From 74ac69fc5a27768c5644865933b3980109d483f6 Mon Sep 17 00:00:00 2001
From: Pierre Ardoin <32256817+mapiolca@users.noreply.github.com>
Date: Thu, 27 Feb 2020 09:16:15 +0100
Subject: [PATCH 01/14] Add Entity in list_product_fournisseur_price()

Select too the entity value to add const NOTMODIFYOTHERENTITYFOURNPRICE
---
 .../fourn/class/fournisseur.product.class.php | 20 ++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php
index 9f49fb31b83..f11f88464f3 100644
--- a/htdocs/fourn/class/fournisseur.product.class.php
+++ b/htdocs/fourn/class/fournisseur.product.class.php
@@ -1,12 +1,13 @@
 <?php
-/* Copyright (C) 2005		Rodolphe Quiedeville	<rodolphe@quiedeville.org>
- * Copyright (C) 2006-2011	Laurent Destailleur	<eldy@users.sourceforge.net>
- * Copyright (C) 2009-2014	Regis Houssin		<regis.houssin@inodbox.com>
- * Copyright (C) 2011		Juanjo Menent		<jmenent@2byte.es>
- * Copyright (C) 2012		Christophe Battarel	<christophe.battarel@altairis.fr>
- * Copyright (C) 2015		Marcos García           <marcosgdf@gmail.com>
- * Copyright (C) 2016		Charlie Benke           <charlie@patas-monkey.com>
- * Copyright (C) 2019       Frédéric France         <frederic.france@netlogic.fr>
+/* Copyright (C) 2005		Rodolphe Quiedeville  <rodolphe@quiedeville.org>
+ * Copyright (C) 2006-2011	Laurent Destailleur	  <eldy@users.sourceforge.net>
+ * Copyright (C) 2009-2014	Regis Houssin		  <regis.houssin@inodbox.com>
+ * Copyright (C) 2011		Juanjo Menent		  <jmenent@2byte.es>
+ * Copyright (C) 2012		Christophe Battarel	  <christophe.battarel@altairis.fr>
+ * Copyright (C) 2015		Marcos García         <marcosgdf@gmail.com>
+ * Copyright (C) 2016		Charlie Benke         <charlie@patas-monkey.com>
+ * Copyright (C) 2019       Frédéric France       <frederic.france@netlogic.fr>
+ * Copyright (C) 2020       Pierre Ardoin         <mapiolca@me.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -590,7 +591,7 @@ class ProductFournisseur extends Product
         global $conf;
 
         $sql = "SELECT s.nom as supplier_name, s.rowid as fourn_id,";
-        $sql.= " pfp.rowid as product_fourn_pri_id, pfp.ref_fourn, pfp.desc_fourn, pfp.fk_product as product_fourn_id, pfp.fk_supplier_price_expression,";
+        $sql.= " pfp.rowid as product_fourn_pri_id, pfp.entity, pfp.ref_fourn, pfp.desc_fourn, pfp.fk_product as product_fourn_id, pfp.fk_supplier_price_expression,";
         $sql.= " pfp.price, pfp.quantity, pfp.unitprice, pfp.remise_percent, pfp.remise, pfp.tva_tx, pfp.fk_availability, pfp.charges, pfp.info_bits, pfp.delivery_time_days, pfp.supplier_reputation,";
         $sql.= " pfp.multicurrency_price, pfp.multicurrency_unitprice, pfp.multicurrency_tx, pfp.fk_multicurrency, pfp.multicurrency_code, pfp.datec, pfp.tms,";
         $sql.= " pfp.barcode, pfp.fk_barcode_type";
@@ -616,6 +617,7 @@ class ProductFournisseur extends Product
 
                 $prodfourn->product_fourn_price_id	= $record["product_fourn_pri_id"];
                 $prodfourn->product_fourn_id		= $record["product_fourn_id"];
+				$prodfourn->product_fourn_entity    = $record["entity"];
                 $prodfourn->fourn_ref				= $record["ref_fourn"];
                 $prodfourn->ref_supplier			= $record["ref_fourn"];
                 $prodfourn->desc_supplier           = $record["desc_fourn"];

From 84764771373f06b9fd62ea691ddac377bbdfe848 Mon Sep 17 00:00:00 2001
From: Pierre Ardoin <32256817+mapiolca@users.noreply.github.com>
Date: Thu, 27 Feb 2020 09:19:39 +0100
Subject: [PATCH 02/14] add const NOTMODIFYOTHERENTITYFOURNPRICE

if const NOTMODIFYOTHERENTITYFOURNPRICE, can't modify other shared fourn prices.
---
 htdocs/product/fournisseurs.php | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php
index 0bda7d44564..797f350627e 100644
--- a/htdocs/product/fournisseurs.php
+++ b/htdocs/product/fournisseurs.php
@@ -1,14 +1,15 @@
 <?php
-/* Copyright (C) 2001-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2013 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2004      Eric Seigne          <eric.seigne@ryxeo.com>
- * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@inodbox.com>
- * Copyright (C) 2010-2012 Juanjo Menent        <jmenent@2byte.es>
- * Copyright (C) 2012      Christophe Battarel  <christophe.battarel@altairis.fr>
- * Copyright (C) 2014      Ion Agorria          <ion@agorria.com>
- * Copyright (C) 2015      Alexandre Spangaro   <aspangaro@open-dsi.fr>
- * Copyright (C) 2016      Ferran Marcet		<fmarcet@2byte.es>
- * Copyright (C) 2019       Frédéric France         <frederic.france@netlogic.fr>
+/* Copyright (C) 2001-2007  Rodolphe Quiedeville <rodolphe@quiedeville.org>
+ * Copyright (C) 2004-2013  Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2004       Eric Seigne          <eric.seigne@ryxeo.com>
+ * Copyright (C) 2005-2012  Regis Houssin        <regis.houssin@inodbox.com>
+ * Copyright (C) 2010-2012  Juanjo Menent        <jmenent@2byte.es>
+ * Copyright (C) 2012       Christophe Battarel  <christophe.battarel@altairis.fr>
+ * Copyright (C) 2014       Ion Agorria          <ion@agorria.com>
+ * Copyright (C) 2015       Alexandre Spangaro   <aspangaro@open-dsi.fr>
+ * Copyright (C) 2016       Ferran Marcet		 <fmarcet@2byte.es>
+ * Copyright (C) 2019       Frédéric France      <frederic.france@netlogic.fr>
+ * Copyright (C) 2020       Pierre Ardoin        <mapiolca@me.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -933,7 +934,14 @@ SCRIPT;
 
 						// Modify-Remove
 						print '<td class="center nowraponall">';
-						if ($usercancreate)
+						
+						if (!empty($conf->global->NOTMODIFYOTHERENTITYFOURNPRICE) && $productfourn->product_fourn_entity!=$conf->entity) {
+							$canmodifyotherentityfournprice = 0;
+						}else{
+							$canmodifyotherentityfournprice = 1;
+						}
+						
+						if ($usercancreate && $canmodifyotherentityfournprice == 1)
 						{
 							print '<a href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&amp;socid='.$productfourn->fourn_id.'&amp;action=add_price&amp;rowid='.$productfourn->product_fourn_price_id.'">'.img_edit()."</a>";
 							print ' &nbsp; ';

From 5dc403cb664fe3c1397fc3cbb9b7469dfc816466 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 12 Mar 2020 12:19:24 +0100
Subject: [PATCH 03/14] FIX #13304

---
 htdocs/expensereport/list.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/htdocs/expensereport/list.php b/htdocs/expensereport/list.php
index a05fd1393bb..03cafb6b60d 100644
--- a/htdocs/expensereport/list.php
+++ b/htdocs/expensereport/list.php
@@ -277,7 +277,9 @@ $sql = "SELECT d.rowid, d.ref, d.fk_user_author, d.total_ht, d.total_tva, d.tota
 $sql.= " d.date_debut, d.date_fin, d.date_create, d.tms as date_modif, d.date_valid, d.date_approve, d.note_private, d.note_public,";
 $sql.= " u.rowid as id_user, u.firstname, u.lastname, u.login, u.email, u.statut, u.photo";
 // Add fields from extrafields
-foreach ($extrafields->attributes['expensereport']['type'] as $key => $val) $sql.=($extrafields->attribute_type[$key] != 'separate' ? ",ef.".$key.' as options_'.$key : '');
+if (is_array($extrafields->attributes['expensereport']['type'])) {
+	foreach ($extrafields->attributes['expensereport']['type'] as $key => $val) $sql.=($extrafields->attribute_type[$key] != 'separate' ? ",ef.".$key.' as options_'.$key : '');
+}
 // Add fields from hooks
 $parameters=array();
 $reshook=$hookmanager->executeHooks('printFieldListSelect', $parameters);    // Note that $action and $object may have been modified by hook

From 564f4129578cd1b5de730af0807ac3d673ef8a07 Mon Sep 17 00:00:00 2001
From: Pierre Ardoin <32256817+mapiolca@users.noreply.github.com>
Date: Tue, 17 Mar 2020 10:04:43 +0100
Subject: [PATCH 04/14] correction due to comments @hregis and @eldy

---
 htdocs/product/fournisseurs.php | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php
index 797f350627e..843a32c57a4 100644
--- a/htdocs/product/fournisseurs.php
+++ b/htdocs/product/fournisseurs.php
@@ -53,6 +53,7 @@ $socid=GETPOST('socid', 'int');
 $cost_price=GETPOST('cost_price', 'alpha');
 $backtopage=GETPOST('backtopage', 'alpha');
 $error=0;
+$canmodifyotherentityfournprice = 1
 
 // If socid provided by ajax company selector
 if (! empty($_REQUEST['search_fourn_id']))
@@ -935,12 +936,6 @@ SCRIPT;
 						// Modify-Remove
 						print '<td class="center nowraponall">';
 						
-						if (!empty($conf->global->NOTMODIFYOTHERENTITYFOURNPRICE) && $productfourn->product_fourn_entity!=$conf->entity) {
-							$canmodifyotherentityfournprice = 0;
-						}else{
-							$canmodifyotherentityfournprice = 1;
-						}
-						
 						if ($usercancreate && $canmodifyotherentityfournprice == 1)
 						{
 							print '<a href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&amp;socid='.$productfourn->fourn_id.'&amp;action=add_price&amp;rowid='.$productfourn->product_fourn_price_id.'">'.img_edit()."</a>";

From 26f6f04486448c4071c8ac5c35fd63daebf5082e Mon Sep 17 00:00:00 2001
From: Pierre Ardoin <32256817+mapiolca@users.noreply.github.com>
Date: Tue, 17 Mar 2020 10:08:18 +0100
Subject: [PATCH 05/14] forgot ";"

---
 htdocs/product/fournisseurs.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php
index 843a32c57a4..d7238a72174 100644
--- a/htdocs/product/fournisseurs.php
+++ b/htdocs/product/fournisseurs.php
@@ -53,7 +53,7 @@ $socid=GETPOST('socid', 'int');
 $cost_price=GETPOST('cost_price', 'alpha');
 $backtopage=GETPOST('backtopage', 'alpha');
 $error=0;
-$canmodifyotherentityfournprice = 1
+$canmodifyotherentityfournprice = 1 ;
 
 // If socid provided by ajax company selector
 if (! empty($_REQUEST['search_fourn_id']))

From 45579b0986f5bdd3d7534ec4370e44765520a433 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@inodbox.com>
Date: Mon, 23 Mar 2020 07:01:23 +0100
Subject: [PATCH 06/14] FIX remove unused var, $usercancreate can be change by
 Multicompany

---
 htdocs/product/fournisseurs.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php
index d7238a72174..254f462d07e 100644
--- a/htdocs/product/fournisseurs.php
+++ b/htdocs/product/fournisseurs.php
@@ -53,7 +53,6 @@ $socid=GETPOST('socid', 'int');
 $cost_price=GETPOST('cost_price', 'alpha');
 $backtopage=GETPOST('backtopage', 'alpha');
 $error=0;
-$canmodifyotherentityfournprice = 1 ;
 
 // If socid provided by ajax company selector
 if (! empty($_REQUEST['search_fourn_id']))
@@ -935,8 +934,8 @@ SCRIPT;
 
 						// Modify-Remove
 						print '<td class="center nowraponall">';
-						
-						if ($usercancreate && $canmodifyotherentityfournprice == 1)
+
+						if ($usercancreate)
 						{
 							print '<a href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&amp;socid='.$productfourn->fourn_id.'&amp;action=add_price&amp;rowid='.$productfourn->product_fourn_price_id.'">'.img_edit()."</a>";
 							print ' &nbsp; ';

From a5379c71443c7b385f69bb3fbe558895c0b1a051 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 24 Mar 2020 13:10:35 +0100
Subject: [PATCH 07/14] FIX All forms must use newToken()

Conflicts:
	htdocs/commande/card.php
	htdocs/compta/cashcontrol/cashcontrol_card.php
	htdocs/supplier_proposal/card.php
---
 .../bookkeeping/thirdparty_lettering_customer.php   |  2 +-
 .../bookkeeping/thirdparty_lettering_supplier.php   |  2 +-
 htdocs/adherents/cartes/carte.php                   |  6 +++---
 htdocs/adherents/type.php                           |  2 +-
 htdocs/admin/agenda_other.php                       |  2 +-
 htdocs/admin/agenda_reminder.php                    |  2 +-
 htdocs/admin/clicktodial.php                        |  2 +-
 htdocs/admin/fckeditor.php                          |  2 +-
 htdocs/bom/bom_card.php                             |  2 +-
 htdocs/comm/action/pertype.php                      |  2 +-
 htdocs/comm/action/peruser.php                      |  2 +-
 htdocs/comm/propal/card.php                         |  8 ++++----
 htdocs/commande/card.php                            | 10 +++++-----
 htdocs/compta/cashcontrol/cashcontrol_card.php      |  2 +-
 htdocs/compta/facture/card-rec.php                  |  2 +-
 htdocs/compta/facture/card.php                      |  6 +++---
 htdocs/core/lib/agenda.lib.php                      |  2 +-
 htdocs/expedition/card.php                          |  2 +-
 htdocs/modulebuilder/template/myobject_card.php     |  2 +-
 htdocs/mrp/mo_card.php                              |  2 +-
 htdocs/product/price.php                            |  8 ++++----
 htdocs/reception/card.php                           |  2 +-
 htdocs/societe/price.php                            |  4 ++--
 htdocs/supplier_proposal/card.php                   | 13 ++++++++-----
 24 files changed, 46 insertions(+), 43 deletions(-)

diff --git a/htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php b/htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php
index 9cb863aec7d..33563b7b57a 100644
--- a/htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php
+++ b/htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php
@@ -197,7 +197,7 @@ if ($resql) {
 
     $param="&socid=".$socid;
 	print '<form name="add" action="' . $_SERVER["PHP_SELF"] . '?socid=' . $object->id . '" method="POST">';
-    print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
+    print '<input type="hidden" name="token" value="' . newToken() . '">';
 	print '<input type="hidden" name="socid" value="' . $object->id . '">';
 
     $letteringbutton = '<a class="divButAction"><span class="valignmiddle"><input class="butAction" type="submit" value="lettering" name="lettering" id="lettering"></span></a>';
diff --git a/htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php b/htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php
index 61e5e34da99..54aec9490b4 100644
--- a/htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php
+++ b/htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php
@@ -195,7 +195,7 @@ if ($resql) {
 
     $param="&socid=".$socid;
 	print '<form name="add" action="'.$_SERVER["PHP_SELF"].'?socid=' . $object->id . '" method="POST">';
-    print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
+    print '<input type="hidden" name="token" value="' . newToken() . '">';
 	print '<input type="hidden" name="socid" value="' . $object->id . '">';
 
     $letteringbutton = '<a class="divButAction"><span class="valignmiddle"><input class="butAction" type="submit" value="lettering" name="lettering" id="lettering"></span></a>';
diff --git a/htdocs/adherents/cartes/carte.php b/htdocs/adherents/cartes/carte.php
index e7686a0a055..6736a22cd5d 100644
--- a/htdocs/adherents/cartes/carte.php
+++ b/htdocs/adherents/cartes/carte.php
@@ -259,7 +259,7 @@ print '<br>';
 
 print img_picto('', 'puce').' '.$langs->trans("DocForAllMembersCards", ($conf->global->ADHERENT_CARD_TYPE?$conf->global->ADHERENT_CARD_TYPE:$langs->transnoentitiesnoconv("None"))).' ';
 print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
-print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
+print '<input type="hidden" name="token" value="' . newToken() . '">';
 print '<input type="hidden" name="foruserid" value="all">';
 print '<input type="hidden" name="mode" value="card">';
 print '<input type="hidden" name="action" value="builddoc">';
@@ -279,7 +279,7 @@ print '<br><br>';
 
 print img_picto('', 'puce').' '.$langs->trans("DocForOneMemberCards", ($conf->global->ADHERENT_CARD_TYPE?$conf->global->ADHERENT_CARD_TYPE:$langs->transnoentitiesnoconv("None"))).' ';
 print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
-print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
+print '<input type="hidden" name="token" value="' . newToken() . '">';
 print '<input type="hidden" name="mode" value="cardlogin">';
 print '<input type="hidden" name="action" value="builddoc">';
 print $langs->trans("DescADHERENT_CARD_TYPE").' ';
@@ -299,7 +299,7 @@ print '<br><br>';
 
 print img_picto('', 'puce').' '.$langs->trans("DocForLabels", $conf->global->ADHERENT_ETIQUETTE_TYPE).' ';
 print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
-print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
+print '<input type="hidden" name="token" value="' . newToken() . '">';
 print '<input type="hidden" name="mode" value="label">';
 print '<input type="hidden" name="action" value="builddoc">';
 print $langs->trans("DescADHERENT_ETIQUETTE_TYPE").' ';
diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php
index 11360ad4652..4590254ebf6 100644
--- a/htdocs/adherents/type.php
+++ b/htdocs/adherents/type.php
@@ -605,7 +605,7 @@ if ($rowid > 0)
 		    }
 
 			print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
-            print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
+            print '<input type="hidden" name="token" value="'.newToken().'">';
 			print '<input class="flat" type="hidden" name="rowid" value="'.$object->id.'" size="12"></td>';
 
 			print '<br>';
diff --git a/htdocs/admin/agenda_other.php b/htdocs/admin/agenda_other.php
index 0ea6a932fe7..0a86aa9b5e6 100644
--- a/htdocs/admin/agenda_other.php
+++ b/htdocs/admin/agenda_other.php
@@ -324,7 +324,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL >= 2)
 }
 
 print '<form action="'.$_SERVER["PHP_SELF"].'" name="agenda">';
-print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
+print '<input type="hidden" name="token" value="' . newToken() . '">';
 print '<input type="hidden" name="action" value="set">';
 
 print '<table class="noborder allwidth">'."\n";
diff --git a/htdocs/admin/agenda_reminder.php b/htdocs/admin/agenda_reminder.php
index 614d4ef4407..b641dd74fe2 100644
--- a/htdocs/admin/agenda_reminder.php
+++ b/htdocs/admin/agenda_reminder.php
@@ -180,7 +180,7 @@ $head=agenda_prepare_head();
 dol_fiche_head($head, 'reminders', $langs->trans("Agenda"), -1, 'action');
 
 print '<form action="'.$_SERVER["PHP_SELF"].'" name="agenda">';
-print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
+print '<input type="hidden" name="token" value="' . newToken() . '">';
 print '<input type="hidden" name="action" value="set">';
 
 print '<table class="noborder allwidth">'."\n";
diff --git a/htdocs/admin/clicktodial.php b/htdocs/admin/clicktodial.php
index 03c4eeb66cf..3fb3340a702 100644
--- a/htdocs/admin/clicktodial.php
+++ b/htdocs/admin/clicktodial.php
@@ -119,7 +119,7 @@ if (! empty($conf->global->CLICKTODIAL_URL))
 	if (GETPOST('phonefortest')) $phonefortest=GETPOST('phonefortest');
 
 	print '<form action="'.$_SERVER["PHP_SELF"].'">';
-    print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
+    print '<input type="hidden" name="token" value="' . newToken() . '">';
 	print $langs->trans("LinkToTestClickToDial", $user->login).' : ';
 	print '<input class="flat" type="text" name="phonefortest" value="'.dol_escape_htmltag($phonefortest).'">';
 	print '<input type="submit" class="button" value="'.dol_escape_htmltag($langs->trans("RefreshPhoneLink")).'">';
diff --git a/htdocs/admin/fckeditor.php b/htdocs/admin/fckeditor.php
index efe8ca1117d..3bbd23fa7d6 100644
--- a/htdocs/admin/fckeditor.php
+++ b/htdocs/admin/fckeditor.php
@@ -185,7 +185,7 @@ else
 	print '<br>'."\n";
 
 	print '<form name="formtest" method="POST" action="'.$_SERVER["PHP_SELF"].'">'."\n";
-    print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
+    print '<input type="hidden" name="token" value="' . newToken() . '">';
 
 	// Skins
     show_skin(null, 1);
diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php
index 3f1be6c7e4c..3320c160fc2 100644
--- a/htdocs/bom/bom_card.php
+++ b/htdocs/bom/bom_card.php
@@ -546,7 +546,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
 	    $result = $object->getLinesArray();
 
 	    print '	<form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid', 'int')).'" method="POST">
-    	<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
+    	<input type="hidden" name="token" value="' . newToken().'">
     	<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
     	<input type="hidden" name="mode" value="">
     	<input type="hidden" name="id" value="' . $object->id.'">
diff --git a/htdocs/comm/action/pertype.php b/htdocs/comm/action/pertype.php
index 04f334a9551..5591741997e 100644
--- a/htdocs/comm/action/pertype.php
+++ b/htdocs/comm/action/pertype.php
@@ -248,7 +248,7 @@ $nav .= " &nbsp; (<a href=\"?year=".$nowyear."&amp;month=".$nowmonth."&amp;day="
 $picto = 'calendarweek';
 
 $nav .= ' &nbsp; <form name="dateselect" action="'.$_SERVER["PHP_SELF"].'?action=show_peruser'.$param.'">';
-$nav .= '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
+$nav .= '<input type="hidden" name="token" value="'.newToken().'">';
 $nav .= '<input type="hidden" name="action" value="'.$action.'">';
 $nav .= '<input type="hidden" name="filtert" value="'.$filtert.'">';
 $nav .= '<input type="hidden" name="usergroup" value="'.$usergroup.'">';
diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php
index f906c4cab45..711e18ef8b6 100644
--- a/htdocs/comm/action/peruser.php
+++ b/htdocs/comm/action/peruser.php
@@ -289,7 +289,7 @@ $nav .= " &nbsp; <a href=\"?year=".$next_year."&amp;month=".$next_month."&amp;da
 $nav .= " &nbsp; (<a href=\"?year=".$nowyear."&amp;month=".$nowmonth."&amp;day=".$nowday.$param."\">".$langs->trans("Today")."</a>)";
 
 /*$nav.=' &nbsp; <form name="dateselect" action="'.$_SERVER["PHP_SELF"].'?action=show_peruser'.$param.'">';
-$nav.='<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
+$nav.='<input type="hidden" name="token" value="' . newToken() . '">';
 $nav.='<input type="hidden" name="action" value="' . $action . '">';
 $nav.='<input type="hidden" name="filtert" value="' . $filtert . '">';
 $nav.='<input type="hidden" name="usergroup" value="' . $usergroup . '">';
diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php
index f55861b00cc..ad3af8c799d 100644
--- a/htdocs/comm/propal/card.php
+++ b/htdocs/comm/propal/card.php
@@ -1541,7 +1541,7 @@ if ($action == 'create')
 	$object = new Propal($db);
 
 	print '<form name="addprop" action="'.$_SERVER["PHP_SELF"].'" method="POST">';
-	print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
+	print '<input type="hidden" name="token" value="'.newToken().'">';
 	print '<input type="hidden" name="action" value="add">';
 	if ($origin != 'project' && $originid) {
 		print '<input type="hidden" name="origin" value="'.$origin.'">';
@@ -2052,7 +2052,7 @@ if ($action == 'create')
 	print '</td><td>';
 	if ($object->statut == Propal::STATUS_DRAFT && $action == 'editdate' && $usercancreate) {
 		print '<form name="editdate" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="post">';
-		print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
+		print '<input type="hidden" name="token" value="'.newToken().'">';
 		print '<input type="hidden" name="action" value="setdate">';
 		print $form->selectDate($object->date, 're', '', '', 0, "editdate");
 		print '<input type="submit" class="button" value="'.$langs->trans('Modify').'">';
@@ -2078,7 +2078,7 @@ if ($action == 'create')
 	print '</td><td>';
 	if ($object->statut == Propal::STATUS_DRAFT && $action == 'editecheance' && $usercancreate) {
 		print '<form name="editecheance" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="post">';
-		print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
+		print '<input type="hidden" name="token" value="'.newToken().'">';
 		print '<input type="hidden" name="action" value="setecheance">';
 		print $form->selectDate($object->fin_validite, 'ech', '', '', '', "editecheance");
 		print '<input type="submit" class="button" value="'.$langs->trans('Modify').'">';
@@ -2412,7 +2412,7 @@ if ($action == 'create')
 	$result = $object->getLinesArray();
 
 	print '	<form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid')).'" method="POST">
-	<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
+	<input type="hidden" name="token" value="' . newToken().'">
 	<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
 	<input type="hidden" name="mode" value="">
 	<input type="hidden" name="id" value="' . $object->id.'">
diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php
index 3c1bf672c0f..3e9c1a2b0ca 100644
--- a/htdocs/commande/card.php
+++ b/htdocs/commande/card.php
@@ -1594,8 +1594,8 @@ if ($action == 'create' && $usercancreate)
 		$note_public = $object->getDefaultCreateValueFor('note_public');
 	}
 
-	print '<form name="crea_commande" action="' . $_SERVER["PHP_SELF"] . '" method="POST">';
-	print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
+	print '<form name="crea_commande" action="'.$_SERVER["PHP_SELF"].'" method="POST">';
+	print '<input type="hidden" name="token" value="'.newToken().'">';
 	print '<input type="hidden" name="action" value="add">';
 	print '<input type="hidden" name="socid" value="' . $soc->id . '">' . "\n";
 	print '<input type="hidden" name="remise_percent" value="' . $soc->remise_percent . '">';
@@ -2177,7 +2177,7 @@ if ($action == 'create' && $usercancreate)
 		print '</td><td>';
 		if ($action == 'editdate') {
 			print '<form name="setdate" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="post">';
-			print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
+			print '<input type="hidden" name="token" value="'.newToken().'">';
 			print '<input type="hidden" name="action" value="setdate">';
 			print $form->selectDate($object->date, 'order_', '', '', '', "setdate");
 			print '<input type="submit" class="button" value="'.$langs->trans('Modify').'">';
@@ -2198,7 +2198,7 @@ if ($action == 'create' && $usercancreate)
 		print '</td><td>';
 		if ($action == 'editdate_livraison') {
 			print '<form name="setdate_livraison" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="post">';
-			print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
+			print '<input type="hidden" name="token" value="'.newToken().'">';
 			print '<input type="hidden" name="action" value="setdate_livraison">';
 			print $form->selectDate($object->date_livraison ? $object->date_livraison : - 1, 'liv_', '', '', '', "setdate_livraison");
 			print '<input type="submit" class="button" value="'.$langs->trans('Modify').'">';
@@ -2492,7 +2492,7 @@ if ($action == 'create' && $usercancreate)
 		$result = $object->getLinesArray();
 
 		print '<form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid')).'" method="POST">
-		<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
+		<input type="hidden" name="token" value="' . newToken().'">
 		<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
 		<input type="hidden" name="mode" value="">
 		<input type="hidden" name="id" value="' . $object->id.'">';
diff --git a/htdocs/compta/cashcontrol/cashcontrol_card.php b/htdocs/compta/cashcontrol/cashcontrol_card.php
index 8e83e6a33a4..41ba0dbd0fe 100644
--- a/htdocs/compta/cashcontrol/cashcontrol_card.php
+++ b/htdocs/compta/cashcontrol/cashcontrol_card.php
@@ -318,7 +318,7 @@ if ($action == "create" || $action == "start")
 	print load_fiche_titre($langs->trans("CashControl")." - ".$langs->trans("New"), '', 'cash-register');
 
 	print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
-    print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
+    print '<input type="hidden" name="token" value="' . newToken() . '">';
     if ($action == 'start' && GETPOST('posnumber', 'int') != '' && GETPOST('posnumber', 'int') != '' && GETPOST('posnumber', 'int') != '-1')
     {
 	    print '<input type="hidden" name="action" value="add">';
diff --git a/htdocs/compta/facture/card-rec.php b/htdocs/compta/facture/card-rec.php
index 7d1f529bf82..06717574b07 100644
--- a/htdocs/compta/facture/card-rec.php
+++ b/htdocs/compta/facture/card-rec.php
@@ -1680,7 +1680,7 @@ else
 
 		// Lines
 		print '	<form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#add' : '#line_'.GETPOST('lineid')).'" method="POST">
-        	<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
+        	<input type="hidden" name="token" value="' . newToken().'">
         	<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
         	<input type="hidden" name="mode" value="">
         	<input type="hidden" name="id" value="' . $object->id.'">
diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php
index 185f2a1a818..0b38c4eb7e7 100644
--- a/htdocs/compta/facture/card.php
+++ b/htdocs/compta/facture/card.php
@@ -2840,7 +2840,7 @@ if ($action == 'create')
 	}
 
 	print '<form name="add" action="'.$_SERVER["PHP_SELF"].'" method="POST">';
-	print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
+	print '<input type="hidden" name="token" value="'.newToken().'">';
 	print '<input type="hidden" name="action" value="add">';
 	if ($soc->id > 0) print '<input type="hidden" name="socid" value="'.$soc->id.'">'."\n";
 	print '<input name="ref" type="hidden" value="provisoire">';
@@ -4441,7 +4441,7 @@ elseif ($id > 0 || !empty($ref))
 		print '</td><td>';
 		if ($action == 'editrevenuestamp') {
 			print '<form action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="post">';
-			print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
+			print '<input type="hidden" name="token" value="'.newToken().'">';
 			print '<input type="hidden" name="action" value="setrevenuestamp">';
 			print '<input type="hidden" name="revenuestamp" id="revenuestamp_val" value="'.price2num($object->revenuestamp).'">';
 			print $formother->select_revenue_stamp('', 'revenuestamp_type', $mysoc->country_code);
@@ -4945,7 +4945,7 @@ elseif ($id > 0 || !empty($ref))
 	}
 
 	print '	<form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid')).'" method="POST">
-	<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
+	<input type="hidden" name="token" value="' . newToken().'">
 	<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
 	<input type="hidden" name="mode" value="">
 	<input type="hidden" name="id" value="' . $object->id.'">
diff --git a/htdocs/core/lib/agenda.lib.php b/htdocs/core/lib/agenda.lib.php
index dd1810fdf5f..e5d7422cf8a 100644
--- a/htdocs/core/lib/agenda.lib.php
+++ b/htdocs/core/lib/agenda.lib.php
@@ -59,7 +59,7 @@ function print_actions_filter($form, $canedit, $status, $year, $month, $day, $sh
 
 	// Filters
 	//print '<form name="listactionsfilter" class="listactionsfilter" action="' . $_SERVER["PHP_SELF"] . '" method="get">';
-	print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
+	print '<input type="hidden" name="token" value="' . newToken() . '">';
 	print '<input type="hidden" name="year" value="' . $year . '">';
 	print '<input type="hidden" name="month" value="' . $month . '">';
 	print '<input type="hidden" name="day" value="' . $day . '">';
diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php
index b137e6cdfa5..cc9111fc813 100644
--- a/htdocs/expedition/card.php
+++ b/htdocs/expedition/card.php
@@ -2012,7 +2012,7 @@ elseif ($id || $ref)
 		if ($action == 'editline')
 		{
 			print '	<form name="updateline" id="updateline" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;lineid='.$line_id.'" method="POST">
-			<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
+			<input type="hidden" name="token" value="' . newToken().'">
 			<input type="hidden" name="action" value="updateline">
 			<input type="hidden" name="mode" value="">
 			<input type="hidden" name="id" value="' . $object->id.'">
diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php
index cc87e83d5c0..93eb7560aaa 100644
--- a/htdocs/modulebuilder/template/myobject_card.php
+++ b/htdocs/modulebuilder/template/myobject_card.php
@@ -401,7 +401,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
     	$result = $object->getLinesArray();
 
     	print '	<form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid', 'int')).'" method="POST">
-    	<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
+    	<input type="hidden" name="token" value="' . newToken().'">
     	<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
     	<input type="hidden" name="mode" value="">
     	<input type="hidden" name="id" value="' . $object->id.'">
diff --git a/htdocs/mrp/mo_card.php b/htdocs/mrp/mo_card.php
index db05bfd408d..e16a19ea482 100644
--- a/htdocs/mrp/mo_card.php
+++ b/htdocs/mrp/mo_card.php
@@ -497,7 +497,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
 		$object->fetchLines();
 
     	print '	<form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid', 'int')).'" method="POST">
-    	<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
+    	<input type="hidden" name="token" value="' . newToken().'">
     	<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
     	<input type="hidden" name="mode" value="">
     	<input type="hidden" name="id" value="' . $object->id.'">
diff --git a/htdocs/product/price.php b/htdocs/product/price.php
index a6697701a68..3f6a89cbddb 100644
--- a/htdocs/product/price.php
+++ b/htdocs/product/price.php
@@ -1151,7 +1151,7 @@ if ($action == 'edit_vat' && ($user->rights->produit->creer || $user->rights->se
 	print load_fiche_titre($langs->trans("UpdateVAT"), '');
 
 	print '<form action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="POST">';
-	print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
+	print '<input type="hidden" name="token" value="'.newToken().'">';
 	print '<input type="hidden" name="action" value="update_vat">';
 	print '<input type="hidden" name="id" value="'.$object->id.'">';
 
@@ -1185,7 +1185,7 @@ if ($action == 'edit_price' && $object->getRights()->creer)
 	{
 	    print '<!-- Edit price -->'."\n";
 		print '<form action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="POST">';
-		print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
+		print '<input type="hidden" name="token" value="'.newToken().'">';
 		print '<input type="hidden" name="action" value="update_price">';
 		print '<input type="hidden" name="id" value="'.$object->id.'">';
 
@@ -1660,7 +1660,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES))
 		print load_fiche_titre($langs->trans('PriceByCustomer'));
 
 		print '<form action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="POST">';
-		print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
+		print '<input type="hidden" name="token" value="'.newToken().'">';
 		print '<input type="hidden" name="action" value="add_customer_price_confirm">';
 		print '<input type="hidden" name="id" value="'.$object->id.'">';
 
@@ -1747,7 +1747,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES))
 		}
 
 		print '<form action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="POST">';
-		print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
+		print '<input type="hidden" name="token" value="'.newToken().'">';
 		print '<input type="hidden" name="action" value="update_customer_price_confirm">';
 		print '<input type="hidden" name="lineid" value="'.$prodcustprice->id.'">';
 
diff --git a/htdocs/reception/card.php b/htdocs/reception/card.php
index b2723a0ce6a..83a28d55f48 100644
--- a/htdocs/reception/card.php
+++ b/htdocs/reception/card.php
@@ -1610,7 +1610,7 @@ elseif ($id || $ref)
 		if ($action == 'editline')
 		{
 			print '<form name="updateline" id="updateline" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;lineid='.$line_id.'" method="POST">
-			<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
+			<input type="hidden" name="token" value="' . newToken().'">
 			<input type="hidden" name="action" value="updateline">
 			<input type="hidden" name="mode" value="">
 			<input type="hidden" name="id" value="' . $object->id.'">';
diff --git a/htdocs/societe/price.php b/htdocs/societe/price.php
index 5b383f30e28..7386987945e 100644
--- a/htdocs/societe/price.php
+++ b/htdocs/societe/price.php
@@ -256,7 +256,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) {
 		print load_fiche_titre($langs->trans('PriceByCustomer'));
 
 		print '<form action="'.$_SERVER["PHP_SELF"].'?socid='.$object->id.'" method="POST">';
-		print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
+		print '<input type="hidden" name="token" value="'.newToken().'">';
 		print '<input type="hidden" name="action" value="add_customer_price_confirm">';
 		print '<input type="hidden" name="socid" value="'.$object->id.'">';
 		print '<table class="border centpercent">';
@@ -334,7 +334,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) {
 		}
 
 		print '<form action="'.$_SERVER["PHP_SELF"].'?socid='.$object->id.'" method="POST">';
-		print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
+		print '<input type="hidden" name="token" value="'.newToken().'">';
 		print '<input type="hidden" name="action" value="update_customer_price_confirm">';
 		print '<input type="hidden" name="lineid" value="'.$prodcustprice->id.'">';
 		print '<table class="border centpercent">';
diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php
index 5067a4935bc..37afb5f9621 100644
--- a/htdocs/supplier_proposal/card.php
+++ b/htdocs/supplier_proposal/card.php
@@ -1125,7 +1125,7 @@ if ($action == 'create')
 	$object = new SupplierProposal($db);
 
 	print '<form name="addprop" action="'.$_SERVER["PHP_SELF"].'" method="POST">';
-	print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
+	print '<input type="hidden" name="token" value="'.newToken().'">';
 	print '<input type="hidden" name="action" value="add">';
 	if ($origin != 'project' && $originid) {
 		print '<input type="hidden" name="origin" value="'.$origin.'">';
@@ -1557,8 +1557,8 @@ if ($action == 'create')
 	print '</tr></table>';
 	print '</td><td colspan="3">';
 	if ($action == 'editdate_livraison') {
-		print '<form name="editdate_livraison" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="post">';
-		print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
+		print '<form name="editdate_livraison" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="post" class="formconsumeproduce">';
+		print '<input type="hidden" name="token" value="'.newToken().'">';
 		print '<input type="hidden" name="action" value="setdate_livraison">';
 		print $form->selectDate($object->date_livraison, 'liv_', '', '', '', "editdate_livraison");
 		print '<input type="submit" class="button" value="'.$langs->trans('Modify').'">';
@@ -1762,7 +1762,7 @@ if ($action == 'create')
 	$result = $object->getLinesArray();
 
 	print '	<form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#add' : '#line_'.GETPOST('lineid')).'" method="POST">
-	<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
+	<input type="hidden" name="token" value="' . newToken().'">
 	<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
 	<input type="hidden" name="mode" value="">
 	<input type="hidden" name="id" value="' . $object->id.'">
@@ -1806,7 +1806,10 @@ if ($action == 'create')
 	if ($action == 'statut')
 	{
 		// Form to set proposal accepted/refused
-		$form_close = '<form action="' . $_SERVER["PHP_SELF"] . '?id=' . $object->id . '" method="post">';
+		$form_close = '<form action="' . $_SERVER["PHP_SELF"] . '?id=' . $object->id . '" method="POST" id="formacceptrefuse" class="formconsumeproduce">';
+		$form_close .= '<input type="hidden" name="token" value="' . newToken() . '">';
+		$form_close .= '<input type="hidden" name="action" value="setstatut">';
+
 		if (! empty($conf->global->SUPPLIER_PROPOSAL_UPDATE_PRICE_ON_SUPPlIER_PROPOSAL)) $form_close .= '<p class="notice">'.$langs->trans('SupplierProposalRefFournNotice').'</p>';  // TODO Suggest a permanent checkbox instead of option
 		$form_close .= '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
 		$form_close .= '<table class="border centpercent">';

From 1657a6b50a4e5db486e5331488612ee4899ec590 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 24 Mar 2020 13:25:45 +0100
Subject: [PATCH 08/14] FIX actions on supplier proposal not saved (bad trigger
 name)

Conflicts:
	htdocs/supplier_proposal/class/supplier_proposal.class.php
---
 htdocs/supplier_proposal/card.php              |  4 ++--
 .../class/supplier_proposal.class.php          | 18 +++++++++---------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php
index 37afb5f9621..e998f909d06 100644
--- a/htdocs/supplier_proposal/card.php
+++ b/htdocs/supplier_proposal/card.php
@@ -1041,7 +1041,7 @@ if (empty($reshook))
 
 		if (!$error)
 		{
-			$result = $object->insertExtraFields('SUPPLIER_PROPOSAL_MODIFY');
+			$result = $object->insertExtraFields('PROPOSAL_SUPPLIER_MODIFY');
 			if ($result < 0)
 			{
 				setEventMessages($object->error, $object->errors, 'errors');
@@ -1433,7 +1433,7 @@ if ($action == 'create')
 			require_once DOL_DOCUMENT_ROOT.'/core/class/notify.class.php';
 			$notify = new Notify($db);
 			$text .= '<br>';
-			$text .= $notify->confirmMessage('SUPPLIER_PROPOSAL_VALIDATE', $object->socid, $object);
+			$text .= $notify->confirmMessage('PROPOSAL_SUPPLIER_VALIDATE', $object->socid, $object);
 		}
 
 		if (!$error)
diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php
index 97e3b12b92f..6f41426ee80 100644
--- a/htdocs/supplier_proposal/class/supplier_proposal.class.php
+++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php
@@ -1481,7 +1481,7 @@ class SupplierProposal extends CommonObject
             if (! $error && ! $notrigger)
             {
                 // Call trigger
-                $result=$this->call_trigger('SUPPLIER_PROPOSAL_VALIDATE', $user);
+                $result = $this->call_trigger('PROPOSAL_SUPPLIER_VALIDATE', $user);
                 if ($result < 0) { $error++; }
                 // End call triggers
             }
@@ -1683,7 +1683,7 @@ class SupplierProposal extends CommonObject
             if (! $notrigger)
             {
                 // Call trigger
-                $result=$this->call_trigger('SUPPLIER_PROPOSAL_REOPEN', $user);
+                $result = $this->call_trigger('PROPOSAL_SUPPLIER_REOPEN', $user);
                 if ($result < 0) { $error++; }
                 // End call triggers
             }
@@ -1736,13 +1736,13 @@ class SupplierProposal extends CommonObject
         $resql=$this->db->query($sql);
         if ($resql)
         {
-            $modelpdf=$conf->global->SUPPLIER_PROPOSAL_ADDON_PDF_ODT_CLOSED?$conf->global->SUPPLIER_PROPOSAL_ADDON_PDF_ODT_CLOSED:$this->modelpdf;
-            $triggerName = 'SUPPLIER_PROPOSAL_CLOSE_REFUSED';
+            $modelpdf = $conf->global->SUPPLIER_PROPOSAL_ADDON_PDF_ODT_CLOSED ? $conf->global->SUPPLIER_PROPOSAL_ADDON_PDF_ODT_CLOSED : $this->modelpdf;
+            $triggerName = 'PROPOSAL_SUPPLIER_CLOSE_REFUSED';
 
             if ($status == 2)
             {
-                $triggerName='SUPPLIER_PROPOSAL_CLOSE_SIGNED';
-                $modelpdf=$conf->global->SUPPLIER_PROPOSAL_ADDON_PDF_ODT_TOBILL?$conf->global->SUPPLIER_PROPOSAL_ADDON_PDF_ODT_TOBILL:$this->modelpdf;
+                $triggerName = 'PROPOSAL_SUPPLIER_CLOSE_SIGNED';
+                $modelpdf = $conf->global->SUPPLIER_PROPOSAL_ADDON_PDF_ODT_TOBILL ? $conf->global->SUPPLIER_PROPOSAL_ADDON_PDF_ODT_TOBILL : $this->modelpdf;
 
                 if (! empty($conf->global->SUPPLIER_PROPOSAL_UPDATE_PRICE_ON_SUPPlIER_PROPOSAL))     // TODO This option was not tested correctly. Error if product ref does not exists
                 {
@@ -1751,7 +1751,7 @@ class SupplierProposal extends CommonObject
             }
             if ($status == 4)
             {
-                $triggerName='SUPPLIER_PROPOSAL_CLASSIFY_BILLED';
+                $triggerName = 'PROPOSAL_SUPPLIER_CLASSIFY_BILLED';
             }
 
             if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE))
@@ -1916,7 +1916,7 @@ class SupplierProposal extends CommonObject
 
             if (!$error) {
                 // Call trigger
-                $result=$this->call_trigger('SUPPLIER_PROPOSAL_UNVALIDATE', $user);
+                $result = $this->call_trigger('PROPOSAL_SUPPLIER_UNVALIDATE', $user);
                 if ($result < 0) $error++;
             }
 
@@ -2034,7 +2034,7 @@ class SupplierProposal extends CommonObject
         if (! $notrigger)
         {
             // Call trigger
-            $result=$this->call_trigger('SUPPLIER_PROPOSAL_DELETE', $user);
+            $result = $this->call_trigger('PROPOSAL_SUPPLIER_DELETE', $user);
             if ($result < 0) { $error++; }
             // End call triggers
         }

From 4c0de7447047c87be907925b46353413f15eacb7 Mon Sep 17 00:00:00 2001
From: gauthier <gauthier.verdol@atm-consulting.fr>
Date: Tue, 24 Mar 2020 16:27:53 +0100
Subject: [PATCH 09/14] FIX : sort by default role makes no sense

---
 htdocs/core/lib/company.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php
index 561cc0a02b3..30a1b80c232 100644
--- a/htdocs/core/lib/company.lib.php
+++ b/htdocs/core/lib/company.lib.php
@@ -1098,7 +1098,7 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '')
     	if (!empty($arrayfields['t.'.$key]['checked'])) print getTitleFieldOfList($val['label'], 0, $_SERVER['PHP_SELF'], 't.'.$key, '', $param, ($align ? 'class="'.$align.'"' : ''), $sortfield, $sortorder, $align.' ')."\n";
     	if ($key == 'role') $align .= ($align ? ' ' : '').'left';
     	if (!empty($arrayfields['sc.'.$key]['checked'])) {
-    		print getTitleFieldOfList($arrayfields['sc.'.$key]['label'], 0, $_SERVER['PHP_SELF'], 'sc.'.$key, '', $param, ($align ? 'class="'.$align.'"' : ''), $sortfield, $sortorder, $align.' ')."\n";
+    		print getTitleFieldOfList($arrayfields['sc.'.$key]['label'], 0, $_SERVER['PHP_SELF'], '', '', $param, ($align ? 'class="'.$align.'"' : ''), $sortfield, $sortorder, $align.' ')."\n";
 	    }
     }
     // Extra fields

From fec3377f2470353f5c7702cb63b06017d35e518c Mon Sep 17 00:00:00 2001
From: Juanjo Menent <jmenent@2byte.es>
Date: Tue, 24 Mar 2020 18:49:16 +0100
Subject: [PATCH 10/14] FIX: Compatibility with multicompany, bad numerotation
 of task.

---
 htdocs/projet/class/task.class.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php
index 60657b08061..bba05a55c8e 100644
--- a/htdocs/projet/class/task.class.php
+++ b/htdocs/projet/class/task.class.php
@@ -3,6 +3,7 @@
  * Copyright (C) 2010-2012	Regis Houssin		<regis.houssin@inodbox.com>
  * Copyright (C) 2014       Marcos García       <marcosgdf@gmail.com>
  * Copyright (C) 2018       Frédéric France     <frederic.france@netlogic.fr>
+ * Copyright (C) 2020       Juanjo Menent		<jmenent@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -154,7 +155,8 @@ class Task extends CommonObject
 
 		// Insert request
 		$sql = "INSERT INTO ".MAIN_DB_PREFIX."projet_task (";
-		$sql .= "fk_projet";
+		$sql .= "entity";
+		$sql .= ", fk_projet";
 		$sql .= ", ref";
 		$sql .= ", fk_task_parent";
 		$sql .= ", label";
@@ -166,7 +168,8 @@ class Task extends CommonObject
 		$sql .= ", planned_workload";
 		$sql .= ", progress";
 		$sql .= ") VALUES (";
-		$sql .= $this->fk_project;
+		$sql .= $conf->entity;
+		$sql .= ", ".$this->fk_project;
 		$sql .= ", ".(!empty($this->ref) ? "'".$this->db->escape($this->ref)."'" : 'null');
 		$sql .= ", ".$this->fk_task_parent;
 		$sql .= ", '".$this->db->escape($this->label)."'";

From 81af385259c9296b5f7734fba027292266eb7fa2 Mon Sep 17 00:00:00 2001
From: gauthier <gauthier.verdol@atm-consulting.fr>
Date: Wed, 25 Mar 2020 10:27:59 +0100
Subject: [PATCH 11/14] FIX : when we filter a list on a view status, we want
 this filter to be on bookmark that we create

---
 htdocs/bookmarks/bookmarks.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/bookmarks/bookmarks.lib.php b/htdocs/bookmarks/bookmarks.lib.php
index f49fd1f93a3..d3d3a65557d 100644
--- a/htdocs/bookmarks/bookmarks.lib.php
+++ b/htdocs/bookmarks/bookmarks.lib.php
@@ -61,7 +61,7 @@ function printBookmarksList($aDb, $aLangs)
 		    {
 	    	    foreach($_POST as $key => $val)
 	    	    {
-	                if (preg_match('/^search_/', $key) && $val != '') $tmpurl.=($tmpurl?'&':'').$key.'='.$val;
+	                if ((preg_match('/^search_/', $key) || in_array($key, array('viewstatut')) ) && $val != '') $tmpurl.=($tmpurl?'&':'').$key.'='.$val;
 	    	    }
 		    }
 		    $url.=($tmpurl?'?'.$tmpurl:'');

From c516a54f78515d2f284341e153365f6aa498c9e6 Mon Sep 17 00:00:00 2001
From: VESSILLER <lvessiller@open-dsi.fr>
Date: Wed, 25 Mar 2020 11:53:47 +0100
Subject: [PATCH 12/14] FIX get remain to pay with rounding decimals

---
 htdocs/core/class/commoninvoice.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/class/commoninvoice.class.php b/htdocs/core/class/commoninvoice.class.php
index 259014cf691..270f0385104 100644
--- a/htdocs/core/class/commoninvoice.class.php
+++ b/htdocs/core/class/commoninvoice.class.php
@@ -103,7 +103,7 @@ abstract class CommonInvoice extends CommonObject
 	    $alreadypaid+=$this->getSommePaiement($multicurrency);
 	    $alreadypaid+=$this->getSumDepositsUsed($multicurrency);
 	    $alreadypaid+=$this->getSumCreditNotesUsed($multicurrency);
-    	return $this->total_ttc - $alreadypaid;
+		return price2num($this->total_ttc, 'MT') - price2num($alreadypaid, 'MT');
 	}
 
 	/**

From 925554d15e9ccda8443cc2076ad2f24aaefa26d4 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 25 Mar 2020 18:27:53 +0100
Subject: [PATCH 13/14] More accurate result

---
 htdocs/core/class/commoninvoice.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/class/commoninvoice.class.php b/htdocs/core/class/commoninvoice.class.php
index 270f0385104..b730c029be2 100644
--- a/htdocs/core/class/commoninvoice.class.php
+++ b/htdocs/core/class/commoninvoice.class.php
@@ -95,7 +95,7 @@ abstract class CommonInvoice extends CommonObject
 	 *  This does not include open direct debit requests.
 	 *
 	 *  @param 		int 	$multicurrency 	Return multicurrency_amount instead of amount
-	 *	@return		double						Remain of amount to pay
+	 *	@return		double					Remain of amount to pay
 	 */
 	public function getRemainToPay($multicurrency = 0)
 	{
@@ -103,7 +103,7 @@ abstract class CommonInvoice extends CommonObject
 	    $alreadypaid+=$this->getSommePaiement($multicurrency);
 	    $alreadypaid+=$this->getSumDepositsUsed($multicurrency);
 	    $alreadypaid+=$this->getSumCreditNotesUsed($multicurrency);
-		return price2num($this->total_ttc, 'MT') - price2num($alreadypaid, 'MT');
+		return price2num($this->total_ttc - $alreadypaid, 'MT');
 	}
 
 	/**

From b48c21dbcb64fcfa781374559827cb73d17f409b Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 25 Mar 2020 18:47:42 +0100
Subject: [PATCH 14/14] If we need more var here, we must fix to have var
 starting with search_

---
 htdocs/bookmarks/bookmarks.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/bookmarks/bookmarks.lib.php b/htdocs/bookmarks/bookmarks.lib.php
index 9f511424006..1abc235b87d 100644
--- a/htdocs/bookmarks/bookmarks.lib.php
+++ b/htdocs/bookmarks/bookmarks.lib.php
@@ -61,7 +61,7 @@ function printBookmarksList($aDb, $aLangs)
 		    {
 	    	    foreach($_POST as $key => $val)
 	    	    {
-	                if ((preg_match('/^search_/', $key) || in_array($key, array('viewstatut')) ) && $val != '') $tmpurl.=($tmpurl?'&':'').$key.'='.$val;
+	                if (preg_match('/^search_/', $key) && $val != '') $tmpurl.=($tmpurl?'&':'').$key.'='.$val;
 	    	    }
 		    }
 		    $url.=($tmpurl?'?'.$tmpurl:'');