Merge branch '11.0' of git@github.com:Dolibarr/dolibarr.git into develop

2025-12-12 04:21:30 +01:00 · 2020-02-02 19:32:37 +01:00
parent be0a25e5ed 423555c8b0
commit ffa847bc8e
18 changed files with 389 additions and 285 deletions
--- a/htdocs/admin/company.php
+++ b/htdocs/admin/company.php
@@ -95,15 +95,15 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha'))
    dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOM", GETPOST("nom", 'nohtml'), 'chaine', 0, '', $conf->entity);
 	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ADDRESS", GETPOST("MAIN_INFO_SOCIETE_ADDRESS", 'nohtml'), 'chaine', 0, '', $conf->entity);
 	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TOWN", GETPOST("MAIN_INFO_SOCIETE_TOWN", 'nohtml'), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ZIP", GETPOST("MAIN_INFO_SOCIETE_ZIP", 'alpha'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ZIP", GETPOST("MAIN_INFO_SOCIETE_ZIP", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_REGION", GETPOST("region_code", 'alpha'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_REGION", GETPOST("region_code", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
 	dolibarr_set_const($db, "MAIN_MONNAIE", GETPOST("currency", 'aZ09'), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TEL", GETPOST("tel", 'alpha'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TEL", GETPOST("tel", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FAX", GETPOST("fax", 'alpha'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FAX", GETPOST("fax", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MAIL", GETPOST("mail", 'alpha'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MAIL", GETPOST("mail", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_WEB", GETPOST("web", 'alpha'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_WEB", GETPOST("web", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
 	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOTE", GETPOST("note", 'none'), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_GENCOD", GETPOST("barcode", 'alpha'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_GENCOD", GETPOST("barcode", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
 	$dirforimage = $conf->mycompany->dir_output.'/logos/';
--- a/htdocs/admin/const.php
+++ b/htdocs/admin/const.php
@@ -40,7 +40,7 @@ $update=GETPOST('update', 'alpha');
 $delete=GETPOST('delete', 'none');	// Do not use alpha here
 $debug=GETPOST('debug', 'int');
 $consts=GETPOST('const', 'array');
-$constname=GETPOST('constname', 'alpha');
+$constname=GETPOST('constname', 'alphanohtml');
 $constvalue=GETPOST('constvalue', 'none');	// We shoul dbe able to send everything here
 $constnote=GETPOST('constnote', 'alpha');
--- a/htdocs/admin/defaultvalues.php
+++ b/htdocs/admin/defaultvalues.php
@@ -1,5 +1,5 @@
 <?php
-/* Copyright (C) 2017-2018	Laurent Destailleur	<eldy@users.sourceforge.net>
+/* Copyright (C) 2017-2020	Laurent Destailleur	<eldy@users.sourceforge.net>
 * Copyright (C) 2017-2018	Regis Houssin		<regis.houssin@inodbox.com>
 *
 * This program is free software; you can redistribute it and/or modify
@@ -52,15 +52,15 @@ $pagenext = $page + 1;
 if (!$sortfield) $sortfield = 'page,param';
 if (!$sortorder) $sortorder = 'ASC';
-$defaulturl = GETPOST('defaulturl');
+$defaulturl = GETPOST('defaulturl', 'alphanohtml');
-$defaultkey = GETPOST('defaultkey', 'alpha');
+$defaultkey = GETPOST('defaultkey', 'alphanohtml');
-$defaultvalue = GETPOST('defaultvalue');
+$defaultvalue = GETPOST('defaultvalue', 'none');
 $defaulturl = preg_replace('/^\//', '', $defaulturl);
-$urlpage = GETPOST('urlpage');
+$urlpage = GETPOST('urlpage', 'alphanohtml');
-$key = GETPOST('key');
+$key = GETPOST('key', 'alphanohtml');
-$value = GETPOST('value');
+$value = GETPOST('value', 'none');
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('admindefaultvalues', 'globaladmin'));
@@ -210,9 +210,9 @@ print load_fiche_titre($langs->trans("DefaultValues"), $enabledisablehtml, 'titl
 print '<span class="opacitymedium">'.$langs->trans("DefaultValuesDesc")."</span><br>\n";
 print "<br>\n";
-if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param .= '&contextpage='.$contextpage;
+if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param .= '&contextpage='.urlencode($contextpage);
-if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.$limit;
+if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.urlencode($limit);
-if ($optioncss != '')  $param .= '&optioncss='.$optioncss;
+if ($optioncss != '')  $param .= '&optioncss='.urlencode($optioncss);
 if ($defaulturl)        $param .= '&defaulturl='.urlencode($defaulturl);
 if ($defaultkey)        $param .= '&defaultkey='.urlencode($defaultkey);
 if ($defaultvalue)      $param .= '&defaultvalue='.urlencode($defaultvalue);
@@ -359,7 +359,7 @@ if ($result)
 		// Page
 		print '<td>';
-		if ($action != 'edit' || GETPOST('rowid') != $obj->rowid) print $obj->page;
+		if ($action != 'edit' || GETPOST('rowid', 'int') != $obj->rowid) print $obj->page;
 		else print '<input type="text" name="urlpage" value="'.dol_escape_htmltag($obj->page).'">';
 		print '</td>'."\n";
@@ -378,7 +378,7 @@ if ($result)
    		print '<input type="hidden" name="const['.$i.'][name]" value="'.$obj->transkey.'">';
    		print '<input type="text" id="value_'.$i.'" class="flat inputforupdate" size="30" name="const['.$i.'][value]" value="'.dol_escape_htmltag($obj->transvalue).'">';
    		*/
-    		if ($action != 'edit' || GETPOST('rowid') != $obj->rowid) print $obj->value;
+    		if ($action != 'edit' || GETPOST('rowid') != $obj->rowid) print dol_escape_htmltag($obj->value);
    		else print '<input type="text" name="value" value="'.dol_escape_htmltag($obj->value).'">';
    		print '</td>';
 		}
--- a/htdocs/admin/dict.php
+++ b/htdocs/admin/dict.php
@@ -58,6 +58,7 @@ if ($id == 10 && !empty($user->rights->accounting->chartofaccount)) $allowed = 1
 if ($id == 17 && !empty($user->rights->accounting->chartofaccount)) $allowed = 1; // Dictionary with type of expense report and accounting account allowed to manager of chart account
 if (!$allowed) accessforbidden();
 $acts =array(); $actl =array();
 $acts[0] = "activate";
 $acts[1] = "disable";
 $actl[0] = img_picto($langs->trans("Disabled"), 'switch_off');
@@ -76,7 +77,7 @@ $pageprev = $page - 1;
 $pagenext = $page + 1;
 $search_country_id = GETPOST('search_country_id', 'int');
-if ($search_country_id == '' && ($id == 2 || $id == 3 || $id == 10))	// Not a so good idea to force on current country for all dictionaries. Some tables have entries that are for all countries, we must be able to see them, so this is done for dedicated dictionaries only.
+if (! GETPOSTISSET('search_country_id') && $search_country_id == '' && ($id == 2 || $id == 3 || $id == 10))	// Not a so good idea to force on current country for all dictionaries. Some tables have entries that are for all countries, we must be able to see them, so this is done for dedicated dictionaries only.
 {
 	$search_country_id = $mysoc->country_id;
 }
@@ -178,7 +179,7 @@ $tablib[38] = "DictionarySocialNetworks";
 $tabsql = array();
 $tabsql[1] = "SELECT f.rowid as rowid, f.code, f.libelle, c.code as country_code, c.label as country, f.active FROM ".MAIN_DB_PREFIX."c_forme_juridique as f, ".MAIN_DB_PREFIX."c_country as c WHERE f.fk_pays=c.rowid";
 $tabsql[2] = "SELECT d.rowid as rowid, d.code_departement as code, d.nom as libelle, d.fk_region as region_id, r.nom as region, c.code as country_code, c.label as country, d.active FROM ".MAIN_DB_PREFIX."c_departements as d, ".MAIN_DB_PREFIX."c_regions as r, ".MAIN_DB_PREFIX."c_country as c WHERE d.fk_region=r.code_region and r.fk_pays=c.rowid and r.active=1 and c.active=1";
-$tabsql[3] = "SELECT r.rowid as rowid, r.code_region as code, r.nom as libelle, r.fk_pays as country_id, c.code as country_code, c.label as country, r.active FROM ".MAIN_DB_PREFIX."c_regions as r, ".MAIN_DB_PREFIX."c_country as c WHERE r.fk_pays=c.rowid and c.active=1";
+$tabsql[3] = "SELECT r.rowid as rowid, r.code_region as state_code, r.nom as libelle, r.fk_pays as country_id, c.code as country_code, c.label as country, r.active FROM ".MAIN_DB_PREFIX."c_regions as r, ".MAIN_DB_PREFIX."c_country as c WHERE r.fk_pays=c.rowid and c.active=1";
 $tabsql[4] = "SELECT c.rowid as rowid, c.code, c.label, c.active, c.favorite FROM ".MAIN_DB_PREFIX."c_country AS c";
 $tabsql[5] = "SELECT c.rowid as rowid, c.code as code, c.label, c.active FROM ".MAIN_DB_PREFIX."c_civility AS c";
 $tabsql[6] = "SELECT a.id    as rowid, a.code as code, a.libelle AS libelle, a.type, a.active, a.module, a.color, a.position FROM ".MAIN_DB_PREFIX."c_actioncomm AS a";
@@ -759,12 +760,13 @@ if (GETPOST('actionadd') || GETPOST('actionmodify'))
            	$_POST[$listfieldvalue[$i]] = getEntity($tabname[$id]);
            }
            if ($i) $sql .= ",";
            if ($listfieldvalue[$i] == 'sortorder')		// For column name 'sortorder', we use the field name 'position'
            {
-            	$sql .= "'".(int) $db->escape($_POST['position'])."'";
+            	$sql .= "'".(int) $db->escape(GETPOST('position'))."'";
            }
            elseif ($_POST[$listfieldvalue[$i]] == '' && !($listfieldvalue[$i] == 'code' && $id == 10)) $sql .= "null"; // For vat, we want/accept code = ''
-            else $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
+            else $sql .= "'".$db->escape(GETPOST($listfieldvalue[$i], 'nohtml'))."'";
            $i++;
        }
        $sql .= ",1)";
@@ -1011,6 +1013,7 @@ if ($id)
    if ($search_code != '' && $id == 9)     $sql .= natural_search("code_iso", $search_code);
    elseif ($search_code != '' && $id == 28)    $sql .= natural_search("h.code", $search_code);
    elseif ($search_code != '' && $id == 32)    $sql .= natural_search("a.code", $search_code);
    elseif ($search_code != '' && $id == 3)     $sql .= natural_search("r.code_region", $search_code);
    elseif ($search_code != '' && $id != 9)     $sql .= natural_search("code", $search_code);
    if ($sortfield)
@@ -1146,7 +1149,7 @@ if ($id)
 			if ($fieldlist[$field] == 'revenuestamp_type') { $valuetoshow = $langs->trans('TypeOfRevenueStamp'); }
 			if ($fieldlist[$field] == 'use_default') { $valuetoshow = $langs->trans('Default'); }
-            if ($id == 2)	// Special cas for state page
+            if ($id == 2)	// Special case for state page
            {
                if ($fieldlist[$field] == 'region_id') { $valuetoshow = '&nbsp;'; $showfield = 1; }
                if ($fieldlist[$field] == 'region') { $valuetoshow = $langs->trans("Country").'/'.$langs->trans("Region"); $showfield = 1; }
@@ -1228,6 +1231,7 @@ if ($id)
    // List of available record in database
    dol_syslog("htdocs/admin/dict", LOG_DEBUG);
    $resql = $db->query($sql);
    if ($resql)
    {
@@ -1620,7 +1624,9 @@ if ($id)
 								$key = $langs->trans($obj->label);
 								$valuetoshow = ($obj->label && $key != strtoupper($obj->label) ? $key : $obj->{$fieldlist[$field]});
 							}
-
+							elseif ($fieldlist[$field] == 'code' && $id == 3) {
 								$valuetoshow = $obj->state_code;
 							}
                            $class .= ($class ? ' ' : '').'tddict';
                            if ($fieldlist[$field] == 'note' && $id == 10) $class .= ' tdoverflowmax200';
                            if ($fieldlist[$field] == 'tracking') $class .= ' tdoverflowauto';
--- a/htdocs/admin/system/browser.php
+++ b/htdocs/admin/system/browser.php
@@ -49,12 +49,15 @@ $tmp=getBrowserInfo($_SERVER["HTTP_USER_AGENT"]);
 print '<div class="div-table-responsive-no-min">';
 print '<table class="noborder centpercent">';
 print '<tr class="liste_titre"><td>'.$langs->trans("Parameter").'</td><td colspan="2">'.$langs->trans("Value").'</td></tr>'."\n";
-print '<tr class="oddeven"><td width="300">'.$langs->trans("UserAgent").'</td><td colspan="2">'.$_SERVER['HTTP_USER_AGENT'].'</td></tr>'."\n";
+print '<tr class="oddeven"><td width="300">'.$langs->trans("UserAgent").'</td><td colspan="2">'.dol_escape_htmltag($_SERVER['HTTP_USER_AGENT']).'</td></tr>'."\n";
 print '<tr class="oddeven"><td width="300">'.$langs->trans("BrowserName").'</td><td colspan="2">'.$tmp['browsername'].'</td></tr>'."\n";
 print '<tr class="oddeven"><td width="300">'.$langs->trans("BrowserOS").'</td><td colspan="2">'.$tmp['browseros'].'</td></tr>'."\n";
 print '<tr class="oddeven"><td width="300">'.$langs->trans("Version").'</td><td colspan="2">'.$tmp['browserversion'].'</td></tr>'."\n";
 print '<tr class="oddeven"><td width="300">'.$langs->trans("Layout").' (phone/tablet/classic)</td><td colspan="2">'.$tmp['layout'].'</td></tr>'."\n";
-print '<tr class="oddeven"><td width="300">'.$langs->trans("IPAddress").'</td><td colspan="2">'.$_SERVER['REMOTE_ADDR'].'</td></tr>'."\n";
+print '<tr class="oddeven"><td width="300">'.$langs->trans("IPAddress").'</td><td colspan="2">'.dol_escape_htmltag($_SERVER['REMOTE_ADDR']);
 if (! empty($_SERVER['HTTP_CLIENT_IP'])) print ' (HTTP_CLIENT_IP='.dol_escape_htmltag($_SERVER['HTTP_CLIENT_IP']).')';
 if (! empty($_SERVER['HTTP_X_FORWARDED_FOR'])) print ' (HTTP_X_FORWARDED_FOR='.dol_escape_htmltag($_SERVER['HTTP_X_FORWARDED_FOR']).')';
 print '</td></tr>'."\n";
 print '<tr class="oddeven"><td width="300">'.$langs->trans("SessionName").'</td><td colspan="2">'.session_name().'</td></tr>'."\n";
 print '<tr class="oddeven"><td width="300">'.$langs->trans("SessionId").'</td><td colspan="2">'.session_id().'</td></tr>'."\n";
--- a/htdocs/admin/translation.php
+++ b/htdocs/admin/translation.php
@@ -1,5 +1,5 @@
 <?php
-/* Copyright (C) 2007-2016	Laurent Destailleur	<eldy@users.sourceforge.net>
+/* Copyright (C) 2007-2020	Laurent Destailleur	<eldy@users.sourceforge.net>
 * Copyright (C) 2009-2017	Regis Houssin		<regis.houssin@inodbox.com>
 * Copyright (C) 2017       Frédéric France     <frederic.france@free.fr>
 *
@@ -35,9 +35,9 @@ if (!$user->admin) accessforbidden();
 $id = GETPOST('rowid', 'int');
 $action = GETPOST('action', 'alpha');
-$langcode = GETPOST('langcode', 'alpha');
+$langcode = GETPOST('langcode', 'alphanohtml');
-$transkey = GETPOST('transkey', 'alpha');
+$transkey = GETPOST('transkey', 'alphanohtml');
-$transvalue = GETPOST('transvalue', 'alpha');
+$transvalue = GETPOST('transvalue', 'none');
 $mode = GETPOST('mode', 'aZ09') ?GETPOST('mode', 'aZ09') : 'overwrite';
@@ -190,7 +190,6 @@ if ($action == 'delete')
 /*
 * View
 */
@@ -231,9 +230,9 @@ print '<span class="opacitymedium">'.$form->textwithpicto($langs->trans("Current
 print '<br>';
-if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.$contextpage;
+if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.urlencode($contextpage);
-if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.$limit;
+if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.urlencode($limit);
-if ($optioncss != '') $param.='&optioncss='.$optioncss;
+if ($optioncss != '') $param.='&optioncss='.urlencode($optioncss);
 if ($langcode)        $param.='&langcode='.urlencode($langcode);
 if ($transkey)        $param.='&transkey='.urlencode($transkey);
 if ($transvalue)      $param.='&transvalue='.urlencode($transvalue);
@@ -348,11 +347,11 @@ if ($mode == 'overwrite')
    		*/
    		if ($action == 'edit' && $obj->rowid == GETPOST('rowid', 'int'))
    		{
-    			print '<input type="text" class="quatrevingtpercent" name="transvalue" value="'.$obj->transvalue.'">';
+    			print '<input type="text" class="quatrevingtpercent" name="transvalue" value="'.dol_escape_htmltag($obj->transvalue).'">';
    		}
    		else
    		{
-    			print $obj->transvalue;
+    			print dol_escape_htmltag($obj->transvalue);
    		}
    		print '</td>';
--- a/htdocs/core/ajax/pingresult.php
+++ b/htdocs/core/ajax/pingresult.php
@@ -53,8 +53,8 @@ print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"])
 // If ok
 if ($action == 'firstpingok')
 {
-	// Note: pings are by installation, done on entity 1.
+	// Note: pings are per installed instances / entity.
-	// Once this constant are set, no more ping will be tried (except if we add parameter &forceping=1 on URL). So we can say this are 'first' ping.
+	// Once this constants are set, no more ping will be tried (except if we add parameter &forceping=1 on URL). So we can say this are 'first' ping.
 	dolibarr_set_const($db, 'MAIN_FIRST_PING_OK_DATE', dol_print_date($now, 'dayhourlog', 'gmt'));
 	dolibarr_set_const($db, 'MAIN_FIRST_PING_OK_ID', $hash_unique_id);
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -224,7 +224,54 @@ function dol_shutdown()
 */
 function GETPOSTISSET($paramname)
 {
-	return (isset($_POST[$paramname]) || isset($_GET[$paramname]));
+	$isset = 0;
 	$relativepathstring = $_SERVER["PHP_SELF"];
 	// Clean $relativepathstring
 	if (constant('DOL_URL_ROOT')) $relativepathstring = preg_replace('/^'.preg_quote(constant('DOL_URL_ROOT'), '/').'/', '', $relativepathstring);
 	$relativepathstring = preg_replace('/^\//', '', $relativepathstring);
 	$relativepathstring = preg_replace('/^custom\//', '', $relativepathstring);
 	//var_dump($relativepathstring);
 	//var_dump($user->default_values);
 	// Code for search criteria persistence.
 	// Retrieve values if restore_lastsearch_values
 	if (!empty($_GET['restore_lastsearch_values']))        // Use $_GET here and not GETPOST
 	{
 		if (!empty($_SESSION['lastsearch_values_'.$relativepathstring]))	// If there is saved values
 		{
 			$tmp = json_decode($_SESSION['lastsearch_values_'.$relativepathstring], true);
 			if (is_array($tmp))
 			{
 				foreach ($tmp as $key => $val)
 				{
 					if ($key == $paramname)	// We are on the requested parameter
 					{
 						$isset = 1;
 						break;
 					}
 				}
 			}
 		}
 		// If there is saved contextpage, page or limit
 		if ($paramname == 'contextpage' && !empty($_SESSION['lastsearch_contextpage_'.$relativepathstring]))
 		{
 			$isset = 1;
 		}
 		elseif ($paramname == 'page' && !empty($_SESSION['lastsearch_page_'.$relativepathstring]))
 		{
 			$isset = 1;
 		}
 		elseif ($paramname == 'limit' && !empty($_SESSION['lastsearch_limit_'.$relativepathstring]))
 		{
 			$isset = 1;
 		}
 	}
 	else {
 		$isset = (isset($_POST[$paramname]) || isset($_GET[$paramname]));
 	}
 	return $isset;
 }
 /**
@@ -1058,10 +1105,13 @@ function dol_syslog($message, $level = LOG_INFO, $ident = 0, $suffixinfilename =
 			'ip' => false
 		);
 		$remoteip = getUserRemoteIP();	// Get ip when page run on a web server
 		if (! empty($remoteip)) {
 			$data['ip'] = $remoteip;
 			// This is when server run behind a reverse proxy
-		if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) $data['ip'] = $_SERVER['HTTP_X_FORWARDED_FOR'].(empty($_SERVER["REMOTE_ADDR"]) ? '' : '->'.$_SERVER['REMOTE_ADDR']);
+			if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != $remoteip) $data['ip'] = $_SERVER['HTTP_X_FORWARDED_FOR'].' -> '.$data['ip'];
-		// This is when server run normally on a server
+			elseif (!empty($_SERVER['HTTP_CLIENT_IP']) && $_SERVER['HTTP_CLIENT_IP'] != $remoteip) $data['ip'] = $_SERVER['HTTP_CLIENT_IP'].' -> '.$data['ip'];
-		elseif (!empty($_SERVER["REMOTE_ADDR"])) $data['ip'] = $_SERVER['REMOTE_ADDR'];
+		}
 		// This is when PHP session is ran inside a web server but not inside a client request (example: init code of apache)
 		elseif (!empty($_SERVER['SERVER_ADDR'])) $data['ip'] = $_SERVER['SERVER_ADDR'];
 		// This is when PHP session is ran outside a web server, like from Windows command line (Not always defined, but useful if OS defined it).
--- a/htdocs/core/lib/security2.lib.php
+++ b/htdocs/core/lib/security2.lib.php
@@ -104,7 +104,7 @@ function checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $auth
    			}
    			else
    			{
-    				dol_syslog("Authentification ko - failed to load file '".$authfile."'", LOG_ERR);
+    				dol_syslog("Authentication KO - failed to load file '".$authfile."'", LOG_ERR);
    				sleep(1);
    				// Load translation files required by the page
                    $langs->loadLangs(array('other', 'main', 'errors'));
--- a/htdocs/core/login/functions_dolibarr.php
+++ b/htdocs/core/login/functions_dolibarr.php
@@ -110,7 +110,7 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
 				else
 				{
 				    sleep(2);      // Anti brut force protection
-				    dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko bad password for '".$usertotest."', cryptType=".$cryptType);
+				    dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentication KO bad password for '".$usertotest."', cryptType=".$cryptType, LOG_NOTICE);
 					// Load translation files required by the page
                    $langs->loadLangs(array('main', 'errors'));
@@ -129,7 +129,7 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
 						$ret = $mc->checkRight($obj->rowid, $entitytotest);
 						if ($ret < 0)
 						{
-							dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko entity '" . $entitytotest . "' not allowed for user '" . $obj->rowid . "'");
+							dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentication KO entity '" . $entitytotest . "' not allowed for user '" . $obj->rowid . "'", LOG_NOTICE);
 							$login = ''; // force authentication failure
 						}
 					}
@@ -137,7 +137,7 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
 			}
 			else
 			{
-				dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko user not found for '".$usertotest."'");
+				dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentication KO user not found for '".$usertotest."'", LOG_NOTICE);
 				sleep(1);
 				// Load translation files required by the page
@@ -148,7 +148,7 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
 		}
 		else
 		{
-			dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko db error for '".$usertotest."' error=".$db->lasterror());
+			dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentication KO db error for '".$usertotest."' error=".$db->lasterror(), LOG_ERR);
 			sleep(1);
 			$_SESSION["dol_loginmesg"]=$db->lasterror();
 		}
--- a/htdocs/core/login/functions_ldap.php
+++ b/htdocs/core/login/functions_ldap.php
@@ -52,7 +52,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
 	if (! function_exists("ldap_connect"))
 	{
-		dol_syslog("functions_ldap::check_user_password_ldap Authentification ko failed to connect to LDAP. LDAP functions are disabled on this PHP");
+		dol_syslog("functions_ldap::check_user_password_ldap Authentication KO failed to connect to LDAP. LDAP functions are disabled on this PHP", LOG_ERR);
 		sleep(1);
 		// Load translation files required by the page
@@ -202,7 +202,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
 					$ret=$mc->checkRight($usertmp->id, $entitytotest);
 					if ($ret < 0)
 					{
-						dol_syslog("functions_ldap::check_user_password_ldap Authentification ko entity '".$entitytotest."' not allowed for user '".$usertmp->id."'");
+						dol_syslog("functions_ldap::check_user_password_ldap Authentication KO entity '".$entitytotest."' not allowed for user '".$usertmp->id."'", LOG_NOTICE);
 						$login=''; // force authentication failure
 					}
 					unset($usertmp);
@@ -210,7 +210,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
 			}
 			if ($result == 1)
 			{
-				dol_syslog("functions_ldap::check_user_password_ldap Authentification ko bad user/password for '".$usertotest."'");
+				dol_syslog("functions_ldap::check_user_password_ldap Authentication KO bad user/password for '".$usertotest."'", LOG_NOTICE);
 				sleep(1);
 				// Load translation files required by the page
@@ -229,7 +229,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
             ** 49 - Wrong password
             ** 53 - Account inactive (manually locked out by administrator)
             */
-			dol_syslog("functions_ldap::check_user_password_ldap Authentification ko failed to connect to LDAP for '".$usertotest."'");
+			dol_syslog("functions_ldap::check_user_password_ldap Authentication KO failed to connect to LDAP for '".$usertotest."'", LOG_NOTICE);
 			if (is_resource($ldap->connection))    // If connection ok but bind ko
 			{
 				$ldap->ldapErrorCode = ldap_errno($ldap->connection);
--- a/htdocs/core/modules/modModuleBuilder.class.php
+++ b/htdocs/core/modules/modModuleBuilder.class.php
@@ -45,6 +45,7 @@ class modModuleBuilder extends DolibarrModules
 		// Family can be 'crm','financial','hr','projects','products','ecm','technic','other'
 		// It is used to group modules in module setup page
        $this->family = "technic";
        $this->module_position = '90';
        // Module label (no space allowed), used if translation string 'ModuleXXXName' not found (where XXX is value of numeric property 'numero' of module)
        $this->name = preg_replace('/^mod/i', '', get_class($this));
        $this->description = "A RAD (Rapid Application Development) tool to help developers to build their own module.";
@@ -82,6 +83,21 @@ class modModuleBuilder extends DolibarrModules
        //------
        $this->boxes = array();
        // Permissions
        //------------
        $this->rights = array();		// Permission array used by this module
        $this->rights_class = 'modulebuilder';
        $r=0;
        $r++;
        $this->rights[$r][0] = 3301;
        $this->rights[$r][1] = 'Generate new modules';
        $this->rights[$r][2] = 'a';
        $this->rights[$r][3] = 0;
        $this->rights[$r][4] = 'run';
        // Main menu entries
        //------------------
        $this->menu = array();
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -957,7 +957,7 @@ if (!defined('NOLOGIN'))
 	{
 		// If not active, we refuse the user
 		$langs->load("other");
-		dol_syslog("Authentification ko as login is disabled");
+		dol_syslog("Authentication KO as login is disabled", LOG_NOTICE);
 		accessforbidden($langs->trans("ErrorLoginDisabled"));
 		exit;
 	}
@@ -2553,22 +2553,29 @@ if (!function_exists("llxFooter"))
 		// Add code for the asynchronous anonymous first ping (for telemetry)
 		// You can use &forceping=1 in parameters to force the ping if the ping was already sent.
-		if (($_SERVER["PHP_SELF"] == DOL_URL_ROOT.'/index.php') || GETPOST('forceping', 'alpha'))
+		$forceping = GETPOST('forceping', 'alpha');
 		if (($_SERVER["PHP_SELF"] == DOL_URL_ROOT.'/index.php') || $forceping)
 		{
 			//print '<!-- instance_unique_id='.$conf->file->instance_unique_id.' MAIN_FIRST_PING_OK_ID='.$conf->global->MAIN_FIRST_PING_OK_ID.' -->';
 			$hash_unique_id = md5('dolibarr'.$conf->file->instance_unique_id);
 			if (empty($conf->global->MAIN_FIRST_PING_OK_DATE)
 				|| (!empty($conf->file->instance_unique_id) && ($hash_unique_id != $conf->global->MAIN_FIRST_PING_OK_ID) && ($conf->global->MAIN_FIRST_PING_OK_ID != 'disabled'))
-			|| GETPOST('forceping', 'alpha'))
+			|| $forceping)
 			{
-				if (strpos('alpha', DOL_VERSION) > 0) {
+				// No ping done if we are into an alpha version
 				if (strpos('alpha', DOL_VERSION) > 0 && ! $forceping) {
 					print "\n<!-- NO JS CODE TO ENABLE the anonymous Ping. It is an alpha version -->\n";
 				}
-				elseif (empty($_COOKIE['DOLINSTALLNOPING_'.$hash_unique_id]))	// Cookie is set when we uncheck the checkbox in the installation wizard.
+				elseif (empty($_COOKIE['DOLINSTALLNOPING_'.$hash_unique_id]) || $forceping)	// Cookie is set when we uncheck the checkbox in the installation wizard.
 				{
 					// MAIN_LAST_PING_KO_DATE
 					// Disable ping if MAIN_LAST_PING_KO_DATE is set and is recent
 					if (! empty($conf->global->MAIN_LAST_PING_KO_DATE) && substr($conf->global->MAIN_LAST_PING_KO_DATE, 0, 6) == dol_print_date(dol_now(), '%Y%m') && ! $forceping) {
 						print "\n<!-- NO JS CODE TO ENABLE the anonymous Ping. An error already occured this month, we will try later. -->\n";
 					} else {
 						include_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
-					print "\n".'<!-- Includes JS for Ping of Dolibarr MAIN_FIRST_PING_OK_DATE = '.$conf->global->MAIN_FIRST_PING_OK_DATE.' MAIN_FIRST_PING_OK_ID = '.$conf->global->MAIN_FIRST_PING_OK_ID.' -->'."\n";
+						print "\n".'<!-- Includes JS for Ping of Dolibarr forceping='.$forceping.' MAIN_FIRST_PING_OK_DATE='.$conf->global->MAIN_FIRST_PING_OK_DATE.' MAIN_FIRST_PING_OK_ID='.$conf->global->MAIN_FIRST_PING_OK_ID.' MAIN_LAST_PING_KO_DATE='.$conf->global->MAIN_LAST_PING_KO_DATE.' -->'."\n";
 						print "\n<!-- JS CODE TO ENABLE the anonymous Ping -->\n";
 						$url_for_ping = (empty($conf->global->MAIN_URL_FOR_PING) ? "https://ping.dolibarr.org/" : $conf->global->MAIN_URL_FOR_PING);
 						// Try to guess the distrib used
@@ -2620,6 +2627,7 @@ if (!function_exists("llxFooter"))
 			    			</script>
 						<?php
 					}
 				}
 				else
 				{
 					$now = dol_now();
--- a/htdocs/modulebuilder/index.php
+++ b/htdocs/modulebuilder/index.php
@@ -90,6 +90,9 @@ if (empty($newmask))	// This should no happen
 	$newmask = '0664';
 }
 $result = restrictedArea($user, 'modulebuilder', null);
 /*
 * Actions
--- a/htdocs/product/index.php
+++ b/htdocs/product/index.php
@@ -40,7 +40,7 @@ if ($type == '' && !$user->rights->service->lire) $type = '0'; // Force global p
 // Security check
 if ($type == '0') $result = restrictedArea($user, 'produit');
 elseif ($type == '1') $result = restrictedArea($user, 'service');
-else $result = restrictedArea($user, 'produit|service');
+else $result = restrictedArea($user, 'produit|service|expedition');
 // Load translation files required by the page
 $langs->loadLangs(array('products', 'stocks'));
@@ -117,21 +117,23 @@ if (!empty($conf->global->MAIN_SEARCH_FORM_ON_HOME_AREAS))     // This is useles
 /*
 * Number of products and/or services
 */
-$prodser = array();
+if ((!empty($conf->product->enabled) || !empty($conf->service->enabled)) && ($user->rights->produit->lire || $user->rights->service->lire))
 $prodser[0][0] = $prodser[0][1] = $prodser[0][2] = $prodser[0][3] = 0;
 $prodser[1][0] = $prodser[1][1] = $prodser[1][2] = $prodser[1][3] = 0;
 $sql = "SELECT COUNT(p.rowid) as total, p.fk_product_type, p.tosell, p.tobuy";
 $sql .= " FROM ".MAIN_DB_PREFIX."product as p";
 $sql .= ' WHERE p.entity IN ('.getEntity($product_static->element, 1).')';
 // Add where from hooks
 $parameters = array();
 $reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook
 $sql .= $hookmanager->resPrint;
 $sql .= " GROUP BY p.fk_product_type, p.tosell, p.tobuy";
 $result = $db->query($sql);
 while ($objp = $db->fetch_object($result))
 {
 	$prodser = array();
 	$prodser[0][0] = $prodser[0][1] = $prodser[0][2] = $prodser[0][3] = 0;
 	$prodser[1][0] = $prodser[1][1] = $prodser[1][2] = $prodser[1][3] = 0;
 	$sql = "SELECT COUNT(p.rowid) as total, p.fk_product_type, p.tosell, p.tobuy";
 	$sql .= " FROM ".MAIN_DB_PREFIX."product as p";
 	$sql .= ' WHERE p.entity IN ('.getEntity($product_static->element, 1).')';
 	// Add where from hooks
 	$parameters = array();
 	$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook
 	$sql .= $hookmanager->resPrint;
 	$sql .= " GROUP BY p.fk_product_type, p.tosell, p.tobuy";
 	$result = $db->query($sql);
 	while ($objp = $db->fetch_object($result))
 	{
 		$status = 3; // On sale + On purchase
 		if (!$objp->tosell && !$objp->tobuy) $status = 0; // Not on sale, not on purchase
 		if ($objp->tosell && !$objp->tobuy) $status = 1; // On sale only
@@ -140,10 +142,10 @@ while ($objp = $db->fetch_object($result))
 		if ($objp->tosell) $prodser[$objp->fk_product_type]['sell'] += $objp->total;
 		if ($objp->tobuy)  $prodser[$objp->fk_product_type]['buy'] += $objp->total;
 		if (!$objp->tosell && !$objp->tobuy)  $prodser[$objp->fk_product_type]['none'] += $objp->total;
-}
+	}
-if ($conf->use_javascript_ajax)
+	if ($conf->use_javascript_ajax)
-{
+	{
 		print '<div class="div-table-responsive-no-min">';
 		print '<table class="noborder centpercent">';
 		print '<tr class="liste_titre"><th colspan="2">'.$langs->trans("Statistics").'</th></tr>';
@@ -188,6 +190,7 @@ if ($conf->use_javascript_ajax)
 		print '</td></tr>';
 		print '</table>';
 		print '</div>';
 	}
 }
@@ -270,24 +273,26 @@ print '</div><div class="fichetwothirdright"><div class="ficheaddleft">';
 /*
 * Latest modified products
 */
-$max = 15;
+if ((!empty($conf->product->enabled) || !empty($conf->service->enabled)) && ($user->rights->produit->lire || $user->rights->service->lire))
 $sql = "SELECT p.rowid, p.label, p.price, p.ref, p.fk_product_type, p.tosell, p.tobuy, p.tobatch, p.fk_price_expression,";
 $sql .= " p.entity,";
 $sql .= " p.tms as datem";
 $sql .= " FROM ".MAIN_DB_PREFIX."product as p";
 $sql .= " WHERE p.entity IN (".getEntity($product_static->element, 1).")";
 if ($type != '') $sql .= " AND p.fk_product_type = ".$type;
 // Add where from hooks
 $parameters = array();
 $reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook
 $sql .= $hookmanager->resPrint;
 $sql .= $db->order("p.tms", "DESC");
 $sql .= $db->plimit($max, 0);
 //print $sql;
 $result = $db->query($sql);
 if ($result)
 {
 	$max = 15;
 	$sql = "SELECT p.rowid, p.label, p.price, p.ref, p.fk_product_type, p.tosell, p.tobuy, p.tobatch, p.fk_price_expression,";
 	$sql .= " p.entity,";
 	$sql .= " p.tms as datem";
 	$sql .= " FROM ".MAIN_DB_PREFIX."product as p";
 	$sql .= " WHERE p.entity IN (".getEntity($product_static->element, 1).")";
 	if ($type != '') $sql .= " AND p.fk_product_type = ".$type;
 	// Add where from hooks
 	$parameters = array();
 	$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook
 	$sql .= $hookmanager->resPrint;
 	$sql .= $db->order("p.tms", "DESC");
 	$sql .= $db->plimit($max, 0);
 	//print $sql;
 	$result = $db->query($sql);
 	if ($result)
 	{
 		$num = $db->num_rows($result);
 		$i = 0;
@@ -380,10 +385,11 @@ if ($result)
 			print '</div>';
 			print '<br>';
 		}
-}
+	}
-else
+	else
-{
+	{
 		dol_print_error($db);
 	}
 }
--- a/htdocs/resource/class/dolresource.class.php
+++ b/htdocs/resource/class/dolresource.class.php
@@ -948,7 +948,7 @@ class Dolresource extends CommonObject
     */
    public function getNomUrl($withpicto = 0, $option = '', $get_params = '', $notooltip = 0, $morecss = '', $save_lastsearch_value = -1)
    {
-        global $langs;
+        global $conf, $langs;
        $result = '';
        $label = '<u>'.$langs->trans("ShowResource").'</u>';
--- a/htdocs/support/default.css
+++ b/htdocs/support/default.css
@@ -23,6 +23,22 @@ background: #f9f9f9;
 margin: 5px 5px;
 }
 .center {
 	text-align: center;	
 }
 .centpercent {
 	width: 100%;	
 }
 .valignmiddle {
 	vertical-align: middle;	
 }
 inline-block {
 	display: inline-block;	
 }
 div.titre {
 padding: 5px 5px 5px 5px;
 margin: 0 0 0 0;
@@ -147,10 +163,10 @@ padding: 4px 4px 4px 4px;
 tr.title
 {
-background: #DDDFDD;
+background: #EEEEEE;
 }
-table.login {  border: 1px solid #C0C0C0; background: #FFF; }
+table.login {  border: 1px solid #E0E0E0; background: #FFF; }
 .tablesupport {
 	padding: 6px;
--- a/htdocs/support/inc.php
+++ b/htdocs/support/inc.php
@@ -223,15 +223,12 @@ function pHeader($soutitre, $next, $action = 'none')
 	print '<title>'.$langs->trans("DolibarrHelpCenter").'</title>'."\n";
 	print '</head>'."\n";
-	print '<body>'."\n";
+	print '<body class="center">'."\n";
-	print '<table class="noborder" summary="helpcentertitle"><tr valign="middle">';
+	print '<div class="noborder centpercent center valignmiddle inline-block">';
-	print '<td width="20">';
+	print '<img src="helpcenter.png" alt="logohelpcenter" class="inline-block"><br><br>';
-	print '<img src="helpcenter.png" alt="logohelpcenter">';
+	print '<span class="titre inline-block">'.$soutitre.'</span>'."\n";
-	print '</td>';
+	print '</div><br>';
 	print '<td>';
 	print '<span class="titre">'.$soutitre.'</span>'."\n";
 	print '</td></tr></table>';
 }
 /**