From 0abcf5694c590aafd9fd15597c8102057c049b29 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 6 Apr 2018 20:18:36 +0200
Subject: [PATCH] Fix message of discount

---
 htdocs/contact/class/contact.class.php   | 12 ++++++------
 htdocs/core/lib/functions.lib.php        |  1 +
 htdocs/core/tpl/object_discounts.tpl.php | 14 +++++++++-----
 3 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php
index 7c30d7eb352..83ad411b4b6 100644
--- a/htdocs/contact/class/contact.class.php
+++ b/htdocs/contact/class/contact.class.php
@@ -220,15 +220,15 @@ class Contact extends CommonObject
 		$sql.= ", import_key";
 		$sql.= ") VALUES (";
 		$sql.= "'".$this->db->idate($now)."',";
-		if ($this->socid > 0) $sql.= " ".$this->socid.",";
+		if ($this->socid > 0) $sql.= " ".$this->db->escape($this->socid).",";
 		else $sql.= "null,";
 		$sql.= "'".$this->db->escape($this->lastname)."',";
         $sql.= "'".$this->db->escape($this->firstname)."',";
-		$sql.= " ".($user->id > 0 ? "'".$user->id."'":"null").",";
-		$sql.= " ".$this->priv.",";
-		$sql.= " ".$this->statut.",";
+        $sql.= " ".($user->id > 0 ? "'".$this->db->escape($user->id)."'":"null").",";
+		$sql.= " ".$this->db->escape($this->priv).",";
+		$sql.= " ".$this->db->escape($this->statut).",";
         $sql.= " ".(! empty($this->canvas)?"'".$this->db->escape($this->canvas)."'":"null").",";
-        $sql.= " ".$entity.",";
+        $sql.= " ".$this->db->escape($entity).",";
         $sql.= "'".$this->db->escape($this->ref_ext)."',";
         $sql.= " ".(! empty($this->import_key)?"'".$this->db->escape($this->import_key)."'":"null");
 		$sql.= ")";
@@ -349,7 +349,7 @@ class Contact extends CommonObject
 		$sql .= ", phone_mobile = ".(isset($this->phone_mobile)?"'".$this->db->escape($this->phone_mobile)."'":"null");
 		$sql .= ", jabberid = ".(isset($this->jabberid)?"'".$this->db->escape($this->jabberid)."'":"null");
 		$sql .= ", priv = '".$this->db->escape($this->priv)."'";
-		$sql .= ", statut = ".$this->statut;
+		$sql .= ", statut = ".$this->db->escape($this->statut);
 		$sql .= ", fk_user_modif=".($user->id > 0 ? "'".$this->db->escape($user->id)."'":"NULL");
 		$sql .= ", default_lang=".($this->default_lang?"'".$this->db->escape($this->default_lang)."'":"NULL");
 		$sql .= ", no_email=".($this->no_email?"'".$this->db->escape($this->no_email)."'":"0");
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index a24a454d54e..538fa9defa6 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -258,6 +258,7 @@ function GETPOSTISSET($paramname)
  *                                  ''=no check (deprecated)
  *                                  'none'=no check (only for param that should have very rich content)
  *                                  'int'=check it's numeric (integer or float)
+ *                                  'intcomma'=check it's integer+comma ('1,2,3,4...')
  *                                  'alpha'=check it's text and sign
  *                                  'aZ'=check it's a-z only
  *                                  'aZ09'=check it's simple alpha string (recommended for keys)
diff --git a/htdocs/core/tpl/object_discounts.tpl.php b/htdocs/core/tpl/object_discounts.tpl.php
index e8accdc4d26..70698bfa7eb 100644
--- a/htdocs/core/tpl/object_discounts.tpl.php
+++ b/htdocs/core/tpl/object_discounts.tpl.php
@@ -34,16 +34,20 @@ $addabsolutediscount = '<a href="' . DOL_URL_ROOT . '/comm/remx.php?id=' . $thir
 $viewabsolutediscount = '<a href="' . DOL_URL_ROOT . '/comm/remx.php?id=' . $thirdparty->id . '&backtopage=' . $backtopage . '">' . $langs->trans("ViewAvailableGlobalDiscounts") . '</a>';
 
 $fixedDiscount = $thirdparty->remise_percent;
-
 if(! empty($discount_type)) {
 	$fixedDiscount = $thirdparty->remise_supplier_percent;
 }
 
-$translationKey = ! empty($discount_type) ? 'HasRelativeDiscountFromSupplier' : 'CompanyHasRelativeDiscount';
 if ($fixedDiscount > 0)
+{
+	$translationKey = (! empty($discount_type)) ? 'HasRelativeDiscountFromSupplier' : 'CompanyHasRelativeDiscount';
 	print $langs->trans($translationKey, $fixedDiscount).'.';
+}
 else
+{
+	$translationKey = (! empty($discount_type)) ? 'HasNoRelativeDiscountFromSupplier' : 'CompanyHasNoRelativeDiscount';
 	print $langs->trans($translationKey).'.';
+}
 if($isNewObject) print ' ('.$addrelativediscount.')';
 
 // Is there is commercial discount or down payment available ?
@@ -56,7 +60,7 @@ if ($absolute_discount > 0) {
 		if ($isInvoice && ! $isNewObject && $object->statut > $classname::STATUS_DRAFT && $object->type != $classname::TYPE_CREDIT_NOTE && $object->type != $classname::TYPE_DEPOSIT) {
 			$text = $form->textwithpicto($text, $langs->trans('AbsoluteDiscountUse'));
 		}
-		
+
 		if ($isNewObject) {
 			$text.= ' ('.$addabsolutediscount.')';
 		}
@@ -71,7 +75,7 @@ if ($absolute_discount > 0) {
 
 // Is there credit notes availables ?
 if ($absolute_creditnote > 0) {
-	
+
 	// If validated, we show link "add credit note to payment"
 	if ($cannotApplyDiscount || ! $isInvoice || $isNewObject || $object->statut != $classname::STATUS_VALIDATED || $object->type == $classname::TYPE_CREDIT_NOTE) {
 		$translationKey = ! empty($discount_type) ? 'HasCreditNoteFromSupplier' : 'CompanyHasCreditNote';
@@ -80,7 +84,7 @@ if ($absolute_creditnote > 0) {
 		if ($isInvoice && ! $isNewObject && $object->statut == $classname::STATUS_DRAFT && $object->type != $classname::TYPE_DEPOSIT) {
 			$text = $form->textwithpicto($text, $langs->trans('CreditNoteDepositUse'));
 		}
-		
+
 		if ($absolute_discount <= 0 || $isNewObject) {
 			$text.= '('.$addabsolutediscount.')';
 		}