Merge branch '10.0' of git@github.com:Dolibarr/dolibarr.git into 10.0_mc2

ChangeLog

@@ -2,8 +2,148 @@
 English Dolibarr ChangeLog
 --------------------------------------------------------------
 
-***** ChangeLog for 10.0.2 compared to 10.0.1 *****
+***** ChangeLog for 10.0.6 compared to 10.0.5 *****
+FIX Regression of 10.0.5 to create/edit proposals and orders.
+FIX: #12760 #12763 #12755 #12765 #12751
+FIX: add product qty in shipment already sent (fix for option STOCK_CALCULATE_ON_SHIPMENT_NEW)
+FIX: an issue that shows all entities stock
+FIX: class Facture undefined in displaying margin information
+FIX: error 500 when getting margin info for objects other than invoices
+FIX: Loan card - Wrong language key used
+FIX: Missing language key for MAIN_MAXTABS_IN_CARD
+FIX: product with empty stock were not visible
+FIX: remove backward compatibility projectid and uses object id instead
+FIX: Some issues on salary payment
+FIX: Some problems on conciliation with others modules
+FIX: typo on language key
+FIX: url new for task time spent in project element tab
+FIX: uses GETPOSTISSET instead of GETPOST for projectfield
+FIX: var transkey not defined in input hidden
+FIX: wrong var name and avoid warning
 
+***** ChangeLog for 10.0.5 compared to 10.0.4 *****
+FIX: 10.0: add URL param "restore_last_search_values=1" to all backlinks pointing to lists
+FIX: 10.0: do not display single-letter values (indicating duration unit without value) in product list
+FIX: #12473
+FIX: #12481 : fix ticket creation from thirdparty, mission $socid var
+FIX: #12482
+FIX: #12644
+FIX: #12665 Mass invoice validation with stock management
+FIX: #12688
+FIX: #12745
+FIX: add and modify category translate form with posted values on errors
+FIX: add URL param "restore_last_search_values=1" to all backlinks that point to a list
+FIX: CommandeFournisseurLigne update function must not be able to return other value than 1 if success
+FIX: contact card state address selected after filling address
+FIX: dol_string_nohtmltag when there is html with windows EOL "<br>\r\n"
+FIX: filter language is an array
+FIX: first col at wrong position in Export 2007 (new)
+FIX: getrights() request
+FIX: Invoice Situation integration into Margin
+FIX: missing nl2br conversion
+FIX: not fee in payout list
+FIX: product_fourn_price_id was assigned too late for logPrice() function
+FIX: Reduce number of request for list of products
+FIX: set due date in object in create invoice
+FIX: units traductions for selectUnits() function
+FIX: when we need to bill several orders, order lines unit is not on bill lines
+NEW: 9.0: allow users to use the mysqldump '--quick' option
+
+***** ChangeLog for 10.0.4 compared to 10.0.3 *****
+FIX: The pdf templates were using the large logo making PDF too large (and edition of proposal, order, invoice VERY slow)
+FIX: #12258
+FIX: #12319 Restore feature ACCOUNTANCY_AUTOFILL_ACCOUNT_WITH_GENERIC.
+FIX: #12356
+FIX: #12372
+FIX: #12385
+FIX: Advisory ID: usd20190053
+FIX: Advisory ID: usd20190067
+FIX: Avoid fatal error when creating thumb from PDF
+FIX: compatibility with Multicompany
+FIX: display job of contact list
+FIX: Extrafields missing in export of expense report
+FIX: Hook getAccessForbiddenMessage was missing parameters
+FIX: limit 20 prevent to see all products/services
+FIX: Search on leave request ref
+FIX: security check. A user can see holiday with link without permissions
+FIX: Set unpaid of expense report
+FIX: shipping extrafields line
+FIX: the SELECT examine more than MAX_JOIN_SIZE rows #12305
+FIX: triggers: directories read with opendir() never closed
+FIX: we need to be able to recalculate tva only if invoice not in accountancy
+FIX: wrong invoice id for fetchObjetctLinked
+
+***** ChangeLog for 10.0.3 compared to 10.0.2 *****
+IMPORTANT : This version fixes a serious bug in saving the units of weight, size, surface and volume on product card.
+The unit were not saved correctly in database making calculation on shipments wrong. 
+Update to this version must be done if you use them and have installed version 10.0.0, 10.0.1 or 10.0.2 and set some products after installing or upgrading to one of this version.
+Once update is done you must then edit (manually) the product that has bad unit to set the correct unit to have features restored.
+
+FIX: #11702 
+FIX: #11861 No consistent code to manage measuring units
+FIX: #11942
+FIX: #12026
+FIX: #12040
+FIX: #12041
+FIX: #12054
+FIX: #12083
+FIX: #12088
+FIX: CVE-2019-17578 CVE-2019-17577 CVE-2019-17576
+FIX: Clean the + of categories on the product view only in POS module
+FIX: access to public interface when origin email has an alias.
+FIX: Alias name is not into the email recipient label.
+FIX: allow standalone credit note even if no invoice
+FIX: an admin can not access his own permissions after enabling advanced permissions
+FIX: Attachement of linked files on ticket when sending a message
+FIX: avoid non numeric warning
+FIX: Bad currency var used in stripe for connect
+FIX: Bad list of ticket on public interface for ticket emailcollector
+FIX: Can't modify vendor invoice if transfered into accountancy
+FIX: change product type must be allowed if we activate hidden conf
+FIX: colspan on VAT quadri report
+FIX: CSS
+FIX: Debug feature orderstoinvoice for suppliers
+FIX: do not output return code on screen after a select of bank account
+FIX: Edit of ticket module parameters erased others
+FIX: empty cache when we want to load specific warehouses in select
+FIX: escape email alias
+FIX:  expedition.class.php
+FIX: Export of leave request show the number of open days
+FIX: Filtering the HTTP Header "Accept-Language".
+FIX: Filter on project on ticket list
+FIX: Filter "Open all" of ticket was ko.
+FIX: Force downlaod of file with .noexe as octet-stream mime type
+FIX: form not closed.
+FIX: hidden conf to prevent from changing product_type
+FIX: If product account not suggested during bind, it is not preselected
+FIX: If we share invoice, we need to see discount created from a deposit on each entity
+FIX: Import of product using units
+FIX: label of thirdparty is wrong on open project list
+FIX: Look and feel v10
+FIX: missing begin()
+FIX: missing "$this->id" in "fetch" function
+FIX: navigation on ticket tab of projects
+FIX: new invoice with generic thirdparty in takepos
+FIX: Pb in units of shipments
+FIX: regression with option to hide picto on top menu
+FIX: selection of project i am contact of.
+FIX: Send email from expense report card.
+FIX: shipping card: missing user error messages when classifying closed or billed
+FIX: SQL injection on qty
+FIX: stripe payment when there is a quote into address
+FIX: Substitution of __PROJECT_XXX__ not done
+FIX: TakePOS no invoice validation control and good payment translate
+FIX: the access of the bank account of one user
+FIX: top menu right padding
+FIX: Update of leave request when CSRF with token is on
+FIX: Var not enough sanitized
+FIX: wrong test
+FIX: XSS
+FIX: Payment from POS ware not recorded.
+FIX: Can validate invoice with amount including tax of zero for the case of having a final invoice with
+     VAT that includes a deposit without vat. 
+
+***** ChangeLog for 10.0.2 compared to 10.0.1 *****
 FIX: #10460 compatibility with MariaDB 10.4
 FIX: #11401 Adherent unknown language key
 FIX: #11422 Can't edit his own events with standard rights
@@ -21,17 +161,17 @@ FIX: #11752
 FIX: #11789 FIX: #11790
 FIX: #11804 list of tickets from a customer card display ALL tickets
 FIX: #11834
-FIX: Add char $ and ; in sanitizing of filenames.
-FIX: Add comment before protected functions
-FIX: Add log and type of content in dolWebsiteOutput and
-FIX: Add repair.php option 'restore' to restore user picture after v10
+FIX: add char $ and ; in sanitizing of filenames
+FIX: add comment before protected functions
+FIX: add log and type of content in dolWebsiteOutput and
+FIX: add repair.php option 'restore' to restore user picture after v10
 FIX: amount opened on thirdparty card dont care of credit note not converted
-FIX: Api of documents work with value 'thirdparty'
+FIX: API of documents work with value 'thirdparty'
 FIX: author in message / ticket API
-FIX: avoid sql error if fk_project is empty during update
+FIX: avoid SQL error if fk_project is empty during update
 FIX: avoid Warning: A non-numeric value encountered
-FIX: bad consistency in list of invoice for direct debit order.
-FIX: Bad error management in zip compress and web site export
+FIX: bad consistency in list of invoice for direct debit order
+FIX: bad error management in zip compress and web site export
 FIX: bad substitution for extrafields type checkbox
 FIX: better help message with multicompany
 FIX: calculation of $products_dispatched
@@ -40,11 +180,11 @@ FIX: Can't delete a draft leave even if it should
 FIX: Can't save setup of mailman module
 FIX: column jabberid missing
 FIX: Confirmation of deletion
-FIX: Consistency in direct debit order lists.
+FIX: Consistency in direct debit order lists
 FIX: Content send before header warning
 FIX: credit note can be split
 FIX: credit note used on list
-FIX: Css was saved on wrong website.
+FIX: CSS was saved on wrong website
 FIX: delivery extrafields
 FIX: Disabling a website does not put it offline
 FIX: display only stripe sources for customer
@@ -61,13 +201,13 @@ FIX: Fatal situation if payment removed on expense report. Action
 FIX: filepath of generated documents doesn't handle products with special characters
 FIX: for MAIN_MAXTABS_IN_CARD = $i card
 FIX: gzip and bzip2 must use option -f
-FIX: It was possible to create cashfence without entering data.
+FIX: it was possible to create cashfence without entering data
 FIX: javascript error when using dol_use_jmobile=1
 FIX: logout redirect to takepos.php
 FIX: Look and feel v10
 FIX: Make protected all pfd models functions
 FIX: management of extrafields in modulebuilder
-FIX: Missing div for buttons in tax, loan, various payment modules
+FIX: missing div for buttons in tax, loan, various payment modules
 FIX: missing include (dol_convert_file not found)
 FIX: Missing some replacements in website module
 FIX: missing test on permission on button to delete ledger record
@@ -91,13 +231,13 @@ FIX: Return code of pdf_einstein.modules.php and proformat
 FIX: round for application fee in stripe
 FIX: Sens of the balance (Debit - Credit in accountancy not contrary)
 FIX: Several pb in export of documents
-FIX: SQL syntax error and CSRF check on vat reports
+FIX: SQL syntax error and CSRF check on VAT reports
 FIX: takepos layout clear or focus search
-FIX: too many record in sql request. Whena criteria is a filter, we must
+FIX: too many record in sql request. When a criteria is a filter, we must
 FIX: Translation of month
 FIX: USEDOLIBARREDITOR not always set
 FIX: VAT number for Monaco (it uses FR)
-FIX: vulenrability in uploading file found by 美创科技安全实验室
+FIX: vulnerability in uploading file found by 美创科技安全实验室
 FIX: wrong display (and hidden input) for already dispatched quantity
 FIX: wrong parameters (same error in branch 9, 10, develop)
 FIX: Wrong variable. Must be PROJECT_HIDE_UNSELECTABLES

build/generate_filelist_xml.php

@@ -145,7 +145,7 @@ $iterator1 = new RecursiveIteratorIterator($dir_iterator1);
 // Need to ignore document custom etc. Note: this also ignore natively symbolic links.
 $files = new RegexIterator($iterator1, '#^(?:[A-Z]:)?(?:/(?!(?:'.($includecustom?'':'custom\/|').'documents\/|conf\/|install\/))[^/]+)+/[^/]+\.(?:php|css|html|js|json|tpl|jpg|png|gif|sql|lang)$#i');
 */
-$regextoinclude='\.(php|css|html|js|json|tpl|jpg|png|gif|sql|lang)$';
+$regextoinclude='\.(php|php3|php4|php5|phtml|phps|phar|inc|css|scss|html|xml|js|json|tpl|jpg|jpeg|png|gif|ico|sql|lang|txt|yml|md|mp3|mp4|wav|mkv|z|gz|zip|rar|tar|less|svg|eot|woff|woff2|ttf|manifest)$';
 $regextoexclude='('.($includecustom?'':'custom|').'documents|conf|install|public\/test|Shared\/PCLZip|nusoap\/lib\/Mail|php\/example|php\/test|geoip\/sample.*\.php|ckeditor\/samples|ckeditor\/adapters)$';  // Exclude dirs
 $files = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, $regextoinclude, $regextoexclude, 'fullname');
 $dir='';

build/makepack-dolibarr.pl

@@ -461,15 +461,18 @@ if ($nboftargetok) {
 		print "Clean $BUILDROOT\n";
 		$ret=`rm -f  $BUILDROOT/$PROJECT/.buildpath`;
 		$ret=`rm -fr $BUILDROOT/$PROJECT/.cache`;
-		$ret=`rm -fr $BUILDROOT/$PROJECT/.editorconfig`;
+		$ret=`rm -fr $BUILDROOT/$PROJECT/.codeclimate`;
 		$ret=`rm -fr $BUILDROOT/$PROJECT/.externalToolBuilders`;
 		$ret=`rm -fr $BUILDROOT/$PROJECT/.git*`;
 		$ret=`rm -fr $BUILDROOT/$PROJECT/.project`;
+		$ret=`rm -fr $BUILDROOT/$PROJECT/.pydevproject`;
 		$ret=`rm -fr $BUILDROOT/$PROJECT/.settings`;
 		$ret=`rm -fr $BUILDROOT/$PROJECT/.scrutinizer.yml`;
+		$ret=`rm -fr $BUILDROOT/$PROJECT/.stickler.yml`;
 		$ret=`rm -fr $BUILDROOT/$PROJECT/.travis.yml`;
 		$ret=`rm -fr $BUILDROOT/$PROJECT/.tx`;
 		$ret=`rm -f  $BUILDROOT/$PROJECT/build.xml`;
+		$ret=`rm -f  $BUILDROOT/$PROJECT/phpstan.neon`;
 		$ret=`rm -f  $BUILDROOT/$PROJECT/pom.xml`;
 		
 		$ret=`rm -fr $BUILDROOT/$PROJECT/build/html`;

dev/initdemo/initdemo.sh

@@ -50,7 +50,7 @@ fi
 # ----------------------------- if no params on command line
 if [ "x$passwd" = "x" ]
 then
-	export dumpfile=`ls $mydir/mysqldump_dolibarr_*.sql | sort | tail -n 1`
+	export dumpfile=`ls -v $mydir/mysqldump_dolibarr_*.sql | tail -n 1`
 	export dumpfile=`basename $dumpfile`
 
 	# ----------------------------- input file

dev/initdemo/savedemo.sh

@@ -38,7 +38,7 @@ passwd=$5;
 # ----------------------------- if no params on command line
 if [ "x$passwd" = "x" ]
 then
-	export dumpfile=`ls $mydir/mysqldump_dolibarr_*.sql | sort | tail -n 1`
+	export dumpfile=`ls -v $mydir/mysqldump_dolibarr_*.sql | tail -n 1`
 	export dumpfile=`basename $dumpfile`
 
 	# ----------------------------- input file

htdocs/accountancy/admin/productaccount.php

@@ -238,7 +238,7 @@ elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL_INTRA')
 }
 else
 {
-    $sql.=" p.accountancy_code_sell_intra = aa.account_number AND aa.fk_pcg_version = '" . $pcgvercode . "'";
+    $sql.=" p.accountancy_code_sell_export = aa.account_number AND aa.fk_pcg_version = '" . $pcgvercode . "'";
 }
 $sql.= ' WHERE p.entity IN ('.getEntity('product').')';
 if ($accounting_product_mode == 'ACCOUNTANCY_BUY') {

htdocs/accountancy/bookkeeping/list.php

@@ -855,7 +855,7 @@ print "</table>";
 print '</div>';
 
 // TODO Replace this with mass delete action
-if ($user->rights->mouvements->creer)
+if ($user->rights->accounting->mouvements->creer)
 {
 	print '<div class="tabsAction tabsActionNoBottom">' . "\n";
 	print '<a class="butActionDelete" name="button_delmvt" href="'.$_SERVER["PHP_SELF"].'?action=delbookkeepingyear'.($param?'&'.$param:'').'">' . $langs->trans("DeleteMvt") . '</a>';

htdocs/accountancy/class/accountancyexport.class.php

@@ -32,6 +32,7 @@
  */
 
 require_once DOL_DOCUMENT_ROOT . '/core/lib/functions.lib.php';
+require_once DOL_DOCUMENT_ROOT . '/core/lib/functions2.lib.php';
 
 /**
  * Manage the different format accountancy export
@@ -687,9 +688,9 @@ class AccountancyExport
 		print $end_line;
 
 		foreach ($objectLines as $line) {
-			$date_creation = dol_print_date($line->date_creation, '%d%m%Y');
-			$date_doc = dol_print_date($line->doc_date, '%d%m%Y');
-			$date_valid = dol_print_date($line->date_validated, '%d%m%Y');
+			$date_creation = dol_print_date($line->date_creation, '%Y%m%d');
+			$date_doc = dol_print_date($line->doc_date, '%Y%m%d');
+			$date_valid = dol_print_date($line->date_validated, '%Y%m%d');
 
 			// FEC:JournalCode
 			print $line->code_journal . $separator;
@@ -725,10 +726,10 @@ class AccountancyExport
 			print $line->label_operation . $separator;
 
 			// FEC:Debit
-			print price2num($line->debit) . $separator;
+			print price2fec($line->debit) . $separator;
 
 			// FEC:Credit
-			print price2num($line->credit) . $separator;
+			print price2fec($line->credit) . $separator;
 
 			// FEC:EcritureLet
 			print $line->lettering_code . $separator;

htdocs/accountancy/class/accountingaccount.class.php

@@ -154,7 +154,7 @@ class AccountingAccount extends CommonObject
 	 * @param 	int 	       $rowid 				    Id
 	 * @param 	string 	       $account_number 	        Account number
 	 * @param 	int|boolean    $limittocurrentchart     1 or true=Load record only if it is into current active char of account
-	 * @param   string         $limittoachartaccount    'ABC'=Load record only if it is into chart account with code 'ABC'.
+	 * @param   string         $limittoachartaccount    'ABC'=Load record only if it is into chart account with code 'ABC' (better and faster than previous parameter if you have chart of account code).
 	 * @return 	int                                     <0 if KO, 0 if not found, Id of record if OK and found
 	 */
     public function fetch($rowid = null, $account_number = null, $limittocurrentchart = 0, $limittoachartaccount = '')
@@ -171,6 +171,7 @@ class AccountingAccount extends CommonObject
 				$sql .= " a.rowid = " . (int) $rowid;
 			} elseif ($account_number) {
 				$sql .= " a.account_number = '" . $this->db->escape($account_number) . "'";
+				$sql .= " AND a.entity = ".$conf->entity;
 			}
 			if (! empty($limittocurrentchart)) {
 				$sql .= ' AND a.fk_pcg_version IN (SELECT pcg_version FROM ' . MAIN_DB_PREFIX . 'accounting_system WHERE rowid=' . $this->db->escape($conf->global->CHARTOFACCOUNTS) . ')';

htdocs/accountancy/customer/index.php

@@ -29,6 +29,7 @@
 require '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT . '/core/lib/date.lib.php';
 require_once DOL_DOCUMENT_ROOT . '/core/lib/accounting.lib.php';
+require_once DOL_DOCUMENT_ROOT . '/core/lib/company.lib.php';
 require_once DOL_DOCUMENT_ROOT . '/compta/facture/class/facture.class.php';
 
 // Load translation files required by the page
@@ -65,6 +66,8 @@ $year_current = $year_start;
 // Validate History
 $action = GETPOST('action', 'aZ09');
 
+$chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version');
+
 
 /*
  * Actions
@@ -102,7 +105,7 @@ if ($action == 'validatehistory') {
 	$db->begin();
 
 	// Now make the binding. Bind automatically only for product with a dedicated account that exists into chart of account, others need a manual bind
-	if ($db->type == 'pgsql') {
+	/*if ($db->type == 'pgsql') {
 		$sql1 = "UPDATE " . MAIN_DB_PREFIX . "facturedet";
 		$sql1 .= " SET fk_code_ventilation = accnt.rowid";
 		$sql1 .= " FROM " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst";
@@ -115,16 +118,85 @@ if ($action == 'validatehistory') {
 		$sql1 .= " WHERE fd.fk_product = p.rowid  AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . $conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
 		$sql1 .= " AND accnt.active = 1 AND p.accountancy_code_sell=accnt.account_number";
 		$sql1 .= " AND fd.fk_code_ventilation = 0";
-	}
+	}*/
+
+	// Customer Invoice lines (must be same request than into page list.php for manual binding)
+	$sql = "SELECT f.rowid as facid, f.ref as ref, f.datef, f.type as ftype,";
+	$sql.= " l.rowid, l.fk_product, l.description, l.total_ht, l.fk_code_ventilation, l.product_type as type_l, l.tva_tx as tva_tx_line, l.vat_src_code,";
+	$sql.= " p.rowid as product_id, p.ref as product_ref, p.label as product_label, p.fk_product_type as type, p.accountancy_code_sell as code_sell, p.tva_tx as tva_tx_prod,";
+	$sql.= " p.accountancy_code_sell_intra as code_sell_intra, p.accountancy_code_sell_export as code_sell_export,";
+	$sql.= " aa.rowid as aarowid, aa2.rowid as aarowid_intra, aa3.rowid as aarowid_export,";
+	$sql.= " co.code as country_code, co.label as country_label,";
+	$sql.= " s.tva_intra";
+	$sql.= " FROM " . MAIN_DB_PREFIX . "facture as f";
+	$sql.= " INNER JOIN " . MAIN_DB_PREFIX . "societe as s ON s.rowid = f.fk_soc";
+	$sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "c_country as co ON co.rowid = s.fk_pays ";
+	$sql.= " INNER JOIN " . MAIN_DB_PREFIX . "facturedet as l ON f.rowid = l.fk_facture";
+	$sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "product as p ON p.rowid = l.fk_product";
+	$sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa  ON p.accountancy_code_sell = aa.account_number         AND aa.active = 1  AND aa.fk_pcg_version = '" . $chartaccountcode."' AND aa.entity = " . $conf->entity;
+	$sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa2 ON p.accountancy_code_sell_intra = aa2.account_number  AND aa2.active = 1 AND aa2.fk_pcg_version = '" . $chartaccountcode."' AND aa2.entity = " . $conf->entity;
+	$sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa3 ON p.accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '" . $chartaccountcode."' AND aa3.entity = " . $conf->entity;
+	$sql.= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
+	$sql.= " AND l.product_type <= 2";
 
 	dol_syslog('htdocs/accountancy/customer/index.php');
-
-	$resql1 = $db->query($sql1);
-	if (! $resql1) {
-		$error ++;
-		$db->rollback();
+	$result = $db->query($sql);
+	if (! $result) {
+		$error++;
 		setEventMessages($db->lasterror(), null, 'errors');
 	} else {
+		$num_lines = $db->num_rows($result);
+
+		$isSellerInEEC = isInEEC($mysoc);
+
+		$i = 0;
+		while ($i < min($num_lines, 10000)) {	// No more than 10000 at once
+			$objp = $db->fetch_object($result);
+
+			$isBuyerInEEC = isInEEC($objp);
+
+			// Search suggested account for product/service
+			$suggestedaccountingaccountfor = '';
+			if (($objp->country_code == $mysoc->country_code) || empty($objp->country_code)) {  // If buyer in same country than seller (if not defined, we assume it is same country)
+				$objp->code_sell_p = $objp->code_sell;
+				$objp->aarowid_suggest = $objp->aarowid;
+				$suggestedaccountingaccountfor = '';
+			} else {
+				if ($isSellerInEEC && $isBuyerInEEC) {          // European intravat sale
+					$objp->code_sell_p = $objp->code_sell_intra;
+					$objp->aarowid_suggest = $objp->aarowid_intra;
+					$suggestedaccountingaccountfor = 'eec';
+				} else {                                        // Foreign sale
+					$objp->code_sell_p = $objp->code_sell_export;
+					$objp->aarowid_suggest = $objp->aarowid_export;
+					$suggestedaccountingaccountfor = 'export';
+				}
+			}
+
+			if ($objp->aarowid_suggest > 0)
+			{
+				$sqlupdate = "UPDATE " . MAIN_DB_PREFIX . "facturedet";
+				$sqlupdate.= " SET fk_code_ventilation = ".$objp->aarowid_suggest;
+				$sqlupdate.= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid;
+
+				$resqlupdate = $db->query($sqlupdate);
+				if (! $resqlupdate)
+				{
+					$error++;
+					setEventMessages($db->lasterror(), null, 'errors');
+					break;
+				}
+			}
+
+			$i++;
+		}
+	}
+
+	if ($error)
+	{
+		$db->rollback();
+	}
+	else {
 		$db->commit();
 		setEventMessages($langs->trans('AutomaticBindingDone'), null, 'mesgs');
 	}

htdocs/accountancy/customer/lines.php

@@ -370,6 +370,7 @@ if ($result) {
 		// Ref Invoice
 		print '<td class="nowraponall">' . $facture_static->getNomUrl(1) . '</td>';
 
+		// Date invoice
 		print '<td class="center">' . dol_print_date($db->jdate($objp->datef), 'day') . '</td>';
 
 		// Ref Product
@@ -389,7 +390,13 @@ if ($result) {
 
 		print '<td class="right">' . vatrate($objp->tva_tx.($objp->vat_src_code?' ('.$objp->vat_src_code.')':'')) . '</td>';
 
-		print '<td>' . $langs->trans("Country".$objp->country_code) .' ('.$objp->country_code.')</td>';
+		// Country
+		print '<td>';
+		if ($objp->country_code)
+		{
+			print $langs->trans("Country".$objp->country_code) .' ('.$objp->country_code.')';
+		}
+		print '</td>';
 
 		print '<td>' . $objp->tva_intra . '</td>';
 

htdocs/accountancy/customer/list.php

@@ -221,9 +221,9 @@ $sql.= " INNER JOIN " . MAIN_DB_PREFIX . "societe as s ON s.rowid = f.fk_soc";
 $sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "c_country as co ON co.rowid = s.fk_pays ";
 $sql.= " INNER JOIN " . MAIN_DB_PREFIX . "facturedet as l ON f.rowid = l.fk_facture";
 $sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "product as p ON p.rowid = l.fk_product";
-$sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa ON p.accountancy_code_sell = aa.account_number AND aa.fk_pcg_version = '" . $chartaccountcode."' AND aa.entity = " . $conf->entity;
-$sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa2 ON p.accountancy_code_sell_intra = aa2.account_number AND aa2.fk_pcg_version = '" . $chartaccountcode."' AND aa2.entity = " . $conf->entity;
-$sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa3 ON p.accountancy_code_sell_export = aa3.account_number AND aa3.fk_pcg_version = '" . $chartaccountcode."' AND aa3.entity = " . $conf->entity;
+$sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa  ON p.accountancy_code_sell = aa.account_number         AND aa.active = 1  AND aa.fk_pcg_version = '" . $chartaccountcode."' AND aa.entity = " . $conf->entity;
+$sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa2 ON p.accountancy_code_sell_intra = aa2.account_number  AND aa2.active = 1 AND aa2.fk_pcg_version = '" . $chartaccountcode."' AND aa2.entity = " . $conf->entity;
+$sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa3 ON p.accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '" . $chartaccountcode."' AND aa3.entity = " . $conf->entity;
 $sql.= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
 $sql.= " AND l.product_type <= 2";
 // Add search filter like
@@ -249,7 +249,7 @@ if (strlen(trim($search_account))) {
     $sql .= natural_search("aa.account_number", $search_account);
 }
 if (strlen(trim($search_vat))) {
-    $sql .= natural_search("l.tva_tx", $search_vat, 1);
+    $sql .= natural_search("l.tva_tx", price2num($search_vat), 1);
 }
 if ($search_month > 0)
 {
@@ -311,6 +311,11 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
 $sql .= $db->plimit($limit + 1, $offset);
 
 dol_syslog("accountancy/customer/list.php", LOG_DEBUG);
+// MAX_JOIN_SIZE can be very low (ex: 300000) on some limited configurations (ex: https://www.online.net/fr/hosting/online-perso)
+// This big SELECT command may exceed the MAX_JOIN_SIZE limit => Therefore we use SQL_BIG_SELECTS=1 to disable the MAX_JOIN_SIZE security
+if ($db->type == 'mysqli') {
+	$db->query("SET SQL_BIG_SELECTS=1");
+}
 $result = $db->query($sql);
 if ($result) {
 	$num_lines = $db->num_rows($result);
@@ -418,14 +423,15 @@ if ($result) {
 	$facture_static = new Facture($db);
 	$product_static = new Product($db);
 
-    $isSellerInEEC = isInEEC($mysoc);
+	$isSellerInEEC = isInEEC($mysoc);
 
-	while ( $i < min($num_lines, $limit) ) {
+    $accountingaccount_codetotid_cache = array();
+
+	while ($i < min($num_lines, $limit)) {
 		$objp = $db->fetch_object($result);
 
 		$objp->code_sell_l = '';
 		$objp->code_sell_p = '';
-		$objp->aarowid_suggest = '';
 
 		$product_static->ref = $objp->product_ref;
 		$product_static->id = $objp->product_id;
@@ -437,7 +443,7 @@ if ($result) {
 		$facture_static->type = $objp->ftype;
 
 		$code_sell_p_notset = '';
-		$objp->aarowid_suggest = $objp->aarowid;
+		$objp->aarowid_suggest = '';	// Will be set later
 
         $isBuyerInEEC = isInEEC($objp);
 
@@ -471,8 +477,9 @@ if ($result) {
 		}
 		if ($objp->code_sell_l == -1) $objp->code_sell_l='';
 
+		// Search suggested account for product/service
 		$suggestedaccountingaccountfor = '';
-		if ($objp->country_code == $mysoc->country_code || empty($objp->country_code)) {  // If buyer in same country than seller (if not defined, we assume it is same country)
+		if (($objp->country_code == $mysoc->country_code) || empty($objp->country_code)) {  // If buyer in same country than seller (if not defined, we assume it is same country)
             $objp->code_sell_p = $objp->code_sell;
             $objp->aarowid_suggest = $objp->aarowid;
             $suggestedaccountingaccountfor = '';
@@ -488,8 +495,8 @@ if ($result) {
             }
         }
 
-		if (! empty($objp->code_sell)) {
-			//$objp->code_sell_p = $objp->code_sell;       // Code on product
+		if (! empty($objp->code_sell_p)) {
+			// Value was defined previously
 		} else {
 			$code_sell_p_notset = 'color:orange';
 		}
@@ -532,6 +539,7 @@ if ($result) {
 		print vatrate($objp->tva_tx_line.($objp->vat_src_code?' ('.$objp->vat_src_code.')':''));
 		print '</td>';
 
+		// Country
         print '<td>';
         $labelcountry=($objp->country_code && ($langs->trans("Country".$objp->country_code)!="Country".$objp->country_code))?$langs->trans("Country".$objp->country_code):$objp->country_label;
         print $labelcountry;
@@ -560,13 +568,35 @@ if ($result) {
 		print '</td>';
 
 		// Suggested accounting account
+		// $objp->code_sell_l = default (it takes the country into consideration), $objp->code_sell_p is value for product (it takes the country into consideration too)
 		print '<td>';
-		print $formaccounting->select_account($objp->aarowid_suggest, 'codeventil'.$objp->rowid, 1, array(), 0, 0, 'codeventil maxwidth200 maxwidthonsmartphone', 'cachewithshowemptyone');
+		$suggestedid = $objp->aarowid_suggest;
+		/*var_dump($suggestedid);
+		var_dump($objp->code_sell_p);
+		var_dump($objp->code_sell_l);*/
+		if (empty($suggestedid) && empty($objp->code_sell_p) && ! empty($objp->code_sell_l) && ! empty($conf->global->ACCOUNTANCY_AUTOFILL_ACCOUNT_WITH_GENERIC))
+		{
+			if (empty($accountingaccount_codetotid_cache[$objp->code_sell_l]))
+			{
+				$tmpaccount = new AccountingAccount($db);
+				$tmpaccount->fetch(0, $objp->code_sell_l, 1);
+				if ($tmpaccount->id > 0) {
+					$suggestedid = $tmpaccount->id;
+				}
+				$accountingaccount_codetotid_cache[$objp->code_sell_l] = $tmpaccount->id;
+			}
+			else {
+				$suggestedid = $accountingaccount_codetotid_cache[$objp->code_sell_l];
+			}
+		}
+		print $formaccounting->select_account($suggestedid, 'codeventil'.$objp->rowid, 1, array(), 0, 0, 'codeventil maxwidth200 maxwidthonsmartphone', 'cachewithshowemptyone');
 		print '</td>';
 
 		// Column with checkbox
 		print '<td class="center">';
-		print '<input type="checkbox" class="flat checkforselect checkforselect'.$objp->rowid.'" name="toselect[]" value="' . $objp->rowid . "_" . $i . '"' . ($objp->aarowid ? "checked" : "") . '/>';
+		//var_dump($objp->aarowid);var_dump($objp->aarowid_intra);var_dump($objp->aarowid_export);var_dump($objp->aarowid_suggest);
+		$ischecked = $objp->aarowid_suggest;
+		print '<input type="checkbox" class="flat checkforselect checkforselect'.$objp->rowid.'" name="toselect[]" value="' . $objp->rowid . "_" . $i . '"' . ($ischecked ? "checked" : "") . '/>';
 		print '</td>';
 
 		print '</tr>';
@@ -579,6 +609,9 @@ if ($result) {
 } else {
 	print $db->error();
 }
+if ($db->type == 'mysqli') {
+	$db->query("SET SQL_BIG_SELECTS=0");  // Enable MAX_JOIN_SIZE limitation
+}
 
 // Add code to auto check the box when we select an account
 print '<script type="text/javascript" language="javascript">

htdocs/accountancy/index.php

@@ -1,6 +1,7 @@
 <?php
 /* Copyright (C) 2016       Laurent Destailleur      <eldy@users.sourceforge.net>
  * Copyright (C) 2016-2019  Alexandre Spangaro       <aspangaro@open-dsi.fr>
+ * Copyright (C) 2019       Frédéric France             <frederic.france@netlogic.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -50,6 +51,7 @@ $hookmanager->initHooks(array('accountancyindex'));
 llxHeader('', $langs->trans("AccountancyArea"));
 
 print load_fiche_titre($langs->trans("AccountancyArea"), '', 'title_accountancy');
+//dol_fiche_head();
 
 $step = 0;
 
@@ -175,6 +177,7 @@ else
 {
 	print $langs->trans("Module10Desc")."<br>\n";
 }
+//dol_fiche_end();
 
 // End of page
 llxFooter();

htdocs/accountancy/journal/bankjournal.php

@@ -4,12 +4,12 @@
  * Copyright (C) 2011       Juanjo Menent           <jmenent@2byte.es>
  * Copyright (C) 2012       Regis Houssin           <regis.houssin@inodbox.com>
  * Copyright (C) 2013       Christophe Battarel     <christophe.battarel@altairis.fr>
- * Copyright (C) 2013-2018  Alexandre Spangaro      <aspangaro@open-dsi.fr>
+ * Copyright (C) 2013-2019  Alexandre Spangaro      <aspangaro@open-dsi.fr>
  * Copyright (C) 2013-2014  Florian Henry           <florian.henry@open-concept.pro>
  * Copyright (C) 2013-2014  Olivier Geffroy         <jeff@jeffinfo.com>
  * Copyright (C) 2017-2018  Frédéric France         <frederic.france@netlogic.fr>
- * Copyright (C) 2018		Ferran Marcet	    <fmarcet@2byte.es>
- * Copyright (C) 2018		Eric Seigne	    <eric.seigne@cap-rel.fr>
+ * Copyright (C) 2018		Ferran Marcet           <fmarcet@2byte.es>
+ * Copyright (C) 2018		Eric Seigne             <eric.seigne@cap-rel.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -387,7 +387,9 @@ if ($result) {
 					$tabpay[$obj->rowid]["paymentvariousid"] = $paymentvariousstatic->id;
 					$paymentvariousstatic->fetch($paymentvariousstatic->id);
 					$account_various = (! empty($paymentvariousstatic->accountancy_code) ? $paymentvariousstatic->accountancy_code : 'NotDefined');	// NotDefined is a reserved word
-					$tabtp[$obj->rowid][$account_various] += $obj->amount;
+                    $account_subledger = (! empty($paymentvariousstatic->subledger_account) ? $paymentvariousstatic->subledger_account : '');	// NotDefined is a reserved word
+                    $tabpay[$obj->rowid]["account_various"] = $account_various;
+                    $tabtp[$obj->rowid][$account_subledger] += $obj->amount;
 				} elseif ($links[$key]['type'] == 'payment_loan') {
 					$paymentloanstatic->id = $links[$key]['url_id'];
 					$paymentloanstatic->ref = $links[$key]['url_id'];
@@ -630,7 +632,9 @@ if (! $error && $action == 'writebookkeeping') {
 							$bookkeeping->subledger_account = '';
 							$bookkeeping->subledger_label = '';
 							$bookkeeping->numero_compte = $k;
-							$bookkeeping->label_compte = $objmid->labelc;
+
+							$accountingaccount->fetch(null, $k, true);
+							$bookkeeping->label_compte = $accountingaccount->label;
 						} elseif ($tabtype[$key] == 'payment_vat') {
 							$bookkeeping->subledger_account = '';
 							$bookkeeping->subledger_label = '';
@@ -660,11 +664,11 @@ if (! $error && $action == 'writebookkeeping') {
 							$accountingaccount->fetch(null, $k, true);
 							$bookkeeping->label_compte = $accountingaccount->label;
 						} elseif ($tabtype[$key] == 'payment_various') {
-							$bookkeeping->subledger_account = '';
-							$bookkeeping->subledger_label = '';
-							$bookkeeping->numero_compte = $k;
+							$bookkeeping->subledger_account = $k;
+                            $bookkeeping->subledger_label = $tabcompany[$key]['name'];
+							$bookkeeping->numero_compte = $tabpay[$obj->rowid]["account_various"];
 
-							$accountingaccount->fetch(null, $k, true);
+							$accountingaccount->fetch(null, $bookkeeping->numero_compte, true);
 							$bookkeeping->label_compte = $accountingaccount->label;
 						} elseif ($tabtype[$key] == 'banktransfert') {
 							$bookkeeping->subledger_account = '';
@@ -967,8 +971,8 @@ if (empty($action) || $action == 'view') {
 	journalHead($nom, '', $period, $periodlink, $description, $builddate, $exportlink, array('action' => ''), '', $varlink);
 
 
-	// Test that setup is complete
-	$sql = 'SELECT COUNT(rowid) as nb FROM '.MAIN_DB_PREFIX.'bank_account WHERE fk_accountancy_journal IS NULL AND clos=0';
+	// Test that setup is complete (we are in accounting, so test on entity is always on $conf->entity only, no sharing allowed)
+	$sql = 'SELECT COUNT(rowid) as nb FROM '.MAIN_DB_PREFIX.'bank_account WHERE entity = '.$conf->entity.' AND fk_accountancy_journal IS NULL AND clos=0';
 	$resql = $db->query($sql);
 	if ($resql)
 	{
@@ -1123,6 +1127,7 @@ if (empty($action) || $action == 'view') {
 					if ($tabtype[$key] == 'payment_salary')			$account_ledger = $conf->global->SALARIES_ACCOUNTING_ACCOUNT_PAYMENT;
 					if ($tabtype[$key] == 'payment_vat')			$account_ledger = $conf->global->ACCOUNTING_VAT_PAY_ACCOUNT;
 					if ($tabtype[$key] == 'member')					$account_ledger = $conf->global->ADHERENT_SUBSCRIPTION_ACCOUNTINGACCOUNT;
+					if ($tabtype[$key] == 'payment_various')	    $account_ledger = $tabpay[$key]["account_various"];
 					$accounttoshow = length_accounta($account_ledger);
 					if (empty($accounttoshow) || $accounttoshow == 'NotDefined')
 					{
@@ -1156,7 +1161,7 @@ if (empty($action) || $action == 'view') {
 					// Subledger account
 					print "<td>";
 
-					if (in_array($tabtype[$key], array('payment', 'payment_supplier', 'payment_expensereport', 'payment_salary')))	// Type of payment with subledger
+					if (in_array($tabtype[$key], array('payment', 'payment_supplier', 'payment_expensereport', 'payment_salary', 'payment_various')))	// Type of payment with subledger
 					{
 						$accounttoshowsubledger = length_accounta($k);
 						if ($accounttoshow != $accounttoshowsubledger)

htdocs/accountancy/supplier/index.php

@@ -27,6 +27,7 @@
 require '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT . '/core/lib/date.lib.php';
 require_once DOL_DOCUMENT_ROOT . '/core/lib/accounting.lib.php';
+require_once DOL_DOCUMENT_ROOT . '/core/lib/company.lib.php';
 require_once DOL_DOCUMENT_ROOT . '/fourn/class/fournisseur.facture.class.php';
 
 // Load translation files required by the page
@@ -63,6 +64,7 @@ $year_current = $year_start;
 // Validate History
 $action = GETPOST('action', 'aZ09');
 
+$chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version');
 
 
 /*
@@ -100,7 +102,7 @@ if ($action == 'validatehistory') {
 	$db->begin();
 
 	// Now make the binding. Bind automatically only for product with a dedicated account that exists into chart of account, others need a manual bind
-	if ($db->type == 'pgsql') {
+	/*if ($db->type == 'pgsql') {
 		$sql1 = "UPDATE " . MAIN_DB_PREFIX . "facture_fourn_det";
 		$sql1 .= " SET fk_code_ventilation = accnt.rowid";
 		$sql1 .= " FROM " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst";
@@ -113,16 +115,87 @@ if ($action == 'validatehistory') {
 		$sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . $conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
 		$sql1 .= " AND accnt.active = 1 AND p.accountancy_code_buy=accnt.account_number";
 		$sql1 .= " AND fd.fk_code_ventilation = 0";
-	}
+	}*/
+
+	// Supplier Invoice Lines (must be same request than into page list.php for manual binding)
+	$sql = "SELECT f.rowid as facid, f.ref, f.ref_supplier, f.libelle as invoice_label, f.datef, f.type as ftype,";
+	$sql.= " l.rowid, l.fk_product, l.description, l.total_ht, l.fk_code_ventilation, l.product_type as type_l, l.tva_tx as tva_tx_line, l.vat_src_code,";
+	$sql.= " p.rowid as product_id, p.ref as product_ref, p.label as product_label, p.fk_product_type as type, p.accountancy_code_buy as code_buy, p.tva_tx as tva_tx_prod,";
+	$sql.= " aa.rowid as aarowid,";
+	$sql.= " co.code as country_code, co.label as country_label,";
+	$sql.= " s.tva_intra";
+	$sql.= " FROM " . MAIN_DB_PREFIX . "facture_fourn as f";
+	$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe as s ON s.rowid = f.fk_soc";
+	$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "c_country as co ON co.rowid = s.fk_pays ";
+	$sql.= " INNER JOIN " . MAIN_DB_PREFIX . "facture_fourn_det as l ON f.rowid = l.fk_facture_fourn";
+	$sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "product as p ON p.rowid = l.fk_product";
+	$sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa ON p.accountancy_code_buy = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '" . $chartaccountcode."' AND aa.entity = " . $conf->entity;
+	$sql.= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
+	$sql.= " AND l.product_type <= 2";
 
 	dol_syslog('htdocs/accountancy/supplier/index.php');
 
-	$resql1 = $db->query($sql1);
-	if (! $resql1) {
-		$error ++;
-		$db->rollback();
+	$result = $db->query($sql);
+	if (! $result) {
+		$error++;
 		setEventMessages($db->lasterror(), null, 'errors');
 	} else {
+		$num_lines = $db->num_rows($result);
+
+		$isBuyerInEEC = isInEEC($mysoc);
+
+		$i = 0;
+		while ($i < min($num_lines, 10000)) {	// No more than 10000 at once
+			$objp = $db->fetch_object($result);
+
+			$isSellerInEEC = isInEEC($objp);
+
+			// Search suggested account for product/service
+			$suggestedaccountingaccountfor = '';
+			if (($objp->country_code == $mysoc->country_code) || empty($objp->country_code)) {  // If buyer in same country than seller (if not defined, we assume it is same country)
+				$objp->code_buy_p = $objp->code_buy;
+				$objp->aarowid_suggest = $objp->aarowid;
+				$suggestedaccountingaccountfor = '';
+			} else {
+				if ($isSellerInEEC && $isBuyerInEEC) {          // European intravat sale
+					//$objp->code_buy_p = $objp->code_buy_intra;
+					$objp->code_buy_p = $objp->code_buy;
+					//$objp->aarowid_suggest = $objp->aarowid_intra;
+					$objp->aarowid_suggest = $objp->aarowid;
+					$suggestedaccountingaccountfor = 'eec';
+				} else {                                        // Foreign sale
+					//$objp->code_buy_p = $objp->code_buy_export;
+					$objp->code_buy_p = $objp->code_buy;
+					//$objp->aarowid_suggest = $objp->aarowid_export;
+					$objp->aarowid_suggest = $objp->aarowid;
+					$suggestedaccountingaccountfor = 'export';
+				}
+			}
+
+			if ($objp->aarowid_suggest > 0)
+			{
+				$sqlupdate = "UPDATE " . MAIN_DB_PREFIX . "facture_fourn_det";
+				$sqlupdate.= " SET fk_code_ventilation = ".$objp->aarowid_suggest;
+				$sqlupdate.= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid;
+
+				$resqlupdate = $db->query($sqlupdate);
+				if (! $resqlupdate)
+				{
+					$error++;
+					setEventMessages($db->lasterror(), null, 'errors');
+					break;
+				}
+			}
+
+			$i++;
+		}
+	}
+
+	if ($error)
+	{
+		$db->rollback();
+	}
+	else {
 		$db->commit();
 		setEventMessages($langs->trans('AutomaticBindingDone'), null, 'mesgs');
 	}

htdocs/accountancy/supplier/lines.php

@@ -380,6 +380,7 @@ if ($result) {
 		print $objp->invoice_label;
 		print '</td>';
 
+		// Date invoice
 		print '<td class="center">' . dol_print_date($db->jdate($objp->datef), 'day') . '</td>';
 
 		// Ref product
@@ -400,7 +401,12 @@ if ($result) {
 
 		print '<td class="right">' . vatrate($objp->tva_tx.($objp->vat_src_code?' ('.$objp->vat_src_code.')':'')) . '</td>';
 
-		print '<td>' . $langs->trans("Country".$objp->country_code) .' ('.$objp->country_code.')</td>';
+		print '<td>';
+		if ($objp->country_code)
+		{
+			print $langs->trans("Country".$objp->country_code) .' ('.$objp->country_code.')';
+		}
+		print '</td>';
 
 		print '<td>' . $objp->tva_intra . '</td>';
 

htdocs/accountancy/supplier/list.php

@@ -224,7 +224,7 @@ $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe as s ON s.rowid = f.fk_soc";
 $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "c_country as co ON co.rowid = s.fk_pays ";
 $sql.= " INNER JOIN " . MAIN_DB_PREFIX . "facture_fourn_det as l ON f.rowid = l.fk_facture_fourn";
 $sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "product as p ON p.rowid = l.fk_product";
-$sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa ON p.accountancy_code_buy = aa.account_number AND aa.fk_pcg_version = '" . $chartaccountcode."' AND aa.entity = " . $conf->entity;
+$sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa ON p.accountancy_code_buy = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '" . $chartaccountcode."' AND aa.entity = " . $conf->entity;
 $sql.= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
 $sql.= " AND l.product_type <= 2";
 // Add search filter like
@@ -321,8 +321,8 @@ if ($result) {
 	$arrayofselected=is_array($toselect)?$toselect:array();
 
 	$param='';
-	if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.$contextpage;
-	if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.$limit;
+	if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.urlencode($contextpage);
+	if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.urlencode($limit);
 	if ($search_lineid)      $param.='&search_lineid='.urlencode($search_lineid);
 	if ($search_day)         $param.='&search_day='.urlencode($search_day);
 	if ($search_month)       $param.='&search_month='.urlencode($search_month);
@@ -477,7 +477,7 @@ if ($result) {
 
 		print '<td class="center">' . dol_print_date($db->jdate($objp->datef), 'day') . '</td>';
 
-		// Ref product
+		// Ref Product
 		print '<td>';
 		if ($product_static->id > 0)
 			print $product_static->getNomUrl(1);
@@ -485,7 +485,7 @@ if ($result) {
 		print '</td>';
 
 		// Description
-		print '<td>';
+		print '<td class="tdoverflowonsmartphone">';
 		$text = dolGetFirstLineOfText(dol_string_nohtmltag($objp->description));
 		$trunclength = empty($conf->global->ACCOUNTING_LENGTH_DESCRIPTION) ? 32 : $conf->global->ACCOUNTING_LENGTH_DESCRIPTION;
 		print $form->textwithtooltip(dol_trunc($text, $trunclength), $objp->description);
@@ -533,12 +533,14 @@ if ($result) {
 
 		// Suggested accounting account
 		print '<td>';
-		print $formaccounting->select_account($objp->aarowid_suggest, 'codeventil'.$objp->rowid, 1, array(), 0, 0, 'codeventil maxwidth200 maxwidthonsmartphone', 'cachewithshowemptyone');
+		$suggestedid = $objp->aarowid_suggest;
+		print $formaccounting->select_account($suggestedid, 'codeventil'.$objp->rowid, 1, array(), 0, 0, 'codeventil maxwidth200 maxwidthonsmartphone', 'cachewithshowemptyone');
 		print '</td>';
 
 		// Column with checkbox
 		print '<td class="center">';
-		print '<input type="checkbox" class="flat checkforselect checkforselect'.$objp->rowid.'" name="toselect[]" value="' . $objp->rowid . "_" . $i . '"' . ($objp->aarowid ? "checked" : "") . '/>';
+		$ischecked = $objp->aarowid_suggest;
+		print '<input type="checkbox" class="flat checkforselect checkforselect'.$objp->rowid.'" name="toselect[]" value="' . $objp->rowid . "_" . $i . '"' . ($ischecked ? "checked" : "") . '/>';
 		print '</td>';
 
 		print '</tr>';

htdocs/accountancy/tpl/export_journal.tpl.php

@@ -35,7 +35,7 @@ $endaccountingperiod = dol_print_date(dol_now(), '%Y%m%d');
 header('Content-Type: text/csv');
 
 
-if ($conf->global->ACCOUNTING_EXPORT_MODELCSV == "11" && $type_export == "general_ledger") // Specific filename for FEC model export into the general ledger
+if ($conf->global->ACCOUNTING_EXPORT_MODELCSV == "1000" && $type_export == "general_ledger") // Specific filename for FEC model export into the general ledger
 {
 	// FEC format is defined here: https://www.legifrance.gouv.fr/affichCodeArticle.do?idArticle=LEGIARTI000027804775&cidTexte=LEGITEXT000006069583&dateTexte=20130802&oldAction=rechCodeArticle
 	if (empty($search_date_end))
@@ -55,7 +55,7 @@ if ($conf->global->ACCOUNTING_EXPORT_MODELCSV == "11" && $type_export == "genera
 
 	$endaccountingperiod = dol_print_date(dol_get_last_day($tmparray['year'], $tmparray['mon']), 'dayxcard');
 
-	$completefilename = $siren . "FEC" . $endaccountingperiod . "." . $format;
+	$completefilename = $siren . "FEC" . $endaccountingperiod . ".txt";
 }
 else
 {

htdocs/adherents/admin/adherent.php

@@ -212,7 +212,7 @@ if ($conf->facture->enabled)
 	{
 		print '<tr class="oddeven"><td>'.$langs->trans("ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS").'</td>';
 		print '<td>';
-		$form->select_produits($conf->global->ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS, 'ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS');
+		$form->select_produits($conf->global->ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS, 'ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS', '', 0);
 		print '</td>';
 	}
 	print "</tr>\n";

htdocs/adherents/document.php

@@ -115,7 +115,7 @@ if ($id > 0)
         print '<div class="underbanner clearboth"></div>';
 		print '<table class="border tableforfield centpercent">';
 
-		$linkback = '<a href="'.DOL_URL_ROOT.'/adherents/list.php">'.$langs->trans("BackToList").'</a>';
+		$linkback = '<a href="'.DOL_URL_ROOT.'/adherents/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
 
         // Login
         if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED))

htdocs/adherents/subscription.php

@@ -398,7 +398,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
 
                 $moreinheader='X-Dolibarr-Info: send_an_email by adherents/subscription.php'."\r\n";
 
-                $result=$object->send_an_email($texttosend, $subjecttosend, $listofpaths, $listofnames, $listofmimes, "", "", 0, -1, '', $moreinheader);
+                $result=$object->send_an_email($texttosend, $subjecttosend, $listofpaths, $listofmimes, $listofnames, "", "", 0, -1, '', $moreinheader);
                 if ($result < 0)
                 {
                 	$errmsg=$object->error;

htdocs/adherents/subscription/info.php

@@ -53,7 +53,7 @@ $head = subscription_prepare_head($object);
 
 dol_fiche_head($head, 'info', $langs->trans("Subscription"), -1, 'payment');
 
-$linkback = '<a href="'.DOL_URL_ROOT.'/adherents/subscription/list.php">'.$langs->trans("BackToList").'</a>';
+$linkback = '<a href="'.DOL_URL_ROOT.'/adherents/subscription/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
 
 dol_banner_tab($object, 'rowid', $linkback, 1);
 

htdocs/adherents/subscription/list.php

@@ -387,46 +387,17 @@ print "</tr>\n";
 
 
 print '<tr class="liste_titre">';
-if (! empty($arrayfields['d.ref']['checked']))
-{
-	print_liste_field_titre("Ref", $_SERVER["PHP_SELF"], "c.rowid", $param, "", "", $sortfield, $sortorder);
-}
-if (! empty($arrayfields['d.fk_type']['checked']))
-{
-	print_liste_field_titre("Type", $_SERVER["PHP_SELF"], "c.fk_type", $param, "", "", $sortfield, $sortorder);
-}
-if (! empty($arrayfields['d.lastname']['checked']))
-{
-	print_liste_field_titre("LastName", $_SERVER["PHP_SELF"], "d.lastname", $param, "", "", $sortfield, $sortorder);
-}
-if (! empty($arrayfields['d.firstname']['checked']))
-{
-	print_liste_field_titre("FirstName", $_SERVER["PHP_SELF"], "d.firstname", $param, "", "", $sortfield, $sortorder);
-}
-if (! empty($arrayfields['d.login']['checked']))
-{
-	print_liste_field_titre("Login", $_SERVER["PHP_SELF"], "d.login", $param, "", "", $sortfield, $sortorder);
-}
-if (! empty($arrayfields['t.libelle']['checked']))
-{
-	print_liste_field_titre("Label", $_SERVER["PHP_SELF"], "c.note", $param, "", '', $sortfield, $sortorder);
-}
-if (! empty($arrayfields['d.bank']['checked']))
-{
-	print_liste_field_titre("Account", $_SERVER["PHP_SELF"], "b.fk_account", $param, "", "", $sortfield, $sortorder);
-}
-if (! empty($arrayfields['c.dateadh']['checked']))
-{
-	print_liste_field_titre("DateStart", $_SERVER["PHP_SELF"], "c.dateadh", $param, "", '', $sortfield, $sortorder, 'center nowraponall ');
-}
-if (! empty($arrayfields['c.datef']['checked']))
-{
-	print_liste_field_titre("DateEnd", $_SERVER["PHP_SELF"], "c.datef", $param, "", '', $sortfield, $sortorder, 'center nowraponall ');
-}
-if (! empty($arrayfields['d.amount']['checked']))
-{
-	print_liste_field_titre("Amount", $_SERVER["PHP_SELF"], "c.subscription", $param, "", '', $sortfield, $sortorder, 'right ');
-}
+if (! empty($arrayfields['d.ref']['checked']))          print_liste_field_titre($arrayfields['d.ref']['label'], $_SERVER["PHP_SELF"], "c.rowid", $param, "", "", $sortfield, $sortorder);
+if (! empty($arrayfields['d.fk_type']['checked']))      print_liste_field_titre($arrayfields['d.fk_type']['label'], $_SERVER["PHP_SELF"], "c.fk_type", $param, "", "", $sortfield, $sortorder);
+if (! empty($arrayfields['d.lastname']['checked']))     print_liste_field_titre($arrayfields['d.lastname']['label'], $_SERVER["PHP_SELF"], "d.lastname", $param, "", "", $sortfield, $sortorder);
+if (! empty($arrayfields['d.firstname']['checked']))    print_liste_field_titre($arrayfields['d.firstname']['label'], $_SERVER["PHP_SELF"], "d.firstname", $param, "", "", $sortfield, $sortorder);
+if (! empty($arrayfields['d.login']['checked']))        print_liste_field_titre($arrayfields['d.login']['label'], $_SERVER["PHP_SELF"], "d.login", $param, "", "", $sortfield, $sortorder);
+if (! empty($arrayfields['t.libelle']['checked']))      print_liste_field_titre($arrayfields['t.libelle']['label'], $_SERVER["PHP_SELF"], "c.note", $param, "", '', $sortfield, $sortorder);
+if (! empty($arrayfields['d.bank']['checked']))         print_liste_field_titre($arrayfields['d.bank']['label'], $_SERVER["PHP_SELF"], "b.fk_account", $param, "", "", $sortfield, $sortorder);
+if (! empty($arrayfields['c.dateadh']['checked']))      print_liste_field_titre($arrayfields['c.dateadh']['label'], $_SERVER["PHP_SELF"], "c.dateadh", $param, "", '', $sortfield, $sortorder, 'center nowraponall ');
+if (! empty($arrayfields['c.datef']['checked']))        print_liste_field_titre($arrayfields['c.datef']['label'], $_SERVER["PHP_SELF"], "c.datef", $param, "", '', $sortfield, $sortorder, 'center nowraponall ');
+if (! empty($arrayfields['d.amount']['checked']))       print_liste_field_titre($arrayfields['d.amount']['label'], $_SERVER["PHP_SELF"], "c.subscription", $param, "", '', $sortfield, $sortorder, 'right ');
+
 // Extra fields
 include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_title.tpl.php';
 

htdocs/admin/dict.php

@@ -563,7 +563,7 @@ if ($id == 11)
 			'project'           => $langs->trans('Project'),
 			'project_task'      => $langs->trans('Task'),
 			'agenda'			=> $langs->trans('Agenda'),
-			'resource'           => $langs->trans('Resource'),
+			'dolresource'       => $langs->trans('Resource'),
 			// old deprecated
 			'propal'            => $langs->trans('Proposal'),
 			'commande'          => $langs->trans('Order'),
@@ -1985,9 +1985,9 @@ function fieldList($fieldlist, $obj = '', $tabname = '', $context = '')
 			if (in_array($fieldlist[$field], array('libelle', 'label', 'tracking'))) $class='quatrevingtpercent';
 			print '<td class="'.$classtd.'">';
 			$transfound=0;
+            $transkey='';
 			if (in_array($fieldlist[$field], array('label','libelle')))
 			{
-			    $transkey='';
 			    // Special case for labels
 			    if ($tabname == MAIN_DB_PREFIX.'c_civility') {
 			        $transkey="Civility".strtoupper($obj->code);

htdocs/admin/emailcollector_card.php

@@ -116,7 +116,7 @@ if (empty($reshook))
 if (GETPOST('addfilter', 'alpha'))
 {
 	$emailcollectorfilter = new EmailCollectorFilter($db);
-	$emailcollectorfilter->type = GETPOST('filtertype', 'az09');
+	$emailcollectorfilter->type = GETPOST('filtertype', 'aZ09');
 	$emailcollectorfilter->rulevalue = GETPOST('rulevalue', 'alpha');
 	$emailcollectorfilter->fk_emailcollector = $object->id;
 	$emailcollectorfilter->status = 1;
@@ -150,7 +150,7 @@ if ($action == 'deletefilter')
 if (GETPOST('addoperation', 'alpha'))
 {
 	$emailcollectoroperation = new EmailCollectorAction($db);
-	$emailcollectoroperation->type = GETPOST('operationtype', 'az09');
+	$emailcollectoroperation->type = GETPOST('operationtype', 'aZ09');
 	$emailcollectoroperation->actionparam = GETPOST('operationparam', 'none');
 	$emailcollectoroperation->fk_emailcollector = $object->id;
 	$emailcollectoroperation->status = 1;

htdocs/admin/facture.php

@@ -808,36 +808,39 @@ print '</table>';
 print '<br>';
 print load_fiche_titre($langs->trans("PathToDocuments"), '', '');
 
-print '<table class="noborder" width="100%">'."\n";
+print '<div class="div-table-responsive-no-min">';
+print '<table class="noborder centpercent">'."\n";
 print '<tr class="liste_titre">'."\n";
 print '<td>'.$langs->trans("Name").'</td>'."\n";
 print '<td>'.$langs->trans("Value").'</td>'."\n";
 print "</tr>\n";
-print '<tr '.$bc[false].'>'."\n";
+print '<tr class="oddeven">'."\n";
 print '<td width="140">'.$langs->trans("PathDirectory").'</td>'."\n";
 print '<td>'.$conf->facture->dir_output.'</td>'."\n";
 print '</tr>'."\n";
 print "</table>\n";
-
+print "</div>\n";
 
 /*
  * Notifications
  */
 print '<br>';
 print load_fiche_titre($langs->trans("Notifications"), '', '');
-print '<table class="noborder" width="100%">';
+
+print '<div class="div-table-responsive-no-min">';
+print '<table class="noborder centpercent">';
 print '<tr class="liste_titre">';
 print '<td>'.$langs->trans("Parameter").'</td>';
 print '<td class="center" width="60"></td>';
 print '<td width="80">&nbsp;</td>';
 print "</tr>\n";
-
 print '<tr class="oddeven"><td colspan="2">';
 print $langs->trans("YouMayFindNotificationsFeaturesIntoModuleNotification").'<br>';
 print '</td><td class="right">';
 print "</td></tr>\n";
-
 print '</table>';
+print "</div>\n";
+
 
 dol_fiche_end();
 

htdocs/admin/mails.php

@@ -65,27 +65,27 @@ complete_substitutions_array($substitutionarrayfortest, $langs);
 
 if ($action == 'update' && empty($_POST["cancel"]))
 {
-	dolibarr_set_const($db, "MAIN_DISABLE_ALL_MAILS", GETPOST("MAIN_DISABLE_ALL_MAILS"), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_MAIL_FORCE_SENDTO", GETPOST("MAIN_MAIL_FORCE_SENDTO"), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_MAIL_ENABLED_USER_DEST_SELECT", GETPOST("MAIN_MAIL_ENABLED_USER_DEST_SELECT"), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_DISABLE_ALL_MAILS", GETPOST("MAIN_DISABLE_ALL_MAILS", 'int'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_MAIL_FORCE_SENDTO", GETPOST("MAIN_MAIL_FORCE_SENDTO", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_MAIL_ENABLED_USER_DEST_SELECT", GETPOST("MAIN_MAIL_ENABLED_USER_DEST_SELECT", 'int'), 'chaine', 0, '', $conf->entity);
 	// Send mode parameters
-	dolibarr_set_const($db, "MAIN_MAIL_SENDMODE", GETPOST("MAIN_MAIL_SENDMODE"), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_MAIL_SMTP_PORT", GETPOST("MAIN_MAIL_SMTP_PORT"), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_MAIL_SMTP_SERVER", GETPOST("MAIN_MAIL_SMTP_SERVER"), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_MAIL_SMTPS_ID", GETPOST("MAIN_MAIL_SMTPS_ID"), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_MAIL_SMTPS_PW", GETPOST("MAIN_MAIL_SMTPS_PW"), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_MAIL_EMAIL_TLS", GETPOST("MAIN_MAIL_EMAIL_TLS"), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_MAIL_EMAIL_STARTTLS", GETPOST("MAIN_MAIL_EMAIL_STARTTLS"), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_MAIL_SENDMODE", GETPOST("MAIN_MAIL_SENDMODE", 'aZ09'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_MAIL_SMTP_PORT", GETPOST("MAIN_MAIL_SMTP_PORT", 'int'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_MAIL_SMTP_SERVER", GETPOST("MAIN_MAIL_SMTP_SERVER", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_MAIL_SMTPS_ID", GETPOST("MAIN_MAIL_SMTPS_ID", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_MAIL_SMTPS_PW", GETPOST("MAIN_MAIL_SMTPS_PW", 'none'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_MAIL_EMAIL_TLS", GETPOST("MAIN_MAIL_EMAIL_TLS", 'int'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_MAIL_EMAIL_STARTTLS", GETPOST("MAIN_MAIL_EMAIL_STARTTLS", 'int'), 'chaine', 0, '', $conf->entity);
 
-	dolibarr_set_const($db, "MAIN_MAIL_EMAIL_DKIM_ENABLED", GETPOST("MAIN_MAIL_EMAIL_DKIM_ENABLED"), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_MAIL_EMAIL_DKIM_DOMAIN", GETPOST("MAIN_MAIL_EMAIL_DKIM_DOMAIN"), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_MAIL_EMAIL_DKIM_SELECTOR", GETPOST("MAIN_MAIL_EMAIL_DKIM_SELECTOR"), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_MAIL_EMAIL_DKIM_PRIVATE_KEY", GETPOST("MAIN_MAIL_EMAIL_DKIM_PRIVATE_KEY"), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_MAIL_EMAIL_DKIM_ENABLED", GETPOST("MAIN_MAIL_EMAIL_DKIM_ENABLED", 'int'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_MAIL_EMAIL_DKIM_DOMAIN", GETPOST("MAIN_MAIL_EMAIL_DKIM_DOMAIN", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_MAIL_EMAIL_DKIM_SELECTOR", GETPOST("MAIN_MAIL_EMAIL_DKIM_SELECTOR", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_MAIL_EMAIL_DKIM_PRIVATE_KEY", GETPOST("MAIN_MAIL_EMAIL_DKIM_PRIVATE_KEY", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
 	// Content parameters
-	dolibarr_set_const($db, "MAIN_MAIL_EMAIL_FROM", GETPOST("MAIN_MAIL_EMAIL_FROM"), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_MAIL_ERRORS_TO", GETPOST("MAIN_MAIL_ERRORS_TO"), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_MAIL_AUTOCOPY_TO", GETPOST("MAIN_MAIL_AUTOCOPY_TO"), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, 'MAIN_MAIL_DEFAULT_FROMTYPE', GETPOST('MAIN_MAIL_DEFAULT_FROMTYPE'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_MAIL_EMAIL_FROM", GETPOST("MAIN_MAIL_EMAIL_FROM", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_MAIL_ERRORS_TO", GETPOST("MAIN_MAIL_ERRORS_TO", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_MAIL_AUTOCOPY_TO", GETPOST("MAIN_MAIL_AUTOCOPY_TO", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, 'MAIN_MAIL_DEFAULT_FROMTYPE', GETPOST('MAIN_MAIL_DEFAULT_FROMTYPE', 'alphanohtml'), 'chaine', 0, '', $conf->entity);
 
 	header("Location: ".$_SERVER["PHP_SELF"]."?mainmenu=home&leftmenu=setup");
 	exit;
@@ -101,8 +101,8 @@ $mode='emailfortest';
 $trackid=(($action == 'testhtml')?"testhtml":"test");
 include DOL_DOCUMENT_ROOT.'/core/actions_sendmails.inc.php';
 
-if ($action == 'presend' && GETPOST('trackid') == 'test')       $action='test';
-if ($action == 'presend' && GETPOST('trackid') == 'testhtml')   $action='testhtml';
+if ($action == 'presend' && GETPOST('trackid', 'alphanohtml') == 'test')       $action='test';
+if ($action == 'presend' && GETPOST('trackid', 'alphanohtml') == 'testhtml')   $action='testhtml';
 
 
 
@@ -823,7 +823,7 @@ else
 		$formmail->frommail = (isset($_POST['frommail'])?$_POST['frommail']:$conf->global->MAIN_MAIL_EMAIL_FROM);
 		$formmail->fromid=$user->id;
 		$formmail->fromalsorobot=1;
-		$formmail->fromtype=(GETPOST('fromtype')?GETPOST('fromtype'):(!empty($conf->global->MAIN_MAIL_DEFAULT_FROMTYPE)?$conf->global->MAIN_MAIL_DEFAULT_FROMTYPE:'user'));
+		$formmail->fromtype=(GETPOSTISSET('fromtype')?GETPOST('fromtype', 'aZ09'):(!empty($conf->global->MAIN_MAIL_DEFAULT_FROMTYPE)?$conf->global->MAIN_MAIL_DEFAULT_FROMTYPE:'user'));
 		$formmail->withfromreadonly=1;
 		$formmail->withsubstit=1;
 		$formmail->withfrom=1;
@@ -849,7 +849,7 @@ else
 		$formmail->param["returnurl"]=$_SERVER["PHP_SELF"];
 
 		// Init list of files
-		if (GETPOST("mode")=='init')
+		if (GETPOST("mode", "aZ09")=='init')
 		{
 			$formmail->clear_attached_files();
 		}

htdocs/admin/mails_templates.php

@@ -50,7 +50,7 @@ $confirm    = GETPOST('confirm', 'alpha');												// Result of a confirmatio
 
 $id			= GETPOST('id', 'int');
 $rowid		= GETPOST('rowid', 'alpha');
-$search_label=GETPOST('search_label', 'alpha');
+$search_label=GETPOST('search_label', 'alphanohtml');									// Must allow value like 'Abc Def' or '(MyTemplateName)'
 $search_type_template=GETPOST('search_type_template', 'alpha');
 $search_lang=GETPOST('search_lang', 'alpha');
 $search_fk_user=GETPOST('search_fk_user', 'intcomma');
@@ -263,6 +263,7 @@ if (empty($reshook))
             {
             	//var_dump($i.' - '.$listfieldvalue[$i].' - '.$_POST[$listfieldvalue[$i]].' - '.$value);
             	$keycode=$listfieldvalue[$i];
+            	if ($value == 'label') $_POST[$keycode] = dol_escape_htmltag($_POST[$keycode]);
             	if ($value == 'lang') $keycode='langcode';
                 if ($value == 'entity') $_POST[$keycode] = $conf->entity;
                 if ($i) $sql.=",";
@@ -667,8 +668,6 @@ if ($resql)
     print '<tr class="liste_titre">';
     foreach ($fieldlist as $field => $value)
     {
-        // Determine le nom du champ par rapport aux noms possibles
-        // dans les dictionnaires de donnees
         $showfield=1;							  	// By defaut
         $align="left";
         $sortable=1;
@@ -695,7 +694,7 @@ if ($resql)
 		if ($fieldlist[$field]=='content')         { $valuetoshow=$langs->trans("Content"); $showfield=0;}
 		if ($fieldlist[$field]=='content_lines')   { $valuetoshow=$langs->trans("ContentLines"); $showfield=0; }
 
-        // Affiche nom du champ
+        // Show fields
         if ($showfield)
         {
             if (! empty($tabhelp[$id][$value]))
@@ -813,6 +812,10 @@ if ($resql)
                         $showfield=1;
                     	$align="left";
                         $valuetoshow=$obj->{$fieldlist[$field]};
+                        if ($value == 'label' || $value == 'topic')
+                        {
+                            $valuetoshow = dol_escape_htmltag($valuetoshow);
+                        }
                         if ($value == 'type_template')
                         {
                             $valuetoshow = isset($elementList[$valuetoshow])?$elementList[$valuetoshow]:$valuetoshow;

htdocs/admin/notification.php

@@ -238,7 +238,7 @@ foreach($listofnotifiedevents as $notifiedevent)
     	$s='<input type="text" size="32" name="NOTIF_'.$notifiedevent['code'].'_old_'.$reg[1].'_key" value="'.dol_escape_htmltag($value).'">';		// Do not use type="email" here, we must be able to enter a list of email with , separator.
 	    $arrayemail=explode(',', $value);
 		$showwarning=0;
-		foreach($arrayemail as $key=>$valuedet)
+		foreach($arrayemail as $keydet => $valuedet)
 		{
 			$valuedet=trim($valuedet);
 			if (! empty($valuedet) && ! isValidEmail($valuedet, 1)) $showwarning++;

htdocs/admin/security.php

@@ -170,9 +170,23 @@ elseif ($action == 'disable_MAIN_SECURITY_DISABLEFORGETPASSLINK')
 
 if ($action == 'maj_pattern')
 {
-	dolibarr_set_const($db, "USER_PASSWORD_PATTERN", GETPOST("pattern"), 'chaine', 0, '', $conf->entity);
-	header("Location: security.php");
-	exit;
+    $pattern = GETPOST("pattern");
+    $explodePattern = explode(';', $pattern);
+
+    $patternInError = false;
+    if ($explodePattern[0] < 1 || $explodePattern[4] < 0) {
+        $patternInError = true;
+    }
+
+    if ($explodePattern[0] < $explodePattern[1] + $explodePattern[2] + $explodePattern[3]) {
+        $patternInError = true;
+    }
+
+    if (!$patternInError) {
+	    dolibarr_set_const($db, "USER_PASSWORD_PATTERN", $pattern, 'chaine', 0, '', $conf->entity);
+	    header("Location: security.php");
+	    exit;
+    }
 }
 
 
@@ -278,13 +292,6 @@ if ($conf->global->USER_PASSWORD_GENERATED == "Perso"){
 
 
 	$tabConf = explode(";", $conf->global->USER_PASSWORD_PATTERN);
-	/*$this->length2 = $tabConf[0];
-	$this->NbMaj = $tabConf[1];
-	$this->NbNum = $tabConf[2];
-	$this->NbSpe = $tabConf[3];
-	$this->NbRepeat = $tabConf[4];
-	$this->WithoutAmbi = $tabConf[5];
-	*/
 	print '<br>';
 	print '<table class="noborder" width="100%">';
 	print '<tr class="liste_titre">';
@@ -350,6 +357,13 @@ if ($conf->global->USER_PASSWORD_GENERATED == "Perso"){
 	print '	}';
 
 	print '	function valuePossible(){';
+	print '		var fields = ["#minlenght", "#NbMajMin", "#NbNumMin", "#NbSpeMin", "#NbIteConsecutive"];';
+	print '		for(var i = 0 ; i < fields.length ; i++){';
+	print '		    if($(fields[i]).val() < $(fields[i]).attr("min")){';
+	print '		        return false;';
+	print '		    }';
+	print '		}';
+	print '		';
 	print '		var length = parseInt($("#minlenght").val());';
 	print '		var length_mini = parseInt($("#NbMajMin").val()) + parseInt($("#NbNumMin").val()) + parseInt($("#NbSpeMin").val());';
 	print '		return length >= length_mini;';

htdocs/admin/system/about.php

@@ -160,7 +160,6 @@ print '<ul>';
 
 print '<li><a href="https://facebook.com/dolibarr" target="_blank" rel="external">FaceBook</a></li>';
 print '<li><a href="https://twitter.com/dolibarr" target="_blank" rel="external">Twitter</a></li>';
-print '<li><a href="https://plus.google.com/+DolibarrOrg" target="_blank" rel="external">Google Plus page</a></li>';
 
 print '</ul>';