From 0e083bab20865a6d34f5dc2e688c8291cba522fc Mon Sep 17 00:00:00 2001
From: FLIO <oflifli@nltechno.com>
Date: Tue, 22 Nov 2022 17:28:54 +0100
Subject: [PATCH 01/17] Fix(scrutinizer)
 https://scrutinizer-ci.com/g/Dolibarr/dolibarr/issues/develop/files/htdocs/don/class/paymentdonation.class.php?selectedLabels%5B0%5D=9&selectedSeverities%5B0%5D=10&orderField=lastFound&order=desc&honorSelectedPaths=0

---
 htdocs/don/class/paymentdonation.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/don/class/paymentdonation.class.php b/htdocs/don/class/paymentdonation.class.php
index e4928ac9363..a9ddcf62638 100644
--- a/htdocs/don/class/paymentdonation.class.php
+++ b/htdocs/don/class/paymentdonation.class.php
@@ -130,7 +130,7 @@ class PaymentDonation extends CommonObject
 		$now = dol_now();
 
 		// Validate parameters
-		if (!$this->datepaid) {
+		if (!$this->datep) {
 			$this->error = 'ErrorBadValueForParameterCreatePaymentDonation';
 			return -1;
 		}
@@ -587,7 +587,7 @@ class PaymentDonation extends CommonObject
 
 			// Insert payment into llx_bank
 			$bank_line_id = $acc->addline(
-				$this->datepaid,
+				$this->datep,
 				$this->paymenttype, // Payment mode id or code ("CHQ or VIR for example")
 				$label,
 				$amount,

From fadc50b152b41f5bdcac8798e44a01fb01cb76af Mon Sep 17 00:00:00 2001
From: FLIO <oflifli@nltechno.com>
Date: Tue, 29 Nov 2022 11:29:03 +0100
Subject: [PATCH 02/17] Fix(scrutinizer)
 https://scrutinizer-ci.com/g/Dolibarr/dolibarr/issues/develop/files/htdocs/expensereport/class/paymentexpensereport.class.php?selectedLabels%5B0%5D=9&selectedSeverities%5B0%5D=10&orderField=lastFound&order=desc&honorSelectedPaths=0

---
 htdocs/expensereport/class/paymentexpensereport.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/expensereport/class/paymentexpensereport.class.php b/htdocs/expensereport/class/paymentexpensereport.class.php
index e871cba86b3..0a5ae80bb86 100644
--- a/htdocs/expensereport/class/paymentexpensereport.class.php
+++ b/htdocs/expensereport/class/paymentexpensereport.class.php
@@ -113,7 +113,7 @@ class PaymentExpenseReport extends CommonObject
 		$now = dol_now();
 
 		// Validate parameters
-		if (!$this->datepaid) {
+		if (!$this->datep) {
 			$this->error = 'ErrorBadValueForParameterCreatePaymentExpenseReport';
 			return -1;
 		}
@@ -531,7 +531,7 @@ class PaymentExpenseReport extends CommonObject
 
 			// Insert payment into llx_bank
 			$bank_line_id = $acc->addline(
-				$this->datepaid,
+				$this->datep,
 				$this->fk_typepayment, // Payment mode id or code ("CHQ or VIR for example")
 				$label,
 				-$amount,

From 721c7ed9298943472fd7ef37946e46fb071653e2 Mon Sep 17 00:00:00 2001
From: FLIO <oflifli@nltechno.com>
Date: Wed, 30 Nov 2022 22:43:07 +0100
Subject: [PATCH 03/17] Fix(Scrutinizer)

---
 htdocs/don/class/paymentdonation.class.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/htdocs/don/class/paymentdonation.class.php b/htdocs/don/class/paymentdonation.class.php
index a9ddcf62638..61c9086e10e 100644
--- a/htdocs/don/class/paymentdonation.class.php
+++ b/htdocs/don/class/paymentdonation.class.php
@@ -189,7 +189,7 @@ class PaymentDonation extends CommonObject
 			$sql .= " fk_typepayment, num_payment, note, ext_payment_id, ext_payment_site,";
 			$sql .= " fk_user_creat, fk_bank)";
 			$sql .= " VALUES ($this->chid, '".$this->db->idate($now)."',";
-			$sql .= " '".$this->db->idate($this->datepaid)."',";
+			$sql .= " '".$this->db->idate($this->datep)."',";
 			$sql .= " ".price2num($totalamount).",";
 			$sql .= " ".((int) $this->paymenttype).", '".$this->db->escape($this->num_payment)."', '".$this->db->escape($this->note_public)."', ";
 			$sql .= " ".($this->ext_payment_id ? "'".$this->db->escape($this->ext_payment_id)."'" : "null").", ".($this->ext_payment_site ? "'".$this->db->escape($this->ext_payment_site)."'" : "null").",";
@@ -584,7 +584,6 @@ class PaymentDonation extends CommonObject
 			if ($mode == 'payment_donation') {
 				$amount = $total;
 			}
-
 			// Insert payment into llx_bank
 			$bank_line_id = $acc->addline(
 				$this->datep,

From dbe7f659cc3fd852da46242e8d9f4ef0a968a28d Mon Sep 17 00:00:00 2001
From: FLIO <oflifli@nltechno.com>
Date: Tue, 31 Jan 2023 22:55:04 +0100
Subject: [PATCH 04/17] fix (scrutinizer) replace datepaid by datep and in
 payment replacement of the variable that receives the value

---
 htdocs/expensereport/class/paymentexpensereport.class.php | 3 +--
 htdocs/expensereport/payment/payment.php                  | 4 ++--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/htdocs/expensereport/class/paymentexpensereport.class.php b/htdocs/expensereport/class/paymentexpensereport.class.php
index 0a5ae80bb86..a566b4a2b00 100644
--- a/htdocs/expensereport/class/paymentexpensereport.class.php
+++ b/htdocs/expensereport/class/paymentexpensereport.class.php
@@ -111,7 +111,6 @@ class PaymentExpenseReport extends CommonObject
 		$error = 0;
 
 		$now = dol_now();
-
 		// Validate parameters
 		if (!$this->datep) {
 			$this->error = 'ErrorBadValueForParameterCreatePaymentExpenseReport';
@@ -170,7 +169,7 @@ class PaymentExpenseReport extends CommonObject
 			$sql = "INSERT INTO ".MAIN_DB_PREFIX."payment_expensereport (fk_expensereport, datec, datep, amount,";
 			$sql .= " fk_typepayment, num_payment, note, fk_user_creat, fk_bank)";
 			$sql .= " VALUES ($this->fk_expensereport, '".$this->db->idate($now)."',";
-			$sql .= " '".$this->db->idate($this->datepaid)."',";
+			$sql .= " '".$this->db->idate($this->datep)."',";
 			$sql .= " ".price2num($totalamount).",";
 			$sql .= " ".((int) $this->fk_typepayment).", '".$this->db->escape($this->num_payment)."', '".$this->db->escape($this->note_public)."', ".((int) $user->id).",";
 			$sql .= " 0)";	// fk_bank is ID of transaction into ll_bank
diff --git a/htdocs/expensereport/payment/payment.php b/htdocs/expensereport/payment/payment.php
index 6456bf80d7f..20b49b1533c 100644
--- a/htdocs/expensereport/payment/payment.php
+++ b/htdocs/expensereport/payment/payment.php
@@ -107,8 +107,8 @@ if ($action == 'add_payment') {
 			// Create a line of payments
 			$payment = new PaymentExpenseReport($db);
 			$payment->fk_expensereport = $expensereport->id;
-			$payment->datepaid       = $datepaid;
-			$payment->amounts        = $amounts; // Tableau de montant
+			$payment->datep       	 = $datepaid;
+			$payment->amounts		 = $amounts; // Tableau de montant
 			$payment->total          = $total;
 			$payment->fk_typepayment = GETPOST("fk_typepayment", 'int');
 			$payment->num_payment    = GETPOST("num_payment", 'alphanothtml');

From 5ae8735f7e0e7e211b11729d5bc7d5808c7dc45e Mon Sep 17 00:00:00 2001
From: FLIO <oflifli@nltechno.com>
Date: Tue, 31 Jan 2023 23:11:15 +0100
Subject: [PATCH 05/17] fix (scrutinizer) In payment don replacement of the
 variable that receives the value

---
 htdocs/don/payment/payment.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/don/payment/payment.php b/htdocs/don/payment/payment.php
index 6a2cc78f128..08084898f80 100644
--- a/htdocs/don/payment/payment.php
+++ b/htdocs/don/payment/payment.php
@@ -95,7 +95,7 @@ if ($action == 'add_payment') {
 			// Create a line of payments
 			$payment = new PaymentDonation($db);
 			$payment->chid         = $chid;
-			$payment->datepaid     = $datepaid;
+			$payment->datep     = $datepaid;
 			$payment->amounts      = $amounts; // Tableau de montant
 			$payment->paymenttype  = GETPOST("paymenttype", 'int');
 			$payment->num_payment  = GETPOST("num_payment", 'alphanohtml');

From 8aab392369c2242e4d7b5b5d6dcbe2a5a6b44ce4 Mon Sep 17 00:00:00 2001
From: FLIO <oflifli@nltechno.com>
Date: Tue, 29 Nov 2022 22:44:00 +0100
Subject: [PATCH 06/17] Fix(scrutinizer)
 https://scrutinizer-ci.com/g/Dolibarr/dolibarr/issues/develop/files/htdocs/societe/price.php?selectedLabels%5B0%5D=9&selectedSeverities%5B0%5D=10&orderField=lastFound&order=desc&honorSelectedPaths=0

---
 htdocs/societe/class/societe.class.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php
index fa6d77ad485..fff6daf3ce6 100644
--- a/htdocs/societe/class/societe.class.php
+++ b/htdocs/societe/class/societe.class.php
@@ -504,6 +504,12 @@ class Societe extends CommonObject
 	 */
 	public $tva_intra;
 
+	public $tva_npr;
+
+	public $tva_tx;
+
+	public $price_base_type;
+
 	// Local taxes
 	public $localtax1_assuj;
 	public $localtax1_value;

From abe8c56ace97fdbd2adec977c9d68d6c0f4d5a56 Mon Sep 17 00:00:00 2001
From: FLIO <oflifli@nltechno.com>
Date: Wed, 1 Feb 2023 12:46:49 +0100
Subject: [PATCH 07/17] fix (scrutinizer) remove my edit

---
 htdocs/societe/class/societe.class.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php
index fff6daf3ce6..8d09012ccec 100644
--- a/htdocs/societe/class/societe.class.php
+++ b/htdocs/societe/class/societe.class.php
@@ -504,8 +504,6 @@ class Societe extends CommonObject
 	 */
 	public $tva_intra;
 
-	public $tva_npr;
-
 	public $tva_tx;
 
 	public $price_base_type;

From 8dc4ed05cad3b6548cc8508fb17f5196d9545597 Mon Sep 17 00:00:00 2001
From: FLIO <oflifli@nltechno.com>
Date: Wed, 1 Feb 2023 12:54:26 +0100
Subject: [PATCH 08/17] fix (scrutinizer) remove my edit

---
 htdocs/societe/class/societe.class.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php
index 8d09012ccec..fff6daf3ce6 100644
--- a/htdocs/societe/class/societe.class.php
+++ b/htdocs/societe/class/societe.class.php
@@ -504,6 +504,8 @@ class Societe extends CommonObject
 	 */
 	public $tva_intra;
 
+	public $tva_npr;
+
 	public $tva_tx;
 
 	public $price_base_type;

From c19d259d46c11f068fe6e9489080c620a9834b37 Mon Sep 17 00:00:00 2001
From: FLIO <oflifli@nltechno.com>
Date: Wed, 1 Feb 2023 12:55:32 +0100
Subject: [PATCH 09/17] fix (scrutinizer) remove my edit

---
 htdocs/societe/class/societe.class.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php
index fff6daf3ce6..8d09012ccec 100644
--- a/htdocs/societe/class/societe.class.php
+++ b/htdocs/societe/class/societe.class.php
@@ -504,8 +504,6 @@ class Societe extends CommonObject
 	 */
 	public $tva_intra;
 
-	public $tva_npr;
-
 	public $tva_tx;
 
 	public $price_base_type;

From 465a88738e15d52386cd9743ddde4fb44ce1057d Mon Sep 17 00:00:00 2001
From: FLIO <oflifli@nltechno.com>
Date: Wed, 15 Feb 2023 15:39:49 +0100
Subject: [PATCH 10/17] fix (scrutinizer) deletion of the variables add in
 company

---
 htdocs/societe/class/societe.class.php | 4 ----
 htdocs/societe/price.php               | 4 ++--
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php
index 8d09012ccec..fa6d77ad485 100644
--- a/htdocs/societe/class/societe.class.php
+++ b/htdocs/societe/class/societe.class.php
@@ -504,10 +504,6 @@ class Societe extends CommonObject
 	 */
 	public $tva_intra;
 
-	public $tva_tx;
-
-	public $price_base_type;
-
 	// Local taxes
 	public $localtax1_assuj;
 	public $localtax1_value;
diff --git a/htdocs/societe/price.php b/htdocs/societe/price.php
index af2898a8556..dafe53a19d8 100644
--- a/htdocs/societe/price.php
+++ b/htdocs/societe/price.php
@@ -321,7 +321,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) {
 
 		// VAT
 		print '<tr><td>'.$langs->trans("VATRate").'</td><td>';
-		print $form->load_tva("tva_tx", $object->tva_tx, $mysoc, '', $object->id, $object->tva_npr, '', false, 1);
+		print $form->load_tva("tva_tx", GETPOST("tva_tx", "alpha"), $mysoc, '', $object->id, 0, '', false, 1);
 		print '</td></tr>';
 
 		// Price base
@@ -329,7 +329,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) {
 		print $langs->trans('PriceBase');
 		print '</td>';
 		print '<td>';
-		print $form->selectPriceBaseType($object->price_base_type, "price_base_type");
+		print $form->selectPriceBaseType(GETPOST("price_base_type", "aZ09"), "price_base_type");
 		print '</td>';
 		print '</tr>';
 

From 8fce0d6f5f716298e3e4f16188eb08e05bb2a5eb Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 21 Mar 2023 15:29:13 +0100
Subject: [PATCH 11/17] Comment

---
 htdocs/website/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/website/index.php b/htdocs/website/index.php
index 8ccd4882ac7..3d54742b38d 100644
--- a/htdocs/website/index.php
+++ b/htdocs/website/index.php
@@ -1,5 +1,5 @@
 <?php
-/* Copyright (C) 2016-2022 Laurent Destailleur  <eldy@users.sourceforge.net>
+/* Copyright (C) 2016-2023 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2020 	   Nicolas ZABOURI		<info@inovea-conseil.com>
  *
  * This program is free software; you can redistribute it and/or modify

From 152bbeb90a9ad54509d0e9be90b0fadb7f8464b8 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 21 Mar 2023 18:27:32 +0100
Subject: [PATCH 12/17] Securize and enhance objectonoff for external modules

---
 htdocs/core/ajax/objectonoff.php              | 57 +++++++++++++++----
 htdocs/core/class/commonobject.class.php      |  3 +-
 htdocs/core/lib/ajax.lib.php                  |  5 +-
 htdocs/core/lib/security.lib.php              | 10 ++--
 .../template/class/myobject.class.php         |  4 +-
 5 files changed, 57 insertions(+), 22 deletions(-)

diff --git a/htdocs/core/ajax/objectonoff.php b/htdocs/core/ajax/objectonoff.php
index 77cd3234cd8..54344da699e 100644
--- a/htdocs/core/ajax/objectonoff.php
+++ b/htdocs/core/ajax/objectonoff.php
@@ -18,7 +18,7 @@
 /**
  *       \file       htdocs/core/ajax/objectonoff.php
  *       \brief      File to set status for an object
- *       			 This Ajax service is called when option MAIN_DIRECT_STATUS_UPDATE is set.
+ *       			 This Ajax service is oftenly called when option MAIN_DIRECT_STATUS_UPDATE is set.
  */
 
 if (!defined('NOTOKENRENEWAL')) {
@@ -53,15 +53,34 @@ $format = 'int';
 
 $object = new GenericObject($db);
 
-$tablename = $element;
-if ($tablename == 'websitepage') {
-	$tablename = 'website_page';
-}
+$tmparray = explode('@', $element);
+if (empty($tmparray[1])) {
+	$subelement = '';
 
-$object->table_element = $tablename;
+	$object->module = $element;
+	$object->element = $element;
+	$object->table_element = $element;
+
+	// Special case for compatibility
+	if ($object->table_element == 'websitepage') {
+		$object->table_element = 'website_page';
+	}
+} else {
+	$element = $tmparray[0];
+	$subelement = $tmparray[1];
+
+	$object->module = $element;
+	$object->element = $subelement;
+	$object->table_element = $object->module.'_'.$object->element;
+}
 $object->id = $id;
 $object->fields[$field] = array('type' => $format, 'enabled' => 1);
 
+$module = $object->module;
+$element = $object->element;
+
+//var_dump($object->module); var_dump($object->element); var_dump($object->table_element);
+
 // Security check
 if (!empty($user->socid)) {
 	$socid = $user->socid;
@@ -70,12 +89,20 @@ if (!empty($user->socid)) {
 //$user->hasRight('societe', 'lire') = 0;$user->rights->fournisseur->lire = 0;
 //restrictedArea($user, 'societe', $id);
 
-if (in_array($field, array('status'))) {
-	restrictedArea($user, $element, $id);
+// We check permission.
+// Check is done on $user->rights->element->create or $user->rights->element->subelement->create (because $action = 'set')
+if (preg_match('/status$/', $field)) {
+	$module = $object->module;
+	$element = $object->element;
+	$usesublevelpermission = ($module != $element ? $element : '');
+	if ($usesublevelpermission && !isset($user->rights->$module->$element)) {	// There is no permission on object defined, we will check permission on module directly
+		$usesublevelpermission = '';
+	}
+	restrictedArea($user, $object->module, $object, $object->table_element, $usesublevelpermission);
 } elseif ($element == 'product' && in_array($field, array('tosell', 'tobuy', 'tobatch'))) {	// Special case for products
-	restrictedArea($user, 'produit|service', $id, 'product&product', '', '', 'rowid');
+	restrictedArea($user, 'produit|service', $object, 'product&product', '', '', 'rowid');
 } else {
-	httponly_accessforbidden("Bad value for combination of parameters element/field.");
+	httponly_accessforbidden("Bad value for combination of parameters element/field.");	// This includes the exit.
 }
 
 
@@ -89,7 +116,7 @@ print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"])
 
 // Registering new values
 if (($action == 'set') && !empty($id)) {
-	$triggerkey = strtoupper($element).'_UPDATE';
+	$triggerkey = strtoupper(($module != $element ? $module.'_' : '').$element).'_UPDATE';
 	// Special case
 	if ($triggerkey == 'SOCIETE_UPDATE') {
 		$triggerkey = 'COMPANY_MODIFY';
@@ -98,5 +125,11 @@ if (($action == 'set') && !empty($id)) {
 		$triggerkey = 'PRODUCT_MODIFY';
 	}
 
-	$object->setValueFrom($field, $value, $tablename, $id, $format, '', $user, $triggerkey);
+	$result = $object->setValueFrom($field, $value, $object->table_element, $id, $format, '', $user, $triggerkey);
+
+	if ($result < 0) {
+		print $object->error;
+		http_response_code(500);
+		exit;
+	}
 }
diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php
index c85f66ca2c6..7d3c1030678 100644
--- a/htdocs/core/class/commonobject.class.php
+++ b/htdocs/core/class/commonobject.class.php
@@ -2122,6 +2122,8 @@ abstract class CommonObject
 
 		$error = 0;
 
+		dol_syslog(__METHOD__, LOG_DEBUG);
+
 		$this->db->begin();
 
 		$sql = "UPDATE ".$this->db->prefix().$table." SET ";
@@ -2146,7 +2148,6 @@ abstract class CommonObject
 
 		$sql .= " WHERE ".$id_field." = ".((int) $id);
 
-		dol_syslog(__METHOD__, LOG_DEBUG);
 		$resql = $this->db->query($sql);
 		if ($resql) {
 			if ($trigkey) {
diff --git a/htdocs/core/lib/ajax.lib.php b/htdocs/core/lib/ajax.lib.php
index fde2a988cf7..909124f5f5f 100644
--- a/htdocs/core/lib/ajax.lib.php
+++ b/htdocs/core/lib/ajax.lib.php
@@ -710,6 +710,7 @@ function ajax_object_onoff($object, $code, $field, $text_on, $text_off, $input =
 	if (empty($htmlname)) {
 		$htmlname = $code;
 	}
+	//var_dump($object->module); var_dump($object->element);
 
 	$out = '<script>
         $(function() {
@@ -722,7 +723,7 @@ function ajax_object_onoff($object, $code, $field, $text_on, $text_off, $input =
                     action: \'set\',
                     field: \''.dol_escape_js($field).'\',
                     value: \'1\',
-                    element: \''.dol_escape_js($object->element).'\',
+                    element: \''.dol_escape_js(((empty($object->module) || $object->module == $object->element) ? '' : $object->module.'@').$object->element).'\',
                     id: \''.$object->id.'\',
 					token: \''.currentToken().'\'
                 },
@@ -754,7 +755,7 @@ function ajax_object_onoff($object, $code, $field, $text_on, $text_off, $input =
                     action: \'set\',
                     field: \''.dol_escape_js($field).'\',
                     value: \'0\',
-                    element: \''.dol_escape_js($object->element).'\',
+                    element: \''.dol_escape_js(((empty($object->module) || $object->module == $object->element) ? '' : $object->module.'@').$object->element).'\',
                     id: \''.$object->id.'\',
 					token: \''.currentToken().'\'
                 },
diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 1f7b9404a7c..63202c693e4 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -485,7 +485,7 @@ function restrictedArea(User $user, $features, $object = 0, $tableandshare = '',
 				$readok = 0;
 				$nbko++;
 			}
-		} elseif (!empty($feature2)) { 													// This is for permissions on 2 levels
+		} elseif (!empty($feature2)) { 													// This is for permissions on 2 levels (module->object->read)
 			$tmpreadok = 1;
 			foreach ($feature2 as $subfeature) {
 				if ($subfeature == 'user' && $user->id == $objectid) {
@@ -504,7 +504,7 @@ function restrictedArea(User $user, $features, $object = 0, $tableandshare = '',
 				$readok = 0; // All tests are ko (we manage here the and, the or will be managed later using $nbko).
 				$nbko++;
 			}
-		} elseif (!empty($feature) && ($feature != 'user' && $feature != 'usergroup')) {		// This is permissions on 1 level
+		} elseif (!empty($feature) && ($feature != 'user' && $feature != 'usergroup')) {		// This is permissions on 1 level (module->read)
 			if (empty($user->rights->$feature->lire)
 				&& empty($user->rights->$feature->read)
 				&& empty($user->rights->$feature->run)) {
@@ -531,7 +531,7 @@ function restrictedArea(User $user, $features, $object = 0, $tableandshare = '',
 	// Check write permission from module (we need to know write permission to create but also to delete drafts record or to upload files)
 	$createok = 1;
 	$nbko = 0;
-	$wemustcheckpermissionforcreate = (GETPOST('sendit', 'alpha') || GETPOST('linkit', 'alpha') || in_array(GETPOST('action', 'aZ09'), array('create', 'update', 'add_element_resource', 'confirm_delete_linked_resource')) || GETPOST('roworder', 'alpha', 2));
+	$wemustcheckpermissionforcreate = (GETPOST('sendit', 'alpha') || GETPOST('linkit', 'alpha') || in_array(GETPOST('action', 'aZ09'), array('create', 'update', 'set', 'add_element_resource', 'confirm_delete_linked_resource')) || GETPOST('roworder', 'alpha', 2));
 	$wemustcheckpermissionfordeletedraft = ((GETPOST("action", "aZ09") == 'confirm_delete' && GETPOST("confirm", "aZ09") == 'yes') || GETPOST("action", "aZ09") == 'delete');
 
 	if ($wemustcheckpermissionforcreate || $wemustcheckpermissionfordeletedraft) {
@@ -576,7 +576,7 @@ function restrictedArea(User $user, $features, $object = 0, $tableandshare = '',
 					$createok = 0;
 					$nbko++;
 				}
-			} elseif (!empty($feature2)) {														// This is for permissions on one level
+			} elseif (!empty($feature2)) {													// This is for permissions on 2 levels (module->object->write)
 				foreach ($feature2 as $subfeature) {
 					if ($subfeature == 'user' && $user->id == $objectid && $user->rights->user->self->creer) {
 						continue; // User can edit its own card
@@ -599,7 +599,7 @@ function restrictedArea(User $user, $features, $object = 0, $tableandshare = '',
 						break;
 					}
 				}
-			} elseif (!empty($feature)) {												// This is for permissions on 2 levels ('creer' or 'write')
+			} elseif (!empty($feature)) {												// This is for permissions on 1 levels (module->write)
 				//print '<br>feature='.$feature.' creer='.$user->rights->$feature->creer.' write='.$user->rights->$feature->write; exit;
 				if (empty($user->rights->$feature->creer)
 				&& empty($user->rights->$feature->write)
diff --git a/htdocs/modulebuilder/template/class/myobject.class.php b/htdocs/modulebuilder/template/class/myobject.class.php
index 2a9b583b9e9..b54eff6a0e3 100644
--- a/htdocs/modulebuilder/template/class/myobject.class.php
+++ b/htdocs/modulebuilder/template/class/myobject.class.php
@@ -82,7 +82,7 @@ class MyObject extends CommonObject
 	 *  	'date', 'datetime', 'timestamp', 'duration',
 	 *  	'boolean', 'checkbox', 'radio', 'array',
 	 *  	'mail', 'phone', 'url', 'password', 'ip'
-	 *		Note: Filter must be a Dolibarr filter syntax string. Example: "(t.ref:like:'SO-%') or (t.date_creation:<:'20160101') or (t.status:!=:0) or (t.nature:is:NULL)"
+	 *		Note: Filter must be a Dolibarr Universal Filter syntax string. Example: "(t.ref:like:'SO-%') or (t.date_creation:<:'20160101') or (t.status:!=:0) or (t.nature:is:NULL)"
 	 *  'label' the translation key.
 	 *  'picto' is code of a picto to show before value in forms
 	 *  'enabled' is a condition when the field must be managed (Example: 1 or '$conf->global->MY_SETUP_PARAM' or 'isModEnabled("multicurrency")' ...)
@@ -260,7 +260,7 @@ class MyObject extends CommonObject
 		}
 
 		// Example to show how to set values of fields definition dynamically
-		/*if ($user->rights->mymodule->myobject->read) {
+		/*if ($user->hasRights->('mymodule', 'myobject', 'read')) {
 			$this->fields['myfield']['visible'] = 1;
 			$this->fields['myfield']['noteditable'] = 0;
 		}*/

From e15bd395734aec39f37680cffa16df08d81c6eb8 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 21 Mar 2023 18:55:56 +0100
Subject: [PATCH 13/17] Securize and enhance objectonoff for external modules

---
 htdocs/asset/list.php             |  2 +-
 htdocs/core/lib/ajax.lib.php      | 26 ++++++++++++++++++++------
 htdocs/core/lib/functions.lib.php |  6 +++---
 3 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/htdocs/asset/list.php b/htdocs/asset/list.php
index d98165d28a2..4b3b530148d 100644
--- a/htdocs/asset/list.php
+++ b/htdocs/asset/list.php
@@ -639,7 +639,7 @@ if ($num == 0) {
 			$colspan++;
 		}
 	}
-	print '<tr><td colspan="'.$colspan.'" class="opacitymedium">'.$langs->trans("NoRecordFound").'</td></tr>';
+	print '<tr><td colspan="'.$colspan.'"><span class="opacitymedium">'.$langs->trans("NoRecordFound").'</span></td></tr>';
 }
 
 
diff --git a/htdocs/core/lib/ajax.lib.php b/htdocs/core/lib/ajax.lib.php
index 909124f5f5f..25aee10e2f3 100644
--- a/htdocs/core/lib/ajax.lib.php
+++ b/htdocs/core/lib/ajax.lib.php
@@ -696,8 +696,8 @@ function ajax_constantonoff($code, $input = array(), $entity = null, $revertonof
  *  @param  Object  $object     Object to set
  *  @param  string  $code       Name of property in object : 'status' or 'status_buy' for product by example
  *  @param  string  $field      Name of database field : 'tosell' or 'tobuy' for product by example
- *  @param  string  $text_on    Text if on
- *  @param  string  $text_off   Text if off
+ *  @param  string  $text_on    Text if on ('Text' or 'Text:css picto on')
+ *  @param  string  $text_off   Text if off ('Text' or 'Text:css picto on')
  *  @param  array   $input      Array of type->list of CSS element to switch. Example: array('disabled'=>array(0=>'cssid'))
  *  @param	string	$morecss	More CSS
  *  @param	string	$htmlname	Name of HTML component. Keep '' or use a different value if you need to use this component several time on same page for same property.
@@ -724,7 +724,7 @@ function ajax_object_onoff($object, $code, $field, $text_on, $text_off, $input =
                     field: \''.dol_escape_js($field).'\',
                     value: \'1\',
                     element: \''.dol_escape_js(((empty($object->module) || $object->module == $object->element) ? '' : $object->module.'@').$object->element).'\',
-                    id: \''.$object->id.'\',
+                    id: \''.((int) $object->id).'\',
 					token: \''.currentToken().'\'
                 },
                 function() {
@@ -756,7 +756,7 @@ function ajax_object_onoff($object, $code, $field, $text_on, $text_off, $input =
                     field: \''.dol_escape_js($field).'\',
                     value: \'0\',
                     element: \''.dol_escape_js(((empty($object->module) || $object->module == $object->element) ? '' : $object->module.'@').$object->element).'\',
-                    id: \''.$object->id.'\',
+                    id: \''.((int) $object->id).'\',
 					token: \''.currentToken().'\'
                 },
                 function() {
@@ -781,8 +781,22 @@ function ajax_object_onoff($object, $code, $field, $text_on, $text_off, $input =
             });
         });
     </script>';
-	$out .= '<span id="set_'.$htmlname.'_'.$object->id.'" class="linkobject '.($object->$code == 1 ? 'hideobject' : '').($morecss ? ' '.$morecss : '').'">'.img_picto($langs->trans($text_off), 'switch_off').'</span>';
-	$out .= '<span id="del_'.$htmlname.'_'.$object->id.'" class="linkobject '.($object->$code == 1 ? '' : 'hideobject').($morecss ? ' '.$morecss : '').'">'.img_picto($langs->trans($text_on), 'switch_on').'</span>';
+
+	$switchon = 'switch_on';
+	$switchoff = 'switch_off';
+	$tmparray = explode(':', $text_on);
+	if (!empty($tmparray[1])) {
+		$text_on = $tmparray[0];
+		$switchon = $tmparray[1];
+	}
+	$tmparray = explode(':', $text_off);
+	if (!empty($tmparray[1])) {
+		$text_off = $tmparray[0];
+		$switchoff = $tmparray[1];
+	}
+
+	$out .= '<span id="set_'.$htmlname.'_'.$object->id.'" class="linkobject '.($object->$code == 1 ? 'hideobject' : '').($morecss ? ' '.$morecss : '').'">'.img_picto($langs->trans($text_off), $switchoff).'</span>';
+	$out .= '<span id="del_'.$htmlname.'_'.$object->id.'" class="linkobject '.($object->$code == 1 ? '' : 'hideobject').($morecss ? ' '.$morecss : '').'">'.img_picto($langs->trans($text_on), $switchon).'</span>';
 
 	return $out;
 }
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 24dafa06f69..918046fc218 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -4134,7 +4134,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $
 				'off', 'on', 'order',
 				'paiment', 'paragraph', 'play', 'pdf', 'phone', 'phoning', 'phoning_mobile', 'phoning_fax', 'playdisabled', 'previous', 'poll', 'pos', 'printer', 'product', 'propal', 'proposal', 'puce',
 				'stock', 'resize', 'service', 'stats', 'trip',
-				'security', 'setup', 'share-alt', 'sign-out', 'split', 'stripe', 'stripe-s', 'switch_off', 'switch_on', 'switch_on_red', 'tools', 'unlink', 'uparrow', 'user', 'user-tie', 'vcard', 'wrench',
+				'security', 'setup', 'share-alt', 'sign-out', 'split', 'stripe', 'stripe-s', 'switch_off', 'switch_on', 'switch_on_warning', 'switch_on_red', 'tools', 'unlink', 'uparrow', 'user', 'user-tie', 'vcard', 'wrench',
 				'github', 'google', 'jabber', 'microsoft', 'skype', 'twitter', 'facebook', 'linkedin', 'instagram', 'snapchat', 'youtube', 'google-plus-g', 'whatsapp',
 				'chevron-left', 'chevron-right', 'chevron-down', 'chevron-top', 'commercial', 'companies',
 				'generic', 'home', 'hrm', 'members', 'products', 'invoicing',
@@ -4180,7 +4180,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $
 				'member'=>'user-alt', 'meeting'=>'chalkboard-teacher', 'mrp'=>'cubes', 'next'=>'arrow-alt-circle-right',
 				'trip'=>'wallet', 'expensereport'=>'wallet', 'group'=>'users', 'movement'=>'people-carry',
 				'sign-out'=>'sign-out-alt',
-				'switch_off'=>'toggle-off', 'switch_on'=>'toggle-on', 'switch_on_red'=>'toggle-on', 'check'=>'check', 'bookmark'=>'star',
+				'switch_off'=>'toggle-off', 'switch_on'=>'toggle-on',  'switch_on_warning'=>'toggle-on', 'switch_on_red'=>'toggle-on', 'check'=>'check', 'bookmark'=>'star',
 				'bank'=>'university', 'close_title'=>'times', 'delete'=>'trash', 'filter'=>'filter',
 				'list-alt'=>'list-alt', 'calendarlist'=>'bars', 'calendar'=>'calendar-alt', 'calendarmonth'=>'calendar-alt', 'calendarweek'=>'calendar-week', 'calendarday'=>'calendar-day', 'calendarperuser'=>'table',
 				'intervention'=>'ambulance', 'invoice'=>'file-invoice-dollar', 'currency'=>'dollar-sign', 'multicurrency'=>'dollar-sign', 'order'=>'file-invoice',
@@ -4264,7 +4264,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $
 				'members'=>'infobox-adherent', 'member'=>'infobox-adherent', 'money-bill-alt'=>'infobox-bank_account',
 				'order'=>'infobox-commande',
 				'user'=>'infobox-adherent', 'users'=>'infobox-adherent',
-				'error'=>'pictoerror', 'warning'=>'pictowarning', 'switch_on'=>'font-status4', 'switch_on_red'=>'font-status8',
+				'error'=>'pictoerror', 'warning'=>'pictowarning', 'switch_on'=>'font-status4', 'switch_on_warning'=>'font-status4 warning', 'switch_on_red'=>'font-status8',
 				'holiday'=>'infobox-holiday', 'info'=>'opacityhigh', 'invoice'=>'infobox-commande',
 				'knowledgemanagement'=>'infobox-contrat rotate90', 'loan'=>'infobox-bank_account',
 				'payment'=>'infobox-bank_account', 'payment_vat'=>'infobox-bank_account', 'poll'=>'infobox-adherent', 'pos'=>'infobox-bank_account', 'project'=>'infobox-project', 'projecttask'=>'infobox-project',

From da000f816a7c8a8aba93a7740d16503e83be0e77 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 21 Mar 2023 19:02:14 +0100
Subject: [PATCH 14/17] Fix warning

---
 htdocs/product/card.php     | 2 +-
 htdocs/product/reassort.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/product/card.php b/htdocs/product/card.php
index b42384e934d..9141810d9c8 100644
--- a/htdocs/product/card.php
+++ b/htdocs/product/card.php
@@ -2199,7 +2199,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
 						$arrayselected[] = $cat->id;
 					}
 				}
-				if (GETPOSTISSET('categories', 'array')) {
+				if (GETPOSTISARRAY('categories')) {
 					foreach (GETPOST('categories', 'array') as $cat) {
 						$arrayselected[] = $cat;
 					}
diff --git a/htdocs/product/reassort.php b/htdocs/product/reassort.php
index 02d8e6e2002..f22e688327a 100644
--- a/htdocs/product/reassort.php
+++ b/htdocs/product/reassort.php
@@ -534,7 +534,7 @@ if ($resql) {
 				print img_warning($langs->trans("StockLowerThanLimit", $objp->seuil_stock_alerte)).' ';
 			}
 			if ($objp->stock_physique < 0) { print '<span class="warning">'; }
-			print price2num($product->stock_theorique, 'MS', 0, $langs, 1, 0);
+			print price(price2num($product->stock_theorique, 'MS'), 0, $langs, 1, 0);
 			if ($objp->stock_physique < 0) { print '</span>'; }
 			print '</td>';
 		}

From ee6dcd9c5a9f3ca6ce4e4a3017a665cb049dbd78 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 21 Mar 2023 19:04:28 +0100
Subject: [PATCH 15/17] Fix warning

---
 htdocs/adherents/admin/website.php | 2 +-
 htdocs/compta/bank/transfer.php    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/adherents/admin/website.php b/htdocs/adherents/admin/website.php
index dd44ce0cece..6b7d12c122a 100644
--- a/htdocs/adherents/admin/website.php
+++ b/htdocs/adherents/admin/website.php
@@ -60,7 +60,7 @@ if ($action == 'update') {
 	$amount = price2num(GETPOST('MEMBER_NEWFORM_AMOUNT'), 'MT', 2);
 	$minamount = GETPOST('MEMBER_MIN_AMOUNT');
 	$publiccounters = GETPOST('MEMBER_COUNTERS_ARE_PUBLIC');
-	$showtable = GETPOST('MEMBER_SHOW_TABLE');;
+	$showtable = GETPOST('MEMBER_SHOW_TABLE');
 	$showvoteallowed = GETPOST('MEMBER_SHOW_VOTE_ALLOWED');
 	$payonline = GETPOST('MEMBER_NEWFORM_PAYONLINE');
 	$forcetype = GETPOST('MEMBER_NEWFORM_FORCETYPE', 'int');
diff --git a/htdocs/compta/bank/transfer.php b/htdocs/compta/bank/transfer.php
index 5f33afbae7f..724e09554db 100644
--- a/htdocs/compta/bank/transfer.php
+++ b/htdocs/compta/bank/transfer.php
@@ -346,7 +346,7 @@ for ($i = 1 ; $i < $MAXLINES; $i++) {
 	print '<td class="hideobject" class="multicurrency"><input name="'.$i.'_amountto" class="flat" type="text" size="6" value="'.dol_escape_htmltag($amountto).'"></td>';
 
 	print '</tr>';
-};
+}
 
 print '</table>';
 print '</div>';

From fc6e8540289b48b7512b0ce4434d03dea762a2fd Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 21 Mar 2023 19:14:43 +0100
Subject: [PATCH 16/17] Fix warning

---
 htdocs/core/class/html.form.class.php        | 19 ++++++++++---------
 htdocs/core/lib/xcal.lib.php                 | 20 ++++++++++++++++----
 htdocs/datapolicy/class/datapolicy.class.php | 12 +++++++++---
 3 files changed, 35 insertions(+), 16 deletions(-)

diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 33009ad09ba..e5c245ab78a 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -4879,6 +4879,8 @@ class Form
 					print '<span class="opacitymedium">' . $langs->trans("NoEstablishmentFound") . '</span>';
 				}
 			}
+
+			return $num;
 		} else {
 			dol_print_error($this->db);
 			return -1;
@@ -8765,9 +8767,9 @@ class Form
 		);
 		$reshook = $hookmanager->executeHooks('showLinkedObjectBlock', $parameters, $object, $action); // Note that $action and $object may have been modified by hook
 
-		if (empty($reshook)) {
-			$nbofdifferenttypes = count($object->linkedObjects);
+		$nbofdifferenttypes = count($object->linkedObjects);
 
+		if (empty($reshook)) {
 			print '<!-- showLinkedObjectBlock -->';
 			print load_fiche_titre($langs->trans($title), $morehtmlright, '', 0, 0, 'showlinkedobjectblock');
 
@@ -8893,20 +8895,19 @@ class Form
 				$res = @include dol_buildpath('core/tpl/objectlinked_lineimport.tpl.php');
 			}
 
-
 			print '</div>';
-
-			return $nbofdifferenttypes;
 		}
+
+		return $nbofdifferenttypes;
 	}
 
 	/**
 	 *  Show block with links to link to other objects.
 	 *
-	 * @param CommonObject $object Object we want to show links to
-	 * @param array $restrictlinksto Restrict links to some elements, for exemple array('order') or array('supplier_order'). null or array() if no restriction.
-	 * @param array $excludelinksto Do not show links of this type, for exemple array('order') or array('supplier_order'). null or array() if no exclusion.
-	 * @return    string                                <0 if KO, >0 if OK
+	 * @param 	CommonObject 	$object 			Object we want to show links to
+	 * @param 	array 			$restrictlinksto 	Restrict links to some elements, for exemple array('order') or array('supplier_order'). null or array() if no restriction.
+	 * @param 	array 			$excludelinksto 	Do not show links of this type, for exemple array('order') or array('supplier_order'). null or array() if no exclusion.
+	 * @return  string                              HTML block
 	 */
 	public function showLinkToObjectBlock($object, $restrictlinksto = array(), $excludelinksto = array())
 	{
diff --git a/htdocs/core/lib/xcal.lib.php b/htdocs/core/lib/xcal.lib.php
index 1bf83410088..57cbb0188a5 100644
--- a/htdocs/core/lib/xcal.lib.php
+++ b/htdocs/core/lib/xcal.lib.php
@@ -30,7 +30,7 @@
  *  @param      string  $desc               Description of export
  *  @param      array   $events_array       Array of events ("uid","startdate","duration","enddate","title","summary","category","email","url","desc","author")
  *  @param      string  $outputfile         Output file
- *  @return     int                         < 0 if ko, Nb of events in file if ok
+ *  @return     int                         < 0 if KO, Nb of events in file if OK
  */
 function build_calfile($format, $title, $desc, $events_array, $outputfile)
 {
@@ -43,6 +43,8 @@ function build_calfile($format, $title, $desc, $events_array, $outputfile)
 		return -1;
 	}
 
+	$nbevents = 0;
+
 	// Note: A cal file is an UTF8 encoded file
 	$calfileh = fopen($outputfile, "w");
 
@@ -144,6 +146,8 @@ function build_calfile($format, $title, $desc, $events_array, $outputfile)
 			*/
 
 			if ($type === "event") {
+				$nbevents++;
+
 				fwrite($calfileh, "BEGIN:VEVENT\n");
 				fwrite($calfileh, "UID:".$uid."\n");
 
@@ -247,6 +251,8 @@ function build_calfile($format, $title, $desc, $events_array, $outputfile)
 
 			// Output the vCard/iCal VJOURNAL object
 			if ($type === "journal") {
+				$nbevents++;
+
 				fwrite($calfileh, "BEGIN:VJOURNAL\n");
 				fwrite($calfileh, "UID:".$uid."\n");
 
@@ -289,6 +295,8 @@ function build_calfile($format, $title, $desc, $events_array, $outputfile)
 		dol_syslog("xcal.lib.php::build_calfile Failed to open file ".$outputfile." for writing");
 		return -2;
 	}
+
+	return $nbevents;
 }
 
 /**
@@ -303,7 +311,7 @@ function build_calfile($format, $title, $desc, $events_array, $outputfile)
  *  @param      string	$filter             (optional) Filter
  *  @param		string	$url				Url (If empty, forge URL for agenda RSS export)
  *  @param		string	$langcode			Language code to show in header
- *  @return     int                         < 0 if ko, Nb of events in file if ok
+ *  @return     int                         < 0 if KO, Nb of events in file if OK
  */
 function build_rssfile($format, $title, $desc, $events_array, $outputfile, $filter = '', $url = '', $langcode = '')
 {
@@ -317,6 +325,8 @@ function build_rssfile($format, $title, $desc, $events_array, $outputfile, $filt
 		return -1;
 	}
 
+	$nbevents = 0;
+
 	$fichier = fopen($outputfile, "w");
 
 	if ($fichier) {
@@ -362,6 +372,8 @@ function build_rssfile($format, $title, $desc, $events_array, $outputfile, $filt
 			}
 
 			if ($eventqualified) {
+				$nbevents++;
+
 				if (is_object($event) && get_class($event) == 'WebsitePage') {
 					// Convert object into an array
 					$tmpevent = array();
@@ -426,6 +438,8 @@ function build_rssfile($format, $title, $desc, $events_array, $outputfile, $filt
 		fclose($fichier);
 		dolChmod($outputfile);
 	}
+
+	return $nbevents;
 }
 
 /**
@@ -437,8 +451,6 @@ function build_rssfile($format, $title, $desc, $events_array, $outputfile, $filt
  */
 function format_cal($format, $string)
 {
-	global $conf;
-
 	$newstring = $string;
 
 	if ($format === "vcal") {
diff --git a/htdocs/datapolicy/class/datapolicy.class.php b/htdocs/datapolicy/class/datapolicy.class.php
index 7bbe8d7c1a6..e83730c89e2 100644
--- a/htdocs/datapolicy/class/datapolicy.class.php
+++ b/htdocs/datapolicy/class/datapolicy.class.php
@@ -44,7 +44,7 @@ class DataPolicy
 	/**
 	 * getAllContactNotInformed
 	 *
-	 * @return number
+	 * @return integer
 	 */
 	public function getAllContactNotInformed()
 	{
@@ -75,12 +75,14 @@ class DataPolicy
 			$this->error = $this->db->error();
 			return -1;
 		}
+
+		return 1;
 	}
 
 	/**
 	 * getAllCompaniesNotInformed
 	 *
-	 * @return number
+	 * @return integer
 	 */
 	public function getAllCompaniesNotInformed()
 	{
@@ -110,12 +112,14 @@ class DataPolicy
 			$this->error = $this->db->error();
 			return -1;
 		}
+
+		return 1;
 	}
 
 	/**
 	 * getAllAdherentsNotInformed
 	 *
-	 * @return number
+	 * @return integer
 	 */
 	public function getAllAdherentsNotInformed()
 	{
@@ -145,6 +149,8 @@ class DataPolicy
 			$this->error = $this->db->error();
 			return -1;
 		}
+
+		return 1;
 	}
 
 	/**

From 7b7413aadf3a5f31cec0846a9703833a3ff70b2f Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 22 Mar 2023 01:52:07 +0100
Subject: [PATCH 17/17] Look and feel v18

---
 htdocs/user/virtualcard.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/htdocs/user/virtualcard.php b/htdocs/user/virtualcard.php
index 55d63c3d40a..ee47afffc0e 100644
--- a/htdocs/user/virtualcard.php
+++ b/htdocs/user/virtualcard.php
@@ -129,7 +129,9 @@ print '<div class="fichecenter">';
 
 print '<br>';
 
-print '<span class="opacitymedium">'.$langs->trans("UserPublicPageDesc").'</span><br><br>';
+if (!getDolUserInt('USER_ENABLE_PUBLIC', 0, $object)) {
+	print '<span class="opacitymedium">'.$langs->trans("UserPublicPageDesc").'</span><br><br>';
+}
 
 $param = '&id='.((int) $object->id);
 $param .= '&dol_openinpopup=1';