."";					// TODO A virer
         $sql.= ", remise=".price2num($this->remise)."";				// TODO A virer
-        $sql.= ", info_bits='".$this->info_bits."'";
+        $sql.= ", info_bits='".$this->db->escape($this->info_bits)."'";
         if (empty($this->skip_update_total))
         {
             $sql.= ", total_ht=".price2num($this->total_ht)."";

htdocs/comm/propal/document.php

@@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2003-2004 Rodolphe Quiedeville  <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2009 Laurent Destailleur   <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2017 Laurent Destailleur   <eldy@users.sourceforge.net>
  * Copyright (C) 2005      Marc Barilley / Ocebo <marc@ocebo.com>
  * Copyright (C) 2005-2012 Regis Houssin         <regis.houssin@capnetworks.com>
  * Copyright (C) 2013      Cédric Salvador       <csalvador@gpcsolutions.fr>
@@ -63,17 +63,18 @@ if (! $sortfield) $sortfield="name";
 
 $object = new Propal($db);
 $object->fetch($id,$ref);
-if ($object->id > 0)
-{
-	$object->fetch_thirdparty();
-	$upload_dir = $conf->propal->dir_output.'/'.dol_sanitizeFileName($object->ref);
-	include_once DOL_DOCUMENT_ROOT . '/core/actions_linkedfiles.inc.php';
-}
+
 
 /*
  * Actions
  */
 
+if ($object->id > 0)
+{
+    $object->fetch_thirdparty();
+    $upload_dir = $conf->propal->dir_output.'/'.dol_sanitizeFileName($object->ref);
+    include_once DOL_DOCUMENT_ROOT . '/core/actions_linkedfiles.inc.php';
+}
 
 
 /*
@@ -101,10 +102,10 @@ if ($object->id > 0)
 
 
 	// Proposal card
-	
+
 	$linkback = '<a href="' . DOL_URL_ROOT . '/comm/propal/list.php' . (! empty($socid) ? '?socid=' . $socid : '') . '">' . $langs->trans("BackToList") . '</a>';
-	
-	
+
+
 	$morehtmlref='<div class="refidno">';
 	// Ref customer
 	$morehtmlref.=$form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1);
@@ -145,24 +146,24 @@ if ($object->id > 0)
 	    }
 	}
 	$morehtmlref.='</div>';
-	
+
 	dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref);
-	
-	
+
+
 	print '<div class="fichecenter">';
 	print '<div class="underbanner clearboth"></div>';
-	
+
 	print '<table class="border" width="100%">';
-	
+
 	// Files infos
 	print '<tr><td class="titlefield">'.$langs->trans("NbOfAttachedFiles").'</td><td>'.count($filearray).'</td></tr>';
 	print '<tr><td>'.$langs->trans("TotalSizeOfAttachedFiles").'</td><td>'.$totalsize.' '.$langs->trans("bytes").'</td></tr>';
-	
+
 	print "</table>\n";
-	
+
 	print '</div>';
-	
-	
+
+
 	dol_fiche_end();
 
 	$modulepart = 'propal';

htdocs/comm/propal/list.php

@@ -73,11 +73,11 @@ $search_zip=GETPOST('search_zip','alpha');
 $search_state=trim(GETPOST("search_state"));
 $search_country=GETPOST("search_country",'int');
 $search_type_thirdparty=GETPOST("search_type_thirdparty",'int');
-$viewstatut=GETPOST('viewstatut');
+$viewstatut=GETPOST('viewstatut','alpha');
 $optioncss = GETPOST('optioncss','alpha');
-$object_statut=GETPOST('propal_statut');
+$object_statut=GETPOST('propal_statut','alpha');
 
-$sall=GETPOST("sall");
+$sall=GETPOST('sall', 'alphanohtml');
 $mesg=(GETPOST("msg") ? GETPOST("msg") : GETPOST("mesg"));
 
 $day=GETPOST("day","int");
@@ -161,7 +161,7 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab
     }
 }
 
-$object = new Propal($db);	// To be passed as parameter of executeHooks that need 
+$object = new Propal($db);	// To be passed as parameter of executeHooks that need
 
 
 /*
@@ -273,25 +273,25 @@ if (! $user->rights->societe->client->voir && ! $socid) //restriction
 	$sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 }
 if ($search_town)  $sql.= natural_search('s.town', $search_town);
-if ($search_zip)   $sql.= natural_search("s.zip",$search_zip);
-if ($search_state) $sql.= natural_search("state.nom",$search_state);
-if ($search_country) $sql .= " AND s.fk_pays IN (".$search_country.')';
-if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')';
-if ($search_ref)   $sql .= natural_search('p.ref', $search_ref);
+if ($search_zip)   $sql.= natural_search("s.zip", $search_zip);
+if ($search_state) $sql.= natural_search("state.nom", $search_state);
+if ($search_country) $sql .= " AND s.fk_pays IN (".$db->escape($search_country).')';
+if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$db->escape($search_type_thirdparty).')';
+if ($search_ref)         $sql .= natural_search('p.ref', $search_ref);
 if ($search_refcustomer) $sql .= natural_search('p.ref_client', $search_refcustomer);
-if ($search_societe) $sql .= natural_search('s.nom', $search_societe);
-if ($search_login) $sql.= " AND u.login LIKE '%".$db->escape(trim($search_login))."%'";
+if ($search_societe)     $sql .= natural_search('s.nom', $search_societe);
+if ($search_login)       $sql .= natural_search("u.login", $search_login);
 if ($search_montant_ht != '')  $sql.= natural_search("p.total_ht", $search_montant_ht, 1);
 if ($search_montant_vat != '') $sql.= natural_search("p.tva", $search_montant_vat, 1);
 if ($search_montant_ttc != '') $sql.= natural_search("p.total", $search_montant_ttc, 1);
 if ($sall) {
     $sql .= natural_search(array_keys($fieldstosearchall), $sall);
 }
-if ($search_product_category > 0) $sql.=" AND cp.fk_categorie = ".$search_product_category;
+if ($search_product_category > 0) $sql.=" AND cp.fk_categorie = ".$db->escape($search_product_category);
 if ($socid > 0) $sql.= ' AND s.rowid = '.$socid;
 if ($viewstatut != '' && $viewstatut != '-1')
 {
-	$sql.= ' AND p.fk_statut IN ('.$viewstatut.')';
+	$sql.= ' AND p.fk_statut IN ('.$db->escape($viewstatut).')';
 }
 if ($month > 0)
 {
@@ -300,16 +300,16 @@ if ($month > 0)
     else if ($year > 0 && ! empty($day))
     $sql.= " AND p.datep BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $month, $day, $year))."' AND '".$db->idate(dol_mktime(23, 59, 59, $month, $day, $year))."'";
     else
-    $sql.= " AND date_format(p.datep, '%m') = '".$month."'";
+    $sql.= " AND date_format(p.datep, '%m') = '".$db->escape($month)."'";
 }
 else if ($year > 0)
 {
 	$sql.= " AND p.datep BETWEEN '".$db->idate(dol_get_first_day($year,1,false))."' AND '".$db->idate(dol_get_last_day($year,12,false))."'";
 }
-if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$search_sale;
+if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$db->escape($search_sale);
 if ($search_user > 0)
 {
-    $sql.= " AND c.fk_c_type_contact = tc.rowid AND tc.element='propal' AND tc.source='internal' AND c.element_id = p.rowid AND c.fk_socpeople = ".$search_user;
+    $sql.= " AND c.fk_c_type_contact = tc.rowid AND tc.element='propal' AND tc.source='internal' AND c.element_id = p.rowid AND c.fk_socpeople = ".$db->escape($search_user);
 }
 // Add where from extra fields
 foreach ($search_array_options as $key => $val)
@@ -353,32 +353,33 @@ if ($resql)
 		$soc = new Societe($db);
 		$soc->fetch($socid);
 		$title = $langs->trans('ListOfProposals') . ' - '.$soc->name;
+		if (empty($search_societe)) $search_societe = $soc->name;
 	}
 	else
 	{
 	    $title = $langs->trans('ListOfProposals');
-	}	
+	}
 
 	$num = $db->num_rows($resql);
-	
+
 	$arrayofselected=is_array($toselect)?$toselect:array();
-	
-	$param='&viewstatut='.$viewstatut;
-    if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.$contextpage;
-	if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.$limit;
-	if ($sall)				 $param.='&sall='.$sall;
-	if ($month)              $param.='&month='.$month;
-	if ($year)               $param.='&year='.$year;
-    if ($search_ref)         $param.='&search_ref=' .$search_ref;
-    if ($search_refcustomer) $param.='&search_refcustomer=' .$search_refcustomer;
-    if ($search_societe)     $param.='&search_societe=' .$search_societe;
-	if ($search_user > 0)    $param.='&search_user='.$search_user;
-	if ($search_sale > 0)    $param.='&search_sale='.$search_sale;
-	if ($search_montant_ht)  $param.='&search_montant_ht='.$search_montant_ht;
-	if ($search_login)  	 $param.='&search_login='.$search_login;
-	if ($search_town)		 $param.='&search_town='.$search_town;
-	if ($socid > 0)          $param.='&socid='.$socid;
-	if ($optioncss != '') $param.='&optioncss='.$optioncss;
+
+	$param='&viewstatut='.urlencode($viewstatut);
+    if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.urlencode($contextpage);
+	if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.urlencode($limit);
+	if ($sall)				 $param.='&sall='.urlencode($sall);
+	if ($month)              $param.='&month='.urlencode($month);
+	if ($year)               $param.='&year='.urlencode($year);
+    if ($search_ref)         $param.='&search_ref='.urlencode($search_ref);
+    if ($search_refcustomer) $param.='&search_refcustomer='.urlencode($search_refcustomer);
+    if ($search_societe)     $param.='&search_societe='.urlencode($search_societe);
+	if ($search_user > 0)    $param.='&search_user='.urlencode($search_user);
+	if ($search_sale > 0)    $param.='&search_sale='.urlencode($search_sale);
+	if ($search_montant_ht)  $param.='&search_montant_ht='.urlencode($search_montant_ht);
+	if ($search_login)  	 $param.='&search_login='.urlencode($search_login);
+	if ($search_town)		 $param.='&search_town='.urlencode($search_town);
+	if ($socid > 0)          $param.='&socid='.urlencode($socid);
+	if ($optioncss != '') $param.='&optioncss='.urlencode($optioncss);
 	// Add $param from extra fields
 	foreach ($search_array_options as $key => $val)
 	{
@@ -386,7 +387,7 @@ if ($resql)
 	    $tmpkey=preg_replace('/search_options_/','',$key);
 	    if ($val != '') $param.='&search_options_'.$tmpkey.'='.urlencode($val);
 	}
-	
+
 	// List of mass actions available
 	$arrayofmassactions =  array(
 	    'presend'=>$langs->trans("SendByMail"),
@@ -395,7 +396,7 @@ if ($resql)
 	if ($user->rights->propal->supprimer) $arrayofmassactions['delete']=$langs->trans("Delete");
 	if ($massaction == 'presend') $arrayofmassactions=array();
 	$massactionbutton=$form->selectMassAction('', $arrayofmassactions);
-	
+
 	// Lignes des champs de filtre
 	print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
     if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
@@ -406,11 +407,11 @@ if ($resql)
 	print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
 
 	print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'title_commercial.png', 0, '', '', $limit);
-	
+
 	if ($massaction == 'presend')
 	{
 	    $langs->load("mails");
-	
+
 	    if (! GETPOST('cancel'))
 	    {
 	        $objecttmp=new Propal($db);
@@ -429,17 +430,17 @@ if ($resql)
 	            }
 	        }
 	    }
-	
+
 	    print '<input type="hidden" name="massaction" value="confirm_presend">';
-	
+
 	    include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
 	    $formmail = new FormMail($db);
-	
+
 	    dol_fiche_head(null, '', '');
-	
+
 	    $topicmail="SendSupplierProposalRef";
 	    $modelmail="supplier_proposal_send";
-	
+
 	    // Cree l'objet formulaire mail
 	    include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
 	    $formmail = new FormMail($db);
@@ -492,25 +493,25 @@ if ($resql)
 	    $formmail->substit['__REFCLIENT__']='__REFCLIENT__';	// We want to keep the tag
 	    $formmail->substit['__PERSONALIZED__']='';
 	    $formmail->substit['__CONTACTCIVNAME__']='';
-	
+
 	    // Tableau des parametres complementaires du post
 	    $formmail->param['action']=$action;
 	    $formmail->param['models']=$modelmail;
 	    $formmail->param['models_id']=GETPOST('modelmailselected','int');
 	    $formmail->param['id']=join(',',$arrayofselected);
 	    //$formmail->param['returnurl']=$_SERVER["PHP_SELF"].'?id='.$object->id;
-	
+
 	    print $formmail->get_form();
-	
+
 	    dol_fiche_end();
 	}
-	
+
 	if ($sall)
     {
         foreach($fieldstosearchall as $key => $val) $fieldstosearchall[$key]=$langs->trans($val);
         print $langs->trans("FilterOnInto", $sall) . join(', ',$fieldstosearchall);
     }
-	
+
 	$i = 0;
 
 	$moreforfilter='';
@@ -546,7 +547,7 @@ if ($resql)
 	$reshook=$hookmanager->executeHooks('printFieldPreListTitle',$parameters);    // Note that $action and $object may have been modified by hook
 	if (empty($reshook)) $moreforfilter .= $hookmanager->resPrint;
 	else $moreforfilter = $hookmanager->resPrint;
-	
+
 	if (! empty($moreforfilter))
 	{
         print '<div class="liste_titre liste_titre_bydiv centpercent">';
@@ -556,10 +557,10 @@ if ($resql)
 
     $varpage=empty($contextpage)?$_SERVER["PHP_SELF"]:$contextpage;
     $selectedfields=$form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage);	// This also change content of $arrayfields
-	
+
     print '<div class="div-table-responsive">';
 	print '<table class="tagtable liste'.($moreforfilter?" listwithfilterbefore":"").'">'."\n";
-	
+
 	// Fields title
 	print '<tr class="liste_titre">';
 	if (! empty($arrayfields['p.ref']['checked']))            print_liste_field_titre($arrayfields['p.ref']['label'],$_SERVER["PHP_SELF"],'p.ref','',$param,'',$sortfield,$sortorder);
@@ -579,9 +580,9 @@ if ($resql)
 	// Extra fields
 	if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label))
 	{
-	   foreach($extrafields->attribute_label as $key => $val) 
+	   foreach($extrafields->attribute_label as $key => $val)
 	   {
-           if (! empty($arrayfields["ef.".$key]['checked'])) 
+           if (! empty($arrayfields["ef.".$key]['checked']))
            {
 				$align=$extrafields->getAlignFlag($key);
 				print_liste_field_titre($extralabels[$key],$_SERVER["PHP_SELF"],"ef.".$key,"",$param,($align?'align="'.$align.'"':''),$sortfield,$sortorder);
@@ -597,9 +598,9 @@ if ($resql)
 	if (! empty($arrayfields['p.fk_statut']['checked'])) print_liste_field_titre($arrayfields['p.fk_statut']['label'],$_SERVER["PHP_SELF"],"p.fk_statut","",$param,'align="right"',$sortfield,$sortorder);
 	print_liste_field_titre($selectedfields, $_SERVER["PHP_SELF"],"",'','','align="right"',$sortfield,$sortorder,'maxwidthsearch ');
 	print '</tr>'."\n";
-	
+
 	print '<tr class="liste_titre">';
-	if (! empty($arrayfields['p.ref']['checked']))            
+	if (! empty($arrayfields['p.ref']['checked']))
 	{
 	    print '<td class="liste_titre">';
     	print '<input class="flat" size="6" type="text" name="search_ref" value="'.$search_ref.'">';
@@ -641,7 +642,7 @@ if ($resql)
     	print '</td>';
     }
 	// Date
-	if (! empty($arrayfields['p.date']['checked'])) 
+	if (! empty($arrayfields['p.date']['checked']))
 	{
 	    print '<td class="liste_titre" colspan="1" align="center">';
     	//print $langs->trans('Month').': ';
@@ -653,7 +654,7 @@ if ($resql)
     	print '</td>';
 	}
 	// Date end
-	if (! empty($arrayfields['p.fin_validite']['checked'])) 
+	if (! empty($arrayfields['p.fin_validite']['checked']))
 	{
 	   print '<td class="liste_titre" colspan="1">&nbsp;</td>';
 	}
@@ -736,7 +737,7 @@ if ($resql)
 	$searchpitco=$form->showFilterAndCheckAddButtons($massactionbutton?1:0, 'checkforselect', 1);
 	print $searchpitco;
 	print '</td>';
-	
+
 	print "</tr>\n";
 
 	$now = dol_now();
@@ -747,16 +748,16 @@ if ($resql)
 	{
 		$obj = $db->fetch_object($resql);
 		$var=!$var;
-		
+
     	$objectstatic->id=$obj->rowid;
     	$objectstatic->ref=$obj->ref;
-    		
+
 		print '<tr '.$bc[$var].'>';
-		
+
 		if (! empty($arrayfields['p.ref']['checked']))
 		{
     		print '<td class="nowrap">';
-    
+
     		print '<table class="nobordernopadding"><tr class="nocellnopadd">';
             // Picto + Ref
     		print '<td class="nobordernopadding nowrap">';
@@ -785,11 +786,11 @@ if ($resql)
     		$urlsource=$_SERVER['PHP_SELF'].'?id='.$obj->rowid;
     		print $formfile->getDocumentsLink($objectstatic->element, $filename, $filedir);
     		print '</td></tr></table>';
-    
+
     		print "</td>\n";
     		if (! $i) $totalarray['nbfield']++;
 		}
-		
+
 		if (! empty($arrayfields['p.ref_client']['checked']))
 		{
     		// Customer ref
@@ -798,12 +799,12 @@ if ($resql)
     		print '</td>';
     		if (! $i) $totalarray['nbfield']++;
 		}
-		
+
 		$companystatic->id=$obj->socid;
 		$companystatic->name=$obj->name;
 		$companystatic->client=$obj->client;
 		$companystatic->code_client=$obj->code_client;
-		
+
 		// Thirdparty
 		if (! empty($arrayfields['s.nom']['checked']))
 		{
@@ -812,7 +813,7 @@ if ($resql)
     		print '</td>';
     		if (! $i) $totalarray['nbfield']++;
 		}
-		
+
 		// Town
         if (! empty($arrayfields['s.town']['checked']))
         {
@@ -853,7 +854,7 @@ if ($resql)
             print '</td>';
             if (! $i) $totalarray['nbfield']++;
         }
-        
+
 		// Date proposal
         if (! empty($arrayfields['p.date']['checked']))
         {
@@ -862,7 +863,7 @@ if ($resql)
     		print "</td>\n";
     		if (! $i) $totalarray['nbfield']++;
         }
-        
+
 		// Date end validity
         if (! empty($arrayfields['p.fin_validite']['checked']))
         {
@@ -877,7 +878,7 @@ if ($resql)
     		}
     		if (! $i) $totalarray['nbfield']++;
         }
-        
+
         // Amount HT
         if (! empty($arrayfields['p.total_ht']['checked']))
         {
@@ -902,7 +903,7 @@ if ($resql)
 		    if (! $i) $totalarray['totalttcfield']=$totalarray['nbfield'];
 		    $totalarray['totalttc'] += $obj->total_ttc;
         }
-        
+
         $userstatic->id=$obj->fk_user_author;
 		$userstatic->login=$obj->login;
 
@@ -915,7 +916,7 @@ if ($resql)
     		print "</td>\n";
     		if (! $i) $totalarray['nbfield']++;
         }
-        
+
         // Extra fields
         if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label))
         {
@@ -991,7 +992,7 @@ if ($resql)
 		   $i++;
 		   if ($i == 1)
 	       {
-        		if ($num < $limit) print '<td align="left">'.$langs->trans("Total").'</td>';
+        		if ($num < $limit && empty($offset)) print '<td align="left">'.$langs->trans("Total").'</td>';
         		else print '<td align="left">'.$langs->trans("Totalforthispage").'</td>';
 	       }
 		   elseif ($totalarray['totalhtfield'] == $i) print '<td align="right">'.price($totalarray['totalht']).'</td>';
@@ -1000,20 +1001,20 @@ if ($resql)
 		   else print '<td></td>';
 		}
 		print '</tr>';
-		
+
 	}
 
 	$db->free($resql);
-	
+
 	$parameters=array('arrayfields'=>$arrayfields, 'sql'=>$sql);
 	$reshook=$hookmanager->executeHooks('printFieldListFooter',$parameters);    // Note that $action and $object may have been modified by hook
 	print $hookmanager->resPrint;
-				
+
 	print '</table>'."\n";
     print '</div>'."\n";
 
 	print '</form>'."\n";
-	
+
 	if ($massaction == 'builddoc' || $action == 'remove_file' || $show_files)
 	{
 	    /*
@@ -1021,18 +1022,18 @@ if ($resql)
 	     */
 	    $urlsource=$_SERVER['PHP_SELF'].'?sortfield='.$sortfield.'&sortorder='.$sortorder;
 	    $urlsource.=str_replace('&amp;','&',$param);
-	
+
 	    $filedir=$diroutputmassaction;
 	    $genallowed=$user->rights->propal->lire;
 	    $delallowed=$user->rights->propal->lire;
-	
+
 	    print $formfile->showdocuments('massfilesarea_proposals','',$filedir,$urlsource,0,$delallowed,'',1,1,0,48,1,$param,'','');
 	}
 	else
 	{
 	    print '<br><a name="show_files"></a><a href="'.$_SERVER["PHP_SELF"].'?show_files=1'.$param.'#show_files">'.$langs->trans("ShowTempMassFilesArea").'</a>';
 	}
-	
+
 }
 else
 {

htdocs/commande/card.php

@@ -2084,7 +2084,7 @@ if ($action == 'create' && $user->rights->commande->creer)
 			print '</form>';
 		} else {
 			print $object->date ? dol_print_date($object->date, 'day') : '&nbsp;';
-			if ($object->hasDelay() && empty($object->date_livraison)) {
+			if ($object->hasDelay() && ! empty($object->date_livraison)) {
 			    print ' '.img_picto($langs->trans("Late").' : '.$object->showDelay(), "warning");
 			}
 		}

htdocs/commande/class/commande.class.php

@@ -9,7 +9,7 @@
  * Copyright (C) 2012      Cedric Salvador      <csalvador@gpcsolutions.fr>
  * Copyright (C) 2013      Florian Henry		<florian.henry@open-concept.pro>
  * Copyright (C) 2014-2015 Marcos García        <marcosgdf@gmail.com>
- * Copyright (C) 2016      Ferran Marcet        <fmarcet@2byte.es>
+ * Copyright (C) 2016-2017 Ferran Marcet        <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -136,6 +136,7 @@ class Commande extends CommonOrder
     public $linked_objects=array();
 
     public $user_author_id;
+    public $user_valid;
 
 	/**
 	 * @var OrderLine[]
@@ -1359,10 +1360,10 @@ class Commande extends CommonOrder
 
 			$this->line->vat_src_code=$vat_src_code;
             $this->line->tva_tx=$txtva;
-            $this->line->localtax1_tx=$txlocaltax1;
-            $this->line->localtax2_tx=$txlocaltax2;
-			$this->line->localtax1_type = $localtaxes_type[0];
-			$this->line->localtax2_type = $localtaxes_type[2];
+            $this->line->localtax1_tx=$localtaxes_type[1];
+            $this->line->localtax2_tx=$localtaxes_type[3];
+			$this->line->localtax1_type=$localtaxes_type[0];
+			$this->line->localtax2_type=$localtaxes_type[2];
             $this->line->fk_product=$fk_product;
 			$this->line->product_type=$product_type;
             $this->line->fk_remise_except=$fk_remise_except;
@@ -1411,7 +1412,7 @@ class Commande extends CommonOrder
                 if (! empty($fk_parent_line)) $this->line_order(true,'DESC');
 
                 // Mise a jour informations denormalisees au niveau de la commande meme
-                $result=$this->update_price(1,'auto');	// This method is designed to add line from user input so total calculation must be done using 'auto' mode.
+                $result=$this->update_price(1,'auto',0,$mysoc);	// This method is designed to add line from user input so total calculation must be done using 'auto' mode.
                 if ($result > 0)
                 {
                     $this->db->commit();
@@ -1468,7 +1469,7 @@ class Commande extends CommonOrder
             $tva_npr = get_default_npr($mysoc,$this->thirdparty,$prod->id);
             if (empty($tva_tx)) $tva_npr=0;
             $vat_src_code = '';     // May be defined into tva_tx
-            
+
             $localtax1_tx=get_localtax($tva_tx,1,$this->thirdparty,$mysoc,$tva_npr);
             $localtax2_tx=get_localtax($tva_tx,2,$this->thirdparty,$mysoc,$tva_npr);
 
@@ -1542,7 +1543,7 @@ class Commande extends CommonOrder
         // Check parameters
         if (empty($id) && empty($ref) && empty($ref_ext) && empty($ref_int)) return -1;
 
-        $sql = 'SELECT c.rowid, c.date_creation, c.ref, c.fk_soc, c.fk_user_author, c.fk_statut';
+        $sql = 'SELECT c.rowid, c.date_creation, c.ref, c.fk_soc, c.fk_user_author, c.fk_user_valid, c.fk_statut';
         $sql.= ', c.amount_ht, c.total_ht, c.total_ttc, c.tva as total_tva, c.localtax1 as total_localtax1, c.localtax2 as total_localtax2, c.fk_cond_reglement, c.fk_mode_reglement, c.fk_availability, c.fk_input_reason';
         $sql.= ', c.fk_account';
         $sql.= ', c.date_commande';
@@ -1586,6 +1587,7 @@ class Commande extends CommonOrder
                 $this->socid				= $obj->fk_soc;
                 $this->statut				= $obj->fk_statut;
                 $this->user_author_id		= $obj->fk_user_author;
+                $this->user_valid           = $obj->fk_user_valid;
                 $this->total_ht				= $obj->total_ht;
                 $this->total_tva			= $obj->total_tva;
                 $this->total_localtax1		= $obj->total_localtax1;
@@ -1797,7 +1799,7 @@ class Commande extends CommonOrder
                 $line->product_type     = $objp->product_type;
                 $line->qty              = $objp->qty;
 
-                $line->vat_src_code     = $objp->vat_src_code; 
+                $line->vat_src_code     = $objp->vat_src_code;
                 $line->tva_tx           = $objp->tva_tx;
 	            $line->localtax1_tx     = $objp->localtax1_tx;
                 $line->localtax2_tx     = $objp->localtax2_tx;
@@ -3004,8 +3006,8 @@ class Commande extends CommonOrder
 		$sql.= " total_ht=".(isset($this->total_ht)?$this->total_ht:"null").",";
 		$sql.= " total_ttc=".(isset($this->total_ttc)?$this->total_ttc:"null").",";
 		$sql.= " fk_statut=".(isset($this->statut)?$this->statut:"null").",";
-		$sql.= " fk_user_author=".(isset($this->user_author)?$this->user_author:"null").",";
-		$sql.= " fk_user_valid=".(isset($this->fk_user_valid)?$this->fk_user_valid:"null").",";
+		$sql.= " fk_user_author=".(isset($this->user_author_id)?$this->user_author_id:"null").",";
+		$sql.= " fk_user_valid=".(isset($this->user_valid)?$this->user_valid:"null").",";
 		$sql.= " fk_projet=".(isset($this->fk_project)?$this->fk_project:"null").",";
 		$sql.= " fk_cond_reglement=".(isset($this->cond_reglement_id)?$this->cond_reglement_id:"null").",";
 		$sql.= " fk_mode_reglement=".(isset($this->mode_reglement_id)?$this->mode_reglement_id:"null").",";
@@ -3387,7 +3389,7 @@ class Commande extends CommonOrder
         global $conf, $langs, $user;
 
         if (! empty($conf->dol_no_mouse_hover)) $notooltip=1;   // Force disable tooltips
-        
+
         $result='';
 
         if (! empty($conf->expedition->enabled) && ($option == 1 || $option == 2)) $url = DOL_URL_ROOT.'/expedition/shipment.php?id='.$this->id;
@@ -3424,7 +3426,7 @@ class Commande extends CommonOrder
 		    $linkclose.= ' title="'.dol_escape_htmltag($label, 1).'"';
 		    $linkclose.=' class="classfortooltip"';
 		}
-		
+
         $linkstart = '<a href="'.$url.'"';
         $linkstart.=$linkclose.'>';
         $linkend='</a>';
@@ -3883,7 +3885,7 @@ class OrderLine extends CommonOrderLine
 
 	    $this->db->begin();
 
-        $sql = 'DELETE FROM '.MAIN_DB_PREFIX."commandedet WHERE rowid='".$this->rowid."';";
+        $sql = 'DELETE FROM '.MAIN_DB_PREFIX."commandedet WHERE rowid=".$this->rowid;
 
         dol_syslog("OrderLine::delete", LOG_DEBUG);
         $resql=$this->db->query($sql);
@@ -4131,8 +4133,8 @@ class OrderLine extends CommonOrderLine
 		$sql.= " , tva_tx=".price2num($this->tva_tx);
 		$sql.= " , localtax1_tx=".price2num($this->localtax1_tx);
 		$sql.= " , localtax2_tx=".price2num($this->localtax2_tx);
-		$sql.= " , localtax1_type='".$this->localtax1_type."'";
-		$sql.= " , localtax2_type='".$this->localtax2_type."'";
+		$sql.= " , localtax1_type='".$this->db->escape($this->localtax1_type)."'";
+		$sql.= " , localtax2_type='".$this->db->escape($this->localtax2_type)."'";
 		$sql.= " , qty=".price2num($this->qty);
 		$sql.= " , subprice=".price2num($this->subprice)."";
 		$sql.= " , remise_percent=".price2num($this->remise_percent)."";

htdocs/commande/list.php

@@ -71,7 +71,7 @@ $search_zip=GETPOST('search_zip','alpha');
 $search_state=trim(GETPOST("search_state"));
 $search_country=GETPOST("search_country",'int');
 $search_type_thirdparty=GETPOST("search_type_thirdparty",'int');
-$sall=GETPOST('sall');
+$sall=GETPOST('sall', 'alphanohtml');
 $socid=GETPOST('socid','int');
 $search_user=GETPOST('search_user','int');
 $search_sale=GETPOST('search_sale','int');
@@ -165,7 +165,7 @@ if (empty($reshook))
 {
     // Selection of new fields
     include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php';
-    
+
     // Purge search criteria
     if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter.x") || GETPOST("button_removefilter")) // All tests are required to be compatible with all browsers
     {
@@ -208,51 +208,51 @@ if (empty($reshook))
 
 
 if ($massaction == 'confirm_createbills') {
-	
+
 	$orders = GETPOST('toselect');
 	$createbills_onebythird = GETPOST('createbills_onebythird', 'int');
 	$validate_invoices = GETPOST('valdate_invoices', 'int');
-	
+
 	$TFact = array();
 	$TFactThird = array();
-	
+
 	$nb_bills_created = 0;
-	
+
 	$db->begin();
-	
+
 	foreach($orders as $id_order) {
-		
+
 		$cmd = new Commande($db);
 		if($cmd->fetch($id_order) <= 0) continue;
-		
+
 		$object = new Facture($db);
 		if(!empty($createbills_onebythird) && !empty($TFactThird[$cmd->socid])) $object = $TFactThird[$cmd->socid]; // If option "one bill per third" is set, we use already created order.
 		else {
-			
+
 			$object->socid = $cmd->socid;
 			$object->type = Facture::TYPE_STANDARD;
 			$object->cond_reglement_id	= $cmd->cond_reglement_id;
 			$object->mode_reglement_id	= $cmd->mode_reglement_id;
 			$object->fk_project			= $cmd->fk_project;
-			
+
 			$datefacture = dol_mktime(12, 0, 0, $_POST['remonth'], $_POST['reday'], $_POST['reyear']);
 			if (empty($datefacture))
 			{
 				$datefacture = dol_mktime(date("h"), date("M"), 0, date("m"), date("d"), date("Y"));
 			}
-			
+
 			$object->date = $datefacture;
 			$object->origin    = 'commande';
 			$object->origin_id = $id_order;
-			
+
 			$res = $object->create($user);
-			
+
 			if($res > 0) $nb_bills_created++;
-			
+
 		}
-		
+
 		if($object->id > 0) {
-			
+
 			$db->begin();
 			$sql = "INSERT INTO ".MAIN_DB_PREFIX."element_element (";
 			$sql.= "fk_source";
@@ -274,17 +274,17 @@ if ($massaction == 'confirm_createbills') {
 			{
 				$db->rollback();
 			}
-			
+
 			$lines = $cmd->lines;
 			if (empty($lines) && method_exists($cmd, 'fetch_lines'))
 			{
 				$cmd->fetch_lines();
 				$lines = $cmd->lines;
 			}
-			
+
 			$fk_parent_line=0;
 			$num=count($lines);
-			
+
 			for ($i=0;$i<$num;$i++)
 			{
 				$desc=($lines[$i]->desc?$lines[$i]->desc:$lines[$i]->libelle);
@@ -373,43 +373,43 @@ if ($massaction == 'confirm_createbills') {
 						$fk_parent_line = $result;
 					}
 				}
-			}			
-			
+			}
+
 		}
-		 
+
 		$cmd->classifyBilled($user);
 
 		if(!empty($createbills_onebythird) && empty($TFactThird[$cmd->socid])) $TFactThird[$cmd->socid] = $object;
 		else $TFact[$object->id] = $object;
 	}
-	
+
 	// Build doc with all invoices
 	$TAllFact = empty($createbills_onebythird) ? $TFact : $TFactThird;
 	$toselect = array();
-	
+
 	if(!empty($validate_invoices)) {
-		
+
 		$massaction = $action = 'builddoc';
-		
+
 		foreach($TAllFact as &$object) {
 			$object->validate($user);
 			$toselect[] = $object->id; // For builddoc action
-			
+
 			// Fac builddoc
 			$upload_dir = $conf->facture->dir_output;
 		    $permissioncreate=$user->rights->facture->creer;
 		    include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php';
 		}
-		
+
 		$objectclass='Facture';
 	    $objectlabel='Invoice';
 	    $permtoread = $user->rights->facture->lire;
 	    $permtodelete = $user->rights->facture->supprimer;
 	    $uploaddir = $conf->facture->dir_output;
 		include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
-		
+
 	}
-	
+
 	if (! $error)
 	{
 		$db->commit();
@@ -424,7 +424,7 @@ if ($massaction == 'confirm_createbills') {
 		setEventMessages($object->error, $object->errors, 'errors');
 		$error++;
 	}
-	
+
 }
 
 
@@ -578,6 +578,7 @@ if ($resql)
 		$soc = new Societe($db);
 		$soc->fetch($socid);
 		$title = $langs->trans('ListOfOrders') . ' - '.$soc->name;
+		if (empty($search_company)) $search_company = $soc->name;
 	}
 	else
 	{
@@ -601,9 +602,9 @@ if ($resql)
 	$title.=' - '.$langs->trans('StatusOrderValidated').', '.(empty($conf->expedition->enabled)?'':$langs->trans("StatusOrderSent").', ').$langs->trans('StatusOrderToBill');
 
 	$num = $db->num_rows($resql);
-	
+
 	$arrayofselected=is_array($toselect)?$toselect:array();
-	
+
 	$param='';
     if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.$contextpage;
 	if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.$limit;
@@ -635,7 +636,7 @@ if ($resql)
 	    $tmpkey=preg_replace('/search_options_/','',$key);
 	    if ($val != '') $param.='&search_options_'.$tmpkey.'='.urlencode($val);
 	}
-	
+
 	// List of mass actions available
 	$arrayofmassactions =  array(
 	    'presend'=>$langs->trans("SendByMail"),
@@ -658,11 +659,11 @@ if ($resql)
 	print '<input type="hidden" name="viewstatut" value="'.$viewstatut.'">';
 
 	print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'title_commercial.png', 0, '', '', $limit);
-	
+
 	if ($massaction == 'presend')
 	{
 	    $langs->load("mails");
-	
+
 	    if (! GETPOST('cancel'))
 	    {
 	        $objecttmp=new Commande($db);
@@ -681,17 +682,17 @@ if ($resql)
 	            }
 	        }
 	    }
-	
+
 	    print '<input type="hidden" name="massaction" value="confirm_presend">';
-	
+
 	    include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
 	    $formmail = new FormMail($db);
-	
+
 	    dol_fiche_head(null, '', '');
-	
+
 	    $topicmail="SendOrderRef";
 	    $modelmail="order_send";
-	
+
 	    // Cree l'objet formulaire mail
 	    include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
 	    $formmail = new FormMail($db);
@@ -744,23 +745,23 @@ if ($resql)
 	    $formmail->substit['__REFCLIENT__']='__REFCLIENT__';	// We want to keep the tag
 	    $formmail->substit['__PERSONALIZED__']='';
 	    $formmail->substit['__CONTACTCIVNAME__']='';
-	
+
 	    // Tableau des parametres complementaires du post
 	    $formmail->param['action']=$action;
 	    $formmail->param['models']=$modelmail;
 	    $formmail->param['models_id']=GETPOST('modelmailselected','int');
 	    $formmail->param['id']=join(',',$arrayofselected);
 	    //$formmail->param['returnurl']=$_SERVER["PHP_SELF"].'?id='.$object->id;
-	
+
 	    print $formmail->get_form();
-	
+
 	    dol_fiche_end();
 	}
 	elseif ($massaction == 'createbills')
 	{
 		//var_dump($_REQUEST);
 		print '<input type="hidden" name="massaction" value="confirm_createbills">';
-		
+
 		print '<table class="border" width="100%" >';
 		print '<tr>';
 		print '<td class="titlefieldmiddle">';
@@ -787,22 +788,22 @@ if ($resql)
 		print '</td>';
 		print '</tr>';
 		print '</table>';
-		
+
 		print '<br>';
 		print '<div class="center">';
 		print '<input type="submit" class="button" id="createbills" name="createbills" value="'.$langs->trans('CreateInvoiceForThisCustomer').'">  ';
 		print '<input type="submit" class="button" id="cancel" name="cancel" value="'.$langs->trans('Cancel').'">';
 		print '</div>';
 		print '<br>';
-		
+
 	}
-	
+
 	if ($sall)
     {
         foreach($fieldstosearchall as $key => $val) $fieldstosearchall[$key]=$langs->trans($val);
         print $langs->trans("FilterOnInto", $sall) . join(', ',$fieldstosearchall);
     }
-	
+
 	$moreforfilter='';
 
  	// If the user can view prospects other than his'
@@ -829,14 +830,14 @@ if ($resql)
 		$moreforfilter.='<div class="divsearchfield">';
 		$moreforfilter.=$langs->trans('IncludingProductWithTag'). ': ';
 		$cate_arbo = $form->select_all_categories(Categorie::TYPE_PRODUCT, null, 'parent', null, null, 1);
-		$moreforfilter.=$form->selectarray('search_product_category', $cate_arbo, $search_product_category, 1, 0, 0, '', 0, 0, 0, 0, '', 1);
+		$moreforfilter.=$form->selectarray('search_product_category', $cate_arbo, $search_product_category, 1, 0, 0, '', 0, 0, 0, 0, 'maxwidth300', 1);
 		$moreforfilter.='</div>';
 	}
 	$parameters=array();
 	$reshook=$hookmanager->executeHooks('printFieldPreListTitle',$parameters);    // Note that $action and $object may have been modified by hook
 	if (empty($reshook)) $moreforfilter .= $hookmanager->resPrint;
 	else $moreforfilter = $hookmanager->resPrint;
-	
+
 	if (! empty($moreforfilter))
 	{
 		print '<div class="liste_titre liste_titre_bydiv centpercent">';
@@ -846,7 +847,7 @@ if ($resql)
 
     $varpage=empty($contextpage)?$_SERVER["PHP_SELF"]:$contextpage;
     $selectedfields=$form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage);	// This also change content of $arrayfields
-	
+
     print '<div class="div-table-responsive">';
     print '<table class="tagtable liste'.($moreforfilter?" listwithfilterbefore":"").'">'."\n";
 
@@ -868,9 +869,9 @@ if ($resql)
 	// Extra fields
 	if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label))
 	{
-	   foreach($extrafields->attribute_label as $key => $val) 
+	   foreach($extrafields->attribute_label as $key => $val)
 	   {
-           if (! empty($arrayfields["ef.".$key]['checked'])) 
+           if (! empty($arrayfields["ef.".$key]['checked']))
            {
 				$align=$extrafields->getAlignFlag($key);
 				print_liste_field_titre($extralabels[$key],$_SERVER["PHP_SELF"],"ef.".$key,"",$param,($align?'align="'.$align.'"':''),$sortfield,$sortorder);
@@ -890,21 +891,21 @@ if ($resql)
 
 	print '<tr class="liste_titre">';
 	// Ref
-	if (! empty($arrayfields['c.ref']['checked'])) 
+	if (! empty($arrayfields['c.ref']['checked']))
 	{
 	    print '<td class="liste_titre">';
     	print '<input class="flat" size="6" type="text" name="search_ref" value="'.$search_ref.'">';
 	    print '</td>';
 	}
 	// Ref customer
-	if (! empty($arrayfields['c.ref_client']['checked'])) 
+	if (! empty($arrayfields['c.ref_client']['checked']))
 	{
     	print '<td class="liste_titre" align="left">';
     	print '<input class="flat" type="text" size="6" name="search_ref_customer" value="'.$search_ref_customer.'">';
     	print '</td>';
 	}
 	// Thirpdarty
-	if (! empty($arrayfields['s.nom']['checked'])) 
+	if (! empty($arrayfields['s.nom']['checked']))
 	{
     	print '<td class="liste_titre" align="left">';
     	print '<input class="flat" type="text" name="search_company" value="'.$search_company.'">';
@@ -944,7 +945,7 @@ if ($resql)
         $formother->select_year($orderyear?$orderyear:-1,'orderyear',1, 20, 5);
     	print '</td>';
 	}
-	if (! empty($arrayfields['c.date_delivery']['checked'])) 
+	if (! empty($arrayfields['c.date_delivery']['checked']))
 	{
     	print '<td class="liste_titre" align="center">';
         if (! empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) print '<input class="flat" type="text" size="1" maxlength="2" name="deliveryday" value="'.$deliveryday.'">';
@@ -1017,10 +1018,10 @@ if ($resql)
 	{
 	    print '<td class="liste_titre maxwidthonsmartphone" align="right">';
     	$liststatus=array(
-    	    Commande::STATUS_DRAFT=>$langs->trans("StatusOrderDraftShort"), 
-    	    Commande::STATUS_VALIDATED=>$langs->trans("StatusOrderValidated"), 
-    	    Commande::STATUS_ACCEPTED=>$langs->trans("StatusOrderSentShort"), 
-    	    Commande::STATUS_CLOSED=>$langs->trans("StatusOrderDelivered"), 
+    	    Commande::STATUS_DRAFT=>$langs->trans("StatusOrderDraftShort"),
+    	    Commande::STATUS_VALIDATED=>$langs->trans("StatusOrderValidated"),
+    	    Commande::STATUS_ACCEPTED=>$langs->trans("StatusOrderSentShort"),
+    	    Commande::STATUS_CLOSED=>$langs->trans("StatusOrderDelivered"),
     	    Commande::STATUS_CANCELED=>$langs->trans("StatusOrderCanceledShort")
     	);
     	print $form->selectarray('viewstatut', $liststatus, $viewstatut, -4);
@@ -1038,16 +1039,16 @@ if ($resql)
 	$searchpitco=$form->showFilterAndCheckAddButtons($massactionbutton?1:0, 'checkforselect', 1);
 	print $searchpitco;
 	print '</td>';
-	
+
     print "</tr>\n";
 
 	$total=0;
 	$subtotal=0;
     $productstat_cache=array();
-    
+
     $generic_commande = new Commande($db);
     $generic_product = new Product($db);
-	
+
     $i=0;
 	$var=true;
 	$totalarray=array();
@@ -1062,7 +1063,7 @@ if ($resql)
         $text_info='';
         $text_warning='';
         $nbprod=0;
-        
+
         // Ref
         if (! empty($arrayfields['c.ref']['checked']))
         {
@@ -1078,12 +1079,12 @@ if ($resql)
             $generic_commande->total_ttc = $obj->total_ttc;
             $generic_commande->lines=array();
             $generic_commande->getLinesArray();
-    
+
             print '<table class="nobordernopadding"><tr class="nocellnopadd">';
             print '<td class="nobordernopadding nowrap">';
             print $generic_commande->getNomUrl(1,($viewstatut != 2?0:$obj->fk_statut));
             print '</td>';
-    		
+
             // Show shippable Icon (create subloop, so may be slow)
             if ($conf->stock->enabled)
             {
@@ -1091,7 +1092,7 @@ if ($resql)
 	            if (($obj->fk_statut > 0) && ($obj->fk_statut < 3))
     	        {
                     $numlines = count($generic_commande->lines); // Loop on each line of order
-                    for ($lig=0; $lig < $numlines; $lig++) 
+                    for ($lig=0; $lig < $numlines; $lig++)
                     {
                         if ($generic_commande->lines[$lig]->product_type == 0 && $generic_commande->lines[$lig]->fk_product > 0)  // If line is a product and not a service
                         {
@@ -1115,8 +1116,8 @@ if ($resql)
                                 $text_info .= ' - '.$langs->trans("Stock").': '.$generic_product->stock_reel;
                                 $text_info .= ' - '.$langs->trans("VirtualStock").': '.$generic_product->stock_theorique;
                                 $text_info .= '<br>';
-                                
-                                if ($generic_commande->lines[$lig]->qty > $generic_product->stock_reel) 
+
+                                if ($generic_commande->lines[$lig]->qty > $generic_product->stock_reel)
                                 {
                                     $notshippable++;
                                 }
@@ -1176,7 +1177,7 @@ if ($resql)
                         $text_info = $langs->trans('NonShippable').'<br>'.$text_info;
                     }
                 }
-                
+
                 print '<td>';
                 if ($nbprod)
                 {
@@ -1187,7 +1188,7 @@ if ($resql)
                 }
                 print '</td>';
             }
-    
+
             // Warning late icon and note
     		print '<td class="nobordernopadding nowrap">';
     		if ($generic_commande->hasDelay()) {
@@ -1200,7 +1201,7 @@ if ($resql)
     			print '</span>';
     		}
     		print '</td>';
-    
+
     		print '<td width="16" align="right" class="nobordernopadding hideonsmartphone">';
     		$filename=dol_sanitizeFileName($obj->ref);
     		$filedir=$conf->commande->dir_output . '/' . dol_sanitizeFileName($obj->ref);
@@ -1208,11 +1209,11 @@ if ($resql)
     		print $formfile->getDocumentsLink($generic_commande->element, $filename, $filedir);
     		print '</td>';
     		print '</tr></table>';
-    
+
     		print '</td>';
     		if (! $i) $totalarray['nbfield']++;
         }
-        
+
 		// Ref customer
 		if (! empty($arrayfields['c.ref_client']['checked']))
 		{
@@ -1230,7 +1231,7 @@ if ($resql)
 		{
     		print '<td>';
     		print $companystatic->getNomUrl(1,'customer');
-    
+
     		// If module invoices enabled and user with invoice creation permissions
     		if (! empty($conf->facture->enabled) && ! empty($conf->global->ORDER_BILLING_ALL_CUSTOMER))
     		{
@@ -1286,7 +1287,7 @@ if ($resql)
 		    print '</td>';
 		    if (! $i) $totalarray['nbfield']++;
 		}
-		
+
 		// Order date
 		if (! empty($arrayfields['c.date_commande']['checked']))
 		{
@@ -1327,7 +1328,7 @@ if ($resql)
 		    if (! $i) $totalarray['totalttcfield']=$totalarray['nbfield'];
 		    $totalarray['totalttc'] += $obj->total_ttc;
         }
-		
+
         // Extra fields
         if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label))
         {
@@ -1378,7 +1379,7 @@ if ($resql)
             print '<td align="center">'.yn($obj->billed).'</td>';
             if (! $i) $totalarray['nbfield']++;
         }
-        
+
         // Action column
         print '<td class="nowrap" align="center">';
         if ($massactionbutton || $massaction)   // If we are in select mode (massactionbutton defined) or if we have already selected and sent an action ($massaction) defined
@@ -1389,9 +1390,9 @@ if ($resql)
         }
         print '</td>';
         if (! $i) $totalarray['nbfield']++;
-		
+
 		print "</tr>\n";
-        
+
 		$total+=$obj->total_ht;
 		$subtotal+=$obj->total_ht;
 		$i++;
@@ -1412,7 +1413,7 @@ if ($resql)
 	        $i++;
 	        if ($i == 1)
 	        {
-	            if ($num < $limit) print '<td align="left">'.$langs->trans("Total").'</td>';
+	            if ($num < $limit && empty($offset)) print '<td align="left">'.$langs->trans("Total").'</td>';
 	            else print '<td align="left">'.$langs->trans("Totalforthispage").'</td>';
 	        }
 	        elseif ($totalarray['totalhtfield'] == $i) print '<td align="right">'.price($totalarray['totalht']).'</td>';
@@ -1424,18 +1425,18 @@ if ($resql)
 	}
 
 	$db->free($resql);
-	
+
 	$parameters=array('arrayfields'=>$arrayfields, 'sql'=>$sql);
 	$reshook=$hookmanager->executeHooks('printFieldListFooter',$parameters);    // Note that $action and $object may have been modified by hook
 	print $hookmanager->resPrint;
-				
+
 	print '</table>'."\n";
 	print '</div>';
-	
+
 	print '</form>'."\n";
 
 	//print '<br>'.img_help(1,'').' '.$langs->trans("ToBillSeveralOrderSelectCustomer", $langs->transnoentitiesnoconv("CreateInvoiceForThisCustomer")).'<br>';
-	
+
 	if ($massaction == 'builddoc' || $action == 'remove_file' || $show_files)
 	{
 	    /*
@@ -1443,18 +1444,18 @@ if ($resql)
 	     */
 	    $urlsource=$_SERVER['PHP_SELF'].'?sortfield='.$sortfield.'&sortorder='.$sortorder;
 	    $urlsource.=str_replace('&amp;','&',$param);
-	
+
 	    $filedir=$diroutputmassaction;
 	    $genallowed=$user->rights->commande->lire;
 	    $delallowed=$user->rights->commande->lire;
-	
+
 	    print $formfile->showdocuments('massfilesarea_orders','',$filedir,$urlsource,0,$delallowed,'',1,1,0,48,1,$param,$title,'');
 	}
 	else
 	{
 	    print '<br><a name="show_files"></a><a href="'.$_SERVER["PHP_SELF"].'?show_files=1'.$param.'#show_files">'.$langs->trans("ShowTempMassFilesArea").'</a>';
 	}
-	
+
 }
 else
 {

htdocs/commande/orderstoinvoice.php

@@ -52,7 +52,7 @@ $action			= GETPOST('action','alpha');
 $confirm		= GETPOST('confirm','alpha');
 $sref			= GETPOST('sref');
 $sref_client	= GETPOST('sref_client');
-$sall			= GETPOST('sall');
+$sall			= GETPOST('sall', 'alphanohtml');
 $socid			= GETPOST('socid','int');
 $selected		= GETPOST('orders_to_invoice');
 $sortfield		= GETPOST("sortfield",'alpha');

htdocs/compta/bank/bankentries.php

@@ -102,12 +102,12 @@ $sortorder = GETPOST("sortorder",'alpha');
 $page = GETPOST("page",'int');
 $pageplusone = GETPOST("pageplusone",'int');
 if ($pageplusone) $page = $pageplusone - 1;
-if ($page == -1) { $page = 0; }
+if (empty($page) || $page == -1) { $page = 0; }     // If $page is not defined, or '' or -1
 $offset = $limit * $page;
 $pageprev = $page - 1;
 $pagenext = $page + 1;
 if (! $sortorder) $sortorder='ASC';
-if (! $sortfield) $sortfield='b.datev';
+if (! $sortfield) $sortfield='b.datev, b.dateo, b.rowid';
 
 $mode_balance_ok=false;
 //if (($sortfield == 'b.datev' || $sortfield == 'b.datev, b.dateo, b.rowid'))    // TODO Manage balance when account not selected
@@ -130,7 +130,7 @@ if ($id > 0 || ! empty($ref))
 $contextpage='banktransactionlist'.(empty($object->ref)?'':'-'.$object->id);
 //var_dump($contextpage);
 
-// Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
+// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array array
 $hookmanager->initHooks(array('banktransactionlist', $contextpage));
 $extrafields = new ExtraFields($db);
 
@@ -194,7 +194,7 @@ if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter.x") || GETP
 	$search_num_releve='';
 	$search_conciliated='';
 	$thirdparty='';
-	
+
 	$account="";
 	if ($id > 0 || ! empty($ref)) $account=$object->id;
 }
@@ -396,18 +396,18 @@ if ($id > 0 || ! empty($ref))
     foreach ($bankcateg->fetchAll() as $bankcategory) {
         $options[$bankcategory->id] = $bankcategory->label;
     }
-    
+
     // Bank card
-    
+
     $head=bank_prepare_head($object);
     dol_fiche_head($head,'journal',$langs->trans("FinancialAccount"),0,'account');
-    
+
     $linkback = '<a href="'.DOL_URL_ROOT.'/compta/bank/index.php">'.$langs->trans("BackToList").'</a>';
-    
+
     dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref, '', 0, '', '', 1);
-    
+
     dol_fiche_end();
- 
+
 
 
     /*
@@ -416,7 +416,7 @@ if ($id > 0 || ! empty($ref))
     if ($action != 'addline' && $action != 'reconcile')
     {
         print '<div class="tabsAction">';
-    
+
         if ($action != 'addline')
         {
             if (empty($conf->global->BANK_DISABLE_DIRECT_INPUT))
@@ -433,12 +433,12 @@ if ($id > 0 || ! empty($ref))
         if ($object->canBeConciliated() > 0) {
             // If not cash account and can be reconciliate
             if ($user->rights->banque->consolidate) {
-                print '<a class="butAction" href="'.DOL_URL_ROOT.'/compta/bank/bankentries.php?action=reconcile'.$param.'">'.$langs->trans("Conciliate").'</a>';
+                print '<a class="butAction" href="'.DOL_URL_ROOT.'/compta/bank/bankentries.php?action=reconcile'.$param.(!empty($page)?('&page='.$page):'').'">'.$langs->trans("Conciliate").'</a>';
             } else {
                 print '<a class="butActionRefused" title="'.$langs->trans("NotEnoughPermissions").'" href="#">'.$langs->trans("Conciliate").'</a>';
             }
         }
-    
+
         print '</div>';
     }
 }
@@ -524,10 +524,10 @@ if (($id > 0 || ! empty($ref)) && ((string) $page == ''))
     $offset = $limit * $page;
     if ($page < 0) $page = 0;
 }
-if ($page >= $nbtotalofpages) 
+if ($page >= $nbtotalofpages)
 {
     // If we made a search and result has low page than the page number we were on
-    $page = ($nbtotalofpages -1); 
+    $page = ($nbtotalofpages -1);
     $offset = $limit * $page;
     if ($page < 0) $page = 0;
 }
@@ -550,9 +550,9 @@ if ($resql)
 {
 	$var=True;
 	$num = $db->num_rows($resql);
-	
+
 	$arrayofselected=is_array($toselect)?$toselect:array();
-	
+
     // List of mass actions available
     $arrayofmassactions =  array(
         //'presend'=>$langs->trans("SendByMail"),
@@ -561,16 +561,16 @@ if ($resql)
     //if ($user->rights->bank->supprimer) $arrayofmassactions['delete']=$langs->trans("Delete");
     if ($massaction == 'presend') $arrayofmassactions=array();
     $massactionbutton=$form->selectMassAction('', $arrayofmassactions);
-    
-    
+
+
     // Confirmation delete
     if ($action == 'delete')
     {
         $text=$langs->trans('ConfirmDeleteTransaction');
         print $form->formconfirm($_SERVER['PHP_SELF'].'?id='.$object->id.'&rowid='.GETPOST("rowid"), $langs->trans('DeleteTransaction'), $text, 'confirm_delete', null, '', 1);
     }
-    
-    
+
+
     // Lines of title fields
 	print '<form method="post" action="'.$_SERVER["PHP_SELF"].'" name="search_form">'."\n";
 	if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
@@ -580,10 +580,11 @@ if ($resql)
 	print '<input type="hidden" name="view" value="'.dol_escape_htmltag($view).'">';
 	print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
 	print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
+    print '<input type="hidden" name="page" value="'.$page.'">';
 	print '<input type="hidden" name="id" value="'.$id.'">';
 	print '<input type="hidden" name="ref" value="'.$ref.'">';
 	if (GETPOST('bid')) print '<input type="hidden" name="bid" value="'.GETPOST("bid").'">';
-	
+
 	// Form to reconcile
 	if ($user->rights->banque->consolidate && $action == 'reconcile')
 	{
@@ -602,7 +603,7 @@ if ($resql)
 	    print '<input class="button" name="confirm_reconcile" type="submit" value="'.$langs->trans("Conciliate").'">';
 	    print ' '.$langs->trans("or").' ';
 	    print '<input type="submit" name="cancel" class="button" value="'.$langs->trans("Cancel").'">';
-	    
+
 	    // Show last bank statements
 	    $nbmax=15;      // We accept to show last 15 receipts (so we can have more than one year)
 	    $liste="";
@@ -644,7 +645,7 @@ if ($resql)
 	if ($user->rights->banque->modifier && $action == 'addline')
 	{
 	    print load_fiche_titre($langs->trans("AddBankRecordLong"),'','');
-	
+
 	    print '<table class="noborder" width="100%">';
 	    print '<tr class="liste_titre">';
 	    print '<td>'.$langs->trans("Date").'</td>';
@@ -656,7 +657,7 @@ if ($resql)
 	    print '<td align=right>'.$langs->trans("Credit").'</td>';
 	    print '<td colspan="2" align="center">&nbsp;</td>';
 	    print '</tr>';
-	
+
 	    print '<tr '.$bcnd[false].'>';
 	    print '<td class="nowrap" colspan="2">';
 	    $form->select_date(empty($dateop)?-1:$dateop,'op',0,0,0,'transaction');
@@ -680,9 +681,9 @@ if ($resql)
 	    print '</td></tr>';
 	    print '</table>';
 	    print '<br>';
-	}	
-	
-	
+	}
+
+
 	/// ajax to adjust value date with plus and less picto
 	print '
     <script type="text/javascript">
@@ -701,11 +702,11 @@ if ($resql)
     	});
     });
     </script>
-    	
-    ';	
-	
+
+    ';
+
 	$i = 0;
-	
+
 	// Title
 	$bankcateg=new BankCateg($db);
 	$morehtml='<div data-role="fieldcontain">';
@@ -713,7 +714,7 @@ if ($resql)
 	$morehtml.='<input type="text" name="pageplusone" id="pageplusone" size="1" class="flat" value="'.($page+1).'">';
 	$morehtml.='/'.$nbtotalofpages.' ';
 	$morehtml.='</div>';
-	
+
 	$picto='title_bank';
 	if ($id > 0 || ! empty($ref)) $picto='';
 	if (GETPOST("bid"))
@@ -725,13 +726,13 @@ if ($resql)
 	{
 		print_barre_liste($langs->trans("BankTransactions"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, $picto, 0, $morehtml, '', $limit);
 	}
-	
+
 	// We can add page now to param
 	if ($page != '') $param.='&page='.urlencode($page);
-	
-	
+
+
 	$moreforfilter = '';
-	
+
 	$moreforfilter.='<div class="divsearchfield">';
 	$moreforfilter .= $langs->trans('DateOperationShort').' : ';
 	$moreforfilter .= '<div class="nowrap'.($conf->browser->layout=='phone'?' centpercent':'').' inline-block">'.$langs->trans('From') . ' ';
@@ -739,7 +740,7 @@ if ($resql)
 	//$moreforfilter .= ' - ';
 	$moreforfilter .= '<div class="nowrap'.($conf->browser->layout=='phone'?' centpercent':'').' inline-block">'.$langs->trans('to') . ' ' . $form->select_date($search_dt_end, 'search_end_dt', 0, 0, 1, "search_form", 1, 0, 1).'</div>';
 	$moreforfilter .= '</div>';
-	
+
 	$moreforfilter.='<div class="divsearchfield">';
 	$moreforfilter .= $langs->trans('DateValueShort').' : ';
 	$moreforfilter .= '<div class="nowrap'.($conf->browser->layout=='phone'?' centpercent':'').' inline-block">'.$langs->trans('From') . ' ';
@@ -747,25 +748,25 @@ if ($resql)
 	//$moreforfilter .= ' - ';
 	$moreforfilter .= '<div class="nowrap'.($conf->browser->layout=='phone'?' centpercent':'').' inline-block">'.$langs->trans('to') . ' ' . $form->select_date($search_dv_end, 'search_end_dv', 0, 0, 1, "search_form", 1, 0, 1).'</div>';
 	$moreforfilter .= '</div>';
-	
+
 	$parameters=array();
 	$reshook=$hookmanager->executeHooks('printFieldPreListTitle',$parameters);    // Note that $action and $object may have been modified by hook
 	if (empty($reshook)) $moreforfilter .= $hookmanager->resPrint;
 	else $moreforfilter = $hookmanager->resPrint;
-	
-	if ($moreforfilter) 
+
+	if ($moreforfilter)
 	{
 		print '<div class="liste_titre liste_titre_bydiv centpercent">';
 		print $moreforfilter;
 		print '</div>'."\n";
 	}
-	
+
     $varpage=empty($contextpage)?$_SERVER["PHP_SELF"]:$contextpage;
     $selectedfields=$form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage);	// This also change content of $arrayfields
-	
+
     print '<div class="div-table-responsive">';
     print '<table class="tagtable liste'.($moreforfilter?" listwithfilterbefore":"").'">'."\n";
-	
+
 	// Fields title
 	print '<tr class="liste_titre">';
 	if (! empty($arrayfields['b.rowid']['checked']))            print_liste_field_titre($arrayfields['b.rowid']['label'],$_SERVER['PHP_SELF'],'b.rowid','',$param,'',$sortfield,$sortorder);
@@ -784,9 +785,9 @@ if ($resql)
 	// Extra fields
 	if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label))
 	{
-	   foreach($extrafields->attribute_label as $key => $val) 
+	   foreach($extrafields->attribute_label as $key => $val)
 	   {
-           if (! empty($arrayfields["ef.".$key]['checked'])) 
+           if (! empty($arrayfields["ef.".$key]['checked']))
            {
 				$align=$extrafields->getAlignFlag($key);
 				print_liste_field_titre($extralabels[$key],$_SERVER["PHP_SELF"],"ef.".$key,"",$param,($align?'align="'.$align.'"':''),$sortfield,$sortorder);
@@ -802,7 +803,7 @@ if ($resql)
 	print "</tr>\n";
 
 	print '<tr class="liste_titre">';
-	if (! empty($arrayfields['b.rowid']['checked']))            
+	if (! empty($arrayfields['b.rowid']['checked']))
 	{
 	    print '<td class="liste_titre">';
     	print '<input type="text" class="flat" name="search_ref" size="2" value="'.dol_escape_htmltag($search_ref).'">';
@@ -884,25 +885,25 @@ if ($resql)
 
     $balance = 0;    // For balance
 	$balancecalculated = false;
-	
+
 	// Loop on each record
 	$sign = 1;
-	
+
     $totalarray=array();
-    while ($i < min($num,$limit)) 
+    while ($i < min($num,$limit))
     {
         $objp = $db->fetch_object($resql);
 
         // If we are in a situation where we need/can show balance, we calculate the start of balance
         if (! $balancecalculated && ! empty($arrayfields['balance']['checked']) && $mode_balance_ok)
         {
-            if (! $account) 
+            if (! $account)
             {
                 dol_print_error('', 'account is not defined but $mode_balance_ok is true');
                 exit;
             }
-            
-            //Loop on each record
+
+            // Loop on each record before
             $sign = 1;
             $i = 0;
             $sqlforbalance='SELECT SUM(b.amount) as balance';
@@ -912,7 +913,8 @@ if ($resql)
             $sqlforbalance.= " WHERE b.fk_account = ba.rowid";
             $sqlforbalance.= " AND ba.entity IN (".getEntity('bank_account', 1).")";
             $sqlforbalance.= " AND b.fk_account = ".$account;
-            $sqlforbalance.= " AND b.datev < '" . $db->idate($db->jdate($objp->dv)) . "'";
+            //$sqlforbalance.= " AND (b.datev < '" . $db->idate($db->jdate($objp->dv)) . "')";
+            $sqlforbalance.= " AND (b.datev < '" . $db->idate($db->jdate($objp->dv)) . "' OR (b.datev = '" . $db->idate($db->jdate($objp->dv)) . "' AND (b.dateo < '".$db->idate($db->jdate($objp->do))."' OR (b.dateo = '".$db->idate($db->jdate($objp->do))."' AND b.rowid < ".$objp->rowid."))))";
             $resqlforbalance = $db->query($sqlforbalance);
             //print $sqlforbalance;
             if ($resqlforbalance)
@@ -924,12 +926,12 @@ if ($resql)
                 }
             }
             else dol_print_error($db);
-            
+
             $balancecalculated=true;
         }
-        
+
         $balance = price2num($balance + ($sign * $objp->amount),'MT');
-        
+
         if (empty($cachebankaccount[$objp->bankid]))
         {
             $bankaccounttmp = new Account($db);
@@ -941,13 +943,13 @@ if ($resql)
         {
             $bankaccount = $cachebankaccount[$objp->bankid];
         }
-         
+
         $var=!$var;
 
         print "<tr ".$bc[$var].">";
 
         // Ref
-    	if (! empty($arrayfields['b.rowid']['checked']))            
+    	if (! empty($arrayfields['b.rowid']['checked']))
     	{
                 print '<td align="left" class="nowrap">';
                 print "<a href=\"ligne.php?rowid=".$objp->rowid.'">'.img_object($langs->trans("ShowPayment").': '.$objp->rowid, 'account', 'class="classfortooltip"').' '.$objp->rowid."</a> &nbsp; ";
@@ -959,14 +961,14 @@ if ($resql)
     	if (! empty($arrayfields['description']['checked']))
     	{
     	    print "<td>";
-    	
+
     	    //print "<a href=\"ligne.php?rowid=".$objp->rowid."&amp;account=".$objp->fk_account."\">";
     	    $reg=array();
     	    preg_match('/\((.+)\)/i',$objp->label,$reg);	// Si texte entoure de parenthee on tente recherche de traduction
     	    if ($reg[1] && $langs->trans($reg[1])!=$reg[1]) print $langs->trans($reg[1]);
     	    else print dol_trunc($objp->label,40);
     	    //print "</a>&nbsp;";
-    	
+
     	    // Add links after description
     	    $links = $bankaccountstatic->get_url($objp->rowid);
     	    $cachebankaccount=array();
@@ -1054,19 +1056,19 @@ if ($resql)
     	        }
     	        elseif ($links[$key]['type']=='company')
     	        {
-    	            	
+
     	        }
     	        elseif ($links[$key]['type']=='user')
     	        {
-    	            	
+
     	        }
     	        elseif ($links[$key]['type']=='member')
     	        {
-    	            	
+
     	        }
     	        elseif ($links[$key]['type']=='sc')
     	        {
-    	            	
+
     	        }
     	        else
     	        {
@@ -1086,20 +1088,20 @@ if ($resql)
     	            print '</a>';
     	        }
     	    }
-    	    	
+
     	    print '</td>';
     	    if (! $i) $totalarray['nbfield']++;
     	}
-    	
+
         // Date ope
-    	if (! empty($arrayfields['b.dateo']['checked']))            
+    	if (! empty($arrayfields['b.dateo']['checked']))
     	{
     	   print '<td align="center" class="nowrap">'.dol_print_date($db->jdate($objp->do),"day")."</td>\n";
                 if (! $i) $totalarray['nbfield']++;
     	}
 
         // Date value
-    	if (! empty($arrayfields['b.datev']['checked']))            
+    	if (! empty($arrayfields['b.datev']['checked']))
     	{
     	   print '<td align="center" class="nowrap">';
     	   print '<span id="datevalue_'.$objp->rowid.'">'.dol_print_date($db->jdate($objp->dv),"day")."</span>";
@@ -1115,7 +1117,7 @@ if ($resql)
     	}
 
         // Payment type
-    	if (! empty($arrayfields['type']['checked']))            
+    	if (! empty($arrayfields['type']['checked']))
     	{
         	print '<td align="center" class="nowrap">';
 	        $labeltype=($langs->trans("PaymentTypeShort".$objp->fk_type)!="PaymentTypeShort".$objp->fk_type)?$langs->trans("PaymentTypeShort".$objp->fk_type):$langs->getLabelFromKey($db,$objp->fk_type,'c_paiement','code','libelle');
@@ -1131,9 +1133,9 @@ if ($resql)
     	    print '<td class="nowrap" align="center">'.($objp->num_chq?$objp->num_chq:"")."</td>\n";
     	    if (! $i) $totalarray['nbfield']++;
     	}
-    	 
+
 		// Third party
-    	if (! empty($arrayfields['bu.label']['checked']))            
+    	if (! empty($arrayfields['bu.label']['checked']))
     	{
         	print "<td>";
 			if ($objp->url_id)
@@ -1156,16 +1158,16 @@ if ($resql)
 			print '</td>';
             if (! $i) $totalarray['nbfield']++;
     	}
-    	
+
     	// Bank account
-    	if (! empty($arrayfields['ba.ref']['checked']))            
+    	if (! empty($arrayfields['ba.ref']['checked']))
     	{
         	print '<td align="right" class="nowrap">';
 			print $bankaccount->getNomUrl(1);
 			print "</td>\n";
             if (! $i) $totalarray['nbfield']++;
     	}
-    	
+
     	// Debit
     	if (! empty($arrayfields['b.debit']['checked']))
     	{
@@ -1192,7 +1194,7 @@ if ($resql)
     	    if (! $i) $totalarray['nbfield']++;
     	    if (! $i) $totalarray['totalcredfield']=$totalarray['nbfield'];
     	}
-    	 
+
     	// Balance
     	if (! empty($arrayfields['balance']['checked']))
     	{
@@ -1211,8 +1213,9 @@ if ($resql)
         	{
         	    print '<td align="right">-</td>';
         	}
+			if (! $i) $totalarray['nbfield']++;
     	}
-    	
+
     	if (! empty($arrayfields['b.num_releve']['checked']))
     	{
             print '<td class="nowrap" align="center">';
@@ -1224,7 +1227,7 @@ if ($resql)
             	    print '<a href="releve.php?num='.$objp->num_releve.'&amp;account='.$objp->bankid.'">'.$objp->num_releve.'</a>';
             	}
             	else if ($action == 'reconcile')
-            	{ 
+            	{
             	    print '<input class="flat" name="rowid['.$objp->rowid.']" type="checkbox" value="'.$objp->rowid.'" size="1"'.(! empty($_POST['rowid'][$objp->rowid])?' checked':'').'>';
             	}
         	}
@@ -1239,7 +1242,7 @@ if ($resql)
         	print '</td>';
             if (! $i) $totalarray['nbfield']++;
     	}
-    	
+
     	// Action edit/delete
     	print '<td class="nowrap" align="center">';
     	// Transaction reconciliated or edit link
@@ -1279,8 +1282,8 @@ if ($resql)
     	    }
     	}
     	print '</td>';
-    	if (! $i) $totalarray['nbfield']++;    	
-    	
+    	if (! $i) $totalarray['nbfield']++;
+
     	// Action column
     	print '<td class="nowrap" align="center">';
     	if ($massactionbutton || $massaction)   // If we are in select mode (massactionbutton defined) or if we have already selected and sent an action ($massaction) defined
@@ -1296,7 +1299,7 @@ if ($resql)
 
 		$i++;
 	}
-	
+
 	// Show total line
 	if (isset($totalarray['totaldebfield']) || isset($totalarray['totalcredfield']))
 	{
@@ -1307,7 +1310,7 @@ if ($resql)
 	        $i++;
 	        if ($i == 1)
 	        {
-	            if ($num < $limit) print '<td align="left">'.$langs->trans("Total").'</td>';
+	            if ($num < $limit && empty($offset)) print '<td align="left">'.$langs->trans("Total").'</td>';
 	            else print '<td align="left">'.$langs->trans("Totalforthispage").'</td>';
 	        }
 	        elseif ($totalarray['totaldebfield'] == $i) print '<td align="right">'.price(-1 * $totalarray['totaldeb']).'</td>';
@@ -1319,7 +1322,7 @@ if ($resql)
 
 	print "</table>";
 	print "</div>";
-	
+
     print '</form>';
 	$db->free($resql);
 }

htdocs/compta/bank/class/account.class.php

@@ -471,9 +471,9 @@ class Account extends CommonObject
 
 		if ($accline->insert() > 0) {
 
-			if ($categorie) {
-				$sql = "INSERT INTO ".MAIN_DB_PREFIX."categorie_account (";
-				$sql .= "fk_account, fk_categorie";
+			if ($categorie>0) {
+				$sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (";
+				$sql .= "lineid, fk_categ";
 				$sql .= ") VALUES (";
 				$sql .= " ".$accline->id.", ".$categorie;
 				$sql .= ")";
@@ -705,17 +705,17 @@ class Account extends CommonObject
 		$sql.= ",accountancy_journal = '".$this->accountancy_journal."'";
 
 		$sql.= ",bank  = '".$this->db->escape($this->bank)."'";
-        $sql.= ",code_banque='".$this->code_banque."'";
-        $sql.= ",code_guichet='".$this->code_guichet."'";
-        $sql.= ",number='".$this->number."'";
-        $sql.= ",cle_rib='".$this->cle_rib."'";
-        $sql.= ",bic='".$this->bic."'";
-        $sql.= ",iban_prefix = '".$this->iban."'";
+        $sql.= ",code_banque='".$this->db->escape($this->code_banque)."'";
+        $sql.= ",code_guichet='".$this->db->escape($this->code_guichet)."'";
+        $sql.= ",number='".$this->db->escape($this->number)."'";
+        $sql.= ",cle_rib='".$this->db->escape($this->cle_rib)."'";
+        $sql.= ",bic='".$this->db->escape($this->bic)."'";
+        $sql.= ",iban_prefix = '".$this->db->escape($this->iban)."'";
         $sql.= ",domiciliation='".$this->db->escape($this->domiciliation)."'";
         $sql.= ",proprio = '".$this->db->escape($this->proprio)."'";
         $sql.= ",owner_address = '".$this->db->escape($this->owner_address)."'";
 
-        $sql.= ",currency_code = '".$this->currency_code."'";
+        $sql.= ",currency_code = '".$this->db->escape($this->currency_code)."'";
 
         $sql.= ",min_allowed = ".($this->min_allowed != '' ? price2num($this->min_allowed) : "null");
         $sql.= ",min_desired = ".($this->min_desired != '' ? price2num($this->min_desired) : "null");
@@ -797,12 +797,12 @@ class Account extends CommonObject
 
         $sql = "UPDATE ".MAIN_DB_PREFIX."bank_account SET ";
         $sql.= " bank  = '".$this->db->escape($this->bank)."'";
-        $sql.= ",code_banque='".$this->code_banque."'";
-        $sql.= ",code_guichet='".$this->code_guichet."'";
-        $sql.= ",number='".$this->number."'";
-        $sql.= ",cle_rib='".$this->cle_rib."'";
-        $sql.= ",bic='".$this->bic."'";
-        $sql.= ",iban_prefix = '".$this->iban."'";
+        $sql.= ",code_banque='".$this->db->escape($this->code_banque)."'";
+        $sql.= ",code_guichet='".$this->db->escape($this->code_guichet)."'";
+        $sql.= ",number='".$this->db->escape($this->number)."'";
+        $sql.= ",cle_rib='".$this->db->escape($this->cle_rib)."'";
+        $sql.= ",bic='".$this->db->escape($this->bic)."'";
+        $sql.= ",iban_prefix = '".$this->db->escape($this->iban)."'";
         $sql.= ",domiciliation='".$this->db->escape($this->domiciliation)."'";
         $sql.= ",proprio = '".$this->db->escape($this->proprio)."'";
         $sql.= ",owner_address = '".$this->db->escape($this->owner_address)."'";
@@ -1359,7 +1359,7 @@ class Account extends CommonObject
     {
         $country_code=$this->getCountryCode();
 
-        if (in_array($country_code,array('CH','FR','ES','GA','IT'))) return 1; // France, Spain, Gabon, ...
+        if (in_array($country_code,array('CH','FR','ES','GA','IT','NC'))) return 1; // France, Spain, Gabon, ...
         if (in_array($country_code,array('AU','BE','CA','DE','DK','GR','GB','ID','IE','IR','KR','NL','NZ','UK','US'))) return 2;      // Australia, England...
         return 0;
     }

htdocs/compta/bank/index.php

@@ -57,7 +57,7 @@ $limit = GETPOST("limit")?GETPOST("limit","int"):$conf->liste_limit;
 $sortfield = GETPOST("sortfield",'alpha');
 $sortorder = GETPOST("sortorder",'alpha');
 $page = GETPOST("page",'int');
-if ($page == -1) { $page = 0; }
+if (empty($page) || $page == -1) { $page = 0; }     // If $page is not defined, or '' or -1
 $offset = $limit * $page;
 $pageprev = $page - 1;
 $pagenext = $page + 1;
@@ -127,9 +127,9 @@ if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter.x") || GETP
     $search_number='';
     $search_statut='';
 }
-    
-    
-    
+
+
+
 /*
  * View
  */
@@ -299,9 +299,9 @@ if (! empty($arrayfields['toreconcile']['checked']))      print_liste_field_titr
 // Extra fields
 if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label))
 {
-   foreach($extrafields->attribute_label as $key => $val) 
+   foreach($extrafields->attribute_label as $key => $val)
    {
-       if (! empty($arrayfields["ef.".$key]['checked'])) 
+       if (! empty($arrayfields["ef.".$key]['checked']))
        {
 			$align=$extrafields->getAlignFlag($key);
 			print_liste_field_titre($extralabels[$key],$_SERVER["PHP_SELF"],"ef.".$key,"",$param,($align?'align="'.$align.'"':''),$sortfield,$sortorder);
@@ -435,7 +435,7 @@ $var=true;
 foreach ($accounts as $key=>$type)
 {
 	if ($i >= $limit) break;
-	
+
     $found++;
 
 	$acc = new Account($db);
@@ -452,7 +452,7 @@ foreach ($accounts as $key=>$type)
 	{
 		$lastcurrencycode=$acc->currency_code;
 	}
-	
+
 	print '<tr '.$bc[$var].'>';
 
     // Ref
@@ -461,14 +461,14 @@ foreach ($accounts as $key=>$type)
         print '<td>'.$acc->getNomUrl(1).'</td>';
 	    if (! $i) $totalarray['nbfield']++;
     }
-    
+
     // Label
     if (! empty($arrayfields['b.label']['checked']))
     {
 		print '<td>'.$acc->label.'</td>';
         if (! $i) $totalarray['nbfield']++;
     }
-    
+
     // Account type
     if (! empty($arrayfields['accountype']['checked']))
     {
@@ -477,14 +477,14 @@ foreach ($accounts as $key=>$type)
 		print '</td>';
         if (! $i) $totalarray['nbfield']++;
     }
-    
+
     // Number
     if (! empty($arrayfields['b.number']['checked']))
     {
         print '<td>'.$acc->number.'</td>';
 	    if (! $i) $totalarray['nbfield']++;
     }
-    
+
     // Account number
     if (! empty($arrayfields['b.account_number']['checked']))
     {
@@ -492,7 +492,7 @@ foreach ($accounts as $key=>$type)
         print '<td>'.length_accountg($acc->account_number).'</td>';
 	    if (! $i) $totalarray['nbfield']++;
     }
-    
+
     // Accountancy journal
     if (! empty($arrayfields['b.accountancy_journal']['checked']))
     {
@@ -500,7 +500,7 @@ foreach ($accounts as $key=>$type)
         print '<td>'.length_accountg($acc->accountancy_journal).'</td>';
 	    if (! $i) $totalarray['nbfield']++;
     }
-    
+
     // Transactions to reconcile
     if (! empty($arrayfields['toreconcile']['checked']))
     {
@@ -519,13 +519,13 @@ foreach ($accounts as $key=>$type)
 	    print '</td>';
 	    if (! $i) $totalarray['nbfield']++;
     }
-    
+
 	// Extra fields
 	if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label))
 	{
-	   foreach($extrafields->attribute_label as $key => $val) 
+	   foreach($extrafields->attribute_label as $key => $val)
 	   {
-			if (! empty($arrayfields["ef.".$key]['checked'])) 
+			if (! empty($arrayfields["ef.".$key]['checked']))
 			{
 				print '<td';
 				$align=$extrafields->getAlignFlag($key);
@@ -558,14 +558,14 @@ foreach ($accounts as $key=>$type)
         print '</td>';
 	    if (! $i) $totalarray['nbfield']++;
     }
-    
+
     // Statut
     if (! empty($arrayfields['b.clos']['checked']))
     {
 		print '<td align="center">'.$acc->getLibStatut(5).'</td>';
 	    if (! $i) $totalarray['nbfield']++;
     }
-    
+
     // Balance
     if (! empty($arrayfields['balance']['checked']))
     {
@@ -576,7 +576,7 @@ foreach ($accounts as $key=>$type)
 		if (! $i) $totalarray['totalbalancefield']=$totalarray['nbfield'];
 	    $totalarray['totalbalance'] += $solde;
     }
-    
+
 	// Action column
 	print '<td class="nowrap" align="center">';
 	if ($massactionbutton || $massaction)   // If we are in select mode (massactionbutton defined) or if we have already selected and sent an action ($massaction) defined
@@ -587,7 +587,7 @@ foreach ($accounts as $key=>$type)
 	}
 	print '</td>';
 	if (! $i) $totalarray['nbfield']++;
-	
+
 	print '</tr>';
 
 	$total[$acc->currency_code] += $solde;
@@ -607,7 +607,7 @@ if (isset($totalarray['totalbalancefield']) && $lastcurrencycode != 'various')	/
         $i++;
         if ($i == 1)
         {
-            if ($num < $limit) print '<td align="left">'.$langs->trans("Total").'</td>';
+            if ($num < $limit && empty($offset)) print '<td align="left">'.$langs->trans("Total").'</td>';
             else print '<td align="left">'.$langs->trans("Totalforthispage").'</td>';
         }
         elseif ($totalarray['totalbalancefield'] == $i) print '<td align="right">'.price($totalarray['totalbalance'], 0, $langs, 0, 0, -1, $lastcurrencycode).'</td>';

htdocs/compta/bank/treso.php

@@ -275,6 +275,8 @@ if ($_REQUEST["account"] || $_REQUEST["ref"])
 				$refcomp=$societestatic->getNomUrl(1,'',24);
 
 				$paiement = $facturestatic->getSommePaiement();	// Payment already done
+				$paiement+= $facturestatic->getSumDepositsUsed();
+				$paiement+= $facturestatic->getSumCreditNotesUsed();
 			}
 			if ($obj->family == 'social_contribution')
 			{

htdocs/compta/facture.php

@@ -1003,7 +1003,7 @@ if (empty($reshook))
 					}
 
 					$id = $object->create($user);      // This include class to add_object_linked() and add add_contact()
-					
+
 					if ($id > 0)
 					{
 						dol_include_once('/' . $element . '/class/' . $subelement . '.class.php');
@@ -1052,7 +1052,7 @@ if (empty($reshook))
 
 							$tva_tx = $lines[$i]->tva_tx;
 							if (! empty($lines[$i]->vat_src_code) && ! preg_match('/\(/', $tva_tx)) $tva_tx .= ' ('.$lines[$i]->vat_src_code.')';
-								
+
 							$result = $object->addline(
 									$langs->trans('Deposit'),
 									$amountdeposit,		 	// subprice
@@ -1155,7 +1155,7 @@ if (empty($reshook))
 
 										$tva_tx = $lines[$i]->tva_tx;
 										if (! empty($lines[$i]->vat_src_code) && ! preg_match('/\(/', $tva_tx)) $tva_tx .= ' ('.$lines[$i]->vat_src_code.')';
-										
+
 										// View third's localtaxes for NOW and do not use value from origin.
 										// TODO Is this really what we want ? Yes if source if template invoice but what if proposal or order ?
 										$localtax1_tx = get_localtax($tva_tx, 1, $object->thirdparty);
@@ -1456,7 +1456,7 @@ if (empty($reshook))
 
 				$tmpvat = price2num(preg_replace('/\s*\(.*\)/', '', $tva_tx));
 				$tmpprodvat = price2num(preg_replace('/\s*\(.*\)/', '', $prod->tva_tx));
-			    
+
 				// if price ht was forced (ie: from gui when calculated by margin rate and cost price). TODO Why this ?
 				if (! empty($price_ht))
 				{
@@ -1718,7 +1718,7 @@ if (empty($reshook))
 					}
 				}
 			}
-			
+
 			$result = $object->updateline(GETPOST('lineid'), $description, $pu_ht, $qty, GETPOST('remise_percent'),
 				$date_start, $date_end, $vat_rate, $localtax1_rate, $localtax2_rate, 'HT', $info_bits, $type,
 				GETPOST('fk_parent_line'), 0, $fournprice, $buyingprice, $label, $special_code, $array_options, GETPOST('progress'),
@@ -2024,11 +2024,11 @@ if ($action == 'create')
 
 		if (!empty($conf->multicurrency->enabled) && !empty($soc->multicurrency_code)) $currency_code = $soc->multicurrency_code;
 	}
-    
+
 	if (!empty($soc->id)) $absolute_discount = $soc->getAvailableDiscounts();
 	$note_public = $object->getDefaultCreateValueFor('note_public', (is_object($objectsrc)?$objectsrc->note_public:null));
 	$note_private = $object->getDefaultCreateValueFor('note_private', ((! empty($origin) && ! empty($originid) && is_object($objectsrc))?$objectsrc->note_private:null));
-	
+
 	if (! empty($conf->use_javascript_ajax))
 	{
 		require_once DOL_DOCUMENT_ROOT . '/core/lib/ajax.lib.php';
@@ -2110,7 +2110,7 @@ if ($action == 'create')
 	print '</tr>' . "\n";
 
 	$exampletemplateinvoice=new FactureRec($db);
-	
+
 	// Overwrite value if creation of invoice is from a predefined invoice
 	if (empty($origin) && empty($originid) && GETPOST('fac_rec','int') > 0)
 	{
@@ -2232,7 +2232,7 @@ if ($action == 'create')
 	if ((empty($origin)) || ((($origin == 'propal') || ($origin == 'commande')) && (! empty($originid))))
 	{
 		// Deposit
-		if (empty($conf->global->INVOICE_DISABLE_DEPOSIT)) 
+		if (empty($conf->global->INVOICE_DISABLE_DEPOSIT))
    		{
     	    print '<div class="tagtr listofinvoicetype"><div class="tagtd listofinvoicetype">';
     		$tmp='<input type="radio" id="radio_deposit" name="type" value="3"' . (GETPOST('type') == 3 ? ' checked' : '') . '> ';
@@ -2243,7 +2243,7 @@ if ($action == 'create')
     			});
     		});
     		</script>';
-    
+
     		$desc = $form->textwithpicto($tmp.$langs->trans("InvoiceDeposit"), $langs->transnoentities("InvoiceDepositDesc"), 1, 'help', '', 0, 3);
     		print '<table class="nobordernopadding"><tr><td>';
     		print $desc;
@@ -2257,7 +2257,7 @@ if ($action == 'create')
     			print '<td class="nowrap" style="padding-left: 5px">' . $langs->trans('Value') . ':<input type="text" id="valuedeposit" name="valuedeposit" size="3" value="' . GETPOST('valuedeposit', 'int') . '"/>';
     		}
     		print '</td></tr></table>';
-    
+
     		print '</div></div>';
    		}
 	}
@@ -2289,7 +2289,7 @@ if ($action == 'create')
 		}
 
 		// Replacement
-		if (empty($conf->global->INVOICE_DISABLE_REPLACEMENT)) 
+		if (empty($conf->global->INVOICE_DISABLE_REPLACEMENT))
 		{
     		print '<!-- replacement line -->';
     		print '<div class="tagtr listofinvoicetype"><div class="tagtd listofinvoicetype">';
@@ -2336,7 +2336,7 @@ if ($action == 'create')
 		if ($socid > 0)
 		{
     		// Credit note
-		    if (empty($conf->global->INVOICE_DISABLE_CREDIT_NOTE)) 
+		    if (empty($conf->global->INVOICE_DISABLE_CREDIT_NOTE))
     		{
     			print '<div class="tagtr listofinvoicetype"><div class="tagtd listofinvoicetype">';
     			$tmp='<input type="radio" id="radio_creditnote" name="type" value="2"' . (GETPOST('type') == 2 ? ' checked' : '');
@@ -2372,19 +2372,20 @@ if ($action == 'create')
     			$text .= '</select>';
     			$desc = $form->textwithpicto($text, $langs->transnoentities("InvoiceAvoirDesc"), 1, 'help', '', 0, 3);
     			print $desc;
-    
+
     			print '<div id="credit_note_options" class="clearboth">';
     	        print '&nbsp;&nbsp;&nbsp; <input data-role="none" type="checkbox" name="invoiceAvoirWithLines" id="invoiceAvoirWithLines" value="1" onclick="if($(this).is(\':checked\') ) { $(\'#radio_creditnote\').prop(\'checked\', true); $(\'#invoiceAvoirWithPaymentRestAmount\').removeAttr(\'checked\');   }" '.(GETPOST('invoiceAvoirWithLines','int')>0 ? 'checked':'').' /> <label for="invoiceAvoirWithLines">'.$langs->trans('invoiceAvoirWithLines')."</label>";
     	        print '<br>&nbsp;&nbsp;&nbsp; <input data-role="none" type="checkbox" name="invoiceAvoirWithPaymentRestAmount" id="invoiceAvoirWithPaymentRestAmount" value="1" onclick="if($(this).is(\':checked\') ) { $(\'#radio_creditnote\').prop(\'checked\', true);  $(\'#invoiceAvoirWithLines\').removeAttr(\'checked\');   }" '.(GETPOST('invoiceAvoirWithPaymentRestAmount','int')>0 ? 'checked':'').' /> <label for="invoiceAvoirWithPaymentRestAmount">'.$langs->trans('invoiceAvoirWithPaymentRestAmount')."</label>";
     			print '</div>';
-    
+
     			print '</div></div>';
     		}
 		}
 		else
 		{
 			print '<div class="tagtr listofinvoicetype"><div class="tagtd listofinvoicetype">';
-			$tmp='<input type="radio" name="type" id="radio_creditnote" value="0" disabled> ';
+			if (empty($conf->global->INVOICE_CREDIT_NOTE_STANDALONE)) $tmp='<input type="radio" name="type" id="radio_creditnote" value="0" disabled> ';
+			else $tmp='<input type="radio" name="type" id="radio_creditnote" value="2" > ';
 			$text = $tmp.$langs->trans("InvoiceAvoir") . ' ';
 			$text.= '('.$langs->trans("YouMustCreateInvoiceFromThird").') ';
 			$desc = $form->textwithpicto($text, $langs->transnoentities("InvoiceAvoirDesc"), 1, 'help', '', 0, 3);
@@ -2392,7 +2393,7 @@ if ($action == 'create')
 			print '</div></div>' . "\n";
 		}
 	}
-	
+
 	// Template invoice
 	print '<div class="tagtr listofinvoicetype"><div class="tagtd listofinvoicetype">';
 	$tmp='<input type="radio" name="type" id="radio_template" value="0" disabled> ';
@@ -2427,7 +2428,7 @@ if ($action == 'create')
 	}
 
 	$datefacture = dol_mktime(12, 0, 0, $_POST['remonth'], $_POST['reday'], $_POST['reyear']);
-	
+
 	// Date invoice
 	print '<tr><td class="fieldrequired">' . $langs->trans('DateInvoice') . '</td><td colspan="2">';
 	print $form->select_date($datefacture?$datefacture:$dateinvoice, '', '', '', '', "add", 1, 1, 1);
@@ -2533,15 +2534,15 @@ if ($action == 'create')
     	    '__INVOICE_YEAR__' =>  $langs->trans("PreviousYearOfInvoice").' ('.$langs->trans("Example").': '.dol_print_date($dateexample,'%Y').')',
     	    '__INVOICE_NEXT_YEAR__' => $langs->trans("NextYearOfInvoice").' ('.$langs->trans("Example").': '.dol_print_date(dol_time_plus_duree($dateexample, 1, 'y'),'%Y').')'
     	);
-    	
+
     	$htmltext = '<i>'.$langs->trans("FollowingConstantsWillBeSubstituted").':<br>';
     	foreach($substitutionarray as $key => $val)
     	{
     	    $htmltext.=$key.' = '.$langs->trans($val).'<br>';
     	}
-    	$htmltext.='</i>';	
+    	$htmltext.='</i>';
 	}
-	
+
 	// Public note
 	print '<tr>';
 	print '<td class="border tdtop">';
@@ -2629,9 +2630,9 @@ if ($action == 'create')
 
 		if (!empty($conf->multicurrency->enabled))
 		{
-			print '<tr><td>' . $langs->trans('MulticurrencyTotalHT') . '</td><td colspan="2">' . price($objectsrc->multicurrency_total_ht) . '</td></tr>';
-			print '<tr><td>' . $langs->trans('MulticurrencyTotalVAT') . '</td><td colspan="2">' . price($objectsrc->multicurrency_total_tva) . "</td></tr>";
-			print '<tr><td>' . $langs->trans('MulticurrencyTotalTTC') . '</td><td colspan="2">' . price($objectsrc->multicurrency_total_ttc) . "</td></tr>";	
+			print '<tr><td>' . $langs->trans('MulticurrencyAmountHT') . '</td><td colspan="2">' . price($objectsrc->multicurrency_total_ht) . '</td></tr>';
+			print '<tr><td>' . $langs->trans('MulticurrencyAmountVAT') . '</td><td colspan="2">' . price($objectsrc->multicurrency_total_tva) . "</td></tr>";
+			print '<tr><td>' . $langs->trans('MulticurrencyAmountTTC') . '</td><td colspan="2">' . price($objectsrc->multicurrency_total_ttc) . "</td></tr>";
 		}
 	}
 
@@ -2970,8 +2971,9 @@ else if ($id > 0 || ! empty($ref))
 	// Ref customer
 	$morehtmlref.=$form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, $user->rights->facture->creer, 'string', '', 0, 1);
 	$morehtmlref.=$form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, $user->rights->facture->creer, 'string', '', null, null, '', 1);
-	// Thirdparty
+    // Thirdparty
 	$morehtmlref.='<br>'.$langs->trans('ThirdParty') . ' : ' . $object->thirdparty->getNomUrl(1);
+	if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) $morehtmlref.=' (<a href="'.DOL_URL_ROOT.'/compta/facture/list.php?socid='.$object->thirdparty->id.'">'.$langs->trans("OtherBills").'</a>)';
 	// Project
 	if (! empty($conf->projet->enabled))
 	{
@@ -3326,7 +3328,7 @@ else if ($id > 0 || ! empty($ref))
 			print $object->situation_counter;
 
 			print '</td>';
-			print '<td align="right" class="nowrap">';
+			print '<td align="left" class="nowrap">';
 
 			$prevsits_total_amount = 0;
 			foreach ($prevsits as $situation) {
@@ -3334,9 +3336,10 @@ else if ($id > 0 || ! empty($ref))
 			}
 			$prevsits_total_amount += $object->total_ht;
 
-			print price($prevsits_total_amount);
-			print '</td>';
-			print '<td>' . $langs->trans('Currency' . $conf->currency) . '</td></tr>';
+			print price($prevsits_total_amount, 0, $langs, 1, -1, -1, (!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency) );
+
+			print '</td></tr>';
+
 
 			// Previous situation(s) deduction(s)
 			for ($i = 0; $i < $cprevsits; $i++) {
@@ -3347,10 +3350,10 @@ else if ($id > 0 || ! empty($ref))
 				print $prevsits[$i]->situation_counter;
 				print '</a></td>';
 
-				print '<td align="right" class="nowrap">';
-				print '- ' . price($prevsits[$i]->total_ht);
-				print '</td>';
-				print '<td>' . $langs->trans('Currency' . $conf->currency) . '</td></tr>';
+				print '<td align="left" class="nowrap">';
+				print '- ' . price($prevsits[$i]->total_ht, 0, $langs, 1, -1, -1, (!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency) );
+				print '</td></tr>';
+
 			}
 		}
 	}
@@ -3388,21 +3391,21 @@ else if ($id > 0 || ! empty($ref))
 	print '<div class="fichehalfright">';
 	print '<div class="ficheaddleft">';
 	print '<div class="underbanner clearboth"></div>';
-	
+
 	print '<table class="border centpercent">';
-	
+
 	if (!empty($conf->multicurrency->enabled) && ($object->multicurrency_code != $conf->currency))
 	{
 	    // Multicurrency Amount HT
 	    print '<tr><td class="titlefieldmiddle">' . fieldLabel('MulticurrencyAmountHT','multicurrency_total_ht') . '</td>';
 	    print '<td class="nowrap">' . price($object->multicurrency_total_ht, '', $langs, 0, - 1, - 1, (!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency)) . '</td>';
 	    print '</tr>';
-	
+
 	    // Multicurrency Amount VAT
 	    print '<tr><td>' . fieldLabel('MulticurrencyAmountVAT','multicurrency_total_tva') . '</td>';
 	    print '<td class="nowrap">' . price($object->multicurrency_total_tva, '', $langs, 0, - 1, - 1, (!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency)) . '</td>';
 	    print '</tr>';
-	
+
 	    // Multicurrency Amount TTC
 	    print '<tr><td>' . fieldLabel('MulticurrencyAmountTTC','multicurrency_total_ttc') . '</td>';
 	    print '<td class="nowrap">' . price($object->multicurrency_total_ttc, '', $langs, 0, - 1, - 1, (!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency)) . '</td>';
@@ -3461,7 +3464,7 @@ else if ($id > 0 || ! empty($ref))
 
 	print '</table>';
 
-	
+
 	// List of previous situation invoices
 
 	$sign = 1;
@@ -3484,12 +3487,12 @@ else if ($id > 0 || ! empty($ref))
         $nbrows += 5;
     if (! empty($conf->incoterm->enabled))
         $nbrows += 1;
-    
-    if ($object->type == Facture::TYPE_SITUATION && ! empty($conf->global->INVOICE_USE_SITUATION)) 
+
+    if ($object->type == Facture::TYPE_SITUATION && ! empty($conf->global->INVOICE_USE_SITUATION))
     {
         if (count($object->tab_previous_situation_invoice) > 0 || count($object->tab_next_situation_invoice) > 0)
-            print '<table class="nobordernopadding paymenttable" width="100%">';
-        
+            print '<table class="noborder situationstable" width="100%">';
+
         if (count($object->tab_previous_situation_invoice) > 0) {
             // List of previous invoices
             print '<tr class="liste_titre">';
@@ -3501,7 +3504,7 @@ else if ($id > 0 || ! empty($ref))
             print '<td align="right">' . $langs->trans('AmountTTC') . '</td>';
             print '<td width="18">&nbsp;</td>';
             print '</tr>';
-            
+
             $total_prev_ht = $total_prev_ttc = 0;
             $var = true;
             foreach ($object->tab_previous_situation_invoice as $prev_invoice) {
@@ -3517,18 +3520,18 @@ else if ($id > 0 || ! empty($ref))
                 print '<td align="right">' . price($prev_invoice->total_ttc) . '</td>';
                 print '<td align="right">' . $prev_invoice->getLibStatut(3, $totalpaye) . '</td>';
                 print '</tr>';
-                
+
                 $var = ! $var;
             }
-            
+
             print '<tr ' . $bc[$var] . '>';
-            print '<td colspan="2" align="right"></td>';
+            print '<td colspan="3" align="right"></td>';
             print '<td align="right"><b>' . price($total_prev_ht) . '</b></td>';
             print '<td align="right"><b>' . price($total_prev_ttc) . '</b></td>';
             print '<td width="18">&nbsp;</td>';
             print '</tr>';
         }
-        
+
         if (count($object->tab_next_situation_invoice) > 0) {
             // List of next invoices
             print '<tr class="liste_titre">';
@@ -3540,9 +3543,9 @@ else if ($id > 0 || ! empty($ref))
             print '<td align="right">' . $langs->trans('AmountTTC') . '</td>';
             print '<td width="18">&nbsp;</td>';
             print '</tr>';
-            
+
             $total_next_ht = $total_next_ttc = 0;
-            
+
             $var = true;
             foreach ($object->tab_next_situation_invoice as $next_invoice) {
                 $totalpaye = $next_invoice->getSommePaiement();
@@ -3557,25 +3560,25 @@ else if ($id > 0 || ! empty($ref))
                 print '<td align="right">' . price($next_invoice->total_ttc) . '</td>';
                 print '<td align="right">' . $next_invoice->getLibStatut(3, $totalpaye) . '</td>';
                 print '</tr>';
-                
+
                 $var = ! $var;
             }
-            
+
             print '<tr ' . $bc[$var] . '>';
-            print '<td colspan="2" align="right"></td>';
+            print '<td colspan="3" align="right"></td>';
             print '<td align="right"><b>' . price($total_next_ht) . '</b></td>';
             print '<td align="right"><b>' . price($total_next_ttc) . '</b></td>';
             print '<td width="18">&nbsp;</td>';
             print '</tr>';
         }
-        
+
         if (count($object->tab_previous_situation_invoice) > 0 || count($object->tab_next_situation_invoice) > 0)
             print '</table>';
     }
 
-    
+
     // List of payments already done
-    
+
     print '<table class="noborder paymenttable" width="100%">';
 
     print '<tr class="liste_titre">';
@@ -3733,7 +3736,7 @@ else if ($id > 0 || ! empty($ref))
 
         // Billed
         print '<tr><td colspan="' . $nbcols . '" align="right">' . $langs->trans("Billed") . ' :</td><td align="right">' . price($object->total_ttc) . '</td><td>&nbsp;</td></tr>';
-        
+
         // Remainder to pay
         print '<tr><td colspan="' . $nbcols . '" align="right">';
         if ($resteapayeraffiche >= 0)
@@ -3743,11 +3746,11 @@ else if ($id > 0 || ! empty($ref))
         print ' :</td>';
         print '<td align="right"'.($resteapayeraffiche?' class="amountremaintopay"':(' class="'.$cssforamountpaymentcomplete.'"')).'>' . price($resteapayeraffiche) . '</td>';
         print '<td class="nowrap">&nbsp;</td></tr>';
-    } 
+    }
     else // Credit note
     {
         $cssforamountpaymentcomplete='';
-        
+
         // Total already paid back
         print '<tr><td colspan="' . $nbcols . '" align="right">';
         print $langs->trans('AlreadyPaidBack');
@@ -3800,30 +3803,20 @@ else if ($id > 0 || ! empty($ref))
 	// Lines
 	$result = $object->getLinesArray();
 
-	print '	<form name="addproduct" id="addproduct" action="' . $_SERVER["PHP_SELF"] . '?id=' . $object->id . (($action != 'editline') ? '#add' : '#line_' . GETPOST('lineid')) . '" method="POST">
-	<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">
-	<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateligne') . '">
-	<input type="hidden" name="mode" value="">
-	<input type="hidden" name="id" value="' . $object->id . '">
-	';
-
-	if (! empty($conf->use_javascript_ajax) && $object->statut == 0) {
-		include DOL_DOCUMENT_ROOT . '/core/tpl/ajaxrow.tpl.php';
-	}
-
-    print '<div class="div-table-responsive">';
-	print '<table id="tablelines" class="noborder noshadow" width="100%">';
-
 	// Show global modifiers
 	if (! empty($conf->global->INVOICE_USE_SITUATION))
 	{
 		if ($object->situation_cycle_ref && $object->statut == 0) {
-			print '<tr class="liste_titre nodrag nodrop">';
-			print '<form name="updatealllines" id="updatealllines" action="' . $_SERVER['PHP_SELF'] . '?id=' . $object->id . '"#updatealllines" method="POST">';
+			print '<div class="div-table-responsive">';
+
+			print '<form name="updatealllines" id="updatealllines" action="' . $_SERVER['PHP_SELF'] . '?id=' . $object->id . '#updatealllines" method="POST">';
 			print '<input type="hidden" name="token" value="' . $_SESSION['newtoken'] . '" />';
 			print '<input type="hidden" name="action" value="updatealllines" />';
 			print '<input type="hidden" name="id" value="' . $object->id . '" />';
 
+			print '<table id="tablelines_all_progress" class="noborder noshadow" width="100%">';
+			print '<tr class="liste_titre nodrag nodrop">';
+
 			if (!empty($conf->global->MAIN_VIEW_LINE_NUMBER)) {
 				print '<td align="center" width="5">&nbsp;</td>';
 			}
@@ -3859,10 +3852,33 @@ else if ($id > 0 || ! empty($ref))
 			print '<td align="right" class="nowrap"><input type="text" size="1" value="" name="all_progress">%</td>';
 			print '<td colspan="4" align="right"><input class="button" type="submit" name="all_percent" value="Modifier" /></td>';
 			print '</tr>';
+
+			print '</table>';
+
 			print '</form>';
+
+			print '</div>';
+
 		}
+
 	}
 
+
+
+	print '	<form name="addproduct" id="addproduct" action="' . $_SERVER["PHP_SELF"] . '?id=' . $object->id . (($action != 'editline') ? '#add' : '#line_' . GETPOST('lineid')) . '" method="POST">
+	<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">
+	<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateligne') . '">
+	<input type="hidden" name="mode" value="">
+	<input type="hidden" name="id" value="' . $object->id . '">
+	';
+
+	if (! empty($conf->use_javascript_ajax) && $object->statut == 0) {
+		include DOL_DOCUMENT_ROOT . '/core/tpl/ajaxrow.tpl.php';
+	}
+
+    print '<div class="div-table-responsive">';
+	print '<table id="tablelines" class="noborder noshadow" width="100%">';
+
 	// Show object lines
 	if (! empty($object->lines))
 		$ret = $object->printObjectLines($action, $mysoc, $soc, $lineid, 1);
@@ -3884,7 +3900,7 @@ else if ($id > 0 || ! empty($ref))
 
 	print "</table>\n";
     print "</div>";
-    
+
 	print "</form>\n";
 
 	dol_fiche_end();
@@ -3924,6 +3940,9 @@ else if ($id > 0 || ! empty($ref))
 				}
 			}
 
+			$discount = new DiscountAbsolute($db);
+			$result = $discount->fetch(0, $object->id);
+
 			// Reopen a standard paid invoice
 			if ((($object->type == Facture::TYPE_STANDARD || $object->type == Facture::TYPE_REPLACEMENT)
 				|| ($object->type == Facture::TYPE_CREDIT_NOTE && empty($discount->id))
@@ -3980,7 +3999,7 @@ else if ($id > 0 || ! empty($ref))
 			        //print '<a class="butActionRefused" href="#" title="'.dol_escape_htmltag($langs->trans("AmountMustBePositive")).'">'.$langs->trans("MakeWithdrawRequest").'</a>';
 			    }
 			}
-			
+
 			// Create payment
 			if ($object->type != Facture::TYPE_CREDIT_NOTE && $object->statut == 1 && $object->paye == 0 && $user->rights->facture->paiement) {
 				if ($objectidnext) {
@@ -4131,7 +4150,7 @@ else if ($id > 0 || ! empty($ref))
 		// Show links to link elements
 		$linktoelem = $form->showLinkToObjectBlock($object, null, array('invoice'));
 		$somethingshown = $form->showLinkedObjectBlock($object, $linktoelem);
-		
+
 		// Link for paypal payment
 		if (! empty($conf->paypal->enabled) && $object->statut != 0) {
 			include_once DOL_DOCUMENT_ROOT . '/paypal/lib/paypal.lib.php';

htdocs/compta/facture/class/facture-rec.class.php

@@ -169,11 +169,16 @@ class FactureRec extends CommonInvoice
 				$num=count($facsrc->lines);
 				for ($i = 0; $i < $num; $i++)
 				{
-                    $result_insert = $this->addline(
+					$tva_tx = $facsrc->lines[$i]->tva_tx;
+					if (! empty($facsrc->lines[$i]->vat_src_code) && ! preg_match('/\(/', $tva_tx)) $tva_tx .= ' ('.$facsrc->lines[$i]->vat_src_code.')';
+
+					$result_insert = $this->addline(
                         $facsrc->lines[$i]->desc,
                         $facsrc->lines[$i]->subprice,
                         $facsrc->lines[$i]->qty,
-                        $facsrc->lines[$i]->tva_tx,
+						$tva_tx,
+                        $facsrc->lines[$i]->localtax1_tx,
+                        $facsrc->lines[$i]->localtax2_tx,
                         $facsrc->lines[$i]->fk_product,
                         $facsrc->lines[$i]->remise_percent,
                         'HT',
@@ -243,7 +248,8 @@ class FactureRec extends CommonInvoice
 	 */
 	function fetch($rowid, $ref='', $ref_ext='', $ref_int='')
 	{
-		$sql = 'SELECT f.rowid, f.entity, f.titre, f.fk_soc, f.amount, f.tva, f.total, f.total_ttc, f.remise_percent, f.remise_absolue, f.remise';
+		$sql = 'SELECT f.rowid, f.entity, f.titre, f.fk_soc, f.amount, f.tva, f.localtax1, f.localtax2, f.total, f.total_ttc';
+		$sql.= ', f.remise_percent, f.remise_absolue, f.remise';
 		$sql.= ', f.date_lim_reglement as dlr';
 		$sql.= ', f.note_private, f.note_public, f.fk_user_author';
 		$sql.= ', f.fk_mode_reglement, f.fk_cond_reglement, f.fk_projet';
@@ -284,6 +290,8 @@ class FactureRec extends CommonInvoice
 				$this->remise                 = $obj->remise;
 				$this->total_ht               = $obj->total;
 				$this->total_tva              = $obj->tva;
+				$this->total_localtax1        = $obj->localtax1;
+				$this->total_localtax2        = $obj->localtax2;
 				$this->total_ttc              = $obj->total_ttc;
 				$this->paye                   = $obj->paye;
 				$this->close_code             = $obj->close_code;
@@ -364,8 +372,8 @@ class FactureRec extends CommonInvoice
 	{
 		$this->lines=array();
 
-		$sql = 'SELECT l.rowid, l.fk_product, l.product_type, l.label as custom_label, l.description, l.product_type, l.price, l.qty, l.tva_tx, ';
-		$sql.= ' l.remise, l.remise_percent, l.subprice,';
+		$sql = 'SELECT l.rowid, l.fk_product, l.product_type, l.label as custom_label, l.description, l.product_type, l.price, l.qty, l.vat_src_code, l.tva_tx, ';
+		$sql.= ' l.localtax1_tx, l.localtax2_tx, l.localtax1_type, l.localtax2_type, l.remise, l.remise_percent, l.subprice,';
 		$sql.= ' l.info_bits, l.total_ht, l.total_tva, l.total_ttc,';
 		//$sql.= ' l.situation_percent, l.fk_prev_id,';
 		//$sql.= ' l.localtax1_tx, l.localtax2_tx, l.localtax1_type, l.localtax2_type, l.remise_percent, l.fk_remise_except, l.subprice,';
@@ -404,7 +412,13 @@ class FactureRec extends CommonInvoice
 				$line->fk_product_type  = $objp->fk_product_type;	// Type of product
 				$line->qty              = $objp->qty;
 				$line->subprice         = $objp->subprice;
+
+				$line->vat_src_code     = $objp->vat_src_code;
 				$line->tva_tx           = $objp->tva_tx;
+				$line->localtax1_tx     = $objp->localtax1_tx;
+				$line->localtax2_tx     = $objp->localtax2_tx;
+				$line->localtax1_type   = $objp->localtax1_type;
+				$line->localtax2_type   = $objp->localtax2_type;
 				$line->remise_percent   = $objp->remise_percent;
 				$line->fk_remise_except = $objp->fk_remise_except;
 				$line->fk_product       = $objp->fk_product;
@@ -461,7 +475,13 @@ class FactureRec extends CommonInvoice
 		{
 			$sql = "DELETE FROM ".MAIN_DB_PREFIX."facture_rec WHERE rowid = ".$rowid;
 			dol_syslog($sql);
-			if (! $this->db->query($sql))
+			if ($this->db->query($sql))
+			{
+				// Delete linked object
+				$res = $this->deleteObjectLinked();
+				if ($res < 0) $error=-3;
+			}
+			else 
 			{
 				$this->error=$this->db->lasterror();
 				$error=-1;
@@ -493,6 +513,8 @@ class FactureRec extends CommonInvoice
      *	@param    	double		$pu_ht              Prix unitaire HT (> 0 even for credit note)
      *	@param    	double		$qty             	Quantite
      *	@param    	double		$txtva           	Taux de tva force, sinon -1
+	 * 	@param		double		$txlocaltax1		Local tax 1 rate (deprecated)
+	 *  @param		double		$txlocaltax2		Local tax 2 rate (deprecated)
      *	@param    	int			$fk_product      	Id du produit/service predefini
      *	@param    	double		$remise_percent  	Pourcentage de remise de la ligne
      *	@param		string		$price_base_type	HT or TTC
@@ -506,29 +528,40 @@ class FactureRec extends CommonInvoice
      *	@param		string		$fk_unit			Unit
      *	@return    	int             				<0 if KO, Id of line if OK
 	 */
-	function addline($desc, $pu_ht, $qty, $txtva, $fk_product=0, $remise_percent=0, $price_base_type='HT', $info_bits=0, $fk_remise_except='', $pu_ttc=0, $type=0, $rang=-1, $special_code=0, $label='', $fk_unit=null)
+	function addline($desc, $pu_ht, $qty, $txtva, $txlocaltax1=0, $txlocaltax2=0, $fk_product=0, $remise_percent=0, $price_base_type='HT', $info_bits=0, $fk_remise_except='', $pu_ttc=0, $type=0, $rang=-1, $special_code=0, $label='', $fk_unit=null)
 	{
 	    global $mysoc;
 	    
 		$facid=$this->id;
 
-		dol_syslog(get_class($this)."::addline facid=$facid,desc=$desc,pu_ht=$pu_ht,qty=$qty,txtva=$txtva,fk_product=$fk_product,remise_percent=$remise_percent,info_bits=$info_bits,fk_remise_except=$fk_remise_except,price_base_type=$price_base_type,pu_ttc=$pu_ttc,type=$type,fk_unit=$fk_unit", LOG_DEBUG);
+		dol_syslog(get_class($this)."::addline facid=$facid,desc=$desc,pu_ht=$pu_ht,qty=$qty,txtva=$txtva,txlocaltax1=$txlocaltax1,txlocaltax2=$txlocaltax2,fk_product=$fk_product,remise_percent=$remise_percent,info_bits=$info_bits,fk_remise_except=$fk_remise_except,price_base_type=$price_base_type,pu_ttc=$pu_ttc,type=$type,fk_unit=$fk_unit", LOG_DEBUG);
 		include_once DOL_DOCUMENT_ROOT.'/core/lib/price.lib.php';
 
 		// Check parameters
 		if ($type < 0) return -1;
 
+		$localtaxes_type=getLocalTaxesFromRate($txtva, 0, $this->thirdparty, $mysoc);
+
+		// Clean vat code
+		$vat_src_code='';
+		if (preg_match('/\((.*)\)/', $txtva, $reg))
+		{
+			$vat_src_code = $reg[1];
+			$txtva = preg_replace('/\s*\(.*\)/', '', $txtva);    // Remove code into vatrate.
+		}
+
 		if ($this->brouillon)
 		{
 			// Clean parameters
 			$remise_percent=price2num($remise_percent);
 			if (empty($remise_percent)) $remise_percent=0;
 			$qty=price2num($qty);
-			if (! $qty) $qty=1;
 			if (! $info_bits) $info_bits=0;
 			$pu_ht=price2num($pu_ht);
 			$pu_ttc=price2num($pu_ttc);
 			$txtva=price2num($txtva);
+			$txlocaltax1	= price2num($txlocaltax1);
+			$txlocaltax2	= price2num($txlocaltax2);
 
 			if ($price_base_type=='HT')
 			{
@@ -543,10 +576,14 @@ class FactureRec extends CommonInvoice
 			// qty, pu, remise_percent et txtva
 			// TRES IMPORTANT: C'est au moment de l'insertion ligne qu'on doit stocker
 			// la part ht, tva et ttc, et ce au niveau de la ligne qui a son propre taux tva.
-			$tabprice=calcul_price_total($qty, $pu, $remise_percent, $txtva, 0, 0, 0, $price_base_type, $info_bits, $type, $mysoc);
+
+
+			$tabprice=calcul_price_total($qty, $pu, $remise_percent, $txtva, $txlocaltax1, $txlocaltax2, 0, $price_base_type, $info_bits, $type, $mysoc, $localtaxes_type);
 			$total_ht  = $tabprice[0];
 			$total_tva = $tabprice[1];
 			$total_ttc = $tabprice[2];
+			$total_localtax1=$tabprice[9];
+			$total_localtax2=$tabprice[10];
 			
 			$product_type=$type;
 			if ($fk_product)
@@ -563,6 +600,11 @@ class FactureRec extends CommonInvoice
 			$sql.= ", price";
 			$sql.= ", qty";
 			$sql.= ", tva_tx";
+			$sql.= ", vat_src_code";
+			$sql.= ", localtax1_tx";
+			$sql.= ", localtax1_type";
+			$sql.= ", localtax2_tx";
+			$sql.= ", localtax2_type";
 			$sql.= ", fk_product";
 			$sql.= ", product_type";
 			$sql.= ", remise_percent";
@@ -570,6 +612,8 @@ class FactureRec extends CommonInvoice
 			$sql.= ", remise";
 			$sql.= ", total_ht";
 			$sql.= ", total_tva";
+			$sql.= ", total_localtax1";
+			$sql.= ", total_localtax2";
 			$sql.= ", total_ttc";
 			$sql.= ", rang";
 			$sql.= ", special_code";
@@ -581,6 +625,11 @@ class FactureRec extends CommonInvoice
 			$sql.= ", ".price2num($pu_ht);
 			$sql.= ", ".price2num($qty);
 			$sql.= ", ".price2num($txtva);
+			$sql.= ", '".$this->db->escape($vat_src_code)."'";
+			$sql.= ", ".price2num($txlocaltax1);
+			$sql.= ", '".$this->db->escape($localtaxes_type[0])."'";
+			$sql.= ", ".price2num($txlocaltax2);
+			$sql.= ", '".$this->db->escape($localtaxes_type[2])."'";
 			$sql.= ", ".(! empty($fk_product)?"'".$fk_product."'":"null");
 			$sql.= ", ".$product_type;
 			$sql.= ", ".price2num($remise_percent);
@@ -588,6 +637,8 @@ class FactureRec extends CommonInvoice
 			$sql.= ", null";
 			$sql.= ", ".price2num($total_ht);
 			$sql.= ", ".price2num($total_tva);
+			$sql.= ", ".price2num($total_localtax1);
+			$sql.= ", ".price2num($total_localtax2);
 			$sql.= ", ".price2num($total_ttc);
 			$sql.= ", ".$rang;
 			$sql.= ", ".$special_code;
@@ -616,6 +667,8 @@ class FactureRec extends CommonInvoice
 	 *	@param    	double		$pu_ht              Prix unitaire HT (> 0 even for credit note)
 	 *	@param    	double		$qty             	Quantite
 	 *	@param    	double		$txtva           	Taux de tva force, sinon -1
+	 * 	@param		double		$txlocaltax1		Local tax 1 rate (deprecated)
+	 *  @param		double		$txlocaltax2		Local tax 2 rate (deprecated)
 	 *	@param    	int			$fk_product      	Id du produit/service predefini
 	 *	@param    	double		$remise_percent  	Pourcentage de remise de la ligne
 	 *	@param		string		$price_base_type	HT or TTC
@@ -629,28 +682,39 @@ class FactureRec extends CommonInvoice
 	 *	@param		string		$fk_unit			Unit
 	 *	@return    	int             				<0 if KO, Id of line if OK
 	 */
-	function updateline($rowid, $desc, $pu_ht, $qty, $txtva, $fk_product=0, $remise_percent=0, $price_base_type='HT', $info_bits=0, $fk_remise_except='', $pu_ttc=0, $type=0, $rang=-1, $special_code=0, $label='', $fk_unit=null)
+	function updateline($rowid, $desc, $pu_ht, $qty, $txtva, $txlocaltax1=0, $txlocaltax2=0, $fk_product=0, $remise_percent=0, $price_base_type='HT', $info_bits=0, $fk_remise_except='', $pu_ttc=0, $type=0, $rang=-1, $special_code=0, $label='', $fk_unit=null)
 	{
 	    global $mysoc;
 	     
 	    $facid=$this->id;
 	
-	    dol_syslog(get_class($this)."::updateline facid=".$facid." rowid=$rowid,desc=$desc,pu_ht=$pu_ht,qty=$qty,txtva=$txtva,fk_product=$fk_product,remise_percent=$remise_percent,info_bits=$info_bits,fk_remise_except=$fk_remise_except,price_base_type=$price_base_type,pu_ttc=$pu_ttc,type=$type,fk_unit=$fk_unit", LOG_DEBUG);
+	    dol_syslog(get_class($this)."::updateline facid=".$facid." rowid=$rowid,desc=$desc,pu_ht=$pu_ht,qty=$qty,txtva=$txtva,txlocaltax1=$txlocaltax1,txlocaltax2=$txlocaltax2,fk_product=$fk_product,remise_percent=$remise_percent,info_bits=$info_bits,fk_remise_except=$fk_remise_except,price_base_type=$price_base_type,pu_ttc=$pu_ttc,type=$type,fk_unit=$fk_unit", LOG_DEBUG);
 	    include_once DOL_DOCUMENT_ROOT.'/core/lib/price.lib.php';
 	
 	    // Check parameters
 	    if ($type < 0) return -1;
-	
+
+		$localtaxes_type=getLocalTaxesFromRate($txtva, 0, $this->thirdparty, $mysoc);
+
+		// Clean vat code
+		$vat_src_code='';
+		if (preg_match('/\((.*)\)/', $txtva, $reg))
+		{
+			$vat_src_code = $reg[1];
+			$txtva = preg_replace('/\s*\(.*\)/', '', $txtva);    // Remove code into vatrate.
+		}
+
 	    if ($this->brouillon)
 	    {
 	        // Clean parameters
 	        $remise_percent=price2num($remise_percent);
 	        $qty=price2num($qty);
-	        if (! $qty) $qty=1;
 	        if (! $info_bits) $info_bits=0;
 	        $pu_ht=price2num($pu_ht);
 	        $pu_ttc=price2num($pu_ttc);
 	        $txtva=price2num($txtva);
+		    $txlocaltax1	= price2num($txlocaltax1);
+		    $txlocaltax2	= price2num($txlocaltax2);
 	
 	        if ($price_base_type=='HT')
 	        {
@@ -665,10 +729,13 @@ class FactureRec extends CommonInvoice
 	        // qty, pu, remise_percent et txtva
 	        // TRES IMPORTANT: C'est au moment de l'insertion ligne qu'on doit stocker
 	        // la part ht, tva et ttc, et ce au niveau de la ligne qui a son propre taux tva.
-	        $tabprice=calcul_price_total($qty, $pu, $remise_percent, $txtva, 0, 0, 0, $price_base_type, $info_bits, $type, $mysoc);
+	        $tabprice=calcul_price_total($qty, $pu, $remise_percent, $txtva, $txlocaltax1, $txlocaltax2, 0, $price_base_type, $info_bits, $type, $mysoc, $localtaxes_type);
+
 	        $total_ht  = $tabprice[0];
 	        $total_tva = $tabprice[1];
 	        $total_ttc = $tabprice[2];
+		    $total_localtax1=$tabprice[9];
+		    $total_localtax2=$tabprice[10];
 	        	
 	        $product_type=$type;
 	        if ($fk_product)
@@ -685,18 +752,25 @@ class FactureRec extends CommonInvoice
 	        $sql.= ", price=".price2num($pu_ht);
 	        $sql.= ", qty=".price2num($qty);
 	        $sql.= ", tva_tx=".price2num($txtva);
+	        $sql.= ", vat_src_code='".$this->db->escape($vat_src_code)."'";
+		    $sql.= ", localtax1_tx=".price2num($txlocaltax1);
+		    $sql.= ", localtax1_type='".$this->db->escape($localtaxes_type[0])."'";
+		    $sql.= ", localtax2_tx=".price2num($txlocaltax2);
+		    $sql.= ", localtax2_type='".$this->db->escape($localtaxes_type[2])."'";
 	        $sql.= ", fk_product=".(! empty($fk_product)?"'".$fk_product."'":"null");
 	        $sql.= ", product_type=".$product_type;
 	        $sql.= ", remise_percent='".price2num($remise_percent)."'";
 	        $sql.= ", subprice='".price2num($pu_ht)."'";
 	        $sql.= ", total_ht='".price2num($total_ht)."'";
 	        $sql.= ", total_tva='".price2num($total_tva)."'";
+	        $sql.= ", total_localtax1='".price2num($total_localtax1)."'";
+	        $sql.= ", total_localtax2='".price2num($total_localtax2)."'";
 	        $sql.= ", total_ttc='".price2num($total_ttc)."'";
 	        $sql.= ", rang=".$rang;
 	        $sql.= ", special_code=".$special_code;
 	        $sql.= ", fk_unit=".($fk_unit?"'".$this->db->escape($fk_unit)."'":"null");
 	        $sql.= " WHERE rowid = ".$rowid;
-	        
+
 	        dol_syslog(get_class($this)."::updateline", LOG_DEBUG);
 	        if ($this->db->query($sql))
 	        {

htdocs/compta/facture/class/facture.class.php

@@ -54,7 +54,7 @@ class Facture extends CommonInvoice
 	public $fk_element = 'fk_facture';
 	protected $ismultientitymanaged = 1;	// 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
 	public $picto='bill';
-	
+
 	/**
 	 * {@inheritdoc}
 	 */
@@ -243,7 +243,7 @@ class Facture extends CommonInvoice
 		if (! $this->mode_reglement_id) $this->mode_reglement_id = 0;
 		$this->brouillon = 1;
         if (empty($this->entity)) $this->entity = $conf->entity;
-        
+
 		// Multicurrency (test on $this->multicurrency_tx because we sould take the default rate only if not using origin rate)
 		if (!empty($this->multicurrency_code) && empty($this->multicurrency_tx)) list($this->fk_multicurrency,$this->multicurrency_tx) = MultiCurrency::getIdAndTxFromCode($this->db, $this->multicurrency_code);
 		else $this->fk_multicurrency = MultiCurrency::getIdFromCode($this->db, $this->multicurrency_code);
@@ -286,7 +286,7 @@ class Facture extends CommonInvoice
 
 			$this->socid 		     = $_facrec->socid;  // Invoice created on same thirdparty than template
 			$this->entity            = $_facrec->entity; // Invoice created in same entity than template
-			
+
 			// Fields coming from GUI (priority on template). TODO Value of template should be used as default value on GUI so we can use here always value from GUI
 			$this->fk_project        = GETPOST('projectid','int') > 0 ? GETPOST('projectid','int') : $_facrec->fk_project;
 			$this->note_public       = GETPOST('note_public') ? GETPOST('note_public') : $_facrec->note_public;
@@ -299,7 +299,7 @@ class Facture extends CommonInvoice
 			// Set here to have this defined for substitution into notes, should be recalculated after adding lines to get same result
 			$this->total_ht          = $_facrec->total_ht;
 			$this->total_ttc         = $_facrec->total_ttc;
-				
+
 			// Fields always coming from template
 			$this->remise_absolue    = $_facrec->remise_absolue;
 			$this->remise_percent    = $_facrec->remise_percent;
@@ -358,10 +358,10 @@ class Facture extends CommonInvoice
 			    '__INVOICE_YEAR__' => dol_print_date($this->date, '%Y'),
 			    '__INVOICE_NEXT_YEAR__' => dol_print_date(dol_time_plus_duree($this->date, 1, 'y'), '%Y'),
 			);
-			
+
 			$substitutionisok=true;
 			complete_substitutions_array($substitutionarray, $outputlangs);
-			
+
 			$this->note_public=make_substitutions($this->note_public,$substitutionarray);
 			$this->note_private=make_substitutions($this->note_private,$substitutionarray);
 		}
@@ -435,7 +435,7 @@ class Facture extends CommonInvoice
 
 			// Update ref with new one
 			$this->ref='(PROV'.$this->id.')';
-			$sql = 'UPDATE '.MAIN_DB_PREFIX."facture SET facnumber='".$this->ref."' WHERE rowid=".$this->id;
+			$sql = 'UPDATE '.MAIN_DB_PREFIX."facture SET facnumber='".$this->db->escape($this->ref)."' WHERE rowid=".$this->id;
 
 			dol_syslog(get_class($this)."::create", LOG_DEBUG);
 			$resql=$this->db->query($sql);
@@ -470,7 +470,7 @@ class Facture extends CommonInvoice
 				    }
 				}
 			}
-			
+
 			if (! $error && $this->id && ! empty($conf->global->MAIN_PROPAGATE_CONTACTS_FROM_ORIGIN) && ! empty($this->origin) && ! empty($this->origin_id))   // Get contact from origin object
 			{
 				$originforcontact = $this->origin;
@@ -481,7 +481,7 @@ class Facture extends CommonInvoice
 				    $exp = new Expedition($this->db);
 				    $exp->fetch($this->origin_id);
 				    $exp->fetchObjectLinked();
-				    if (count($exp->linkedObjectsIds['commande']) > 0) 
+				    if (count($exp->linkedObjectsIds['commande']) > 0)
 				    {
 				        foreach ($exp->linkedObjectsIds['commande'] as $key => $value)
 				        {
@@ -491,10 +491,10 @@ class Facture extends CommonInvoice
 				        }
 				    }
 				}
-				
+
 				$sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc";
 				$sqlcontact.= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$originforcontact."'";
-	
+
 				$resqlcontact = $this->db->query($sqlcontact);
 				if ($resqlcontact)
 				{
@@ -519,9 +519,12 @@ class Facture extends CommonInvoice
 				{
 					$newinvoiceline=$this->lines[$i];
 					$newinvoiceline->fk_facture=$this->id;
-                    $newinvoiceline->origin = $this->element;           // TODO This seems not used. Here we but origin 'facture' but after
-                    $newinvoiceline->origin_id = $this->lines[$i]->id;  // we put an id of object !
-					if ($result >= 0 && ($newinvoiceline->info_bits & 0x01) == 0)	// We keep only lines with first bit = 0
+
+					// TODO This seems not used. Here we put origin 'facture' but after,  we put an id of object !
+					$newinvoiceline->origin = $this->element;
+                    $newinvoiceline->origin_id = $this->lines[$i]->id;
+
+					if ($result >= 0)
 					{
 						// Reset fk_parent_line for no child products and special product
 						if (($newinvoiceline->product_type != 9 && empty($newinvoiceline->fk_parent_line)) || $newinvoiceline->product_type == 9) {
@@ -553,12 +556,12 @@ class Facture extends CommonInvoice
 				foreach ($this->lines as $i => $val)
 				{
                 	$line = $this->lines[$i];
-                	
+
                 	// Test and convert into object this->lines[$i]. When coming from REST API, we may still have an array
 				    //if (! is_object($line)) $line=json_decode(json_encode($line), FALSE);  // convert recursively array into object.
                 	if (! is_object($line)) $line = (object) $line;
-				    
-				    if (($line->info_bits & 0x01) == 0)	// We keep only lines with first bit = 0
+
+				    if ($result >= 0)
 					{
 						// Reset fk_parent_line for no child products and special product
 						if (($line->product_type != 9 && empty($line->fk_parent_line)) || $line->product_type == 9) {
@@ -1058,7 +1061,7 @@ class Facture extends CommonInvoice
 		if ($this->type == self::TYPE_CREDIT_NOTE) $picto.='a';	// Credit note
 		if ($this->type == self::TYPE_DEPOSIT) $picto.='d';	// Deposit invoice
         $label='';
-        
+
         if ($user->rights->facture->lire) {
             $label = '<u>' . $langs->trans("ShowInvoice") . '</u>';
             if (! empty($this->ref))
@@ -1077,7 +1080,7 @@ class Facture extends CommonInvoice
     		if ($this->type == self::TYPE_SITUATION) $label=$langs->transnoentitiesnoconv("ShowInvoiceSituation").': '.$this->ref;
     		if ($moretitle) $label.=' - '.$moretitle;
         }
-        
+
 		$linkclose='';
 		if (empty($notooltip) && $user->rights->facture->lire)
 		{
@@ -1111,7 +1114,7 @@ class Facture extends CommonInvoice
     		    $result.='</span>';
 		    }
 		}
-		
+
 		return $result;
 	}
 
@@ -1319,7 +1322,7 @@ class Facture extends CommonInvoice
 				$line->qty              = $objp->qty;
 				$line->subprice         = $objp->subprice;
 
-                $line->vat_src_code     = $objp->vat_src_code; 
+                $line->vat_src_code     = $objp->vat_src_code;
 				$line->tva_tx           = $objp->tva_tx;
 				$line->localtax1_tx     = $objp->localtax1_tx;
 				$line->localtax2_tx     = $objp->localtax2_tx;
@@ -1572,7 +1575,7 @@ class Facture extends CommonInvoice
     			$arraytmp=$formmargin->getMarginInfosArray($srcinvoice, false);
         		$facligne->pa_ht = $arraytmp['pa_total'];
 			}
-			
+
 			$facligne->total_ht  = -$remise->amount_ht;
 			$facligne->total_tva = -$remise->amount_tva;
 			$facligne->total_ttc = -$remise->amount_ttc;
@@ -1626,7 +1629,7 @@ class Facture extends CommonInvoice
 	function set_ref_client($ref_client, $notrigger=0)
 	{
 	    global $user;
-	    
+
 		$error=0;
 
 		$this->db->begin();
@@ -2455,7 +2458,7 @@ class Facture extends CommonInvoice
 		if (! isset($situation_percent) || $situation_percent > 100 || (string) $situation_percent == '') $situation_percent = 100;
 
 		$localtaxes_type=getLocalTaxesFromRate($txtva, 0, $this->thirdparty, $mysoc);
-			
+
 		// Clean vat code
 		$vat_src_code='';
 		if (preg_match('/\((.*)\)/', $txtva, $reg))
@@ -2463,7 +2466,7 @@ class Facture extends CommonInvoice
 		    $vat_src_code = $reg[1];
 		    $txtva = preg_replace('/\s*\(.*\)/', '', $txtva);    // Remove code into vatrate.
 		}
-		
+
 		$remise_percent=price2num($remise_percent);
 		$qty=price2num($qty);
 		$pu_ht=price2num($pu_ht);
@@ -2648,7 +2651,7 @@ class Facture extends CommonInvoice
 	 * 	@param		double		$pu_ht_devise		Unit price in currency
 	 *  @return    	int             				< 0 if KO, > 0 if OK
 	 */
-	function updateline($rowid, $desc, $pu, $qty, $remise_percent, $date_start, $date_end, $txtva, $txlocaltax1=0, $txlocaltax2=0, $price_base_type='HT', $info_bits=0, $type= self::TYPE_STANDARD, $fk_parent_line=0, $skip_update_total=0, $fk_fournprice=null, $pa_ht=0, $label='', $special_code=0, $array_options=0, $situation_percent=0, $fk_unit = null, $pu_ht_devise = 0)
+	function updateline($rowid, $desc, $pu, $qty, $remise_percent, $date_start, $date_end, $txtva, $txlocaltax1=0, $txlocaltax2=0, $price_base_type='HT', $info_bits=0, $type= self::TYPE_STANDARD, $fk_parent_line=0, $skip_update_total=0, $fk_fournprice=null, $pa_ht=0, $label='', $special_code=0, $array_options=0, $situation_percent=100, $fk_unit = null, $pu_ht_devise = 0)
 	{
 		global $conf,$user;
 		// Deprecation warning
@@ -2768,14 +2771,14 @@ class Facture extends CommonInvoice
 			$this->line->label				= $label;
 			$this->line->desc				= $desc;
 			$this->line->qty				= ($this->type==self::TYPE_CREDIT_NOTE?abs($qty):$qty);	// For credit note, quantity is always positive and unit price negative
-            
+
 			$this->line->vat_src_code       = $vat_src_code;
 			$this->line->tva_tx				= $txtva;
 			$this->line->localtax1_tx		= $txlocaltax1;
 			$this->line->localtax2_tx		= $txlocaltax2;
 			$this->line->localtax1_type		= $localtaxes_type[0];
 			$this->line->localtax2_type		= $localtaxes_type[2];
-			
+
 			$this->line->remise_percent		= $remise_percent;
 			$this->line->subprice			= ($this->type==2?-abs($pu_ht):$pu_ht); // For credit note, unit price always negative, always positive otherwise
 			$this->line->date_start			= $date_start;
@@ -2894,7 +2897,7 @@ class Facture extends CommonInvoice
 	function deleteline($rowid)
 	{
         global $user;
-        
+
 		dol_syslog(get_class($this)."::deleteline rowid=".$rowid, LOG_DEBUG);
 
 		if (! $this->brouillon)
@@ -2920,13 +2923,13 @@ class Facture extends CommonInvoice
 		}
 
 		$line=new FactureLigne($this->db);
-		
+
         $line->context = $this->context;
 
 		// For triggers
 		$result = $line->fetch($rowid);
 		if (! ($result > 0)) dol_print_error($db, $line->error, $line->errors);
-		
+
 		if ($line->delete($user) > 0)
 		{
 			$result=$this->update_price(1);
@@ -4340,7 +4343,7 @@ class FactureLigne extends CommonInvoiceLine
 			$this->fk_unit				= $objp->fk_unit;
 			$this->fk_user_modif		= $objp->fk_user_modif;
 			$this->fk_user_author		= $objp->fk_user_author;
-			
+
 			$this->situation_percent    = $objp->situation_percent;
 			$this->fk_prev_id           = $objp->fk_prev_id;
 
@@ -4641,18 +4644,18 @@ class FactureLigne extends CommonInvoiceLine
         $sql.= ", remise_percent=".price2num($this->remise_percent)."";
         if ($this->fk_remise_except) $sql.= ", fk_remise_except=".$this->fk_remise_except;
         else $sql.= ", fk_remise_except=null";
-		$sql.= ", vat_src_code = '".(empty($this->vat_src_code)?'':$this->vat_src_code)."'";
+		$sql.= ", vat_src_code = '".(empty($this->vat_src_code)?'':$this->db->escape($this->vat_src_code))."'";
         $sql.= ", tva_tx=".price2num($this->tva_tx)."";
         $sql.= ", localtax1_tx=".price2num($this->localtax1_tx)."";
         $sql.= ", localtax2_tx=".price2num($this->localtax2_tx)."";
-		$sql.= ", localtax1_type='".$this->localtax1_type."'";
-		$sql.= ", localtax2_type='".$this->localtax2_type."'";
-        $sql.= ", qty=".price2num($this->qty)."";
+		$sql.= ", localtax1_type='".$this->db->escape($this->localtax1_type)."'";
+		$sql.= ", localtax2_type='".$this->db->escape($this->localtax2_type)."'";
+        $sql.= ", qty=".price2num($this->qty);
         $sql.= ", date_start=".(! empty($this->date_start)?"'".$this->db->idate($this->date_start)."'":"null");
         $sql.= ", date_end=".(! empty($this->date_end)?"'".$this->db->idate($this->date_end)."'":"null");
         $sql.= ", product_type=".$this->product_type;
-        $sql.= ", info_bits='".$this->info_bits."'";
-        $sql.= ", special_code='".$this->special_code."'";
+        $sql.= ", info_bits='".$this->db->escape($this->info_bits)."'";
+        $sql.= ", special_code='".$this->db->escape($this->special_code)."'";
         if (empty($this->skip_update_total))
         {
         	$sql.= ", total_ht=".price2num($this->total_ht)."";

htdocs/compta/facture/fiche-rec.php

@@ -137,7 +137,7 @@ if (empty($reshook))
     if (GETPOST('cancel')) $action='';
 
     // Set note
-    include DOL_DOCUMENT_ROOT.'/core/actions_setnotes.inc.php';	// Must be include, not include_once
+    include DOL_DOCUMENT_ROOT.'/core/actions_setnotes.inc.php';	    // Must be include, not include_once
 
     include DOL_DOCUMENT_ROOT.'/core/actions_dellink.inc.php';		// Must be include, not include_once
 
@@ -612,7 +612,7 @@ if (empty($reshook))
     	else
     	{
     		// Insert line
-    		$result = $object->addline($desc, $pu_ht, $qty, $tva_tx, $idprod, $remise_percent, $price_base_type, $info_bits, '', $pu_ttc, $type, - 1, $special_code, $label, $fk_unit);
+    		$result = $object->addline($desc, $pu_ht, $qty, $tva_tx,$localtax1_tx, $localtax2_tx, $idprod, $remise_percent, $price_base_type, $info_bits, '', $pu_ttc, $type, - 1, $special_code, $label, $fk_unit);
 
     		if ($result > 0)
     		{
@@ -784,7 +784,9 @@ if (empty($reshook))
     			$description,
     			$pu_ht,
     			$qty,
-                    	$vat_rate,
+			    $vat_rate,
+			    $localtax1_rate,
+			    $localtax1_rate,
     			GETPOST('productid'),
     			GETPOST('remise_percent'),
     			'HT',
@@ -1180,9 +1182,23 @@ else
 
 		print '<tr><td>'.$langs->trans("AmountVAT").'</td><td colspan="3">'.price($object->total_tva,'',$langs,1,-1,-1,$conf->currency).'</td>';
 		print '</tr>';
+
+		// Amount Local Taxes
+		if (($mysoc->localtax1_assuj == "1" && $mysoc->useLocalTax(1)) || $object->total_localtax1 != 0) 	// Localtax1
+		{
+			print '<tr><td>' . $langs->transcountry("AmountLT1", $mysoc->country_code) . '</td>';
+			print '<td class="nowrap">' . price($object->total_localtax1, 1, '', 1, - 1, - 1, $conf->currency) . '</td></tr>';
+		}
+		if (($mysoc->localtax2_assuj == "1" && $mysoc->useLocalTax(2)) || $object->total_localtax2 != 0) 	// Localtax2
+		{
+			print '<tr><td>' . $langs->transcountry("AmountLT2", $mysoc->country_code) . '</td>';
+			print '<td class=nowrap">' . price($object->total_localtax2, 1, '', 1, - 1, - 1, $conf->currency) . '</td></tr>';
+		}
+
 		print '<tr><td>'.$langs->trans("AmountTTC").'</td><td colspan="3">'.price($object->total_ttc,'',$langs,1,-1,-1,$conf->currency).'</td>';
 		print '</tr>';
 
+
 		// Payment term
 		print '<tr><td>';
 		print '<table class="nobordernopadding" width="100%"><tr><td>';

htdocs/compta/facture/list.php

@@ -52,7 +52,7 @@ $langs->load('bills');
 $langs->load('companies');
 $langs->load('products');
 
-$sall=trim(GETPOST('sall'));
+$sall=trim(GETPOST('sall', 'alphanohtml'));
 $projectid=(GETPOST('projectid')?GETPOST('projectid','int'):0);
 
 $id=(GETPOST('id','int')?GETPOST('id','int'):GETPOST('facid','int'));  // For backward compatibility
@@ -206,7 +206,7 @@ if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter") || GETPOS
     $search_state="";
     $search_type='';
     $search_country='';
-    $search_type_thirdparty='';    
+    $search_type_thirdparty='';
     $day='';
     $year='';
     $month='';
@@ -229,7 +229,7 @@ if (empty($reshook))
 	include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
 }
 
-    
+
 
 /*
  * View
@@ -255,7 +255,7 @@ $sql.= " typent.code as typent_code,";
 $sql.= " state.code_departement as state_code, state.nom as state_name";
 // We need dynamount_payed to be able to sort on status (value is surely wrong because we can count several lines several times due to other left join or link with contacts. But what we need is just 0 or > 0)
 // TODO Better solution to be able to sort on already payed or remain to pay is to store amount_payed in a denormalized field.
-if (! $sall) $sql.= ', SUM(pf.amount) as dynamount_payed';   
+if (! $sall) $sql.= ', SUM(pf.amount) as dynamount_payed';
 // Add fields from extrafields
 foreach ($extrafields->attribute_label as $key => $val) $sql.=($extrafields->attribute_type[$key] != 'separate' ? ",ef.".$key.' as options_'.$key : '');
 // Add fields from hooks
@@ -409,7 +409,7 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
 	$nbtotalofrecords = $db->num_rows($result);
 }
 
-$sql.= $db->plimit($limit,$offset);
+$sql.= $db->plimit($limit+1,$offset);
 //print $sql;
 
 $resql = $db->query($sql);
@@ -423,6 +423,7 @@ if ($resql)
     {
         $soc = new Societe($db);
         $soc->fetch($socid);
+		if (empty($search_societe)) $search_societe = $soc->name;
     }
 
     $param='&socid='.$socid;
@@ -462,7 +463,7 @@ if ($resql)
 	    'presend'=>$langs->trans("SendByMail"),
 	    'builddoc'=>$langs->trans("PDFMerge")
 	);
-	if ($user->rights->facture->supprimer) 
+	if ($user->rights->facture->supprimer)
 	{
 	    //if (! empty($conf->global->STOCK_CALCULATE_ON_BILL) || empty($conf->global->INVOICE_CAN_ALWAYS_BE_REMOVED))
 	    if (empty($conf->global->INVOICE_CAN_ALWAYS_BE_REMOVED))
@@ -479,6 +480,7 @@ if ($resql)
 
     $i = 0;
     print '<form method="POST" name="searchFormList" action="'.$_SERVER["PHP_SELF"].'">'."\n";
+
     if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
     print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 	print '<input type="hidden" name="formfilteraction" id="formfilteraction" value="list">';
@@ -492,8 +494,8 @@ if ($resql)
 	if ($massaction == 'presend')
 	{
 		$langs->load("mails");
-		
-		if (! GETPOST('cancel')) 
+
+		if (! GETPOST('cancel'))
 		{
 			$objecttmp=new Facture($db);
 			$listofselectedid=array();
@@ -502,7 +504,7 @@ if ($resql)
 			foreach($arrayofselected as $toselectid)
 			{
 				$result=$objecttmp->fetch($toselectid);
-				if ($result > 0) 
+				if ($result > 0)
 				{
 					$listofselectedid[$toselectid]=$toselectid;
 					$thirdpartyid=$objecttmp->fk_soc?$objecttmp->fk_soc:$objecttmp->socid;
@@ -513,10 +515,10 @@ if ($resql)
 		}
 
 		print '<input type="hidden" name="massaction" value="confirm_presend">';
-		
+
 		include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
 		$formmail = new FormMail($db);
-		
+
 		dol_fiche_head(null, '', '');
 
 		$topicmail="SendBillRef";
@@ -584,16 +586,16 @@ if ($resql)
 		//$formmail->param['returnurl']=$_SERVER["PHP_SELF"].'?id='.$object->id;
 
 		print $formmail->get_form();
-        
+
         dol_fiche_end();
 	}
-	
+
     if ($sall)
     {
         foreach($fieldstosearchall as $key => $val) $fieldstosearchall[$key]=$langs->trans($val);
         print $langs->trans("FilterOnInto", $sall) . join(', ',$fieldstosearchall);
     }
-    
+
  	// If the user can view prospects other than his'
     $moreforfilter='';
  	if ($user->rights->societe->client->voir || $socid)
@@ -619,7 +621,7 @@ if ($resql)
 		$moreforfilter.='<div class="divsearchfield">';
 		$moreforfilter.=$langs->trans('IncludingProductWithTag'). ': ';
 		$cate_arbo = $form->select_all_categories(Categorie::TYPE_PRODUCT, null, 'parent', null, null, 1);
-		$moreforfilter.=$form->selectarray('search_product_category', $cate_arbo, $search_product_category, 1, 0, 0, '', 0, 0, 0, 0, '', 1);
+		$moreforfilter.=$form->selectarray('search_product_category', $cate_arbo, $search_product_category, 1, 0, 0, '', 0, 0, 0, 0, 'maxwidth300', 1);
 		$moreforfilter.='</div>';
 	}
     $parameters=array();
@@ -683,14 +685,14 @@ if ($resql)
     // Filters lines
     print '<tr class="liste_titre">';
 	// Ref
-	if (! empty($arrayfields['f.facnumber']['checked'])) 
+	if (! empty($arrayfields['f.facnumber']['checked']))
 	{
         print '<td class="liste_titre" align="left">';
         print '<input class="flat" size="6" type="text" name="search_ref" value="'.$search_ref.'">';
         print '</td>';
 	}
 	// Ref customer
-	if (! empty($arrayfields['f.ref_client']['checked'])) 
+	if (! empty($arrayfields['f.ref_client']['checked']))
 	{
     	print '<td class="liste_titre">';
     	print '<input class="flat" size="6" type="text" name="search_refcustomer" value="'.$search_refcustomer.'">';
@@ -711,7 +713,7 @@ if ($resql)
 		print '</td>';
 	}
 	// Date invoice
-	if (! empty($arrayfields['f.date']['checked'])) 
+	if (! empty($arrayfields['f.date']['checked']))
 	{
     	print '<td class="liste_titre" align="center">';
         if (! empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) print '<input class="flat" type="text" size="1" maxlength="2" name="day" value="'.$day.'">';
@@ -720,7 +722,7 @@ if ($resql)
         print '</td>';
 	}
 	// Date due
-	if (! empty($arrayfields['f.date_lim_reglement']['checked'])) 
+	if (! empty($arrayfields['f.date_lim_reglement']['checked']))
 	{
     	print '<td class="liste_titre" align="center">';
         if (! empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) print '<input class="flat" type="text" size="1" maxlength="2" name="day_lim" value="'.$day_lim.'">';
@@ -730,7 +732,7 @@ if ($resql)
         print '</td>';
 	}
 	// Thirpdarty
-	if (! empty($arrayfields['s.nom']['checked'])) 
+	if (! empty($arrayfields['s.nom']['checked']))
 	{
 	   print '<td class="liste_titre" align="left"><input class="flat" type="text" size="6" name="search_societe" value="'.$search_societe.'"></td>';
 	}
@@ -760,7 +762,7 @@ if ($resql)
 	    print '</td>';
 	}
 	// Payment mode
-	if (! empty($arrayfields['f.fk_mode_reglement']['checked'])) 
+	if (! empty($arrayfields['f.fk_mode_reglement']['checked']))
 	{
     	print '<td class="liste_titre" align="left">';
     	$form->select_types_paiements($search_paymentmode, 'search_paymentmode', '', 0, 0, 1, 10);
@@ -875,19 +877,19 @@ if ($resql)
             $totaldeposits = $facturestatic->getSumDepositsUsed();
             $totalpay = $paiement + $totalcreditnotes + $totaldeposits;
             $remaintopay = $obj->total_ttc - $totalpay;
-            
+
             print '<tr '.$bc[$var].'>';
     		if (! empty($arrayfields['f.facnumber']['checked']))
     		{
                 print '<td class="nowrap">';
 
                 print '<table class="nobordernopadding"><tr class="nocellnopadd">';
-    
+
                 print '<td class="nobordernopadding nowrap">';
                 print $facturestatic->getNomUrl(1,'',200,0,'',0,1);
                 print $obj->increment;
                 print '</td>';
-    
+
                 print '<td style="min-width: 20px" class="nobordernopadding nowrap">';
                 $filename=dol_sanitizeFileName($obj->facnumber);
                 $filedir=$conf->facture->dir_output . '/' . dol_sanitizeFileName($obj->facnumber);
@@ -896,7 +898,7 @@ if ($resql)
     			print '</td>';
                 print '</tr>';
                 print '</table>';
-    
+
                 print "</td>\n";
     		    if (! $i) $totalarray['nbfield']++;
     		}
@@ -1085,12 +1087,12 @@ if ($resql)
             // Status
             if (! empty($arrayfields['f.fk_statut']['checked']))
             {
-                print '<td align="right" class="nowrap">';
-                print $facturestatic->LibStatut($obj->paye,$obj->fk_statut,5,$paiement,$obj->type);
-                print "</td>";
-                if (! $i) $totalarray['nbfield']++;
+            	print '<td align="right" class="nowrap">';
+            	print $facturestatic->LibStatut($obj->paye,$obj->fk_statut,5,$paiement,$obj->type);
+            	print "</td>";
+            	if (! $i) $totalarray['nbfield']++;
             }
-            
+
     		// Action column
             print '<td class="nowrap" align="center">';
             if ($massactionbutton || $massaction)   // If we are in select mode (massactionbutton defined) or if we have already selected and sent an action ($massaction) defined
@@ -1101,7 +1103,7 @@ if ($resql)
             }
     		print '</td>' ;
     		if (! $i) $totalarray['nbfield']++;
-				
+
             print "</tr>\n";
 
             $i++;
@@ -1117,7 +1119,7 @@ if ($resql)
     		   $i++;
     		   if ($i == 1)
     	       {
-            		if ($num < $limit) print '<td align="left">'.$langs->trans("Total").'</td>';
+            		if ($num < $limit && empty($offset)) print '<td align="left">'.$langs->trans("Total").'</td>';
             		else print '<td align="left">'.$langs->trans("Totalforthispage").'</td>';
     	       }
     		   elseif ($totalarray['totalhtfield'] == $i)  print '<td align="right">'.price($totalarray['totalht']).'</td>';
@@ -1128,21 +1130,21 @@ if ($resql)
     		   else print '<td></td>';
     		}
     		print '</tr>';
-    		
+
     	}
     }
 
     $db->free($resql);
-	
+
 	$parameters=array('arrayfields'=>$arrayfields, 'sql'=>$sql);
 	$reshook=$hookmanager->executeHooks('printFieldListFooter',$parameters);    // Note that $action and $object may have been modified by hook
 	print $hookmanager->resPrint;
-    
+
 	print "</table>\n";
     print "</div>";
-    
+
     print "</form>\n";
-    
+
     if ($massaction == 'builddoc' || $action == 'remove_file' || $show_files)
     {
         /*
@@ -1150,11 +1152,11 @@ if ($resql)
          */
         $urlsource=$_SERVER['PHP_SELF'].'?sortfield='.$sortfield.'&sortorder='.$sortorder;
         $urlsource.=str_replace('&amp;','&',$param);
-        
+
         $filedir=$diroutputmassaction;
         $genallowed=$user->rights->facture->lire;
         $delallowed=$user->rights->facture->lire;
-    
+
         print $formfile->showdocuments('massfilesarea_invoices','',$filedir,$urlsource,0,$delallowed,'',1,1,0,48,1,$param,$title,'');
     }
     else

htdocs/compta/localtax/class/localtax.class.php

@@ -154,12 +154,12 @@ class Localtax extends CommonObject
 		$sql.= " tms=".$this->db->idate($this->tms).",";
 		$sql.= " datep=".$this->db->idate($this->datep).",";
 		$sql.= " datev=".$this->db->idate($this->datev).",";
-		$sql.= " amount='".$this->amount."',";
+		$sql.= " amount=".price2num($this->amount).",";
 		$sql.= " label='".$this->db->escape($this->label)."',";
 		$sql.= " note='".$this->db->escape($this->note)."',";
-		$sql.= " fk_bank='".$this->fk_bank."',";
-		$sql.= " fk_user_creat='".$this->fk_user_creat."',";
-		$sql.= " fk_user_modif='".$this->fk_user_modif."'";
+		$sql.= " fk_bank=".$this->fk_bank.",";
+		$sql.= " fk_user_creat=".$this->fk_user_creat.",";
+		$sql.= " fk_user_modif=".$this->fk_user_modif;
         $sql.= " WHERE rowid=".$this->id;
 
         dol_syslog(get_class($this)."::update", LOG_DEBUG);

htdocs/compta/localtax/quadri_detail.php

@@ -54,8 +54,9 @@ if (empty($year))
 	$year_current = $year;
 	$year_start = $year;
 }
-$date_start=dol_mktime(0,0,0,$_REQUEST["date_startmonth"],$_REQUEST["date_startday"],$_REQUEST["date_startyear"]);
-$date_end=dol_mktime(23,59,59,$_REQUEST["date_endmonth"],$_REQUEST["date_endday"],$_REQUEST["date_endyear"]);
+
+$date_start = dol_mktime( 0, 0, 0, GETPOST( "date_startmonth" ), GETPOST( "date_startday" ), GETPOST( "date_startyear" ) );
+$date_end   = dol_mktime( 23, 59, 59, GETPOST( "date_endmonth" ), GETPOST( "date_endday" ), GETPOST( "date_endyear" ) );
 // Quarter
 if (empty($date_start) || empty($date_end)) // We define date_start and date_end
 {
@@ -92,12 +93,9 @@ $socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'tax', '', '', 'charges');
 
-
-
-/*
+/**
  * View
  */
-
 $morequerystring='';
 $listofparams=array('date_startmonth','date_startyear','date_startday','date_endmonth','date_endyear','date_endday');
 foreach($listofparams as $param)
@@ -118,6 +116,7 @@ $paymentfourn_static=new PaiementFourn($db);
 
 $fsearch.='  <input type="hidden" name="year" value="'.$year.'">';
 $fsearch.='  <input type="hidden" name="modetax" value="'.$modetax.'">';
+$fsearch.='  <input type="hidden" name="localTaxType" value="'.$local.'">';
 
 $calc=$conf->global->MAIN_INFO_LOCALTAX_CALC.$local;
 
@@ -196,9 +195,8 @@ $total = 0;
 $i=0;
 
 // Load arrays of datas
-$x_coll = vat_by_date($db, 0, 0, $date_start, $date_end, $modetax, 'sell');
-$x_paye = vat_by_date($db, 0, 0, $date_start, $date_end, $modetax, 'buy');
-
+$x_coll = tax_by_date('localtax' . $local, $db, 0, 0, $date_start, $date_end, $modetax, 'sell');
+$x_paye = tax_by_date('localtax' . $local, $db, 0, 0, $date_start, $date_end, $modetax, 'buy');
 
 echo '<table class="noborder" width="100%">';
 

htdocs/compta/paiement/cheque/class/remisecheque.class.php

@@ -178,7 +178,7 @@ class RemiseCheque extends CommonObject
 			{
 				$sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque";
 				$sql.= " SET ref='(PROV".$this->id.")'";
-				$sql.= " WHERE rowid='".$this->id."';";
+				$sql.= " WHERE rowid=".$this->id."";
 
 				dol_syslog("RemiseCheque::Create", LOG_DEBUG);
 				$resql = $this->db->query($sql);

htdocs/compta/paiement/class/cpaiement.class.php

@@ -46,7 +46,7 @@ class Cpaiement
 
 	/**
 	 */
-	
+
 	public $code;
 	public $libelle;
 	public $type;
@@ -56,7 +56,7 @@ class Cpaiement
 
 	/**
 	 */
-	
+
 
 	/**
 	 * Constructor
@@ -83,7 +83,7 @@ class Cpaiement
 		$error = 0;
 
 		// Clean parameters
-		
+
 		if (isset($this->code)) {
 			 $this->code = trim($this->code);
 		}
@@ -103,14 +103,14 @@ class Cpaiement
 			 $this->module = trim($this->module);
 		}
 
-		
+
 
 		// Check parameters
 		// Put here code to add control on parameters values
 
 		// Insert request
 		$sql = 'INSERT INTO ' . MAIN_DB_PREFIX . $this->table_element . '(';
-		
+
 		$sql.= 'id,';
 		$sql.= 'code,';
 		$sql.= 'libelle,';
@@ -119,9 +119,9 @@ class Cpaiement
 		$sql.= 'accountancy_code,';
 		$sql.= 'module';
 
-		
+
 		$sql .= ') VALUES (';
-		
+
 		$sql .= ' '.(! isset($this->id)?'NULL':$this->id).',';
 		$sql .= ' '.(! isset($this->code)?'NULL':"'".$this->db->escape($this->code)."'").',';
 		$sql .= ' '.(! isset($this->libelle)?'NULL':"'".$this->db->escape($this->libelle)."'").',';
@@ -130,7 +130,7 @@ class Cpaiement
 		$sql .= ' '.(! isset($this->accountancy_code)?'NULL':"'".$this->db->escape($this->accountancy_code)."'").',';
 		$sql .= ' '.(! isset($this->module)?'NULL':"'".$this->db->escape($this->module)."'");
 
-		
+
 		$sql .= ')';
 
 		$this->db->begin();
@@ -202,7 +202,7 @@ class Cpaiement
 				$obj = $this->db->fetch_object($resql);
 
 				$this->id = $obj->id;
-				
+
 				$this->code = $obj->code;
 				$this->libelle = $obj->libelle;
 				$this->type = $obj->type;
@@ -210,7 +210,7 @@ class Cpaiement
 				$this->accountancy_code = $obj->accountancy_code;
 				$this->module = $obj->module;
 
-				
+
 			}
 			$this->db->free($resql);
 
@@ -252,7 +252,7 @@ class Cpaiement
 		$sql .= " t.accountancy_code,";
 		$sql .= " t.module";
 
-		
+
 		$sql .= ' FROM ' . MAIN_DB_PREFIX . $this->table_element. ' as t';
 
 		// Manage filter
@@ -265,7 +265,7 @@ class Cpaiement
 		if (count($sqlwhere) > 0) {
 			$sql .= ' WHERE ' . implode(' '.$filtermode.' ', $sqlwhere);
 		}
-		
+
 		if (!empty($sortfield)) {
 			$sql .= $this->db->order($sortfield,$sortorder);
 		}
@@ -279,10 +279,10 @@ class Cpaiement
 			$num = $this->db->num_rows($resql);
 
 			while ($obj = $this->db->fetch_object($resql)) {
-				$line = new CpaiementLine();
+				$line = new Cpaiement();
 
 				$line->id = $obj->id;
-				
+
 				$line->code = $obj->code;
 				$line->libelle = $obj->libelle;
 				$line->type = $obj->type;
@@ -290,7 +290,7 @@ class Cpaiement
 				$line->accountancy_code = $obj->accountancy_code;
 				$line->module = $obj->module;
 
-				
+
 
 				$this->lines[$line->id] = $line;
 			}
@@ -320,7 +320,7 @@ class Cpaiement
 		dol_syslog(__METHOD__, LOG_DEBUG);
 
 		// Clean parameters
-		
+
 		if (isset($this->code)) {
 			 $this->code = trim($this->code);
 		}
@@ -340,7 +340,7 @@ class Cpaiement
 			 $this->module = trim($this->module);
 		}
 
-		
+
 
 		// Check parameters
 		// Put here code to add a control on parameters values
@@ -438,8 +438,8 @@ class Cpaiement
 			return 1;
 		}
 	}
-	
-	
+
+
 	/**
 	 * Initialise object with example values
 	 * Id must be 0 if object instance is a specimen
@@ -449,7 +449,7 @@ class Cpaiement
 	public function initAsSpecimen()
 	{
 		$this->id = 0;
-		
+
 		$this->code = '';
 		$this->libelle = '';
 		$this->type = '';
@@ -457,7 +457,7 @@ class Cpaiement
 		$this->accountancy_code = '';
 		$this->module = '';
 
-		
+
 	}
 
 }

htdocs/compta/prelevement/class/bonprelevement.class.php

@@ -252,7 +252,7 @@ class BonPrelevement extends CommonObject
     function getErrorString($error)
     {
         global $langs;
-        
+
         $errors = array();
 
         $errors[1027] = $langs->trans("DateInvalid");
@@ -813,7 +813,7 @@ class BonPrelevement extends CommonObject
                 dol_syslog(__METHOD__."::Read invoices error ".$this->db->error(), LOG_ERR);
             }
         }
-        
+
         if (! $error)
         {
             require_once DOL_DOCUMENT_ROOT . '/societe/class/companybankaccount.class.php';
@@ -834,7 +834,7 @@ class BonPrelevement extends CommonObject
                         {
                         	$bac = new CompanyBankAccount($this->db);
                         	$bac->fetch(0,$soc->id);
-                        	
+
                             if ($bac->verif() >= 1)
                             //if (true)
                             {
@@ -867,7 +867,7 @@ class BonPrelevement extends CommonObject
         }
 
         $ok=0;
-        
+
         // Withdraw invoices in factures_prev array
         $out=count($factures_prev)." invoices will be withdrawn.";
         //print $out."\n";
@@ -920,7 +920,7 @@ class BonPrelevement extends CommonObject
 
 					$dir=$conf->prelevement->dir_output.'/receipts';
 					if (! is_dir($dir)) dol_mkdir($dir);
-					
+
 					$this->filename = $dir.'/'.$ref.'.xml';
 
 	                // Create withdraw receipt in database
@@ -1028,7 +1028,7 @@ class BonPrelevement extends CommonObject
                         $this->emetteur_bic                = $account->bic;
 
                         $this->emetteur_ics                = $conf->global->PRELEVEMENT_ICS;		// Ex: PRELEVEMENT_ICS = "FR78ZZZ123456";
-    
+
                         $this->raison_sociale              = $account->proprio;
                     }
 
@@ -1272,16 +1272,6 @@ class BonPrelevement extends CommonObject
 			 * section Debiteur (sepa Debiteurs bloc lines)
 			 */
 
-			/*$tmp_invoices = array();
-
-			$sql = "SELECT f.facnumber as fac FROM ".MAIN_DB_PREFIX."prelevement_lignes as pl, ".MAIN_DB_PREFIX."facture as f, ".MAIN_DB_PREFIX."prelevement_facture as pf, ".MAIN_DB_PREFIX."societe as soc, ".MAIN_DB_PREFIX."c_country as p, ".MAIN_DB_PREFIX."societe_rib as rib WHERE pl.fk_prelevement_bons = ".$this->id." AND pl.rowid = pf.fk_prelevement_lignes AND pf.fk_facture = f.rowid AND soc.fk_pays = p.rowid AND soc.rowid = f.fk_soc AND rib.fk_soc = f.fk_soc AND rib.default_rib = 1";
-			$resql=$this->db->query($sql);
-			if ($resql) {
-				while ($objfac = $this->db->fetch_object($resql)) {
-					$tmp_invoices[] = $objfac->fac;
-				}
-			}*/
-
 			$sql = "SELECT soc.code_client as code, soc.address, soc.zip, soc.town, c.code as country_code,";
 			$sql.= " pl.client_nom as nom, pl.code_banque as cb, pl.code_guichet as cg, pl.number as cc, pl.amount as somme,";
 			$sql.= " f.facnumber as fac, pf.fk_facture as idfac, rib.datec, rib.iban_prefix as iban, rib.bic as bic, rib.rowid as drum";
@@ -1365,35 +1355,6 @@ class BonPrelevement extends CommonObject
 			fputs($this->file, '		</PmtInf>'.$CrLf);
 			fputs($this->file, '	</CstmrDrctDbtInitn>'.$CrLf);
 			fputs($this->file, '</Document>'.$CrLf);
-
-			/*$sql = "SELECT pl.amount";
-			$sql.= " FROM";
-			$sql.= " ".MAIN_DB_PREFIX."prelevement_lignes as pl,";
-			$sql.= " ".MAIN_DB_PREFIX."facture as f,";
-			$sql.= " ".MAIN_DB_PREFIX."prelevement_facture as pf";
-			$sql.= " WHERE pl.fk_prelevement_bons = ".$this->id;
-			$sql.= " AND pl.rowid = pf.fk_prelevement_lignes";
-			$sql.= " AND pf.fk_facture = f.rowid";
-
-			//Lines
-			$i = 0;
-			$resql=$this->db->query($sql);
-			if ($resql)
-			{
-				$num = $this->db->num_rows($resql);
-
-				while ($i < $num)
-				{
-					$obj = $this->db->fetch_object($resql);
-					$this->total = $this->total + $obj->amount;
-					$i++;
-				}
-			}
-			else
-			{
-				$result = -2;
-			}*/
-
         }
 
         // Build file for Other Countries with unknow format
@@ -1580,11 +1541,11 @@ class BonPrelevement extends CommonObject
 		$XML_DEBITOR .='					</FinInstnId>'.$CrLf;
 		$XML_DEBITOR .='				</DbtrAgt>'.$CrLf;
 		$XML_DEBITOR .='				<Dbtr>'.$CrLf;
-		$XML_DEBITOR .='					<Nm>'.strtoupper(dol_string_unaccent($row_nom)).'</Nm>'.$CrLf;
+		$XML_DEBITOR .='					<Nm>'.dolEscapeXML(strtoupper(dol_string_unaccent($row_nom))).'</Nm>'.$CrLf;
 		$XML_DEBITOR .='					<PstlAdr>'.$CrLf;
 		$XML_DEBITOR .='						<Ctry>'.$row_country_code.'</Ctry>'.$CrLf;
-		$XML_DEBITOR .='						<AdrLine>'.dol_string_unaccent(strtr($row_address, array(CHR(13) => ", ", CHR(10) => ""))).'</AdrLine>'.$CrLf;
-		$XML_DEBITOR .='						<AdrLine>'.dol_string_unaccent($row_zip.' '.$row_town).'</AdrLine>'.$CrLf;
+		$XML_DEBITOR .='						<AdrLine>'.dolEscapeXML(dol_trunc(dol_string_unaccent(strtr($row_address, array(CHR(13) => ", ", CHR(10) => ""))),70,'right','UTF-8',true)).'</AdrLine>'.$CrLf;
+		$XML_DEBITOR .='						<AdrLine>'.dolEscapeXML(dol_string_unaccent($row_zip.' '.$row_town)).'</AdrLine>'.$CrLf;
 		$XML_DEBITOR .='					</PstlAdr>'.$CrLf;
 		$XML_DEBITOR .='				</Dbtr>'.$CrLf;
 		$XML_DEBITOR .='				<DbtrAcct>'.$CrLf;
@@ -1679,7 +1640,7 @@ class BonPrelevement extends CommonObject
      *	@return	string					String with SEPA Sender
      */
     function EnregEmetteurSEPA($configuration, $ladate, $nombre, $total, $CrLf='\n')
-    {	
+    {
         // SEPA INITIALISATION
 		global $conf;
 
@@ -1698,12 +1659,12 @@ class BonPrelevement extends CommonObject
 		    $this->emetteur_number_key		   = $account->cle_rib;
 		    $this->emetteur_iban               = $account->iban;
 		    $this->emetteur_bic                = $account->bic;
-		
+
 		    $this->emetteur_ics                = $conf->global->PRELEVEMENT_ICS;		// Ex: PRELEVEMENT_ICS = "FR78ZZZ123456";
-		
+
 		    $this->raison_sociale              = $account->proprio;
 		}
-		
+
 		// Récupération info demandeur
 		$sql = "SELECT rowid, ref";
 		$sql.= " FROM";

htdocs/compta/salaries/class/paymentsalary.class.php

@@ -97,19 +97,19 @@ class PaymentSalary extends CommonObject
 		$sql = "UPDATE ".MAIN_DB_PREFIX."payment_salary SET";
 
 		$sql.= " tms=".$this->db->idate($this->tms).",";
-		$sql.= " fk_user='".$this->fk_user."',";
+		$sql.= " fk_user=".$this->fk_user.",";
 		$sql.= " datep=".$this->db->idate($this->datep).",";
 		$sql.= " datev=".$this->db->idate($this->datev).",";
-		$sql.= " amount='".$this->amount."',";
+		$sql.= " amount=".price2num($this->amount).",";
 		$sql.= " fk_typepayment=".$this->fk_typepayment."',";
-		$sql.= " num_payment='".$this->num_payment."',";
+		$sql.= " num_payment='".$this->db->escape($this->num_payment)."',";
 		$sql.= " label='".$this->db->escape($this->label)."',";
 		$sql.= " datesp=".$this->db->idate($this->datesp).",";
 		$sql.= " dateep=".$this->db->idate($this->dateep).",";
 		$sql.= " note='".$this->db->escape($this->note)."',";
 		$sql.= " fk_bank=".($this->fk_bank > 0 ? "'".$this->fk_bank."'":"null").",";
-		$sql.= " fk_user_author='".$this->fk_user_author."',";
-		$sql.= " fk_user_modif='".$this->fk_user_modif."'";
+		$sql.= " fk_user_author=".$this->fk_user_author.",";
+		$sql.= " fk_user_modif=".$this->fk_user_modif;
 
 		$sql.= " WHERE rowid=".$this->id;
 

htdocs/compta/sociales/card.php

@@ -196,7 +196,6 @@ if ($action == 'update' && ! $_POST["cancel"] && $user->rights->tax->charges->cr
 	{
         $result=$object->fetch($id);
 
-        $object->lib=GETPOST('label');
         $object->date_ech=$dateech;
         $object->periode=$dateperiod;
         $object->amount=price2num($amount);

htdocs/compta/sociales/class/chargesociales.class.php

@@ -232,7 +232,7 @@ class ChargeSociales extends CommonObject
         // Delete payments
         if (! $error)
         {
-            $sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge WHERE fk_charge='".$this->id."'";
+            $sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge WHERE fk_charge=".$this->id;
             dol_syslog(get_class($this)."::delete", LOG_DEBUG);
             $resql=$this->db->query($sql);
             if (! $resql)
@@ -244,7 +244,7 @@ class ChargeSociales extends CommonObject
 
         if (! $error)
         {
-            $sql = "DELETE FROM ".MAIN_DB_PREFIX."chargesociales WHERE rowid='".$this->id."'";
+            $sql = "DELETE FROM ".MAIN_DB_PREFIX."chargesociales WHERE rowid=".$this->id;
             dol_syslog(get_class($this)."::delete", LOG_DEBUG);
             $resql=$this->db->query($sql);
             if (! $resql)

htdocs/compta/sociales/index.php

@@ -274,7 +274,7 @@ if ($resql)
 		if (isset($totalarray['totalttcfield']))
 		{
 		    print '<tr class="liste_total">';
-            if ($num < $limit) print '<td align="left">'.$langs->trans("Total").'</td>';
+            if ($num < $limit && empty($offset)) print '<td align="left">'.$langs->trans("Total").'</td>';
             else print '<td align="left">'.$langs->trans("Totalforthispage").'</td>';
             print '<td></td>';
             print '<td></td>';

htdocs/compta/tva/class/tva.class.php

@@ -175,12 +175,12 @@ class Tva extends CommonObject
 		$sql.= " tms=".$this->db->idate($this->tms).",";
 		$sql.= " datep=".$this->db->idate($this->datep).",";
 		$sql.= " datev=".$this->db->idate($this->datev).",";
-		$sql.= " amount='".$this->amount."',";
+		$sql.= " amount=".price2num($this->amount).",";
 		$sql.= " label='".$this->db->escape($this->label)."',";
 		$sql.= " note='".$this->db->escape($this->note)."',";
-		$sql.= " fk_bank='".$this->fk_bank."',";
-		$sql.= " fk_user_creat='".$this->fk_user_creat."',";
-		$sql.= " fk_user_modif='".$this->fk_user_modif."'";
+		$sql.= " fk_bank=".$this->fk_bank.",";
+		$sql.= " fk_user_creat=".$this->fk_user_creat.",";
+		$sql.= " fk_user_modif=".$this->fk_user_modif."";
 
 
         $sql.= " WHERE rowid=".$this->id;

htdocs/contact/list.php

@@ -42,7 +42,7 @@ $ref = '';  // There is no ref for contacts
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contact', $contactid,'');
 
-$sall=GETPOST("sall");
+$sall=GETPOST('sall', 'alphanohtml');
 $search_firstlast_only=GETPOST("search_firstlast_only");
 $search_lastname=GETPOST("search_lastname");
 $search_firstname=GETPOST("search_firstname");

htdocs/contrat/class/contrat.class.php

@@ -46,7 +46,7 @@ class Contrat extends CommonObject
 	public $fk_element='fk_contrat';
 	protected $ismultientitymanaged = 1;	// 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
     public $picto='contract';
-    
+
 	/**
 	 * {@inheritdoc}
 	 */
@@ -228,7 +228,7 @@ class Contrat extends CommonObject
 	 */
 	function active_line($user, $line_id, $date, $date_end='', $comment='')
 	{
-		$this->lines[$this->lines_id_index_mapper[$line_id]]->active_line($user, $date, $date_end, $comment);
+		return $this->lines[$this->lines_id_index_mapper[$line_id]]->active_line($user, $date, $date_end, $comment);
 	}
 
 
@@ -243,7 +243,7 @@ class Contrat extends CommonObject
 	 */
 	function close_line($user, $line_id, $date_end, $comment='')
 	{
-		$this->lines[$this->lines_id_index_mapper[$line_id]]->close_line($user, $date_end, $comment);
+		return $this->lines[$this->lines_id_index_mapper[$line_id]]->close_line($user, $date_end, $comment);
 	}
 
 
@@ -609,7 +609,7 @@ class Contrat extends CommonObject
 
 		$this->lines=array();
         $pos = 0;
-		
+
 		// Selectionne les lignes contrats liees a un produit
 		$sql = "SELECT p.label as product_label, p.description as product_desc, p.ref as product_ref,";
 		$sql.= " d.rowid, d.fk_contrat, d.statut, d.description, d.price_ht, d.vat_src_code, d.tva_tx, d.localtax1_tx, d.localtax2_tx, d.localtax1_type, d.localtax2_type, d.qty, d.remise_percent, d.subprice, d.fk_product_fournisseur_price as fk_fournprice, d.buy_price_ht as pa_ht,";
@@ -1629,8 +1629,8 @@ class Contrat extends CommonObject
 				if (empty($conf->global->MAIN_EXTRAFIELDS_DISABLED) && is_array($array_options) && count($array_options)>0) // For avoid conflicts if trigger used
 				{
 					$contractline = new ContratLigne($this->db);
-					$contractline->array_options=$array_option;
-					$contractline->id= $this->db->last_insert_id(MAIN_DB_PREFIX.$contractline->table_element);
+					$contractline->array_options=$array_options;
+					$contractline->id= $rowid;
 					$result=$contractline->insertExtraFields();
 					if ($result < 0)
 					{
@@ -1849,7 +1849,7 @@ class Contrat extends CommonObject
 		$url = DOL_URL_ROOT.'/contrat/card.php?id='.$this->id;
         $picto = 'contract';
         $label = '';
-        
+
         if ($user->rights->contrat->lire) {
             $label = '<u>'.$langs->trans("ShowContract").'</u>';
             $label .= '<br><b>'.$langs->trans('Ref').':</b> '.$this->ref;
@@ -1865,7 +1865,7 @@ class Contrat extends CommonObject
                 $label .= '<br><b>'.$langs->trans('AmountTTC').':</b> '.price($this->total_ttc, 0, $langs, 0, -1, -1, $conf->currency);
             }
         }
-        
+
         $linkclose='';
         if (empty($notooltip) && $user->rights->contrat->lire)
         {
@@ -1881,7 +1881,7 @@ class Contrat extends CommonObject
 		$linkstart = '<a href="'.$url.'"';
 		$linkstart.=$linkclose.'>';
 		$linkend='</a>';
-		
+
 		if ($withpicto) $result.=($linkstart.img_object(($notooltip?'':$label), $picto, ($notooltip?'':'class="classfortooltip"'), 0, 0, $notooltip?0:1).$linkend);
 		if ($withpicto && $withpicto != 2) $result.=' ';
 		$result.=$linkstart.$this->ref.$linkend;
@@ -2743,6 +2743,8 @@ class ContratLigne extends CommonObjectLine
 		if (empty($this->total_ht)) $this->total_ht = 0;
 		if (empty($this->total_tva)) $this->total_tva = 0;
 		if (empty($this->total_ttc)) $this->total_ttc = 0;
+		if (empty($this->localtax1_tx)) $this->localtax1_tx = 0;
+		if (empty($this->localtax2_tx)) $this->localtax2_tx = 0;
 
 		// Check parameters
 		// Put here code to add control on parameters values
@@ -2780,9 +2782,9 @@ class ContratLigne extends CommonObjectLine
 
 		// Update request
 		$sql = "UPDATE ".MAIN_DB_PREFIX."contratdet SET";
-		$sql.= " fk_contrat='".$this->fk_contrat."',";
+		$sql.= " fk_contrat=".$this->fk_contrat.",";
 		$sql.= " fk_product=".($this->fk_product?"'".$this->fk_product."'":'null').",";
-		$sql.= " statut='".$this->statut."',";
+		$sql.= " statut=".$this->statut.",";
 		$sql.= " label='".$this->db->escape($this->label)."',";
 		$sql.= " description='".$this->db->escape($this->description)."',";
 		$sql.= " date_commande=".($this->date_commande!=''?"'".$this->db->idate($this->date_commande)."'":"null").",";
@@ -2790,24 +2792,24 @@ class ContratLigne extends CommonObjectLine
 		$sql.= " date_ouverture=".($this->date_ouverture!=''?"'".$this->db->idate($this->date_ouverture)."'":"null").",";
 		$sql.= " date_fin_validite=".($this->date_fin_validite!=''?"'".$this->db->idate($this->date_fin_validite)."'":"null").",";
 		$sql.= " date_cloture=".($this->date_cloture!=''?"'".$this->db->idate($this->date_cloture)."'":"null").",";
-		$sql.= " vat_src_code='".$this->vat_src_code."',";
-		$sql.= " tva_tx='".$this->tva_tx."',";
-		$sql.= " localtax1_tx='".$this->localtax1_tx."',";
-		$sql.= " localtax2_tx='".$this->localtax2_tx."',";
+		$sql.= " vat_src_code='".$this->db->escape($this->vat_src_code)."',";
+		$sql.= " tva_tx=".price2num($this->tva_tx).",";
+		$sql.= " localtax1_tx=".price2num($this->localtax1_tx).",";
+		$sql.= " localtax2_tx=".price2num($this->localtax2_tx).",";
 		$sql.= " qty='".$this->qty."',";
-		$sql.= " remise_percent='".$this->remise_percent."',";
+		$sql.= " remise_percent=".price2num($this->remise_percent).",";
 		$sql.= " remise=".($this->remise?"'".$this->remise."'":"null").",";
 		$sql.= " fk_remise_except=".($this->fk_remise_except?"'".$this->fk_remise_except."'":"null").",";
 		$sql.= " subprice=".($this->subprice != '' ? $this->subprice : "null").",";
 		$sql.= " price_ht=".($this->price_ht != '' ? $this->price_ht : "null").",";
-		$sql.= " total_ht='".$this->total_ht."',";
-		$sql.= " total_tva='".$this->total_tva."',";
-		$sql.= " total_localtax1='".$this->total_localtax1."',";
-		$sql.= " total_localtax2='".$this->total_localtax2."',";
-		$sql.= " total_ttc='".$this->total_ttc."',";
+		$sql.= " total_ht=".$this->total_ht.",";
+		$sql.= " total_tva=".$this->total_tva.",";
+		$sql.= " total_localtax1=".$this->total_localtax1.",";
+		$sql.= " total_localtax2=".$this->total_localtax2.",";
+		$sql.= " total_ttc=".$this->total_ttc.",";
 		$sql.= " fk_product_fournisseur_price=".(!empty($this->fk_fournprice)?$this->fk_fournprice:"NULL").",";
 		$sql.= " buy_price_ht='".price2num($this->pa_ht)."',";
-		$sql.= " info_bits='".$this->info_bits."',";
+		$sql.= " info_bits='".$this->db->escape($this->info_bits)."',";
 		$sql.= " fk_user_author=".($this->fk_user_author >= 0?$this->fk_user_author:"NULL").",";
 		$sql.= " fk_user_ouverture=".($this->fk_user_ouverture > 0?$this->fk_user_ouverture:"NULL").",";
 		$sql.= " fk_user_cloture=".($this->fk_user_cloture > 0?$this->fk_user_cloture:"NULL").",";
@@ -2909,7 +2911,7 @@ class ContratLigne extends CommonObjectLine
 
 		// Insertion dans la base
 		$sql = "INSERT INTO ".MAIN_DB_PREFIX."contratdet";
-		$sql.= " (fk_contrat, label, description, fk_product, qty, tva_tx,";
+		$sql.= " (fk_contrat, label, description, fk_product, qty, vat_src_code, tva_tx,";
 		$sql.= " localtax1_tx, localtax2_tx, localtax1_type, localtax2_type, remise_percent, subprice,";
 		$sql.= " total_ht, total_tva, total_localtax1, total_localtax2, total_ttc,";
 		$sql.= " info_bits,";

htdocs/contrat/list.php

@@ -53,7 +53,7 @@ $search_country=GETPOST("search_country",'int');
 $search_type_thirdparty=GETPOST("search_type_thirdparty",'int');
 $search_contract=GETPOST('search_contract');
 $search_ref_supplier=GETPOST('search_ref_supplier','alpha');
-$sall=GETPOST('sall');
+$sall=GETPOST('sall', 'alphanohtml');
 $search_status=GETPOST('search_status');
 $socid=GETPOST('socid');
 $search_user=GETPOST('search_user','int');
@@ -305,7 +305,14 @@ if ($resql)
     $i = 0;
 
     $arrayofselected=is_array($toselect)?$toselect:array();
-    
+
+	if ($socid > 0)
+	{
+		$soc = new Societe($db);
+		$soc->fetch($socid);
+		if (empty($search_name)) $search_name = $soc->name;
+	}
+
     $param='';
     if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.$contextpage;
     if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.$limit;
@@ -323,7 +330,7 @@ if ($resql)
         $tmpkey=preg_replace('/search_options_/','',$key);
         if ($val != '') $param.='&search_options_'.$tmpkey.'='.urlencode($val);
     }
-    
+
     // List of mass actions available
     $arrayofmassactions =  array(
         //'presend'=>$langs->trans("SendByMail"),
@@ -332,7 +339,7 @@ if ($resql)
     if ($user->rights->contrat->supprimer) $arrayofmassactions['delete']=$langs->trans("Delete");
     if ($massaction == 'presend') $arrayofmassactions=array();
     $massactionbutton=$form->selectMassAction('', $arrayofmassactions);
-    
+
     print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">';
     if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
 	print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
@@ -348,9 +355,9 @@ if ($resql)
         foreach($fieldstosearchall as $key => $val) $fieldstosearchall[$key]=$langs->trans($val);
         print $langs->trans("FilterOnInto", $sall) . join(', ',$fieldstosearchall);
     }
-    
+
     $moreforfilter='';
-    
+
     // If the user can view prospects other than his'
     if ($user->rights->societe->client->voir || $socid)
     {
@@ -375,15 +382,15 @@ if ($resql)
 		$moreforfilter.='<div class="divsearchfield">';
 		$moreforfilter.=$langs->trans('IncludingProductWithTag'). ': ';
 		$cate_arbo = $form->select_all_categories(Categorie::TYPE_PRODUCT, null, 'parent', null, null, 1);
-		$moreforfilter.=$form->selectarray('search_product_category', $cate_arbo, $search_product_category, 1, 0, 0, '', 0, 0, 0, 0, '', 1);
+		$moreforfilter.=$form->selectarray('search_product_category', $cate_arbo, $search_product_category, 1, 0, 0, '', 0, 0, 0, 0, 'maxwidth300', 1);
 		$moreforfilter.='</div>';
 	}
-    
+
     $parameters=array();
     $reshook=$hookmanager->executeHooks('printFieldPreListTitle',$parameters);    // Note that $action and $object may have been modified by hook
 	if (empty($reshook)) $moreforfilter .= $hookmanager->resPrint;
 	else $moreforfilter = $hookmanager->resPrint;
-    
+
     if (! empty($moreforfilter))
     {
         print '<div class="liste_titre liste_titre_bydiv centpercent">';
@@ -393,7 +400,7 @@ if ($resql)
 
     $varpage=empty($contextpage)?$_SERVER["PHP_SELF"]:$contextpage;
     $selectedfields=$form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage);	// This also change content of $arrayfields
-	
+
     print '<div class="div-table-responsive">';
     print '<table class="tagtable liste'.($moreforfilter?" listwithfilterbefore":"").'">'."\n";
     print '<tr class="liste_titre">';
@@ -411,9 +418,9 @@ if ($resql)
 	// Extra fields
 	if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label))
 	{
-	   foreach($extrafields->attribute_label as $key => $val) 
+	   foreach($extrafields->attribute_label as $key => $val)
 	   {
-           if (! empty($arrayfields["ef.".$key]['checked'])) 
+           if (! empty($arrayfields["ef.".$key]['checked']))
            {
 				$align=$extrafields->getAlignFlag($key);
 				print_liste_field_titre($extralabels[$key],$_SERVER["PHP_SELF"],"ef.".$key,"",$param,($align?'align="'.$align.'"':''),$sortfield,$sortorder);
@@ -486,7 +493,7 @@ if ($resql)
         print '<td class="liste_titre maxwidthonsmartphone" align="center">';
         print $form->selectarray("search_type_thirdparty", $formcompany->typent_array(0), $search_type_thirdparty, 0, 0, 0, '', 0, 0, 0, (empty($conf->global->SOCIETE_SORT_ON_TYPEENT)?'ASC':$conf->global->SOCIETE_SORT_ON_TYPEENT));
         print '</td>';
-    }    
+    }
     if (! empty($arrayfields['sale_representative']['checked']))
     {
         print '<td class="liste_titre"></td>';
@@ -541,7 +548,7 @@ if ($resql)
     {
         print '<td class="liste_titre">';
         print '</td>';
-    }    
+    }
     // Status
     if (! empty($arrayfields['status']['checked']))
     {
@@ -557,12 +564,12 @@ if ($resql)
     while ($i < min($num,$limit))
     {
         $obj = $db->fetch_object($resql);
-        
+
         $contracttmp->ref=$obj->ref;
         $contracttmp->id=$obj->rowid;
         $contracttmp->ref_customer=$obj->ref_customer;
         $contracttmp->ref_supplier=$obj->ref_supplier;
-        
+
         $var=!$var;
         print '<tr '.$bc[$var].'>';
         if (! empty($arrayfields['c.ref']['checked']))
@@ -578,15 +585,15 @@ if ($resql)
             }
             print '</td>';
         }
-        if (! empty($arrayfields['c.ref_customer']['checked'])) 
+        if (! empty($arrayfields['c.ref_customer']['checked']))
         {
             print '<td>'.$obj->ref_customer.'</td>';
         }
-        if (! empty($arrayfields['c.ref_supplier']['checked'])) 
+        if (! empty($arrayfields['c.ref_supplier']['checked']))
         {
             print '<td>'.$obj->ref_supplier.'</td>';
         }
-        if (! empty($arrayfields['s.nom']['checked'])) 
+        if (! empty($arrayfields['s.nom']['checked']))
         {
             print '<td><a href="../comm/card.php?socid='.$obj->socid.'">'.img_object($langs->trans("ShowCompany"),"company").' '.$obj->name.'</a></td>';
         }
@@ -629,7 +636,7 @@ if ($resql)
             print $typenArray[$obj->typent_code];
             print '</td>';
             if (! $i) $totalarray['nbfield']++;
-        }        
+        }
         if (! empty($arrayfields['sale_representative']['checked']))
         {
             // Sales representatives
@@ -713,7 +720,7 @@ if ($resql)
             if (! $i) $totalarray['nbfield']++;
         }
         // Status
-        if (! empty($arrayfields['status']['checked'])) 
+        if (! empty($arrayfields['status']['checked']))
         {
             print '<td align="center">'.($obj->nb_initial>0?$obj->nb_initial:'').'</td>';
             print '<td align="center">'.($obj->nb_running>0?$obj->nb_running:'').'</td>';
@@ -730,7 +737,7 @@ if ($resql)
         }
         print '</td>';
         if (! $i) $totalarray['nbfield']++;
-        
+
         print "</tr>\n";
         $i++;
     }
@@ -738,7 +745,7 @@ if ($resql)
 
     print '</table>';
     print '</div>';
-    
+
     print '</form>';
 }
 else

htdocs/contrat/services.php

@@ -331,7 +331,7 @@ if ($conf->categorie->enabled && ($user->rights->produit->lire || $user->rights-
     $moreforfilter.='<div class="divsearchfield">';
     $moreforfilter.=$langs->trans('IncludingProductWithTag'). ': ';
     $cate_arbo = $form->select_all_categories(Categorie::TYPE_PRODUCT, null, 'parent', null, null, 1);
-    $moreforfilter.=$form->selectarray('search_product_category', $cate_arbo, $search_product_category, 1, 0, 0, '', 0, 0, 0, 0, '', 1);
+    $moreforfilter.=$form->selectarray('search_product_category', $cate_arbo, $search_product_category, 1, 0, 0, '', 0, 0, 0, 0, 'maxwidth300', 1);
     $moreforfilter.='</div>';
 }
 
@@ -515,23 +515,23 @@ $var=True; $i=0;
 while ($i < min($num,$limit))
 {
 	$obj = $db->fetch_object($resql);
-	
+
 	$contractstatic->id=$obj->cid;
 	$contractstatic->ref=$obj->ref?$obj->ref:$obj->cid;
-	
+
 	$var=!$var;
 
 	print "<tr ".$bc[$var].">";
-	
+
 	// Ref
-    if (! empty($arrayfields['c.ref']['checked'])) 
+    if (! empty($arrayfields['c.ref']['checked']))
     {
         print '<td>';
 		print $contractstatic->getNomUrl(1,16);
 		print '</td>';
     }
 	// Service
-    if (! empty($arrayfields['p.description']['checked'])) 
+    if (! empty($arrayfields['p.description']['checked']))
     {
         print '<td>';
 		if ($obj->pid)
@@ -551,9 +551,9 @@ while ($i < min($num,$limit))
 		}
 		print '</td>';
     }
-    
+
 	// Third party
-    if (! empty($arrayfields['s.nom']['checked'])) 
+    if (! empty($arrayfields['s.nom']['checked']))
     {
         print '<td>';
 		$companystatic->id=$obj->socid;
@@ -562,9 +562,9 @@ while ($i < min($num,$limit))
 		print $companystatic->getNomUrl(1,'customer',28);
 		print '</td>';
     }
-    
+
 	// Start date
-    if (! empty($arrayfields['cd.date_ouverture_prevue']['checked'])) 
+    if (! empty($arrayfields['cd.date_ouverture_prevue']['checked']))
     {
 		print '<td align="center">';
 		print ($obj->date_ouverture_prevue?dol_print_date($db->jdate($obj->date_ouverture_prevue)):'&nbsp;');
@@ -573,15 +573,15 @@ while ($i < min($num,$limit))
 		else print '&nbsp;&nbsp;&nbsp;&nbsp;';
 		print '</td>';
 	}
-    if (! empty($arrayfields['cd.date_ouverture']['checked'])) 
+    if (! empty($arrayfields['cd.date_ouverture']['checked']))
     {
 	    print '<td align="center">'.($obj->date_ouverture?dol_print_date($db->jdate($obj->date_ouverture)):'&nbsp;').'</td>';
 	}
 	// End date
-    if (! empty($arrayfields['cd.date_fin_validite']['checked'])) 
+    if (! empty($arrayfields['cd.date_fin_validite']['checked']))
     {
 	    print '<td align="center">'.($obj->date_fin_validite?dol_print_date($db->jdate($obj->date_fin_validite)):'&nbsp;');
-		if ($obj->date_fin_validite && $db->jdate($obj->date_fin_validite) < ($now - $conf->contrat->services->expires->warning_delay) && $obj->statut < 5) 
+		if ($obj->date_fin_validite && $db->jdate($obj->date_fin_validite) < ($now - $conf->contrat->services->expires->warning_delay) && $obj->statut < 5)
 		{
 		    $warning_delay=$conf->contrat->services->expires->warning_delay / 3600 / 24;
             $textlate = $langs->trans("Late").' = '.$langs->trans("DateReference").' > '.$langs->trans("DateToday").' '.(ceil($warning_delay) >= 0 ? '+' : '').ceil($warning_delay).' '.$langs->trans("days");
@@ -590,7 +590,7 @@ while ($i < min($num,$limit))
 		else print '&nbsp;&nbsp;&nbsp;&nbsp;';
 	    print '</td>';
     }
-    if (! empty($arrayfields['cd.date_cloture']['checked'])) 
+    if (! empty($arrayfields['cd.date_cloture']['checked']))
     {
         print '<td align="center">'.dol_print_date($db->jdate($obj->date_cloture)).'</td>';
     }
@@ -657,7 +657,7 @@ while ($i < min($num,$limit))
 	}
 	print '</td>';
 	if (! $i) $totalarray['nbfield']++;
-	
+
 	print "</tr>\n";
 	$i++;
 }

htdocs/core/actions_linkedfiles.inc.php

@@ -71,7 +71,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes')
 
             $ret = dol_delete_file($file, 0, 0, 0, $object);
             if (! empty($fileold)) dol_delete_file($fileold, 0, 0, 0, $object);     // Delete file using old path
-            
+
 	        // Si elle existe, on efface la vignette
 	        if (preg_match('/(\.jpg|\.jpeg|\.bmp|\.gif|\.png|\.tiff)$/i',$file,$regs))
 	        {
@@ -150,19 +150,28 @@ elseif ($action == 'renamefile' && GETPOST('renamefilesave'))
         {
             $filenamefrom=dol_sanitizeFileName(GETPOST('renamefilefrom'));
             $filenameto=dol_sanitizeFileName(GETPOST('renamefileto'));
+
+            // Security:
+            // Disallow file with some extensions. We rename them.
+            // Because if we put the documents directory into a directory inside web root (very bad), this allows to execute on demand arbitrary code.
+            if (preg_match('/\.htm|\.html|\.php|\.pl|\.cgi$/i',$filenameto) && empty($conf->global->MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED))
+            {
+                $filenameto.= '.noexe';
+            }
+
             if ($filenamefrom && $filenameto)
             {
                 $srcpath = $upload_dir.'/'.$filenamefrom;
                 $destpath = $upload_dir.'/'.$filenameto;
-    
+
                 $result = dol_move($srcpath, $destpath);
-                if ($result) 
+                if ($result)
                 {
                     $object->addThumbs($destpath);
-                    
+
                     // TODO Add revert function of addThumbs
                     //$object->delThumbs($srcpath);
-                    
+
                     setEventMessages($langs->trans("FileRenamed"), null);
                 }
                 else setEventMessages($langs->trans("ErrorFailToRenameFile", $filenamefrom, $filenameto), null, 'errors');

htdocs/core/ajax/ajaxdirpreview.php

@@ -139,7 +139,7 @@ if (! dol_is_dir($upload_dir))
 }
 
 print '<!-- ajaxdirpreview type='.$type.' -->'."\n";
-print '<!-- Page called with mode='.(isset($mode)?$mode:'').' type='.$type.' module='.$module.' url='.$url.' '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
+//print '<!-- Page called with mode='.dol_escape_htmltag(isset($mode)?$mode:'').' type='.dol_escape_htmltag($type).' module='.dol_escape_htmltag($module).' url='.dol_escape_htmltag($url).' '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
 
 $param=($sortfield?'&sortfield='.$sortfield:'').($sortorder?'&sortorder='.$sortorder:'');
 
@@ -162,21 +162,13 @@ if ($type == 'directory')
     // Auto area for suppliers invoices
     else if ($module == 'invoice') $upload_dir = $conf->facture->dir_output;
     // Auto area for suppliers invoices
-    else if ($module == 'invoice_supplier')
-    {
-        $relativepath='facture';
-        $upload_dir = $conf->fournisseur->dir_output.'/'.$relativepath;
-    }
+    else if ($module == 'invoice_supplier') $upload_dir = $conf->fournisseur->facture->dir_output;
     // Auto area for customers orders
     else if ($module == 'propal') $upload_dir = $conf->propal->dir_output;
     // Auto area for customers orders
     else if ($module == 'order') $upload_dir = $conf->commande->dir_output;
     // Auto area for suppliers orders
-    else if ($module == 'order_supplier')
-    {
-        $relativepath='commande';
-        $upload_dir = $conf->fournisseur->dir_output.'/'.$relativepath;
-    }
+    else if ($module == 'order_supplier') $upload_dir = $conf->fournisseur->commande->dir_output;
     // Auto area for suppliers invoices
     else if ($module == 'contract') $upload_dir = $conf->contrat->dir_output;
     // Auto area for products
@@ -197,10 +189,12 @@ if ($type == 'directory')
         $param.='&module='.$module;
         $textifempty=($section?$langs->trans("NoFileFound"):($showonrightsize=='featurenotyetavailable'?$langs->trans("FeatureNotYetAvailable"):$langs->trans("NoFileFound")));
 
+        if ($module == 'company') $excludefiles[]='^contact$';   // The subdir 'contact' contains files of contacts with no id of thirdparty.
+
         $filearray=dol_dir_list($upload_dir,"files",1,'', $excludefiles, $sortfield, $sorting,1);
         $formfile->list_of_autoecmfiles($upload_dir,$filearray,$module,$param,1,'',$user->rights->ecm->upload,1,$textifempty,$maxlengthname,$url);
     }
-    //Manual area
+    // Manual area
     else
     {
         $relativepath=$ecmdir->getRelativePath();

htdocs/core/ajax/bankconciliate.php

@@ -45,7 +45,7 @@ $action=GETPOST('action');
 //top_htmlhead("", "", 1);  // Replaced with top_httphead. An ajax page does not need html header.
 top_httphead();
 
-//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
+//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
 
 if (($user->rights->banque->modifier || $user->rights->banque->consolidate) && $action == 'dvnext')
 {

htdocs/core/ajax/box.php

@@ -50,7 +50,7 @@ $userid=GETPOST('userid','int');
 //top_htmlhead("", "", 1);  // Replaced with top_httphead. An ajax page does not need html header.
 top_httphead();
 
-print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
+print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
 
 // Add a box
 if ($boxid > 0 && $zone !='' && $userid > 0)

htdocs/core/ajax/constantonoff.php

@@ -45,7 +45,7 @@ $name=GETPOST('name','alpha');
 //top_htmlhead("", "", 1);  // Replaced with top_httphead. An ajax page does not need html header.
 top_httphead();
 
-print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
+//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
 
 // Registering the location of boxes
 if (! empty($action) && ! empty($name))

htdocs/core/ajax/contacts.php

@@ -41,20 +41,20 @@ $showempty	= GETPOST('showempty','int');
 
 top_httphead();
 
-//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
+//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
 
 // Load original field value
 if (! empty($id) && ! empty($action) && ! empty($htmlname))
 {
 	$form = new Form($db);
-	
+
 	$return=array();
 	if (empty($showempty)) $showempty=0;
-	
+
 	$return['value']	= $form->selectcontacts($id,'',$htmlname,$showempty,'','',0,'',true);
 	$return['num']		= $form->num;
 	$return['error']	= $form->error;
-	
+
 	echo json_encode($return);
 }
 

htdocs/core/ajax/extraparams.php

@@ -40,17 +40,17 @@ $type = GETPOST('type', 'alpha');
 
 top_httphead();
 
-print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
+print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
 
 if(! empty($id) && ! empty($element) && ! empty($htmlelement) && ! empty($type))
 {
 	$value = GETPOST('value','alpha');
 	$params=array();
-	
+
 	dol_syslog("AjaxSetExtraParameters id=".$id." element=".$element." htmlelement=".$htmlelement." type=".$type." value=".$value, LOG_DEBUG);
-	
+
 	$classpath = $subelement = $element;
-	
+
 	// For compatibility
 	if ($element == 'order' || $element == 'commande')    { $classpath = $subelement = 'commande'; }
 	else if ($element == 'propal')				{ $classpath = 'comm/propal'; $subelement = 'propal'; }
@@ -60,19 +60,19 @@ if(! empty($id) && ! empty($element) && ! empty($htmlelement) && ! empty($type))
 	else if ($element == 'deplacement')			{ $classpath = 'compta/deplacement'; $subelement = 'deplacement'; }
 	else if ($element == 'order_supplier')		{ $classpath = 'fourn'; $subelement = 'fournisseur.commande'; }
 	else if ($element == 'invoice_supplier')	{ $classpath = 'fourn'; $subelement = 'fournisseur.facture'; }
-	
+
 	dol_include_once('/'.$classpath.'/class/'.$subelement.'.class.php');
-	
+
 	if ($element == 'order_supplier')			{ $classname = 'CommandeFournisseur'; }
 	else if ($element == 'invoice_supplier')	{ $classname = 'FactureFournisseur'; }
 	else $classname = ucfirst($subelement);
-	
+
 	$object	= new $classname($db);
 	$object->fetch($id);
-	
+
 	$params[$htmlelement] = array($type => $value);
 	$object->extraparams = array_merge($object->extraparams, $params);
-	
+
 	$result=$object->setExtraParameters();
 }
 

htdocs/core/ajax/loadinplace.php

@@ -41,7 +41,7 @@ $fk_element		= GETPOST('fk_element','alpha');
 
 top_httphead();
 
-//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
+//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
 
 // Load original field value
 if (! empty($field) && ! empty($element) && ! empty($table_element) && ! empty($fk_element))

htdocs/core/ajax/objectonoff.php

@@ -42,7 +42,7 @@ $object = new GenericObject($db);
 
 top_httphead();
 
-print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
+print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
 
 // Registering new values
 if (($action == 'set') && ! empty($id))