diff --git a/htdocs/admin/security.php b/htdocs/admin/security.php
index 795a0557f16..a1281351176 100644
--- a/htdocs/admin/security.php
+++ b/htdocs/admin/security.php
@@ -356,7 +356,7 @@ if ($conf->global->USER_PASSWORD_GENERATED == "Perso") {
print ' }';
print ' function generatelink(){';
- print ' return "security.php?action=updatepattern&pattern="+getStringArg();';
+ print ' return "security.php?action=updatepattern&token='.newToken().'&pattern="+getStringArg();';
print ' }';
print ' function valuePatternChange(){';
diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php
index 44dd7225dad..6adb73342a2 100644
--- a/htdocs/compta/facture/list.php
+++ b/htdocs/compta/facture/list.php
@@ -2351,7 +2351,7 @@ if ($resql) {
// Note public
if (!empty($arrayfields['f.note_public']['checked'])) {
print '| ';
- print dol_escape_htmltag($obj->note_public);
+ print dol_string_nohtmltag($obj->note_public);
print ' | ';
if (!$i) {
$totalarray['nbfield']++;
@@ -2360,7 +2360,7 @@ if ($resql) {
// Note private
if (!empty($arrayfields['f.note_private']['checked'])) {
print '';
- print dol_escape_htmltag($obj->note_private);
+ print dol_string_nohtmltag($obj->note_private);
print ' | ';
if (!$i) {
$totalarray['nbfield']++;
diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php
index 688cfa0ef6c..aa887aa4743 100644
--- a/htdocs/core/class/html.formfile.class.php
+++ b/htdocs/core/class/html.formfile.class.php
@@ -837,6 +837,7 @@ class FormFile
// Show file name with link to download
$out .= '';
+ $out .= $this->showPreview($file, $modulepart, $relativepath, 0, $param, 'paddingright')."\n";
$out .= 'trans("File").': '.$file["name"]);
- $out .= dol_trunc($file["name"], 40);
- $out .= ''."\n";
- $out .= $this->showPreview($file, $modulepart, $relativepath, 0, $param);
+ $out .= dol_trunc($file["name"], 150);
+ $out .= '';
$out .= ' | ';
// Show file size
@@ -1298,6 +1298,11 @@ class FormFile
// File name
print '';
+ // Preview link
+ if (!$editline) {
+ print $this->showPreview($file, $modulepart, $filepath, 0, '&entity='.(!empty($object->entity) ? $object->entity : $conf->entity), 'paddingright') . "\n";
+ }
+
// Show file name with link to download
//print "XX".$file['name']; //$file['name'] must be utf8
print '\n";
@@ -2101,9 +2102,10 @@ class FormFile
* @param string $relativepath Relative path of docs
* @param integer $ruleforpicto Rule for picto: 0=Use the generic preview picto, 1=Use the picto of mime type of file). Use a negative value to show a generic picto even if preview not available.
* @param string $param More param on http links
+ * @param string $moreclass Add more class to class style
* @return string $out Output string with HTML
*/
- public function showPreview($file, $modulepart, $relativepath, $ruleforpicto = 0, $param = '')
+ public function showPreview($file, $modulepart, $relativepath, $ruleforpicto = 0, $param = '', $moreclass = '')
{
global $langs, $conf;
@@ -2111,7 +2113,7 @@ class FormFile
if ($conf->browser->layout != 'phone' && !empty($conf->use_javascript_ajax)) {
$urladvancedpreview = getAdvancedPreviewUrl($modulepart, $relativepath, 1, $param); // Return if a file is qualified for preview.
if (count($urladvancedpreview)) {
- $out .= '';
+ $out .= '';
//$out.= '';
if (empty($ruleforpicto)) {
//$out.= img_picto($langs->trans('Preview').' '.$file['name'], 'detail');
diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php
index d8bb62f6b5d..4ab4f0a90e3 100644
--- a/htdocs/fichinter/list.php
+++ b/htdocs/fichinter/list.php
@@ -801,7 +801,7 @@ while ($i < $imaxinloop) {
// Note public
if (!empty($arrayfields['f.note_public']['checked'])) {
print ' | ';
- print dol_escape_htmltag($obj->note_public);
+ print dol_string_nohtmltag($obj->note_public);
print ' | ';
if (!$i) {
$totalarray['nbfield']++;
@@ -810,7 +810,7 @@ while ($i < $imaxinloop) {
// Note private
if (!empty($arrayfields['f.note_private']['checked'])) {
print '';
- print dol_escape_htmltag($obj->note_private);
+ print dol_string_nohtmltag($obj->note_private);
print ' | ';
if (!$i) {
$totalarray['nbfield']++;
diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php
index e2822304da5..67d6c19d6c6 100644
--- a/htdocs/fourn/class/fournisseur.product.class.php
+++ b/htdocs/fourn/class/fournisseur.product.class.php
@@ -578,7 +578,7 @@ class ProductFournisseur extends Product
$sql .= " pfp.supplier_reputation, pfp.fk_user, pfp.datec,";
$sql .= " pfp.multicurrency_price, pfp.multicurrency_unitprice, pfp.multicurrency_tx, pfp.fk_multicurrency, pfp.multicurrency_code,";
$sql .= " pfp.barcode, pfp.fk_barcode_type, pfp.packaging,";
- $sql .= " p.ref as product_ref";
+ $sql .= " p.ref as product_ref, p.tosell as status, p.tobuy as status_buy";
$sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp, ".MAIN_DB_PREFIX."product as p";
$sql .= " WHERE pfp.rowid = ".(int) $rowid;
$sql .= " AND pfp.fk_product = p.rowid";
@@ -594,7 +594,8 @@ class ProductFournisseur extends Product
$this->fk_product = $obj->fk_product;
$this->product_id = $obj->fk_product;
$this->product_ref = $obj->product_ref;
-
+ $this->status = $obj->status;
+ $this->status_buy = $obj->status_buy;
$this->fourn_id = $obj->fk_soc;
$this->fourn_ref = $obj->ref_fourn; // deprecated
$this->ref_supplier = $obj->ref_fourn;
@@ -670,7 +671,7 @@ class ProductFournisseur extends Product
// phpcs:enable
global $conf;
- $sql = "SELECT s.nom as supplier_name, s.rowid as fourn_id, p.ref as product_ref,";
+ $sql = "SELECT s.nom as supplier_name, s.rowid as fourn_id, p.ref as product_ref, p.tosell as status, p.tobuy as status_buy, ";
$sql .= " pfp.rowid as product_fourn_pri_id, pfp.entity, pfp.ref_fourn, pfp.desc_fourn, pfp.fk_product as product_fourn_id, pfp.fk_supplier_price_expression,";
$sql .= " pfp.price, pfp.quantity, pfp.unitprice, pfp.remise_percent, pfp.remise, pfp.tva_tx, pfp.fk_availability, pfp.charges, pfp.info_bits, pfp.delivery_time_days, pfp.supplier_reputation,";
$sql .= " pfp.multicurrency_price, pfp.multicurrency_unitprice, pfp.multicurrency_tx, pfp.fk_multicurrency, pfp.multicurrency_code, pfp.datec, pfp.tms,";
@@ -699,6 +700,8 @@ class ProductFournisseur extends Product
$prodfourn->product_ref = $record["product_ref"];
$prodfourn->product_fourn_price_id = $record["product_fourn_pri_id"];
+ $prodfourn->status = $record["status"];
+ $prodfourn->status_buy = $record["status_buy"];
$prodfourn->product_fourn_id = $record["product_fourn_id"];
$prodfourn->product_fourn_entity = $record["entity"];
$prodfourn->ref_supplier = $record["ref_fourn"];