From b92b8c443dfbe434f3d17cad4e8e8fa93ae1ff0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?=
 <frederic34@users.noreply.github.com>
Date: Thu, 8 Feb 2024 13:09:39 +0100
Subject: [PATCH 1/4] fix cunits.class.php (backport) (#28068)

---
 htdocs/core/class/cunits.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/class/cunits.class.php b/htdocs/core/class/cunits.class.php
index 4afd59b5780..f48b06b97cd 100644
--- a/htdocs/core/class/cunits.class.php
+++ b/htdocs/core/class/cunits.class.php
@@ -117,14 +117,14 @@ class CUnits // extends CommonObject
 		$sql .= "code,";
 		$sql .= "label,";
 		$sql .= "short_label,";
-		$sql .= "unit_type";
+		$sql .= "unit_type,";
 		$sql .= "scale";
 		$sql .= ") VALUES (";
 		$sql .= " ".(!isset($this->id) ? 'NULL' : "'".$this->db->escape($this->id)."'").",";
 		$sql .= " ".(!isset($this->code) ? 'NULL' : "'".$this->db->escape($this->code)."'").",";
 		$sql .= " ".(!isset($this->label) ? 'NULL' : "'".$this->db->escape($this->label)."'").",";
 		$sql .= " ".(!isset($this->short_label) ? 'NULL' : "'".$this->db->escape($this->short_label)."'").",";
-		$sql .= " ".(!isset($this->unit_type) ? 'NULL' : "'".$this->db->escape($this->unit_type)."'");
+		$sql .= " ".(!isset($this->unit_type) ? 'NULL' : "'".$this->db->escape($this->unit_type)."'").",";
 		$sql .= " ".(!isset($this->scale) ? 'NULL' : "'".$this->db->escape($this->scale)."'");
 		$sql .= ")";
 

From fb69347ea7a9507477b4c8d043f76dc4d119beba Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@inodbox.com>
Date: Fri, 9 Feb 2024 11:24:57 +0100
Subject: [PATCH 2/4] FIX CVE-2024-23817 (#28089)

* FIX CVE-2024-23817

* FIX syntax error
---
 htdocs/main.inc.php | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index d541f3abce5..c1d797a6e2b 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -1926,8 +1926,20 @@ function top_menu($head, $title = '', $target = '', $disablejs = 0, $disablehead
 
 			if (isset($_POST) && is_array($_POST)) {
 				foreach ($_POST as $key => $value) {
-					if ($key !== 'action' && $key !== 'password' && !is_array($value)) {
-						$qs .= '&'.$key.'='.urlencode($value);
+					$key = preg_replace('/[^a-z0-9_\-\[\]]/i', '', $key);
+					if (in_array($key, array('action', 'massaction', 'password'))) {
+						continue;
+					}
+					if (!is_array($value)) {
+						if ($value !== '') {
+							$qs .= '&'.$key.'='.urlencode($value);
+						}
+					} else {
+						foreach ($value as $value2) {
+							if (($value2 !== '') && (!is_array($value2))) {
+								$qs .= '&'.$key.'[]='.urlencode($value2);
+							}
+						}
 					}
 				}
 			}

From 6a8be838be264eb2176b6f67839e0b63f0e05b0c Mon Sep 17 00:00:00 2001
From: thomas-Ngr <tnegre@open-dsi.fr>
Date: Fri, 9 Feb 2024 11:37:55 +0100
Subject: [PATCH 3/4] 14.0 fix CVE 2024 23817 (#28090)

* FIX CVE-2024-23817

* FIX syntax error

---------

Co-authored-by: Regis Houssin <regis.houssin@inodbox.com>
---
 htdocs/main.inc.php | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 2e377a3571f..bec74efd549 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -1896,8 +1896,20 @@ function top_menu($head, $title = '', $target = '', $disablejs = 0, $disablehead
 
 			if (isset($_POST) && is_array($_POST)) {
 				foreach ($_POST as $key => $value) {
-					if ($key !== 'action' && $key !== 'password' && !is_array($value)) {
-						$qs .= '&'.$key.'='.urlencode($value);
+					$key = preg_replace('/[^a-z0-9_\-\[\]]/i', '', $key);
+					if (in_array($key, array('action', 'massaction', 'password'))) {
+						continue;
+					}
+					if (!is_array($value)) {
+						if ($value !== '') {
+							$qs .= '&'.$key.'='.urlencode($value);
+						}
+					} else {
+						foreach ($value as $value2) {
+							if (($value2 !== '') && (!is_array($value2))) {
+								$qs .= '&'.$key.'[]='.urlencode($value2);
+							}
+						}
 					}
 				}
 			}

From 2c07bd764d427b50e9c56d56712f618786a9e904 Mon Sep 17 00:00:00 2001
From: noec764 <58433943+noec764@users.noreply.github.com>
Date: Fri, 9 Feb 2024 14:07:04 +0100
Subject: [PATCH 4/4] FIX: Bar code verification should be done by entity
 because generation does (#28087)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* FIX: Bar code verification should be done by entity because generation does

* FIX: handle Entities shared tables

* FIX: Remove unused global

---------

Co-authored-by: Noé <noe@scopen.fr>
---
 htdocs/core/modules/barcode/mod_barcode_product_standard.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/htdocs/core/modules/barcode/mod_barcode_product_standard.php b/htdocs/core/modules/barcode/mod_barcode_product_standard.php
index f4bf05afb3b..7f15cc98c45 100644
--- a/htdocs/core/modules/barcode/mod_barcode_product_standard.php
+++ b/htdocs/core/modules/barcode/mod_barcode_product_standard.php
@@ -294,6 +294,8 @@ class mod_barcode_product_standard extends ModeleNumRefBarCode
 		// phpcs:enable
 		$sql = "SELECT barcode FROM ".MAIN_DB_PREFIX."product";
 		$sql .= " WHERE barcode = '".$db->escape($code)."'";
+		$sql .= " AND entity IN (".getEntity('product').")";
+
 		if ($product->id > 0) {
 			$sql .= " AND rowid <> ".$product->id;
 		}