From d658a833c98fad5e2b21ca4c5f3ad44e51ad4717 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?=
 <marcosgdf@gmail.com>
Date: Mon, 1 May 2017 12:05:52 +0200
Subject: [PATCH 1/3] FIX #6677 Expired contracts dashboard box does not show
 the name of the thirdparty

Close #6677
---
 htdocs/core/boxes/box_services_expired.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/boxes/box_services_expired.php b/htdocs/core/boxes/box_services_expired.php
index f2bc86cdac5..52ccb694dd3 100644
--- a/htdocs/core/boxes/box_services_expired.php
+++ b/htdocs/core/boxes/box_services_expired.php
@@ -104,7 +104,7 @@ class box_services_expired extends ModeleBoxes
     				'logo' => 'company',
     				'url' => DOL_URL_ROOT."/comm/card.php?socid=".$objp->socid);
 
-    				$this->info_box_contents[$i][3] = array('td' => 'class="tdoverflow maxwidth100onsmartphone" align="left"',
+    				$this->info_box_contents[$i][3] = array('td' => 'class="tdoverflowmax200 maxwidth100onsmartphone" align="left"',
     				'text' => $objp->name,
     				'url' => DOL_URL_ROOT."/comm/card.php?socid=".$objp->socid);
 

From dbcb60433b5ca60bdb7d50d1a61fcf899edda716 Mon Sep 17 00:00:00 2001
From: Ferran Marcet <fmarcet@2byte.es>
Date: Tue, 9 May 2017 13:31:20 +0200
Subject: [PATCH 2/3] FIX: Correction with author and validator user on orders

---
 htdocs/commande/class/commande.class.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php
index 7c4176edac8..0ee6c49a485 100644
--- a/htdocs/commande/class/commande.class.php
+++ b/htdocs/commande/class/commande.class.php
@@ -9,7 +9,7 @@
  * Copyright (C) 2012      Cedric Salvador      <csalvador@gpcsolutions.fr>
  * Copyright (C) 2013      Florian Henry		<florian.henry@open-concept.pro>
  * Copyright (C) 2014-2015 Marcos García        <marcosgdf@gmail.com>
- * Copyright (C) 2016      Ferran Marcet        <fmarcet@2byte.es>
+ * Copyright (C) 2016-2017 Ferran Marcet        <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -134,6 +134,7 @@ class Commande extends CommonOrder
     var $linked_objects=array();
 
     var $user_author_id;
+    var $user_valid;
 
 	/**
 	 * @var OrderLine[]
@@ -1460,7 +1461,7 @@ class Commande extends CommonOrder
         // Check parameters
         if (empty($id) && empty($ref) && empty($ref_ext) && empty($ref_int)) return -1;
 
-        $sql = 'SELECT c.rowid, c.date_creation, c.ref, c.fk_soc, c.fk_user_author, c.fk_statut';
+        $sql = 'SELECT c.rowid, c.date_creation, c.ref, c.fk_soc, c.fk_user_author, c.fk_user_valid, c.fk_statut';
         $sql.= ', c.amount_ht, c.total_ht, c.total_ttc, c.tva as total_tva, c.localtax1 as total_localtax1, c.localtax2 as total_localtax2, c.fk_cond_reglement, c.fk_mode_reglement, c.fk_availability, c.fk_input_reason';
         $sql.= ', c.fk_account';
         $sql.= ', c.date_commande';
@@ -1502,6 +1503,7 @@ class Commande extends CommonOrder
                 $this->socid				= $obj->fk_soc;
                 $this->statut				= $obj->fk_statut;
                 $this->user_author_id		= $obj->fk_user_author;
+                $this->user_valid           = $obj->fk_user_valid;
                 $this->total_ht				= $obj->total_ht;
                 $this->total_tva			= $obj->total_tva;
                 $this->total_localtax1		= $obj->total_localtax1;
@@ -2692,8 +2694,8 @@ class Commande extends CommonOrder
 		$sql.= " total_ht=".(isset($this->total_ht)?$this->total_ht:"null").",";
 		$sql.= " total_ttc=".(isset($this->total_ttc)?$this->total_ttc:"null").",";
 		$sql.= " fk_statut=".(isset($this->statut)?$this->statut:"null").",";
-		$sql.= " fk_user_author=".(isset($this->user_author)?$this->user_author:"null").",";
-		$sql.= " fk_user_valid=".(isset($this->fk_user_valid)?$this->fk_user_valid:"null").",";
+		$sql.= " fk_user_author=".(isset($this->user_author_id)?$this->user_author_id:"null").",";
+		$sql.= " fk_user_valid=".(isset($this->user_valid)?$this->user_valid:"null").",";
 		$sql.= " fk_projet=".(isset($this->fk_project)?$this->fk_project:"null").",";
 		$sql.= " fk_cond_reglement=".(isset($this->cond_reglement_id)?$this->cond_reglement_id:"null").",";
 		$sql.= " fk_mode_reglement=".(isset($this->mode_reglement_id)?$this->mode_reglement_id:"null").",";

From d410a320d72e569b5148b0a9a0da39831a4912e9 Mon Sep 17 00:00:00 2001
From: jfefe <jfefe@users.noreply.github.com>
Date: Wed, 10 May 2017 20:32:54 +0200
Subject: [PATCH 3/3] WIP #6504: CVE-2017-7886

'defaultlang' attribute was not filtered before database request which cause an SQL injection.
---
 htdocs/core/class/translate.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/class/translate.class.php b/htdocs/core/class/translate.class.php
index 89ab0019865..5c5c1062d25 100644
--- a/htdocs/core/class/translate.class.php
+++ b/htdocs/core/class/translate.class.php
@@ -439,7 +439,7 @@ class Translate
 		if (! $found)
 		{
     		// Overwrite translation with database read
-            $sql="SELECT transkey, transvalue FROM ".MAIN_DB_PREFIX."overwrite_trans where lang='".$this->defaultlang."'";            
+            $sql="SELECT transkey, transvalue FROM ".MAIN_DB_PREFIX."overwrite_trans where lang='".$db->escape($this->defaultlang)."'";            
 		    $resql=$db->query($sql);
 		    
 		    if ($resql)