Backport fix for mysql 8 export

* FIX: when qty is not an integer, apply price() to avoid displaying precision errors if php.ini's precision settings are too high

* Apply eldy's suggestion to use price's parameters rather than a test

.gitignore

@@ -16,6 +16,7 @@ default.properties
 .DS_Store
 .idea
 *.iml
+*.orig
 Thumbs.db
 /dolibarr_genesis.mp4
 # Log files

.travis.yml

@@ -43,7 +43,7 @@ jobs:
   include:
     - if: type = push
       php: '5.5'
-      env: DB=postgresql
+      env: DB=mysql
     - if: type = pull_request OR type = push
       php: '7.4'
       env: DB=mysql

build/exe/doliwamp/config.inc.php.install

@@ -542,7 +542,7 @@ $cfg['ThemePerServer']      = FALSE;         // allow diferent theme for each co
  * %f will be replaced by a list of field names.
  * (%t and %f only applies to DefaultQueryTable)
  */
-$cfg['DefaultQueryTable']    = 'SELECT * FROM %t WHERE 1';
+$cfg['DefaultQueryTable']    = 'SELECT * FROM %t WHERE 1 = 1';
 $cfg['DefaultQueryDatabase'] = '';
 
 /**

doc/index.html

@@ -17,8 +17,6 @@ on Internet on web following sites:<br>
 <br>
 * <a href="https://demo.dolibarr.org">Dolibarr demo (online)</a><br>
 <br>
-* <a href="https://www.nltechno.com/pages/dolibarrwinbin.php">DoliWamp, the Dolibarr for Windows</a><br>
-<br>
 * <a href="https://www.dolistore.com">DoliStore (official addons/plugins market place)</a><br>
 
 </body>

doc/install/README

@@ -19,7 +19,7 @@ Download
 Install
 --------------------------------
 
-* For a Quick guide, take a look at README file into root directory.
+* For a Quick guide, take a look at README.md file into root directory.
 
 * More complete documentations are also available on line on the Dolibarr Wiki:
     https://wiki.dolibarr.org

doc/install/README-DE

@@ -22,7 +22,7 @@ Download / Herunterladen
 Installation
 --------------------------------
 
-* Für eine kurze Einleitung, schau auf die README Datei im Hauptverzeichnis.
+* Für eine kurze Einleitung, schau auf die README.md Datei im Hauptverzeichnis.
 
 * Umfangreiche Dokumentationen sind im Dolibarr Wiki zu finden:
     https://wiki.dolibarr.org/index.php/Hauptseite 

doc/install/README-FR

@@ -19,9 +19,7 @@ https://www.dolistore.org
 Documentation utilisateur
 --------------------------------
 
-* Pour une prise en main et installation rapide, consultez le fichier
-README-FR à la racine.
+* Pour une prise en main et installation rapide, consultez le fichier README-FR.md à la racine.
 
-* Une documentation utilisateur francophone plus consistante est disponible en
-ligne sur le wiki de Dolibarr à l'adresse:
-https://wiki.dolibarr.org
+* Une documentation utilisateur francophone plus consistante est disponible en ligne sur le wiki de Dolibarr à l'adresse:
+    https://wiki.dolibarr.org

doc/user/README

@@ -4,4 +4,5 @@ User guide
 --------------------------------
 
 * All Dolibarr guides are available, on line, on the Dolibarr Web site:
+
 https://www.dolibarr.org

doc/user/README-FR

@@ -3,9 +3,6 @@ README (french)
 Documentation utilisateur
 --------------------------------
 
-* Pour une prise en main et installation rapide, consultez le fichier
-README-FR à la racine.
+La documentation utilisateur francophone est disponible en ligne sur le site Web de Dolibarr à l'adresse:
 
-* Une documentation utilisateur francophone plus consistante est disponible en
-ligne sur le site Web de Dolibarr à l'adresse:
 https://www.dolibarr.fr

htdocs/accountancy/bookkeeping/balance.php

@@ -87,6 +87,7 @@ if (empty($search_date_start) && !GETPOSTISSET('formfilteraction'))
 	} else {
 		$month_start = ($conf->global->SOCIETE_FISCAL_MONTH_START ? ($conf->global->SOCIETE_FISCAL_MONTH_START) : 1);
 		$year_start = dol_print_date(dol_now(), '%Y');
+		if (dol_print_date(dol_now(), '%m') < $month_start) $year_start--; // If current month is lower that starting fiscal month, we start last year
 		$year_end = $year_start + 1;
 		$month_end = $month_start - 1;
 		if ($month_end < 1)

htdocs/accountancy/bookkeeping/list.php

@@ -44,14 +44,14 @@ $search_mvt_num = GETPOST('search_mvt_num', 'int');
 $search_doc_type = GETPOST("search_doc_type", 'alpha');
 $search_doc_ref = GETPOST("search_doc_ref", 'alpha');
 $search_date_start = dol_mktime(0, 0, 0, GETPOST('search_date_startmonth', 'int'), GETPOST('search_date_startday', 'int'), GETPOST('search_date_startyear', 'int'));
-$search_date_end = dol_mktime(0, 0, 0, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int'));
+$search_date_end = dol_mktime(23, 59, 59, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int'));
 $search_doc_date = dol_mktime(0, 0, 0, GETPOST('doc_datemonth', 'int'), GETPOST('doc_dateday', 'int'), GETPOST('doc_dateyear', 'int'));
 $search_date_creation_start = dol_mktime(0, 0, 0, GETPOST('date_creation_startmonth', 'int'), GETPOST('date_creation_startday', 'int'), GETPOST('date_creation_startyear', 'int'));
-$search_date_creation_end = dol_mktime(0, 0, 0, GETPOST('date_creation_endmonth', 'int'), GETPOST('date_creation_endday', 'int'), GETPOST('date_creation_endyear', 'int'));
+$search_date_creation_end = dol_mktime(23, 59, 59, GETPOST('date_creation_endmonth', 'int'), GETPOST('date_creation_endday', 'int'), GETPOST('date_creation_endyear', 'int'));
 $search_date_modification_start = dol_mktime(0, 0, 0, GETPOST('date_modification_startmonth', 'int'), GETPOST('date_modification_startday', 'int'), GETPOST('date_modification_startyear', 'int'));
-$search_date_modification_end = dol_mktime(0, 0, 0, GETPOST('date_modification_endmonth', 'int'), GETPOST('date_modification_endday', 'int'), GETPOST('date_modification_endyear', 'int'));
+$search_date_modification_end = dol_mktime(23, 59, 59, GETPOST('date_modification_endmonth', 'int'), GETPOST('date_modification_endday', 'int'), GETPOST('date_modification_endyear', 'int'));
 $search_date_export_start = dol_mktime(0, 0, 0, GETPOST('date_export_startmonth', 'int'), GETPOST('date_export_startday', 'int'), GETPOST('date_export_startyear', 'int'));
-$search_date_export_end = dol_mktime(0, 0, 0, GETPOST('date_export_endmonth', 'int'), GETPOST('date_export_endday', 'int'), GETPOST('date_export_endyear', 'int'));
+$search_date_export_end = dol_mktime(23, 59, 59, GETPOST('date_export_endmonth', 'int'), GETPOST('date_export_endday', 'int'), GETPOST('date_export_endyear', 'int'));
 
 //var_dump($search_date_start);exit;
 if (GETPOST("button_delmvt_x") || GETPOST("button_delmvt.x") || GETPOST("button_delmvt")) {

htdocs/accountancy/bookkeeping/listbyaccount.php

@@ -39,7 +39,7 @@ $langs->loadLangs(array("accountancy"));
 
 $action = GETPOST('action', 'alpha');
 $search_date_start = dol_mktime(0, 0, 0, GETPOST('search_date_startmonth', 'int'), GETPOST('search_date_startday', 'int'), GETPOST('search_date_startyear', 'int'));
-$search_date_end = dol_mktime(0, 0, 0, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int'));
+$search_date_end = dol_mktime(23, 59, 59, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int'));
 $search_doc_date = dol_mktime(0, 0, 0, GETPOST('doc_datemonth', 'int'), GETPOST('doc_dateday', 'int'), GETPOST('doc_dateyear', 'int'));
 
 $search_accountancy_code = GETPOST("search_accountancy_code");

htdocs/accountancy/class/accountancyexport.class.php

@@ -498,9 +498,8 @@ class AccountancyExport
 			$Tab['contrepartie'] = str_repeat(' ', 8);
 
 			// elarifr:  date format must be fixed format : 6 char ddmmyy = %d%m%yand not defined by user / dolibarr setting
-			if (!empty($data->date_echeance))
-				//$Tab['date_echeance'] = dol_print_date($data->date_echeance, $conf->global->ACCOUNTING_EXPORT_DATE);
-				$Tab['date_echeance'] = dol_print_date($data->date_echeance, '%d%m%y'); // elarifr:  format must be ddmmyy
+			if (!empty($data->date_lim_reglement))
+				$Tab['date_echeance'] = dol_print_date($data->date_lim_reglement, '%d%m%y'); // elarifr:  format must be ddmmyy
 			else
 				$Tab['date_echeance'] = '000000';
 
@@ -685,7 +684,7 @@ class AccountancyExport
 	public function exportFEC($objectLines)
 	{
 		$separator = "\t";
-		$end_line = "\n";
+		$end_line = "\r\n";
 
 		print "JournalCode".$separator;
 		print "JournalLib".$separator;

htdocs/adherents/class/adherent.class.php

@@ -1402,7 +1402,7 @@ class Adherent extends CommonObject
 					$this->first_subscription_amount = $obj->subscription;
 				}
 				$this->last_subscription_date = $this->db->jdate($obj->datec);
-				$this->last_subscription_date_start = $this->db->jdate($obj->datef);
+				$this->last_subscription_date_start = $this->db->jdate($obj->dateh);
 				$this->last_subscription_date_end = $this->db->jdate($obj->datef);
 				$this->last_subscription_amount = $obj->subscription;
 

htdocs/adherents/list.php

@@ -857,7 +857,7 @@ while ($i < min($num, $limit))
 		else
 		{
 			print '<td class="nowrap left">';
-			if ($obj->subscription == 'yes')
+			if (!empty($obj->subscription))
 			{
 				print $langs->trans("SubscriptionNotReceived");
 				if ($obj->statut > 0) print " ".img_warning();

htdocs/adherents/type.php

@@ -511,7 +511,7 @@ if ($rowid > 0)
 		$sql .= " AND t.rowid = ".$object->id;
 		if ($sall)
 		{
-			$sql .= natural_search(array("f.firstname", "d.lastname", "d.societe", "d.email", "d.login", "d.address", "d.town", "d.note_public", "d.note_private"), $sall);
+			$sql .= natural_search(array("d.firstname", "d.lastname", "d.societe", "d.email", "d.login", "d.address", "d.town", "d.note_public", "d.note_private"), $sall);
 		}
 		if ($status != '')
 		{
@@ -710,7 +710,7 @@ if ($rowid > 0)
 		        else
 		        {
 			        print '<td class="nowrap left">';
-			        if ($objp->subscription == 'yes')
+			        if (!empty($objp->subscription))
 			        {
 		                print $langs->trans("SubscriptionNotReceived");
 		                if ($objp->statut > 0) print " ".img_warning();

htdocs/admin/dict.php

@@ -777,7 +777,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify'))
             elseif (in_array($keycode, array('joinfile', 'private', 'position', 'scale'))) {
             	$sql .= (int) GETPOST($keycode, 'int');
             }
-            else {
+			else {
             	$sql .= "'".$db->escape(GETPOST($keycode, 'nohtml'))."'";
             }
 

htdocs/admin/mails.php

@@ -719,7 +719,7 @@ else
 	{
 		if (function_exists('fsockopen') && $port && $server)
 		{
-			print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?action=testconnect#formmailbeforetitle">'.$langs->trans("DoTestServerAvailability").'</a>';
+			print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?action=testconnect&date='.dol_now().'#formmailbeforetitle">'.$langs->trans("DoTestServerAvailability").'</a>';
 		}
 	}
 	else
@@ -789,6 +789,7 @@ else
 	// Run the test to connect
 	if ($action == 'testconnect')
 	{
+		print '<div id="formmailaftertstconnect" name="formmailaftertstconnect"></div>';
 		print load_fiche_titre($langs->trans("DoTestServerAvailability"));
 
 		include_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
@@ -804,6 +805,7 @@ else
 			}
 
 			setEventMessages($errormsg, null, 'errors');
+			print $errormsg;
 		}
 		print '<br>';
 	}

htdocs/admin/mails_templates.php

@@ -257,7 +257,7 @@ if (empty($reshook))
             $sql = "INSERT INTO ".$tabname[$id]." (";
             // List of fields
             $sql .= $tabfieldinsert[$id];
-            $sql .= ",active)";
+            $sql .= ",active,enabled)";
             $sql .= " VALUES(";
 
             // List of values
@@ -289,7 +289,7 @@ if (empty($reshook))
 
                 $i++;
             }
-            $sql .= ", 1)";
+            $sql .= ", 1, 1)";
 
             dol_syslog("actionadd", LOG_DEBUG);
             $result = $db->query($sql);

htdocs/admin/prelevement.php

@@ -74,35 +74,31 @@ if ($action == "set")
     else $error++;
 
     $res = dolibarr_set_const($db, "PRELEVEMENT_ICS", GETPOST("PRELEVEMENT_ICS"), 'chaine', 0, '', $conf->entity);
-    if (! $res > 0) $error++;
+    if (! ($res > 0)) $error++;
 
     if (GETPOST("PRELEVEMENT_USER") > 0)
     {
         $res = dolibarr_set_const($db, "PRELEVEMENT_USER", GETPOST("PRELEVEMENT_USER"), 'chaine', 0, '', $conf->entity);
-        if (! $res > 0) $error++;
+        if (! ($res > 0)) $error++;
     }
     if (GETPOST("PRELEVEMENT_END_TO_END") || GETPOST("PRELEVEMENT_END_TO_END")=="")
     {
         $res = dolibarr_set_const($db, "PRELEVEMENT_END_TO_END", GETPOST("PRELEVEMENT_END_TO_END"), 'chaine', 0, '', $conf->entity);
-        if (! $res > 0) $error++;
+        if (! ($res > 0)) $error++;
     }
     if (GETPOST("PRELEVEMENT_USTRD") || GETPOST("PRELEVEMENT_USTRD")=="")
     {
         $res = dolibarr_set_const($db, "PRELEVEMENT_USTRD", GETPOST("PRELEVEMENT_USTRD"), 'chaine', 0, '', $conf->entity);
-        if (! $res > 0) $error++;
+        if (! ($res > 0)) $error++;
     }
 
-    if (GETPOST("PRELEVEMENT_ADDDAYS") || GETPOST("PRELEVEMENT_ADDDAYS")=="")
-    {
-        $res = dolibarr_set_const($db, "PRELEVEMENT_ADDDAYS", GETPOST("PRELEVEMENT_ADDDAYS"), 'chaine', 0, '', $conf->entity);
-        if (! $res > 0) $error++;
-    } elseif (! $error)
-	{
+    $res = dolibarr_set_const($db, "PRELEVEMENT_ADDDAYS", GETPOST("PRELEVEMENT_ADDDAYS"), 'chaine', 0, '', $conf->entity);
+    if (! ($res > 0)) $error++;
+
+    if (! $error) {
 		$db->commit();
 		setEventMessages($langs->trans("SetupSaved"), null, 'mesgs');
-	}
-	else
-	{
+	} else {
 		$db->rollback();
 		setEventMessages($langs->trans("Error"), null, 'errors');
 	}
@@ -251,9 +247,10 @@ print '</td></tr>';
 //ADDDAYS
 print '<tr class="pair"><td>'.$langs->trans("ADDDAYS").'</td>';
 print '<td class="left">';
-if (! $conf->global->PRELEVEMENT_ADDDAYS) $conf->global->PRELEVEMENT_ADDDAYS=0;
+if (empty($conf->global->PRELEVEMENT_ADDDAYS)) $conf->global->PRELEVEMENT_ADDDAYS=0;
 print '<input type="text" name="PRELEVEMENT_ADDDAYS" value="'.$conf->global->PRELEVEMENT_ADDDAYS.'" size="15" ></td>';
 print '</td></tr>';
+
 print '</table>';
 print '<br>';
 

htdocs/admin/translation.php

@@ -197,7 +197,7 @@ if ($action == 'delete')
 $form = new Form($db);
 $formadmin = new FormAdmin($db);
 
-$wikihelp = 'EN:Setup|FR:Paramétrage|ES:Configuración';
+$wikihelp = 'EN:Setup_Translation|FR:Paramétrage_Traduction|ES:Configuración_Traducción';
 llxHeader('', $langs->trans("Setup"), $wikihelp);
 
 $param = '&mode='.$mode;

htdocs/comm/mailing/class/advtargetemailing.class.php

@@ -640,6 +640,10 @@ class AdvanceTargetingMailing extends CommonObject
 						if ($arrayquery['options_'.$key]!=''){
 							$sqlwhere[]= " (te.".$key." = ".$arrayquery['options_'.$key].")";
 						}
+					} elseif ($extrafields->attributes[$elementtype]['type'][$key] == 'link') {
+						if ($arrayquery['options_'.$key] > 0) {
+							$sqlwhere[]= " (te.".$key." = ".((int) $arrayquery['options_'.$key]).")";
+						}
 					} else {
 						if (is_array($arrayquery['options_'.$key])) {
 							$sqlwhere[]= " (te.".$key." IN ('".implode("','", $arrayquery['options_'.$key])."'))";
@@ -666,7 +670,6 @@ class AdvanceTargetingMailing extends CommonObject
 				while ($i < $num)
 				{
 					$obj = $this->db->fetch_object($resql);
-
 					$this->thirdparty_lines[$i] = $obj->rowid;
 
 					$i++;

htdocs/comm/propal/card.php

@@ -325,7 +325,7 @@ if (empty($reshook))
 		$duration = GETPOST('duree_validite', 'int');
 
 		if (empty($datep)) {
-			setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Date")), null, 'errors');
+			setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("DatePropal")), null, 'errors');
 			$action = 'create';
 			$error++;
 		}
@@ -1614,7 +1614,7 @@ if ($action == 'create')
 	}
 
 	// Date
-	print '<tr><td class="fieldrequired">'.$langs->trans('Date').'</td><td>';
+	print '<tr><td class="fieldrequired">'.$langs->trans('DatePropal').'</td><td>';
 	print $form->selectDate('', '', '', '', '', "addprop", 1, 1);
 	print '</td></tr>';
 
@@ -2044,7 +2044,7 @@ if ($action == 'create')
 	print '<tr>';
 	print '<td>';
 	print '<table class="nobordernopadding" width="100%"><tr><td>';
-	print $langs->trans('Date');
+	print $langs->trans('DatePropal');
 	print '</td>';
 	if ($action != 'editdate' && $object->statut == Propal::STATUS_DRAFT && $usercancreate)
 		print '<td class="right"><a class="editfielda" href="'.$_SERVER["PHP_SELF"].'?action=editdate&amp;id='.$object->id.'">'.img_edit($langs->trans('SetDate'), 1).'</a></td>';

htdocs/comm/propal/list.php

@@ -157,7 +157,7 @@ $arrayfields = array(
 	'state.nom'=>array('label'=>"StateShort", 'checked'=>0),
 	'country.code_iso'=>array('label'=>"Country", 'checked'=>0),
 	'typent.code'=>array('label'=>"ThirdPartyType", 'checked'=>$checkedtypetiers),
-	'p.date'=>array('label'=>"Date", 'checked'=>1),
+	'p.date'=>array('label'=>"DatePropal", 'checked'=>1),
 	'p.fin_validite'=>array('label'=>"DateEnd", 'checked'=>1),
 	'p.date_livraison'=>array('label'=>"DeliveryDate", 'checked'=>0),
 	'ava.rowid'=>array('label'=>"AvailabilityPeriod", 'checked'=>0),

htdocs/commande/class/commande.class.php

@@ -2254,6 +2254,7 @@ class Commande extends CommonOrder
 		$sql .= ' FROM '.MAIN_DB_PREFIX.'expedition as e';
 		$sql .= ', '.MAIN_DB_PREFIX.'element_element as el';
 		$sql .= ' WHERE el.fk_source = '.$this->id;
+		$sql .= " AND el.sourcetype = 'commande'";
 		$sql .= " AND el.fk_target = e.rowid";
 		$sql .= " AND el.targettype = 'shipping'";
 
@@ -3289,6 +3290,7 @@ class Commande extends CommonOrder
 		if (isset($this->note_public)) $this->note_public = trim($this->note_public);
 		if (isset($this->modelpdf)) $this->modelpdf = trim($this->modelpdf);
 		if (isset($this->import_key)) $this->import_key = trim($this->import_key);
+		$delivery_date = empty($this->delivery_date) ? $this->date_livraison : $this->delivery_date;
 
 		// Check parameters
 		// Put here code to add control on parameters values
@@ -3313,6 +3315,8 @@ class Commande extends CommonOrder
 		$sql .= " fk_projet=".(isset($this->fk_project) ? $this->fk_project : "null").",";
 		$sql .= " fk_cond_reglement=".(isset($this->cond_reglement_id) ? $this->cond_reglement_id : "null").",";
 		$sql .= " fk_mode_reglement=".(isset($this->mode_reglement_id) ? $this->mode_reglement_id : "null").",";
+		$sql .= " date_livraison=".(strval($this->delivery_date) != '' ? "'".$this->db->idate($this->delivery_date)."'" : 'null').",";
+		$sql .= " fk_shipping_method=".(isset($this->shipping_method_id) ? $this->shipping_method_id : "null").",";
 		$sql .= " fk_account=".($this->fk_account > 0 ? $this->fk_account : "null").",";
 		$sql .= " note_private=".(isset($this->note_private) ? "'".$this->db->escape($this->note_private)."'" : "null").",";
 		$sql .= " note_public=".(isset($this->note_public) ? "'".$this->db->escape($this->note_public)."'" : "null").",";

htdocs/compta/bank/bankentries_list.php

@@ -495,6 +495,12 @@ $sql .= " ".MAIN_DB_PREFIX."bank as b";
 if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$object->table_element."_extrafields as ef on (b.rowid = ef.fk_object)";
 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_url as bu ON bu.fk_bank = b.rowid AND type = 'company'";
 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON bu.url_id = s.rowid";
+
+// Add fields from hooks
+$parameters = array();
+$reshook = $hookmanager->executeHooks('printFieldListJoin', $parameters); // Note that $action and $object may have been modified by hook
+$sql .= $hookmanager->resPrint;
+
 $sql .= " WHERE b.fk_account = ba.rowid";
 $sql .= " AND ba.entity IN (".getEntity('bank_account').")";
 if ($search_account > 0) $sql .= " AND b.fk_account = ".$search_account;
@@ -1507,6 +1513,11 @@ if ($resql)
             if (!$i) $totalarray['nbfield']++;
     	}
 
+        // Fields from hook
+        $parameters=array('arrayfields'=>$arrayfields, 'obj'=>$objp, 'i'=>$i, 'totalarray'=>&$totalarray);
+        $reshook=$hookmanager->executeHooks('printFieldListValue', $parameters, $objecttmp);    // Note that $action and $objecttmpect may have been modified by hook
+        print $hookmanager->resPrint;
+
     	// Action edit/delete
     	print '<td class="nowraponall" align="center">';
     	// Transaction reconciliated or edit link

htdocs/compta/bank/various_payment/list.php

@@ -148,7 +148,7 @@ if ($result)
 	if ($typeid > 0)            $param.='&typeid='.urlencode($typeid);
 	if ($search_amount_deb)     $param.='&search_amount_deb='.urlencode($search_amount_deb);
 	if ($search_amount_cred)    $param.='&search_amount_cred='.urlencode($search_amount_cred);
-	if ($search_account > 0)			$param.='&search_amount='.urlencode($search_account);
+	if ($search_account > 0)			$param.='&search_account='.urlencode($search_account);
 	//if ($search_date)					$param.='&search_date='.$search_date;
 	if ($search_accountancy_code > 0)	$param.='&search_accountancy_code='.urlencode($search_accountancy_code);
 

htdocs/compta/facture/card.php

@@ -2756,6 +2756,7 @@ if (empty($reshook))
  * View
  */
 
+
 $form = new Form($db);
 $formother = new FormOther($db);
 $formfile = new FormFile($db);
@@ -3669,6 +3670,15 @@ if ($action == 'create')
 }
 elseif ($id > 0 || !empty($ref))
 {
+	if (empty($object->id)) {
+		llxHeader();
+		$langs->load('errors');
+		echo '<div class="error">'.$langs->trans("ErrorRecordNotFound");
+		echo ' <a href="javascript:history.go(-1)">'.$langs->trans('GoBack').'</div>';
+		llxFooter();
+		exit;
+	}
+
 	/*
 	 * Show object in view mode
 	 */
@@ -5260,7 +5270,7 @@ elseif ($id > 0 || !empty($ref))
 			}
 
 			// Create a credit note
-			if (($object->type == Facture::TYPE_STANDARD || $object->type == Facture::TYPE_DEPOSIT || $object->type == Facture::TYPE_PROFORMA) && $object->statut > 0 && $usercancreate)
+			if (($object->type == Facture::TYPE_STANDARD || ($object->type == Facture::TYPE_DEPOSIT && empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS) ) || $object->type == Facture::TYPE_PROFORMA) && $object->statut > 0 && $usercancreate)
 			{
 				if (!$objectidnext)
 				{

htdocs/compta/facture/document.php

@@ -85,6 +85,14 @@ require_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
  * View
  */
 
+if (empty($object->id)) {
+	llxHeader();
+	$langs->load('errors');
+	echo '<div class="error">'.$langs->trans("ErrorRecordNotFound").'</div>';
+	llxFooter();
+	exit;
+}
+
 $title = $langs->trans('InvoiceCustomer')." - ".$langs->trans('Documents');
 $helpurl = "EN:Customers_Invoices|FR:Factures_Clients|ES:Facturas_a_clientes";
 llxHeader('', $title, $helpurl);

htdocs/compta/facture/info.php

@@ -43,6 +43,14 @@ $ref = GETPOST("ref", 'alpha');
  * View
  */
 
+if (empty($object->id)) {
+	llxHeader();
+	$langs->load('errors');
+	echo '<div class="error">'.$langs->trans("ErrorRecordNotFound").'</div>';
+	llxFooter();
+	exit;
+}
+
 $form = new Form($db);
 
 $title = $langs->trans('InvoiceCustomer')." - ".$langs->trans('Info');

htdocs/compta/facture/note.php

@@ -64,6 +64,14 @@ include DOL_DOCUMENT_ROOT.'/core/actions_setnotes.inc.php';	// Must be include,
  * View
  */
 
+if (empty($object->id)) {
+	llxHeader();
+	$langs->load('errors');
+	echo '<div class="error">'.$langs->trans("ErrorRecordNotFound").'</div>';
+	llxFooter();
+	exit;
+}
+
 $title = $langs->trans('InvoiceCustomer')." - ".$langs->trans('Notes');
 $helpurl = "EN:Customers_Invoices|FR:Factures_Clients|ES:Facturas_a_clientes";
 llxHeader('', $title, $helpurl);

htdocs/compta/paiement/card.php

@@ -109,28 +109,70 @@ if ($action == 'confirm_valide' && $confirm == 'yes' && $user->rights->facture->
     $object->fetch($id);
 	if ($object->valide($user) > 0)
 	{
-		$db->commit();
-
 		// Loop on each invoice linked to this payment to rebuild PDF
-		$factures = array();
-		foreach ($factures as $id)
-		{
-			$fac = new Facture($db);
-			$fac->fetch($id);
+        if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) {
+            $outputlangs = $langs;
+            if (!empty($_REQUEST['lang_id']))
+            {
+                $outputlangs = new Translate("", $conf);
+                $outputlangs->setDefaultLang($_REQUEST['lang_id']);
+            }
 
-			$outputlangs = $langs;
-			if (!empty($_REQUEST['lang_id']))
-			{
-				$outputlangs = new Translate("", $conf);
-				$outputlangs->setDefaultLang($_REQUEST['lang_id']);
-			}
-			if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) {
-				$fac->generateDocument($fac->modelpdf, $outputlangs);
-			}
+            $hidedetails = ! empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 1 : 0;
+            $hidedesc = ! empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 1 : 0;
+            $hideref = !empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 1 : 0;
+
+            $sql = 'SELECT f.rowid as facid';
+            $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf,'.MAIN_DB_PREFIX.'facture as f,'.MAIN_DB_PREFIX.'societe as s';
+            $sql .= ' WHERE pf.fk_facture = f.rowid';
+            $sql .= ' AND f.fk_soc = s.rowid';
+            $sql .= ' AND f.entity IN ('.getEntity('invoice').')';
+            $sql .= ' AND pf.fk_paiement = '.$object->id;
+            $resql = $db->query($sql);
+            if ($resql)
+            {
+                $i = 0;
+                $num = $db->num_rows($resql);
+
+                if ($num > 0)
+                {
+                    while ($i < $num)
+                    {
+                        $objp = $db->fetch_object($resql);
+
+                        $invoice = new Facture($db);
+
+                        if ($invoice->fetch($objp->facid) <= 0) {
+                            $errors++;
+                            setEventMessage($invoice->error, $invoice->errors, 'errors');
+                            break;
+                        }
+
+                        if ($invoice->generateDocument($invoice->modelpdf, $outputlangs, $hidedetails, $hidedesc, $hideref) < 0) {
+                            $errors++;
+                            setEventMessage($invoice->error, $invoice->errors, 'errors');
+                            break;
+                        }
+
+                        $i++;
+                    }
+                }
+
+                $db->free($resql);
+            }
+            else
+            {
+                $errors++;
+                setEventMessage($db->error, $db->errors, 'errors');
+            }
 		}
 
-		header('Location: '.$_SERVER['PHP_SELF'].'?id='.$object->id);
-		exit;
+        if (! $errors) {
+            $db->commit();
+
+            header('Location: '.$_SERVER['PHP_SELF'].'?id='.$object->id);
+            exit;
+        }
 	}
 	else
 	{

htdocs/compta/paiement/class/paiement.class.php

@@ -440,8 +440,13 @@ class Paiement extends CommonObject
                             	$outputlangs = new Translate("", $conf);
                             	$outputlangs->setDefaultLang($newlang);
                             }
+
+                            $hidedetails = ! empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 1 : 0;
+                            $hidedesc = ! empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 1 : 0;
+                            $hideref = !empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 1 : 0;
+
                             $ret = $invoice->fetch($facid); // Reload to get new records
-                            $result = $invoice->generateDocument($invoice->modelpdf, $outputlangs);
+                            $result = $invoice->generateDocument($invoice->modelpdf, $outputlangs, $hidedetails, $hidedesc, $hideref);
                             if ($result < 0) {
                             	setEventMessages($invoice->error, $invoice->errors, 'errors');
                             	$error++;

htdocs/compta/prelevement/card.php

@@ -85,16 +85,21 @@ if (empty($reshook))
         }
     }
 
-    // Seems to no be used and replaced with $action == 'infocredit'
-    if ($action == 'confirm_credite' && GETPOST('confirm', 'alpha') == 'yes')
-    {
-        $res = $object->set_credite();
-        if ($res >= 0)
-        {
-            header("Location: card.php?id=".$id);
-            exit;
-        }
-    }
+	// Seems to no be used and replaced with $action == 'infocredit'
+	if ($action == 'confirm_credite' && GETPOST('confirm', 'alpha') == 'yes')
+	{
+		if ($object->statut == 2) {
+			$res = -1;
+			setEventMessages('WithdrawalCantBeCreditedTwice', array(), 'errors');
+		} else {
+			$res=$object->set_credite();
+		}
+		if ($res >= 0)
+		{
+			header("Location: card.php?id=".$id);
+			exit;
+		}
+	}
 
     if ($action == 'infotrans' && $user->rights->prelevement->bons->send)
     {
@@ -135,14 +140,19 @@ if (empty($reshook))
 	{
 		$dt = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int'));
 
-        $error = $object->set_infocredit($user, $dt);
+		if ($object->statut == 2) {
+			$error = 1;
+			setEventMessages('WithdrawalCantBeCreditedTwice', array(), 'errors');
+		} else {
+			$error = $object->set_infocredit($user, $dt);
+		}
 
-        if ($error)
-        {
-            header("Location: card.php?id=".$id."&error=$error");
-            exit;
-        }
-    }
+		if ($error)
+		{
+			header("Location: card.php?id=".$id."&error=$error");
+			exit;
+		}
+	}
 }
 
 

htdocs/compta/stats/cabyprodserv.php

@@ -418,7 +418,7 @@ if ($modecompta == 'CREANCES-DETTES')
 
 			// Quantity
 			print '<td class="right">';
-			print $qty[$key];
+			print price($qty[$key], 1, $langs, 0, 0);
 			print '</td>';
 
 			// Percent;

htdocs/contact/class/contact.class.php

@@ -740,38 +740,32 @@ class Contact extends CommonObject
 			$this->error = $this->db->lasterror();
 		}
 
-		// Mis a jour alerte birthday
-		if ($this->birthday_alert)
-		{
-			//check existing
-			$sql_check = "SELECT rowid FROM ".MAIN_DB_PREFIX."user_alert WHERE type=1 AND fk_contact=".$this->db->escape($id)." AND fk_user=".$user->id;
-			$result_check = $this->db->query($sql_check);
-			if (!$result_check || ($this->db->num_rows($result_check) < 1))
-			{
-				//insert
-				$sql = "INSERT INTO ".MAIN_DB_PREFIX."user_alert(type,fk_contact,fk_user) ";
-				$sql .= "VALUES (1,".$this->db->escape($id).",".$user->id.")";
-				$result = $this->db->query($sql);
-				if (!$result)
-				{
-                    $error++;
-                    $this->error = $this->db->lasterror();
+		if ($user) {
+			// Mis a jour alerte birthday
+			if ($this->birthday_alert) {
+				//check existing
+				$sql_check = "SELECT rowid FROM " . MAIN_DB_PREFIX . "user_alert WHERE type=1 AND fk_contact=" . $this->db->escape($id) . " AND fk_user=" . $user->id;
+				$result_check = $this->db->query($sql_check);
+				if (!$result_check || ($this->db->num_rows($result_check) < 1)) {
+					//insert
+					$sql = "INSERT INTO " . MAIN_DB_PREFIX . "user_alert(type,fk_contact,fk_user) ";
+					$sql .= "VALUES (1," . $this->db->escape($id) . "," . $user->id . ")";
+					$result = $this->db->query($sql);
+					if (!$result) {
+						$error++;
+						$this->error = $this->db->lasterror();
+					}
+				} else {
+					$result = true;
+				}
+			} else {
+				$sql = "DELETE FROM " . MAIN_DB_PREFIX . "user_alert ";
+				$sql .= "WHERE type=1 AND fk_contact=" . $this->db->escape($id) . " AND fk_user=" . $user->id;
+				$result = $this->db->query($sql);
+				if (!$result) {
+					$error++;
+					$this->error = $this->db->lasterror();
 				}
-			}
-			else
-			{
-				$result = true;
-			}
-		}
-		else
-		{
-			$sql = "DELETE FROM ".MAIN_DB_PREFIX."user_alert ";
-			$sql .= "WHERE type=1 AND fk_contact=".$this->db->escape($id)." AND fk_user=".$user->id;
-			$result = $this->db->query($sql);
-			if (!$result)
-			{
-                $error++;
-                $this->error = $this->db->lasterror();
 			}
 		}
 
@@ -1686,7 +1680,7 @@ class Contact extends CommonObject
 
 		$this->db->begin();
 
-		$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".$this->socid." AND fk_socpeople=".$this->id; ;
+		$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".((int) $this->socid)." AND fk_socpeople=".$this->id;
 
 		dol_syslog(__METHOD__, LOG_DEBUG);
 		$result = $this->db->query($sql);
@@ -1704,11 +1698,10 @@ class Contact extends CommonObject
 					$sql .= "fk_socpeople) ";
 					$sql .= " VALUES (".$conf->entity.",";
 					$sql .= "'".$this->db->idate(dol_now())."',";
-					$sql .= $this->socid.", ";
+					$sql .= ((int) $this->socid).", ";
 					$sql .= $valRoles." , ";
 					$sql .= $this->id;
 					$sql .= ")";
-					dol_syslog(__METHOD__, LOG_DEBUG);
 
 					$result = $this->db->query($sql);
 					if (!$result)

htdocs/contrat/list.php

@@ -250,6 +250,8 @@ if ($search_email) $sql .= natural_search('s.email', $search_email);
 if ($search_contract) $sql .= natural_search(array('c.rowid', 'c.ref'), $search_contract);
 if (!empty($search_ref_customer)) $sql .= natural_search(array('c.ref_customer'), $search_ref_customer);
 if (!empty($search_ref_supplier)) $sql .= natural_search(array('c.ref_supplier'), $search_ref_supplier);
+if ($search_zip) $sql .= natural_search(array('s.zip'), $search_zip);
+if ($search_town) $sql .= natural_search(array('s.town'), $search_town);
 if ($search_sale > 0)
 {
 	$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$search_sale;

htdocs/core/boxes/box_shipments.php

@@ -103,10 +103,11 @@ class box_shipments extends ModeleBoxes
             $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."element_element as el ON e.rowid = el.fk_target AND el.targettype = 'shipping' AND el.sourcetype IN ('commande')";
             $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande as c ON el.fk_source = c.rowid AND el.sourcetype IN ('commande') AND el.targettype = 'shipping'";
             $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = e.fk_soc";
-            if (!$user->rights->societe->client->voir && !$user->societe_id) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc";
+            if (!$user->rights->societe->client->voir && !$user->socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc";
             $sql .= " WHERE e.entity IN (".getEntity('expedition').")";
             if (!empty($conf->global->ORDER_BOX_LAST_SHIPMENTS_VALIDATED_ONLY)) $sql .= " AND e.fk_statut = 1";
-            if (!$user->rights->societe->client->voir && !$user->societe_id) $sql .= " AND sc.fk_user = ".$user->id;
+			if ($user->socid > 0)	$sql.= " AND s.rowid = ".$user->socid;
+            if (!$user->rights->societe->client->voir && !$user->socid) $sql .= " AND sc.fk_user = ".$user->id;
             else $sql .= " ORDER BY e.date_delivery, e.ref DESC ";
             $sql .= $this->db->plimit($max, 0);
 

htdocs/core/class/CSMSFile.class.php

@@ -75,7 +75,7 @@ class CSMSFile
 		    return -1;
 		}
 
-		dol_syslog("CSMSFile::CSMSFile: MAIN_SMS_SENDMODE=".$conf->global->MAIN_SMS_SENDMODE." charset=".$conf->file->character_set_client." from=".$from.", to=".$to.", msg length=".count($msg), LOG_DEBUG);
+		dol_syslog("CSMSFile::CSMSFile: MAIN_SMS_SENDMODE=".$conf->global->MAIN_SMS_SENDMODE." charset=".$conf->file->character_set_client." from=".$from.", to=".$to.", msg length=".strlen($msg), LOG_DEBUG);
 		dol_syslog("CSMSFile::CSMSFile: deferred=".$deferred." priority=".$priority." class=".$class, LOG_DEBUG);
 
 		// Action according to choosed sending method

htdocs/core/class/commonobject.class.php

@@ -440,7 +440,7 @@ abstract class CommonObject
 
 	/**
 	 * @var array    List of child tables. To know object to delete on cascade.
-	 *               if name like with @ClassNAme:FilePathClass;ParentFkFieldName' it will
+	 *               if name like with @ClassName:FilePathClass:ParentFkFieldName' it will
 	 *               call method deleteByParentField(parentId,ParentFkFieldName) to fetch and delete child object
 	 */
 	protected $childtablesoncascade = array();
@@ -5238,6 +5238,7 @@ abstract class CommonObject
 			   		$mandatorypb = false;
 			   		if ($attributeType == 'link' && $this->array_options[$key] == '-1') $mandatorypb = true;
 			   		if ($this->array_options[$key] === '') $mandatorypb = true;
+					if ($attributeType == 'sellist' && $this->array_options[$key] == '0') $mandatorypb = true;
 			   		if ($mandatorypb)
 			   		{
 			   		    dol_syslog("Mandatory extra field ".$key." is empty");

htdocs/core/class/extrafields.class.php

@@ -1339,7 +1339,10 @@ class ExtraFields
 		}
 		elseif ($type == 'checkbox')
 		{
-			$value_arr = explode(',', $value);
+			$value_arr = $value;
+			if (!is_array($value)) {
+				$value_arr = explode(',', $value);
+			}
 			$out = $form->multiselectarray($keyprefix.$key.$keysuffix, (empty($param['options']) ?null:$param['options']), $value_arr, '', 0, '', 0, '100%');
 		}
 		elseif ($type == 'radio')
@@ -2060,9 +2063,12 @@ class ExtraFields
 
 				if ($this->attributes[$object->table_element]['required'][$key])	// Value is required
 				{
-					// Check if empty without using GETPOST, value can be alpha, int, array, etc...
+					// check if functionally empty without using GETPOST (depending on the type of extrafield, a
+					// technically non-empty value may be treated as empty functionally).
+					// value can be alpha, int, array, etc...
 				    if ((!is_array($_POST["options_".$key]) && empty($_POST["options_".$key]) && $this->attributes[$object->table_element]['type'][$key] != 'select' && $_POST["options_".$key] != '0')
 				        || (!is_array($_POST["options_".$key]) && empty($_POST["options_".$key]) && $this->attributes[$object->table_element]['type'][$key] == 'select')
+				        || (!is_array($_POST["options_".$key]) && isset($_POST["options_".$key]) && $this->attributes[$object->table_element]['type'][$key] == 'sellist' && $_POST['options_' . $key] == '0')
 						|| (is_array($_POST["options_".$key]) && empty($_POST["options_".$key])))
 					{
 						//print 'ccc'.$value.'-'.$this->attributes[$object->table_element]['required'][$key];

htdocs/core/class/html.form.class.php

@@ -16,7 +16,7 @@
  * Copyright (C) 2012       Cedric Salvador         <csalvador@gpcsolutions.fr>
  * Copyright (C) 2012-2015  Raphaël Doursenaud      <rdoursenaud@gpcsolutions.fr>
  * Copyright (C) 2014       Alexandre Spangaro      <aspangaro@open-dsi.fr>
- * Copyright (C) 2018       Ferran Marcet           <fmarcet@2byte.es>
+ * Copyright (C) 2018-2021  Ferran Marcet           <fmarcet@2byte.es>
  * Copyright (C) 2018-2019  Frédéric France         <frederic.france@netlogic.fr>
  * Copyright (C) 2018       Nicolas ZABOURI	        <info@inovea-conseil.com>
  * Copyright (C) 2018       Christophe Battarel     <christophe@altairis.fr>
@@ -7020,7 +7020,7 @@ class Form
 						print '<input type="radio" name="idtolinkto" value='.$objp->rowid.'>';
 						print '</td>';
 						print '<td class="center">'.$objp->ref.'</td>';
-						print '<td>'.$objp->ref_client.'</td>';
+						print '<td>'.(!empty($objp->ref_client)?$objp->ref_client:$objp->ref_supplier).'</td>';
 						print '<td class="right">'.price($objp->total_ht).'</td>';
 						print '<td>'.$objp->name.'</td>';
 						print '</tr>';

htdocs/core/class/html.formmail.class.php

@@ -332,7 +332,7 @@ class FormMail extends Form
         $langs->loadLangs(array('other', 'mails'));
 
 		// Clear temp files. Must be done at beginning, before call of triggers
-		if (GETPOST('mode', 'alpha') == 'init' || (GETPOST('modelmailselected', 'alpha') && GETPOST('modelmailselected', 'alpha') != '-1'))
+		if (GETPOST('mode', 'alpha') == 'init' || (GETPOST('modelselected') && GETPOST('modelmailselected', 'alpha') && GETPOST('modelmailselected', 'alpha') != '-1'))
 		{
 			$this->clear_attached_files();
 		}
@@ -455,9 +455,11 @@ class FormMail extends Form
 			// Zone to select email template
 			if (count($modelmail_array) > 0)
 			{
+				$model_mail_selected_id = GETPOSTISSET('modelmailselected') ? GETPOST('modelmailselected', 'int') : $arraydefaultmessage->id;
+
 				// If list of template is filled
 				$out .= '<div class="center" style="padding: 0px 0 12px 0">'."\n";
-				$out .= '<span class="opacitymedium">'.$langs->trans('SelectMailModel').':</span> '.$this->selectarray('modelmailselected', $modelmail_array, 0, 1, 0, 0, '', 0, 0, 0, '', 'minwidth100');
+				$out .= '<span class="opacitymedium">'.$langs->trans('SelectMailModel').':</span> '.$this->selectarray('modelmailselected', $modelmail_array, $model_mail_selected_id, 1, 0, 0, '', 0, 0, 0, '', 'minwidth100');
 				if ($user->admin) $out .= info_admin($langs->trans("YouCanChangeValuesForThisListFrom", $langs->transnoentitiesnoconv('Setup').' - '.$langs->transnoentitiesnoconv('EMails')), 1);
 				$out .= ' &nbsp; ';
 				$out .= '<input class="button" type="submit" value="'.$langs->trans('Apply').'" name="modelselected" id="modelselected">';

htdocs/core/class/translate.class.php

@@ -469,7 +469,7 @@ class Translate
 		if (! $found && ! empty($conf->global->MAIN_ENABLE_OVERWRITE_TRANSLATION))
 		{
     		// Overwrite translation with database read
-            $sql ="SELECT transkey, transvalue FROM ".MAIN_DB_PREFIX."overwrite_trans where lang='".$db->escape($this->defaultlang)."' OR lang IS NULL";
+            $sql ="SELECT transkey, transvalue FROM ".MAIN_DB_PREFIX."overwrite_trans where (lang='".$db->escape($this->defaultlang)."' OR lang IS NULL)";
             $sql.=" AND entity IN (0, ".getEntity('overwrite_trans').")";
             $sql.=$db->order("lang", "DESC");
 		    $resql=$db->query($sql);

htdocs/core/class/utils.class.php

@@ -346,17 +346,19 @@ class Utils
 				{
 					$handlein = popen($fullcommandclear, 'r');
 					$i = 0;
-					while (!feof($handlein))
-					{
-						$i++; // output line number
-						$read = fgets($handlein);
-						// Exclude warning line we don't want
-						if ($i == 1 && preg_match('/Warning.*Using a password/i', $read)) continue;
-						fwrite($handle, $read);
-						if (preg_match('/'.preg_quote('-- Dump completed').'/i', $read)) $ok = 1;
-						elseif (preg_match('/'.preg_quote('SET SQL_NOTES=@OLD_SQL_NOTES').'/i', $read)) $ok = 1;
+					if ($handlein) {
+						while (!feof($handlein))
+						{
+							$i++; // output line number
+							$read = fgets($handlein);
+							// Exclude warning line we don't want
+							if ($i == 1 && preg_match('/Warning.*Using a password/i', $read)) continue;
+							fwrite($handle, $read);
+							if (preg_match('/'.preg_quote('-- Dump completed').'/i', $read)) $ok = 1;
+							elseif (preg_match('/'.preg_quote('SET SQL_NOTES=@OLD_SQL_NOTES').'/i', $read)) $ok = 1;
+						}
+						pclose($handlein);
 					}
-					pclose($handlein);
 				}
 
 
@@ -388,7 +390,7 @@ class Utils
 				if ($compression == 'none') fclose($handle);
 				if ($compression == 'gz')   gzclose($handle);
 				if ($compression == 'bz')   bzclose($handle);
-				if ($ok && preg_match('/^-- (MySql|MariaDB)/i', $errormsg))	{	// No error
+				if ($ok && preg_match('/^-- (MySql|MariaDB)/i', $errormsg) || preg_match('/^\/\*M?!999999/', $errormsg)) {	// Start of file is ok, NOT an error
 					$errormsg = '';
 				}
 				else

htdocs/core/lib/company.lib.php

@@ -902,11 +902,11 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '')
         't.email',
     );
     //Social media
-    foreach ($socialnetworks as $key => $value) {
-        if ($value['active']) {
-            $searchAddressPhoneDBFields['t.'.$key] = "t.socialnetworks->'$.".$key."'";
-        }
-    }
+	//    foreach ($socialnetworks as $key => $value) {
+	//        if ($value['active']) {
+	//            $searchAddressPhoneDBFields['t.'.$key] = "t.socialnetworks->'$.".$key."'";
+	//        }
+	//    }
 
     if (!$sortorder) $sortorder = "ASC";
     if (!$sortfield) $sortfield = "t.lastname";

htdocs/core/lib/functions.lib.php

@@ -602,6 +602,7 @@ function GETPOST($paramname, $check = 'none', $method = 0, $filter = null, $opti
 				$out = trim($out);
 				// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
 				// '../' is dangerous because it allows dir transversals
+				$out = str_replace('"', "''", trim($out));
 				if (preg_match('/"/', $out)) $out = '';
 				elseif (preg_match('/\.\.\//', $out)) $out = '';
 				$out = dol_string_nohtmltag($out);
@@ -8122,7 +8123,7 @@ function getDictvalue($tablename, $field, $id, $checkentity = false, $rowidfield
 	if (!isset($dictvalues[$tablename]))
 	{
 		$dictvalues[$tablename] = array();
-		$sql = 'SELECT * FROM '.$tablename.' WHERE 1'; // Here select * is allowed as it is generic code and we don't have list of fields
+		$sql = 'SELECT * FROM '.$tablename.' WHERE 1 = 1'; // Here select * is allowed as it is generic code and we don't have list of fields
 		if ($checkentity) $sql .= ' AND entity IN (0,'.getEntity($tablename).')';
 
 		$resql = $db->query($sql);

htdocs/core/lib/product.lib.php

@@ -367,7 +367,7 @@ function show_stats_for_company($product, $socid)
 		print '</td><td class="right">';
 		print $product->stats_propale['nb'];
 		print '</td><td class="right">';
-		print $product->stats_propale['qty'];
+		print price($product->stats_propale['qty'], 1, $langs, 0, 0);
 		print '</td>';
 		print '</tr>';
 	}
@@ -385,7 +385,7 @@ function show_stats_for_company($product, $socid)
 		print '</td><td class="right">';
 		print $product->stats_proposal_supplier['nb'];
 		print '</td><td class="right">';
-		print $product->stats_proposal_supplier['qty'];
+		print price($product->stats_proposal_supplier['qty'], 1, $langs, 0, 0);
 		print '</td>';
 		print '</tr>';
 	}
@@ -403,7 +403,7 @@ function show_stats_for_company($product, $socid)
 		print '</td><td class="right">';
 		print $product->stats_commande['nb'];
 		print '</td><td class="right">';
-		print $product->stats_commande['qty'];
+		print price($product->stats_commande['qty'], 1, $langs, 0, 0);
 		print '</td>';
 		print '</tr>';
 	}
@@ -421,7 +421,7 @@ function show_stats_for_company($product, $socid)
 		print '</td><td class="right">';
 		print $product->stats_commande_fournisseur['nb'];
 		print '</td><td class="right">';
-		print $product->stats_commande_fournisseur['qty'];
+		print price($product->stats_commande_fournisseur['qty'], 1, $langs, 0, 0);
 		print '</td>';
 		print '</tr>';
 	}
@@ -439,7 +439,7 @@ function show_stats_for_company($product, $socid)
 		print '</td><td class="right">';
 		print $product->stats_facture['nb'];
 		print '</td><td class="right">';
-		print $product->stats_facture['qty'];
+		print price($product->stats_facture['qty'], 1, $langs, 0, 0);
 		print '</td>';
 		print '</tr>';
 	}
@@ -457,7 +457,7 @@ function show_stats_for_company($product, $socid)
 		print '</td><td class="right">';
 		print $product->stats_facture_fournisseur['nb'];
 		print '</td><td class="right">';
-		print $product->stats_facture_fournisseur['qty'];
+		print price($product->stats_facture_fournisseur['qty'], 1, $langs, 0, 0);
 		print '</td>';
 		print '</tr>';
 	}
@@ -476,7 +476,7 @@ function show_stats_for_company($product, $socid)
 		print '</td><td class="right">';
 		print $product->stats_contrat['nb'];
 		print '</td><td class="right">';
-		print $product->stats_contrat['qty'];
+		print price($product->stats_contrat['qty'], 1, $langs, 0, 0);
 		print '</td>';
 		print '</tr>';
 	}

htdocs/core/modules/commande/doc/pdf_einstein.modules.php

@@ -1266,12 +1266,10 @@ class pdf_einstein extends ModelePDFCommandes
 			if ($this->emetteur->logo)
 			{
 				$logodir = $conf->mycompany->dir_output;
-				if (! empty($conf->mycompany->multidir_output[$object->entity])) $logodir = $conf->mycompany->multidir_output[$object->entity];
-				if (empty($conf->global->MAIN_PDF_USE_LARGE_LOGO))
-				{
+				if (!empty($conf->mycompany->multidir_output[$object->entity])) $logodir = $conf->mycompany->multidir_output[$object->entity];
+				if (empty($conf->global->MAIN_PDF_USE_LARGE_LOGO)) {
 					$logo = $logodir.'/logos/thumbs/'.$this->emetteur->logo_small;
-				}
-				else {
+				} else {
 					$logo = $logodir.'/logos/'.$this->emetteur->logo;
 				}
 				if (is_readable($logo))

htdocs/core/modules/expedition/doc/pdf_rouget.modules.php

@@ -373,14 +373,15 @@ class pdf_rouget extends ModelePdfExpedition
 					$tab_top_alt = $tab_top;
 
 					$pdf->SetFont('', 'B', $default_font_size - 2);
-					$pdf->writeHTMLCell(60, 4, $this->posxdesc - 1, $tab_top - 1, $outputlangs->transnoentities("TrackingNumber")." : ".$object->tracking_number, 0, 1, false, true, 'L');
 
-					$tab_top_alt = $pdf->GetY();
 					//$tab_top_alt += 1;
 
 					// Tracking number
 					if (!empty($object->tracking_number))
 					{
+						$pdf->writeHTMLCell(60, 4, $this->posxdesc - 1, $tab_top - 1, $outputlangs->transnoentities("TrackingNumber")." : ".$object->tracking_number, 0, 1, false, true, 'L');
+						$tab_top_alt = $pdf->GetY();
+
 						$object->getUrlTrackingStatus($object->tracking_number);
 						if (!empty($object->tracking_url))
 						{

htdocs/core/modules/facture/doc/pdf_crabe.modules.php

@@ -1631,12 +1631,10 @@ class pdf_crabe extends ModelePDFFactures
 			if ($this->emetteur->logo)
 			{
 				$logodir = $conf->mycompany->dir_output;
-				if (! empty($conf->mycompany->multidir_output[$object->entity])) $logodir = $conf->mycompany->multidir_output[$object->entity];
-				if (empty($conf->global->MAIN_PDF_USE_LARGE_LOGO))
-				{
+				if (!empty($conf->mycompany->multidir_output[$object->entity])) $logodir = $conf->mycompany->multidir_output[$object->entity];
+				if (empty($conf->global->MAIN_PDF_USE_LARGE_LOGO)) {
 					$logo = $logodir.'/logos/thumbs/'.$this->emetteur->logo_small;
-				}
-				else {
+				} else {
 					$logo = $logodir.'/logos/'.$this->emetteur->logo;
 				}
 				if (is_readable($logo))

htdocs/core/modules/propale/doc/pdf_azur.modules.php

@@ -1478,12 +1478,10 @@ class pdf_azur extends ModelePDFPropales
 			if ($this->emetteur->logo)
 			{
 				$logodir = $conf->mycompany->dir_output;
-				if (! empty($conf->mycompany->multidir_output[$object->entity])) $logodir = $conf->mycompany->multidir_output[$object->entity];
-				if (empty($conf->global->MAIN_PDF_USE_LARGE_LOGO))
-				{
+				if (!empty($conf->mycompany->multidir_output[$object->entity])) $logodir = $conf->mycompany->multidir_output[$object->entity];
+				if (empty($conf->global->MAIN_PDF_USE_LARGE_LOGO)) {
 					$logo = $logodir.'/logos/thumbs/'.$this->emetteur->logo_small;
-				}
-				else {
+				} else {
 					$logo = $logodir.'/logos/'.$this->emetteur->logo;
 				}
 				if (is_readable($logo))
@@ -1533,7 +1531,7 @@ class pdf_azur extends ModelePDFPropales
 		$posy += 4;
 		$pdf->SetXY($posx, $posy);
 		$pdf->SetTextColor(0, 0, 60);
-		$pdf->MultiCell(100, 3, $outputlangs->transnoentities("Date")." : ".dol_print_date($object->date, "day", false, $outputlangs, true), '', 'R');
+		$pdf->MultiCell(100, 3, $outputlangs->transnoentities("DatePropal")." : ".dol_print_date($object->date, "day", false, $outputlangs, true), '', 'R');
 
 		$posy += 4;
 		$pdf->SetXY($posx, $posy);

htdocs/core/modules/propale/doc/pdf_cyan.modules.php

@@ -1514,12 +1514,10 @@ class pdf_cyan extends ModelePDFPropales
 			if ($this->emetteur->logo)
 			{
 				$logodir = $conf->mycompany->dir_output;
-				if (! empty($conf->mycompany->multidir_output[$object->entity])) $logodir = $conf->mycompany->multidir_output[$object->entity];
-				if (empty($conf->global->MAIN_PDF_USE_LARGE_LOGO))
-				{
+				if (!empty($conf->mycompany->multidir_output[$object->entity])) $logodir = $conf->mycompany->multidir_output[$object->entity];
+				if (empty($conf->global->MAIN_PDF_USE_LARGE_LOGO)) {
 					$logo = $logodir.'/logos/thumbs/'.$this->emetteur->logo_small;
-				}
-				else {
+				} else {
 					$logo = $logodir.'/logos/'.$this->emetteur->logo;
 				}
 				if (is_readable($logo))

htdocs/core/modules/supplier_invoice/pdf/pdf_canelle.modules.php

@@ -208,7 +208,7 @@ class pdf_canelle extends ModelePDFSuppliersInvoices
 		global $user, $langs, $conf, $mysoc, $hookmanager, $nblines;
 
 		// Get source company
-		if (!is_object($object->thirdparty)) $object->fetch_thirdparty();
+		$object->fetch_thirdparty();
 		if (!is_object($object->thirdparty)) $object->thirdparty = $mysoc; // If fetch_thirdparty fails, object has no socid (specimen)
 		$this->emetteur = $object->thirdparty;
 		if (!$this->emetteur->country_code) $this->emetteur->country_code = substr($langs->defaultlang, -2); // By default, if was not defined
@@ -224,8 +224,6 @@ class pdf_canelle extends ModelePDFSuppliersInvoices
 
 		if ($conf->fournisseur->facture->dir_output)
 		{
-			$object->fetch_thirdparty();
-
 			$deja_regle = $object->getSommePaiement(($conf->multicurrency->enabled && $object->multicurrency_tx != 1) ? 1 : 0);
 			$amount_credit_notes_included = $object->getSumCreditNotesUsed(($conf->multicurrency->enabled && $object->multicurrency_tx != 1) ? 1 : 0);
 			$amount_deposits_included = $object->getSumDepositsUsed(($conf->multicurrency->enabled && $object->multicurrency_tx != 1) ? 1 : 0);
@@ -277,6 +275,7 @@ class pdf_canelle extends ModelePDFSuppliersInvoices
                 $pdf->SetAutoPageBreak(1, 0);
 
                 $heightforinfotot = 50+(4*$nbpayments);	// Height reserved to output the info and total part and payment part
+				if($heightforinfotot > 220) $heightforinfotot = 220;
 		        $heightforfreetext= (isset($conf->global->MAIN_PDF_FREETEXT_HEIGHT)?$conf->global->MAIN_PDF_FREETEXT_HEIGHT:5);	// Height reserved to output the free text on last page
 	            $heightforfooter = $this->marge_basse + 8;	// Height reserved to output the footer (value include bottom margin)
 	            if ($conf->global->MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS >0) $heightforfooter+= 6;

htdocs/core/tpl/extrafields_list_search_sql.tpl.php

@@ -41,7 +41,7 @@ if (! empty($extrafieldsobjectkey) && ! empty($search_array_options) && is_array
 			if (in_array($typ, array('chkbxlst', 'checkbox'))) $mode_search=4;	                            // Search on a multiselect field with sql type = text
 			if (is_array($crit)) $crit = implode(' ', $crit); // natural_search() expects a string
 			elseif ($typ === 'select' and is_string($crit) and strpos($crit, ' ') === false) {
-				$sql .= ' AND (' . $extrafieldsobjectprefix.$tmpkey . ' = "' . $db->escape($crit) . '")';
+				$sql .= " AND (" . $extrafieldsobjectprefix.$tmpkey . " = '" . $db->escape($crit) . "')";
 				continue;
 			}
 			$sql .= natural_search($extrafieldsobjectprefix.$tmpkey, $crit, $mode_search);

htdocs/core/tpl/login.tpl.php

@@ -289,9 +289,9 @@ if (! empty($_SESSION['dol_loginmesg']))
 if (!empty($conf->global->MAIN_EASTER_EGG_COMMITSTRIP)) {
     include_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php';
 	if (substr($langs->defaultlang, 0, 2)=='fr') {
-		$resgetcommitstrip = getURLContent("http://www.commitstrip.com/fr/feed/");
+		$resgetcommitstrip = getURLContent("https://www.commitstrip.com/fr/feed/");
 	} else {
-		$resgetcommitstrip = getURLContent("http://www.commitstrip.com/en/feed/");
+		$resgetcommitstrip = getURLContent("https://www.commitstrip.com/en/feed/");
 	}
     if ($resgetcommitstrip && $resgetcommitstrip['http_code'] == '200')
     {

htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php

@@ -282,8 +282,8 @@ class InterfaceLdapsynchro extends DolibarrTriggers
 					$info=$object->_load_ldap_info();
 					$dn=$object->_load_ldap_dn($info);
 
-					// Get a gid number for objectclass PosixGroup
-					if (in_array('posixGroup', $info['objectclass'])) {
+					// Get a gid number for objectclass PosixGroup if none was provided
+					if (empty($info[$conf->global->LDAP_GROUP_FIELD_GROUPID]) && in_array('posixGroup', $info['objectclass'])) {
 						$info['gidNumber'] = $ldap->getNextGroupGid('LDAP_KEY_GROUPS');
 					}
 

htdocs/core/triggers/interface_90_modSociete_ContactRoles.class.php

@@ -84,11 +84,7 @@ class InterfaceContactRoles extends DolibarrTriggers
 				if (is_array($TContact) && ! empty($TContact)) {
 					$TContactAlreadyLinked = array();
 					if ($object->id > 0) {
-						$cloneFrom = dol_clone($object, 1);
-
-						if (! empty($cloneFrom->id)) {
-							$TContactAlreadyLinked = array_merge($cloneFrom->liste_contact(- 1, 'external'), $cloneFrom->liste_contact(- 1, 'internal'));
-						}
+						$TContactAlreadyLinked = array_merge($object->liste_contact(-1, 'external'), $object->liste_contact(-1, 'internal'));
 					}
 
 					foreach ($TContact as $i => $infos) {

htdocs/datapolicy/class/datapolicy.class.php

@@ -268,11 +268,11 @@ class DataPolicy
         {
             if ($sendtocc)
             {
-                 $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('Bcc') . ": " . $sendtocc);
+                 $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('Bcc') . ": " . $sendtocc);
             }
-            $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('MailTopic') . ": " . $subject);
-            $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('TextUsedInTheMessageBody') . ":");
-            $actionmsg .= dol_concatdesc($actionmsg, $message);
+            $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('MailTopic') . ": " . $subject);
+            $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('TextUsedInTheMessageBody') . ":");
+            $actionmsg = dol_concatdesc($actionmsg, $message);
         }
 
         // Send mail
@@ -342,11 +342,11 @@ class DataPolicy
         $actionmsg = $langs->transnoentities('MailSentBy') . ' ' . $from . ' ' . $langs->transnoentities('To') . ' ' . $sendto;
         if ($message) {
             if ($sendtocc) {
-                $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('Bcc') . ": " . $sendtocc);
+                $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('Bcc') . ": " . $sendtocc);
             }
-            $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('MailTopic') . ": " . $subject);
-            $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('TextUsedInTheMessageBody') . ":");
-            $actionmsg .= dol_concatdesc($actionmsg, $message);
+            $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('MailTopic') . ": " . $subject);
+            $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('TextUsedInTheMessageBody') . ":");
+            $actionmsg = dol_concatdesc($actionmsg, $message);
         }
 
 

htdocs/debugbar/class/DataCollector/DolLogsCollector.php

@@ -72,7 +72,7 @@ class DolLogsCollector extends MessagesCollector
 	{
 		global $conf;
 
-		$uselogfile=$conf->global->DEBUGBAR_USE_LOGFILE;
+		$uselogfile=$conf->global->DEBUGBAR_USE_LOG_FILE;
 
 		if ($uselogfile)
 		{

htdocs/expensereport/class/expensereport.class.php

@@ -2236,7 +2236,7 @@ class ExpenseReport extends CommonObject
         $sql = "SELECT DISTINCT ur.fk_user";
         $sql .= " FROM ".MAIN_DB_PREFIX."user_rights as ur, ".MAIN_DB_PREFIX."rights_def as rd";
         $sql .= " WHERE ur.fk_id = rd.id and rd.module = 'expensereport' AND rd.perms = 'approve'"; // Permission 'Approve';
-        $sql .= "UNION";
+        $sql .= " UNION";
         $sql .= " SELECT DISTINCT ugu.fk_user";
         $sql .= " FROM ".MAIN_DB_PREFIX."usergroup_user as ugu, ".MAIN_DB_PREFIX."usergroup_rights as ur, ".MAIN_DB_PREFIX."rights_def as rd";
         $sql .= " WHERE ugu.fk_usergroup = ur.fk_usergroup AND ur.fk_id = rd.id and rd.module = 'expensereport' AND rd.perms = 'approve'"; // Permission 'Approve';

htdocs/fichinter/card.php

@@ -258,7 +258,13 @@ if (empty($reshook))
 				}
 
 				// Extrafields
-				$extrafields = new ExtraFields($db);
+
+				// Fill array 'array_options' with data from add form
+				$ret = $extrafields->setOptionalsFromPost(null, $object);
+				if ($ret < 0) {
+					$error++;
+					$action = 'create';
+				}
 				$array_options = $extrafields->getOptionalsFromPost($object->table_element);
 
 		        $object->array_options = $array_options;

htdocs/fourn/class/fournisseur.commande.class.php

@@ -3173,6 +3173,7 @@ class CommandeFournisseur extends CommonOrder
     		{
     			if (is_array($supplierorderdispatch->lines) && count($supplierorderdispatch->lines) > 0)
     			{
+					require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
     				$date_liv = dol_now();
 
     				// Build array with quantity deliverd by product
@@ -3180,7 +3181,11 @@ class CommandeFournisseur extends CommonOrder
     					$qtydelivered[$line->fk_product] += $line->qty;
     				}
     				foreach ($this->lines as $line) {
-    					$qtywished[$line->fk_product] += $line->qty;
+						if ($line->product_type == Product::TYPE_PRODUCT ||
+							($line->product_type == Product::TYPE_SERVICE && !empty($conf->global->STOCK_SUPPORTS_SERVICES))
+						) {
+							$qtywished[$line->fk_product] += $line->qty;
+						}
     				}
     				//Compare array
     				$diff_array = array_diff_assoc($qtydelivered, $qtywished); // Warning: $diff_array is done only on common keys.

htdocs/fourn/commande/card.php

@@ -1239,6 +1239,8 @@ if (empty($reshook))
 									$tva_tx = get_default_tva($soc, $mysoc, $lines[$i]->fk_product, $product_fourn_price_id);
 								}
 
+								$object->special_code = $lines[$i]->special_code;
+
 								$result = $object->addline(
 									$desc,
 									$lines[$i]->subprice,

htdocs/fourn/commande/dispatch.php

@@ -3,7 +3,7 @@
  * Copyright (C) 2004-2016 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2005      Eric Seigne          <eric.seigne@ryxeo.com>
  * Copyright (C) 2005-2009 Regis Houssin        <regis.houssin@inodbox.com>
- * Copyright (C) 2010-2019 Juanjo Menent        <jmenent@2byte.es>
+ * Copyright (C) 2010-2021 Juanjo Menent        <jmenent@2byte.es>
  * Copyright (C) 2014      Cedric Gross         <c.gross@kreiz-it.fr>
  * Copyright (C) 2016      Florian Henry        <florian.henry@atm-consulting.fr>
  * Copyright (C) 2017      Ferran Marcet        <fmarcet@2byte.es>
@@ -227,6 +227,7 @@ if ($action == 'dispatch' && $user->rights->fournisseur->commande->receptionner)
 	foreach ($_POST as $key => $value)
 	{
 		// without batch module enabled
+		$reg = array();
 		if (preg_match('/^product_([0-9]+)_([0-9]+)$/i', $key, $reg))
 		{
 			$pos++;
@@ -268,15 +269,19 @@ if ($action == 'dispatch' && $user->rights->fournisseur->commande->receptionner)
 					if (!$error && !empty($conf->global->SUPPLIER_ORDER_CAN_UPDATE_BUYINGPRICE_DURING_RECEIPT)) {
 						if (empty($conf->multicurrency->enabled) && empty($conf->dynamicprices->enabled)) {
 							$dto = GETPOST("dto_".$reg[1].'_'.$reg[2]);
+							if (empty($dto)) {
+								$dto = 0;
+							}
+
 							//update supplier price
 							if (isset($_POST[$saveprice])) {
 								// TODO Use class
 								$sql = "UPDATE ".MAIN_DB_PREFIX."product_fournisseur_price";
-								$sql .= " SET unitprice='".GETPOST($pu)."'";
-								$sql .= ", price=".GETPOST($pu)."*quantity";
+								$sql .= " SET unitprice='".price2num(GETPOST($pu), 'MU')."'";
+								$sql .= ", price=".price2num(GETPOST($pu), 'MU')."*quantity";
 								$sql .= ", remise_percent='".$dto."'";
-								$sql .= " WHERE fk_soc=".$object->socid;
-								$sql .= " AND fk_product=".GETPOST($prod, 'int');
+								$sql .= " WHERE fk_soc=".((int) $object->socid);
+								$sql .= " AND fk_product=".((int) GETPOST($prod, 'int'));
 
 								$resql = $db->query($sql);
 							}

htdocs/fourn/facture/contact.php

@@ -142,7 +142,7 @@ if ($id > 0 || !empty($ref))
 
 		dol_fiche_head($head, 'contact', $langs->trans('SupplierInvoice'), -1, 'bill');
 
-		$linkback = '<a href="'.DOL_URL_ROOT.'/compta/facture/list.php?restore_lastsearch_values=1'.(!empty($socid) ? '&socid='.$socid : '').'">'.$langs->trans("BackToList").'</a>';
+		$linkback = '<a href="'.DOL_URL_ROOT.'/fourn/facture/list.php?restore_lastsearch_values=1'.(!empty($socid) ? '&socid='.$socid : '').'">'.$langs->trans("BackToList").'</a>';
 
 		$morehtmlref = '<div class="refidno">';
     	// Ref supplier

htdocs/fourn/facture/info.php

@@ -67,7 +67,7 @@ $head = facturefourn_prepare_head($object);
 $titre = $langs->trans('SupplierInvoice');
 dol_fiche_head($head, 'info', $langs->trans('SupplierInvoice'), -1, 'bill');
 
-$linkback = '<a href="'.DOL_URL_ROOT.'/compta/facture/list.php?restore_lastsearch_values=1'.(!empty($socid) ? '&socid='.$socid : '').'">'.$langs->trans("BackToList").'</a>';
+$linkback = '<a href="'.DOL_URL_ROOT.'/fourn/facture/list.php?restore_lastsearch_values=1'.(!empty($socid) ? '&socid='.$socid : '').'">'.$langs->trans("BackToList").'</a>';
 
 $morehtmlref = '<div class="refidno">';
 // Ref supplier

htdocs/holiday/class/holiday.class.php

@@ -2112,7 +2112,7 @@ class Holiday extends CommonObject
 	{
 		global $mysoc;
 
-		$sql = "SELECT rowid, code, label, affect, delay, newByMonth";
+		$sql = "SELECT rowid, code, label, affect, delay, newbymonth";
 		$sql .= " FROM ".MAIN_DB_PREFIX."c_holiday_types";
 		$sql .= " WHERE (fk_country IS NULL OR fk_country = ".$mysoc->country_id.')';
 		if ($active >= 0) $sql .= " AND active = ".((int) $active);
@@ -2126,7 +2126,7 @@ class Holiday extends CommonObject
 			{
 				while ($obj = $this->db->fetch_object($result))
 				{
-					$types[$obj->rowid] = array('rowid'=> $obj->rowid, 'code'=> $obj->code, 'label'=>$obj->label, 'affect'=>$obj->affect, 'delay'=>$obj->delay, 'newByMonth'=>$obj->newByMonth);
+					$types[$obj->rowid] = array('rowid'=> $obj->rowid, 'code'=> $obj->code, 'label'=>$obj->label, 'affect'=>$obj->affect, 'delay'=>$obj->delay, 'newByMonth'=>$obj->newbymonth);
 				}
 
 				return $types;

htdocs/holiday/list.php

@@ -381,7 +381,7 @@ if ($resql)
 		//'builddoc'=>$langs->trans("PDFMerge"),
 		//'presend'=>$langs->trans("SendByMail"),
 	);
-	if ($user->rights->holiday->supprimer) $arrayofmassactions['predelete'] = '<span class="fa fa-trash paddingrightonly"></span>'.$langs->trans("Delete");
+	if ($user->rights->holiday->delete) $arrayofmassactions['predelete'] = '<span class="fa fa-trash paddingrightonly"></span>'.$langs->trans("Delete");
 	if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
 	$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
 

htdocs/install/mysql/data/llx_20_c_departements.sql

@@ -158,10 +158,10 @@ insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,no
 insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (201,'05','',1,'FLANDRE-OCCIDENTALE','Flandre-Occidentale');
 insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (201,'06','',1,'FLANDRE-ORIENTALE','Flandre-Orientale');
 insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (202,'07','',2,'HAINAUT','Hainaut');
-insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (201,'08','',2,'LIEGE','Liège');
+insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (202,'08','',2,'LIEGE','Liège');
 insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (202,'09','',1,'LIMBOURG','Limbourg');
 insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (202,'10','',2,'LUXEMBOURG','Luxembourg');
-insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (201,'11','',2,'NAMUR','Namur');
+insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (202,'11','',2,'NAMUR','Namur');
 
 -- Provinces Italy (id=3)
 insert into llx_c_departements (code_departement,fk_region,cheflieu,tncc,ncc,nom) values ('AG',315,NULL,NULL,NULL,'AGRIGENTO');

htdocs/langs/en_US/withdrawals.lang

@@ -27,6 +27,7 @@ MakeWithdrawRequest=Make a direct debit payment request
 WithdrawRequestsDone=%s direct debit payment requests recorded
 ThirdPartyBankCode=Third-party bank code
 NoInvoiceCouldBeWithdrawed=No invoice debited successfully. Check that invoices are on companies with a valid IBAN and that IBAN has a UMR (Unique Mandate Reference) with mode <strong>%s</strong>.
+WithdrawalCantBeCreditedTwice=This withdrawal receipt is already marked as credited; this can't be done twice, as this would potentially create duplicate payments and bank entries.
 ClassCredited=Classify credited
 ClassCreditedConfirm=Are you sure you want to classify this withdrawal receipt as credited on your bank account?
 TransData=Transmission date

htdocs/langs/fr_FR/withdrawals.lang

@@ -27,6 +27,7 @@ MakeWithdrawRequest=Faire une demande de prélèvement
 WithdrawRequestsDone=%s demandes de prélèvements enregistrées
 ThirdPartyBankCode=Code banque du tiers
 NoInvoiceCouldBeWithdrawed=Aucune facture traitée avec succès. Vérifiez que les factures sont sur les sociétés avec un BAN par défaut valide et que le BAN a un RUM avec le mode <strong> %s </strong>.
+WithdrawalCantBeCreditedTwice=Ce bon de prélèvement est déjà classé crédité ; cette opération ne peut pas être réalisée deux fois, car cela pourrait engendrer des doublons dans les paiements et les écritures bancaires.
 ClassCredited=Classer crédité
 ClassCreditedConfirm=Êtes-vous sûr de vouloir classer ce bon de prélèvement comme crédité sur votre compte bancaire ?
 TransData=Date de transmission

htdocs/product/list.php

@@ -180,7 +180,7 @@ $arrayfields = array(
     'p.sellprice'=>array('label'=>$langs->trans("SellingPrice"), 'checked'=>1, 'enabled'=>empty($conf->global->PRODUIT_MULTIPRICES)),
 	'p.minbuyprice'=>array('label'=>$langs->trans("BuyingPriceMinShort"), 'checked'=>1, 'enabled'=>(!empty($user->rights->fournisseur->lire))),
 	'p.numbuyprice'=>array('label'=>$langs->trans("BuyingPriceNumShort"), 'checked'=>0, 'enabled'=>(!empty($user->rights->fournisseur->lire))),
-    'p.tva_tx'=>array('label'=>$langs->trans("VATRate"), 'checked'=>0, 'enabled'=>(!empty($user->rights->fournisseur->lire))),
+    'p.tva_tx'=>array('label'=>$langs->trans("VATRate"), 'checked'=>0, 'enabled'=>empty($conf->global->PRODUIT_MULTIPRICES)),
     'p.pmp'=>array('label'=>$langs->trans("PMPValueShort"), 'checked'=>0, 'enabled'=>(!empty($user->rights->fournisseur->lire))),
 	'p.seuil_stock_alerte'=>array('label'=>$langs->trans("StockLimit"), 'checked'=>0, 'enabled'=>(!empty($conf->stock->enabled) && $user->rights->stock->lire && $contextpage != 'service')),
 	'p.desiredstock'=>array('label'=>$langs->trans("DesiredStock"), 'checked'=>1, 'enabled'=>(!empty($conf->stock->enabled) && $user->rights->stock->lire && $contextpage != 'service')),
@@ -332,7 +332,7 @@ if ($search_label)   $sql .= natural_search('p.label', $search_label);
 if ($search_barcode) $sql .= natural_search('p.barcode', $search_barcode);
 if (isset($search_tosell) && dol_strlen($search_tosell) > 0 && $search_tosell != -1) $sql .= " AND p.tosell = ".$db->escape($search_tosell);
 if (isset($search_tobuy) && dol_strlen($search_tobuy) > 0 && $search_tobuy != -1)   $sql .= " AND p.tobuy = ".$db->escape($search_tobuy);
-if ($search_vatrate) $sql .= natural_search('p.tva_tx', $search_vatrate);
+if ($search_vatrate) $sql .= natural_search('p.tva_tx', $search_vatrate, 1);
 if (dol_strlen($canvas) > 0)                    $sql .= " AND p.canvas = '".$db->escape($canvas)."'";
 if ($catid > 0)     $sql .= " AND cp.fk_categorie = ".$catid;
 if ($catid == -2)   $sql .= " AND cp.fk_categorie IS NULL";
@@ -774,7 +774,7 @@ if ($resql)
         print_liste_field_titre($arrayfields['p.numbuyprice']['label'], $_SERVER["PHP_SELF"], "", "", $param, '', $sortfield, $sortorder, 'right ');
     }
     if (!empty($arrayfields['p.tva_tx']['checked'])) {
-        print_liste_field_titre($arrayfields['p.tva_tx']['label'], $_SERVER["PHP_SELF"], "", "", $param, '', $sortfield, $sortorder, 'right ');
+        print_liste_field_titre($arrayfields['p.tva_tx']['label'], $_SERVER["PHP_SELF"], 'p.tva_tx', "", $param, '', $sortfield, $sortorder, 'right ');
     }
     if (!empty($arrayfields['p.pmp']['checked'])) {
         print_liste_field_titre($arrayfields['p.pmp']['label'], $_SERVER["PHP_SELF"], "", "", $param, '', $sortfield, $sortorder, 'right ');

htdocs/product/price.php

@@ -1442,11 +1442,11 @@ if ((empty($conf->global->PRODUIT_CUSTOMER_PRICES) || $action == 'showlog_defaul
     		// Il doit au moins y avoir la ligne de prix initial.
     		// On l'ajoute donc pour remettre a niveau (pb vieilles versions)
     		//$object->updatePrice($object->price, $object->price_base_type, $user, $object->tva_tx, $object->price_min);
-            if (!empty($conf->global->PRODUIT_MULTIPRICES)) {
-            	$object->updatePrice($object->multiprices[1], $object->multiprices_base_type[1], $user, (empty($object->multiprices_tva_tx[1]) ? 0 : $object->multiprices_tva_tx[1]), $object->multiprices_min[1], 1);
-            } else {
-                $object->updatePrice($object->price, $object->price_base_type, $user, $object->tva_tx, $object->price_min);
-            }
+			if (!empty($conf->global->PRODUIT_MULTIPRICES)) {
+				$object->updatePrice(($object->multiprices_base_type[1] == 'TTC' ? $object->multiprices_ttc[1] : $object->multiprices[1]), $object->multiprices_base_type[1], $user, (empty($object->multiprices_tva_tx[1]) ? 0 : $object->multiprices_tva_tx[1]), ($object->multiprices_base_type[1] == 'TTC' ? $object->multiprices_min_ttc[1] : $object->multiprices_min[1]), 1);
+			} else {
+				$object->updatePrice(($object->price_base_type == 'TTC' ? $object->price_ttc : $object->price), $object->price_base_type, $user, $object->tva_tx, ($object->price_base_type == 'TTC' ? $object->price_min_ttc : $object->price_min));
+			}
 
     		$result = $db->query($sql);
     		$num = $db->num_rows($result);

htdocs/product/stock/replenish.php

@@ -48,7 +48,7 @@ $hookmanager->initHooks(array('stockreplenishlist'));
 
 //checks if a product has been ordered
 
-$action = GETPOST('action', 'alpha');
+$action = GETPOST('action', 'aZ09');
 $sref = GETPOST('sref', 'alpha');
 $snom = GETPOST('snom', 'alpha');
 $sall = trim((GETPOST('search_all', 'alphanohtml') != '') ?GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml'));
@@ -211,7 +211,9 @@ if ($action == 'order' && isset($_POST['valid']))
             if ($resql && $db->num_rows($resql) > 0) {
                 $obj = $db->fetch_object($resql);
                 $order->fetch($obj->rowid);
+				$order->fetch_thirdparty();
                 foreach ($supplier['lines'] as $line) {
+                	if(empty($line->remise_percent)) $line->remise_percent = $order->thirdparty->remise_supplier_percent;
                     $result = $order->addline(
                         $line->desc,
                         $line->subprice,
@@ -248,6 +250,7 @@ if ($action == 'order' && isset($_POST['valid']))
                 //trick to know which orders have been generated this way
                 $order->source = 42;
                 foreach ($supplier['lines'] as $line) {
+					if(empty($line->remise_percent)) $line->remise_percent = $order->thirdparty->remise_supplier_percent;
                     $order->lines[] = $line;
                 }
                 $order->cond_reglement_id = $order->thirdparty->cond_reglement_supplier_id;
@@ -305,7 +308,7 @@ if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entre
 
 
 $sql = 'SELECT p.rowid, p.ref, p.label, p.description, p.price,';
-$sql .= ' p.price_ttc, p.price_base_type,p.fk_product_type,';
+$sql .= ' p.price_ttc, p.price_base_type, p.fk_product_type,';
 $sql .= ' p.tms as datem, p.duration, p.tobuy,';
 $sql .= ' p.desiredstock, p.seuil_stock_alerte,';
 if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entrepot > 0) {
@@ -323,11 +326,8 @@ $sql .= $hookmanager->resPrint;
 $sql .= ' FROM '.MAIN_DB_PREFIX.'product as p';
 $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_stock as s ON p.rowid = s.fk_product';
 $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'entrepot AS ent ON s.fk_entrepot = ent.rowid AND ent.entity IN('.getEntity('stock').')';
-if ($fk_supplier > 0) {
-	$sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'product_fournisseur_price pfp ON (pfp.fk_product = p.rowid AND pfp.fk_soc = '.$fk_supplier.')';
-}
 if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entrepot > 0) {
-	$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_warehouse_properties AS pse ON (p.rowid = pse.fk_product AND pse.fk_entrepot = '.$fk_entrepot.')';
+	$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_warehouse_properties AS pse ON (p.rowid = pse.fk_product AND pse.fk_entrepot = '.((int) $fk_entrepot).')';
 }
 
 // Add fields from hooks
@@ -349,6 +349,15 @@ if ($sref) $sql .= natural_search('p.ref', $sref);
 if ($snom) $sql .= natural_search('p.label', $snom);
 $sql .= ' AND p.tobuy = 1';
 if (!empty($canvas)) $sql .= ' AND p.canvas = "'.$db->escape($canvas).'"';
+if ($fk_supplier > 0) {
+	$sql .= ' AND EXISTS (SELECT pfp.rowid FROM '.MAIN_DB_PREFIX.'product_fournisseur_price as pfp WHERE pfp.fk_product = p.rowid AND pfp.fk_soc = '.((int) $fk_supplier).' AND pfp.entity IN ('.getEntity('product_fournisseur_price').'))';
+}
+
+// Add where from hooks
+$parameters = array();
+$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook
+$sql .= $hookmanager->resPrint;
+
 $sql .= ' GROUP BY p.rowid, p.ref, p.label, p.description, p.price';
 $sql .= ', p.price_ttc, p.price_base_type,p.fk_product_type, p.tms';
 $sql .= ', p.duration, p.tobuy';
@@ -456,11 +465,6 @@ if ($usevirtualstock)
 	}
 }
 
-// Add where from hooks
-$parameters = array();
-$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook
-$sql .= $hookmanager->resPrint;
-
 $sql .= $db->order($sortfield, $sortorder);
 $sql .= $db->plimit($limit + 1, $offset);
 
@@ -759,7 +763,9 @@ while ($i < ($limit ? min($num, $limit) : $num))
 		print '<td class="right">'.$alertstock.'</td>';
 
 		// Current stock (all warehouses)
-		print '<td class="right">'.$warning.$stock.'</td>';
+		print '<td class="right">'.$warning.$stock;
+		print '<!-- stock returned by main sql is '.$objp->stock_physique.' -->';
+		print '</td>';
 
 		// Already ordered
 		print '<td class="right"><a href="replenishorders.php?sproduct='.$prod->id.'">'.$ordered.'</a> '.$picto.'</td>';

htdocs/projet/activity/perday.php

@@ -210,7 +210,7 @@ if ($action == 'addtime' && $user->rights->projet->lire && GETPOST('assigntask')
 		{
 			// Test if we are already contact of the project (should be rare but sometimes we can add as task contact without being contact of project, like when admin user has been removed from contact of project)
 			$sql = 'SELECT ec.rowid FROM '.MAIN_DB_PREFIX.'element_contact as ec, '.MAIN_DB_PREFIX.'c_type_contact as tc WHERE tc.rowid = ec.fk_c_type_contact';
-			$sql .= ' AND ec.fk_socpeople = '.$idfortaskuser." AND ec.element_id = '.$object->fk_project.' AND tc.element = 'project' AND source = 'internal'";
+			$sql .= ' AND ec.fk_socpeople = '.((int) $idfortaskuser)." AND ec.element_id = ".((int) $object->fk_project)." AND tc.element = 'project' AND source = 'internal'";
 			$resql = $db->query($sql);
 			if ($resql)
 			{

htdocs/projet/activity/perweek.php

@@ -224,7 +224,7 @@ if ($action == 'addtime' && $user->rights->projet->lire && GETPOST('assigntask')
 		{
 			// Test if we are already contact of the project (should be rare but sometimes we can add as task contact without being contact of project, like when admin user has been removed from contact of project)
 			$sql = 'SELECT ec.rowid FROM '.MAIN_DB_PREFIX.'element_contact as ec, '.MAIN_DB_PREFIX.'c_type_contact as tc WHERE tc.rowid = ec.fk_c_type_contact';
-			$sql .= ' AND ec.fk_socpeople = '.$idfortaskuser." AND ec.element_id = '.$object->fk_project.' AND tc.element = 'project' AND source = 'internal'";
+			$sql .= ' AND ec.fk_socpeople = '.((int) $idfortaskuser)." AND ec.element_id = ".((int) $object->fk_project)." AND tc.element = 'project' AND source = 'internal'";
 			$resql = $db->query($sql);
 			if ($resql)
 			{

htdocs/societe/class/api_thirdparties.class.php

@@ -1048,7 +1048,7 @@ class Thirdparties extends DolibarrApi
     {
 		global $db, $conf;
 
-		if (!DolibarrApiAccess::$user->rights->facture->lire) {
+		if (!DolibarrApiAccess::$user->rights->societe->lire) {
 			throw new RestException(401);
 		}
 		if (empty($id)) {

htdocs/societe/class/societe.class.php

@@ -84,7 +84,7 @@ class Societe extends CommonObject
 
 	/**
 	 * @var array    List of child tables. To know object to delete on cascade.
-	 *               if name like with @ClassNAme:FilePathClass;ParentFkFieldName' it will call method deleteByParentField (with parentId as parameters) and FieldName to fetch and delete child object
+	 *               if name like with @ClassName:FilePathClass:ParentFkFieldName' it will call method deleteByParentField (with parentId as parameters) and FieldName to fetch and delete child object
 	 */
 	protected $childtablesoncascade = array(
 		"societe_prices",

htdocs/societe/consumption.php

@@ -218,7 +218,7 @@ if ($type_element == 'propal')
 	$where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid;
 	$where.= " AND d.fk_propal = c.rowid";
 	$where.= " AND c.entity = ".$conf->entity;
-	$datePrint = 'c.datep';
+	$dateprint = 'c.datep';
 	$doc_number='c.ref';
 	$thirdTypeSelect='customer';
 }
@@ -309,7 +309,7 @@ if (!empty($sql_select))
 	if ($sref) $sql.= " AND ".$doc_number." LIKE '%".$db->escape($sref)."%'";
 	if ($sprod_fulldescr)
 	{
-	    $sql.= " AND (d.description LIKE '%".$db->escape($sprod_fulldescr)."%'";
+	    $sql.= " AND (d.description LIKE '%".$db->escape($sprod_fulldescr)."%' OR d.description LIKE '%".$db->escape(dol_htmlentities($sprod_fulldescr))."%'";
 	    if (GETPOST('type_element') != 'fichinter') $sql.= " OR p.ref LIKE '%".$db->escape($sprod_fulldescr)."%'";
 	    if (GETPOST('type_element') != 'fichinter') $sql.= " OR p.label LIKE '%".$db->escape($sprod_fulldescr)."%'";
 	    $sql.=")";

htdocs/societe/societecontact.php

@@ -331,7 +331,7 @@ if ($id > 0 || ! empty($ref))
 						else
 						{
 							print '<td class="left nowrap">';
-							if ($objp->subscription == 'yes')
+							if (!empty($objp->subscription))
 							{
 								print $langs->trans("SubscriptionNotReceived");
 								if ($objp->statut > 0) print " ".img_warning();

htdocs/user/class/api_users.class.php

@@ -71,7 +71,7 @@ class Users extends DolibarrApi
 
 	    $obj_ret = array();
 
-		if (!DolibarrApiAccess::$user->rights->user->user->lire) {
+		if (!DolibarrApiAccess::$user->rights->user->user->lire && empty(DolibarrApiAccess::$user->admin)) {
 	        throw new RestException(401, "You are not allowed to read list of users");
 	    }
 
@@ -142,9 +142,9 @@ class Users extends DolibarrApi
 	 */
     public function get($id, $includepermissions = 0)
     {
-		//if (!DolibarrApiAccess::$user->rights->user->user->lire) {
-			//throw new RestException(401);
-		//}
+		if (!DolibarrApiAccess::$user->rights->user->user->lire && empty(DolibarrApiAccess::$user->admin)) {
+			throw new RestException(401);
+		}
 
 		$result = $this->useraccount->fetch($id);
 		if (!$result)
@@ -177,7 +177,11 @@ class Users extends DolibarrApi
      */
     public function getInfo()
     {
-        $apiUser = DolibarrApiAccess::$user;
+    	if (empty(DolibarrApiAccess::$user->rights->user->user->lire) && empty(DolibarrApiAccess::$user->admin)) {
+    		throw new RestException(401, 'Not allowed');
+    	}
+
+    	$apiUser = DolibarrApiAccess::$user;
 
         $result = $this->useraccount->fetch($apiUser->id);
         if (!$result) {
@@ -208,9 +212,9 @@ class Users extends DolibarrApi
     public function post($request_data = null)
     {
 	    // check user authorization
-	    //if(! DolibarrApiAccess::$user->rights->user->creer) {
-	    //   throw new RestException(401, "User creation not allowed");
-	    //}
+	    if (empty(DolibarrApiAccess::$user->rights->user->creer) && empty(DolibarrApiAccess::$user->admin)) {
+			throw new RestException(401, "User creation not allowed");
+	    }
 	    // check mandatory fields
 	    /*if (!isset($request_data["login"]))
 	        throw new RestException(400, "login field missing");
@@ -242,9 +246,9 @@ class Users extends DolibarrApi
 	 */
     public function put($id, $request_data = null)
     {
-		//if (!DolibarrApiAccess::$user->rights->user->user->creer) {
-			//throw new RestException(401);
-		//}
+		if (empty(DolibarrApiAccess::$user->rights->user->user->creer) && empty(DolibarrApiAccess::$user->admin)) {
+			throw new RestException(401);
+		}
 
 		$result = $this->useraccount->fetch($id);
 		if (!$result)
@@ -299,7 +303,7 @@ class Users extends DolibarrApi
 	{
 		$obj_ret = array();
 
-		if (!DolibarrApiAccess::$user->rights->user->user->lire) {
+		if (empty(DolibarrApiAccess::$user->rights->user->user->lire) && empty(DolibarrApiAccess::$user->admin)) {
 			throw new RestException(401);
 		}
 
@@ -334,9 +338,9 @@ class Users extends DolibarrApi
 
 		global $conf;
 
-		//if (!DolibarrApiAccess::$user->rights->user->user->supprimer) {
-			//throw new RestException(401);
-		//}
+		if (empty(DolibarrApiAccess::$user->rights->user->user->creer) && empty(DolibarrApiAccess::$user->admin)) {
+			throw new RestException(401);
+		}
 		$result = $this->useraccount->fetch($id);
 		if (!$result)
 		{
@@ -389,9 +393,10 @@ class Users extends DolibarrApi
 
 	    $obj_ret = array();
 
-		if (!DolibarrApiAccess::$user->rights->user->group_advance->read) {
-	        throw new RestException(401, "You are not allowed to read list of groups");
-	    }
+	    if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty(DolibarrApiAccess::$user->rights->user->user->lire) && empty(DolibarrApiAccess::$user->admin)) ||
+	    	!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty(DolibarrApiAccess::$user->rights->user->group_advance->read) && empty(DolibarrApiAccess::$user->admin)) {
+	    		throw new RestException(401, "You are not allowed to read groups");
+    	}
 
 	    // case of external user, $societe param is ignored and replaced by user's socid
 	    //$socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : $societe;
@@ -463,7 +468,8 @@ class Users extends DolibarrApi
     {
 	    global $db, $conf;
 
-		if (!DolibarrApiAccess::$user->rights->user->group_advance->read) {
+	    if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty(DolibarrApiAccess::$user->rights->user->user->lire) && empty(DolibarrApiAccess::$user->admin)) ||
+	    	!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty(DolibarrApiAccess::$user->rights->user->group_advance->read) && empty(DolibarrApiAccess::$user->admin)) {
 	        throw new RestException(401, "You are not allowed to read groups");
 	    }
 
@@ -486,9 +492,9 @@ class Users extends DolibarrApi
 	 */
     public function delete($id)
     {
-		//if (!DolibarrApiAccess::$user->rights->user->user->supprimer) {
-			//throw new RestException(401);
-		//}
+		if (empty(DolibarrApiAccess::$user->rights->user->user->supprimer) && empty(DolibarrApiAccess::$user->admin)) {
+			throw new RestException(401);
+		}
 		$result = $this->useraccount->fetch($id);
 		if (!$result)
 		{

htdocs/user/class/user.class.php

@@ -3320,7 +3320,7 @@ class User extends CommonObject
 		}
 		else
 		{
-			$sql .= " WHERE 1";
+			$sql .= " WHERE 1 = 1";
 		}
 
 		// Manage filter

htdocs/user/class/usergroup.class.php

@@ -983,7 +983,7 @@ class UserGroup extends CommonObject
 			}
 			$info[$conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS] = (!empty($valueofldapfield)?$valueofldapfield:'');
         }
-        if(!empty($info[$conf->global->LDAP_GROUP_FIELD_GROUPID])){
+        if(!empty($conf->global->LDAP_GROUP_FIELD_GROUPID)){
             $info[$conf->global->LDAP_GROUP_FIELD_GROUPID]=$this->id;
         }
 		return $info;

htdocs/user/group/ldap.php

@@ -69,8 +69,8 @@ if ($action == 'dolibarr2ldap')
 	{
 		$info=$object->_load_ldap_info();
 
-		// Get a gid number for objectclass PosixGroup
-		if (in_array('posixGroup', $info['objectclass'])) {
+		// Get a gid number for objectclass PosixGroup if none was provided
+		if (empty($info[$conf->global->LDAP_GROUP_FIELD_GROUPID]) && in_array('posixGroup', $info['objectclass'])) {
 			$info['gidNumber'] = $ldap->getNextGroupGid('LDAP_KEY_GROUPS');
 		}