From 24cb1390e4e4327b84dcc5e58e42b153b72aa0cf Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 17 Sep 2019 13:17:25 +0200
Subject: [PATCH 01/30] FIX Update of leave request when CSRF with token is on
 FIX Export of leave request show the number of open days

---
 htdocs/core/modules/modHoliday.class.php | 5 +++--
 htdocs/exports/class/export.class.php    | 9 ++++++++-
 htdocs/holiday/card.php                  | 1 +
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/htdocs/core/modules/modHoliday.class.php b/htdocs/core/modules/modHoliday.class.php
index ba792ad28ad..61217d91686 100644
--- a/htdocs/core/modules/modHoliday.class.php
+++ b/htdocs/core/modules/modHoliday.class.php
@@ -202,13 +202,13 @@ class modHoliday extends DolibarrModules
 		$this->export_permission[$r]=array(array("holiday","read_all"));
 		$this->export_fields_array[$r]=array(
 			'd.rowid'=>"LeaveId",'d.fk_type'=>'TypeOfLeaveId','t.code'=>'TypeOfLeaveCode','t.label'=>'TypeOfLeaveLabel','d.fk_user'=>'UserID',
-			'u.lastname'=>'Lastname','u.firstname'=>'Firstname','u.login'=>"Login",'d.date_debut'=>'DateStart','d.date_fin'=>'DateEnd','d.halfday'=>'HalfDay',
+			'u.lastname'=>'Lastname','u.firstname'=>'Firstname','u.login'=>"Login",'d.date_debut'=>'DateStart','d.date_fin'=>'DateEnd','d.halfday'=>'HalfDay','none.num_open_days'=>'NbUseDaysCP',
 			'd.date_valid'=>'DateApprove','d.fk_validator'=>"UserForApprovalID",'ua.lastname'=>"UserForApprovalLastname",'ua.firstname'=>"UserForApprovalFirstname",
 			'ua.login'=>"UserForApprovalLogin",'d.description'=>'Description','d.statut'=>'Status'
 		);
 		$this->export_TypeFields_array[$r]=array(
 			'd.rowid'=>"Numeric",'t.code'=>'Text', 't.label'=>'Text','d.fk_user'=>'Numeric',
-			'u.lastname'=>'Text','u.firstname'=>'Text','u.login'=>"Text",'d.date_debut'=>'Date','d.date_fin'=>'Date',
+			'u.lastname'=>'Text','u.firstname'=>'Text','u.login'=>"Text",'d.date_debut'=>'Date','d.date_fin'=>'Date','none.num_open_days'=>'NumericCompute',
 			'd.date_valid'=>'Date','d.fk_validator'=>"Numeric",'ua.lastname'=>"Text",'ua.firstname'=>"Text",
 			'ua.login'=>"Text",'d.description'=>'Text','d.statut'=>'Numeric'
 		);
@@ -216,6 +216,7 @@ class modHoliday extends DolibarrModules
 			'u.lastname'=>'user','u.firstname'=>'user','u.login'=>'user','ua.lastname'=>'user','ua.firstname'=>'user','ua.login'=>'user'
 		);
 		$this->export_alias_array[$r]=array('d.rowid'=>"idholiday");
+		$this->export_special_array[$r] = array('none.num_open_days'=>'getNumOpenDays');
 		$this->export_dependencies_array[$r]=array(); // To add unique key if we ask a field of a child to avoid the DISTINCT to discard them
 
 		$this->export_sql_start[$r]='SELECT DISTINCT ';
diff --git a/htdocs/exports/class/export.class.php b/htdocs/exports/class/export.class.php
index 51a16f717b2..f6ef6a27e2b 100644
--- a/htdocs/exports/class/export.class.php
+++ b/htdocs/exports/class/export.class.php
@@ -540,7 +540,7 @@ class Export
     public function build_file($user, $model, $datatoexport, $array_selected, $array_filterValue, $sqlquery = '')
     {
         // phpcs:enable
-		global $conf,$langs;
+		global $conf,$langs,$mysoc;
 
 		$indice=0;
 		asort($array_selected);
@@ -634,6 +634,13 @@ class Export
 								$alias=str_replace(array('.', '-','(',')'), '_', $key);
 								if ($obj->$alias < 0) $obj->$alias='0';
 							}
+							// Operation GETNUMOPENDAYS (for Holiday module)
+							elseif ($this->array_export_special[$indice][$key]=='getNumOpenDays')
+							{
+								//$alias=$this->array_export_alias[$indice][$key];
+								$alias=str_replace(array('.', '-','(',')'), '_', $key);
+								$obj->$alias=num_open_day(dol_stringtotime($obj->d_date_debut, 1), dol_stringtotime($obj->d_date_fin, 1), 0, 1, $obj->d_halfday, $mysoc->country_code);
+							}
 							// Operation INVOICEREMAINTOPAY
 							elseif ($this->array_export_special[$indice][$key]=='getRemainToPay')
 							{
diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php
index 204d832a94c..1f597f2ddc2 100644
--- a/htdocs/holiday/card.php
+++ b/htdocs/holiday/card.php
@@ -1134,6 +1134,7 @@ else
                 	if ($action == 'edit' && $object->statut == Holiday::STATUS_DRAFT) $edit = true;
 
                     print '<form method="post" action="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'">'."\n";
+                    print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'" />'."\n";
                     print '<input type="hidden" name="action" value="update"/>'."\n";
                     print '<input type="hidden" name="id" value="'.$object->id.'" />'."\n";
                 }

From 214bf4375eb9cfafa32723131e597ff01643e0ec Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 17 Sep 2019 13:28:36 +0200
Subject: [PATCH 02/30] Fix missing include

---
 htdocs/exports/class/export.class.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/htdocs/exports/class/export.class.php b/htdocs/exports/class/export.class.php
index f6ef6a27e2b..da184f27574 100644
--- a/htdocs/exports/class/export.class.php
+++ b/htdocs/exports/class/export.class.php
@@ -637,6 +637,7 @@ class Export
 							// Operation GETNUMOPENDAYS (for Holiday module)
 							elseif ($this->array_export_special[$indice][$key]=='getNumOpenDays')
 							{
+								include_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
 								//$alias=$this->array_export_alias[$indice][$key];
 								$alias=str_replace(array('.', '-','(',')'), '_', $key);
 								$obj->$alias=num_open_day(dol_stringtotime($obj->d_date_debut, 1), dol_stringtotime($obj->d_date_fin, 1), 0, 1, $obj->d_halfday, $mysoc->country_code);

From 2da50716421b46fdeaa9a9b300d7754ab05a59bd Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 18 Sep 2019 13:12:22 +0200
Subject: [PATCH 03/30] Fix VAT in New caledonia is now called TGC

---
 htdocs/langs/fr_NC/admin.lang     |  6 ++---
 htdocs/langs/fr_NC/companies.lang |  4 ++--
 htdocs/langs/fr_NC/compta.lang    | 40 +++++++++++++++----------------
 htdocs/langs/fr_NC/main.lang      |  8 +++----
 4 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/htdocs/langs/fr_NC/admin.lang b/htdocs/langs/fr_NC/admin.lang
index d86b324fdc5..f7c25610e3f 100644
--- a/htdocs/langs/fr_NC/admin.lang
+++ b/htdocs/langs/fr_NC/admin.lang
@@ -1,4 +1,4 @@
 # Dolibarr language file - Source file is en_US - admin
-VATManagement=Gestion TSS
-VATIsUsedDesc=Le taux de TSS proposé par défaut lors de la création de proposition commerciale, facture, commande, etc... répond à la règle standard suivante :<br>Si vendeur non assujetti à TSS, TSS par défaut=0. Fin de règle.<br>Si le (pays vendeur= pays acheteur) alors TSS par défaut=TSS du produit vendu. Fin de règle.<br>Si vendeur et acheteur dans Communauté européenne et bien vendu= moyen de transport neuf (auto, bateau, avion), TSS par défaut=0 (La TSS doit être payée par acheteur au centre d'impôts de son pays et non au vendeur). Fin de règle.<br>Si vendeur et acheteur dans Communauté européenne et acheteur= particulier alors TSS par défaut=TSS du produit vendu. Fin de règle.<br>Si vendeur et acheteur dans Communauté européenne et acheteur= entreprise alors TSS par défaut=0. Fin de règle.<br>Sinon TSS proposée par défaut=0. Fin de règle.<br>
-VATIsNotUsedDesc=Le taux de TSS proposé par défaut est 0. C'est le cas d'associations, particuliers ou certaines petites sociétés.
+VATManagement=Gestion TGC
+VATIsUsedDesc=Le taux de TGC proposé par défaut lors de la création de proposition commerciale, facture, commande, etc... répond à la règle standard suivante :<br>Si vendeur non assujetti à TGC, TGC par défaut=0. Fin de règle.<br>Si le (pays vendeur= pays acheteur) alors TGC par défaut=TGC du produit vendu. Fin de règle.<br>Si vendeur et acheteur dans Communauté européenne et bien vendu= moyen de transport neuf (auto, bateau, avion), TGC par défaut=0 (La TGC doit être payée par acheteur au centre d'impôts de son pays et non au vendeur). Fin de règle.<br>Si vendeur et acheteur dans Communauté européenne et acheteur= particulier alors TGC par défaut=TGC du produit vendu. Fin de règle.<br>Si vendeur et acheteur dans Communauté européenne et acheteur= entreprise alors TGC par défaut=0. Fin de règle.<br>Sinon TGC proposée par défaut=0. Fin de règle.<br>
+VATIsNotUsedDesc=Le taux de TGC proposé par défaut est 0. C'est le cas d'associations, particuliers ou certaines petites sociétés.
diff --git a/htdocs/langs/fr_NC/companies.lang b/htdocs/langs/fr_NC/companies.lang
index 9853f7e7e21..c3520226e42 100644
--- a/htdocs/langs/fr_NC/companies.lang
+++ b/htdocs/langs/fr_NC/companies.lang
@@ -1,3 +1,3 @@
 # Dolibarr language file - Source file is en_US - companies
-VATIsUsed=Assujetti à la TSS
-VATIsNotUsed=Non assujetti à la TSS
+VATIsUsed=Assujetti à la TGC
+VATIsNotUsed=Non assujetti à la TGC
diff --git a/htdocs/langs/fr_NC/compta.lang b/htdocs/langs/fr_NC/compta.lang
index f22e834c4a5..2d7a5468f84 100644
--- a/htdocs/langs/fr_NC/compta.lang
+++ b/htdocs/langs/fr_NC/compta.lang
@@ -1,21 +1,21 @@
 # Dolibarr language file - Source file is en_US - compta
-VATToPay=TSS ventes
-VATReceived=TSS collectée
-VATToCollect=TSS achats
-VATSummary=Balance de TSS
-VATPaid=TSS payée
-VATCollected=TSS récupérée
-PaymentVat=Règlement TSS
-VATPayment=Règlement TSS
-VATPayments=Règlements TSS
-ShowVatPayment=Affiche paiement TSS
-RulesResultInOut=- Il inclut les règlements effectivement réalisés pour les factures, les charges et la TSS.<br>- Il se base sur la date de règlement de ces factures, charges et TSS.
-VATReportByCustomersInInputOutputMode=Rapport par client des TSS collectées et payées (TSS sur encaissement)
-VATReportByQuartersInInputOutputMode=Rapport par taux des TSS collectées et payées (TSS sur encaissement)
-SeeVATReportInInputOutputMode=Voir le rapport <b>%sTSS encaissement%s</b> pour mode de calcul standard
-SeeVATReportInDueDebtMode=Voir le rapport <b>%sTSS sur débit%s</b> pour mode de calcul avec option sur les débits
-RulesVATInServices=- Pour les services, le rapport inclut les TSS des règlements effectivement reçus ou émis en se basant sur la date du règlement.
-RulesVATInProducts=- Pour les biens matériels, il inclut les TSS des factures en se basant sur la date de facture.
-RulesVATDueServices=- Pour les services, le rapport inclut les TSS des factures dues, payées ou non en se basant sur la date de facture.
-RulesVATDueProducts=- Pour les biens matériels, il inclut les TSS des factures en se basant sur la date de facture.
-CalculationRuleDesc=Pour calculer le total de TSS, il existe 2 modes:<br>Le mode 1 consiste à arrondir la TSS de chaque ligne et à sommer cet arrondi.<br>Le mode 2 consiste à sommer la tva de chaque ligne puis à l'arrondir.<br>Les résultats peuvent différer de quelques centimes. Le mode par défaut est le mode <b>%s</b>.
+VATToPay=TGC ventes
+VATReceived=TGC collectée
+VATToCollect=TGC achats
+VATSummary=Balance de TGC
+VATPaid=TGC payée
+VATCollected=TGC récupérée
+PaymentVat=Règlement TGC
+VATPayment=Règlement TGC
+VATPayments=Règlements TGC
+ShowVatPayment=Affiche paiement TGC
+RulesResultInOut=- Il inclut les règlements effectivement réalisés pour les factures, les charges et la TGC.<br>- Il se base sur la date de règlement de ces factures, charges et TGC.
+VATReportByCustomersInInputOutputMode=Rapport par client des TGC collectées et payées (TGC sur encaissement)
+VATReportByQuartersInInputOutputMode=Rapport par taux des TGC collectées et payées (TGC sur encaissement)
+SeeVATReportInInputOutputMode=Voir le rapport <b>%sTGC encaissement%s</b> pour mode de calcul standard
+SeeVATReportInDueDebtMode=Voir le rapport <b>%sTGC sur débit%s</b> pour mode de calcul avec option sur les débits
+RulesVATInServices=- Pour les services, le rapport inclut les TGC des règlements effectivement reçus ou émis en se basant sur la date du règlement.
+RulesVATInProducts=- Pour les biens matériels, il inclut les TGC des factures en se basant sur la date de facture.
+RulesVATDueServices=- Pour les services, le rapport inclut les TGC des factures dues, payées ou non en se basant sur la date de facture.
+RulesVATDueProducts=- Pour les biens matériels, il inclut les TGC des factures en se basant sur la date de facture.
+CalculationRuleDesc=Pour calculer le total de TGC, il existe 2 modes:<br>Le mode 1 consiste à arrondir la TGC de chaque ligne et à sommer cet arrondi.<br>Le mode 2 consiste à sommer la tva de chaque ligne puis à l'arrondir.<br>Les résultats peuvent différer de quelques centimes. Le mode par défaut est le mode <b>%s</b>.
diff --git a/htdocs/langs/fr_NC/main.lang b/htdocs/langs/fr_NC/main.lang
index 82c7a4ee746..23b739d83e5 100644
--- a/htdocs/langs/fr_NC/main.lang
+++ b/htdocs/langs/fr_NC/main.lang
@@ -20,7 +20,7 @@ FormatDateHourSecShort=%d/%m/%Y %H:%M:%S
 FormatDateHourTextShort=%d %b %Y %H:%M
 FormatDateHourText=%d %B %Y %H:%M
 ErrorNoVATRateDefinedForSellerCountry=Erreur, aucun taux de taxe défini pour le pays '%s'.
-AmountVAT=Montant TSS
-TotalVAT=Total TSS
-VAT=TSS
-VATRate=Taux TSS
+AmountVAT=Montant TGC
+TotalVAT=Total TGC
+VAT=TGC
+VATRate=Taux TGC

From 7b512587aadc3eca9e3565eed17f46c36498c643 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 18 Sep 2019 14:15:20 +0200
Subject: [PATCH 04/30] FIX XSS

---
 htdocs/admin/mails_templates.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php
index e0dfcd75277..573d4c5fbaa 100644
--- a/htdocs/admin/mails_templates.php
+++ b/htdocs/admin/mails_templates.php
@@ -50,7 +50,7 @@ $confirm    = GETPOST('confirm','alpha');												// Result of a confirmation
 
 $id			= GETPOST('id','int');
 $rowid		= GETPOST('rowid','alpha');
-$search_label=GETPOST('search_label','alpha');
+$search_label=GETPOST('search_label', 'alphanohtml');                                    // Must allow value like 'Abc Def' or '(MyTemplateName)'
 $search_type_template=GETPOST('search_type_template','alpha');
 $search_lang=GETPOST('search_lang','alpha');
 $search_fk_user=GETPOST('search_fk_user','intcomma');
@@ -262,6 +262,7 @@ if (empty($reshook))
             {
             	//var_dump($i.' - '.$listfieldvalue[$i].' - '.$_POST[$listfieldvalue[$i]].' - '.$value);
             	$keycode=$listfieldvalue[$i];
+            	if ($value == 'label') $_POST[$keycode] = dol_escape_htmltag($_POST[$keycode]);
             	if ($value == 'lang') $keycode='langcode';
                 if ($value == 'entity') $_POST[$keycode] = $conf->entity;
                 if ($i) $sql.=",";
@@ -666,8 +667,6 @@ if ($resql)
     print '<tr class="liste_titre">';
     foreach ($fieldlist as $field => $value)
     {
-        // Determine le nom du champ par rapport aux noms possibles
-        // dans les dictionnaires de donnees
         $showfield=1;							  	// By defaut
         $align="left";
         $sortable=1;
@@ -694,7 +693,7 @@ if ($resql)
 		if ($fieldlist[$field]=='content')         { $valuetoshow=$langs->trans("Content"); $showfield=0;}
 		if ($fieldlist[$field]=='content_lines')   { $valuetoshow=$langs->trans("ContentLines"); $showfield=0; }
 
-        // Affiche nom du champ
+        // Show fields
         if ($showfield)
         {
             if (! empty($tabhelp[$id][$value]))
@@ -812,6 +811,10 @@ if ($resql)
                         $showfield=1;
                     	$align="left";
                         $valuetoshow=$obj->{$fieldlist[$field]};
+                        if ($value == 'label' || $value == 'topic')
+                        {
+                            $valuetoshow = dol_escape_htmltag($valuetoshow);
+                        }
                         if ($value == 'type_template')
                         {
                             $valuetoshow = isset($elementList[$valuetoshow])?$elementList[$valuetoshow]:$valuetoshow;

From 345ac28c8999d53ed541fb14cd08f4692e21aec6 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 30 Aug 2019 16:22:24 +0200
Subject: [PATCH 05/30] Fix js injection

Conflicts:
	htdocs/core/lib/functions.lib.php
	htdocs/user/group/card.php
---
 htdocs/core/lib/functions.lib.php |  8 ++++++--
 htdocs/main.inc.php               | 16 +++++++++-------
 htdocs/user/group/card.php        |  4 ++--
 3 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 20930ca52c4..bf79b2070d5 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -966,11 +966,15 @@ function dol_escape_js($stringtoescape, $mode=0, $noescapebackslashn=0)
  *  @param      string		$stringtoescape		String to escape
  *  @param		int			$keepb				1=Preserve b tags (otherwise, remove them)
  *  @param      int         $keepn              1=Preserve \r\n strings (otherwise, replace them with escaped value). Set to 1 when escaping for a <textarea>.
+ *  @param		string		$keepmoretags		'' or 'common' or list of tags
  *  @return     string     				 		Escaped string
  *  @see		dol_string_nohtmltag, dol_string_nospecial, dol_string_unaccent
  */
-function dol_escape_htmltag($stringtoescape, $keepb=0, $keepn=0)
+function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $keepmoretags = '')
 {
+	if ($keepmoretags == 'common') $keepmoretags = 'html,body,a,em,i,u,ul,li,br,div,img,font,p,span,strong,table,tr,td,th,tbody';
+	// TODO Implement $keepmoretags
+
 	// escape quotes and backslashes, newlines, etc.
 	$tmp=html_entity_decode($stringtoescape, ENT_COMPAT, 'UTF-8');		// TODO Use htmlspecialchars_decode instead, that make only required change for html tags
 	if (! $keepb) $tmp=strtr($tmp, array("<b>"=>'','</b>'=>''));
@@ -5539,7 +5543,7 @@ function dol_nl2br($stringtoencode,$nl2brmode=0,$forxml=false)
 
 /**
  *	This function is called to encode a string into a HTML string but differs from htmlentities because
- * 	a detection is done before to see if text is already HTML or not. Also, all entities but &,<,> are converted.
+ * 	a detection is done before to see if text is already HTML or not. Also, all entities but &,<,>," are converted.
  *  This permits to encode special chars to entities with no double encoding for already encoded HTML strings.
  * 	This function also remove last EOL or BR if $removelasteolbr=1 (default).
  *  For PDF usage, you can show text by 2 ways:
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index d76b64ba9b5..c99723684bf 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -127,13 +127,15 @@ function testSqlAndScriptInject($val, $type)
 	$inj += preg_match('/Set\.constructor/i', $val);	// ECMA script 6
 	if (! defined('NOSTYLECHECK')) $inj += preg_match('/<style/i', $val);
 	$inj += preg_match('/base[\s]+href/si', $val);
-	$inj += preg_match('/<.*onmouse/si', $val);       // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
-	$inj += preg_match('/onerror\s*=/i', $val);       // onerror can be set on img or any html tag like <img title='...' onerror = alert(1)>
-	$inj += preg_match('/onfocus\s*=/i', $val);       // onfocus can be set on input text html tag like <input type='text' value='...' onfocus = alert(1)>
-	$inj += preg_match('/onload\s*=/i', $val);        // onload can be set on svg tag <svg/onload=alert(1)> or other tag like body <body onload=alert(1)>
-	$inj += preg_match('/onloadstart\s*=/i', $val);   // onload can be set on audio tag <audio onloadstart=alert(1)>
-	$inj += preg_match('/onclick\s*=/i', $val);       // onclick can be set on img text html tag like <img onclick = alert(1)>
-	$inj += preg_match('/onscroll\s*=/i', $val);      // onscroll can be on textarea
+	// List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp
+	$inj += preg_match('/onmouse([a-z]*)\s*=/i', $val);       // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
+	$inj += preg_match('/ondrag([a-z]*)\s*=/i', $val);        //
+	$inj += preg_match('/ontouch([a-z]*)\s*=/i', $val);        //
+	$inj += preg_match('/on(abort|afterprint[beforeprint|beforeunload|blur|canplay|canplaythrough|change|click|contextmenu|copy|cut)\s*=/i', $val);
+	$inj += preg_match('/on(dblclick|drop|durationchange|ended|error|focus|focusin|focusout|hashchange|input|invalid)\s*=/i', $val);
+	$inj += preg_match('/on(keydown|keypress|keyup|load|loadeddata|loadedmetadata|loadstart|offline|online|pagehide|pageshow)\s*=/i', $val);
+	$inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|resize|reset|scroll|search|seeking|select|show|stalled|submit|suspend)\s*=/i', $val);
+	$inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting)\s*=/i', $val);
 	//$inj += preg_match('/on[A-Z][a-z]+\*=/', $val);   // To lock event handlers onAbort(), ...
 	$inj += preg_match('/&#58;|&#0000058|&#x3A/i', $val);		// refused string ':' encoded (no reason to have it encoded) to lock 'javascript:...'
 	//if ($type == 1)
diff --git a/htdocs/user/group/card.php b/htdocs/user/group/card.php
index fd497e6986a..d4b7c65f4dd 100644
--- a/htdocs/user/group/card.php
+++ b/htdocs/user/group/card.php
@@ -135,7 +135,7 @@ if (empty($reshook)) {
 			} else {
 				$object->name	= trim(GETPOST("nom",'nohtml'));
 				$object->nom	= $object->name;	// For backward compatibility
-				$object->note	= trim(GETPOST("note",'none'));
+				$object->note	= dol_htmlcleanlastbr(trim(GETPOST("note", 'none')));
 
 				// Fill array 'array_options' with data from add form
 				$ret = $extrafields->setOptionalsFromPost($extralabels,$object);
@@ -218,7 +218,7 @@ if (empty($reshook)) {
 
 			$object->name	= trim(GETPOST("group",'nohtml'));
 			$object->nom	= $object->name;			// For backward compatibility
-			$object->note	= dol_htmlcleanlastbr(GETPOST("note",'none'));
+			$object->note	= dol_htmlcleanlastbr(trim(GETPOST("note", 'none')));
 
 			// Fill array 'array_options' with data from add form
 			$ret = $extrafields->setOptionalsFromPost($extralabels,$object);

From 771104bc6882cd5c7c0c8545b9d7c1650321d5c5 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 18 Sep 2019 14:25:53 +0200
Subject: [PATCH 06/30] Fix XSS

---
 htdocs/user/card.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index 072d7f287a3..93fd39d8607 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -209,7 +209,7 @@ if (empty($reshook)) {
 			$object->facebook = GETPOST("facebook", 'alphanohtml');
 
 			$object->email = preg_replace('/\s+/', '', GETPOST("email", 'alpha'));
-			$object->job = GETPOST("job", 'alpha');
+			$object->job = GETPOST("job", 'alphanohtml');
 			$object->signature = GETPOST("signature", 'none');
 			$object->accountancy_code = GETPOST("accountancy_code", 'alphanohtml');
 			$object->note = GETPOST("note", 'none');
@@ -358,7 +358,7 @@ if (empty($reshook)) {
 				$object->twitter = GETPOST("twitter", 'alpha');
 				$object->facebook = GETPOST("facebook", 'alpha');
 				$object->email = preg_replace('/\s+/', '', GETPOST("email", 'alpha'));
-				$object->job = GETPOST("job", 'alpha');
+				$object->job = GETPOST("job", 'alphanohtml');
 				$object->signature = GETPOST("signature",'none');
 				$object->accountancy_code = GETPOST("accountancy_code",'alpha');
 				$object->openid = GETPOST("openid",'alpha');
@@ -1156,7 +1156,7 @@ if ($action == 'create' || $action == 'adduserldap')
 	// Position/Job
 	print '<tr><td class="titlefieldcreate">'.$langs->trans("PostOrFunction").'</td>';
 	print '<td>';
-	print '<input class="maxwidth200" type="text" name="job" value="'.GETPOST('job').'">';
+	print '<input class="maxwidth200" type="text" name="job" value="'.GETPOST('job', 'alphanohtml').'">';
 	print '</td></tr>';
 
 

From e52788eb75d6a1ebb56b3a78271f14bbb209abb3 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 18 Sep 2019 14:31:03 +0200
Subject: [PATCH 07/30] Fix xss

---
 htdocs/user/card.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index 93fd39d8607..ef0ed3743dd 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -209,7 +209,7 @@ if (empty($reshook)) {
 			$object->facebook = GETPOST("facebook", 'alphanohtml');
 
 			$object->email = preg_replace('/\s+/', '', GETPOST("email", 'alpha'));
-			$object->job = GETPOST("job", 'alphanohtml');
+			$object->job = GETPOST("job", 'nohtml');
 			$object->signature = GETPOST("signature", 'none');
 			$object->accountancy_code = GETPOST("accountancy_code", 'alphanohtml');
 			$object->note = GETPOST("note", 'none');
@@ -358,7 +358,7 @@ if (empty($reshook)) {
 				$object->twitter = GETPOST("twitter", 'alpha');
 				$object->facebook = GETPOST("facebook", 'alpha');
 				$object->email = preg_replace('/\s+/', '', GETPOST("email", 'alpha'));
-				$object->job = GETPOST("job", 'alphanohtml');
+				$object->job = GETPOST("job", 'nohtml');
 				$object->signature = GETPOST("signature",'none');
 				$object->accountancy_code = GETPOST("accountancy_code",'alpha');
 				$object->openid = GETPOST("openid",'alpha');
@@ -1156,7 +1156,7 @@ if ($action == 'create' || $action == 'adduserldap')
 	// Position/Job
 	print '<tr><td class="titlefieldcreate">'.$langs->trans("PostOrFunction").'</td>';
 	print '<td>';
-	print '<input class="maxwidth200" type="text" name="job" value="'.GETPOST('job', 'alphanohtml').'">';
+	print '<input class="maxwidth200" type="text" name="job" value="'.GETPOST('job', 'nohtml').'">';
 	print '</td></tr>';
 
 

From 00d5cff00dcb03949948d494573b119b23f22f0c Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 18 Sep 2019 14:44:31 +0200
Subject: [PATCH 08/30] Fix XSS injection into textarea

---
 htdocs/main.inc.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index c99723684bf..14b1d581986 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -116,6 +116,8 @@ function testSqlAndScriptInject($val, $type)
 		$inj += preg_match('/union.+select/i', 	 $val);
 		$inj += preg_match('/(\.\.%2f)+/i',		 $val);
 	}
+	// For XSS Injection done by closing textarea to exucute content into a textarea field
+	$inj += preg_match('/<\/textarea/i', $val);
 	// For XSS Injection done by adding javascript with script
 	// This is all cases a browser consider text is javascript:
 	// When it found '<script', 'javascript:', '<style', 'onload\s=' on body tag, '="&' on a tag size with old browsers

From bf9f25fd74553a6bd2962f3505233b184a9f4953 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 23 Sep 2019 11:35:11 +0200
Subject: [PATCH 09/30] Ehance getPaymentIntent to use it for offline payment

---
 htdocs/stripe/class/stripe.class.php | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/htdocs/stripe/class/stripe.class.php b/htdocs/stripe/class/stripe.class.php
index 6379aa36746..c8a9c69a5ae 100644
--- a/htdocs/stripe/class/stripe.class.php
+++ b/htdocs/stripe/class/stripe.class.php
@@ -305,16 +305,18 @@ class Stripe extends CommonObject
 	 * @param   string  $currency_code                      Currency code
 	 * @param   string  $tag                                Tag
 	 * @param   string  $description                        Description
-	 * @param	Societe	$object							    Object to pay with Stripe
+	 * @param	mixed	$object							    Object to pay with Stripe
 	 * @param	string 	$customer							Stripe customer ref 'cus_xxxxxxxxxxxxx' via customerStripe()
 	 * @param	string	$key							    ''=Use common API. If not '', it is the Stripe connect account 'acc_....' to use Stripe connect
 	 * @param	int		$status							    Status (0=test, 1=live)
 	 * @param	int		$usethirdpartyemailforreceiptemail	1=use thirdparty email for receipt
 	 * @param	int		$mode		                        automatic=automatic confirmation/payment when conditions are ok, manual=need to call confirm() on intent
 	 * @param   boolean $confirmnow                         false=default, true=try to confirm immediatly after create (if conditions are ok)
+	 * @param   string  $payment_method                     'pm_....' (if known)
+	 * @param   string  $off_session                        If we use an already known payment method to pay off line.
 	 * @return 	\Stripe\PaymentIntent|null 			        Stripe PaymentIntent or null if not found and failed to create
 	 */
-	public function getPaymentIntent($amount, $currency_code, $tag, $description = '', $object = null, $customer = null, $key = null, $status = 0, $usethirdpartyemailforreceiptemail = 0, $mode = 'automatic', $confirmnow = false)
+	public function getPaymentIntent($amount, $currency_code, $tag, $description = '', $object = null, $customer = null, $key = null, $status = 0, $usethirdpartyemailforreceiptemail = 0, $mode = 'automatic', $confirmnow = false, $payment_method = null, $off_session = 0)
 	{
 		global $conf;
 
@@ -335,7 +337,7 @@ class Stripe extends CommonObject
 		} elseif ($fee < $conf->global->STRIPE_APPLICATION_FEE_MINIMAL) {
 		    $fee = $conf->global->STRIPE_APPLICATION_FEE_MINIMAL;
 		}
-				if (! in_array($currency, $arrayzerounitcurrency)) $stripefee = round($fee * 100);
+				if (! in_array($currency_code, $arrayzerounitcurrency)) $stripefee = round($fee * 100);
 				else $stripefee = round($fee);
 
 		$paymentintent = null;
@@ -411,6 +413,12 @@ class Stripe extends CommonObject
     		// payment_method =
     		// payment_method_types = array('card')
             //var_dump($dataforintent);
+    		if ($off_session)
+    		{
+    		    unset($dataforintent['setup_future_usage']);
+    		    $dataforintent["off_session"] = true;
+    		}
+    		if (! is_null($payment_method)) $dataforintent["payment_method"] = $payment_method;
 
     		if ($conf->entity!=$conf->global->STRIPECONNECT_PRINCIPAL && $stripefee > 0)
     		{
@@ -491,7 +499,7 @@ class Stripe extends CommonObject
     		}
 		}
 
-		dol_syslog("getPaymentIntent return error=".$error, LOG_INFO, -1);
+		dol_syslog("getPaymentIntent return error=".$error." this->error=".$this->error, LOG_INFO, -1);
 
 		if (! $error)
 		{

From d5877e9c36fbda0040c67e6b63befbd558eb9480 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 23 Sep 2019 11:36:45 +0200
Subject: [PATCH 10/30] FIX Bad currency var used in stripe for connect

---
 htdocs/stripe/class/stripe.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/stripe/class/stripe.class.php b/htdocs/stripe/class/stripe.class.php
index abc875c370f..626f5533da4 100644
--- a/htdocs/stripe/class/stripe.class.php
+++ b/htdocs/stripe/class/stripe.class.php
@@ -325,7 +325,7 @@ class Stripe extends CommonObject
 		} elseif ($fee < $conf->global->STRIPE_APPLICATION_FEE_MINIMAL) {
 		    $fee = $conf->global->STRIPE_APPLICATION_FEE_MINIMAL;
 		}
-				if (! in_array($currency, $arrayzerounitcurrency)) $stripefee = round($fee * 100);
+				if (! in_array($currency_code, $arrayzerounitcurrency)) $stripefee = round($fee * 100);
 				else $stripefee = round($fee);
 
 		$paymentintent = null;

From 1584a4bf79b42b503e7cb39f37ebf20eba44c2e7 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 23 Sep 2019 12:27:51 +0200
Subject: [PATCH 11/30] Add trigger event USER_SENTBYMAIL in agenda

---
 htdocs/core/class/events.class.php            | 24 -------------------
 .../mysql/data/llx_c_action_trigger.sql       |  3 ++-
 .../install/mysql/migration/10.0.0-11.0.0.sql |  5 ++++
 3 files changed, 7 insertions(+), 25 deletions(-)

diff --git a/htdocs/core/class/events.class.php b/htdocs/core/class/events.class.php
index 57a076963fd..160e22f4c50 100644
--- a/htdocs/core/class/events.class.php
+++ b/htdocs/core/class/events.class.php
@@ -87,33 +87,9 @@ class Events // extends CommonObject
 		array('id'=>'USER_NEW_PASSWORD',      'test'=>1),
 		array('id'=>'USER_ENABLEDISABLE',     'test'=>1),
 		array('id'=>'USER_DELETE',            'test'=>1),
-	/*    array('id'=>'USER_SETINGROUP',        'test'=>1), deprecated. Replace with USER_MODIFY
-	    array('id'=>'USER_REMOVEFROMGROUP',   'test'=>1), deprecated. Replace with USER_MODIFY */
 		array('id'=>'GROUP_CREATE',           'test'=>1),
 		array('id'=>'GROUP_MODIFY',           'test'=>1),
 		array('id'=>'GROUP_DELETE',           'test'=>1),
-	/*	array('id'=>'ACTION_CREATE',          'test'=>$conf->societe->enabled),
-		array('id'=>'COMPANY_CREATE',         'test'=>$conf->societe->enabled),
-		array('id'=>'CONTRACT_VALIDATE',      'test'=>$conf->contrat->enabled),
-		array('id'=>'PROPAL_VALIDATE',        'test'=>$conf->propal->enabled),
-		array('id'=>'PROPAL_CLOSE_SIGNED',    'test'=>$conf->propal->enabled),
-		array('id'=>'PROPAL_CLOSE_REFUSED',   'test'=>$conf->propal->enabled),
-		array('id'=>'PROPAL_SENTBYMAIL',      'test'=>$conf->propal->enabled),
-		array('id'=>'ORDER_VALIDATE',         'test'=>$conf->commande->enabled),
-		array('id'=>'ORDER_SENTBYMAIL',       'test'=>$conf->commande->enabled),
-		array('id'=>'BILL_VALIDATE',          'test'=>$conf->facture->enabled),
-		array('id'=>'BILL_PAYED',             'test'=>$conf->facture->enabled),
-		array('id'=>'BILL_CANCEL',            'test'=>$conf->facture->enabled),
-		array('id'=>'BILL_SENTBYMAIL',        'test'=>$conf->facture->enabled),
-		array('id'=>'PAYMENT_CUSTOMER_CREATE','test'=>$conf->facture->enabled),
-		array('id'=>'PAYMENT_SUPPLIER_CREATE','test'=>$conf->fournisseur->enabled),
-		array('id'=>'MEMBER_CREATE',          'test'=>$conf->adherent->enabled),
-		array('id'=>'MEMBER_VALIDATE',        'test'=>$conf->adherent->enabled),
-		array('id'=>'MEMBER_SUBSCRIPTION',    'test'=>$conf->adherent->enabled),
-		array('id'=>'MEMBER_MODIFY',          'test'=>$conf->adherent->enabled),
-		array('id'=>'MEMBER_RESILIATE',       'test'=>$conf->adherent->enabled),
-		array('id'=>'MEMBER_DELETE',          'test'=>$conf->adherent->enabled),
-	*/
 	);
 
 
diff --git a/htdocs/install/mysql/data/llx_c_action_trigger.sql b/htdocs/install/mysql/data/llx_c_action_trigger.sql
index aaa96e3136a..0e2a1875e21 100644
--- a/htdocs/install/mysql/data/llx_c_action_trigger.sql
+++ b/htdocs/install/mysql/data/llx_c_action_trigger.sql
@@ -113,12 +113,13 @@ insert into llx_c_action_trigger (code,label,description,elementtype,rang) value
 insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('TICKET_CLOSE','Ticket closed','Executed when a ticket is closed','ticket',165);
 insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('TICKET_SENTBYMAIL','Ticket message sent by email','Executed when a message is sent from the ticket record','ticket',166);
 insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('TICKET_DELETE','Ticket deleted','Executed when a ticket is deleted','ticket',167);
--- actions not enabled by default (no constant created for that) when we enable module agenda 
+insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('USER_SENTBYMAIL','Email sent','Executed when an email is sent from user card','user',300);
 insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('PRODUCT_MODIFY','Product or service modified','Executed when a product or sevice is modified','product',41);
 insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('MEMBER_MODIFY','Member modified','Executed when a member is modified','member',23);
 insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('FICHINTER_MODIFY','Intervention modified','Executed when a intervention is modified','ficheinter',19);
 insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('PROJECT_CREATE','Project creation','Executed when a project is created','project',140);
 insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('PROJECT_MODIFY','Project modified','Executed when a project is modified','project',142);
+-- actions not enabled by default : they are excluded when we enable the module Agenda (except TASK_...)
 insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('TASK_CREATE','Task created','Executed when a project task is created','project',150);
 insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('TASK_MODIFY','Task modified','Executed when a project task is modified','project',151);
 insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('TASK_DELETE','Task deleted','Executed when a project task is deleted','project',152);
diff --git a/htdocs/install/mysql/migration/10.0.0-11.0.0.sql b/htdocs/install/mysql/migration/10.0.0-11.0.0.sql
index 92dcdce1128..890411109f9 100644
--- a/htdocs/install/mysql/migration/10.0.0-11.0.0.sql
+++ b/htdocs/install/mysql/migration/10.0.0-11.0.0.sql
@@ -33,6 +33,11 @@ ALTER TABLE llx_account_bookkeeping ADD COLUMN date_export datetime DEFAULT NULL
 ALTER TABLE llx_expensereport ADD COLUMN paid smallint default 0 NOT NULL;
 UPDATE llx_expensereport set paid = 1 WHERE fk_statut = 6 and paid = 0;
 
+
+-- For v11
+
+insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('USER_SENTBYMAIL','Email sent','Executed when an email is sent from user card','user',300);
+
 create table llx_entrepot_extrafields
 (
   rowid                     integer AUTO_INCREMENT PRIMARY KEY,

From 8ac0383fa020b029365cb6e12de68de35bb4a481 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 23 Sep 2019 12:36:12 +0200
Subject: [PATCH 12/30] FIX Send email from expense report card. FIX Alias name
 is not into the email recipient label.

---
 htdocs/core/actions_sendmails.inc.php | 54 +++++++++++----------------
 1 file changed, 21 insertions(+), 33 deletions(-)

diff --git a/htdocs/core/actions_sendmails.inc.php b/htdocs/core/actions_sendmails.inc.php
index 836652ea819..de3a43d9ce6 100644
--- a/htdocs/core/actions_sendmails.inc.php
+++ b/htdocs/core/actions_sendmails.inc.php
@@ -113,8 +113,8 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
 	{
 		$result=$object->fetch($id);
 
-		$sendtosocid=0;    // Thirdparty on object
-		if (method_exists($object, "fetch_thirdparty") && ! in_array($object->element, array('societe','member','user','expensereport', 'contact')))
+		$sendtosocid=0;    // Id of related thirdparty
+		if (method_exists($object, "fetch_thirdparty") && ! in_array($object->element, array('societe', 'member', 'user', 'expensereport', 'contact')))
 		{
 			$result=$object->fetch_thirdparty();
 			if ($object->element == 'user' && $result == 0) $result=1;    // Even if not found, we consider ok
@@ -124,7 +124,14 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
 		elseif ($object->element == 'member' || $object->element == 'user')
 		{
 			$thirdparty=$object;
-			if ($thirdparty->id > 0) $sendtosocid=$thirdparty->id;
+			if ($object->socid > 0) $sendtosocid=$object->socid;
+		}
+		elseif ($object->element == 'expensereport')
+		{
+			$tmpuser=new User($db);
+			$tmpuser->fetch($object->fk_user_author);
+			$thirdparty=$tmpuser;
+			if ($object->socid > 0) $sendtosocid=$object->socid;
 		}
 		elseif ($object->element == 'societe')
 		{
@@ -136,7 +143,7 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
 			$contact=$object;
 			if ($contact->id > 0) $sendtosocid=$contact->fetch_thirdparty()->id;
 		}
-		else dol_print_error('', 'Use actions_sendmails.in.php for an element/object that is not supported');
+		else dol_print_error('', "Use actions_sendmails.in.php for an element/object '".$object->element."' that is not supported");
 
 		if (is_object($hookmanager))
 		{
@@ -162,6 +169,7 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
 			if ($receiver == '-1') $receiver=array();
 			else $receiver=array($receiver);
 		}
+
 		$tmparray=array();
 		if (trim($_POST['sendto']))
 		{
@@ -173,22 +181,23 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
 			foreach($receiver as $key=>$val)
 			{
 				// Recipient was provided from combo list
-				if ($val == 'thirdparty') // Id of third party
+				if ($val == 'thirdparty') // Key selected means currentthird party (may be usd for current member or current user too)
 				{
-					$tmparray[] = dol_string_nospecial($thirdparty->name, ' ', array(",")).' <'.$thirdparty->email.'>';
+					$tmparray[] = dol_string_nospecial($thirdparty->getFullName($langs), ' ', array(",")).' <'.$thirdparty->email.'>';
 				}
 				// Recipient was provided from combo list
-				elseif ($val == 'contact') // Id of contact
+				elseif ($val == 'contact') // Key selected means current contact
 				{
-					$tmparray[] = dol_string_nospecial($contact->name, ' ', array(",")).' <'.$contact->email.'>';
+					$tmparray[] = dol_string_nospecial($contact->getFullName($langs), ' ', array(",")).' <'.$contact->email.'>';
 				}
-				elseif ($val)	// Id du contact
+				elseif ($val)	// $val is the Id of a contact
 				{
 					$tmparray[] = $thirdparty->contact_get_property((int) $val, 'email');
 					$sendtoid[] = $val;
 				}
 			}
 		}
+
 		if (!empty($conf->global->MAIN_MAIL_ENABLED_USER_DEST_SELECT))
 		{
 			$receiveruser=$_POST['receiveruser'];
@@ -222,16 +231,16 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
 			foreach($receivercc as $key=>$val)
 			{
 				// Recipient was provided from combo list
-				if ($val == 'thirdparty') // Id of third party
+				if ($val == 'thirdparty')	// Key selected means currentthird party (may be usd for current member or current user too)
 				{
 					$tmparray[] = dol_string_nospecial($thirdparty->name, ' ', array(",")).' <'.$thirdparty->email.'>';
 				}
 				// Recipient was provided from combo list
-				elseif ($val == 'contact') // Id of contact
+				elseif ($val == 'contact')	// Key selected means current contact
 				{
 					$tmparray[] = dol_string_nospecial($contact->name, ' ', array(",")).' <'.$contact->email.'>';
 				}
-				elseif ($val)	// Id du contact
+				elseif ($val)				// $val is the Id of a contact
 				{
 					$tmparray[] = $thirdparty->contact_get_property((int) $val, 'email');
 					//$sendtoid[] = $val;  TODO Add also id of contact in CC ?
@@ -414,27 +423,6 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
 				$result=$mailfile->sendfile();
 				if ($result)
 				{
-					// Two hooks are available into method $mailfile->sendfile, so dedicated code is no more required
-					/*
-					if (! empty($conf->dolimail->enabled))
-					{
-						$mid = (GETPOST('mid','int') ? GETPOST('mid','int') : 0);	// Original mail id is set ?
-						if ($mid)
-						{
-							// set imap flag answered if it is an answered mail
-							$dolimail=new DoliMail($db);
-							$dolimail->id = $mid;
-							$res=$dolimail->set_prop($user, 'answered',1);
-						}
-						if ($imap==1)
-						{
-							// write mail to IMAP Server
-							$movemail = $mailboxconfig->putMail($subject,$sendto,$from,$message,$filepath,$mimetype,$filename,$sendtocc,$folder,$deliveryreceipt,$mailfile);
-							if ($movemail) setEventMessages($langs->trans("MailMovedToImapFolder",$folder), null, 'mesgs');
-							else setEventMessages($langs->trans("MailMovedToImapFolder_Warning",$folder), null, 'warnings');
-						}
-					}*/
-
 					// Initialisation of datas of object to call trigger
 					if (is_object($object))
 					{

From 40f75b16d8fdb81a89266799846072f7b8970279 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 23 Sep 2019 13:04:22 +0200
Subject: [PATCH 13/30] FIX Substitution of __PROJECT_XXX__ not done

---
 htdocs/comm/action/class/actioncomm.class.php |  2 +-
 htdocs/core/actions_massactions.inc.php       |  4 ++
 htdocs/core/lib/functions.lib.php             | 46 ++++++++++++-------
 3 files changed, 35 insertions(+), 17 deletions(-)

diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php
index c3b698d3918..a52bdee82cc 100644
--- a/htdocs/comm/action/class/actioncomm.class.php
+++ b/htdocs/comm/action/class/actioncomm.class.php
@@ -676,7 +676,7 @@ class ActionComm extends CommonObject
 
                 $this->socid				= $obj->fk_soc;			// To have fetch_thirdparty method working
                 $this->contactid			= $obj->fk_contact;		// To have fetch_contact method working
-                $this->fk_project			= $obj->fk_project;		// To have fetch_project method working
+                $this->fk_project			= $obj->fk_project;		// To have fetch_projet method working
 
                 $this->societe->id			= $obj->fk_soc;			// deprecated
                 //$this->contact->id			= $obj->fk_contact;		// deprecated
diff --git a/htdocs/core/actions_massactions.inc.php b/htdocs/core/actions_massactions.inc.php
index d54d2dd02ff..6cd98f00e48 100644
--- a/htdocs/core/actions_massactions.inc.php
+++ b/htdocs/core/actions_massactions.inc.php
@@ -384,6 +384,10 @@ if (! $error && $massaction == 'confirm_presend')
                 foreach ($looparray as $objectid => $objecttmp)		// $objecttmp is a real object or an empty object if we choose to send one email per thirdparty instead of one per object
 				{
 					// Make substitution in email content
+					if (! empty($conf->projet->enabled) && method_exists($objecttmp, 'fetch_projet') && is_null($objecttmp->project))
+					{
+						$objecttmp->fetch_projet();
+					}
 					$substitutionarray=getCommonSubstitutionArray($langs, 0, null, $objecttmp);
 					$substitutionarray['__ID__']    = ($oneemailperrecipient ? join(', ', array_keys($listofqualifiedobj)) : $objecttmp->id);
 					$substitutionarray['__REF__']   = ($oneemailperrecipient ? join(', ', $listofqualifiedref) : $objecttmp->ref);
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index b6b691117a5..268b206919c 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -3831,6 +3831,8 @@ function dol_print_error($db = '', $error = '', $errors = null)
 	if (empty($dolibarr_main_prod)) print $out;
 	else
 	{
+		print 'This website is currently temporarly offline. This may be due to a maintenance operation. Current status of operation are on next line...<br><br>'."\n";
+		$langs->load("errors");
 		print $langs->trans("DolibarrHasDetectedError").'. ';
 		print $langs->trans("YouCanSetOptionDolibarrMainProdToZero");
 		define("MAIN_CORE_ERROR", 1);
@@ -3859,7 +3861,7 @@ function dol_print_error_email($prefixcode, $errormessage = '', $errormessages =
 	$now=dol_now();
 
 	print '<br><div class="center login_main_message"><div class="'.$morecss.'">';
-	print $langs->trans("ErrorContactEMail", $email, $prefixcode.dol_print_date($now, '%Y%m%d'));
+	print $langs->trans("ErrorContactEMail", $email, $prefixcode.dol_print_date($now, '%Y%m%d%H%M%S'));
 	if ($errormessage) print '<br><br>'.$errormessage;
 	if (is_array($errormessages) && count($errormessages))
 	{
@@ -5866,11 +5868,13 @@ $substitutionarray=array_merge($substitutionarray, array(
 			$substitutionarray['__REF_SUPPLIER__'] = '__REF_SUPPLIER__';
 			$substitutionarray['__EXTRAFIELD_XXX__'] = '__EXTRAFIELD_XXX__';
 
-			$substitutionarray['__THIRDPARTY_ID__'] = '__THIRDPARTY_ID__';
-			$substitutionarray['__THIRDPARTY_NAME__'] = '__THIRDPARTY_NAME__';
-			$substitutionarray['__THIRDPARTY_NAME_ALIAS__'] = '__THIRDPARTY_NAME_ALIAS__';
-			$substitutionarray['__THIRDPARTY_EMAIL__'] = '__THIRDPARTY_EMAIL__';
-
+			if (! empty($conf->societe->enabled))
+			{
+				$substitutionarray['__THIRDPARTY_ID__'] = '__THIRDPARTY_ID__';
+				$substitutionarray['__THIRDPARTY_NAME__'] = '__THIRDPARTY_NAME__';
+				$substitutionarray['__THIRDPARTY_NAME_ALIAS__'] = '__THIRDPARTY_NAME_ALIAS__';
+				$substitutionarray['__THIRDPARTY_EMAIL__'] = '__THIRDPARTY_EMAIL__';
+			}
 			if (! empty($conf->adherent->enabled))
 			{
 				$substitutionarray['__MEMBER_ID__'] = '__MEMBER_ID__';
@@ -5878,15 +5882,19 @@ $substitutionarray=array_merge($substitutionarray, array(
 				$substitutionarray['__MEMBER_FIRSTNAME__'] = '__MEMBER_FIRSTNAME__';
 				$substitutionarray['__MEMBER_LASTNAME__'] = '__MEMBER_LASTNAME__';
 			}
-			$substitutionarray['__PROJECT_ID__'] = '__PROJECT_ID__';
-			$substitutionarray['__PROJECT_REF__'] = '__PROJECT_REF__';
-			$substitutionarray['__PROJECT_NAME__'] = '__PROJECT_NAME__';
-
-			$substitutionarray['__CONTRACT_HIGHEST_PLANNED_START_DATE__'] = 'Highest date planned for a service start';
-			$substitutionarray['__CONTRACT_HIGHEST_PLANNED_START_DATETIME__'] = 'Highest date and hour planned for service start';
-			$substitutionarray['__CONTRACT_LOWEST_EXPIRATION_DATE__'] = 'Lowest data for planned expiration of service';
-			$substitutionarray['__CONTRACT_LOWEST_EXPIRATION_DATETIME__'] = 'Lowest date and hour for planned expiration of service';
-
+			if (! empty($conf->projet->enabled))
+			{
+				$substitutionarray['__PROJECT_ID__'] = '__PROJECT_ID__';
+				$substitutionarray['__PROJECT_REF__'] = '__PROJECT_REF__';
+				$substitutionarray['__PROJECT_NAME__'] = '__PROJECT_NAME__';
+			}
+			if (! empty($conf->contrat->enabled))
+			{
+				$substitutionarray['__CONTRACT_HIGHEST_PLANNED_START_DATE__'] = 'Highest date planned for a service start';
+				$substitutionarray['__CONTRACT_HIGHEST_PLANNED_START_DATETIME__'] = 'Highest date and hour planned for service start';
+				$substitutionarray['__CONTRACT_LOWEST_EXPIRATION_DATE__'] = 'Lowest data for planned expiration of service';
+				$substitutionarray['__CONTRACT_LOWEST_EXPIRATION_DATETIME__'] = 'Lowest date and hour for planned expiration of service';
+			}
 			$substitutionarray['__ONLINE_PAYMENT_URL__'] = 'UrlToPayOnlineIfApplicable';
 			$substitutionarray['__ONLINE_PAYMENT_TEXT_AND_URL__'] = 'TextAndUrlToPayOnlineIfApplicable';
 			$substitutionarray['__SECUREKEYPAYMENT__'] = 'Security key (if key is not unique per record)';
@@ -5964,7 +5972,13 @@ $substitutionarray=array_merge($substitutionarray, array(
 				$substitutionarray['__THIRDPARTY_EMAIL__'] = (is_object($object->thirdparty)?$object->thirdparty->email:'');
 			}
 
-			if (is_object($object->projet) && $object->projet->id > 0)
+			if (is_object($object->project) && $object->project->id > 0)
+			{
+				$substitutionarray['__PROJECT_ID__'] = (is_object($object->project)?$object->project->id:'');
+				$substitutionarray['__PROJECT_REF__'] = (is_object($object->project)?$object->project->ref:'');
+				$substitutionarray['__PROJECT_NAME__'] = (is_object($object->project)?$object->project->title:'');
+			}
+			if (is_object($object->projet) && $object->projet->id > 0)	// Deprecated, for backward compatibility
 			{
 				$substitutionarray['__PROJECT_ID__'] = (is_object($object->projet)?$object->projet->id:'');
 				$substitutionarray['__PROJECT_REF__'] = (is_object($object->projet)?$object->projet->ref:'');

From 243e31df2c264bbe68f25ca28b64209a587d308c Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 23 Sep 2019 16:50:32 +0200
Subject: [PATCH 14/30] Better error management for using SCA stripe

---
 htdocs/stripe/class/stripe.class.php | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/htdocs/stripe/class/stripe.class.php b/htdocs/stripe/class/stripe.class.php
index c8a9c69a5ae..f47d21a7c52 100644
--- a/htdocs/stripe/class/stripe.class.php
+++ b/htdocs/stripe/class/stripe.class.php
@@ -60,6 +60,7 @@ class Stripe extends CommonObject
 	public $type;
 
 	public $code;
+	public $declinecode;
 
 	public $message;
 
@@ -442,7 +443,6 @@ class Stripe extends CommonObject
     				$paymentintent = \Stripe\PaymentIntent::create($dataforintent, array("idempotency_key" => "$description", "stripe_account" => $key));
     			    //$paymentintent = \Stripe\PaymentIntent::create($dataforintent, array("stripe_account" => $key));
     			}
-    			//var_dump($paymentintent->id);
 
     			// Store the payment intent
     			if (is_object($object))
@@ -487,15 +487,25 @@ class Stripe extends CommonObject
     			    $_SESSION["stripe_payment_intent"] = $paymentintent;
     			}
     		}
+    		catch(Stripe\Error\Card $e)
+    		{
+    			$error++;
+    			$this->error = $e->getMessage();
+    			$this->code = $e->getStripeCode();
+    			$this->declinecode = $e->getDeclineCode();
+    		}
     		catch(Exception $e)
     		{
     		    /*var_dump($dataforintent);
     		    var_dump($description);
     		    var_dump($key);
     		    var_dump($paymentintent);
-    		    var_dump($e->getMessage());*/
-                $error++;
+    		    var_dump($e->getMessage());
+    		    var_dump($e);*/
+    		    $error++;
     			$this->error = $e->getMessage();
+    			$this->code = '';
+    			$this->declinecode = '';
     		}
 		}
 
@@ -790,13 +800,12 @@ class Stripe extends CommonObject
 
 	/**
 	 * Create charge with public/payment/newpayment.php, stripe/card.php, cronjobs or REST API
-	 * This is using old Stripe API charge.
 	 *
 	 * @param	int 	$amount									Amount to pay
 	 * @param	string 	$currency								EUR, GPB...
 	 * @param	string 	$origin									Object type to pay (order, invoice, contract...)
 	 * @param	int 	$item									Object id to pay
-	 * @param	string 	$source									src_xxxxx or card_xxxxx
+	 * @param	string 	$source									src_xxxxx or card_xxxxx or pm_xxxxx
 	 * @param	string 	$customer								Stripe customer ref 'cus_xxxxxxxxxxxxx' via customerStripe()
 	 * @param	string 	$account								Stripe account ref 'acc_xxxxxxxxxxxxx' via  getStripeAccount()
 	 * @param	int		$status									Status (0=test, 1=live)

From 64fc73534054041f01a01ac411120aa8073aecfe Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 23 Sep 2019 18:12:58 +0200
Subject: [PATCH 15/30] Fix length of fields to card saved with setupintent

---
 htdocs/install/mysql/migration/10.0.0-11.0.0.sql | 2 ++
 htdocs/install/mysql/tables/llx_societe_rib.sql  | 2 +-
 htdocs/stripe/class/stripe.class.php             | 6 +++++-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/htdocs/install/mysql/migration/10.0.0-11.0.0.sql b/htdocs/install/mysql/migration/10.0.0-11.0.0.sql
index 890411109f9..7d5a3a1716b 100644
--- a/htdocs/install/mysql/migration/10.0.0-11.0.0.sql
+++ b/htdocs/install/mysql/migration/10.0.0-11.0.0.sql
@@ -36,6 +36,8 @@ UPDATE llx_expensereport set paid = 1 WHERE fk_statut = 6 and paid = 0;
 
 -- For v11
 
+ALTER TABLE llx_societe_rib MODIFY label varchar(200);
+
 insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('USER_SENTBYMAIL','Email sent','Executed when an email is sent from user card','user',300);
 
 create table llx_entrepot_extrafields
diff --git a/htdocs/install/mysql/tables/llx_societe_rib.sql b/htdocs/install/mysql/tables/llx_societe_rib.sql
index 5bfc6d10fd6..adabd0ab35f 100644
--- a/htdocs/install/mysql/tables/llx_societe_rib.sql
+++ b/htdocs/install/mysql/tables/llx_societe_rib.sql
@@ -24,7 +24,7 @@ create table llx_societe_rib
 (
   rowid          integer AUTO_INCREMENT PRIMARY KEY,
   type           varchar(32) DEFAULT 'ban' NOT NULL,							-- 'ban' or 'paypal' or 'card' or 'stripe'
-  label          varchar(30),
+  label          varchar(200),
   fk_soc         integer NOT NULL,
   datec          datetime,
   tms            timestamp,
diff --git a/htdocs/stripe/class/stripe.class.php b/htdocs/stripe/class/stripe.class.php
index f47d21a7c52..cff5f17494b 100644
--- a/htdocs/stripe/class/stripe.class.php
+++ b/htdocs/stripe/class/stripe.class.php
@@ -419,7 +419,11 @@ class Stripe extends CommonObject
     		    unset($dataforintent['setup_future_usage']);
     		    $dataforintent["off_session"] = true;
     		}
-    		if (! is_null($payment_method)) $dataforintent["payment_method"] = $payment_method;
+    		if (! is_null($payment_method))
+    		{
+    			$dataforintent["payment_method"] = $payment_method;
+    			$description.=' - '.$payment_method;
+    		}
 
     		if ($conf->entity!=$conf->global->STRIPECONNECT_PRINCIPAL && $stripefee > 0)
     		{

From 1e65a478a81ad9e0100d83d07eb3536a33ae1a44 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 23 Sep 2019 19:21:06 +0200
Subject: [PATCH 16/30] Fix remove warnings

---
 htdocs/core/menus/standard/auguria.lib.php | 11 ++++++++---
 htdocs/core/menus/standard/eldy.lib.php    |  7 ++++---
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/htdocs/core/menus/standard/auguria.lib.php b/htdocs/core/menus/standard/auguria.lib.php
index 438ff8246ea..2aaeb967675 100644
--- a/htdocs/core/menus/standard/auguria.lib.php
+++ b/htdocs/core/menus/standard/auguria.lib.php
@@ -271,14 +271,19 @@ function print_left_auguria_menu($db, $menu_array_before, $menu_array_after, &$t
 	// Show logo company
 	if (empty($noout) && ! empty($conf->global->MAIN_SHOW_LOGO) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER))
 	{
-		$mysoc->logo_mini=$conf->global->MAIN_INFO_SOCIETE_LOGO_MINI;
-		if (! empty($mysoc->logo_mini) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_mini))
+		$mysoc->logo_mini=(empty($conf->global->MAIN_INFO_SOCIETE_LOGO_MINI)?'':$conf->global->MAIN_INFO_SOCIETE_LOGO_MINI);
+		$mysoc->logo_squarred_mini=(empty($conf->global->MAIN_INFO_SOCIETE_LOGO_SQUARRED_MINI)?'':$conf->global->MAIN_INFO_SOCIETE_LOGO_SQUARRED_MINI);
+		if (! empty($mysoc->logo_squarred_mini) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_squarred_mini))
+		{
+			$urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode('logos/thumbs/'.$mysoc->logo_squarred_mini);
+		}
+		elseif (! empty($mysoc->logo_mini) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_mini))
 		{
 			$urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode('logos/thumbs/'.$mysoc->logo_mini);
 		}
 		else
 		{
-			$urllogo=DOL_URL_ROOT.'/theme/dolibarr_logo.png';
+			$urllogo=DOL_URL_ROOT.'/theme/dolibarr_logo_squarred.png';
 		}
 		$title=$langs->trans("GoIntoSetupToChangeLogo");
 		print "\n".'<!-- Show logo on menu -->'."\n";
diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php
index 2eead6da81d..d62cd1993fd 100644
--- a/htdocs/core/menus/standard/eldy.lib.php
+++ b/htdocs/core/menus/standard/eldy.lib.php
@@ -43,7 +43,8 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/menubase.class.php';
  */
 function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 0, $mode = '')
 {
-	global $user,$conf,$langs,$dolibarr_main_db_name;
+	global $user,$conf,$langs,$mysoc;
+	global $dolibarr_main_db_name;
 
 	$mainmenu=(empty($_SESSION["mainmenu"])?'':$_SESSION["mainmenu"]);
 	$leftmenu=(empty($_SESSION["leftmenu"])?'':$_SESSION["leftmenu"]);
@@ -477,8 +478,8 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout =
 	// Show logo company
 	if (empty($conf->global->MAIN_MENU_INVERT) && empty($noout) && ! empty($conf->global->MAIN_SHOW_LOGO) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER))
 	{
-		$mysoc->logo_mini=$conf->global->MAIN_INFO_SOCIETE_LOGO_MINI;
-		$mysoc->logo_squarred_mini=$conf->global->MAIN_INFO_SOCIETE_LOGO_SQUARRED_MINI;
+		$mysoc->logo_mini=(empty($conf->global->MAIN_INFO_SOCIETE_LOGO_MINI)?'':$conf->global->MAIN_INFO_SOCIETE_LOGO_MINI);
+		$mysoc->logo_squarred_mini=(empty($conf->global->MAIN_INFO_SOCIETE_LOGO_SQUARRED_MINI)?'':$conf->global->MAIN_INFO_SOCIETE_LOGO_SQUARRED_MINI);
 		if (! empty($mysoc->logo_squarred_mini) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_squarred_mini))
 		{
 			$urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode('logos/thumbs/'.$mysoc->logo_squarred_mini);

From 4a0305cdf8f679178e7f41265bcf8f5213ee9828 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 23 Sep 2019 19:21:18 +0200
Subject: [PATCH 17/30] Fix debug file

---
 htdocs/stripe/payment.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/htdocs/stripe/payment.php b/htdocs/stripe/payment.php
index 6811df8d589..ef4911b2c1b 100644
--- a/htdocs/stripe/payment.php
+++ b/htdocs/stripe/payment.php
@@ -71,6 +71,7 @@ if ($user->societe_id > 0)
 }
 
 $object=new Facture($db);
+$stripe=new Stripe($db);
 
 // Load object
 if ($facid > 0)
@@ -78,9 +79,9 @@ if ($facid > 0)
 	$ret=$object->fetch($facid);
 }
 
-if (! empty($conf->stripe->enabled))
+if (empty($conf->stripe->enabled))
 {
-    access_forbidden();
+    accessforbidden();
 }
 
 if (empty($conf->global->STRIPE_LIVE) || GETPOST('forcesandbox', 'alpha'))
@@ -306,7 +307,7 @@ if (empty($reshook))
 		elseif (preg_match('/src_/i', $source))
 		{
 
-		        $customer2 = $customerstripe=$stripe->customerStripe($facture->thirdparty, $stripeacc, $servicestatus);
+			$customer2 = $customerstripe=$stripe->customerStripe($facture->thirdparty, $stripeacc, $servicestatus);
 			$src = $customer2->sources->retrieve("$source");
 			if ($src->type=='card')
 			{
@@ -1082,7 +1083,7 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
 
 if (! GETPOST('action'))
 {
-    if ($page == -1) $page = 0 ;
+    if ($page == -1 || empty($page)) $page = 0 ;
     $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit;
     $offset = $limit * $page ;
 

From 0434e898d3899160bdbae1205858c737f3c4d24d Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 23 Sep 2019 19:22:07 +0200
Subject: [PATCH 18/30] Add todo

---
 htdocs/stripe/payment.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/stripe/payment.php b/htdocs/stripe/payment.php
index ef4911b2c1b..41f802062a2 100644
--- a/htdocs/stripe/payment.php
+++ b/htdocs/stripe/payment.php
@@ -28,7 +28,7 @@
 /**
  *	\file       htdocs/stripe/payment.php
  *	\ingroup    stripe
- *	\brief      Payment page for customers invoices
+ *	\brief      Payment page for customers invoices. TODO Seems deprecated and bugged !
  */
 
 // Load Dolibarr environment

From 5cd44556494e2081baf5f1f0761abf57374ae6a1 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 23 Sep 2019 19:25:56 +0200
Subject: [PATCH 19/30] Removed deprecated files

---
 htdocs/public/paybox/index.php      |  27 ---
 htdocs/public/paybox/newpayment.php |  49 ----
 htdocs/public/paybox/paymentko.php  | 162 --------------
 htdocs/public/paybox/paymentok.php  | 194 ----------------
 htdocs/public/paypal/index.php      |  27 ---
 htdocs/public/paypal/newpayment.php |  52 -----
 htdocs/public/paypal/paymentko.php  | 173 ---------------
 htdocs/public/paypal/paymentok.php  | 332 ----------------------------
 htdocs/public/stripe/newpayment.php |  51 -----
 htdocs/public/stripe/paymentko.php  | 160 --------------
 htdocs/public/stripe/paymentok.php  | 196 ----------------
 11 files changed, 1423 deletions(-)
 delete mode 100644 htdocs/public/paybox/index.php
 delete mode 100644 htdocs/public/paybox/newpayment.php
 delete mode 100644 htdocs/public/paybox/paymentko.php
 delete mode 100644 htdocs/public/paybox/paymentok.php
 delete mode 100644 htdocs/public/paypal/index.php
 delete mode 100644 htdocs/public/paypal/newpayment.php
 delete mode 100644 htdocs/public/paypal/paymentko.php
 delete mode 100644 htdocs/public/paypal/paymentok.php
 delete mode 100644 htdocs/public/stripe/newpayment.php
 delete mode 100644 htdocs/public/stripe/paymentko.php
 delete mode 100644 htdocs/public/stripe/paymentok.php

diff --git a/htdocs/public/paybox/index.php b/htdocs/public/paybox/index.php
deleted file mode 100644
index 58d748aba72..00000000000
--- a/htdocs/public/paybox/index.php
+++ /dev/null
@@ -1,27 +0,0 @@
-<?php
-/* Copyright (C) 2009 Laurent Destailleur  <eldy@users.sourceforge.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-/**
- *     	\file       htdocs/public/paybox/index.php
- *		\ingroup    core
- *		\brief      A redirect page to an error
- *		\author	    Laurent Destailleur
- */
-
-require '../../master.inc.php';
-
-header("Location: ".DOL_URL_ROOT.'/public/error-404.php');
diff --git a/htdocs/public/paybox/newpayment.php b/htdocs/public/paybox/newpayment.php
deleted file mode 100644
index 319c40f2c18..00000000000
--- a/htdocs/public/paybox/newpayment.php
+++ /dev/null
@@ -1,49 +0,0 @@
-<?php
-/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2006-2012 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2009      Regis Houssin        <regis.houssin@inodbox.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-/**
- *     	\file       htdocs/public/paybox/newpayment.php
- *		\ingroup    paybox
- *		\brief      File to offer a way to make a payment for a particular Dolibarr entity
- *		\author	    Laurent Destailleur
- */
-
-define("NOLOGIN", 1);		// This means this output page does not require to be logged.
-define("NOCSRFCHECK", 1);	// We accept to go on this page from external web site.
-
-// For MultiCompany module.
-// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
-// TODO This should be useless. Because entity must be retreive from object ref and not from url.
-$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
-if (is_numeric($entity)) define("DOLENTITY", $entity);
-
-require '../../main.inc.php';
-require_once DOL_DOCUMENT_ROOT.'/paybox/lib/paybox.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
-
-// Security check
-if (empty($conf->paybox->enabled)) accessforbidden('', 0, 0, 1);
-
-$newurl = $_SERVER['REQUEST_URI'];
-$newurl = preg_replace('/\/paybox\/newpayment/', '/payment/newpayment', $newurl);
-header("Location: ".$newurl.(preg_match('/\?/', $newurl)?'&':'?').'paymentmethod=paybox');
-exit;
diff --git a/htdocs/public/paybox/paymentko.php b/htdocs/public/paybox/paymentko.php
deleted file mode 100644
index a2f9f52e9e5..00000000000
--- a/htdocs/public/paybox/paymentko.php
+++ /dev/null
@@ -1,162 +0,0 @@
-<?php
-/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2006-2013 Laurent Destailleur  <eldy@users.sourceforge.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-/**
- *     	\file       htdocs/public/paybox/paymentko.php
- *		\ingroup    paybox
- *		\brief      File to show page after a failed payment
- */
-
-define("NOLOGIN", 1);		// This means this output page does not require to be logged.
-define("NOCSRFCHECK", 1);	// We accept to go on this page from external web site.
-
-// For MultiCompany module.
-// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
-// TODO This should be useless. Because entity must be retreive from object ref and not from url.
-$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
-if (is_numeric($entity)) define("DOLENTITY", $entity);
-
-require '../../main.inc.php';
-require_once DOL_DOCUMENT_ROOT.'/paybox/lib/paybox.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
-
-// Security check
-if (empty($conf->paybox->enabled)) accessforbidden('', 0, 0, 1);
-
-$langs->loadLangs(array("main", "other", "dict", "bills", "companies", "paybox", "paypal", "stripe"));
-
-$object = new stdClass();   // For triggers
-
-$paymentmethod='paybox';
-
-
-/*
- * Actions
- */
-
-
-
-
-
-/*
- * View
- */
-
-dol_syslog("Callback url when a PayBox payment was canceled. query_string=".(dol_escape_htmltag($_SERVER["QUERY_STRING"])?dol_escape_htmltag($_SERVER["QUERY_STRING"]):'')." script_uri=".(dol_escape_htmltag($_SERVER["SCRIPT_URI"])?dol_escape_htmltag($_SERVER["SCRIPT_URI"]):''), LOG_DEBUG, 0, '_paybox');
-
-$tracepost = "";
-foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";
-dol_syslog("POST=".$tracepost, LOG_DEBUG, 0, '_paybox');
-
-
-if (! empty($_SESSION['ipaddress']))      // To avoid to make action twice
-{
-    // Get on url call
-    $fulltag            = $FULLTAG;
-    $onlinetoken        = empty($PAYPALTOKEN)?$_SESSION['onlinetoken']:$PAYPALTOKEN;
-    $payerID            = empty($PAYPALPAYERID)?$_SESSION['payerID']:$PAYPALPAYERID;
-    // Set by newpayment.php
-    $paymentType        = $_SESSION['PaymentType'];
-    $currencyCodeType   = $_SESSION['currencyCodeType'];
-    $FinalPaymentAmt    = $_SESSION["FinalPaymentAmt"];
-    // From env
-    $ipaddress          = $_SESSION['ipaddress'];
-
-    // Appel des triggers
-    include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
-    $interface=new Interfaces($db);
-    $result=$interface->run_triggers('PAYBOX_PAYMENT_OK', $object, $user, $langs, $conf);
-    if ($result < 0) { $error++; $errors=$interface->errors; }
-    // Fin appel triggers
-
-    // Send an email
-    $sendemail = '';
-    if (! empty($conf->global->ONLINE_PAYMENT_SENDEMAIL))  $sendemail=$conf->global->ONLINE_PAYMENT_SENDEMAIL;
-
-    if ($sendemail)
-    {
-    	$sendto=$sendemail;
-    	$from=$conf->global->MAILING_EMAIL_FROM;
-
-    	// Define link to login card
-    	$appli=constant('DOL_APPLICATION_TITLE');
-    	if (! empty($conf->global->MAIN_APPLICATION_TITLE))
-    	{
-    	    $appli=$conf->global->MAIN_APPLICATION_TITLE;
-    	    if (preg_match('/\d\.\d/', $appli))
-    	    {
-    	        if (! preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) $appli.=" (".DOL_VERSION.")";	// If new title contains a version that is different than core
-    	    }
-    	    else $appli.=" ".DOL_VERSION;
-    	}
-    	else $appli.=" ".DOL_VERSION;
-
-    	$urlback=$_SERVER["REQUEST_URI"];
-    	$topic='['.$appli.'] '.$langs->transnoentitiesnoconv("NewOnlinePaymentFailed");
-    	$content="";
-    	$content.=$langs->transnoentitiesnoconv("ValidationOfOnlinePaymentFailed")."\n";
-    	$content.="\n";
-    	$content.=$langs->transnoentitiesnoconv("TechnicalInformation").":\n";
-    	$content.=$langs->transnoentitiesnoconv("OnlinePaymentSystem").': '.$paymentmethod."<br>\n";
-    	$content.=$langs->transnoentitiesnoconv("ReturnURLAfterPayment").': '.$urlback."\n";
-    	$content.="tag=".$fulltag."\npaymentType=".$paymentType." currencycodeType=".$currencyCodeType." payerId=".$payerID." ipaddress=".$ipaddress." FinalPaymentAmt=".$FinalPaymentAmt;
-    	require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
-    	$mailfile = new CMailFile($topic, $sendto, $from, $content);
-
-    	$result=$mailfile->sendfile();
-    	if ($result)
-    	{
-    		dol_syslog("EMail sent to ".$sendto, LOG_DEBUG, 0, '_paybox');
-    	}
-    	else
-    	{
-    		dol_syslog("Failed to send EMail to ".$sendto, LOG_ERR, 0, '_paybox');
-    	}
-    }
-
-    unset($_SESSION['ipaddress']);
-}
-
-$head='';
-if (! empty($conf->global->ONLINE_PAYMENT_CSS_URL)) $head='<link rel="stylesheet" type="text/css" href="'.$conf->global->ONLINE_PAYMENT_CSS_URL.'?lang='.$langs->defaultlang.'">'."\n";
-
-$conf->dol_hide_topmenu=1;
-$conf->dol_hide_leftmenu=1;
-
-llxHeader($head, $langs->trans("PaymentForm"), '', '', 0, 0, '', '', '', 'onlinepaymentbody');
-
-
-// Show message
-print '<span id="dolpaymentspan"></span>'."\n";
-print '<div id="dolpaymentdiv" align="center">'."\n";
-
-print $langs->trans("YourPaymentHasNotBeenRecorded")."<br><br>\n";
-
-$key='ONLINE_PAYMENT_MESSAGE_KO';
-if (! empty($conf->global->$key)) print $conf->global->$key;
-
-print "\n</div>\n";
-
-
-htmlPrintOnlinePaymentFooter($mysoc, $langs, 0, $suffix);
-
-
-llxFooter('', 'public');
-
-$db->close();
diff --git a/htdocs/public/paybox/paymentok.php b/htdocs/public/paybox/paymentok.php
deleted file mode 100644
index efa49ce84fc..00000000000
--- a/htdocs/public/paybox/paymentok.php
+++ /dev/null
@@ -1,194 +0,0 @@
-<?php
-/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2006-2013 Laurent Destailleur  <eldy@users.sourceforge.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-/**
- *     	\file       htdocs/public/paybox/paymentok.php
- *		\ingroup    paybox
- *		\brief      File to show page after a successful payment
- */
-
-define("NOLOGIN", 1);		// This means this output page does not require to be logged.
-define("NOCSRFCHECK", 1);	// We accept to go on this page from external web site.
-
-// For MultiCompany module.
-// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
-// TODO This should be useless. Because entity must be retreive from object ref and not from url.
-$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
-if (is_numeric($entity)) define("DOLENTITY", $entity);
-
-require '../../main.inc.php';
-require_once DOL_DOCUMENT_ROOT.'/paybox/lib/paybox.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
-
-// Security check
-if (empty($conf->paybox->enabled)) accessforbidden('', 0, 0, 1);
-
-$langs->loadLangs(array("main", "other", "dict", "bills", "companies", "paybox", "paypal", "stripe"));
-
-/*$source=GETPOST('source');
-$ref=GETPOST('ref');
-$PAYBOXTOKEN=GETPOST('TOKEN');
-if (empty($PAYBOXTOKEN)) $PAYBOXTOKEN=GETPOST('token');
-$PAYBOXPAYERID=GETPOST('PAYERID');
-if (empty($PAYBOXPAYERID)) $PAYBOXPAYERID=GETPOST('PayerID');
-*/
-$FULLTAG=GETPOST('FULLTAG');
-if (empty($FULLTAG)) $FULLTAG=GETPOST('fulltag');
-
-
-$object = new stdClass();   // For triggers
-
-$paymentmethod='paybox';
-
-
-/*
- * Actions
- */
-
-
-
-
-
-/*
- * View
- */
-
-dol_syslog("Callback url when a PayBox payment was done. query_string=".(dol_escape_htmltag($_SERVER["QUERY_STRING"])?dol_escape_htmltag($_SERVER["QUERY_STRING"]):'')." script_uri=".(dol_escape_htmltag($_SERVER["SCRIPT_URI"])?dol_escape_htmltag($_SERVER["SCRIPT_URI"]):''), LOG_DEBUG, 0, '_paybox');
-
-$tracepost = "";
-foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";
-dol_syslog("POST=".$tracepost, LOG_DEBUG, 0, '_paybox');
-
-
-$head='';
-if (! empty($conf->global->ONLINE_PAYMENT_CSS_URL)) $head='<link rel="stylesheet" type="text/css" href="'.$conf->global->ONLINE_PAYMENT_CSS_URL.'?lang='.$langs->defaultlang.'">'."\n";
-
-$conf->dol_hide_topmenu=1;
-$conf->dol_hide_leftmenu=1;
-
-llxHeader($head, $langs->trans("PaymentForm"), '', '', 0, 0, '', '', '', 'onlinepaymentbody');
-
-
-// Show message
-print '<span id="dolpaymentspan"></span>'."\n";
-print '<div id="dolpaymentdiv" align="center">'."\n";
-
-// Get on url call
-/*
-$onlinetoken              = $PAYBOXTOKEN;
-*/
-$fulltag            = $FULLTAG;
-/*$payerID            = $PAYBOXPAYERID;
-// Set by newpayment.php
-$paymentType        = $_SESSION['PaymentType'];
-$currencyCodeType   = $_SESSION['currencyCodeType'];
-$FinalPaymentAmt    = $_SESSION["FinalPaymentAmt"];
-// From env
-$ipaddress          = $_SESSION['ipaddress'];
-
-dol_syslog("Call newpaymentok with token=".$onlinetoken." paymentType=".$paymentType." currencyCodeType=".$currencyCodeType." payerID=".$payerID." ipaddress=".$ipaddress." FinalPaymentAmt=".$FinalPaymentAmt." fulltag=".$fulltag);
-*/
-
-
-print $langs->trans("YourPaymentHasBeenRecorded")."<br><br>\n";
-
-$key='ONLINE_PAYMENT_MESSAGE_OK';
-if (! empty($conf->global->$key)) print $conf->global->$key;
-
-
-// Appel des triggers
-include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
-$interface=new Interfaces($db);
-$result=$interface->run_triggers('PAYBOX_PAYMENT_OK', $object, $user, $langs, $conf);
-if ($result < 0) { $error++; $errors=$interface->errors; }
-// Fin appel triggers
-
-$tmptag=dolExplodeIntoArray($fulltag, '.', '=');
-
-// Send an email
-if (! empty($conf->global->ONLINE_PAYMENT_SENDEMAIL))
-{
-	$sendto=$conf->global->ONLINE_PAYMENT_SENDEMAIL;
-	$from=$conf->global->MAILING_EMAIL_FROM;
-	// Define $urlwithroot
-	$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
-	$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT;		// This is to use external domain name found into config file
-	//$urlwithroot=DOL_MAIN_URL_ROOT;					// This is to use same domain name than current
-
-	// Define link to login card
-	$appli=constant('DOL_APPLICATION_TITLE');
-	if (! empty($conf->global->MAIN_APPLICATION_TITLE))
-	{
-	    $appli=$conf->global->MAIN_APPLICATION_TITLE;
-	    if (preg_match('/\d\.\d/', $appli))
-	    {
-	        if (! preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) $appli.=" (".DOL_VERSION.")";	// If new title contains a version that is different than core
-	    }
-	    else $appli.=" ".DOL_VERSION;
-	}
-	else $appli.=" ".DOL_VERSION;
-
-	$urlback=$_SERVER["REQUEST_URI"];
-	$topic='['.$appli.'] '.$langs->transnoentitiesnoconv("NewOnlinePaymentReceived");
-	$content="";
-	if (! empty($tmptag['MEM']))
-	{
-		$langs->load("members");
-		$url=$urlwithroot."/adherents/subscription.php?rowid=".$tmptag['MEM'];
-		$content.=$langs->trans("PaymentSubscription")."<br>\n";
-		$content.=$langs->trans("MemberId").': '.$tmptag['MEM']."<br>\n";
-		$content.=$langs->trans("Link").': <a href="'.$url.'">'.$url.'</a>'."<br>\n";
-	}
-	else
-	{
-		$content.=$langs->transnoentitiesnoconv("NewOnlinePaymentReceived")."<br>\n";
-	}
-	$content.="<br>\n";
-	$content.=$langs->transnoentitiesnoconv("TechnicalInformation").":<br>\n";
-    $content.=$langs->transnoentitiesnoconv("OnlinePaymentSystem").': '.$paymentmethod."<br>\n";
-	$content.=$langs->transnoentitiesnoconv("ReturnURLAfterPayment").': '.$urlback."<br>\n";
-	$content.="tag=".$fulltag."<br>\n";
-
-	$ishtml=dol_textishtml($content);	// May contain urls
-
-	require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
-	$mailfile = new CMailFile($topic, $sendto, $from, $content, array(), array(), array(), '', '', 0, $ishtml);
-
-	// Send an email
-	$result=$mailfile->sendfile();
-	if ($result)
-	{
-		dol_syslog("EMail sent to ".$sendto, LOG_DEBUG, 0, '_paybox');
-	}
-	else
-	{
-		dol_syslog("Failed to send EMail to ".$sendto, LOG_ERR, 0, '_paybox');
-	}
-}
-
-
-
-print "\n</div>\n";
-
-htmlPrintOnlinePaymentFooter($mysoc, $langs, 0, $suffix);
-
-
-llxFooter('', 'public');
-
-$db->close();
diff --git a/htdocs/public/paypal/index.php b/htdocs/public/paypal/index.php
deleted file mode 100644
index 0cba12e6aa2..00000000000
--- a/htdocs/public/paypal/index.php
+++ /dev/null
@@ -1,27 +0,0 @@
-<?php
-/* Copyright (C) 2009 Laurent Destailleur  <eldy@users.sourceforge.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-/**
- *     	\file       htdocs/public/paypal/index.php
- *		\ingroup    core
- *		\brief      A redirect page to an error
- *		\author	    Laurent Destailleur
- */
-
-require '../../master.inc.php';
-
-header("Location: ".DOL_URL_ROOT.'/public/error-404.php');
diff --git a/htdocs/public/paypal/newpayment.php b/htdocs/public/paypal/newpayment.php
deleted file mode 100644
index ce6bb62500b..00000000000
--- a/htdocs/public/paypal/newpayment.php
+++ /dev/null
@@ -1,52 +0,0 @@
-<?php
-/* Copyright (C) 2001-2002	Rodolphe Quiedeville	<rodolphe@quiedeville.org>
- * Copyright (C) 2006-2017	Laurent Destailleur		<eldy@users.sourceforge.net>
- * Copyright (C) 2009-2012	Regis Houssin			<regis.houssin@inodbox.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
- * For paypal test: https://developer.paypal.com/
- * For paybox test: ???
- */
-
-/**
- *     	\file       htdocs/public/paypal/newpayment.php
- *		\ingroup    paypal
- *		\brief      File to offer a way to make a payment for a particular Dolibarr entity
- */
-
-define("NOLOGIN", 1);		// This means this output page does not require to be logged.
-define("NOCSRFCHECK", 1);	// We accept to go on this page from external web site.
-
-// For MultiCompany module.
-// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
-// TODO This should be useless. Because entity must be retreive from object ref and not from url.
-$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
-if (is_numeric($entity)) define("DOLENTITY", $entity);
-
-require '../../main.inc.php';
-require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypal.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypalfunctions.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
-
-// Security check
-if (empty($conf->paypal->enabled)) accessforbidden('', 0, 0, 1);
-
-$newurl = $_SERVER['REQUEST_URI'];
-$newurl = preg_replace('/\/paypal\/newpayment/', '/payment/newpayment', $newurl);
-header("Location: ".$newurl.(preg_match('/\?/', $newurl)?'&':'?').'paymentmethod=paypal');
-exit;
diff --git a/htdocs/public/paypal/paymentko.php b/htdocs/public/paypal/paymentko.php
deleted file mode 100644
index 2a80f5e5ba4..00000000000
--- a/htdocs/public/paypal/paymentko.php
+++ /dev/null
@@ -1,173 +0,0 @@
-<?php
-/* Copyright (C) 2001-2002	Rodolphe Quiedeville	<rodolphe@quiedeville.org>
- * Copyright (C) 2006-2013	Laurent Destailleur		<eldy@users.sourceforge.net>
- * Copyright (C) 2012		Regis Houssin			<regis.houssin@inodbox.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-/**
- *     	\file       htdocs/public/paypal/paymentko.php
- *		\ingroup    paypal
- *		\brief      File to show page after a failed payment.
- *                  This page is called by paypal with url provided to payal competed with parameter TOKEN=xxx
- *                  This token can be used to get more informations.
- */
-
-define("NOLOGIN", 1);		// This means this output page does not require to be logged.
-define("NOCSRFCHECK", 1);	// We accept to go on this page from external web site.
-
-// For MultiCompany module.
-// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
-// TODO This should be useless. Because entity must be retreive from object ref and not from url.
-$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
-if (is_numeric($entity)) define("DOLENTITY", $entity);
-
-require '../../main.inc.php';
-require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypal.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypalfunctions.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
-
-// Security check
-if (empty($conf->paypal->enabled)) accessforbidden('', 0, 0, 1);
-
-$langs->loadLangs(array("main", "other", "dict", "bills", "companies", "paybox", "paypal", "stripe"));
-
-$PAYPALTOKEN=GETPOST('TOKEN');
-if (empty($PAYPALTOKEN)) $PAYPALTOKEN=GETPOST('token');
-$PAYPALPAYERID=GETPOST('PAYERID');
-if (empty($PAYPALPAYERID)) $PAYPALPAYERID=GETPOST('PayerID');
-$FULLTAG=GETPOST('FULLTAG');
-if (empty($FULLTAG)) $FULLTAG=GETPOST('fulltag');
-
-
-$object = new stdClass();   // For triggers
-
-$paymentmethod='paypal';
-
-
-/*
- * Actions
- */
-
-
-
-
-/*
- * View
- */
-
-dol_syslog("Callback url when a PayPal payment was canceled. query_string=".(dol_escape_htmltag($_SERVER["QUERY_STRING"])?dol_escape_htmltag($_SERVER["QUERY_STRING"]):'')." script_uri=".(dol_escape_htmltag($_SERVER["SCRIPT_URI"])?dol_escape_htmltag($_SERVER["SCRIPT_URI"]):''), LOG_DEBUG, 0, '_paypal');
-
-$tracepost = "";
-foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";
-dol_syslog("POST=".$tracepost, LOG_DEBUG, 0, '_paypal');
-
-if (! empty($_SESSION['ipaddress']))      // To avoid to make action twice
-{
-    // Get on url call
-    $fulltag            = $FULLTAG;
-    $onlinetoken        = empty($PAYPALTOKEN)?$_SESSION['onlinetoken']:$PAYPALTOKEN;
-    $payerID            = empty($PAYPALPAYERID)?$_SESSION['payerID']:$PAYPALPAYERID;
-    // Set by newpayment.php
-    $paymentType        = $_SESSION['PaymentType'];
-    $currencyCodeType   = $_SESSION['currencyCodeType'];
-    $FinalPaymentAmt    = $_SESSION["FinalPaymentAmt"];
-    // From env
-    $ipaddress          = $_SESSION['ipaddress'];
-
-    // Appel des triggers
-    include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
-    $interface=new Interfaces($db);
-    $result=$interface->run_triggers('PAYPAL_PAYMENT_KO', $object, $user, $langs, $conf);
-    if ($result < 0) { $error++; $errors=$interface->errors; }
-    // Fin appel triggers
-
-    // Send an email
-    $sendemail = '';
-    if (! empty($conf->global->ONLINE_PAYMENT_SENDEMAIL))  $sendemail=$conf->global->ONLINE_PAYMENT_SENDEMAIL;
-
-    if ($sendemail)
-    {
-    	$sendto=$sendemail;
-    	$from=$conf->global->MAILING_EMAIL_FROM;
-
-    	// Define link to login card
-    	$appli=constant('DOL_APPLICATION_TITLE');
-    	if (! empty($conf->global->MAIN_APPLICATION_TITLE))
-    	{
-    	    $appli=$conf->global->MAIN_APPLICATION_TITLE;
-    	    if (preg_match('/\d\.\d/', $appli))
-    	    {
-    	        if (! preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) $appli.=" (".DOL_VERSION.")";	// If new title contains a version that is different than core
-    	    }
-    	    else $appli.=" ".DOL_VERSION;
-    	}
-    	else $appli.=" ".DOL_VERSION;
-
-    	$urlback=$_SERVER["REQUEST_URI"];
-    	$topic='['.$appli.'] '.$langs->transnoentitiesnoconv("NewOnlinePaymentFailed");
-    	$content="";
-    	$content.=$langs->transnoentitiesnoconv("ValidationOfOnlinePaymentFailed")."\n";
-    	$content.="\n";
-    	$content.=$langs->transnoentitiesnoconv("TechnicalInformation").":\n";
-    	$content.=$langs->transnoentitiesnoconv("OnlinePaymentSystem").': '.$paymentmethod."<br>\n";
-    	$content.=$langs->transnoentitiesnoconv("ReturnURLAfterPayment").': '.$urlback."\n";
-    	$content.="tag=".$fulltag."\ntoken=".$onlinetoken." paymentType=".$paymentType." currencycodeType=".$currencyCodeType." payerId=".$payerID." ipaddress=".$ipaddress." FinalPaymentAmt=".$FinalPaymentAmt;
-
-    	require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
-    	$mailfile = new CMailFile($topic, $sendto, $from, $content);
-
-    	$result=$mailfile->sendfile();
-    	if ($result)
-    	{
-    		dol_syslog("EMail sent to ".$sendto, LOG_DEBUG, 0, '_paypal');
-    	}
-    	else
-    	{
-    		dol_syslog("Failed to send EMail to ".$sendto, LOG_ERR, 0, '_paypal');
-    	}
-    }
-
-    unset($_SESSION['ipaddress']);
-}
-
-
-$head='';
-if (! empty($conf->global->ONLINE_PAYMENT_CSS_URL)) $head='<link rel="stylesheet" type="text/css" href="'.$conf->global->ONLINE_PAYMENT_CSS_URL.'?lang='.$langs->defaultlang.'">'."\n";
-
-$conf->dol_hide_topmenu=1;
-$conf->dol_hide_leftmenu=1;
-
-llxHeader($head, $langs->trans("PaymentForm"), '', '', 0, 0, '', '', '', 'onlinepaymentbody');
-
-
-// Show ko message
-print '<span id="dolpaymentspan"></span>'."\n";
-print '<div id="dolpaymentdiv" align="center">'."\n";
-print $langs->trans("YourPaymentHasNotBeenRecorded")."<br><br>";
-
-$key='ONLINE_PAYMENT_MESSAGE_KO';
-if (! empty($conf->global->$key)) print $conf->global->$key;
-
-print "\n</div>\n";
-
-
-htmlPrintOnlinePaymentFooter($mysoc, $langs, 0, $suffix);
-
-
-llxFooter('', 'public');
-
-$db->close();
diff --git a/htdocs/public/paypal/paymentok.php b/htdocs/public/paypal/paymentok.php
deleted file mode 100644
index 6319945ce00..00000000000
--- a/htdocs/public/paypal/paymentok.php
+++ /dev/null
@@ -1,332 +0,0 @@
-<?php
-/* Copyright (C) 2001-2002	Rodolphe Quiedeville	<rodolphe@quiedeville.org>
- * Copyright (C) 2006-2013	Laurent Destailleur		<eldy@users.sourceforge.net>
- * Copyright (C) 2012		Regis Houssin			<regis.houssin@inodbox.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-/**
- *     	\file       htdocs/public/paypal/paymentok.php
- *		\ingroup    paypal
- *		\brief      File to show page after a successful payment
- *                  This page is called by paypal with url provided to payal completed with parameter TOKEN=xxx
- *                  This token can be used to get more informations.
- */
-
-define("NOLOGIN", 1);		// This means this output page does not require to be logged.
-define("NOCSRFCHECK", 1);	// We accept to go on this page from external web site.
-
-// For MultiCompany module.
-// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
-// TODO This should be useless. Because entity must be retreive from object ref and not from url.
-$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
-if (is_numeric($entity)) define("DOLENTITY", $entity);
-
-require '../../main.inc.php';
-require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypal.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypalfunctions.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
-
-// Security check
-if (empty($conf->paypal->enabled)) accessforbidden('', 0, 0, 1);
-
-$langs->loadLangs(array("main","other","dict","bills","companies","paybox","paypal","stripe"));
-
-// Clean parameters
-$PAYPAL_API_USER="";
-if (! empty($conf->global->PAYPAL_API_USER)) $PAYPAL_API_USER=$conf->global->PAYPAL_API_USER;
-$PAYPAL_API_PASSWORD="";
-if (! empty($conf->global->PAYPAL_API_PASSWORD)) $PAYPAL_API_PASSWORD=$conf->global->PAYPAL_API_PASSWORD;
-$PAYPAL_API_SIGNATURE="";
-if (! empty($conf->global->PAYPAL_API_SIGNATURE)) $PAYPAL_API_SIGNATURE=$conf->global->PAYPAL_API_SIGNATURE;
-$PAYPAL_API_SANDBOX="";
-if (! empty($conf->global->PAYPAL_API_SANDBOX)) $PAYPAL_API_SANDBOX=$conf->global->PAYPAL_API_SANDBOX;
-$PAYPAL_API_OK="";
-if ($urlok) $PAYPAL_API_OK=$urlok;
-$PAYPAL_API_KO="";
-if ($urlko) $PAYPAL_API_KO=$urlko;
-if (empty($PAYPAL_API_USER))
-{
-    dol_print_error('', "Paypal setup param PAYPAL_API_USER not defined");
-    return -1;
-}
-if (empty($PAYPAL_API_PASSWORD))
-{
-    dol_print_error('', "Paypal setup param PAYPAL_API_PASSWORD not defined");
-    return -1;
-}
-if (empty($PAYPAL_API_SIGNATURE))
-{
-    dol_print_error('', "Paypal setup param PAYPAL_API_SIGNATURE not defined");
-    return -1;
-}
-
-$source=GETPOST('source');
-$ref=GETPOST('ref');
-$PAYPALTOKEN=GETPOST('TOKEN');
-if (empty($PAYPALTOKEN)) $PAYPALTOKEN=GETPOST('token');
-$PAYPALPAYERID=GETPOST('PAYERID');
-if (empty($PAYPALPAYERID)) $PAYPALPAYERID=GETPOST('PayerID');
-$FULLTAG=GETPOST('FULLTAG');
-if (empty($FULLTAG)) $FULLTAG=GETPOST('fulltag');
-
-
-$object = new stdClass();   // For triggers
-
-$paymentmethod='paypal';
-
-
-/*
- * Actions
- */
-
-
-
-/*
- * View
- */
-
-dol_syslog("Callback url when a PayPal payment was done. query_string=".(dol_escape_htmltag($_SERVER["QUERY_STRING"])?dol_escape_htmltag($_SERVER["QUERY_STRING"]):'')." script_uri=".(dol_escape_htmltag($_SERVER["SCRIPT_URI"])?dol_escape_htmltag($_SERVER["SCRIPT_URI"]):''), LOG_DEBUG, 0, '_paypal');
-
-$tracepost = "";
-foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";
-dol_syslog("POST=".$tracepost, LOG_DEBUG, 0, '_paypal');
-
-
-$head='';
-if (! empty($conf->global->ONLINE_PAYMENT_CSS_URL)) $head='<link rel="stylesheet" type="text/css" href="'.$conf->global->ONLINE_PAYMENT_CSS_URL.'?lang='.$langs->defaultlang.'">'."\n";
-
-$conf->dol_hide_topmenu=1;
-$conf->dol_hide_leftmenu=1;
-
-llxHeader($head, $langs->trans("PaymentForm"), '', '', 0, 0, '', '', '', 'onlinepaymentbody');
-
-
-// Show message
-print '<span id="dolpaymentspan"></span>'."\n";
-print '<div id="dolpaymentdiv" align="center">'."\n";
-
-if ($PAYPALTOKEN)
-{
-    // Get on url call
-    $onlinetoken        = $PAYPALTOKEN;
-    $fulltag            = $FULLTAG;
-    $payerID            = $PAYPALPAYERID;
-    // Set by newpayment.php
-    $paymentType        = $_SESSION['PaymentType'];
-    $currencyCodeType   = $_SESSION['currencyCodeType'];
-    $FinalPaymentAmt    = $_SESSION["FinalPaymentAmt"];
-    // From env
-    $ipaddress          = $_SESSION['ipaddress'];
-
-	dol_syslog("Call paymentok with token=".$onlinetoken." paymentType=".$paymentType." currencyCodeType=".$currencyCodeType." payerID=".$payerID." ipaddress=".$ipaddress." FinalPaymentAmt=".$FinalPaymentAmt." fulltag=".$fulltag, LOG_DEBUG, 0, '_paypal');
-
-
-	// Validate record
-    if (! empty($paymentType))
-    {
-        dol_syslog("We call GetExpressCheckoutDetails", LOG_DEBUG, 0, '_paypal');
-        $resArray=getDetails($onlinetoken);
-        //var_dump($resarray);
-
-        dol_syslog("We call DoExpressCheckoutPayment token=".$onlinetoken." paymentType=".$paymentType." currencyCodeType=".$currencyCodeType." payerID=".$payerID." ipaddress=".$ipaddress." FinalPaymentAmt=".$FinalPaymentAmt." fulltag=".$fulltag, LOG_DEBUG, 0, '_paypal');
-        $resArray=confirmPayment($onlinetoken, $paymentType, $currencyCodeType, $payerID, $ipaddress, $FinalPaymentAmt, $fulltag);
-
-        $ack = strtoupper($resArray["ACK"]);
-        if($ack=="SUCCESS" || $ack=="SUCCESSWITHWARNING")
-        {
-        	$object->source		= $source;
-        	$object->ref		= $ref;
-        	$object->payerID	= $payerID;
-        	$object->fulltag	= $fulltag;
-        	$object->resArray	= $resArray;
-
-            // resArray was built from a string like that
-            // TOKEN=EC%2d1NJ057703V9359028&TIMESTAMP=2010%2d11%2d01T11%3a40%3a13Z&CORRELATIONID=1efa8c6a36bd8&ACK=Success&VERSION=56&BUILD=1553277&TRANSACTIONID=9B994597K9921420R&TRANSACTIONTYPE=expresscheckout&PAYMENTTYPE=instant&ORDERTIME=2010%2d11%2d01T11%3a40%3a12Z&AMT=155%2e57&FEEAMT=5%2e54&TAXAMT=0%2e00&CURRENCYCODE=EUR&PAYMENTSTATUS=Completed&PENDINGREASON=None&REASONCODE=None
-            $PAYMENTSTATUS=urldecode($resArray["PAYMENTSTATUS"]);   // Should contains 'Completed'
-            $TRANSACTIONID=urldecode($resArray["TRANSACTIONID"]);
-            $TAXAMT=urldecode($resArray["TAXAMT"]);
-            $NOTE=urldecode($resArray["NOTE"]);
-
-            print $langs->trans("YourPaymentHasBeenRecorded")."<br>\n";
-            print $langs->trans("ThisIsTransactionId", $TRANSACTIONID)."<br><br>\n";
-
-			$key='ONLINE_PAYMENT_MESSAGE_OK';
-			if (! empty($conf->global->$key)) print $conf->global->$key;
-
-            // Appel des triggers
-            include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
-            $interface=new Interfaces($db);
-            $result=$interface->run_triggers('PAYPAL_PAYMENT_OK', $object, $user, $langs, $conf);
-            if ($result < 0) { $error++; $errors=$interface->errors; }
-            // Fin appel triggers
-
-            $tmptag=dolExplodeIntoArray($fulltag, '.', '=');
-
-        	// Send an email
-			if (! empty($conf->global->ONLINE_PAYMENT_SENDEMAIL))
-			{
-				$sendto=$conf->global->ONLINE_PAYMENT_SENDEMAIL;
-				$from=$conf->global->MAILING_EMAIL_FROM;
-				// Define $urlwithroot
-				$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
-				$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT;		// This is to use external domain name found into config file
-				//$urlwithroot=DOL_MAIN_URL_ROOT;					// This is to use same domain name than current
-
-				// Define link to login card
-				$appli=constant('DOL_APPLICATION_TITLE');
-				if (! empty($conf->global->MAIN_APPLICATION_TITLE))
-				{
-				    $appli=$conf->global->MAIN_APPLICATION_TITLE;
-				    if (preg_match('/\d\.\d/', $appli))
-				    {
-				        if (! preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) $appli.=" (".DOL_VERSION.")";	// If new title contains a version that is different than core
-				    }
-				    else $appli.=" ".DOL_VERSION;
-				}
-				else $appli.=" ".DOL_VERSION;
-
-				$urlback=$_SERVER["REQUEST_URI"];
-				$topic='['.$appli.'] '.$langs->transnoentitiesnoconv("NewOnlinePaymentReceived");
-				$content="";
-				if (! empty($tmptag['MEM']))
-				{
-					$langs->load("members");
-					$url=$urlwithroot."/adherents/subscription.php?rowid=".$tmptag['MEM'];
-					$content.=$langs->trans("PaymentSubscription")."<br>\n";
-					$content.=$langs->trans("MemberId").': '.$tmptag['MEM']."<br>\n";
-					$content.=$langs->trans("Link").': <a href="'.$url.'">'.$url.'</a>'."<br>\n";
-				}
-				else
-				{
-					$content.=$langs->transnoentitiesnoconv("NewOnlinePaymentReceived")."<br>\n";
-				}
-				$content.="<br>\n";
-				$content.=$langs->transnoentitiesnoconv("TechnicalInformation").":<br>\n";
-                $content.=$langs->transnoentitiesnoconv("OnlinePaymentSystem").': '.$paymentmethod."<br>\n";
-				$content.=$langs->transnoentitiesnoconv("ReturnURLAfterPayment").': '.$urlback."<br>\n";
-				$content.="tag=".$fulltag."\ntoken=".$onlinetoken." paymentType=".$paymentType." currencycodeType=".$currencyCodeType." payerId=".$payerID." ipaddress=".$ipaddress." FinalPaymentAmt=".$FinalPaymentAmt;
-
-				$ishtml=dol_textishtml($content);	// May contain urls
-
-				require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
-				$mailfile = new CMailFile($topic, $sendto, $from, $content, array(), array(), array(), '', '', 0, $ishtml);
-
-				$result=$mailfile->sendfile();
-				if ($result)
-				{
-					dol_syslog("EMail sent to ".$sendto, LOG_DEBUG, 0, '_paypal');
-				}
-				else
-				{
-					dol_syslog("Failed to send EMail to ".$sendto, LOG_ERR, 0, '_paypal');
-				}
-			}
-        }
-        else
-		{
-            // Appel des triggers
-            include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
-            $interface=new Interfaces($db);
-            $result=$interface->run_triggers('PAYPAL_PAYMENT_KO', $object, $user, $langs, $conf);
-            if ($result < 0) { $error++; $errors=$interface->errors; }
-            // Fin appel triggers
-
-		    //Display a user friendly Error on the page using any of the following error information returned by PayPal
-            $ErrorCode = urldecode($resArray["L_ERRORCODE0"]);
-            $ErrorShortMsg = urldecode($resArray["L_SHORTMESSAGE0"]);
-            $ErrorLongMsg = urldecode($resArray["L_LONGMESSAGE0"]);
-            $ErrorSeverityCode = urldecode($resArray["L_SEVERITYCODE0"]);
-
-            echo $langs->trans('DoExpressCheckoutPaymentAPICallFailed') . "<br>\n";
-            echo $langs->trans('DetailedErrorMessage') . ": " . $ErrorLongMsg."<br>\n";
-            echo $langs->trans('ShortErrorMessage') . ": " . $ErrorShortMsg."<br>\n";
-            echo $langs->trans('ErrorCode') . ": " . $ErrorCode."<br>\n";
-            echo $langs->trans('ErrorSeverityCode') . ": " . $ErrorSeverityCode."<br>\n";
-
-            if ($mysoc->email) echo "\nPlease, send a screenshot of this page to ".$mysoc->email."<br>\n";
-
-            $tmptag=dolExplodeIntoArray($fulltag, '.', '=');
-
-           	// Send an email
-			if (! empty($conf->global->ONLINE_PAYMENT_SENDEMAIL))
-			{
-				$sendto=$conf->global->ONLINE_PAYMENT_SENDEMAIL;
-				$from=$conf->global->MAILING_EMAIL_FROM;
-				// Define $urlwithroot
-				$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
-				$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT;		// This is to use external domain name found into config file
-				//$urlwithroot=DOL_MAIN_URL_ROOT;					// This is to use same domain name than current
-
-				// Define link to login card
-				$appli=constant('DOL_APPLICATION_TITLE');
-				if (! empty($conf->global->MAIN_APPLICATION_TITLE))
-				{
-				    $appli=$conf->global->MAIN_APPLICATION_TITLE;
-				    if (preg_match('/\d\.\d/', $appli))
-				    {
-				        if (! preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) $appli.=" (".DOL_VERSION.")";	// If new title contains a version that is different than core
-				    }
-				    else $appli.=" ".DOL_VERSION;
-				}
-				else $appli.=" ".DOL_VERSION;
-
-				$urlback=$_SERVER["REQUEST_URI"];
-				$topic='['.$appli.'] '.$langs->transnoentitiesnoconv("ValidationOfPaymentFailed");
-				$content="";
-				$content.=$langs->transnoentitiesnoconv("PaymentSystemConfirmPaymentPageWasCalledButFailed")."\n";
-				$content.="\n";
-				$content.=$langs->transnoentitiesnoconv("TechnicalInformation").":\n";
-                $content.=$langs->transnoentitiesnoconv("OnlinePaymentSystem").': '.$paymentmethod."\n";
-				$content.=$langs->transnoentitiesnoconv("ReturnURLAfterPayment").': '.$urlback."\n";
-				$content.="tag=".$fulltag."\ntoken=".$onlinetoken." paymentType=".$paymentType." currencycodeType=".$currencyCodeType." payerId=".$payerID." ipaddress=".$ipaddress." FinalPaymentAmt=".$FinalPaymentAmt;
-
-				$ishtml=dol_textishtml($content);	// May contain urls
-
-				require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
-				$mailfile = new CMailFile($topic, $sendto, $from, $content, array(), array(), array(), '', '', 0, $ishtml);
-
-				$result=$mailfile->sendfile();
-				if ($result)
-				{
-					dol_syslog("EMail sent to ".$sendto, LOG_DEBUG, 0, '_paypal');
-				}
-				else
-				{
-					dol_syslog("Failed to send EMail to ".$sendto, LOG_ERR, 0, '_paypal');
-				}
-			}
-        }
-    }
-    else
-    {
-        dol_print_error('', 'Session expired');
-    }
-}
-else
-{
-    // No TOKEN parameter in URL
-    dol_print_error('', 'No TOKEN parameter in URL');
-}
-
-print "\n</div>\n";
-
-htmlPrintOnlinePaymentFooter($mysoc, $langs, 0, $suffix);
-
-
-llxFooter('', 'public');
-
-$db->close();
diff --git a/htdocs/public/stripe/newpayment.php b/htdocs/public/stripe/newpayment.php
deleted file mode 100644
index 38f76865cb7..00000000000
--- a/htdocs/public/stripe/newpayment.php
+++ /dev/null
@@ -1,51 +0,0 @@
-<?php
-/* Copyright (C) 2017		Alexandre Spangaro		<aspangaro@open-dsi.fr>
- * Copyright (C) 2017		Saasprov				<saasprov@gmail.com>
- * Copyright (C) 2017       Laurent Destailleur		<eldy@users.sourceforge.net>
- * Copyright (C) 2017       Ferran Marcet   		<fmarcet@2byte.es>
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *
- * Page is called with payment parameters then called with action='dopayment', then called with action='charge' then redirect is done on urlok/jo
- */
-
-/**
- *  \file       htdocs/public/stripe/newpayment.php
- *  \ingroup    Stripe
- *  \brief      Page to do payment with Stripe
- */
-
-define("NOLOGIN", 1);		// This means this output page does not require to be logged.
-define("NOCSRFCHECK", 1);	// We accept to go on this page from external web site.
-
-// For MultiCompany module.
-// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
-// TODO This should be useless. Because entity must be retreive from object ref and not from url.
-$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
-if (is_numeric($entity)) define("DOLENTITY", $entity);
-
-require '../../main.inc.php';
-require_once DOL_DOCUMENT_ROOT.'/stripe/config.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
-
-// Security check
-if (empty($conf->stripe->enabled)) accessforbidden('', 0, 0, 1);
-
-$newurl = $_SERVER['REQUEST_URI'];
-$newurl = preg_replace('/\/stripe\/newpayment/', '/stripe/newpayment', $newurl);
-header("Location: ".$newurl.(preg_match('/\?/', $newurl)?'&':'?').'paymentmethod=stripe');
-exit;
diff --git a/htdocs/public/stripe/paymentko.php b/htdocs/public/stripe/paymentko.php
deleted file mode 100644
index fa4eb5730eb..00000000000
--- a/htdocs/public/stripe/paymentko.php
+++ /dev/null
@@ -1,160 +0,0 @@
-<?php
-/* Copyright (C) 2017	Laurent Destailleur		<eldy@users.sourceforge.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-/**
- *     	\file       htdocs/public/stripe/paymentko.php
- *		\ingroup    core
- *		\brief      File to show page after a failed payment.
- *                  This page is called by payment system with url provided to it competed with parameter FULLTAG=xxx
- *                  More data like token are saved into session. This token can be used to get more informations.
- */
-
-define("NOLOGIN", 1);		// This means this output page does not require to be logged.
-define("NOCSRFCHECK", 1);	// We accept to go on this page from external web site.
-
-// For MultiCompany module.
-// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
-// TODO This should be useless. Because entity must be retreive from object ref and not from url.
-$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
-if (is_numeric($entity)) define("DOLENTITY", $entity);
-
-require '../../main.inc.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
-
-$langs->loadLangs(array("main", "other", "dict", "bills", "companies", "paybox", "paypal", "stripe"));
-
-$FULLTAG=GETPOST('FULLTAG');
-if (empty($FULLTAG)) $FULLTAG=GETPOST('fulltag');
-
-// Security check
-if (empty($conf->stripe->enabled)) accessforbidden('', 0, 0, 1);
-
-$object = new stdClass();   // For triggers
-
-$paymentmethod='stripe';
-
-
-/*
- * Actions
- */
-
-
-
-
-/*
- * View
- */
-
-dol_syslog("Callback url when a PayPal payment was canceled. query_string=".(empty($_SERVER["QUERY_STRING"])?'':$_SERVER["QUERY_STRING"])." script_uri=".(empty($_SERVER["SCRIPT_URI"])?'':$_SERVER["SCRIPT_URI"]), LOG_DEBUG, 0, '_stripe');
-
-$tracepost = "";
-foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";
-dol_syslog("POST=".$tracepost, LOG_DEBUG, 0, '_stripe');
-
-if (! empty($_SESSION['ipaddress']))      // To avoid to make action twice
-{
-    $fulltag            = $FULLTAG;
-    $onlinetoken        = empty($PAYPALTOKEN)?$_SESSION['onlinetoken']:$PAYPALTOKEN;
-    $payerID            = empty($PAYPALPAYERID)?$_SESSION['payerID']:$PAYPALPAYERID;
-    $currencyCodeType   = $_SESSION['currencyCodeType'];
-    $paymentType        = $_SESSION['paymentType'];
-    $FinalPaymentAmt    = $_SESSION['FinalPaymentAmt'];
-    $ipaddress          = $_SESSION['ipaddress'];
-
-    // Appel des triggers
-    include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
-    $interface=new Interfaces($db);
-    $result=$interface->run_triggers('STRIPE_PAYMENT_KO', $object, $user, $langs, $conf);
-    if ($result < 0) { $error++; $errors=$interface->errors; }
-    // Fin appel triggers
-
-    // Send an email
-    $sendemail = '';
-    if (! empty($conf->global->ONLINE_PAYMENT_SENDEMAIL))  $sendemail=$conf->global->ONLINE_PAYMENT_SENDEMAIL;
-
-    if ($sendemail)
-    {
-        // Get on url call
-    	$sendto=$sendemail;
-    	$from=$conf->global->MAILING_EMAIL_FROM;
-
-    	// Define link to login card
-    	$appli=constant('DOL_APPLICATION_TITLE');
-    	if (! empty($conf->global->MAIN_APPLICATION_TITLE))
-    	{
-    	    $appli=$conf->global->MAIN_APPLICATION_TITLE;
-    	    if (preg_match('/\d\.\d/', $appli))
-    	    {
-    	        if (! preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) $appli.=" (".DOL_VERSION.")";	// If new title contains a version that is different than core
-    	    }
-    	    else $appli.=" ".DOL_VERSION;
-    	}
-    	else $appli.=" ".DOL_VERSION;
-
-    	$urlback=$_SERVER["REQUEST_URI"];
-    	$topic='['.$appli.'] '.$langs->transnoentitiesnoconv("NewOnlinePaymentFailed");
-    	$content="";
-    	$content.=$langs->transnoentitiesnoconv("ValidationOfOnlinePaymentFailed")."\n";
-    	$content.="\n";
-    	$content.=$langs->transnoentitiesnoconv("TechnicalInformation").":\n";
-    	$content.=$langs->transnoentitiesnoconv("OnlinePaymentSystem").': '.$paymentmethod."\n";
-    	$content.=$langs->transnoentitiesnoconv("ReturnURLAfterPayment").': '.$urlback."\n";
-    	$content.="tag=".$fulltag."\ntoken=".$onlinetoken." paymentType=".$paymentType." currencycodeType=".$currencyCodeType." payerId=".$payerID." ipaddress=".$ipaddress." FinalPaymentAmt=".$FinalPaymentAmt;
-    	require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
-    	$mailfile = new CMailFile($topic, $sendto, $from, $content);
-
-    	$result=$mailfile->sendfile();
-    	if ($result)
-    	{
-    		dol_syslog("EMail sent to ".$sendto, LOG_DEBUG, 0, '_stripe');
-    	}
-    	else
-    	{
-    		dol_syslog("Failed to send EMail to ".$sendto, LOG_ERR, 0, '_stripe');
-    	}
-    }
-
-    unset($_SESSION['ipaddress']);
-}
-
-$head='';
-if (! empty($conf->global->ONLINE_PAYMENT_CSS_URL)) $head='<link rel="stylesheet" type="text/css" href="'.$conf->global->ONLINE_PAYMENT_CSS_URL.'?lang='.$langs->defaultlang.'">'."\n";
-
-$conf->dol_hide_topmenu=1;
-$conf->dol_hide_leftmenu=1;
-
-llxHeader($head, $langs->trans("PaymentForm"), '', '', 0, 0, '', '', '', 'onlinepaymentbody');
-
-
-// Show ko message
-print '<span id="dolpaymentspan"></span>'."\n";
-print '<div id="dolpaymentdiv" align="center">'."\n";
-print $langs->trans("YourPaymentHasNotBeenRecorded")."<br><br>";
-
-$key='ONLINE_PAYMENT_MESSAGE_KO';
-if (! empty($conf->global->$key)) print $conf->global->$key;
-
-print "\n</div>\n";
-
-
-htmlPrintOnlinePaymentFooter($mysoc, $langs, 0, $suffix);
-
-
-llxFooter('', 'public');
-
-$db->close();
diff --git a/htdocs/public/stripe/paymentok.php b/htdocs/public/stripe/paymentok.php
deleted file mode 100644
index 76df44be576..00000000000
--- a/htdocs/public/stripe/paymentok.php
+++ /dev/null
@@ -1,196 +0,0 @@
-<?php
-/* Copyright (C) 2017	Laurent Destailleur		<eldy@users.sourceforge.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-/**
- *     	\file       htdocs/public/stripe/paymentok.php
- *		\ingroup    core
- *		\brief      File to show page after a successful payment
- *                  This page is called by payment system with url provided to it completed with parameter FULLTAG=xxx
- *                  More data like token are saved into session. This token can be used to get more informations.
- */
-
-define("NOLOGIN", 1);		// This means this output page does not require to be logged.
-define("NOCSRFCHECK", 1);	// We accept to go on this page from external web site.
-
-// For MultiCompany module.
-// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
-// TODO This should be useless. Because entity must be retreive from object ref and not from url.
-$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
-if (is_numeric($entity)) define("DOLENTITY", $entity);
-
-require '../../main.inc.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
-
-$langs->loadLangs(array("main", "other", "dict", "bills", "companies", "paybox", "paypal"));
-
-$FULLTAG=GETPOST('FULLTAG');
-if (empty($FULLTAG)) $FULLTAG=GETPOST('fulltag');
-$source=GETPOST('source');
-$ref=GETPOST('ref');
-
-// Security check
-if (empty($conf->stripe->enabled)) accessforbidden('', 0, 0, 1);
-
-
-$ispaymentok = false;
-// If payment is ok
-$PAYMENTSTATUS=$TRANSACTIONID=$TAXAMT=$NOTE='';
-// If payment is ko
-$ErrorCode=$ErrorShortMsg=$ErrorLongMsg=$ErrorSeverityCode='';
-
-
-$object = new stdClass();   // For triggers
-
-$paymentmethod='stripe';
-
-
-/*
- * Actions
- */
-
-
-
-/*
- * View
- */
-
-dol_syslog("Callback url when a payment was done. query_string=".(empty($_SERVER["QUERY_STRING"])?'':$_SERVER["QUERY_STRING"])." script_uri=".(empty($_SERVER["SCRIPT_URI"])?'':$_SERVER["SCRIPT_URI"]), LOG_DEBUG, 0, '_stripe');
-
-$tracepost = "";
-foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";
-dol_syslog("POST=".$tracepost, LOG_DEBUG, 0, '_stripe');
-
-$head='';
-if (! empty($conf->global->ONLINE_PAYMENT_CSS_URL)) $head='<link rel="stylesheet" type="text/css" href="'.$conf->global->ONLINE_PAYMENT_CSS_URL.'?lang='.$langs->defaultlang.'">'."\n";
-
-$conf->dol_hide_topmenu=1;
-$conf->dol_hide_leftmenu=1;
-
-llxHeader($head, $langs->trans("PaymentForm"), '', '', 0, 0, '', '', '', 'onlinepaymentbody');
-
-
-
-// Show message
-print '<span id="dolpaymentspan"></span>'."\n";
-print '<div id="dolpaymentdiv" align="center">'."\n";
-
-$ispaymentok = true;    // We call this page if payment is ok
-if ($ispaymentok)
-{
-    // Get on url call
-    $fulltag            = $FULLTAG;
-    $onlinetoken        = empty($PAYPALTOKEN)?$_SESSION['onlinetoken']:$PAYPALTOKEN;
-    $payerID            = empty($PAYPALPAYERID)?$_SESSION['payerID']:$PAYPALPAYERID;
-    // Set by newpayment.php
-    $paymentType        = $_SESSION['PaymentType'];
-    $currencyCodeType   = $_SESSION['currencyCodeType'];
-    $FinalPaymentAmt    = $_SESSION["FinalPaymentAmt"];
-    // From env
-    $ipaddress          = $_SESSION['ipaddress'];
-    $TRANSACTIONID      = $_SESSION['TRANSACTIONID'];
-
-    // Appel des triggers
-    include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
-    $interface=new Interfaces($db);
-    $result=$interface->run_triggers('STRIPE_PAYMENT_OK', $object, $user, $langs, $conf);
-    if ($result < 0) { $error++; $errors=$interface->errors; }
-    // Fin appel triggers
-
-
-    print $langs->trans("YourPaymentHasBeenRecorded")."<br>\n";
-    print $langs->trans("ThisIsTransactionId", $TRANSACTIONID)."<br><br>\n";
-
-	$key='ONLINE_PAYMENT_MESSAGE_OK';
-	if (! empty($conf->global->$key)) print $conf->global->$key;
-
-    $sendemail = '';
-    if (! empty($conf->global->ONLINE_PAYMENT_SENDEMAIL)) $sendemail=$conf->global->ONLINE_PAYMENT_SENDEMAIL;
-
-    $tmptag=dolExplodeIntoArray($fulltag, '.', '=');
-
-	// Send an email
-    if ($sendemail)
-	{
-		$sendto=$sendemail;
-		$from=$conf->global->MAILING_EMAIL_FROM;
-		// Define $urlwithroot
-		$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
-		$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT;		// This is to use external domain name found into config file
-		//$urlwithroot=DOL_MAIN_URL_ROOT;					// This is to use same domain name than current
-
-    	// Define link to login card
-    	$appli=constant('DOL_APPLICATION_TITLE');
-    	if (! empty($conf->global->MAIN_APPLICATION_TITLE))
-    	{
-    	    $appli=$conf->global->MAIN_APPLICATION_TITLE;
-    	    if (preg_match('/\d\.\d/', $appli))
-    	    {
-    	        if (! preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) $appli.=" (".DOL_VERSION.")";	// If new title contains a version that is different than core
-    	    }
-    	    else $appli.=" ".DOL_VERSION;
-    	}
-    	else $appli.=" ".DOL_VERSION;
-
-    	$urlback=$_SERVER["REQUEST_URI"];
-		$topic='['.$appli.'] '.$langs->transnoentitiesnoconv("NewOnlinePaymentReceived");
-		$content="";
-		if (! empty($tmptag['MEM']))
-		{
-			$langs->load("members");
-			$url=$urlwithroot."/adherents/subscription.php?rowid=".$tmptag['MEM'];
-			$content.=$langs->trans("PaymentSubscription")."<br>\n";
-			$content.=$langs->trans("MemberId").': '.$tmptag['MEM']."<br>\n";
-			$content.=$langs->trans("Link").': <a href="'.$url.'">'.$url.'</a>'."<br>\n";
-		}
-		else
-		{
-			$content.=$langs->transnoentitiesnoconv("NewOnlinePaymentReceived")."<br>\n";
-		}
-		$content.="<br>\n";
-		$content.=$langs->transnoentitiesnoconv("TechnicalInformation").":<br>\n";
-		$content.=$langs->transnoentitiesnoconv("OnlinePaymentSystem").': '.$paymentmethod."<br>\n";
-		$content.=$langs->transnoentitiesnoconv("ReturnURLAfterPayment").': '.$urlback."<br>\n";
-		$content.="tag=".$fulltag."\ntoken=".$onlinetoken." paymentType=".$paymentType." currencycodeType=".$currencyCodeType." payerId=".$payerID." ipaddress=".$ipaddress." FinalPaymentAmt=".$FinalPaymentAmt;
-
-		$ishtml=dol_textishtml($content);	// May contain urls
-
-		require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
-		$mailfile = new CMailFile($topic, $sendto, $from, $content, array(), array(), array(), '', '', 0, $ishtml);
-
-		$result=$mailfile->sendfile();
-		if ($result)
-		{
-			dol_syslog("EMail sent to ".$sendto, LOG_DEBUG, 0, '_stripe');
-		}
-		else
-		{
-			dol_syslog("Failed to send EMail to ".$sendto, LOG_ERR, 0, '_stripe');
-		}
-	}
-}
-
-
-print "\n</div>\n";
-
-
-htmlPrintOnlinePaymentFooter($mysoc, $langs, 0, $suffix);
-
-
-llxFooter('', 'public');
-
-$db->close();

From 31cc7e06101dbb9823c4abaf295e20d404d88d77 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 23 Sep 2019 19:29:18 +0200
Subject: [PATCH 20/30] Clean code

---
 htdocs/public/stripe/ipn.php | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/htdocs/public/stripe/ipn.php b/htdocs/public/stripe/ipn.php
index 2f44c6390ff..7b57c315e34 100644
--- a/htdocs/public/stripe/ipn.php
+++ b/htdocs/public/stripe/ipn.php
@@ -146,7 +146,7 @@ $societeName = $conf->global->MAIN_INFO_SOCIETE_NOM;
 if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $societeName = $conf->global->MAIN_APPLICATION_TITLE;
 
 
-dol_syslog("Stripe IPN was called with event->type = ".$event->type);
+dol_syslog("***** Stripe IPN was called with event->type = ".$event->type);
 
 
 if ($event->type == 'payout.created') {
@@ -404,18 +404,7 @@ elseif ($event->type == 'charge.failed') {
     // TODO: Redirect to paymentko.php
 }
 elseif (($event->type == 'source.chargeable') && ($event->data->object->type == 'three_d_secure') && ($event->data->object->three_d_secure->authenticated==true)) {
-
-    $fulltag=$event->data->object->metadata->FULLTAG;
-    dol_syslog("fulltag=".$fulltag);
-    // Save into $tmptag all metadata
-	$tmptag=dolExplodeIntoArray($fulltag, '.', '=');
-
-    $stripe=new Stripe($db);
-    /*
-    $stripeacc = $stripe->getStripeAccount($service);								// Stripe OAuth connect account of dolibarr user (no network access here)
-    $stripecu = $stripe->getStripeCustomerAccount($tmptag['CUS'], $servicestatus);		// Get thirdparty cu_...
-	$charge=$stripe->createPaymentStripe($event->data->object->amount/100, $event->data->object->currency, $origin, $item, $event->data->object->id, $stripecu, $stripeacc, $servicestatus);
-    */
+	// This event is deprecated.
 }
 
 http_response_code(200); // PHP 5.4 or greater

From d22a1e25712b513f182e3da3793dd2b1213faca9 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 23 Sep 2019 19:44:05 +0200
Subject: [PATCH 21/30] Use space

---
 htdocs/langs/fr_NC/main.lang | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/langs/fr_NC/main.lang b/htdocs/langs/fr_NC/main.lang
index 23b739d83e5..c2d48114259 100644
--- a/htdocs/langs/fr_NC/main.lang
+++ b/htdocs/langs/fr_NC/main.lang
@@ -3,7 +3,7 @@ DIRECTION=ltr
 FONTFORPDF=helvetica
 FONTSIZEFORPDF=10
 SeparatorDecimal=,
-SeparatorThousand=None
+SeparatorThousand=Space
 FormatDateShort=%d/%m/%Y
 FormatDateShortInput=%d/%m/%Y
 FormatDateShortJava=dd/MM/yyyy

From c97bd14278de5872e7d3d213c70f4044eac1336a Mon Sep 17 00:00:00 2001
From: Juanjo Menent <jmenent@2byte.es>
Date: Tue, 24 Sep 2019 10:08:48 +0200
Subject: [PATCH 22/30] FIX TakePOS no invoice validation control and good
 payment translate

---
 htdocs/takepos/invoice.php | 43 +++++++++++++++++++-------------------
 htdocs/takepos/pay.php     | 10 ++++-----
 2 files changed, 27 insertions(+), 26 deletions(-)

diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php
index accc4befe82..1f3d4a22563 100644
--- a/htdocs/takepos/invoice.php
+++ b/htdocs/takepos/invoice.php
@@ -144,38 +144,39 @@ if ($action == 'valid' && $user->rights->facture->creer)
 
 		$constantforkey = 'CASHDESK_ID_WAREHOUSE'.$_SESSION["takeposterminal"];
 		dol_syslog("Validate invoice with stock change into warehouse defined into constant ".$constantforkey." = ".$conf->global->$constantforkey);
-		$invoice->validate($user, '', $conf->global->$constantforkey);
+		$res = $invoice->validate($user, '', $conf->global->$constantforkey);
 
 		$conf->global->STOCK_CALCULATE_ON_BILL = $savconst;
 	}
 	else
 	{
-	    $invoice->validate($user);
+	    $res = $invoice->validate($user);
 	}
 
 	// Add the payment
-	$payment=new Paiement($db);
-	$payment->datepaye = $now;
-	$payment->fk_account = $bankaccount;
-	$payment->amounts[$invoice->id] = $amountofpayment;
+    if ($res > 0) {
+		$payment = new Paiement($db);
+		$payment->datepaye = $now;
+		$payment->fk_account = $bankaccount;
+		$payment->amounts[$invoice->id] = $amountofpayment;
 
-	$payment->paiementid=$paiementid;
-	$payment->num_payment=$invoice->ref;
+		$payment->paiementid = $paiementid;
+		$payment->num_payment = $invoice->ref;
 
-    $payment->create($user);
-	$payment->addPaymentToBank($user, 'payment', '(CustomerInvoicePayment)', $bankaccount, '', '');
+		$payment->create($user);
+		$payment->addPaymentToBank($user, 'payment', '(CustomerInvoicePayment)', $bankaccount, '', '');
 
-	$remaintopay = $invoice->getRemainToPay();
-	if ($remaintopay == 0)
-	{
-	    dol_syslog("Invoice is paid, so we set it to pay");
-	    $result = $invoice->set_paid($user);
-	    if ($result > 0) $invoice->paye = 1;
-	}
-	else
-	{
-	    dol_syslog("Invoice is not paid, remain to pay = ".$remaintopay);
-	}
+		$remaintopay = $invoice->getRemainToPay();
+		if ($remaintopay == 0) {
+			dol_syslog("Invoice is paid, so we set it to pay");
+			$result = $invoice->set_paid($user);
+			if ($result > 0) $invoice->paye = 1;
+		} else {
+			dol_syslog("Invoice is not paid, remain to pay = " . $remaintopay);
+		}
+	} else {
+		dol_htmloutput_errors($invoice->error, $invoice->errors, 1);
+    }
 }
 
 if ($action == 'history')
diff --git a/htdocs/takepos/pay.php b/htdocs/takepos/pay.php
index 83f4aefb5f5..9fd19b7378f 100644
--- a/htdocs/takepos/pay.php
+++ b/htdocs/takepos/pay.php
@@ -190,7 +190,7 @@ else print "var received=0;";
 </div>
 <?php } ?>
 <div style="width:40%; background-color:#333333; border-radius:8px; margin-bottom: 4px;">
-<center><span style='font-family: verdana,arial,helvetica; font-size: 200%;'><font color="white"><?php echo $langs->trans("Received"); ?>: </font><span class="change1 colorred"><?php echo price(0) ?></span><input type="hidden" id="change1" class="change1" value="0"></font></center>
+    <center><span style='font-family: verdana,arial,helvetica; font-size: 200%;'><font color="white"><?php echo $langs->trans("Received"); ?>: </font><span class="change1 colorred"><?php echo price(0) ?></span><input type="hidden" id="change1" class="change1" value="0"></font></span></center>
 </div>
 <div style="width:40%; background-color:#333333; border-radius:8px; margin-bottom: 4px;">
 <center><span style='font-family: verdana,arial,helvetica; font-size: 200%;'><font color="white"><?php echo $langs->trans("Change"); ?>: </font><span class="change2 colorwhite"><?php echo price(0) ?></span><input type="hidden" id="change2" class="change2" value="0"></font></span></center>
@@ -225,7 +225,7 @@ $numpad=$conf->global->TAKEPOS_NUMPAD;
     if ($paycode == 'CB')  $paycode = 'card';
     if ($paycode == 'CHQ') $paycode = 'cheque';
 ?>
-<button type="button" class="calcbutton2" onclick="Validate('<?php echo $langs->trans($paycode); ?>');"><?php echo $langs->trans($paiements[0]->label); ?></button>
+<button type="button" class="calcbutton2" onclick="Validate('<?php echo $langs->trans($paycode); ?>');"><?php echo $langs->trans("PaymentTypeShort".$paiements[0]->code); ?></button>
 <?php } else { ?>
 <button type="button" class="calcbutton2"><?php echo $langs->trans("NoPaimementModesDefined");?></button>
 <?php } ?>
@@ -238,7 +238,7 @@ $numpad=$conf->global->TAKEPOS_NUMPAD;
     if ($paycode == 'CB')  $paycode = 'card';
     if ($paycode == 'CHQ') $paycode = 'cheque';
 ?>
-<button type="button" class="calcbutton2" onclick="Validate('<?php echo $langs->trans($paycode); ?>');"><?php echo $langs->trans($paiements[1]->label); ?></button>
+<button type="button" class="calcbutton2" onclick="Validate('<?php echo $langs->trans($paycode); ?>');"><?php echo $langs->trans("PaymentTypeShort".$paiements[1]->code); ?></button>
 <?php } else {
 $button = array_pop($action_buttons);
 ?>
@@ -253,7 +253,7 @@ $button = array_pop($action_buttons);
     if ($paycode == 'CB')  $paycode = 'card';
     if ($paycode == 'CHQ') $paycode = 'cheque';
 ?>
-<button type="button" class="calcbutton2" onclick="Validate('<?php echo $langs->trans($paycode); ?>');"><?php echo $langs->trans($paiements[2]->label); ?></button>
+<button type="button" class="calcbutton2" onclick="Validate('<?php echo $langs->trans($paycode); ?>');"><?php echo $langs->trans("PaymentTypeShort".$paiements[2]->code); ?></button>
 <?php } else { ?>
 <?php
 $button = array_pop($action_buttons);
@@ -267,7 +267,7 @@ $button = array_pop($action_buttons);
 $i=3;
 while($i < count($paiements)){
 ?>
-<button type="button" class="calcbutton2" onclick="Validate('<?php echo $langs->trans($paiements[$i]->code); ?>');"><?php echo $langs->trans($paiements[$i]->label); ?></button>
+<button type="button" class="calcbutton2" onclick="Validate('<?php echo $langs->trans($paiements[$i]->code); ?>');"><?php echo $langs->trans("PaymentTypeShort".$paiements[$i]->code); ?></button>
 <?php
 	$i=$i+1;
 }

From 7b3e64d67f1a4c761c4abb20646f791cc37478b4 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 24 Sep 2019 12:01:18 +0200
Subject: [PATCH 23/30] NEW Support of Extrafields on Leave requests.

---
 htdocs/admin/expensereport_extrafields.php    |   2 -
 htdocs/admin/holiday_extrafields.php          | 118 +++++
 htdocs/core/lib/holiday.lib.php               |   5 +
 htdocs/expensereport/list.php                 |  54 ++-
 htdocs/holiday/card.php                       |   2 +-
 htdocs/holiday/class/holiday.class.php        |   2 +
 htdocs/holiday/document.php                   |   2 +-
 htdocs/holiday/list.php                       | 452 ++++++++++++------
 .../install/mysql/migration/10.0.0-11.0.0.sql |  10 +
 .../tables/llx_holiday_extrafields.key.sql    |  21 +
 .../mysql/tables/llx_holiday_extrafields.sql  |  26 +
 htdocs/langs/en_US/holiday.lang               |   1 -
 12 files changed, 518 insertions(+), 177 deletions(-)
 create mode 100644 htdocs/admin/holiday_extrafields.php
 create mode 100644 htdocs/install/mysql/tables/llx_holiday_extrafields.key.sql
 create mode 100644 htdocs/install/mysql/tables/llx_holiday_extrafields.sql

diff --git a/htdocs/admin/expensereport_extrafields.php b/htdocs/admin/expensereport_extrafields.php
index 8d102bc8328..013db3d36f1 100644
--- a/htdocs/admin/expensereport_extrafields.php
+++ b/htdocs/admin/expensereport_extrafields.php
@@ -63,8 +63,6 @@ require DOL_DOCUMENT_ROOT.'/core/actions_extrafields.inc.php';
  * View
  */
 
-$textobject=$langs->transnoentitiesnoconv("expensereports");
-
 llxHeader('', $langs->trans("ExpenseReportsSetup"));
 
 $linkback='<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
diff --git a/htdocs/admin/holiday_extrafields.php b/htdocs/admin/holiday_extrafields.php
new file mode 100644
index 00000000000..b9c32a8b9c9
--- /dev/null
+++ b/htdocs/admin/holiday_extrafields.php
@@ -0,0 +1,118 @@
+<?php
+/* Copyright (C) 2001-2002	Rodolphe Quiedeville	<rodolphe@quiedeville.org>
+ * Copyright (C) 2003		Jean-Louis Bergamo		<jlb@j1b.org>
+ * Copyright (C) 2004-2013	Laurent Destailleur		<eldy@users.sourceforge.net>
+ * Copyright (C) 2012		Regis Houssin			<regis.houssin@inodbox.com>
+ * Copyright (C) 2012		Florian Henry			<florian.henry@open-concept.pro>
+ * Copyright (C) 2013		Philippe Grand			<philippe.grand@atoo-net.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ *      \file       htdocs/admin/holiday_extrafields.php
+ *		\ingroup    holiday
+ *		\brief      Page to setup extra fields of holiday
+ */
+
+require '../main.inc.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/holiday.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php';
+
+if (!$user->admin)
+	accessforbidden();
+
+// Load translation files required by the page
+$langs->loadLangs(array('admin', 'errors', 'holiday', 'other'));
+
+$extrafields = new ExtraFields($db);
+$form = new Form($db);
+
+// List of supported format
+$tmptype2label=ExtraFields::$type2label;
+$type2label=array('');
+foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val);
+
+$action=GETPOST('action', 'alpha');
+$attrname=GETPOST('attrname', 'alpha');
+$elementtype='holiday'; //Must be the $table_element of the class that manage extrafield
+
+if (!$user->admin) accessforbidden();
+
+
+/*
+ * Actions
+ */
+
+require DOL_DOCUMENT_ROOT.'/core/actions_extrafields.inc.php';
+
+
+
+/*
+ * View
+ */
+
+llxHeader('', $langs->trans("HolidaySetup"));
+
+$linkback='<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
+print load_fiche_titre($langs->trans("HolidaySetup"), $linkback, 'title_setup');
+
+$head = holiday_admin_prepare_head();
+
+dol_fiche_head($head, 'attributes', $langs->trans("Holidays"), -1, 'holiday');
+
+require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_view.tpl.php';
+
+dol_fiche_end();
+
+
+// Buttons
+if ($action != 'create' && $action != 'edit')
+{
+    print '<div class="tabsAction">';
+    print "<a class=\"butAction\" href=\"".$_SERVER["PHP_SELF"]."?action=create#newattrib\">".$langs->trans("NewAttribute")."</a>";
+    print "</div>";
+}
+
+
+/* ************************************************************************** */
+/*                                                                            */
+/* Creation of an optional field											  */
+/*                                                                            */
+/* ************************************************************************** */
+
+if ($action == 'create')
+{
+	print '<br><div id="newattrib"></div>';
+    print load_fiche_titre($langs->trans('NewAttribute'));
+
+    require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
+}
+
+/* ************************************************************************** */
+/*                                                                            */
+/* Edition of an optional field                                               */
+/*                                                                            */
+/* ************************************************************************** */
+if ($action == 'edit' && ! empty($attrname))
+{
+    print "<br>";
+    print load_fiche_titre($langs->trans("FieldEdition", $attrname));
+
+    require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_edit.tpl.php';
+}
+
+// End of page
+llxFooter();
+$db->close();
diff --git a/htdocs/core/lib/holiday.lib.php b/htdocs/core/lib/holiday.lib.php
index 492766192b4..960acfa3aa7 100644
--- a/htdocs/core/lib/holiday.lib.php
+++ b/htdocs/core/lib/holiday.lib.php
@@ -86,6 +86,11 @@ function holiday_admin_prepare_head()
     // $this->tabs = array('entity:-tabname);   												to remove a tab
     complete_head_from_modules($conf, $langs, null, $head, $h, 'holiday_admin');
 
+    $head[$h][0] = DOL_URL_ROOT.'/admin/holiday_extrafields.php';
+    $head[$h][1] = $langs->trans("ExtraFields");
+    $head[$h][2] = 'attributes';
+    $h++;
+
 	complete_head_from_modules($conf, $langs, null, $head, $h, 'holiday_admin', 'remove');
 
 	return $head;
diff --git a/htdocs/expensereport/list.php b/htdocs/expensereport/list.php
index 666403a7412..b51ae3d05f5 100644
--- a/htdocs/expensereport/list.php
+++ b/htdocs/expensereport/list.php
@@ -40,12 +40,13 @@ require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport_ik.class.php'
 // Load translation files required by the page
 $langs->loadLangs(array('companies', 'users', 'trips'));
 
-$action=GETPOST('action', 'aZ09');
-$massaction=GETPOST('massaction', 'alpha');
-$show_files=GETPOST('show_files', 'int');
-$confirm=GETPOST('confirm', 'alpha');
-$toselect = GETPOST('toselect', 'array');
-$contextpage=GETPOST('contextpage', 'aZ')?GETPOST('contextpage', 'aZ'):'expensereportlist';
+$action      = GETPOST('action', 'aZ09');
+$massaction  = GETPOST('massaction', 'alpha');
+$show_files  = GETPOST('show_files', 'int');
+$confirm     = GETPOST('confirm', 'alpha');
+$cancel      = GETPOST('cancel', 'alpha');												// We click on a Cancel button
+$toselect    = GETPOST('toselect', 'array');
+$contextpage = GETPOST('contextpage', 'aZ')?GETPOST('contextpage', 'aZ'):'expensereportlist';
 
 $childids = $user->getAllChildIds(1);
 
@@ -136,17 +137,17 @@ $arrayfields=array(
     'd.fk_statut'=>array('label'=>$langs->trans("Status"), 'checked'=>1, 'position'=>1000),
 );
 // Extra fields
-if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label))
+if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label']) > 0)
 {
-    foreach($extrafields->attribute_label as $key => $val)
-    {
-		if (! empty($extrafields->attribute_list[$key])) $arrayfields["ef.".$key]=array('label'=>$extrafields->attribute_label[$key], 'checked'=>(($extrafields->attribute_list[$key]<0)?0:1), 'position'=>$extrafields->attribute_pos[$key], 'enabled'=>(abs($extrafields->attribute_list[$key])!=3 && $extrafields->attribute_perms[$key]));
-    }
+	foreach($extrafields->attributes[$object->table_element]['label'] as $key => $val)
+	{
+		if (! empty($extrafields->attributes[$object->table_element]['list'][$key]))
+			$arrayfields["ef.".$key]=array('label'=>$extrafields->attributes[$object->table_element]['label'][$key], 'checked'=>(($extrafields->attributes[$object->table_element]['list'][$key]<0)?0:1), 'position'=>$extrafields->attributes[$object->table_element]['pos'][$key], 'enabled'=>(abs($extrafields->attributes[$object->table_element]['list'][$key])!=3 && $extrafields->attributes[$object->table_element]['perms'][$key]));
+	}
 }
 
 $canedituser=(! empty($user->admin) || $user->rights->user->user->creer);
 
-$object = new ExpenseReport($db);
 $objectuser = new User($db);
 
 
@@ -161,10 +162,11 @@ $parameters=array('socid'=>$socid);
 $reshook=$hookmanager->executeHooks('doActions', $parameters, $object, $action);    // Note that $action and $object may have been modified by some hooks
 if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
 
-include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php';
-
 if (empty($reshook))
 {
+	// Selection of new fields
+	include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php';
+
 	// Purge search criteria
 	if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha'))		// Both test must be present to be compatible with all browsers
 	{
@@ -176,7 +178,6 @@ if (empty($reshook))
 	    $search_status="";
 	    $month_start="";
 	    $year_start="";
-		$day ="";
 	    $month_end="";
 	    $year_end="";
 	    $day_end = "";
@@ -340,15 +341,15 @@ if ($resql)
 	$arrayofselected=is_array($toselect)?$toselect:array();
 
 	$param='';
-    if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.$contextpage;
-	if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.$limit;
-	if ($sall)					$param.="&sall=".$sall;
-	if ($search_ref)			$param.="&search_ref=".$search_ref;
-	if ($search_user)			$param.="&search_user=".$search_user;
-	if ($search_amount_ht)		$param.="&search_amount_ht=".$search_amount_ht;
-	if ($search_amount_ttc)		$param.="&search_amount_ttc=".$search_amount_ttc;
-	if ($search_status >= 0)  	$param.="&search_status=".$search_status;
-	if ($optioncss != '')       $param.='&optioncss='.$optioncss;
+    if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.urlencode($contextpage);
+	if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.urlencode($limit);
+	if ($sall)					$param.="&sall=".urlencode($sall);
+	if ($search_ref)			$param.="&search_ref=".urlencode($search_ref);
+	if ($search_user)			$param.="&search_user=".urlencode($search_user);
+	if ($search_amount_ht)		$param.="&search_amount_ht=".urlencode($search_amount_ht);
+	if ($search_amount_ttc)		$param.="&search_amount_ttc=".urlencode($search_amount_ttc);
+	if ($search_status >= 0)  	$param.="&search_status=".urlencode($search_status);
+	if ($optioncss != '')       $param.='&optioncss='.urlencode($optioncss);
 	// Add $param from extra fields
 	include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php';
 
@@ -503,7 +504,7 @@ if ($resql)
 
 	$varpage=empty($contextpage)?$_SERVER["PHP_SELF"]:$contextpage;
 	$selectedfields=$form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage);	// This also change content of $arrayfields
-	if ($massactionbutton) $selectedfields.=$form->showCheckAddButtons('checkforselect', 1);
+	$selectedfields.=(count($arrayofmassactions) ? $form->showCheckAddButtons('checkforselect', 1) : '');
 
     print '<div class="div-table-responsive">';
 	print '<table class="tagtable liste'.($moreforfilter?" listwithfilterbefore":"").'">'."\n";
@@ -606,7 +607,7 @@ if ($resql)
     	print '</td>';
 	}
 	// Action column
-	print '<td class="liste_titre middle">';
+	print '<td class="liste_titre maxwidthsearch">';
 	$searchpicto=$form->showFilterButtons();
 	print $searchpicto;
 	print '</td>';
@@ -757,6 +758,7 @@ if ($resql)
             $parameters=array('arrayfields'=>$arrayfields, 'obj'=>$obj);
             $reshook=$hookmanager->executeHooks('printFieldListValue', $parameters);    // Note that $action and $object may have been modified by hook
             print $hookmanager->resPrint;
+
             // Date creation
             if (! empty($arrayfields['d.date_create']['checked']))
             {
diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php
index 204d832a94c..be441976f67 100644
--- a/htdocs/holiday/card.php
+++ b/htdocs/holiday/card.php
@@ -1311,7 +1311,7 @@ else
                 }
 
                 print '<tr>';
-                print '<td>'.$langs->trans('DateCreateCP').'</td>';
+                print '<td>'.$langs->trans('DateCreation').'</td>';
                 print '<td>'.dol_print_date($object->date_create, 'dayhour').'</td>';
                 print '</tr>';
                 if ($object->statut == Holiday::STATUS_APPROVED || $object->statut == Holiday::STATUS_CANCELED) {
diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php
index d767bcdc691..7557a7941fb 100644
--- a/htdocs/holiday/class/holiday.class.php
+++ b/htdocs/holiday/class/holiday.class.php
@@ -558,6 +558,7 @@ class Holiday extends CommonObject
 		$sql.= " cp.fk_user,";
 		$sql.= " cp.fk_type,";
 		$sql.= " cp.date_create,";
+		$sql.= " cp.tms as date_update,";
 		$sql.= " cp.description,";
 		$sql.= " cp.date_debut,";
 		$sql.= " cp.date_fin,";
@@ -623,6 +624,7 @@ class Holiday extends CommonObject
 				$tab_result[$i]['fk_user'] = $obj->fk_user;
 				$tab_result[$i]['fk_type'] = $obj->fk_type;
 				$tab_result[$i]['date_create'] = $this->db->jdate($obj->date_create);
+				$tab_result[$i]['date_update'] = $this->db->jdate($obj->date_update);
 				$tab_result[$i]['description'] = $obj->description;
 				$tab_result[$i]['date_debut'] = $this->db->jdate($obj->date_debut);
 				$tab_result[$i]['date_fin'] = $this->db->jdate($obj->date_fin);
diff --git a/htdocs/holiday/document.php b/htdocs/holiday/document.php
index a594a920e74..6ade6a13e17 100644
--- a/htdocs/holiday/document.php
+++ b/htdocs/holiday/document.php
@@ -251,7 +251,7 @@ if ($object->id)
     }
 
     print '<tr>';
-    print '<td>'.$langs->trans('DateCreateCP').'</td>';
+    print '<td>'.$langs->trans('DateCreation').'</td>';
     print '<td>'.dol_print_date($object->date_create,'dayhour').'</td>';
     print '</tr>';
     if ($object->statut == 3) {
diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php
index f74d731e8bd..145f2f7b48f 100644
--- a/htdocs/holiday/list.php
+++ b/htdocs/holiday/list.php
@@ -27,6 +27,7 @@
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
+require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
 require_once DOL_DOCUMENT_ROOT.'/user/class/usergroup.class.php';
@@ -40,16 +41,19 @@ $langs->loadLangs(array('users', 'holidays', 'hrm'));
 // Protection if external user
 if ($user->societe_id > 0) accessforbidden();
 
-$action     = GETPOST('action', 'alpha');												// The action 'add', 'create', 'edit', 'update', 'view', ...
+$action     = GETPOST('action', 'aZ09');												// The action 'add', 'create', 'edit', 'update', 'view', ...
 $massaction = GETPOST('massaction', 'alpha');											// The bulk action (combo box choice into lists)
 $show_files = GETPOST('show_files', 'int');												// Show files area generated by bulk actions ?
 $confirm    = GETPOST('confirm', 'alpha');												// Result of a confirmation
 $cancel     = GETPOST('cancel', 'alpha');												// We click on a Cancel button
 $toselect   = GETPOST('toselect', 'array');												// Array of ids of elements selected into a list
-$contextpage= GETPOST('contextpage', 'aZ')?GETPOST('contextpage', 'aZ'):'myobjectlist';   // To manage different context of search
+$contextpage= GETPOST('contextpage', 'aZ')?GETPOST('contextpage', 'aZ'):'holidaylist';  // To manage different context of search
+
 $backtopage = GETPOST('backtopage', 'alpha');											// Go back to a dedicated page
 $optioncss  = GETPOST('optioncss', 'aZ');												// Option for the css output (always '' except when 'print')
 
+$id = GETPOST('id', 'int');
+
 $childids = $user->getAllChildIds(1);
 
 // Security check
@@ -59,8 +63,7 @@ if ($user->societe_id > 0)	// Protection if external user
 	//$socid = $user->societe_id;
 	accessforbidden();
 }
-$result = restrictedArea($user, 'holiday', $id, '');
-$id = GETPOST('id', 'int');
+$result = restrictedArea($user, 'holiday', '', '');
 // If we are on the view of a specific user
 if ($id > 0)
 {
@@ -74,6 +77,9 @@ if ($id > 0)
     }
 }
 
+$diroutputmassaction=$conf->holiday->dir_output . '/temp/massgeneration/'.$user->id;
+
+
 // Load variable for pagination
 $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit;
 $sortfield = GETPOST('sortfield', 'alpha');
@@ -83,20 +89,8 @@ if (empty($page) || $page == -1) { $page = 0; }     // If $page is not defined,
 $offset = $limit * $page;
 $pageprev = $page - 1;
 $pagenext = $page + 1;
-
-// Initialize technical objects
-$object=new Holiday($db);
-$extrafields = new ExtraFields($db);
-$diroutputmassaction=$conf->holiday->dir_output . '/temp/massgeneration/'.$user->id;
-$hookmanager->initHooks(array('holidaylist'));     // Note that conf->hooks_modules contains array
-// Fetch optionals attributes and labels
-$extralabels = $extrafields->fetch_name_optionals_label('holiday');
-$search_array_options=$extrafields->getOptionalsFromPost($object->table_element, '', 'search_');
-
-// Default sort order (if not yet defined by previous GETPOST)
-if (! $sortfield) $sortfield="cp.rowid";
-if (! $sortorder) $sortorder="DESC";
-
+if (!$sortorder) $sortorder="DESC";
+if (!$sortfield) $sortfield="cp.rowid";
 
 $sall                = trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'alphanohtml'):GETPOST('sall', 'alphanohtml'));
 $search_ref          = GETPOST('search_ref', 'alphanohtml');
@@ -114,13 +108,47 @@ $search_valideur     = GETPOST('search_valideur', 'int');
 $search_statut       = GETPOST('search_statut', 'int');
 $search_type         = GETPOST('search_type', 'int');
 
+// Initialize technical objects
+$object=new Holiday($db);
+$extrafields = new ExtraFields($db);
+$hookmanager->initHooks(array('holidaylist'));     // Note that conf->hooks_modules contains array
+
+// Fetch optionals attributes and labels
+$extralabels = $extrafields->fetch_name_optionals_label('holiday');
+$search_array_options=$extrafields->getOptionalsFromPost($object->table_element, '', 'search_');
+
 // List of fields to search into when doing a "search in all"
 $fieldstosearchall = array(
     'cp.description'=>'Description',
     'uu.lastname'=>'EmployeeLastname',
-    'uu.firstname'=>'EmployeeFirstname'
+    'uu.firstname'=>'EmployeeFirstname',
+	'uu.login'=>'Login'
 );
 
+$arrayfields=array(
+	'cp.ref'=>array('label'=>$langs->trans("Ref"), 'checked'=>1),
+	'cp.fk_user'=>array('label'=>$langs->trans("Employee"), 'checked'=>1, 'position'=>20),
+	'cp.fk_validator'=>array('label'=>$langs->trans("ValidatorCP"), 'checked'=>1, 'position'=>30),
+	'cp.fk_type'=>array('label'=>$langs->trans("Type"), 'checked'=>1, 'position'=>35),
+	'duration'=>array('label'=>$langs->trans("NbUseDaysCPShort"), 'checked'=>1, 'position'=>38),
+	'cp.date_debut'=>array('label'=>$langs->trans("DateStart"), 'checked'=>1, 'position'=>40),
+	'cp.date_fin'=>array('label'=>$langs->trans("DateEnd"), 'checked'=>1, 'position'=>42),
+	'cp.date_valid'=>array('label'=>$langs->trans("DateValidation"), 'checked'=>1, 'position'=>60),
+	'cp.date_approve'=>array('label'=>$langs->trans("DateApprove"), 'checked'=>1, 'position'=>70),
+	'cp.date_create'=>array('label'=>$langs->trans("DateCreation"), 'checked'=>0, 'position'=>500),
+	'cp.tms'=>array('label'=>$langs->trans("DateModificationShort"), 'checked'=>0, 'position'=>501),
+	'cp.statut'=>array('label'=>$langs->trans("Status"), 'checked'=>1, 'position'=>1000),
+);
+// Extra fields
+if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label']) > 0)
+{
+	foreach($extrafields->attributes[$object->table_element]['label'] as $key => $val)
+	{
+		if (! empty($extrafields->attributes[$object->table_element]['list'][$key]))
+			$arrayfields["ef.".$key]=array('label'=>$extrafields->attributes[$object->table_element]['label'][$key], 'checked'=>(($extrafields->attributes[$object->table_element]['list'][$key]<0)?0:1), 'position'=>$extrafields->attributes[$object->table_element]['pos'][$key], 'enabled'=>(abs($extrafields->attributes[$object->table_element]['list'][$key])!=3 && $extrafields->attributes[$object->table_element]['perms'][$key]));
+	}
+}
+
 
 
 /*
@@ -130,7 +158,7 @@ $fieldstosearchall = array(
 if (GETPOST('cancel', 'alpha')) { $action='list'; $massaction=''; }
 if (! GETPOST('confirmmassaction', 'alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
 
-$parameters=array();
+$parameters=array('socid'=>$socid);
 $reshook=$hookmanager->executeHooks('doActions', $parameters, $object, $action);    // Note that $action and $object may have been modified by some hooks
 if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
 
@@ -180,19 +208,20 @@ if (empty($reshook))
 
 $form = new Form($db);
 $formother = new FormOther($db);
+$formfile = new FormFile($db);
 
-$holiday = new Holiday($db);
 $holidaystatic=new Holiday($db);
 $fuser = new User($db);
 
 // Update sold
-$result = $holiday->updateBalance();
+$result = $object->updateBalance();
 
 $max_year = 5;
 $min_year = 10;
 $filter='';
 
-llxHeader('', $langs->trans('CPTitreMenu'));
+$title = $langs->trans('CPTitreMenu');
+llxHeader('', $title);
 
 $order = $db->order($sortfield, $sortorder).$db->plimit($limit + 1, $offset);
 
@@ -231,6 +260,16 @@ if (!empty($sall))
 
 if (empty($user->rights->holiday->read_all)) $filter.=' AND cp.fk_user IN ('.join(',', $childids).')';
 
+$sql='';
+// Add where from extra fields
+include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php';
+// Add where from hooks
+$parameters=array();
+$reshook=$hookmanager->executeHooks('printFieldListWhere', $parameters);    // Note that $action and $object may have been modified by hook
+$sql.=$hookmanager->resPrint;
+
+$filter.=$sql;
+
 
 // Récupération de l'ID de l'utilisateur
 $user_id = $user->id;
@@ -246,29 +285,29 @@ if ($id > 0)
 }
 
 // Récupération des congés payés de l'utilisateur ou de tous les users de sa hierarchy
-// Load array $holiday->holiday
+// Load array $object->holiday
 if (empty($user->rights->holiday->read_all) || $id > 0)
 {
-	if ($id > 0) $result = $holiday->fetchByUser($id, $order, $filter);
-	else  $result = $holiday->fetchByUser(join(',', $childids), $order, $filter);
+	if ($id > 0) $result = $object->fetchByUser($id, $order, $filter);
+	else  $result = $object->fetchByUser(join(',', $childids), $order, $filter);
 }
 else
 {
-    $result = $holiday->fetchAll($order, $filter);
+    $result = $object->fetchAll($order, $filter);
 }
 // Si erreur SQL
 if ($result == '-1')
 {
     print load_fiche_titre($langs->trans('CPTitreMenu'), '', 'title_hrm.png');
 
-    dol_print_error($db, $langs->trans('Error').' '.$holiday->error);
+    dol_print_error($db, $langs->trans('Error').' '.$object->error);
     exit();
 }
 
 
 // Show table of vacations
 
-$num = count($holiday->holiday);
+$num = count($object->holiday);
 
 $arrayofselected=is_array($toselect)?$toselect:array();
 
@@ -280,7 +319,7 @@ if ($search_ref)          $param.='&search_ref='.urlencode($search_ref);
 if ($search_day_create)          $param.='&search_day_create='.urlencode($search_day_create);
 if ($search_month_create)        $param.='&search_month_create='.urlencode($search_month_create);
 if ($search_year_create)         $param.='&search_year_create='.urlencode($search_year_create);
-if ($search_search_day_start)    $param.='&search_day_start='.urlencode($search_day_start);
+if ($search_day_start)           $param.='&search_day_start='.urlencode($search_day_start);
 if ($search_month_start)         $param.='&search_month_start='.urlencode($search_month_start);
 if ($search_year_start)          $param.='&search_year_start='.urlencode($search_year_start);
 if ($search_day_end)             $param.='&search_day_end='.urlencode($search_day_end);
@@ -290,19 +329,23 @@ if ($search_employee > 0) $param.='&search_employee='.urlencode($search_employee
 if ($search_valideur > 0) $param.='&search_valideur='.urlencode($search_valideur);
 if ($search_type > 0)     $param.='&search_type='.urlencode($search_type);
 if ($search_statut > 0)   $param.='&search_statut='.urlencode($search_statut);
+// Add $param from extra fields
+include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php';
 
 // List of mass actions available
 $arrayofmassactions =  array(
-//'presend'=>$langs->trans("SendByMail"),
-//'builddoc'=>$langs->trans("PDFMerge"),
+	//'generate_doc'=>$langs->trans("ReGeneratePDF"),
+	//'builddoc'=>$langs->trans("PDFMerge"),
+	//'presend'=>$langs->trans("SendByMail"),
 );
-if ($user->rights->holiday->delete) $arrayofmassactions['predelete']='<span class="fa fa-trash paddingrightonly"></span>'.$langs->trans("Delete");
+if ($user->rights->holiday->supprimer) $arrayofmassactions['predelete']='<span class="fa fa-trash paddingrightonly"></span>'.$langs->trans("Delete");
 if (in_array($massaction, array('presend','predelete'))) $arrayofmassactions=array();
 $massactionbutton=$form->selectMassAction('', $arrayofmassactions);
 
 print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
 if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
 print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
+print '<input type="hidden" name="formfilteraction" id="formfilteraction" value="list">';
 print '<input type="hidden" name="action" value="list">';
 print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
 print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
@@ -326,7 +369,7 @@ if ($id > 0)		// For user tab
 
 	    print '<br>';
 
-	    showMyBalance($holiday, $user_id);
+	    showMyBalance($object, $user_id);
 	}
 
 	dol_fiche_end();
@@ -346,9 +389,11 @@ if ($id > 0)		// For user tab
 }
 else
 {
-	$nbtotalofrecords = count($holiday->holiday);
+	$nbtotalofrecords = count($object->holiday);
    	//print $num;
-    //print count($holiday->holiday);
+    //print count($object->holiday);
+
+	$title = $langs->trans("ListeCP");
 
 	$newcardbutton='';
 	if ($user->rights->holiday->write)
@@ -356,7 +401,7 @@ else
 		$newcardbutton.= dolGetButtonTitle($langs->trans('MenuAddCP'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/holiday/card.php?action=request');
     }
 
-	print_barre_liste($langs->trans("ListeCP"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'title_hrm.png', 0, $newcardbutton, '', $limit);
+	print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'title_hrm.png', 0, $newcardbutton, '', $limit);
 
 	$topicmail="Information";
 	$modelmail="leaverequest";
@@ -371,126 +416,184 @@ if ($sall)
     print '<div class="divsearchfieldfilter">'.$langs->trans("FilterOnInto", $sall) . join(', ', $fieldstosearchall).'</div>';
 }
 
+$moreforfilter='';
+
+$parameters=array();
+$reshook=$hookmanager->executeHooks('printFieldPreListTitle', $parameters);    // Note that $action and $object may have been modified by hook
+if (empty($reshook)) $moreforfilter .= $hookmanager->resPrint;
+else $moreforfilter = $hookmanager->resPrint;
+
+if (! empty($moreforfilter))
+{
+	print '<div class="liste_titre liste_titre_bydiv centpercent">';
+	print $moreforfilter;
+	print '</div>';
+}
+
 $varpage=empty($contextpage)?$_SERVER["PHP_SELF"]:$contextpage;
-$selectedfields='';	// $form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage);	// This also change content of $arrayfields
-$selectedfields.=$form->showCheckAddButtons('checkforselect', 1);
+$selectedfields=$form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage);	// This also change content of $arrayfields
+$selectedfields.=(count($arrayofmassactions) ? $form->showCheckAddButtons('checkforselect', 1) : '');
+
+
+$include = '';
+if (! empty($user->rights->holiday->read_all)) $include = 'hierarchyme';		// Can see all
 
 print '<div class="div-table-responsive">';
 print '<table class="tagtable liste'.($moreforfilter?" listwithfilterbefore":"").'">'."\n";
 
+
 // Filters
 print '<tr class="liste_titre_filter">';
-print '<td class="liste_titre">';
-print '<input class="flat" size="4" type="text" name="search_ref" value="'.dol_escape_htmltag($search_ref).'">';
-print '</td>';
 
-// Create date
-print '<td class="liste_titre center">';
-print '<input class="flat valignmiddle" type="text" size="1" maxlength="2" name="search_month_create" value="'.dol_escape_htmltag($search_month_create).'">';
-$formother->select_year($search_year_create, 'search_year_create', 1, $min_year, 0);
-print '</td>';
-
-
-$morefilter = 'AND employee = 1';
-if (! empty($conf->global->HOLIDAY_FOR_NON_SALARIES_TOO)) $morefilter = '';
-
-// User
-$disabled=0;
-// If into the tab holiday of a user ($id is set in such a case)
-if ($id && ! GETPOSTISSET('search_employee'))
+if (! empty($arrayfields['cp.ref']['checked']))
 {
-	$search_employee=$id;
-	$disabled=1;
+	print '<td class="liste_titre">';
+	print '<input class="flat" size="4" type="text" name="search_ref" value="'.dol_escape_htmltag($search_ref).'">';
+	print '</td>';
 }
-if (! empty($user->rights->holiday->read_all))	// Can see all
+
+if (! empty($arrayfields['cp.fk_user']['checked']))
 {
-	if (GETPOSTISSET('search_employee')) $search_employee=GETPOST('search_employee', 'int');
+	$morefilter = 'AND employee = 1';
+	if (! empty($conf->global->HOLIDAY_FOR_NON_SALARIES_TOO)) $morefilter = '';
+
+	// User
+	$disabled=0;
+	// If into the tab holiday of a user ($id is set in such a case)
+	if ($id && ! GETPOSTISSET('search_employee'))
+	{
+		$search_employee=$id;
+		$disabled=1;
+	}
+
 	print '<td class="liste_titre maxwidthonsmartphone left">';
-	print $form->select_dolusers($search_employee, "search_employee", 1, "", $disabled, '', '', 0, 0, 0, $morefilter, 0, '', 'maxwidth200');
-    print '</td>';
-}
-else
-{
-	if (GETPOSTISSET('search_employee')) $search_employee=GETPOST('search_employee', 'int');
-    print '<td class="liste_titre maxwidthonsmartphone left">';
-    print $form->select_dolusers($search_employee, "search_employee", 1, "", $disabled, 'hierarchyme', '', 0, 0, 0, $morefilter, 0, '', 'maxwidth200');
-    print '</td>';
+	print $form->select_dolusers($search_employee, "search_employee", 1, "", $disabled, $include, '', 0, 0, 0, $morefilter, 0, '', 'maxwidth200');
+	print '</td>';
 }
 
-// Approve
-if ($user->rights->holiday->read_all)
+// Approver
+if (! empty($arrayfields['cp.fk_validator']['checked']))
 {
-    print '<td class="liste_titre maxwidthonsmartphone left">';
-
-    $validator = new UserGroup($db);
-    $excludefilter=$user->admin?'':'u.rowid <> '.$user->id;
-    $valideurobjects = $validator->listUsersForGroup($excludefilter);
-    $valideurarray = array();
-    foreach($valideurobjects as $val) $valideurarray[$val->id]=$val->id;
-    print $form->select_dolusers($search_valideur, "search_valideur", 1, "", 0, $valideurarray, '', 0, 0, 0, $morefilter, 0, '', 'maxwidth200');
-    print '</td>';
-}
-else
-{
-    print '<td class="liste_titre">&nbsp;</td>';
+	if ($user->rights->holiday->read_all)
+	{
+	    print '<td class="liste_titre maxwidthonsmartphone left">';
+	    $validator = new UserGroup($db);
+	    $excludefilter=$user->admin?'':'u.rowid <> '.$user->id;
+	    $valideurobjects = $validator->listUsersForGroup($excludefilter);
+	    $valideurarray = array();
+	    foreach($valideurobjects as $val) $valideurarray[$val->id]=$val->id;
+	    print $form->select_dolusers($search_valideur, "search_valideur", 1, "", 0, $valideurarray, '', 0, 0, 0, $morefilter, 0, '', 'maxwidth200');
+	    print '</td>';
+	}
+	else
+	{
+	    print '<td class="liste_titre">&nbsp;</td>';
+	}
 }
 
 // Type
-print '<td class="liste_titre">';
-if (empty($mysoc->country_id)) {
-	setEventMessages(null, array($langs->trans("ErrorSetACountryFirst"),$langs->trans("CompanyFoundation")), 'errors');
-} else {
-	$typeleaves=$holidaystatic->getTypes(1, -1);
-	$arraytypeleaves=array();
-	foreach($typeleaves as $key => $val)
-	{
-		$labeltoshow = ($langs->trans($val['code'])!=$val['code'] ? $langs->trans($val['code']) : $val['label']);
-		//$labeltoshow .= ($val['delay'] > 0 ? ' ('.$langs->trans("NoticePeriod").': '.$val['delay'].' '.$langs->trans("days").')':'');
-		$arraytypeleaves[$val['rowid']]=$labeltoshow;
+if (! empty($arrayfields['cp.fk_type']['checked']))
+{
+	print '<td class="liste_titre">';
+	if (empty($mysoc->country_id)) {
+		setEventMessages(null, array($langs->trans("ErrorSetACountryFirst"),$langs->trans("CompanyFoundation")), 'errors');
+	} else {
+		$typeleaves=$holidaystatic->getTypes(1, -1);
+		$arraytypeleaves=array();
+		foreach($typeleaves as $key => $val)
+		{
+			$labeltoshow = ($langs->trans($val['code'])!=$val['code'] ? $langs->trans($val['code']) : $val['label']);
+			//$labeltoshow .= ($val['delay'] > 0 ? ' ('.$langs->trans("NoticePeriod").': '.$val['delay'].' '.$langs->trans("days").')':'');
+			$arraytypeleaves[$val['rowid']]=$labeltoshow;
+		}
+		print $form->selectarray('search_type', $arraytypeleaves, $search_type, 1);
 	}
-	print $form->selectarray('search_type', $arraytypeleaves, $search_type, 1);
+	print '</td>';
 }
-print '</td>';
 
 // Duration
-print '<td class="liste_titre">&nbsp;</td>';
+if (! empty($arrayfields['duration']['checked']))
+{
+	print '<td class="liste_titre">&nbsp;</td>';
+}
 
 // Start date
-print '<td class="liste_titre center">';
-print '<input class="flat valignmiddle" type="text" size="1" maxlength="2" name="search_month_start" value="'.dol_escape_htmltag($search_month_start).'">';
-$formother->select_year($search_year_start, 'search_year_start', 1, $min_year, $max_year);
-print '</td>';
+if (! empty($arrayfields['cp.date_debut']['checked']))
+{
+	print '<td class="liste_titre center">';
+	print '<input class="flat valignmiddle" type="text" size="1" maxlength="2" name="search_month_start" value="'.dol_escape_htmltag($search_month_start).'">';
+	$formother->select_year($search_year_start, 'search_year_start', 1, $min_year, $max_year);
+	print '</td>';
+}
 
 // End date
-print '<td class="liste_titre center">';
-print '<input class="flat valignmiddle" type="text" size="1" maxlength="2" name="search_month_end" value="'.dol_escape_htmltag($search_month_end).'">';
-$formother->select_year($search_year_end, 'search_year_end', 1, $min_year, $max_year);
-print '</td>';
+if (! empty($arrayfields['cp.date_fin']['checked']))
+{
+	print '<td class="liste_titre center">';
+	print '<input class="flat valignmiddle" type="text" size="1" maxlength="2" name="search_month_end" value="'.dol_escape_htmltag($search_month_end).'">';
+	$formother->select_year($search_year_end, 'search_year_end', 1, $min_year, $max_year);
+	print '</td>';
+}
+
+// Extra fields
+include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_input.tpl.php';
+// Fields from hook
+$parameters=array('arrayfields'=>$arrayfields);
+$reshook=$hookmanager->executeHooks('printFieldListOption', $parameters);    // Note that $action and $object may have been modified by hook
+print $hookmanager->resPrint;
+
+// Create date
+if (! empty($arrayfields['cp.date_create']['checked']))
+{
+	print '<td class="liste_titre center">';
+	print '<input class="flat valignmiddle" type="text" size="1" maxlength="2" name="search_month_create" value="'.dol_escape_htmltag($search_month_create).'">';
+	$formother->select_year($search_year_create, 'search_year_create', 1, $min_year, 0);
+	print '</td>';
+}
+
+// Create date
+if (! empty($arrayfields['cp.tms']['checked']))
+{
+	print '<td class="liste_titre center">';
+	print '<input class="flat valignmiddle" type="text" size="1" maxlength="2" name="search_month_update" value="'.dol_escape_htmltag($search_month_update).'">';
+	$formother->select_year($search_year_update, 'search_year_update', 1, $min_year, 0);
+	print '</td>';
+}
 
 // Status
-print '<td class="liste_titre maxwidthonsmartphone maxwidth200 right">';
-$holiday->selectStatutCP($search_statut, 'search_statut');
-print '</td>';
+if (! empty($arrayfields['cp.statut']['checked']))
+{
+	print '<td class="liste_titre maxwidthonsmartphone maxwidth200 right">';
+	$object->selectStatutCP($search_statut, 'search_statut');
+	print '</td>';
+}
 
 // Actions
 print '<td class="liste_titre maxwidthsearch">';
-$searchpicto=$form->showFilterAndCheckAddButtons(0);
+$searchpicto=$form->showFilterButtons();
 print $searchpicto;
 print '</td>';
 
 print "</tr>\n";
 
 print '<tr class="liste_titre">';
-print_liste_field_titre("Ref", $_SERVER["PHP_SELF"], "cp.ref", "", $param, '', $sortfield, $sortorder);
-print_liste_field_titre("DateCreateCP", $_SERVER["PHP_SELF"], "cp.date_create", "", $param, '', $sortfield, $sortorder, 'center ');
-print_liste_field_titre("Employee", $_SERVER["PHP_SELF"], "cp.fk_user", "", $param, '', $sortfield, $sortorder);
-print_liste_field_titre("ValidatorCP", $_SERVER["PHP_SELF"], "cp.fk_validator", "", $param, '', $sortfield, $sortorder);
-print_liste_field_titre("Type", $_SERVER["PHP_SELF"], '', '', $param, '', $sortfield, $sortorder);
-print_liste_field_titre("NbUseDaysCPShort", $_SERVER["PHP_SELF"], '', '', $pram, '', $sortfield, $sortorder, 'right ');
-print_liste_field_titre("DateDebCP", $_SERVER["PHP_SELF"], "cp.date_debut", "", $param, '', $sortfield, $sortorder, 'center ');
-print_liste_field_titre("DateFinCP", $_SERVER["PHP_SELF"], "cp.date_fin", "", $param, '', $sortfield, $sortorder, 'center ');
-print_liste_field_titre("Status", $_SERVER["PHP_SELF"], "cp.statut", "", $param, '', $sortfield, $sortorder, 'right ');
-print getTitleFieldOfList($selectedfields, 0, $_SERVER["PHP_SELF"], "", '', $param, '', $sortfield, $sortorder, 'center maxwidthsearch ')."\n";
+if (! empty($arrayfields['cp.ref']['checked']))                  print_liste_field_titre($arrayfields['cp.ref']['label'],          $_SERVER["PHP_SELF"], "cp.ref", "", $param, '', $sortfield, $sortorder);
+if (! empty($arrayfields['cp.fk_user']['checked']))              print_liste_field_titre($arrayfields['cp.fk_user']['label'],      $_SERVER["PHP_SELF"], "cp.fk_user", "", $param, '', $sortfield, $sortorder);
+if (! empty($arrayfields['cp.fk_validator']['checked']))         print_liste_field_titre($arrayfields['cp.fk_validator']['label'], $_SERVER["PHP_SELF"], "cp.fk_validator", "", $param, '', $sortfield, $sortorder);
+if (! empty($arrayfields['cp.fk_type']['checked']))              print_liste_field_titre($arrayfields['cp.fk_type']['label'],      $_SERVER["PHP_SELF"], '', '', $param, '', $sortfield, $sortorder);
+if (! empty($arrayfields['duration']['checked']))                print_liste_field_titre($arrayfields['duration']['label'],        $_SERVER["PHP_SELF"], '', '', $param, '', $sortfield, $sortorder, 'right ');
+if (! empty($arrayfields['cp.date_debut']['checked']))           print_liste_field_titre($arrayfields['cp.date_debut']['label'],   $_SERVER["PHP_SELF"], "cp.date_debut", "", $param, '', $sortfield, $sortorder, 'center ');
+if (! empty($arrayfields['cp.date_fin']['checked']))             print_liste_field_titre($arrayfields['cp.date_fin']['label'],     $_SERVER["PHP_SELF"], "cp.date_fin", "", $param, '', $sortfield, $sortorder, 'center ');
+// Extra fields
+include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_title.tpl.php';
+// Hook fields
+$parameters=array('arrayfields'=>$arrayfields,'param'=>$param,'sortfield'=>$sortfield,'sortorder'=>$sortorder);
+$reshook=$hookmanager->executeHooks('printFieldListTitle', $parameters);    // Note that $action and $object may have been modified by hook
+print $hookmanager->resPrint;
+if (! empty($arrayfields['cp.date_create']['checked']))          print_liste_field_titre($arrayfields['cp.date_create']['label'], $_SERVER["PHP_SELF"], "cp.date_create", "", $param, '', $sortfield, $sortorder, 'center ');
+if (! empty($arrayfields['cp.tms']['checked']))                  print_liste_field_titre($arrayfields['cp.tms']['label'],   $_SERVER["PHP_SELF"], "cp.tms", "", $param, '', $sortfield, $sortorder, 'center ');
+if (! empty($arrayfields['cp.statut']['checked']))               print_liste_field_titre("Status",       $_SERVER["PHP_SELF"], "cp.statut", "", $param, '', $sortfield, $sortorder, 'right ');
+print_liste_field_titre($selectedfields, $_SERVER["PHP_SELF"], "", '', '', 'align="center"', $sortfield, $sortorder, 'maxwidthsearch ');
 print "</tr>\n";
 
 $listhalfday=array('morning'=>$langs->trans("Morning"),"afternoon"=>$langs->trans("Afternoon"));
@@ -502,15 +605,17 @@ if ($id && empty($user->rights->holiday->read_all) && ! in_array($id, $childids)
 	print '<tr class="oddeven opacitymediuem"><td colspan="10">'.$langs->trans("NotEnoughPermissions").'</td></tr>';
 	$result = 0;
 }
-elseif (! empty($holiday->holiday) && !empty($mysoc->country_id))
+elseif (! empty($object->holiday) && !empty($mysoc->country_id))
 {
     // Lines
     $userstatic = new User($db);
     $approbatorstatic = new User($db);
 
-	$typeleaves=$holiday->getTypes(1, -1);
+	$typeleaves=$object->getTypes(1, -1);
 
-	foreach($holiday->holiday as $infos_CP)
+	$i = 0;
+	$totalarray=array();
+	foreach($object->holiday as $infos_CP)
 	{
 		// Leave request
 		$holidaystatic->id=$infos_CP['rowid'];
@@ -533,34 +638,86 @@ elseif (! empty($holiday->holiday) && !empty($mysoc->country_id))
 		$approbatorstatic->photo=$infos_CP['validator_photo'];
 
 		$date = $infos_CP['date_create'];
+		$date_modif = $infos_CP['date_update'];
 
 		$starthalfday=($infos_CP['halfday'] == -1 || $infos_CP['halfday'] == 2)?'afternoon':'morning';
 		$endhalfday=($infos_CP['halfday'] == 1 || $infos_CP['halfday'] == 2)?'morning':'afternoon';
 
 		print '<tr class="oddeven">';
-		print '<td>';
-		print $holidaystatic->getNomUrl(1, 1);
-		print '</td>';
-		print '<td style="text-align: center;">'.dol_print_date($date, 'day').'</td>';
-		print '<td>'.$userstatic->getNomUrl(-1, 'leave').'</td>';
-		print '<td>'.$approbatorstatic->getNomUrl(-1).'</td>';
-		print '<td>';
-		$labeltypeleavetoshow = ($langs->trans($typeleaves[$infos_CP['fk_type']]['code'])!=$typeleaves[$infos_CP['fk_type']]['code'] ? $langs->trans($typeleaves[$infos_CP['fk_type']]['code']) : $typeleaves[$infos_CP['fk_type']]['label']);
-		print empty($typeleaves[$infos_CP['fk_type']]['label']) ? $langs->trans("TypeWasDisabledOrRemoved", $infos_CP['fk_type']) : $labeltypeleavetoshow;
-		print '</td>';
-		print '<td class="right">';
-		$nbopenedday=num_open_day($infos_CP['date_debut_gmt'], $infos_CP['date_fin_gmt'], 0, 1, $infos_CP['halfday']);
-		print $nbopenedday.' '.$langs->trans('DurationDays');
-		print '</td>';
-		print '<td class="center">';
-		print dol_print_date($infos_CP['date_debut'], 'day');
-		print ' <span class="opacitymedium">('.$langs->trans($listhalfday[$starthalfday]).')</span>';
-		print '</td>';
-		print '<td class="center">';
-		print dol_print_date($infos_CP['date_fin'], 'day');
-		print ' <span class="opacitymedium">('.$langs->trans($listhalfday[$endhalfday]).')</span>';
-		print '</td>';
-		print '<td class="right">'.$holidaystatic->LibStatut($infos_CP['statut'], 5).'</td>';
+
+		if (! empty($arrayfields['cp.ref']['checked']))
+		{
+			print '<td>';
+			print $holidaystatic->getNomUrl(1, 1);
+			print '</td>';
+			if (! $i) $totalarray['nbfield']++;
+		}
+		if (! empty($arrayfields['cp.fk_user']['checked']))
+		{
+			print '<td>'.$userstatic->getNomUrl(-1, 'leave').'</td>';
+			if (! $i) $totalarray['nbfield']++;
+		}
+		if (! empty($arrayfields['cp.fk_validator']['checked']))
+		{
+			print '<td>'.$approbatorstatic->getNomUrl(-1).'</td>';
+			if (! $i) $totalarray['nbfield']++;
+		}
+		if (! empty($arrayfields['cp.fk_type']['checked']))
+		{
+			print '<td>';
+			$labeltypeleavetoshow = ($langs->trans($typeleaves[$infos_CP['fk_type']]['code'])!=$typeleaves[$infos_CP['fk_type']]['code'] ? $langs->trans($typeleaves[$infos_CP['fk_type']]['code']) : $typeleaves[$infos_CP['fk_type']]['label']);
+			print empty($typeleaves[$infos_CP['fk_type']]['label']) ? $langs->trans("TypeWasDisabledOrRemoved", $infos_CP['fk_type']) : $labeltypeleavetoshow;
+			print '</td>';
+			if (! $i) $totalarray['nbfield']++;
+		}
+		if (! empty($arrayfields['duration']['checked']))
+		{
+			print '<td class="right">';
+			$nbopenedday=num_open_day($infos_CP['date_debut_gmt'], $infos_CP['date_fin_gmt'], 0, 1, $infos_CP['halfday']);
+			print $nbopenedday.' '.$langs->trans('DurationDays');
+			print '</td>';
+			if (! $i) $totalarray['nbfield']++;
+		}
+		if (! empty($arrayfields['cp.date_debut']['checked']))
+		{
+			print '<td class="center">';
+			print dol_print_date($infos_CP['date_debut'], 'day');
+			print ' <span class="opacitymedium">('.$langs->trans($listhalfday[$starthalfday]).')</span>';
+			print '</td>';
+			if (! $i) $totalarray['nbfield']++;
+		}
+		if (! empty($arrayfields['cp.date_fin']['checked']))
+		{
+			print '<td class="center">';
+			print dol_print_date($infos_CP['date_fin'], 'day');
+			print ' <span class="opacitymedium">('.$langs->trans($listhalfday[$endhalfday]).')</span>';
+			print '</td>';
+			if (! $i) $totalarray['nbfield']++;
+		}
+
+		// Extra fields
+		include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_print_fields.tpl.php';
+		// Fields from hook
+		$parameters=array('arrayfields'=>$arrayfields, 'obj'=>$obj);
+		$reshook=$hookmanager->executeHooks('printFieldListValue', $parameters);    // Note that $action and $object may have been modified by hook
+		print $hookmanager->resPrint;
+
+		// Date creation
+		if (! empty($arrayfields['cp.date_create']['checked']))
+		{
+			print '<td style="text-align: center;">'.dol_print_date($date, 'day').'</td>';
+			if (! $i) $totalarray['nbfield']++;
+		}
+		if (! empty($arrayfields['cp.tms']['checked']))
+		{
+			print '<td style="text-align: center;">'.dol_print_date($date_modif, 'day').'</td>';
+			if (! $i) $totalarray['nbfield']++;
+		}
+		if (! empty($arrayfields['cp.statut']['checked']))
+		{
+			print '<td class="right nowrap">'.$holidaystatic->LibStatut($infos_CP['statut'], 5).'</td>';
+			if (! $i) $totalarray['nbfield']++;
+		}
 
 	    // Action column
 	    print '<td class="nowrap center">';
@@ -571,8 +728,11 @@ elseif (! empty($holiday->holiday) && !empty($mysoc->country_id))
 			print '<input id="cb'.$infos_CP['rowid'].'" class="flat checkforselect" type="checkbox" name="toselect[]" value="'.$infos_CP['rowid'].'"'.($selected?' checked="checked"':'').'>';
 	    }
 		print '</td>';
+		if (! $i) $totalarray['nbfield']++;
 
 		print '</tr>'."\n";
+
+		$i++;
 	}
 }
 
diff --git a/htdocs/install/mysql/migration/10.0.0-11.0.0.sql b/htdocs/install/mysql/migration/10.0.0-11.0.0.sql
index 7d5a3a1716b..45bd666abb0 100644
--- a/htdocs/install/mysql/migration/10.0.0-11.0.0.sql
+++ b/htdocs/install/mysql/migration/10.0.0-11.0.0.sql
@@ -36,6 +36,16 @@ UPDATE llx_expensereport set paid = 1 WHERE fk_statut = 6 and paid = 0;
 
 -- For v11
 
+create table llx_holiday_extrafields
+(
+  rowid                     integer AUTO_INCREMENT PRIMARY KEY,
+  tms                       timestamp,
+  fk_object                 integer NOT NULL,
+  import_key                varchar(14)                          		-- import key
+) ENGINE=innodb;
+
+ALTER TABLE llx_holiday_extrafields ADD INDEX idx_holiday_extrafields (fk_object);
+
 ALTER TABLE llx_societe_rib MODIFY label varchar(200);
 
 insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('USER_SENTBYMAIL','Email sent','Executed when an email is sent from user card','user',300);
diff --git a/htdocs/install/mysql/tables/llx_holiday_extrafields.key.sql b/htdocs/install/mysql/tables/llx_holiday_extrafields.key.sql
new file mode 100644
index 00000000000..6558fdef503
--- /dev/null
+++ b/htdocs/install/mysql/tables/llx_holiday_extrafields.key.sql
@@ -0,0 +1,21 @@
+-- ===================================================================
+-- Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
+--
+-- This program is free software; you can redistribute it and/or modify
+-- it under the terms of the GNU General Public License as published by
+-- the Free Software Foundation; either version 3 of the License, or
+-- (at your option) any later version.
+--
+-- This program is distributed in the hope that it will be useful,
+-- but WITHOUT ANY WARRANTY; without even the implied warranty of
+-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+-- GNU General Public License for more details.
+--
+-- You should have received a copy of the GNU General Public License
+-- along with this program. If not, see <http://www.gnu.org/licenses/>.
+--
+-- ===================================================================
+
+
+ALTER TABLE llx_holiday_extrafields ADD INDEX idx_holiday_extrafields (fk_object);
+
diff --git a/htdocs/install/mysql/tables/llx_holiday_extrafields.sql b/htdocs/install/mysql/tables/llx_holiday_extrafields.sql
new file mode 100644
index 00000000000..29881bbb0cb
--- /dev/null
+++ b/htdocs/install/mysql/tables/llx_holiday_extrafields.sql
@@ -0,0 +1,26 @@
+-- ========================================================================
+-- Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
+--
+-- This program is free software; you can redistribute it and/or modify
+-- it under the terms of the GNU General Public License as published by
+-- the Free Software Foundation; either version 3 of the License, or
+-- (at your option) any later version.
+--
+-- This program is distributed in the hope that it will be useful,
+-- but WITHOUT ANY WARRANTY; without even the implied warranty of
+-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+-- GNU General Public License for more details.
+--
+-- You should have received a copy of the GNU General Public License
+-- along with this program. If not, see <http://www.gnu.org/licenses/>.
+--
+-- ========================================================================
+
+create table llx_holiday_extrafields
+(
+  rowid                     integer AUTO_INCREMENT PRIMARY KEY,
+  tms                       timestamp,
+  fk_object                 integer NOT NULL,
+  import_key                varchar(14)                          		-- import key
+) ENGINE=innodb;
+
diff --git a/htdocs/langs/en_US/holiday.lang b/htdocs/langs/en_US/holiday.lang
index 145f996c4f2..9e31180f3ea 100644
--- a/htdocs/langs/en_US/holiday.lang
+++ b/htdocs/langs/en_US/holiday.lang
@@ -8,7 +8,6 @@ NotActiveModCP=You must enable the module Leave to view this page.
 AddCP=Make a leave request
 DateDebCP=Start date
 DateFinCP=End date
-DateCreateCP=Creation date
 DraftCP=Draft
 ToReviewCP=Awaiting approval
 ApprovedCP=Approved

From 6431e8e16d8ca778d222097a51c927a0526c8101 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 24 Sep 2019 12:43:44 +0200
Subject: [PATCH 24/30] FIX SQL injection on qty

---
 htdocs/core/lib/functions.lib.php                |  4 +++-
 htdocs/fourn/class/fournisseur.product.class.php | 11 +++++------
 htdocs/product/class/product.class.php           |  7 +++++--
 htdocs/product/fournisseurs.php                  |  4 ++--
 4 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 268b206919c..4dcd9e33623 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -4437,7 +4437,9 @@ function price($amount, $form = 0, $outlangs = '', $trunc = 1, $rounding = -1, $
  *									'MS'=Round to Max for stock quantity (MAIN_MAX_DECIMALS_STOCK)
  *									Numeric = Nb of digits for rounding
  * 	@param	int		$alreadysqlnb	Put 1 if you know that content is already universal format number
- *	@return	string					Amount with universal numeric format (Example: '99.99999') or unchanged text if conversion fails. If amount is null or '', it returns ''.
+ *	@return	string					Amount with universal numeric format (Example: '99.99999').
+ *									If conversion fails, it return text unchanged if $rounding = '' or '0' if $rounding is defined.
+ *									If amount is null or '', it returns '' if $rounding = '' or '0' if $rounding is defined..
  *
  *	@see    price()					Opposite function of price2num
  */
diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php
index 6847af5edf1..faa681b0e88 100644
--- a/htdocs/fourn/class/fournisseur.product.class.php
+++ b/htdocs/fourn/class/fournisseur.product.class.php
@@ -207,7 +207,7 @@ class ProductFournisseur extends Product
     /**
      *    Modify the purchase price for a supplier
      *
-     *    @param  	int			$qty				            Min quantity for which price is valid
+     *    @param  	float		$qty				            Min quantity for which price is valid
      *    @param  	float		$buyprice			            Purchase price for the quantity min
      *    @param  	User		$user				            Object user user made changes
      *    @param  	string		$price_base_type	            HT or TTC
@@ -230,7 +230,7 @@ class ProductFournisseur extends Product
      *    @param  	string		$desc_fourn     	            Custom description for product_fourn_price
      *    @param  	string		$barcode     	                Barcode
      *    @param  	int		    $fk_barcode_type     	        Barcode type
-     *    @return	int								<0 if KO, >=0 if OK
+     *    @return	int											<0 if KO, >=0 if OK
      */
     public function update_buyprice($qty, $buyprice, $user, $price_base_type, $fourn, $availability, $ref_fourn, $tva_tx, $charges = 0, $remise_percent = 0, $remise = 0, $newnpr = 0, $delivery_time_days = 0, $supplier_reputation = '', $localtaxes_array = array(), $newdefaultvatcode = '', $multicurrency_buyprice = 0, $multicurrency_price_base_type = 'HT', $multicurrency_tx = 1, $multicurrency_code = '', $desc_fourn = '', $barcode = '', $fk_barcode_type = '')
     {
@@ -272,11 +272,10 @@ class ProductFournisseur extends Product
 
         $buyprice=price2num($buyprice, 'MU');
 		$charges=price2num($charges, 'MU');
-        $qty=price2num($qty);
- 		$error=0;
-
+        $qty=price2num($qty, 'MS');
 		$unitBuyPrice = price2num($buyprice/$qty, 'MU');
 
+		$error=0;
 		$now=dol_now();
 
 		$newvat = $tva_tx;
@@ -331,7 +330,7 @@ class ProductFournisseur extends Product
 			$sql.= " SET fk_user = " . $user->id." ,";
             $sql.= " ref_fourn = '" . $this->db->escape($ref_fourn) . "',";
             $sql.= " desc_fourn = '" . $this->db->escape($desc_fourn) . "',";
-			$sql.= " price = ".price2num($buyprice).",";
+			$sql.= " price = ".$buyprice.",";
 			$sql.= " quantity = ".$qty.",";
 			$sql.= " remise_percent = ".$remise_percent.",";
 			$sql.= " remise = ".$remise.",";
diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php
index 9866df3d736..9224bf03a92 100644
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@@ -3437,7 +3437,7 @@ class Product extends CommonObject
      * @param  int    $id_fourn  Supplier id
      * @param  string $ref_fourn Supplier ref
      * @param  float  $quantity  Quantity minimum for price
-     * @return int                 < 0 if KO, 0 if link already exists for this product, > 0 if OK
+     * @return int               < 0 if KO, 0 if link already exists for this product, > 0 if OK
      */
     public function add_fournisseur($user, $id_fourn, $ref_fourn, $quantity)
     {
@@ -3448,6 +3448,9 @@ class Product extends CommonObject
 
         dol_syslog(get_class($this)."::add_fournisseur id_fourn = ".$id_fourn." ref_fourn=".$ref_fourn." quantity=".$quantity, LOG_DEBUG);
 
+        // Clean parameters
+        $quantity = price2num($quantity, 'MS');
+
         if ($ref_fourn) {
             $sql = "SELECT rowid, fk_product";
             $sql.= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price";
@@ -3474,7 +3477,7 @@ class Product extends CommonObject
         if ($ref_fourn) { $sql.= " AND ref_fourn = '".$this->db->escape($ref_fourn)."'";
         } else { $sql.= " AND (ref_fourn = '' OR ref_fourn IS NULL)";
         }
-        $sql.= " AND quantity = '".$quantity."'";
+        $sql.= " AND quantity = ".$quantity;
         $sql.= " AND fk_product = ".$this->id;
         $sql.= " AND entity IN (".getEntity('productsupplierprice').")";
 
diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php
index ca1f0727a4e..560f5b1b574 100644
--- a/htdocs/product/fournisseurs.php
+++ b/htdocs/product/fournisseurs.php
@@ -154,7 +154,7 @@ if (empty($reshook))
 		if (empty($ref_fourn)) $ref_fourn=GETPOST("search_ref_fourn");
 		$ref_fourn_old=GETPOST("ref_fourn_old");
 		if (empty($ref_fourn_old)) $ref_fourn_old = $ref_fourn;
-		$quantity=GETPOST("qty");
+		$quantity=price2num(GETPOST("qty", 'nohtml'), 'MS');
 		$remise_percent=price2num(GETPOST('remise_percent', 'alpha'));
 		$npr = preg_match('/\*/', $_POST['tva_tx']) ? 1 : 0 ;
 		$tva_tx = str_replace('*', '', GETPOST('tva_tx', 'alpha'));
@@ -481,7 +481,7 @@ if ($id > 0 || $ref)
 				print '<tr>';
 				print '<td class="fieldrequired">'.$langs->trans("QtyMin").'</td>';
 				print '<td>';
-				$quantity = GETPOST('qty') ? GETPOST('qty') : "1";
+				$quantity = GETPOSTISSET('qty') ? price2num(GETPOST('qty', 'nohtml'), 'MS') : "1";
 				if ($rowid)
 				{
 					print '<input type="hidden" name="qty" value="'.$object->fourn_qty.'">';

From 9cfe1262bdbdc38521e79bb1cbaad3a0a04d3fee Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 24 Sep 2019 13:30:04 +0200
Subject: [PATCH 25/30] FIX Force downlaod of file with .noexe as octet-stream
 mime type

---
 htdocs/document.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/htdocs/document.php b/htdocs/document.php
index 57897786f0d..2b37792d69a 100644
--- a/htdocs/document.php
+++ b/htdocs/document.php
@@ -159,6 +159,8 @@ if (! empty($conf->global->MAIN_DISABLE_FORCE_SAVEAS)) $attachment=false;
 $type = 'application/octet-stream';
 if (GETPOST('type', 'alpha')) $type=GETPOST('type', 'alpha');
 else $type=dol_mimetype($original_file);
+// Security: Force to octet-stream if file is a dangerous file
+if (preg_match('/\.noexe$/i', $original_file)) $type = 'application/octet-stream';
 
 // Security: Delete string ../ into $original_file
 $original_file = str_replace("../", "/", $original_file);
@@ -215,7 +217,7 @@ if (! $accessallowed)
 }
 
 // Security:
-// On interdit les remontees de repertoire ainsi que les pipe dans les noms de fichiers.
+// We refuse directory transversal change and pipes in file names
 if (preg_match('/\.\./', $fullpath_original_file) || preg_match('/[<>|]/', $fullpath_original_file))
 {
 	dol_syslog("Refused to deliver file ".$fullpath_original_file);
@@ -227,6 +229,7 @@ if (preg_match('/\.\./', $fullpath_original_file) || preg_match('/[<>|]/', $full
 clearstatcache();
 
 $filename = basename($fullpath_original_file);
+$filename = preg_replace('/\.noexe$/i', '', $filename);
 
 // Output file on browser
 dol_syslog("document.php download $fullpath_original_file filename=$filename content-type=$type");

From c53be23122fc6e7c3c8d65ee8ba979c566380964 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 24 Sep 2019 13:54:52 +0200
Subject: [PATCH 26/30] FIX Filtering the HTTP Header "Accept-Language".

---
 htdocs/core/class/translate.class.php |  5 +++--
 test/phpunit/SecurityTest.php         | 18 ++++++++++++++++++
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/class/translate.class.php b/htdocs/core/class/translate.class.php
index fe00f803a6b..eca41a55301 100644
--- a/htdocs/core/class/translate.class.php
+++ b/htdocs/core/class/translate.class.php
@@ -88,11 +88,12 @@ class Translate
 
 		if (empty($srclang) || $srclang == 'auto')
 		{
+			// $_SERVER['HTTP_ACCEPT_LANGUAGE'] can be 'fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7,it;q=0.6' but can contains also malicious content
 			$langpref=empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])?'':$_SERVER['HTTP_ACCEPT_LANGUAGE'];
-			$langpref=preg_replace("/;([^,]*)/i", "", $langpref);
+			$langpref=preg_replace("/;([^,]*)/i", "", $langpref);	// Remove the 'q=x.y,' part
 			$langpref=str_replace("-", "_", $langpref);
 			$langlist=preg_split("/[;,]/", $langpref);
-			$codetouse=$langlist[0];
+			$codetouse=preg_replace('/[^_a-zA-Z]/', '', $langlist[0]);
 		}
 		else $codetouse=$srclang;
 
diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php
index b457c4c0fa7..68b93c6ec88 100644
--- a/test/phpunit/SecurityTest.php
+++ b/test/phpunit/SecurityTest.php
@@ -130,6 +130,24 @@ class SecurityTest extends PHPUnit\Framework\TestCase
     	print __METHOD__."\n";
     }
 
+    /**
+     * testSetLang
+     *
+     * @return string
+     */
+    public function testSetLang()
+    {
+    	global $conf;
+    	$conf=$this->savconf;
+
+    	$tmplangs = new Translate('', $conf);
+
+    	$_SERVER['HTTP_ACCEPT_LANGUAGE'] = "' malicious text with quote";
+    	$tmplangs->setDefaultLang('auto');
+    	print __METHOD__.' $tmplangs->defaultlang='.$tmplangs->defaultlang."\n";
+    	$this->assertEquals($tmplangs->defaultlang, 'malicioustextwithquote_MALICIOUSTEXTWITHQUOTE');
+    }
+
     /**
      * testGETPOST
      *

From db334a3b94a926923df1755fe8117e533d3a06a8 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 24 Sep 2019 14:16:24 +0200
Subject: [PATCH 27/30] FIX Var not enough sanitized

---
 htdocs/admin/emailcollector_card.php   |  4 +-
 htdocs/categories/viewcat.php          |  2 +-
 htdocs/comm/action/index.php           |  2 +-
 htdocs/install/check.php               |  2 +-
 htdocs/install/repair.php              |  2 +-
 htdocs/main.inc.php                    |  2 +-
 htdocs/public/ticket/create_ticket.php |  6 +--
 htdocs/ticket/card.php                 |  6 +--
 htdocs/user/card.php                   | 53 +++++++++++++-------------
 htdocs/website/index.php               |  6 +--
 10 files changed, 43 insertions(+), 42 deletions(-)

diff --git a/htdocs/admin/emailcollector_card.php b/htdocs/admin/emailcollector_card.php
index 6d1b640f45b..64e784ece9d 100644
--- a/htdocs/admin/emailcollector_card.php
+++ b/htdocs/admin/emailcollector_card.php
@@ -116,7 +116,7 @@ if (empty($reshook))
 if (GETPOST('addfilter', 'alpha'))
 {
 	$emailcollectorfilter = new EmailCollectorFilter($db);
-	$emailcollectorfilter->type = GETPOST('filtertype', 'az09');
+	$emailcollectorfilter->type = GETPOST('filtertype', 'aZ09');
 	$emailcollectorfilter->rulevalue = GETPOST('rulevalue', 'alpha');
 	$emailcollectorfilter->fk_emailcollector = $object->id;
 	$emailcollectorfilter->status = 1;
@@ -150,7 +150,7 @@ if ($action == 'deletefilter')
 if (GETPOST('addoperation', 'alpha'))
 {
 	$emailcollectoroperation = new EmailCollectorAction($db);
-	$emailcollectoroperation->type = GETPOST('operationtype', 'az09');
+	$emailcollectoroperation->type = GETPOST('operationtype', 'aZ09');
 	$emailcollectoroperation->actionparam = GETPOST('operationparam', 'none');
 	$emailcollectoroperation->fk_emailcollector = $object->id;
 	$emailcollectoroperation->status = 1;
diff --git a/htdocs/categories/viewcat.php b/htdocs/categories/viewcat.php
index a7a0767c6b5..40eda2da913 100644
--- a/htdocs/categories/viewcat.php
+++ b/htdocs/categories/viewcat.php
@@ -36,7 +36,7 @@ $langs->load("categories");
 
 $id   = GETPOST('id', 'int');
 $label= GETPOST('label', 'alpha');
-$type = GETPOST('type', 'az09');
+$type = GETPOST('type', 'aZ09');
 $action=GETPOST('action', 'aZ09');
 $confirm    = GETPOST('confirm', 'alpha');
 $removeelem = GETPOST('removeelem', 'int');
diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php
index 48165361d7c..4ea61e2db38 100644
--- a/htdocs/comm/action/index.php
+++ b/htdocs/comm/action/index.php
@@ -87,7 +87,7 @@ $week=GETPOST("week", "int")?GETPOST("week", "int"):date("W");
 $day=GETPOST("day", "int")?GETPOST("day", "int"):date("d");
 $pid=GETPOST("search_projectid", "int", 3)?GETPOST("search_projectid", "int", 3):GETPOST("projectid", "int", 3);
 $status=GETPOST("search_status", 'aZ09')?GETPOST("search_status", 'aZ09'):GETPOST("status", 'aZ09');		// status may be 0, 50, 100, 'todo'
-$type=GETPOST("search_type", 'az09')?GETPOST("search_type", 'az09'):GETPOST("type", 'az09');
+$type=GETPOST("search_type", 'aZ09')?GETPOST("search_type", 'aZ09'):GETPOST("type", 'aZ09');
 $maxprint=(isset($_GET["maxprint"])?GETPOST("maxprint"):$conf->global->AGENDA_MAX_EVENTS_DAY_VIEW);
 // Set actioncode (this code must be same for setting actioncode into peruser, listacton and index)
 if (GETPOST('search_actioncode', 'array'))
diff --git a/htdocs/install/check.php b/htdocs/install/check.php
index 43645f402ed..025c2c06dd5 100644
--- a/htdocs/install/check.php
+++ b/htdocs/install/check.php
@@ -35,7 +35,7 @@ $allowinstall = 0;
 $allowupgrade = false;
 $checksok = 1;
 
-$setuplang=GETPOST("selectlang", 'az09', 3)?GETPOST("selectlang", 'az09', 3):$langs->getDefaultLang();
+$setuplang=GETPOST("selectlang", 'aZ09', 3)?GETPOST("selectlang", 'aZ09', 3):$langs->getDefaultLang();
 $langs->setDefaultLang($setuplang);
 
 $langs->load("install");
diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php
index d34d43384d0..95ad4d2d563 100644
--- a/htdocs/install/repair.php
+++ b/htdocs/install/repair.php
@@ -42,7 +42,7 @@ error_reporting(0);
 @set_time_limit(120);
 error_reporting($err);
 
-$setuplang=GETPOST("selectlang", 'az09', 3)?GETPOST("selectlang", 'az09', 3):'auto';
+$setuplang=GETPOST("selectlang", 'aZ09', 3)?GETPOST("selectlang", 'aZ09', 3):'auto';
 $langs->setDefaultLang($setuplang);
 
 $langs->loadLangs(array("admin","install","other"));
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 0993cea8307..fcd2d8d7e54 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -988,7 +988,7 @@ if (! defined('NOLOGIN'))
 }
 
 
-dol_syslog("--- Access to ".$_SERVER["PHP_SELF"].' - action='.GETPOST('action', 'az09').', massaction='.GETPOST('massaction', 'az09'));
+dol_syslog("--- Access to ".$_SERVER["PHP_SELF"].' - action='.GETPOST('action', 'aZ09').', massaction='.GETPOST('massaction', 'aZ09'));
 //Another call for easy debugg
 //dol_syslog("Access to ".$_SERVER["PHP_SELF"].' GET='.join(',',array_keys($_GET)).'->'.join(',',$_GET).' POST:'.join(',',array_keys($_POST)).'->'.join(',',$_POST));
 
diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php
index b7d17244c2a..b2434e7d826 100644
--- a/htdocs/public/ticket/create_ticket.php
+++ b/htdocs/public/ticket/create_ticket.php
@@ -138,9 +138,9 @@ if ($action == 'create_ticket' && GETPOST('add', 'alpha')) {
         $object->message = GETPOST("message", "none");
         $object->origin_email = $origin_email;
 
-        $object->type_code = GETPOST("type_code", 'az09');
-        $object->category_code = GETPOST("category_code", 'az09');
-        $object->severity_code = GETPOST("severity_code", 'az09');
+        $object->type_code = GETPOST("type_code", 'aZ09');
+        $object->category_code = GETPOST("category_code", 'aZ09');
+        $object->severity_code = GETPOST("severity_code", 'aZ09');
         if (is_array($searched_companies)) {
             $object->fk_soc = $searched_companies[0]->id;
         }
diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php
index b770e2fec40..2c52ec513ff 100644
--- a/htdocs/ticket/card.php
+++ b/htdocs/ticket/card.php
@@ -570,9 +570,9 @@ if ($action == "change_property" && GETPOST('btn_update_ticket_prop', 'alpha') &
 {
 	$object->fetch(GETPOST('id', 'int'), '', GETPOST('track_id', 'alpha'));
 
-	$object->type_code = GETPOST('update_value_type', 'az09');
-	$object->severity_code = GETPOST('update_value_severity', 'az09');
-	$object->category_code = GETPOST('update_value_category', 'az09');
+	$object->type_code = GETPOST('update_value_type', 'aZ09');
+	$object->severity_code = GETPOST('update_value_severity', 'aZ09');
+	$object->category_code = GETPOST('update_value_category', 'aZ09');
 
 	$ret = $object->update($user);
 	if ($ret > 0) {
diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index aa6b8fc12b5..90cc0a142cb 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -54,7 +54,6 @@ $id			= GETPOST('id', 'int');
 $action		= GETPOST('action', 'aZ09');
 $mode		= GETPOST('mode', 'alpha');
 $confirm	= GETPOST('confirm', 'alpha');
-$subaction	= GETPOST('subaction', 'alpha');
 $group		= GETPOST("group", "int", 3);
 $cancel		= GETPOST('cancel', 'alpha');
 $contextpage= GETPOST('contextpage', 'aZ')?GETPOST('contextpage', 'aZ'):'useracard';   // To manage different context of search
@@ -195,14 +194,14 @@ if (empty($reshook)) {
 		}
 
 		if (!$error) {
-			$object->lastname = GETPOST("lastname", 'alpha');
-			$object->firstname = GETPOST("firstname", 'alpha');
-			$object->login = GETPOST("login", 'alpha');
-			$object->api_key = GETPOST("api_key", 'alpha');
-			$object->gender = GETPOST("gender", 'alpha');
-			$birth = dol_mktime(0, 0, 0, GETPOST('birthmonth'), GETPOST('birthday'), GETPOST('birthyear'));
+			$object->lastname = GETPOST("lastname", 'alphanohtml');
+			$object->firstname = GETPOST("firstname", 'alphanohtml');
+			$object->login = GETPOST("login", 'alphanohtml');
+			$object->api_key = GETPOST("api_key", 'alphanohtml');
+			$object->gender = GETPOST("gender", 'aZ09');
+			$birth = dol_mktime(0, 0, 0, GETPOST('birthmonth', 'int'), GETPOST('birthday', 'int'), GETPOST('birthyear', 'int'));
 			$object->birth = $birth;
-			$object->admin = GETPOST("admin", 'alpha');
+			$object->admin = GETPOST("admin", 'int');
 			$object->address = GETPOST('address', 'alphanohtml');
 			$object->zip = GETPOST('zipcode', 'alphanohtml');
 			$object->town = GETPOST('town', 'alphanohtml');
@@ -217,7 +216,7 @@ if (empty($reshook)) {
 			$object->facebook = GETPOST("facebook", 'alphanohtml');
 			$object->linkedin = GETPOST("linkedin", 'alphanohtml');
 
-			$object->email = preg_replace('/\s+/', '', GETPOST("email", 'alpha'));
+			$object->email = preg_replace('/\s+/', '', GETPOST("email", 'alphanohtml'));
 			$object->job = GETPOST("job", 'nohtml');
 			$object->signature = GETPOST("signature", 'none');
 			$object->accountancy_code = GETPOST("accountancy_code", 'alphanohtml');
@@ -233,10 +232,10 @@ if (empty($reshook)) {
 			$object->weeklyhours = GETPOST("weeklyhours", 'alphanohtml') != '' ? GETPOST("weeklyhours", 'alphanohtml') : '';
 
 			$object->color = GETPOST("color", 'alphanohtml') != '' ? GETPOST("color", 'alphanohtml') : '';
-			$dateemployment = dol_mktime(0, 0, 0, GETPOST('dateemploymentmonth'), GETPOST('dateemploymentday'), GETPOST('dateemploymentyear'));
+			$dateemployment = dol_mktime(0, 0, 0, GETPOST('dateemploymentmonth', 'int'), GETPOST('dateemploymentday', 'int'), GETPOST('dateemploymentyear', 'int'));
 			$object->dateemployment = $dateemployment;
 
-			$dateemploymentend = dol_mktime(0, 0, 0, GETPOST('dateemploymentendmonth'), GETPOST('dateemploymentendday'), GETPOST('dateemploymentendyear'));
+			$dateemploymentend = dol_mktime(0, 0, 0, GETPOST('dateemploymentendmonth', 'int'), GETPOST('dateemploymentendday', 'int'), GETPOST('dateemploymentendyear', 'int'));
 			$object->dateemploymentend = $dateemploymentend;
 
 			$object->fk_warehouse = GETPOST('fk_warehouse', 'int');
@@ -348,15 +347,15 @@ if (empty($reshook)) {
 
 				$db->begin();
 
-				$object->lastname = GETPOST("lastname", 'alpha');
-				$object->firstname = GETPOST("firstname", 'alpha');
-				$object->login = GETPOST("login", 'alpha');
-				$object->gender = GETPOST("gender", 'alpha');
-				$birth = dol_mktime(0, 0, 0, GETPOST('birthmonth'), GETPOST('birthday'), GETPOST('birthyear'));
+				$object->lastname = GETPOST("lastname", 'alphanohtml');
+				$object->firstname = GETPOST("firstname", 'alphanohtml');
+				$object->login = GETPOST("login", 'alphanohtml');
+				$object->gender = GETPOST("gender", 'aZ09');
+				$birth = dol_mktime(0, 0, 0, GETPOST('birthmonth', 'int'), GETPOST('birthday', 'int'), GETPOST('birthyear', 'int'));
 				$object->birth = $birth;
 				$object->pass = GETPOST("password", 'none');
-				$object->api_key = (GETPOST("api_key", 'alpha')) ? GETPOST("api_key", 'alpha') : $object->api_key;
-				if (! empty($user->admin)) $object->admin = GETPOST("admin"); 	// admin flag can only be set/unset by an admin user. A test is also done later when forging sql request
+				$object->api_key = (GETPOST("api_key", 'alphanohtml')) ? GETPOST("api_key", 'alphanohtml') : $object->api_key;
+				if (! empty($user->admin)) $object->admin = GETPOST("admin", "int"); 	// admin flag can only be set/unset by an admin user. A test is also done later when forging sql request
 				$object->address = GETPOST('address', 'alphanohtml');
 				$object->zip = GETPOST('zipcode', 'alphanohtml');
 				$object->town = GETPOST('town', 'alphanohtml');
@@ -365,15 +364,17 @@ if (empty($reshook)) {
 				$object->office_phone = GETPOST("office_phone", 'alphanohtml');
 				$object->office_fax = GETPOST("office_fax", 'alphanohtml');
 				$object->user_mobile = GETPOST("user_mobile", 'alphanohtml');
-				$object->skype = GETPOST("skype", 'alpha');
-				$object->twitter = GETPOST("twitter", 'alpha');
-				$object->facebook = GETPOST("facebook", 'alpha');
-				$object->linkedin = GETPOST("linkedin", 'alpha');
-				$object->email = preg_replace('/\s+/', '', GETPOST("email", 'alpha'));
+
+				$object->skype = GETPOST("skype", 'alphanohtml');
+				$object->twitter = GETPOST("twitter", 'alphanohtml');
+				$object->facebook = GETPOST("facebook", 'alphanohtml');
+				$object->linkedin = GETPOST("linkedin", 'alphanohtml');
+
+				$object->email = preg_replace('/\s+/', '', GETPOST("email", 'alphanohtml'));
 				$object->job = GETPOST("job", 'nohtml');
 				$object->signature = GETPOST("signature", 'none');
-				$object->accountancy_code = GETPOST("accountancy_code", 'alpha');
-				$object->openid = GETPOST("openid", 'alpha');
+				$object->accountancy_code = GETPOST("accountancy_code", 'alphanohtml');
+				$object->openid = GETPOST("openid", 'alphanohtml');
 				$object->fk_user = GETPOST("fk_user", 'int') > 0 ? GETPOST("fk_user", 'int') : 0;
 				$object->employee = GETPOST('employee', 'int');
 
@@ -383,7 +384,7 @@ if (empty($reshook)) {
 				$object->salaryextra = GETPOST("salaryextra", 'alphanohtml') != '' ? GETPOST("salaryextra", 'alphanohtml') : '';
 				$object->weeklyhours = GETPOST("weeklyhours", 'alphanohtml') != '' ? GETPOST("weeklyhours", 'alphanohtml') : '';
 
-				$object->color = GETPOST("color", 'alpha') != '' ? GETPOST("color", 'alpha') : '';
+				$object->color = GETPOST("color", 'alphanohtml') != '' ? GETPOST("color", 'alphanohtml') : '';
 				$dateemployment = dol_mktime(0, 0, 0, GETPOST('dateemploymentmonth', 'int'), GETPOST('dateemploymentday', 'int'), GETPOST('dateemploymentyear', 'int'));
 				$object->dateemployment = $dateemployment;
 				$dateemploymentend = dol_mktime(0, 0, 0, GETPOST('dateemploymentendmonth', 'int'), GETPOST('dateemploymentendday', 'int'), GETPOST('dateemploymentendyear', 'int'));
diff --git a/htdocs/website/index.php b/htdocs/website/index.php
index ef148ba609a..fe6d3a72ae4 100644
--- a/htdocs/website/index.php
+++ b/htdocs/website/index.php
@@ -2073,7 +2073,7 @@ if (! GETPOST('hide_websitemenu'))
 				$formquestion = array(
 					array('type' => 'checkbox', 'name' => 'delete_also_js', 'label' => $langs->trans("DeleteAlsoJs"), 'value' => 0),
 					array('type' => 'checkbox', 'name' => 'delete_also_medias', 'label' => $langs->trans("DeleteAlsoMedias"), 'value' => 0),
-					//array('type' => 'other','name' => 'newlang','label' => $langs->trans("Language"), 'value' => $formadmin->select_language(GETPOST('newlang', 'az09')?GETPOST('newlang', 'az09'):$langs->defaultlang, 'newlang', 0, null, '', 0, 0, 'minwidth200')),
+					//array('type' => 'other','name' => 'newlang','label' => $langs->trans("Language"), 'value' => $formadmin->select_language(GETPOST('newlang', 'aZ09')?GETPOST('newlang', 'aZ09'):$langs->defaultlang, 'newlang', 0, null, '', 0, 0, 'minwidth200')),
 					//array('type' => 'other','name' => 'newwebsite','label' => $langs->trans("WebSite"), 'value' => $formwebsite->selectWebsite($object->id, 'newwebsite', 0))
 				);
 
@@ -2088,7 +2088,7 @@ if (! GETPOST('hide_websitemenu'))
 				$formquestion = array(
 				array('type' => 'text', 'name' => 'siteref', 'label'=> $langs->trans("WebSite")  ,'value'=> 'copy_of_'.$object->ref),
 				//array('type' => 'checkbox', 'name' => 'is_a_translation', 'label' => $langs->trans("SiteIsANewTranslation"), 'value' => 0),
-				//array('type' => 'other','name' => 'newlang','label' => $langs->trans("Language"), 'value' => $formadmin->select_language(GETPOST('newlang', 'az09')?GETPOST('newlang', 'az09'):$langs->defaultlang, 'newlang', 0, null, '', 0, 0, 'minwidth200')),
+				//array('type' => 'other','name' => 'newlang','label' => $langs->trans("Language"), 'value' => $formadmin->select_language(GETPOST('newlang', 'aZ09')?GETPOST('newlang', 'aZ09'):$langs->defaultlang, 'newlang', 0, null, '', 0, 0, 'minwidth200')),
 				//array('type' => 'other','name' => 'newwebsite','label' => $langs->trans("WebSite"), 'value' => $formwebsite->selectWebsite($object->id, 'newwebsite', 0))
 				);
 
@@ -2102,7 +2102,7 @@ if (! GETPOST('hide_websitemenu'))
 				// Confirmation to clone
 				if ($action == 'createpagefromclone') {
 					// Create an array for form
-					$preselectedlanguage = GETPOST('newlang', 'az09') ? GETPOST('newlang', 'az09') : ($objectpage->lang ? $objectpage->lang : $langs->defaultlang);
+					$preselectedlanguage = GETPOST('newlang', 'aZ09') ? GETPOST('newlang', 'aZ09') : ($objectpage->lang ? $objectpage->lang : $langs->defaultlang);
 					$formquestion = array(
 						array('type' => 'hidden', 'name' => 'sourcepageurl', 'value'=> $objectpage->pageurl),
 						array('type' => 'checkbox', 'tdclass'=>'maxwidth200', 'name' => 'is_a_translation', 'label' => $langs->trans("PageIsANewTranslation"), 'value' => 0),

From 19c78d42e9649ad2fa272683f9a9f405fe0a7278 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 24 Sep 2019 14:20:29 +0200
Subject: [PATCH 28/30] Fix az09 -> aZ09

---
 htdocs/admin/emailcollector_card.php | 4 ++--
 htdocs/core/lib/functions.lib.php    | 4 +++-
 htdocs/install/check.php             | 2 +-
 htdocs/install/repair.php            | 2 +-
 htdocs/main.inc.php                  | 2 +-
 5 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/htdocs/admin/emailcollector_card.php b/htdocs/admin/emailcollector_card.php
index 6d1b640f45b..64e784ece9d 100644
--- a/htdocs/admin/emailcollector_card.php
+++ b/htdocs/admin/emailcollector_card.php
@@ -116,7 +116,7 @@ if (empty($reshook))
 if (GETPOST('addfilter', 'alpha'))
 {
 	$emailcollectorfilter = new EmailCollectorFilter($db);
-	$emailcollectorfilter->type = GETPOST('filtertype', 'az09');
+	$emailcollectorfilter->type = GETPOST('filtertype', 'aZ09');
 	$emailcollectorfilter->rulevalue = GETPOST('rulevalue', 'alpha');
 	$emailcollectorfilter->fk_emailcollector = $object->id;
 	$emailcollectorfilter->status = 1;
@@ -150,7 +150,7 @@ if ($action == 'deletefilter')
 if (GETPOST('addoperation', 'alpha'))
 {
 	$emailcollectoroperation = new EmailCollectorAction($db);
-	$emailcollectoroperation->type = GETPOST('operationtype', 'az09');
+	$emailcollectoroperation->type = GETPOST('operationtype', 'aZ09');
 	$emailcollectoroperation->actionparam = GETPOST('operationparam', 'none');
 	$emailcollectoroperation->fk_emailcollector = $object->id;
 	$emailcollectoroperation->status = 1;
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 86d02bcf22c..1130f136354 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -4473,7 +4473,9 @@ function price($amount, $form = 0, $outlangs = '', $trunc = 1, $rounding = -1, $
  *									'MS'=Round to Max for stock quantity (MAIN_MAX_DECIMALS_STOCK)
  *									Numeric = Nb of digits for rounding
  * 	@param	int		$alreadysqlnb	Put 1 if you know that content is already universal format number
- *	@return	string					Amount with universal numeric format (Example: '99.99999') or unchanged text if conversion fails. If amount is null or '', it returns ''.
+ *	@return	string					Amount with universal numeric format (Example: '99.99999').
+ *									If conversion fails, it return text unchanged if $rounding = '' or '0' if $rounding is defined.
+ *									If amount is null or '', it returns '' if $rounding = '' or '0' if $rounding is defined..
  *
  *	@see    price()					Opposite function of price2num
  */
diff --git a/htdocs/install/check.php b/htdocs/install/check.php
index c4d580bf99f..1e248071135 100644
--- a/htdocs/install/check.php
+++ b/htdocs/install/check.php
@@ -35,7 +35,7 @@ $allowinstall = 0;
 $allowupgrade = false;
 $checksok = 1;
 
-$setuplang=GETPOST("selectlang", 'az09', 3)?GETPOST("selectlang", 'az09', 3):$langs->getDefaultLang();
+$setuplang=GETPOST("selectlang", 'aZ09', 3)?GETPOST("selectlang", 'aZ09', 3):$langs->getDefaultLang();
 $langs->setDefaultLang($setuplang);
 
 $langs->load("install");
diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php
index d34d43384d0..95ad4d2d563 100644
--- a/htdocs/install/repair.php
+++ b/htdocs/install/repair.php
@@ -42,7 +42,7 @@ error_reporting(0);
 @set_time_limit(120);
 error_reporting($err);
 
-$setuplang=GETPOST("selectlang", 'az09', 3)?GETPOST("selectlang", 'az09', 3):'auto';
+$setuplang=GETPOST("selectlang", 'aZ09', 3)?GETPOST("selectlang", 'aZ09', 3):'auto';
 $langs->setDefaultLang($setuplang);
 
 $langs->loadLangs(array("admin","install","other"));
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 014ca843236..40b2352734d 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -965,7 +965,7 @@ if (! defined('NOLOGIN'))
 }
 
 
-dol_syslog("--- Access to ".$_SERVER["PHP_SELF"].' - action='.GETPOST('action', 'az09').', massaction='.GETPOST('massaction', 'az09'));
+dol_syslog("--- Access to ".$_SERVER["PHP_SELF"].' - action='.GETPOST('action', 'aZ09').', massaction='.GETPOST('massaction', 'aZ09'));
 //Another call for easy debugg
 //dol_syslog("Access to ".$_SERVER["PHP_SELF"].' GET='.join(',',array_keys($_GET)).'->'.join(',',$_GET).' POST:'.join(',',array_keys($_POST)).'->'.join(',',$_POST));
 

From 5838fa1229f648f38ace8966a0d13ac21abee319 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 24 Sep 2019 14:20:45 +0200
Subject: [PATCH 29/30] Fix az09 -> aZ09

---
 htdocs/categories/viewcat.php                    |  2 +-
 htdocs/comm/action/index.php                     |  2 +-
 htdocs/fourn/class/fournisseur.product.class.php | 11 ++++++++---
 htdocs/public/ticket/create_ticket.php           |  6 +++---
 htdocs/ticket/card.php                           |  6 +++---
 htdocs/website/index.php                         |  8 ++++----
 6 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/htdocs/categories/viewcat.php b/htdocs/categories/viewcat.php
index 67ef7905235..787e158670f 100644
--- a/htdocs/categories/viewcat.php
+++ b/htdocs/categories/viewcat.php
@@ -36,7 +36,7 @@ $langs->load("categories");
 
 $id         = GETPOST('id', 'int');
 $label      = GETPOST('label', 'alpha');
-$type       = GETPOST('type', 'az09');
+$type       = GETPOST('type', 'aZ09');
 $removeelem = GETPOST('removeelem', 'int');
 $elemid     = GETPOST('elemid', 'int');
 
diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php
index d42b1b7d134..a2328dd9ca4 100644
--- a/htdocs/comm/action/index.php
+++ b/htdocs/comm/action/index.php
@@ -87,7 +87,7 @@ $week=GETPOST("week", "int")?GETPOST("week", "int"):date("W");
 $day=GETPOST("day", "int")?GETPOST("day", "int"):date("d");
 $pid=GETPOST("search_projectid", "int", 3)?GETPOST("search_projectid", "int", 3):GETPOST("projectid", "int", 3);
 $status=GETPOST("search_status", 'aZ09')?GETPOST("search_status", 'aZ09'):GETPOST("status", 'aZ09');		// status may be 0, 50, 100, 'todo'
-$type=GETPOST("search_type", 'az09')?GETPOST("search_type", 'az09'):GETPOST("type", 'az09');
+$type=GETPOST("search_type", 'aZ09')?GETPOST("search_type", 'aZ09'):GETPOST("type", 'aZ09');
 $maxprint=(isset($_GET["maxprint"])?GETPOST("maxprint"):$conf->global->AGENDA_MAX_EVENTS_DAY_VIEW);
 // Set actioncode (this code must be same for setting actioncode into peruser, listacton and index)
 if (GETPOST('search_actioncode', 'array'))
diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php
index 6847af5edf1..10233924d4a 100644
--- a/htdocs/fourn/class/fournisseur.product.class.php
+++ b/htdocs/fourn/class/fournisseur.product.class.php
@@ -273,10 +273,9 @@ class ProductFournisseur extends Product
         $buyprice=price2num($buyprice, 'MU');
 		$charges=price2num($charges, 'MU');
         $qty=price2num($qty);
- 		$error=0;
-
 		$unitBuyPrice = price2num($buyprice/$qty, 'MU');
 
+		$error=0;
 		$now=dol_now();
 
 		$newvat = $tva_tx;
@@ -298,6 +297,12 @@ class ProductFournisseur extends Product
 		if (empty($localtax1)) $localtax1=0;	// If = '' then = 0
 		if (empty($localtax2)) $localtax2=0;	// If = '' then = 0
 
+		// Check parameters
+		if ($buyprice != '' && ! is_numeric($buyprice))
+		{
+
+		}
+
         $this->db->begin();
 
         if ($this->product_fourn_price_id > 0)
@@ -331,7 +336,7 @@ class ProductFournisseur extends Product
 			$sql.= " SET fk_user = " . $user->id." ,";
             $sql.= " ref_fourn = '" . $this->db->escape($ref_fourn) . "',";
             $sql.= " desc_fourn = '" . $this->db->escape($desc_fourn) . "',";
-			$sql.= " price = ".price2num($buyprice).",";
+			$sql.= " price = ".$buyprice.",";
 			$sql.= " quantity = ".$qty.",";
 			$sql.= " remise_percent = ".$remise_percent.",";
 			$sql.= " remise = ".$remise.",";
diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php
index b7d17244c2a..b2434e7d826 100644
--- a/htdocs/public/ticket/create_ticket.php
+++ b/htdocs/public/ticket/create_ticket.php
@@ -138,9 +138,9 @@ if ($action == 'create_ticket' && GETPOST('add', 'alpha')) {
         $object->message = GETPOST("message", "none");
         $object->origin_email = $origin_email;
 
-        $object->type_code = GETPOST("type_code", 'az09');
-        $object->category_code = GETPOST("category_code", 'az09');
-        $object->severity_code = GETPOST("severity_code", 'az09');
+        $object->type_code = GETPOST("type_code", 'aZ09');
+        $object->category_code = GETPOST("category_code", 'aZ09');
+        $object->severity_code = GETPOST("severity_code", 'aZ09');
         if (is_array($searched_companies)) {
             $object->fk_soc = $searched_companies[0]->id;
         }
diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php
index b770e2fec40..2c52ec513ff 100644
--- a/htdocs/ticket/card.php
+++ b/htdocs/ticket/card.php
@@ -570,9 +570,9 @@ if ($action == "change_property" && GETPOST('btn_update_ticket_prop', 'alpha') &
 {
 	$object->fetch(GETPOST('id', 'int'), '', GETPOST('track_id', 'alpha'));
 
-	$object->type_code = GETPOST('update_value_type', 'az09');
-	$object->severity_code = GETPOST('update_value_severity', 'az09');
-	$object->category_code = GETPOST('update_value_category', 'az09');
+	$object->type_code = GETPOST('update_value_type', 'aZ09');
+	$object->severity_code = GETPOST('update_value_severity', 'aZ09');
+	$object->category_code = GETPOST('update_value_category', 'aZ09');
 
 	$ret = $object->update($user);
 	if ($ret > 0) {
diff --git a/htdocs/website/index.php b/htdocs/website/index.php
index 6394428bd42..db5ecd2ca7a 100644
--- a/htdocs/website/index.php
+++ b/htdocs/website/index.php
@@ -2237,7 +2237,7 @@ if (! GETPOST('hide_websitemenu'))
 				$formquestion = array(
 					array('type' => 'checkbox', 'name' => 'delete_also_js', 'label' => $langs->trans("DeleteAlsoJs"), 'value' => 0),
 					array('type' => 'checkbox', 'name' => 'delete_also_medias', 'label' => $langs->trans("DeleteAlsoMedias"), 'value' => 0),
-					//array('type' => 'other','name' => 'newlang','label' => $langs->trans("Language"), 'value' => $formadmin->select_language(GETPOST('newlang', 'az09')?GETPOST('newlang', 'az09'):$langs->defaultlang, 'newlang', 0, null, '', 0, 0, 'minwidth200')),
+					//array('type' => 'other','name' => 'newlang','label' => $langs->trans("Language"), 'value' => $formadmin->select_language(GETPOST('newlang', 'aZ09')?GETPOST('newlang', 'aZ09'):$langs->defaultlang, 'newlang', 0, null, '', 0, 0, 'minwidth200')),
 					//array('type' => 'other','name' => 'newwebsite','label' => $langs->trans("WebSite"), 'value' => $formwebsite->selectWebsite($object->id, 'newwebsite', 0))
 				);
 
@@ -2252,7 +2252,7 @@ if (! GETPOST('hide_websitemenu'))
 				$formquestion = array(
 				array('type' => 'text', 'name' => 'siteref', 'label'=> $langs->trans("WebSite")  ,'value'=> 'copy_of_'.$object->ref),
 				//array('type' => 'checkbox', 'name' => 'is_a_translation', 'label' => $langs->trans("SiteIsANewTranslation"), 'value' => 0),
-				//array('type' => 'other','name' => 'newlang','label' => $langs->trans("Language"), 'value' => $formadmin->select_language(GETPOST('newlang', 'az09')?GETPOST('newlang', 'az09'):$langs->defaultlang, 'newlang', 0, null, '', 0, 0, 'minwidth200')),
+				//array('type' => 'other','name' => 'newlang','label' => $langs->trans("Language"), 'value' => $formadmin->select_language(GETPOST('newlang', 'aZ09')?GETPOST('newlang', 'aZ09'):$langs->defaultlang, 'newlang', 0, null, '', 0, 0, 'minwidth200')),
 				//array('type' => 'other','name' => 'newwebsite','label' => $langs->trans("WebSite"), 'value' => $formwebsite->selectWebsite($object->id, 'newwebsite', 0))
 				);
 
@@ -2266,7 +2266,7 @@ if (! GETPOST('hide_websitemenu'))
 				// Confirmation to clone
 				if ($action == 'createpagefromclone') {
 					// Create an array for form
-					$preselectedlanguage = GETPOST('newlang', 'az09') ? GETPOST('newlang', 'az09') : ($objectpage->lang ? $objectpage->lang : $langs->defaultlang);
+					$preselectedlanguage = GETPOST('newlang', 'aZ09') ? GETPOST('newlang', 'aZ09') : ($objectpage->lang ? $objectpage->lang : $langs->defaultlang);
 					$formquestion = array(
 						array('type' => 'hidden', 'name' => 'sourcepageurl', 'value'=> $objectpage->pageurl),
 						array('type' => 'checkbox', 'tdclass'=>'maxwidth200', 'name' => 'is_a_translation', 'label' => $langs->trans("PageIsANewTranslation"), 'value' => 0),
@@ -3319,7 +3319,7 @@ if ($action == 'replacesite' || $action == 'replacesiteconfirm')
 					print '<tr>';
 					print '<td>'.$answerrecord['type'].'</td>';
 					print '<td>';
-					$backtopageurl = $_SERVER["PHP_SELF"].'?action=replacesiteconfirm&searchstring='.urlencode($searchkey).'&optioncontent='.GETPOST('optioncontent', 'az09').'&optionmeta='.GETPOST('optionmeta', 'az09').'&optionsitefiles='.GETPOST('optionsitefiles', 'az09');
+					$backtopageurl = $_SERVER["PHP_SELF"].'?action=replacesiteconfirm&searchstring='.urlencode($searchkey).'&optioncontent='.GETPOST('optioncontent', 'aZ09').'&optionmeta='.GETPOST('optionmeta', 'aZ09').'&optionsitefiles='.GETPOST('optionsitefiles', 'aZ09');
 					print '<a href="'.$_SERVER["PHP_SELF"].'?action=editcss&website='.$website->ref.'&backtopage='.urlencode($backtopageurl).'">'.$langs->trans("EditCss").'</a>';
 					print '</td>';
 					print '<td class="tdoverflow100">';

From b3c49f2ec83a2bb0608cec4afe5b60f41452b99c Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 24 Sep 2019 16:26:15 +0200
Subject: [PATCH 30/30] End of dev for extrafields on holiday

---
 htdocs/core/class/extrafields.class.php       |   22 +-
 .../tpl/extrafields_list_search_input.tpl.php |   16 +-
 .../tpl/extrafields_list_search_sql.tpl.php   |   10 +-
 htdocs/expensereport/list.php                 |   13 +-
 htdocs/holiday/card.php                       | 1470 +++++++++--------
 htdocs/holiday/class/holiday.class.php        |    2 +
 htdocs/holiday/list.php                       |  991 +++++------
 7 files changed, 1321 insertions(+), 1203 deletions(-)

diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php
index 0a9f98b4afd..5f26365c2a8 100644
--- a/htdocs/core/class/extrafields.class.php
+++ b/htdocs/core/class/extrafields.class.php
@@ -959,9 +959,10 @@ class ExtraFields
 	 * @param  string  $morecss        			More css (to defined size of field. Old behaviour: may also be a numeric)
 	 * @param  int     $objectid       			Current object id
 	 * @param  string  $extrafieldsobjectkey	If defined (for example $object->table_element), use the new method to get extrafields data
+	 * @param  string  $mode                    1=Used for search filters
 	 * @return string
 	 */
-	public function showInputField($key, $value, $moreparam = '', $keysuffix = '', $keyprefix = '', $morecss = '', $objectid = 0, $extrafieldsobjectkey = '')
+	public function showInputField($key, $value, $moreparam = '', $keysuffix = '', $keyprefix = '', $morecss = '', $objectid = 0, $extrafieldsobjectkey = '', $mode = 0)
 	{
 		global $conf,$langs,$form;
 
@@ -1116,13 +1117,20 @@ class ExtraFields
 		}
 		elseif ($type == 'boolean')
 		{
-			$checked='';
-			if (!empty($value)) {
-				$checked=' checked value="1" ';
-			} else {
-				$checked=' value="1" ';
+			if (empty($mode))
+			{
+				$checked='';
+				if (!empty($value)) {
+					$checked=' checked value="1" ';
+				} else {
+					$checked=' value="1" ';
+				}
+				$out='<input type="checkbox" class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" '.$checked.' '.($moreparam?$moreparam:'').'>';
+			}
+			else
+			{
+				$out.=$form->selectyesno($keyprefix.$key.$keysuffix, $value, 1, false, 1);
 			}
-			$out='<input type="checkbox" class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" '.$checked.' '.($moreparam?$moreparam:'').'>';
 		}
 		elseif ($type == 'price')
 		{
diff --git a/htdocs/core/tpl/extrafields_list_search_input.tpl.php b/htdocs/core/tpl/extrafields_list_search_input.tpl.php
index b4a98946f94..0b9a048f28a 100644
--- a/htdocs/core/tpl/extrafields_list_search_input.tpl.php
+++ b/htdocs/core/tpl/extrafields_list_search_input.tpl.php
@@ -22,28 +22,28 @@ if (! empty($extrafieldsobjectkey))	// $extrafieldsobject is the $object->table_
 			if (! empty($arrayfields[$extrafieldsobjectprefix.$key]['checked'])) {
 				$align=$extrafields->getAlignFlag($key);
 				$typeofextrafield=$extrafields->attributes[$extrafieldsobjectkey]['type'][$key];
+
 				print '<td class="liste_titre'.($align?' '.$align:'').'">';
 				$tmpkey=preg_replace('/'.$search_options_pattern.'/', '', $key);
 				if (in_array($typeofextrafield, array('varchar', 'int', 'double', 'select')) && empty($extrafields->attributes[$extrafieldsobjectkey]['computed'][$key]))
 				{
-					$crit=$val;
 					$searchclass='';
 					if (in_array($typeofextrafield, array('varchar', 'select'))) $searchclass='searchstring';
 					if (in_array($typeofextrafield, array('int', 'double'))) $searchclass='searchnum';
 					print '<input class="flat'.($searchclass?' '.$searchclass:'').'" size="4" type="text" name="'.$search_options_pattern.$tmpkey.'" value="'.dol_escape_htmltag($search_array_options[$search_options_pattern.$tmpkey]).'">';
 				}
-				elseif (! in_array($typeofextrafield, array('datetime','timestamp')))
-				{
-					// for the type as 'checkbox', 'chkbxlst', 'sellist' we should use code instead of id (example: I declare a 'chkbxlst' to have a link with dictionnairy, I have to extend it with the 'code' instead 'rowid')
-					$morecss='';
-					if ($typeofextrafield == 'sellist') $morecss='maxwidth200';
-					echo $extrafields->showInputField($key, $search_array_options[$search_options_pattern.$tmpkey], '', '', $search_options_pattern, $morecss);
-				}
 				elseif (in_array($typeofextrafield, array('datetime','timestamp')))
 				{
 					// TODO
 					// Use showInputField in a particular manner to have input with a comparison operator, not input for a specific value date-hour-minutes
 				}
+				else
+				{
+					// for the type as 'checkbox', 'chkbxlst', 'sellist' we should use code instead of id (example: I declare a 'chkbxlst' to have a link with dictionnairy, I have to extend it with the 'code' instead 'rowid')
+					$morecss='';
+					if ($typeofextrafield == 'sellist') $morecss='maxwidth200';
+					echo $extrafields->showInputField($key, $search_array_options[$search_options_pattern.$tmpkey], '', '', $search_options_pattern, $morecss, 0, $extrafieldsobjectkey, 1);
+				}
 				print '</td>';
 			}
 		}
diff --git a/htdocs/core/tpl/extrafields_list_search_sql.tpl.php b/htdocs/core/tpl/extrafields_list_search_sql.tpl.php
index c2c4934c832..29c67094975 100644
--- a/htdocs/core/tpl/extrafields_list_search_sql.tpl.php
+++ b/htdocs/core/tpl/extrafields_list_search_sql.tpl.php
@@ -25,10 +25,18 @@ if (! empty($extrafieldsobjectkey) && ! empty($search_array_options) && is_array
 		{
 			$sql .= " AND ".$extrafieldsobjectprefix.$tmpkey." = '".$db->idate($crit)."'";
 		}
+		elseif (in_array($typ, array('boolean')))
+		{
+			if ($crit !== '-1' && $crit !== '') {
+				$sql .= " AND (".$extrafieldsobjectprefix.$tmpkey." = '".$db->escape($crit)."'";
+				if ($crit == '0') $sql.=" OR ".$extrafieldsobjectprefix.$tmpkey." IS NULL";
+				$sql.= ")";
+			}
+		}
 		elseif ($crit != '' && (! in_array($typ, array('select','sellist')) || $crit != '0') && (! in_array($typ, array('link')) || $crit != '-1'))
 		{
 			$mode_search=0;
-			if (in_array($typ, array('int','double','real'))) $mode_search=1;								// Search on a numeric
+			if (in_array($typ, array('int','double','real'))) $mode_search=1;						// Search on a numeric
 			if (in_array($typ, array('sellist','link')) && $crit != '0' && $crit != '-1') $mode_search=2;	// Search on a foreign key int
 			if (in_array($typ, array('chkbxlst','checkbox'))) $mode_search=4;	                            // Search on a multiselect field with sql type = text
 			if (is_array($crit)) $crit = implode(' ', $crit); // natural_search() expects a string
diff --git a/htdocs/expensereport/list.php b/htdocs/expensereport/list.php
index b51ae3d05f5..fd53e8af1d1 100644
--- a/htdocs/expensereport/list.php
+++ b/htdocs/expensereport/list.php
@@ -168,7 +168,7 @@ if (empty($reshook))
 	include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php';
 
 	// Purge search criteria
-	if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha'))		// Both test must be present to be compatible with all browsers
+	if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) // All tests are required to be compatible with all browsers
 	{
 	    $search_ref="";
 	    $search_user="";
@@ -259,9 +259,9 @@ $title = $langs->trans("ListOfTrips");
 llxHeader('', $title);
 
 $max_year = 5;
-$min_year = 5;
+$min_year = 10;
 
-// Récupération de l'ID de l'utilisateur
+// Get current user id
 $user_id = $user->id;
 
 if ($id > 0)
@@ -803,10 +803,9 @@ if ($resql)
 	}
 	else
 	{
-	    $colspan=1;
-        foreach($arrayfields as $key => $val) { if (! empty($val['checked'])) $colspan++; }
-
-        print '<tr>'.'<td colspan="'.$colspan.'" class="opacitymedium">'.$langs->trans("NoRecordFound").'</td></tr>';
+		$colspan=1;
+		foreach($arrayfields as $key => $val) { if (! empty($val['checked'])) $colspan++; }
+		print '<tr><td colspan="'.$colspan.'" class="opacitymedium">'.$langs->trans("NoRecordFound").'</td></tr>';
 	}
 
 	// Show total line
diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php
index 2f0b9be9954..bc9c10045a8 100644
--- a/htdocs/holiday/card.php
+++ b/htdocs/holiday/card.php
@@ -37,9 +37,13 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/holiday.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/holiday/common.inc.php';
+require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php';
 
 // Get parameters
-$action=GETPOST('action', 'alpha');
+$action=GETPOST('action', 'aZ09');
+$cancel=GETPOST('cancel', 'alpha');
+$confirm = GETPOST('confirm', 'alpha');
+
 $id=GETPOST('id', 'int');
 $ref=GETPOST('ref', 'alpha');
 $fuserid = (GETPOST('fuserid', 'int')?GETPOST('fuserid', 'int'):$user->id);
@@ -48,10 +52,10 @@ $fuserid = (GETPOST('fuserid', 'int')?GETPOST('fuserid', 'int'):$user->id);
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'holiday', $id, 'holiday');
 
-$now=dol_now();
-
 // Load translation files required by the page
-$langs->load("holiday");
+$langs->loadLangs(array("holiday","mails"));
+
+$now=dol_now();
 
 $childids = $user->getAllChildIds(1);
 
@@ -61,6 +65,11 @@ if (! empty($conf->global->HOLIDAY_FOR_NON_SALARIES_TOO)) $morefilter = '';
 $error = 0;
 
 $object = new Holiday($db);
+$extrafields = new ExtraFields($db);
+
+// fetch optionals attributes and labels
+$extralabels = $extrafields->fetch_name_optionals_label($object->table_element);
+
 if ($id > 0)
 {
     $object->fetch($id);
@@ -83,745 +92,798 @@ $candelete = 0;
 if (! empty($user->rights->holiday->delete)) $candelete=1;
 if ($object->statut == Holiday::STATUS_DRAFT && $user->rights->holiday->write && in_array($object->fk_user, $childids)) $candelete=1;
 
+
 /*
  * Actions
  */
 
-if (GETPOST('cancel', 'alpha'))
-{
-    $action = '';
-}
+$parameters = array('socid' => $socid);
+$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
+if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
 
-// If create a request
-if ($action == 'create')
+if (empty($reshook))
 {
 
-    // If no right to create a request
-    if (! $cancreate)
-    {
-    	$error++;
-    	setEventMessages($langs->trans('CantCreateCP'), null, 'errors');
-    	$action='request';
-    }
+	if ($cancel)
+	{
+		if (! empty($backtopage))
+		{
+			header("Location: ".$backtopage);
+			exit;
+		}
+	    $action = '';
+	}
 
-    if (! $error)
-    {
-        $object = new Holiday($db);
+	// If create a request
+	if ($action == 'create')
+	{
 
-    	$db->begin();
-
-	    $date_debut = dol_mktime(0, 0, 0, GETPOST('date_debut_month'), GETPOST('date_debut_day'), GETPOST('date_debut_year'));
-	    $date_fin = dol_mktime(0, 0, 0, GETPOST('date_fin_month'), GETPOST('date_fin_day'), GETPOST('date_fin_year'));
-	    $date_debut_gmt = dol_mktime(0, 0, 0, GETPOST('date_debut_month'), GETPOST('date_debut_day'), GETPOST('date_debut_year'), 1);
-	    $date_fin_gmt = dol_mktime(0, 0, 0, GETPOST('date_fin_month'), GETPOST('date_fin_day'), GETPOST('date_fin_year'), 1);
-	    $starthalfday=GETPOST('starthalfday');
-	    $endhalfday=GETPOST('endhalfday');
-	    $type=GETPOST('type');
-	    $halfday=0;
-	    if ($starthalfday == 'afternoon' && $endhalfday == 'morning') $halfday=2;
-	    elseif ($starthalfday == 'afternoon') $halfday=-1;
-	    elseif ($endhalfday == 'morning') $halfday=1;
-
-	    $valideur = GETPOST('valideur', 'int');
-	    $description = trim(GETPOST('description'));
-
-    	// If no type
-	    if ($type <= 0)
+	    // If no right to create a request
+	    if (! $cancreate)
 	    {
-	        setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Type")), null, 'errors');
-	        $error++;
-	        $action='create';
+	    	$error++;
+	    	setEventMessages($langs->trans('CantCreateCP'), null, 'errors');
+	    	$action='request';
 	    }
 
-	    // If no start date
-	    if (empty($date_debut))
-	    {
-	        setEventMessages($langs->trans("NoDateDebut"), null, 'errors');
-	        $error++;
-	        $action='create';
-	    }
-	    // If no end date
-	    if (empty($date_fin))
-	    {
-	        setEventMessages($langs->trans("NoDateFin"), null, 'errors');
-	        $error++;
-	        $action='create';
-	    }
-	    // If start date after end date
-	    if ($date_debut > $date_fin)
-	    {
-	        setEventMessages($langs->trans("ErrorEndDateCP"), null, 'errors');
-	        $error++;
-	        $action='create';
-	    }
-
-	    // Check if there is already holiday for this period
-	    $verifCP = $object->verifDateHolidayCP($fuserid, $date_debut, $date_fin, $halfday);
-	    if (! $verifCP)
-	    {
-	        setEventMessages($langs->trans("alreadyCPexist"), null, 'errors');
-	        $error++;
-	        $action='create';
-	    }
-
-	    // If there is no Business Days within request
-	    $nbopenedday=num_open_day($date_debut_gmt, $date_fin_gmt, 0, 1, $halfday);
-	    if($nbopenedday < 0.5)
-	    {
-	        setEventMessages($langs->trans("ErrorDureeCP"), null, 'errors');
-	        $error++;
-	        $action='create';
-	    }
-
-	    // If no validator designated
-	    if ($valideur < 1)
-	    {
-	        setEventMessages($langs->transnoentitiesnoconv('InvalidValidatorCP'), null, 'errors');
-	        $error++;
-	    }
-
-	    $result = 0;
-
 	    if (! $error)
 	    {
-    	    $object->fk_user = $fuserid;
-    	    $object->description = $description;
-    	    $object->fk_validator = $valideur;
-    		$object->fk_type = $type;
-    		$object->date_debut = $date_debut;
-    		$object->date_fin = $date_fin;
-    		$object->halfday = $halfday;
+	        $object = new Holiday($db);
 
-    		$result = $object->create($user);
-    		if ($result <= 0)
-    		{
-    			setEventMessages($object->error, $object->errors, 'errors');
-    			$error++;
-    		}
+	    	$db->begin();
+
+		    $date_debut = dol_mktime(0, 0, 0, GETPOST('date_debut_month'), GETPOST('date_debut_day'), GETPOST('date_debut_year'));
+		    $date_fin = dol_mktime(0, 0, 0, GETPOST('date_fin_month'), GETPOST('date_fin_day'), GETPOST('date_fin_year'));
+		    $date_debut_gmt = dol_mktime(0, 0, 0, GETPOST('date_debut_month'), GETPOST('date_debut_day'), GETPOST('date_debut_year'), 1);
+		    $date_fin_gmt = dol_mktime(0, 0, 0, GETPOST('date_fin_month'), GETPOST('date_fin_day'), GETPOST('date_fin_year'), 1);
+		    $starthalfday=GETPOST('starthalfday');
+		    $endhalfday=GETPOST('endhalfday');
+		    $type=GETPOST('type');
+		    $halfday=0;
+		    if ($starthalfday == 'afternoon' && $endhalfday == 'morning') $halfday=2;
+		    elseif ($starthalfday == 'afternoon') $halfday=-1;
+		    elseif ($endhalfday == 'morning') $halfday=1;
+
+		    $valideur = GETPOST('valideur', 'int');
+		    $description = trim(GETPOST('description'));
+
+	    	// If no type
+		    if ($type <= 0)
+		    {
+		        setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Type")), null, 'errors');
+		        $error++;
+		        $action='create';
+		    }
+
+		    // If no start date
+		    if (empty($date_debut))
+		    {
+		        setEventMessages($langs->trans("NoDateDebut"), null, 'errors');
+		        $error++;
+		        $action='create';
+		    }
+		    // If no end date
+		    if (empty($date_fin))
+		    {
+		        setEventMessages($langs->trans("NoDateFin"), null, 'errors');
+		        $error++;
+		        $action='create';
+		    }
+		    // If start date after end date
+		    if ($date_debut > $date_fin)
+		    {
+		        setEventMessages($langs->trans("ErrorEndDateCP"), null, 'errors');
+		        $error++;
+		        $action='create';
+		    }
+
+		    // Check if there is already holiday for this period
+		    $verifCP = $object->verifDateHolidayCP($fuserid, $date_debut, $date_fin, $halfday);
+		    if (! $verifCP)
+		    {
+		        setEventMessages($langs->trans("alreadyCPexist"), null, 'errors');
+		        $error++;
+		        $action='create';
+		    }
+
+		    // If there is no Business Days within request
+		    $nbopenedday=num_open_day($date_debut_gmt, $date_fin_gmt, 0, 1, $halfday);
+		    if($nbopenedday < 0.5)
+		    {
+		        setEventMessages($langs->trans("ErrorDureeCP"), null, 'errors');
+		        $error++;
+		        $action='create';
+		    }
+
+		    // If no validator designated
+		    if ($valideur < 1)
+		    {
+		        setEventMessages($langs->transnoentitiesnoconv('InvalidValidatorCP'), null, 'errors');
+		        $error++;
+		    }
+
+		    $result = 0;
+
+		    if (! $error)
+		    {
+	    	    $object->fk_user = $fuserid;
+	    	    $object->description = $description;
+	    	    $object->fk_validator = $valideur;
+	    		$object->fk_type = $type;
+	    		$object->date_debut = $date_debut;
+	    		$object->date_fin = $date_fin;
+	    		$object->halfday = $halfday;
+
+	    		$result = $object->create($user);
+	    		if ($result <= 0)
+	    		{
+	    			setEventMessages($object->error, $object->errors, 'errors');
+	    			$error++;
+	    		}
+		    }
+
+		    // If no SQL error we redirect to the request card
+		    if (! $error)
+		    {
+				$db->commit();
+
+		    	header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
+		        exit;
+		    }
+		    else
+			{
+		    	$db->rollback();
+		    }
+	    }
+	}
+
+	if ($action == 'update' && GETPOSTISSET('savevalidator') && ! empty($user->rights->holiday->approve))
+	{
+	    $object->fetch($id);
+
+	    $object->oldcopy = dol_clone($object);
+
+	    $object->fk_validator = GETPOST('valideur', 'int');
+
+	    if ($object->fk_validator != $object->oldcopy->fk_validator)
+	    {
+	        $verif = $object->update($user);
+
+	        if ($verif <= 0)
+	        {
+	            setEventMessages($object->error, $object->errors, 'warnings');
+	            $action='editvalidator';
+	        }
+	        else
+	        {
+	            header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
+	            exit;
+	        }
 	    }
 
-	    // If no SQL error we redirect to the request card
-	    if (! $error)
-	    {
-			$db->commit();
+	    $action = '';
+	}
 
-	    	header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
+	if ($action == 'update' && ! GETPOSTISSET('savevalidator'))
+	{
+		$date_debut = dol_mktime(0, 0, 0, GETPOST('date_debut_month'), GETPOST('date_debut_day'), GETPOST('date_debut_year'));
+		$date_fin = dol_mktime(0, 0, 0, GETPOST('date_fin_month'), GETPOST('date_fin_day'), GETPOST('date_fin_year'));
+		$date_debut_gmt = dol_mktime(0, 0, 0, GETPOST('date_debut_month'), GETPOST('date_debut_day'), GETPOST('date_debut_year'), 1);
+		$date_fin_gmt = dol_mktime(0, 0, 0, GETPOST('date_fin_month'), GETPOST('date_fin_day'), GETPOST('date_fin_year'), 1);
+		$starthalfday=GETPOST('starthalfday');
+		$endhalfday=GETPOST('endhalfday');
+		$halfday=0;
+		if ($starthalfday == 'afternoon' && $endhalfday == 'morning') $halfday=2;
+		elseif ($starthalfday == 'afternoon') $halfday=-1;
+		elseif ($endhalfday == 'morning') $halfday=1;
+
+	    // If no right to modify a request
+	    if (! $user->rights->holiday->write)
+	    {
+	        header('Location: '.$_SERVER["PHP_SELF"].'?action=request&error=CantUpdate');
 	        exit;
 	    }
-	    else
-		{
-	    	$db->rollback();
+
+	    $object->fetch($id);
+
+		// If under validation
+	    if ($object->statut == Holiday::STATUS_DRAFT)
+	    {
+	        // If this is the requestor or has read/write rights
+	        if ($cancreate)
+	        {
+	            $valideur = GETPOST('valideur', 'int');
+	            $description = trim(GETPOST('description', 'none'));
+
+	            // If no start date
+	            if (empty($_POST['date_debut_'])) {
+	                header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit&error=nodatedebut');
+	                exit;
+	            }
+
+	            // If no end date
+	            if (empty($_POST['date_fin_'])) {
+	                header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit&error=nodatefin');
+	                exit;
+	            }
+
+	            // If start date after end date
+	            if ($date_debut > $date_fin) {
+	                header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit&error=datefin');
+	                exit;
+	            }
+
+	            // If no validator designated
+	            if ($valideur < 1) {
+	                header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit&error=Valideur');
+	                exit;
+	            }
+
+	            // If there is no Business Days within request
+	            $nbopenedday=num_open_day($date_debut_gmt, $date_fin_gmt, 0, 1, $halfday);
+	            if ($nbopenedday < 0.5)
+	            {
+	                header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit&error=DureeHoliday');
+	                exit;
+	            }
+
+	            $object->description = $description;
+	            $object->date_debut = $date_debut;
+	            $object->date_fin = $date_fin;
+	            $object->fk_validator = $valideur;
+				$object->halfday = $halfday;
+
+				// Update
+				$verif = $object->update($user);
+
+				if ($verif <= 0)
+				{
+					setEventMessages($object->error, $object->errors, 'warnings');
+					$action='edit';
+				}
+				else
+				{
+					header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
+					exit;
+				}
+	        }
+	        else
+	        {
+	        	setEventMessages($langs->trans("NotEnoughPermissions"), null, 'errors');
+	        	$action='';
+	        }
 	    }
-    }
-}
+	    else
+	    {
+	    	setEventMessages($langs->trans("ErrorBadStatus"), null, 'errors');
+	    	$action='';
+	    }
+	}
 
-if ($action == 'update' && GETPOSTISSET('savevalidator') && ! empty($user->rights->holiday->approve))
-{
-    $object->fetch($id);
+	// If delete of request
+	if ($action == 'confirm_delete' && GETPOST('confirm') == 'yes' && $user->rights->holiday->delete)
+	{
+		$error=0;
 
-    $object->oldcopy = dol_clone($object);
+		$db->begin();
 
-    $object->fk_validator = GETPOST('valideur', 'int');
+		$object->fetch($id);
 
-    if ($object->fk_validator != $object->oldcopy->fk_validator)
-    {
-        $verif = $object->update($user);
-
-        if ($verif <= 0)
-        {
-            setEventMessages($object->error, $object->errors, 'warnings');
-            $action='editvalidator';
-        }
-        else
-        {
-            header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
-            exit;
-        }
-    }
-
-    $action = '';
-}
-
-if ($action == 'update' && ! GETPOSTISSET('savevalidator'))
-{
-	$date_debut = dol_mktime(0, 0, 0, GETPOST('date_debut_month'), GETPOST('date_debut_day'), GETPOST('date_debut_year'));
-	$date_fin = dol_mktime(0, 0, 0, GETPOST('date_fin_month'), GETPOST('date_fin_day'), GETPOST('date_fin_year'));
-	$date_debut_gmt = dol_mktime(0, 0, 0, GETPOST('date_debut_month'), GETPOST('date_debut_day'), GETPOST('date_debut_year'), 1);
-	$date_fin_gmt = dol_mktime(0, 0, 0, GETPOST('date_fin_month'), GETPOST('date_fin_day'), GETPOST('date_fin_year'), 1);
-	$starthalfday=GETPOST('starthalfday');
-	$endhalfday=GETPOST('endhalfday');
-	$halfday=0;
-	if ($starthalfday == 'afternoon' && $endhalfday == 'morning') $halfday=2;
-	elseif ($starthalfday == 'afternoon') $halfday=-1;
-	elseif ($endhalfday == 'morning') $halfday=1;
-
-    // If no right to modify a request
-    if (! $user->rights->holiday->write)
-    {
-        header('Location: '.$_SERVER["PHP_SELF"].'?action=request&error=CantUpdate');
-        exit;
-    }
-
-    $object->fetch($id);
-
-	// If under validation
-    if ($object->statut == Holiday::STATUS_DRAFT)
-    {
-        // If this is the requestor or has read/write rights
-        if ($cancreate)
-        {
-            $valideur = GETPOST('valideur', 'int');
-            $description = trim(GETPOST('description', 'none'));
-
-            // If no start date
-            if (empty($_POST['date_debut_'])) {
-                header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit&error=nodatedebut');
-                exit;
-            }
-
-            // If no end date
-            if (empty($_POST['date_fin_'])) {
-                header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit&error=nodatefin');
-                exit;
-            }
-
-            // If start date after end date
-            if ($date_debut > $date_fin) {
-                header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit&error=datefin');
-                exit;
-            }
-
-            // If no validator designated
-            if ($valideur < 1) {
-                header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit&error=Valideur');
-                exit;
-            }
-
-            // If there is no Business Days within request
-            $nbopenedday=num_open_day($date_debut_gmt, $date_fin_gmt, 0, 1, $halfday);
-            if ($nbopenedday < 0.5)
-            {
-                header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit&error=DureeHoliday');
-                exit;
-            }
-
-            $object->description = $description;
-            $object->date_debut = $date_debut;
-            $object->date_fin = $date_fin;
-            $object->fk_validator = $valideur;
-			$object->halfday = $halfday;
-
-			// Update
-			$verif = $object->update($user);
-
-			if ($verif <= 0)
+	    // If this is a rough draft, approved, canceled or refused
+		if ($object->statut == Holiday::STATUS_DRAFT || $object->statut == Holiday::STATUS_CANCELED || $object->statut == Holiday::STATUS_REFUSED)
+		{
+			// Si l'utilisateur à le droit de lire cette demande, il peut la supprimer
+			if ($candelete)
 			{
-				setEventMessages($object->error, $object->errors, 'warnings');
-				$action='edit';
+				$result=$object->delete($user);
 			}
 			else
 			{
-				header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
-				exit;
+				$error++;
+				setEventMessages($langs->trans('ErrorCantDeleteCP'), null, 'errors');
+				$action='';
 			}
-        }
-        else
-        {
-        	setEventMessages($langs->trans("NotEnoughPermissions"), null, 'errors');
-        	$action='';
-        }
-    }
-    else
-    {
-    	setEventMessages($langs->trans("ErrorBadStatus"), null, 'errors');
-    	$action='';
-    }
-}
+		}
 
-// If delete of request
-if ($action == 'confirm_delete' && GETPOST('confirm') == 'yes' && $user->rights->holiday->delete)
-{
-	$error=0;
-
-	$db->begin();
-
-	$object->fetch($id);
-
-    // If this is a rough draft, approved, canceled or refused
-	if ($object->statut == Holiday::STATUS_DRAFT || $object->statut == Holiday::STATUS_CANCELED || $object->statut == Holiday::STATUS_REFUSED)
-	{
-		// Si l'utilisateur à le droit de lire cette demande, il peut la supprimer
-		if ($candelete)
+		if (! $error)
 		{
-			$result=$object->delete($user);
+			$db->commit();
+			header('Location: list.php?restore_lastsearch_values=1');
+			exit;
 		}
 		else
 		{
-			$error++;
-			setEventMessages($langs->trans('ErrorCantDeleteCP'), null, 'errors');
-			$action='';
+			$db->rollback();
 		}
 	}
 
-	if (! $error)
+	// Action validate (+ send email for approval)
+	if ($action == 'confirm_send')
 	{
-		$db->commit();
-		header('Location: list.php?restore_lastsearch_values=1');
-		exit;
+	    $object->fetch($id);
+
+	    // Si brouillon et créateur
+	    if ($object->statut == Holiday::STATUS_DRAFT && $cancreate)
+	    {
+	    	$object->oldcopy = dol_clone($object);
+
+	    	$object->statut = Holiday::STATUS_VALIDATED;
+
+	        $verif = $object->validate($user);
+
+	        // Si pas d'erreur SQL on redirige vers la fiche de la demande
+	        if ($verif > 0)
+	        {
+	            // To
+	            $destinataire = new User($db);
+	            $destinataire->fetch($object->fk_validator);
+	            $emailTo = $destinataire->email;
+
+	            if (!$emailTo)
+	            {
+	                dol_syslog("Expected validator has no email, so we redirect directly to finished page without sending email");
+	                header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
+	                exit;
+	            }
+
+	            // From
+	            $expediteur = new User($db);
+	            $expediteur->fetch($object->fk_user);
+	            $emailFrom = $expediteur->email;
+
+	            // Subject
+				$societeName = $conf->global->MAIN_INFO_SOCIETE_NOM;
+	            if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $societeName = $conf->global->MAIN_APPLICATION_TITLE;
+
+	            $subject = $societeName." - ".$langs->transnoentitiesnoconv("HolidaysToValidate");
+
+	            // Content
+	            $message = $langs->transnoentitiesnoconv("Hello")." ".$destinataire->firstname.",\n";
+	            $message.= "\n";
+	            $message.= $langs->transnoentities("HolidaysToValidateBody")."\n";
+
+	            $delayForRequest = $object->getConfCP('delayForRequest');
+	            //$delayForRequest = $delayForRequest * (60*60*24);
+
+	            $nextMonth = dol_time_plus_duree($now, $delayForRequest, 'd');
+
+	            // Si l'option pour avertir le valideur en cas de délai trop court
+	            if ($object->getConfCP('AlertValidatorDelay'))
+	            {
+	                if($object->date_debut < $nextMonth)
+	                {
+	                    $message.= "\n";
+	                    $message.= $langs->transnoentities("HolidaysToValidateDelay", $object->getConfCP('delayForRequest'))."\n";
+	                }
+	            }
+
+	            // Si l'option pour avertir le valideur en cas de solde inférieur à la demande
+	            if ($object->getConfCP('AlertValidatorSolde'))
+	            {
+	            	$nbopenedday=num_open_day($object->date_debut_gmt, $object->date_fin_gmt, 0, 1, $object->halfday);
+	                if ($nbopenedday > $object->getCPforUser($object->fk_user, $object->fk_type))
+	                {
+	                    $message.= "\n";
+	                    $message.= $langs->transnoentities("HolidaysToValidateAlertSolde")."\n";
+	                }
+	            }
+
+	            $message.= "\n";
+	            $message.= "- ".$langs->transnoentitiesnoconv("Name")." : ".dolGetFirstLastname($expediteur->firstname, $expediteur->lastname)."\n";
+	            $message.= "- ".$langs->transnoentitiesnoconv("Period")." : ".dol_print_date($object->date_debut, 'day')." ".$langs->transnoentitiesnoconv("To")." ".dol_print_date($object->date_fin, 'day')."\n";
+	            $message.= "- ".$langs->transnoentitiesnoconv("Link")." : ".$dolibarr_main_url_root."/holiday/card.php?id=".$object->id."\n\n";
+	            $message.= "\n";
+
+	            $trackid='leav'.$object->id;
+
+	            $mail = new CMailFile($subject, $emailTo, $emailFrom, $message, array(), array(), array(), '', '', 0, 0, '', '', $trackid);
+
+	            // Envoi du mail
+	            $result=$mail->sendfile();
+
+	            if (!$result)
+	            {
+	                setEventMessages($mail->error, $mail->errors, 'warnings');
+	                $action='';
+	            }
+	            else
+	            {
+	            	header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
+	            	exit;
+	            }
+	        }
+	        else
+	        {
+	        	setEventMessages($object->error, $object->errors, 'errors');
+	        	$action='';
+	        }
+	    }
 	}
-	else
+
+	if ($action == 'update_extras')
 	{
-		$db->rollback();
+		$object->oldcopy = dol_clone($object);
+
+		// Fill array 'array_options' with data from update form
+		$extralabels = $extrafields->fetch_name_optionals_label($object->table_element);
+		$ret = $extrafields->setOptionalsFromPost($extralabels, $object, GETPOST('attribute', 'none'));
+		if ($ret < 0) $error++;
+
+		if (! $error)
+		{
+			// Actions on extra fields
+			$result = $object->insertExtraFields('HOLIDAY_MODIFY');
+			if ($result < 0)
+			{
+				setEventMessages($object->error, $object->errors, 'errors');
+				$error++;
+			}
+		}
+
+		if ($error)
+			$action = 'edit_extras';
 	}
-}
-
-// Action validate (+ send email for approval)
-if ($action == 'confirm_send')
-{
-    $object->fetch($id);
-
-    // Si brouillon et créateur
-    if ($object->statut == Holiday::STATUS_DRAFT && $cancreate)
-    {
-    	$object->oldcopy = dol_clone($object);
-
-    	$object->statut = Holiday::STATUS_VALIDATED;
-
-        $verif = $object->validate($user);
-
-        // Si pas d'erreur SQL on redirige vers la fiche de la demande
-        if ($verif > 0)
-        {
-            // To
-            $destinataire = new User($db);
-            $destinataire->fetch($object->fk_validator);
-            $emailTo = $destinataire->email;
-
-            if (!$emailTo)
-            {
-                dol_syslog("Expected validator has no email, so we redirect directly to finished page without sending email");
-                header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
-                exit;
-            }
-
-            // From
-            $expediteur = new User($db);
-            $expediteur->fetch($object->fk_user);
-            $emailFrom = $expediteur->email;
-
-            // Subject
-			$societeName = $conf->global->MAIN_INFO_SOCIETE_NOM;
-            if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $societeName = $conf->global->MAIN_APPLICATION_TITLE;
-
-            $subject = $societeName." - ".$langs->transnoentitiesnoconv("HolidaysToValidate");
-
-            // Content
-            $message = $langs->transnoentitiesnoconv("Hello")." ".$destinataire->firstname.",\n";
-            $message.= "\n";
-            $message.= $langs->transnoentities("HolidaysToValidateBody")."\n";
-
-            $delayForRequest = $object->getConfCP('delayForRequest');
-            //$delayForRequest = $delayForRequest * (60*60*24);
-
-            $nextMonth = dol_time_plus_duree($now, $delayForRequest, 'd');
-
-            // Si l'option pour avertir le valideur en cas de délai trop court
-            if ($object->getConfCP('AlertValidatorDelay'))
-            {
-                if($object->date_debut < $nextMonth)
-                {
-                    $message.= "\n";
-                    $message.= $langs->transnoentities("HolidaysToValidateDelay", $object->getConfCP('delayForRequest'))."\n";
-                }
-            }
-
-            // Si l'option pour avertir le valideur en cas de solde inférieur à la demande
-            if ($object->getConfCP('AlertValidatorSolde'))
-            {
-            	$nbopenedday=num_open_day($object->date_debut_gmt, $object->date_fin_gmt, 0, 1, $object->halfday);
-                if ($nbopenedday > $object->getCPforUser($object->fk_user, $object->fk_type))
-                {
-                    $message.= "\n";
-                    $message.= $langs->transnoentities("HolidaysToValidateAlertSolde")."\n";
-                }
-            }
-
-            $message.= "\n";
-            $message.= "- ".$langs->transnoentitiesnoconv("Name")." : ".dolGetFirstLastname($expediteur->firstname, $expediteur->lastname)."\n";
-            $message.= "- ".$langs->transnoentitiesnoconv("Period")." : ".dol_print_date($object->date_debut, 'day')." ".$langs->transnoentitiesnoconv("To")." ".dol_print_date($object->date_fin, 'day')."\n";
-            $message.= "- ".$langs->transnoentitiesnoconv("Link")." : ".$dolibarr_main_url_root."/holiday/card.php?id=".$object->id."\n\n";
-            $message.= "\n";
-
-            $trackid='leav'.$object->id;
-
-            $mail = new CMailFile($subject, $emailTo, $emailFrom, $message, array(), array(), array(), '', '', 0, 0, '', '', $trackid);
-
-            // Envoi du mail
-            $result=$mail->sendfile();
-
-            if (!$result)
-            {
-                setEventMessages($mail->error, $mail->errors, 'warnings');
-                $action='';
-            }
-            else
-            {
-            	header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
-            	exit;
-            }
-        }
-        else
-        {
-        	setEventMessages($object->error, $object->errors, 'errors');
-        	$action='';
-        }
-    }
-}
-
-
-// Approve leave request
-if ($action == 'confirm_valid')
-{
-    $object->fetch($id);
-
-    // Si statut en attente de validation et valideur = utilisateur
-    if ($object->statut == Holiday::STATUS_VALIDATED && $user->id == $object->fk_validator)
-    {
-    	$object->oldcopy = dol_clone($object);
-
-        $object->date_valid = dol_now();
-        $object->fk_user_valid = $user->id;
-        $object->statut = Holiday::STATUS_APPROVED;
-
-        $db->begin();
-
-        $verif = $object->approve($user);
-        if ($verif <= 0)
-        {
-            setEventMessages($object->error, $object->errors, 'errors');
-            $error++;
-        }
-
-        // Si pas d'erreur SQL on redirige vers la fiche de la demande
-        if (! $error)
-        {
-            // Calculcate number of days consummed
-            $nbopenedday=num_open_day($object->date_debut_gmt, $object->date_fin_gmt, 0, 1, $object->halfday);
-            $soldeActuel = $object->getCpforUser($object->fk_user, $object->fk_type);
-            $newSolde = ($soldeActuel - $nbopenedday);
-
-            // On ajoute la modification dans le LOG
-            $result=$object->addLogCP($user->id, $object->fk_user, $langs->transnoentitiesnoconv("Holidays"), $newSolde, $object->fk_type);
-            if ($result < 0)
-            {
-                $error++;
-            	setEventMessages(null, $object->errors, 'errors');
-            }
-
-            //Update balance
-            $result=$object->updateSoldeCP($object->fk_user, $newSolde, $object->fk_type);
-            if ($result < 0)
-            {
-                $error++;
-            	setEventMessages(null, $object->errors, 'errors');
-            }
-        }
-
-        if (! $error)
-        {
-            // To
-            $destinataire = new User($db);
-            $destinataire->fetch($object->fk_user);
-            $emailTo = $destinataire->email;
-
-            if (!$emailTo)
-            {
-                dol_syslog("User that request leave has no email, so we redirect directly to finished page without sending email");
-            }
-            else
-            {
-                // From
-                $expediteur = new User($db);
-                $expediteur->fetch($object->fk_validator);
-                $emailFrom = $expediteur->email;
-
-                // Subject
-    			$societeName = $conf->global->MAIN_INFO_SOCIETE_NOM;
-                if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $societeName = $conf->global->MAIN_APPLICATION_TITLE;
-
-                $subject = $societeName." - ".$langs->transnoentitiesnoconv("HolidaysValidated");
-
-                // Content
-                $message = $langs->transnoentitiesnoconv("Hello")." ".$destinataire->firstname.",\n";
-                $message.= "\n";
-                $message.=  $langs->transnoentities("HolidaysValidatedBody", dol_print_date($object->date_debut, 'day'), dol_print_date($object->date_fin, 'day'))."\n";
-
-                $message.= "- ".$langs->transnoentitiesnoconv("ValidatedBy")." : ".dolGetFirstLastname($expediteur->firstname, $expediteur->lastname)."\n";
-
-                $message.= "- ".$langs->transnoentitiesnoconv("Link")." : ".$dolibarr_main_url_root."/holiday/card.php?id=".$object->id."\n\n";
-                $message.= "\n";
-
-                $trackid='leav'.$object->id;
-
-                $mail = new CMailFile($subject, $emailTo, $emailFrom, $message, array(), array(), array(), '', '', 0, 0, '', '', $trackid);
-
-                // Envoi du mail
-                $result=$mail->sendfile();
-
-                if (!$result)
-                {
-                	setEventMessages($mail->error, $mail->errors, 'warnings'); // Show error, but do no make rollback, so $error is not set to 1
-                	$action='';
-                }
-            }
-        }
-
-        if (! $error)
-        {
-            $db->commit();
-
-           	header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
-           	exit;
-        }
-        else
-        {
-            $db->rollback();
-        	$action='';
-        }
-    }
-}
-
-if ($action == 'confirm_refuse' && GETPOST('confirm', 'alpha') == 'yes')
-{
-	if (! empty($_POST['detail_refuse']))
-    {
-        $object->fetch($id);
-
-        // Si statut en attente de validation et valideur = utilisateur
-        if ($object->statut == Holiday::STATUS_VALIDATED && $user->id == $object->fk_validator)
-        {
-            $object->date_refuse = dol_print_date('dayhour', dol_now());
-            $object->fk_user_refuse = $user->id;
-            $object->statut = Holiday::STATUS_REFUSED;
-            $object->detail_refuse = GETPOST('detail_refuse', 'alphanohtml');
-
-            $db->begin();
-
-            $verif = $object->update($user);
-            if ($verif <= 0)
-            {
-                $error++;
-                setEventMessages($object->error, $object->errors, 'errors');
-            }
-
-            // Si pas d'erreur SQL on redirige vers la fiche de la demande
-            if (! $error)
-            {
-                // To
-                $destinataire = new User($db);
-                $destinataire->fetch($object->fk_user);
-                $emailTo = $destinataire->email;
-
-                if (!$emailTo)
-                {
-                    dol_syslog("User that request leave has no email, so we redirect directly to finished page without sending email");
-                }
-                else
-                {
-                    // From
-                    $expediteur = new User($db);
-                    $expediteur->fetch($object->fk_validator);
-                    $emailFrom = $expediteur->email;
-
-    	            // Subject
-    				$societeName = $conf->global->MAIN_INFO_SOCIETE_NOM;
-    	            if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $societeName = $conf->global->MAIN_APPLICATION_TITLE;
-
-    	            $subject = $societeName." - ".$langs->transnoentitiesnoconv("HolidaysRefused");
-
-                    // Content
-                	$message = $langs->transnoentitiesnoconv("Hello")." ".$destinataire->firstname.",\n";
-    	            $message.= "\n";
-                    $message.= $langs->transnoentities("HolidaysRefusedBody", dol_print_date($object->date_debut, 'day'), dol_print_date($object->date_fin, 'day'))."\n";
-                    $message.= GETPOST('detail_refuse', 'alpha')."\n\n";
-
-    	            $message.= "- ".$langs->transnoentitiesnoconv("ModifiedBy")." : ".dolGetFirstLastname($expediteur->firstname, $expediteur->lastname)."\n";
-
-    	            $message.= "- ".$langs->transnoentitiesnoconv("Link")." : ".$dolibarr_main_url_root."/holiday/card.php?id=".$object->id."\n\n";
-                    $message.= "\n";
-
-    	            $trackid='leav'.$object->id;
-
-    	            $mail = new CMailFile($subject, $emailTo, $emailFrom, $message, array(), array(), array(), '', '', 0, 0, '', '', $trackid);
-
-                    // Envoi du mail
-                    $result=$mail->sendfile();
-
-                    if (! $result)
-                    {
-                        setEventMessages($mail->error, $mail->errors, 'warnings'); // Show error, but do no make rollback, so $error is not set to 1
-                    	$action='';
-                    }
-                }
-            }
-            else
-            {
-            	$action='';
-            }
-
-            if (! $error)
-            {
-                $db->commit();
-
-                header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
-                exit;
-            }
-            else
-            {
-                $db->rollback();
-                $action='';
-            }
-        }
-    } else {
-    	setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("DetailRefusCP")), null, 'errors');
-    	$action='refuse';
-    }
-}
-
-
-// Si Validation de la demande
-if ($action == 'confirm_draft' && GETPOST('confirm') == 'yes')
-{
-	$error = 0;
-
-    $object->fetch($id);
-
-    $oldstatus = $object->statut;
-    $object->statut = Holiday::STATUS_DRAFT;
-
-    $result = $object->update($user);
-    if ($result < 0)
-    {
-    	$error++;
-    	setEventMessages($langs->trans('ErrorBackToDraft').' '.$object->error, $object->errors, 'errors');
-    }
-
-    if (! $error)
-    {
-        $db->commit();
-
-        header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
-        exit;
-    }
-    else
-    {
-        $db->rollback();
-    }
-}
-
-// Si confirmation of cancellation
-if ($action == 'confirm_cancel' && GETPOST('confirm') == 'yes')
-{
-	$error = 0;
-
-    $object->fetch($id);
-
-    // Si statut en attente de validation et valideur = valideur ou utilisateur, ou droits de faire pour les autres
-    if (($object->statut == Holiday::STATUS_VALIDATED || $object->statut == Holiday::STATUS_APPROVED) && ($user->id == $object->fk_validator || in_array($object->fk_user, $childids) || ! empty($user->rights->holiday->write_all)))
-    {
-    	$db->begin();
-
-    	$oldstatus = $object->statut;
-        $object->date_cancel = dol_now();
-        $object->fk_user_cancel = $user->id;
-        $object->statut = Holiday::STATUS_CANCELED;
-
-        $result = $object->update($user);
-
-        if ($result >= 0 && $oldstatus == Holiday::STATUS_APPROVED)	// holiday was already validated, status 3, so we must increase back the balance
-        {
-        	// Calculcate number of days consummed
-        	$nbopenedday=num_open_day($object->date_debut_gmt, $object->date_fin_gmt, 0, 1, $object->halfday);
-
-        	$soldeActuel = $object->getCpforUser($object->fk_user, $object->fk_type);
-        	$newSolde = ($soldeActuel + $nbopenedday);
-
-        	// On ajoute la modification dans le LOG
-        	$result1=$object->addLogCP($user->id, $object->fk_user, $langs->transnoentitiesnoconv("HolidaysCancelation"), $newSolde, $object->fk_type);
-
-        	// Mise à jour du solde
-        	$result2=$object->updateSoldeCP($object->fk_user, $newSolde, $object->fk_type);
-
-        	if ($result1 < 0 || $result2 < 0)
-        	{
-        		$error++;
-        		setEventMessages($langs->trans('ErrorCantDeleteCP').' '.$object->error, $object->errors, 'errors');
-        	}
-        }
-
-        if (! $error)
-        {
-        	$db->commit();
-        }
-        else
-        {
-        	$db->rollback();
-        }
-
-        // Si pas d'erreur SQL on redirige vers la fiche de la demande
-        if (! $error && $result > 0)
-        {
-            // To
-            $destinataire = new User($db);
-            $destinataire->fetch($object->fk_user);
-            $emailTo = $destinataire->email;
-
-            if (!$emailTo)
-            {
-                header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
-                exit;
-            }
-
-            // From
-            $expediteur = new User($db);
-            $expediteur->fetch($object->fk_user_cancel);
-            $emailFrom = $expediteur->email;
-
-            // Subject
-			$societeName = $conf->global->MAIN_INFO_SOCIETE_NOM;
-            if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $societeName = $conf->global->MAIN_APPLICATION_TITLE;
-
-            $subject = $societeName." - ".$langs->transnoentitiesnoconv("HolidaysCanceled");
-
-            // Content
-           	$message = $langs->transnoentitiesnoconv("Hello")." ".$destinataire->firstname.",\n";
-            $message.= "\n";
-
-            $message.= $langs->transnoentities("HolidaysCanceledBody", dol_print_date($object->date_debut, 'day'), dol_print_date($object->date_fin, 'day'))."\n";
-            $message.= "- ".$langs->transnoentitiesnoconv("ModifiedBy")." : ".dolGetFirstLastname($expediteur->firstname, $expediteur->lastname)."\n";
-
-            $message.= "- ".$langs->transnoentitiesnoconv("Link")." : ".$dolibarr_main_url_root."/holiday/card.php?id=".$object->id."\n\n";
-            $message.= "\n";
-
-            $trackid='leav'.$object->id;
-
-            $mail = new CMailFile($subject, $emailTo, $emailFrom, $message, array(), array(), array(), '', '', 0, 0, '', '', $trackid);
-
-            // Envoi du mail
-            $result=$mail->sendfile();
-
-            if (!$result)
-            {
-            	setEventMessages($mail->error, $mail->errors, 'warnings');
-            	$action='';
-            }
-            else
-            {
-            	header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
-            	exit;
-            }
-        }
-    }
+
+	// Approve leave request
+	if ($action == 'confirm_valid')
+	{
+	    $object->fetch($id);
+
+	    // Si statut en attente de validation et valideur = utilisateur
+	    if ($object->statut == Holiday::STATUS_VALIDATED && $user->id == $object->fk_validator)
+	    {
+	    	$object->oldcopy = dol_clone($object);
+
+	        $object->date_valid = dol_now();
+	        $object->fk_user_valid = $user->id;
+	        $object->statut = Holiday::STATUS_APPROVED;
+
+	        $db->begin();
+
+	        $verif = $object->approve($user);
+	        if ($verif <= 0)
+	        {
+	            setEventMessages($object->error, $object->errors, 'errors');
+	            $error++;
+	        }
+
+	        // Si pas d'erreur SQL on redirige vers la fiche de la demande
+	        if (! $error)
+	        {
+	            // Calculcate number of days consummed
+	            $nbopenedday=num_open_day($object->date_debut_gmt, $object->date_fin_gmt, 0, 1, $object->halfday);
+	            $soldeActuel = $object->getCpforUser($object->fk_user, $object->fk_type);
+	            $newSolde = ($soldeActuel - $nbopenedday);
+
+	            // On ajoute la modification dans le LOG
+	            $result=$object->addLogCP($user->id, $object->fk_user, $langs->transnoentitiesnoconv("Holidays"), $newSolde, $object->fk_type);
+	            if ($result < 0)
+	            {
+	                $error++;
+	            	setEventMessages(null, $object->errors, 'errors');
+	            }
+
+	            //Update balance
+	            $result=$object->updateSoldeCP($object->fk_user, $newSolde, $object->fk_type);
+	            if ($result < 0)
+	            {
+	                $error++;
+	            	setEventMessages(null, $object->errors, 'errors');
+	            }
+	        }
+
+	        if (! $error)
+	        {
+	            // To
+	            $destinataire = new User($db);
+	            $destinataire->fetch($object->fk_user);
+	            $emailTo = $destinataire->email;
+
+	            if (!$emailTo)
+	            {
+	                dol_syslog("User that request leave has no email, so we redirect directly to finished page without sending email");
+	            }
+	            else
+	            {
+	                // From
+	                $expediteur = new User($db);
+	                $expediteur->fetch($object->fk_validator);
+	                $emailFrom = $expediteur->email;
+
+	                // Subject
+	    			$societeName = $conf->global->MAIN_INFO_SOCIETE_NOM;
+	                if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $societeName = $conf->global->MAIN_APPLICATION_TITLE;
+
+	                $subject = $societeName." - ".$langs->transnoentitiesnoconv("HolidaysValidated");
+
+	                // Content
+	                $message = $langs->transnoentitiesnoconv("Hello")." ".$destinataire->firstname.",\n";
+	                $message.= "\n";
+	                $message.=  $langs->transnoentities("HolidaysValidatedBody", dol_print_date($object->date_debut, 'day'), dol_print_date($object->date_fin, 'day'))."\n";
+
+	                $message.= "- ".$langs->transnoentitiesnoconv("ValidatedBy")." : ".dolGetFirstLastname($expediteur->firstname, $expediteur->lastname)."\n";
+
+	                $message.= "- ".$langs->transnoentitiesnoconv("Link")." : ".$dolibarr_main_url_root."/holiday/card.php?id=".$object->id."\n\n";
+	                $message.= "\n";
+
+	                $trackid='leav'.$object->id;
+
+	                $mail = new CMailFile($subject, $emailTo, $emailFrom, $message, array(), array(), array(), '', '', 0, 0, '', '', $trackid);
+
+	                // Envoi du mail
+	                $result=$mail->sendfile();
+
+	                if (!$result)
+	                {
+	                	setEventMessages($mail->error, $mail->errors, 'warnings'); // Show error, but do no make rollback, so $error is not set to 1
+	                	$action='';
+	                }
+	            }
+	        }
+
+	        if (! $error)
+	        {
+	            $db->commit();
+
+	           	header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
+	           	exit;
+	        }
+	        else
+	        {
+	            $db->rollback();
+	        	$action='';
+	        }
+	    }
+	}
+
+	if ($action == 'confirm_refuse' && GETPOST('confirm', 'alpha') == 'yes')
+	{
+		if (! empty($_POST['detail_refuse']))
+	    {
+	        $object->fetch($id);
+
+	        // Si statut en attente de validation et valideur = utilisateur
+	        if ($object->statut == Holiday::STATUS_VALIDATED && $user->id == $object->fk_validator)
+	        {
+	            $object->date_refuse = dol_print_date('dayhour', dol_now());
+	            $object->fk_user_refuse = $user->id;
+	            $object->statut = Holiday::STATUS_REFUSED;
+	            $object->detail_refuse = GETPOST('detail_refuse', 'alphanohtml');
+
+	            $db->begin();
+
+	            $verif = $object->update($user);
+	            if ($verif <= 0)
+	            {
+	                $error++;
+	                setEventMessages($object->error, $object->errors, 'errors');
+	            }
+
+	            // Si pas d'erreur SQL on redirige vers la fiche de la demande
+	            if (! $error)
+	            {
+	                // To
+	                $destinataire = new User($db);
+	                $destinataire->fetch($object->fk_user);
+	                $emailTo = $destinataire->email;
+
+	                if (!$emailTo)
+	                {
+	                    dol_syslog("User that request leave has no email, so we redirect directly to finished page without sending email");
+	                }
+	                else
+	                {
+	                    // From
+	                    $expediteur = new User($db);
+	                    $expediteur->fetch($object->fk_validator);
+	                    $emailFrom = $expediteur->email;
+
+	    	            // Subject
+	    				$societeName = $conf->global->MAIN_INFO_SOCIETE_NOM;
+	    	            if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $societeName = $conf->global->MAIN_APPLICATION_TITLE;
+
+	    	            $subject = $societeName." - ".$langs->transnoentitiesnoconv("HolidaysRefused");
+
+	                    // Content
+	                	$message = $langs->transnoentitiesnoconv("Hello")." ".$destinataire->firstname.",\n";
+	    	            $message.= "\n";
+	                    $message.= $langs->transnoentities("HolidaysRefusedBody", dol_print_date($object->date_debut, 'day'), dol_print_date($object->date_fin, 'day'))."\n";
+	                    $message.= GETPOST('detail_refuse', 'alpha')."\n\n";
+
+	    	            $message.= "- ".$langs->transnoentitiesnoconv("ModifiedBy")." : ".dolGetFirstLastname($expediteur->firstname, $expediteur->lastname)."\n";
+
+	    	            $message.= "- ".$langs->transnoentitiesnoconv("Link")." : ".$dolibarr_main_url_root."/holiday/card.php?id=".$object->id."\n\n";
+	                    $message.= "\n";
+
+	    	            $trackid='leav'.$object->id;
+
+	    	            $mail = new CMailFile($subject, $emailTo, $emailFrom, $message, array(), array(), array(), '', '', 0, 0, '', '', $trackid);
+
+	                    // Envoi du mail
+	                    $result=$mail->sendfile();
+
+	                    if (! $result)
+	                    {
+	                        setEventMessages($mail->error, $mail->errors, 'warnings'); // Show error, but do no make rollback, so $error is not set to 1
+	                    	$action='';
+	                    }
+	                }
+	            }
+	            else
+	            {
+	            	$action='';
+	            }
+
+	            if (! $error)
+	            {
+	                $db->commit();
+
+	                header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
+	                exit;
+	            }
+	            else
+	            {
+	                $db->rollback();
+	                $action='';
+	            }
+	        }
+	    } else {
+	    	setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("DetailRefusCP")), null, 'errors');
+	    	$action='refuse';
+	    }
+	}
+
+
+	// Si Validation de la demande
+	if ($action == 'confirm_draft' && GETPOST('confirm') == 'yes')
+	{
+		$error = 0;
+
+	    $object->fetch($id);
+
+	    $oldstatus = $object->statut;
+	    $object->statut = Holiday::STATUS_DRAFT;
+
+	    $result = $object->update($user);
+	    if ($result < 0)
+	    {
+	    	$error++;
+	    	setEventMessages($langs->trans('ErrorBackToDraft').' '.$object->error, $object->errors, 'errors');
+	    }
+
+	    if (! $error)
+	    {
+	        $db->commit();
+
+	        header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
+	        exit;
+	    }
+	    else
+	    {
+	        $db->rollback();
+	    }
+	}
+
+	// Si confirmation of cancellation
+	if ($action == 'confirm_cancel' && GETPOST('confirm') == 'yes')
+	{
+		$error = 0;
+
+	    $object->fetch($id);
+
+	    // Si statut en attente de validation et valideur = valideur ou utilisateur, ou droits de faire pour les autres
+	    if (($object->statut == Holiday::STATUS_VALIDATED || $object->statut == Holiday::STATUS_APPROVED) && ($user->id == $object->fk_validator || in_array($object->fk_user, $childids) || ! empty($user->rights->holiday->write_all)))
+	    {
+	    	$db->begin();
+
+	    	$oldstatus = $object->statut;
+	        $object->date_cancel = dol_now();
+	        $object->fk_user_cancel = $user->id;
+	        $object->statut = Holiday::STATUS_CANCELED;
+
+	        $result = $object->update($user);
+
+	        if ($result >= 0 && $oldstatus == Holiday::STATUS_APPROVED)	// holiday was already validated, status 3, so we must increase back the balance
+	        {
+	        	// Calculcate number of days consummed
+	        	$nbopenedday=num_open_day($object->date_debut_gmt, $object->date_fin_gmt, 0, 1, $object->halfday);
+
+	        	$soldeActuel = $object->getCpforUser($object->fk_user, $object->fk_type);
+	        	$newSolde = ($soldeActuel + $nbopenedday);
+
+	        	// On ajoute la modification dans le LOG
+	        	$result1=$object->addLogCP($user->id, $object->fk_user, $langs->transnoentitiesnoconv("HolidaysCancelation"), $newSolde, $object->fk_type);
+
+	        	// Mise à jour du solde
+	        	$result2=$object->updateSoldeCP($object->fk_user, $newSolde, $object->fk_type);
+
+	        	if ($result1 < 0 || $result2 < 0)
+	        	{
+	        		$error++;
+	        		setEventMessages($langs->trans('ErrorCantDeleteCP').' '.$object->error, $object->errors, 'errors');
+	        	}
+	        }
+
+	        if (! $error)
+	        {
+	        	$db->commit();
+	        }
+	        else
+	        {
+	        	$db->rollback();
+	        }
+
+	        // Si pas d'erreur SQL on redirige vers la fiche de la demande
+	        if (! $error && $result > 0)
+	        {
+	            // To
+	            $destinataire = new User($db);
+	            $destinataire->fetch($object->fk_user);
+	            $emailTo = $destinataire->email;
+
+	            if (!$emailTo)
+	            {
+	                header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
+	                exit;
+	            }
+
+	            // From
+	            $expediteur = new User($db);
+	            $expediteur->fetch($object->fk_user_cancel);
+	            $emailFrom = $expediteur->email;
+
+	            // Subject
+				$societeName = $conf->global->MAIN_INFO_SOCIETE_NOM;
+	            if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $societeName = $conf->global->MAIN_APPLICATION_TITLE;
+
+	            $subject = $societeName." - ".$langs->transnoentitiesnoconv("HolidaysCanceled");
+
+	            // Content
+	           	$message = $langs->transnoentitiesnoconv("Hello")." ".$destinataire->firstname.",\n";
+	            $message.= "\n";
+
+	            $message.= $langs->transnoentities("HolidaysCanceledBody", dol_print_date($object->date_debut, 'day'), dol_print_date($object->date_fin, 'day'))."\n";
+	            $message.= "- ".$langs->transnoentitiesnoconv("ModifiedBy")." : ".dolGetFirstLastname($expediteur->firstname, $expediteur->lastname)."\n";
+
+	            $message.= "- ".$langs->transnoentitiesnoconv("Link")." : ".$dolibarr_main_url_root."/holiday/card.php?id=".$object->id."\n\n";
+	            $message.= "\n";
+
+	            $trackid='leav'.$object->id;
+
+	            $mail = new CMailFile($subject, $emailTo, $emailFrom, $message, array(), array(), array(), '', '', 0, 0, '', '', $trackid);
+
+	            // Envoi du mail
+	            $result=$mail->sendfile();
+
+	            if (!$result)
+	            {
+	            	setEventMessages($mail->error, $mail->errors, 'warnings');
+	            	$action='';
+	            }
+	            else
+	            {
+	            	header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
+	            	exit;
+	            }
+	        }
+	    }
+	}
+
+	/*
+	// Actions when printing a doc from card
+	include DOL_DOCUMENT_ROOT.'/core/actions_printing.inc.php';
+
+	// Actions to send emails
+	$trigger_name='HOLIDAY_SENTBYMAIL';
+	$autocopy='MAIN_MAIL_AUTOCOPY_HOLIDAY_TO';
+	$trackid='leav'.$object->id;
+	include DOL_DOCUMENT_ROOT.'/core/actions_sendmails.inc.php';
+
+	// Actions to build doc
+	$upload_dir = $conf->holiday->dir_output;
+	$permissioncreate = $user->rights->holiday->creer;
+	include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php';
+	*/
 }
 
 
@@ -1049,6 +1111,9 @@ if ((empty($id) && empty($ref)) || $action == 'add' || $action == 'request' || $
         print $doleditor->Create(1);
         print '</td></tr>';
 
+        // Other attributes
+        include DOL_DOCUMENT_ROOT . '/core/tpl/extrafields_add.tpl.php';
+
         print '</tbody>';
         print '</table>';
 
@@ -1248,6 +1313,9 @@ else
                     print '</td></tr>';
                 }
 
+                // Other attributes
+                include DOL_DOCUMENT_ROOT . '/core/tpl/extrafields_view.tpl.php';
+
                 print '</tbody>';
                 print '</table>'."\n";
 
diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php
index 7557a7941fb..25d1c1d5a2d 100644
--- a/htdocs/holiday/class/holiday.class.php
+++ b/htdocs/holiday/class/holiday.class.php
@@ -402,6 +402,8 @@ class Holiday extends CommonObject
 			}
 			$this->db->free($resql);
 
+			$this->fetch_optionals();
+
 			return 1;
 		}
 		else
diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php
index 145f2f7b48f..072a6aacc45 100644
--- a/htdocs/holiday/list.php
+++ b/htdocs/holiday/list.php
@@ -210,68 +210,19 @@ $form = new Form($db);
 $formother = new FormOther($db);
 $formfile = new FormFile($db);
 
-$holidaystatic=new Holiday($db);
 $fuser = new User($db);
+$holidaystatic=new Holiday($db);
 
 // Update sold
 $result = $object->updateBalance();
 
-$max_year = 5;
-$min_year = 10;
-$filter='';
-
 $title = $langs->trans('CPTitreMenu');
 llxHeader('', $title);
 
-$order = $db->order($sortfield, $sortorder).$db->plimit($limit + 1, $offset);
+$max_year = 5;
+$min_year = 10;
 
-// Ref
-if(!empty($search_ref))
-{
-    $filter.= " AND cp.rowid = ".(int) $db->escape($search_ref);
-}
-// Start date
-$filter.= dolSqlDateFilter("cp.date_debut", $search_day_start, $search_month_start, $search_year_start);
-// End date
-$filter.= dolSqlDateFilter("cp.date_fin", $search_day_end, $search_month_end, $search_year_end);
-// Create date
-$filter.= dolSqlDateFilter("cp.date_create", $search_day_create, $search_month_create, $search_year_create);
-// Employee
-if(!empty($search_employee) && $search_employee != -1) {
-    $filter.= " AND cp.fk_user = '".$db->escape($search_employee)."'\n";
-}
-// Validator
-if(!empty($search_valideur) && $search_valideur != -1) {
-    $filter.= " AND cp.fk_validator = '".$db->escape($search_valideur)."'\n";
-}
-// Type
-if (!empty($search_type) && $search_type != -1) {
-	$filter.= ' AND cp.fk_type IN ('.$db->escape($search_type).')';
-}
-// Status
-if(!empty($search_statut) && $search_statut != -1) {
-    $filter.= " AND cp.statut = '".$db->escape($search_statut)."'\n";
-}
-// Search all
-if (!empty($sall))
-{
-	$filter.= natural_search(array_keys($fieldstosearchall), $sall);
-}
-
-if (empty($user->rights->holiday->read_all)) $filter.=' AND cp.fk_user IN ('.join(',', $childids).')';
-
-$sql='';
-// Add where from extra fields
-include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php';
-// Add where from hooks
-$parameters=array();
-$reshook=$hookmanager->executeHooks('printFieldListWhere', $parameters);    // Note that $action and $object may have been modified by hook
-$sql.=$hookmanager->resPrint;
-
-$filter.=$sql;
-
-
-// Récupération de l'ID de l'utilisateur
+// Get current user id
 $user_id = $user->id;
 
 if ($id > 0)
@@ -286,476 +237,558 @@ if ($id > 0)
 
 // Récupération des congés payés de l'utilisateur ou de tous les users de sa hierarchy
 // Load array $object->holiday
-if (empty($user->rights->holiday->read_all) || $id > 0)
-{
-	if ($id > 0) $result = $object->fetchByUser($id, $order, $filter);
-	else  $result = $object->fetchByUser(join(',', $childids), $order, $filter);
-}
-else
-{
-    $result = $object->fetchAll($order, $filter);
-}
-// Si erreur SQL
-if ($result == '-1')
-{
-    print load_fiche_titre($langs->trans('CPTitreMenu'), '', 'title_hrm.png');
 
-    dol_print_error($db, $langs->trans('Error').' '.$object->error);
-    exit();
+$sql = "SELECT";
+$sql.= " cp.rowid,";
+$sql.= " cp.ref,";
+
+$sql.= " cp.fk_user,";
+$sql.= " cp.fk_type,";
+$sql.= " cp.date_create,";
+$sql.= " cp.tms as date_update,";
+$sql.= " cp.description,";
+$sql.= " cp.date_debut,";
+$sql.= " cp.date_fin,";
+$sql.= " cp.halfday,";
+$sql.= " cp.statut,";
+$sql.= " cp.fk_validator,";
+$sql.= " cp.date_valid,";
+$sql.= " cp.fk_user_valid,";
+$sql.= " cp.date_refuse,";
+$sql.= " cp.fk_user_refuse,";
+$sql.= " cp.date_cancel,";
+$sql.= " cp.fk_user_cancel,";
+$sql.= " cp.detail_refuse,";
+
+$sql.= " uu.lastname as user_lastname,";
+$sql.= " uu.firstname as user_firstname,";
+$sql.= " uu.login as user_login,";
+$sql.= " uu.statut as user_statut,";
+$sql.= " uu.photo as user_photo,";
+
+$sql.= " ua.lastname as validator_lastname,";
+$sql.= " ua.firstname as validator_firstname,";
+$sql.= " ua.login as validator_login,";
+$sql.= " ua.statut as validator_statut,";
+$sql.= " ua.photo as validator_photo";
+// Add fields from extrafields
+foreach ($extrafields->attribute_label as $key => $val) $sql.=($extrafields->attribute_type[$key] != 'separate' ? ",ef.".$key.' as options_'.$key : '');
+// Add fields from hooks
+$parameters=array();
+$reshook=$hookmanager->executeHooks('printFieldListSelect', $parameters);    // Note that $action and $object may have been modified by hook
+$sql.=$hookmanager->resPrint;
+$sql.= " FROM ".MAIN_DB_PREFIX."holiday as cp";
+if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label)) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."holiday_extrafields as ef on (cp.rowid = ef.fk_object)";
+$sql.= ", ".MAIN_DB_PREFIX."user as uu, ".MAIN_DB_PREFIX."user as ua";
+$sql.= " WHERE cp.entity IN (".getEntity('holiday').")";
+$sql.= " AND cp.fk_user = uu.rowid AND cp.fk_validator = ua.rowid "; // Hack pour la recherche sur le tableau
+// Search all
+if (!empty($sall)) $sql.= natural_search(array_keys($fieldstosearchall), $sall);
+// Ref
+if(!empty($search_ref))
+{
+	$sql.= " AND cp.rowid = ".(int) $db->escape($search_ref);
+}
+// Start date
+$sql.= dolSqlDateFilter("cp.date_debut", $search_day_start, $search_month_start, $search_year_start);
+// End date
+$sql.= dolSqlDateFilter("cp.date_fin", $search_day_end, $search_month_end, $search_year_end);
+// Create date
+$sql.= dolSqlDateFilter("cp.date_create", $search_day_create, $search_month_create, $search_year_create);
+// Employee
+if(!empty($search_employee) && $search_employee != -1) {
+	$sql.= " AND cp.fk_user = '".$db->escape($search_employee)."'\n";
+}
+// Validator
+if(!empty($search_valideur) && $search_valideur != -1) {
+	$sql.= " AND cp.fk_validator = '".$db->escape($search_valideur)."'\n";
+}
+// Type
+if (!empty($search_type) && $search_type != -1) {
+	$sql.= ' AND cp.fk_type IN ('.$db->escape($search_type).')';
+}
+// Status
+if(!empty($search_statut) && $search_statut != -1) {
+	$sql.= " AND cp.statut = '".$db->escape($search_statut)."'\n";
 }
 
+if (empty($user->rights->holiday->read_all)) $sql.=' AND cp.fk_user IN ('.join(',', $childids).')';
+if ($id > 0) $sql.= " AND cp.fk_user IN (".$id.")";
 
-// Show table of vacations
+// Add where from extra fields
+include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php';
+// Add where from hooks
+$parameters=array();
+$reshook=$hookmanager->executeHooks('printFieldListWhere', $parameters);    // Note that $action and $object may have been modified by hook
+$sql.=$hookmanager->resPrint;
 
-$num = count($object->holiday);
+$sql.= $db->order($sortfield, $sortorder);
 
-$arrayofselected=is_array($toselect)?$toselect:array();
-
-$param='';
-if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.urlencode($contextpage);
-if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.urlencode($limit);
-if ($optioncss != '')     $param.='&optioncss='.urlencode($optioncss);
-if ($search_ref)          $param.='&search_ref='.urlencode($search_ref);
-if ($search_day_create)          $param.='&search_day_create='.urlencode($search_day_create);
-if ($search_month_create)        $param.='&search_month_create='.urlencode($search_month_create);
-if ($search_year_create)         $param.='&search_year_create='.urlencode($search_year_create);
-if ($search_day_start)           $param.='&search_day_start='.urlencode($search_day_start);
-if ($search_month_start)         $param.='&search_month_start='.urlencode($search_month_start);
-if ($search_year_start)          $param.='&search_year_start='.urlencode($search_year_start);
-if ($search_day_end)             $param.='&search_day_end='.urlencode($search_day_end);
-if ($search_month_end)           $param.='&search_month_end='.urlencode($search_month_end);
-if ($search_year_end)            $param.='&search_year_end='.urlencode($search_year_end);
-if ($search_employee > 0) $param.='&search_employee='.urlencode($search_employee);
-if ($search_valideur > 0) $param.='&search_valideur='.urlencode($search_valideur);
-if ($search_type > 0)     $param.='&search_type='.urlencode($search_type);
-if ($search_statut > 0)   $param.='&search_statut='.urlencode($search_statut);
-// Add $param from extra fields
-include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php';
-
-// List of mass actions available
-$arrayofmassactions =  array(
-	//'generate_doc'=>$langs->trans("ReGeneratePDF"),
-	//'builddoc'=>$langs->trans("PDFMerge"),
-	//'presend'=>$langs->trans("SendByMail"),
-);
-if ($user->rights->holiday->supprimer) $arrayofmassactions['predelete']='<span class="fa fa-trash paddingrightonly"></span>'.$langs->trans("Delete");
-if (in_array($massaction, array('presend','predelete'))) $arrayofmassactions=array();
-$massactionbutton=$form->selectMassAction('', $arrayofmassactions);
-
-print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
-if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
-print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
-print '<input type="hidden" name="formfilteraction" id="formfilteraction" value="list">';
-print '<input type="hidden" name="action" value="list">';
-print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
-print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
-print '<input type="hidden" name="page" value="'.$page.'">';
-print '<input type="hidden" name="contextpage" value="'.$contextpage.'">';
-if ($id > 0) print '<input type="hidden" name="id" value="'.$id.'">';
-
-if ($id > 0)		// For user tab
+// Count total nb of records
+$nbtotalofrecords = '';
+if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
 {
-	$title = $langs->trans("User");
-	$linkback = '<a href="'.DOL_URL_ROOT.'/user/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
-	$head = user_prepare_head($fuser);
-
-	dol_fiche_head($head, 'paidholidays', $title, -1, 'user');
-
-    dol_banner_tab($fuser, 'id', $linkback, $user->rights->user->user->lire || $user->admin);
-
-	if (empty($conf->global->HOLIDAY_HIDE_BALANCE))
+	$result = $db->query($sql);
+	$nbtotalofrecords = $db->num_rows($result);
+	if (($page * $limit) > $nbtotalofrecords)	// if total resultset is smaller then paging size (filtering), goto and load page 0
 	{
-	    print '<div class="underbanner clearboth"></div>';
-
-	    print '<br>';
-
-	    showMyBalance($object, $user_id);
+		$page = 0;
+		$offset = 0;
 	}
-
-	dol_fiche_end();
-
-	// Buttons for actions
-
-	print '<div class="tabsAction">';
-
-	$canedit=(($user->id == $user_id && $user->rights->holiday->write) || ($user->id != $user_id && $user->rights->holiday->write_all));
-
-	if ($canedit)
-	{
-		print '<a href="'.DOL_URL_ROOT.'/holiday/card.php?action=request&fuserid='.$user_id.'" class="butAction">'.$langs->trans("AddCP").'</a>';
-	}
-
-	print '</div>';
 }
-else
+
+$sql.= $db->plimit($limit+1, $offset);
+
+
+//print $sql;
+$resql = $db->query($sql);
+if ($resql)
 {
-	$nbtotalofrecords = count($object->holiday);
-   	//print $num;
-    //print count($object->holiday);
+	$num = $db->num_rows($resql);
 
-	$title = $langs->trans("ListeCP");
+	$arrayofselected=is_array($toselect)?$toselect:array();
 
-	$newcardbutton='';
-	if ($user->rights->holiday->write)
+	$param='';
+	if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.urlencode($contextpage);
+	if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.urlencode($limit);
+	if ($optioncss != '')     $param.='&optioncss='.urlencode($optioncss);
+	if ($search_ref)          $param.='&search_ref='.urlencode($search_ref);
+	if ($search_day_create)          $param.='&search_day_create='.urlencode($search_day_create);
+	if ($search_month_create)        $param.='&search_month_create='.urlencode($search_month_create);
+	if ($search_year_create)         $param.='&search_year_create='.urlencode($search_year_create);
+	if ($search_day_start)           $param.='&search_day_start='.urlencode($search_day_start);
+	if ($search_month_start)         $param.='&search_month_start='.urlencode($search_month_start);
+	if ($search_year_start)          $param.='&search_year_start='.urlencode($search_year_start);
+	if ($search_day_end)             $param.='&search_day_end='.urlencode($search_day_end);
+	if ($search_month_end)           $param.='&search_month_end='.urlencode($search_month_end);
+	if ($search_year_end)            $param.='&search_year_end='.urlencode($search_year_end);
+	if ($search_employee > 0) $param.='&search_employee='.urlencode($search_employee);
+	if ($search_valideur > 0) $param.='&search_valideur='.urlencode($search_valideur);
+	if ($search_type > 0)     $param.='&search_type='.urlencode($search_type);
+	if ($search_statut > 0)   $param.='&search_statut='.urlencode($search_statut);
+	// Add $param from extra fields
+	include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php';
+
+	// List of mass actions available
+	$arrayofmassactions =  array(
+		//'generate_doc'=>$langs->trans("ReGeneratePDF"),
+		//'builddoc'=>$langs->trans("PDFMerge"),
+		//'presend'=>$langs->trans("SendByMail"),
+	);
+	if ($user->rights->holiday->supprimer) $arrayofmassactions['predelete']='<span class="fa fa-trash paddingrightonly"></span>'.$langs->trans("Delete");
+	if (in_array($massaction, array('presend','predelete'))) $arrayofmassactions=array();
+	$massactionbutton=$form->selectMassAction('', $arrayofmassactions);
+
+	// Lines of title fields
+	print '<form id="searchFormList" action="'.$_SERVER["PHP_SELF"].'" method="POST">'."\n";
+	if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
+	print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
+	print '<input type="hidden" name="formfilteraction" id="formfilteraction" value="list">';
+	print '<input type="hidden" name="action" value="'.($action=='edit'?'update':'list').'">';
+	print '<input type="hidden" name="page" value="'.$page.'">';
+	print '<input type="hidden" name="contextpage" value="'.$contextpage.'">';
+	print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
+	print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
+	if ($id > 0) print '<input type="hidden" name="id" value="'.$id.'">';
+
+	if ($id > 0)		// For user tab
 	{
-		$newcardbutton.= dolGetButtonTitle($langs->trans('MenuAddCP'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/holiday/card.php?action=request');
-    }
+		$title = $langs->trans("User");
+		$linkback = '<a href="'.DOL_URL_ROOT.'/user/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
+		$head = user_prepare_head($fuser);
 
-	print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'title_hrm.png', 0, $newcardbutton, '', $limit);
+		dol_fiche_head($head, 'paidholidays', $title, -1, 'user');
+
+	    dol_banner_tab($fuser, 'id', $linkback, $user->rights->user->user->lire || $user->admin);
+
+		if (empty($conf->global->HOLIDAY_HIDE_BALANCE))
+		{
+		    print '<div class="underbanner clearboth"></div>';
+
+		    print '<br>';
+
+		    showMyBalance($object, $user_id);
+		}
+
+		dol_fiche_end();
+
+		// Buttons for actions
+
+		print '<div class="tabsAction">';
+
+		$canedit=(($user->id == $user_id && $user->rights->holiday->write) || ($user->id != $user_id && $user->rights->holiday->write_all));
+
+		if ($canedit)
+		{
+			print '<a href="'.DOL_URL_ROOT.'/holiday/card.php?action=request&fuserid='.$user_id.'" class="butAction">'.$langs->trans("AddCP").'</a>';
+		}
+
+		print '</div>';
+	}
+	else
+	{
+		$title = $langs->trans("ListeCP");
+
+		$newcardbutton='';
+		if ($user->rights->holiday->write)
+		{
+			$newcardbutton.= dolGetButtonTitle($langs->trans('MenuAddCP'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/holiday/card.php?action=request');
+	    }
+
+		print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'title_hrm.png', 0, $newcardbutton, '', $limit);
+	}
 
 	$topicmail="Information";
 	$modelmail="leaverequest";
 	$objecttmp=new Holiday($db);
 	$trackid='leav'.$object->id;
 	include DOL_DOCUMENT_ROOT.'/core/tpl/massactions_pre.tpl.php';
-}
 
-if ($sall)
-{
-    foreach($fieldstosearchall as $key => $val) $fieldstosearchall[$key]=$langs->trans($val);
-    print '<div class="divsearchfieldfilter">'.$langs->trans("FilterOnInto", $sall) . join(', ', $fieldstosearchall).'</div>';
-}
-
-$moreforfilter='';
-
-$parameters=array();
-$reshook=$hookmanager->executeHooks('printFieldPreListTitle', $parameters);    // Note that $action and $object may have been modified by hook
-if (empty($reshook)) $moreforfilter .= $hookmanager->resPrint;
-else $moreforfilter = $hookmanager->resPrint;
-
-if (! empty($moreforfilter))
-{
-	print '<div class="liste_titre liste_titre_bydiv centpercent">';
-	print $moreforfilter;
-	print '</div>';
-}
-
-$varpage=empty($contextpage)?$_SERVER["PHP_SELF"]:$contextpage;
-$selectedfields=$form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage);	// This also change content of $arrayfields
-$selectedfields.=(count($arrayofmassactions) ? $form->showCheckAddButtons('checkforselect', 1) : '');
-
-
-$include = '';
-if (! empty($user->rights->holiday->read_all)) $include = 'hierarchyme';		// Can see all
-
-print '<div class="div-table-responsive">';
-print '<table class="tagtable liste'.($moreforfilter?" listwithfilterbefore":"").'">'."\n";
-
-
-// Filters
-print '<tr class="liste_titre_filter">';
-
-if (! empty($arrayfields['cp.ref']['checked']))
-{
-	print '<td class="liste_titre">';
-	print '<input class="flat" size="4" type="text" name="search_ref" value="'.dol_escape_htmltag($search_ref).'">';
-	print '</td>';
-}
-
-if (! empty($arrayfields['cp.fk_user']['checked']))
-{
-	$morefilter = 'AND employee = 1';
-	if (! empty($conf->global->HOLIDAY_FOR_NON_SALARIES_TOO)) $morefilter = '';
-
-	// User
-	$disabled=0;
-	// If into the tab holiday of a user ($id is set in such a case)
-	if ($id && ! GETPOSTISSET('search_employee'))
+	if ($sall)
 	{
-		$search_employee=$id;
-		$disabled=1;
+	    foreach($fieldstosearchall as $key => $val) $fieldstosearchall[$key]=$langs->trans($val);
+	    print '<div class="divsearchfieldfilter">'.$langs->trans("FilterOnInto", $sall) . join(', ', $fieldstosearchall).'</div>';
 	}
 
-	print '<td class="liste_titre maxwidthonsmartphone left">';
-	print $form->select_dolusers($search_employee, "search_employee", 1, "", $disabled, $include, '', 0, 0, 0, $morefilter, 0, '', 'maxwidth200');
-	print '</td>';
-}
+	$moreforfilter='';
 
-// Approver
-if (! empty($arrayfields['cp.fk_validator']['checked']))
-{
-	if ($user->rights->holiday->read_all)
+	$parameters=array();
+	$reshook=$hookmanager->executeHooks('printFieldPreListTitle', $parameters);    // Note that $action and $object may have been modified by hook
+	if (empty($reshook)) $moreforfilter .= $hookmanager->resPrint;
+	else $moreforfilter = $hookmanager->resPrint;
+
+	if (! empty($moreforfilter))
 	{
-	    print '<td class="liste_titre maxwidthonsmartphone left">';
-	    $validator = new UserGroup($db);
-	    $excludefilter=$user->admin?'':'u.rowid <> '.$user->id;
-	    $valideurobjects = $validator->listUsersForGroup($excludefilter);
-	    $valideurarray = array();
-	    foreach($valideurobjects as $val) $valideurarray[$val->id]=$val->id;
-	    print $form->select_dolusers($search_valideur, "search_valideur", 1, "", 0, $valideurarray, '', 0, 0, 0, $morefilter, 0, '', 'maxwidth200');
-	    print '</td>';
+		print '<div class="liste_titre liste_titre_bydiv centpercent">';
+		print $moreforfilter;
+		print '</div>';
 	}
-	else
+
+	$varpage=empty($contextpage)?$_SERVER["PHP_SELF"]:$contextpage;
+	$selectedfields=$form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage);	// This also change content of $arrayfields
+	$selectedfields.=(count($arrayofmassactions) ? $form->showCheckAddButtons('checkforselect', 1) : '');
+
+
+	$include = '';
+	if (! empty($user->rights->holiday->read_all)) $include = 'hierarchyme';		// Can see all
+
+	print '<div class="div-table-responsive">';
+	print '<table class="tagtable liste'.($moreforfilter?" listwithfilterbefore":"").'">'."\n";
+
+
+	// Filters
+	print '<tr class="liste_titre_filter">';
+
+	if (! empty($arrayfields['cp.ref']['checked']))
 	{
-	    print '<td class="liste_titre">&nbsp;</td>';
+		print '<td class="liste_titre">';
+		print '<input class="flat" size="4" type="text" name="search_ref" value="'.dol_escape_htmltag($search_ref).'">';
+		print '</td>';
 	}
-}
 
-// Type
-if (! empty($arrayfields['cp.fk_type']['checked']))
-{
-	print '<td class="liste_titre">';
-	if (empty($mysoc->country_id)) {
-		setEventMessages(null, array($langs->trans("ErrorSetACountryFirst"),$langs->trans("CompanyFoundation")), 'errors');
-	} else {
-		$typeleaves=$holidaystatic->getTypes(1, -1);
-		$arraytypeleaves=array();
-		foreach($typeleaves as $key => $val)
-		{
-			$labeltoshow = ($langs->trans($val['code'])!=$val['code'] ? $langs->trans($val['code']) : $val['label']);
-			//$labeltoshow .= ($val['delay'] > 0 ? ' ('.$langs->trans("NoticePeriod").': '.$val['delay'].' '.$langs->trans("days").')':'');
-			$arraytypeleaves[$val['rowid']]=$labeltoshow;
-		}
-		print $form->selectarray('search_type', $arraytypeleaves, $search_type, 1);
-	}
-	print '</td>';
-}
-
-// Duration
-if (! empty($arrayfields['duration']['checked']))
-{
-	print '<td class="liste_titre">&nbsp;</td>';
-}
-
-// Start date
-if (! empty($arrayfields['cp.date_debut']['checked']))
-{
-	print '<td class="liste_titre center">';
-	print '<input class="flat valignmiddle" type="text" size="1" maxlength="2" name="search_month_start" value="'.dol_escape_htmltag($search_month_start).'">';
-	$formother->select_year($search_year_start, 'search_year_start', 1, $min_year, $max_year);
-	print '</td>';
-}
-
-// End date
-if (! empty($arrayfields['cp.date_fin']['checked']))
-{
-	print '<td class="liste_titre center">';
-	print '<input class="flat valignmiddle" type="text" size="1" maxlength="2" name="search_month_end" value="'.dol_escape_htmltag($search_month_end).'">';
-	$formother->select_year($search_year_end, 'search_year_end', 1, $min_year, $max_year);
-	print '</td>';
-}
-
-// Extra fields
-include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_input.tpl.php';
-// Fields from hook
-$parameters=array('arrayfields'=>$arrayfields);
-$reshook=$hookmanager->executeHooks('printFieldListOption', $parameters);    // Note that $action and $object may have been modified by hook
-print $hookmanager->resPrint;
-
-// Create date
-if (! empty($arrayfields['cp.date_create']['checked']))
-{
-	print '<td class="liste_titre center">';
-	print '<input class="flat valignmiddle" type="text" size="1" maxlength="2" name="search_month_create" value="'.dol_escape_htmltag($search_month_create).'">';
-	$formother->select_year($search_year_create, 'search_year_create', 1, $min_year, 0);
-	print '</td>';
-}
-
-// Create date
-if (! empty($arrayfields['cp.tms']['checked']))
-{
-	print '<td class="liste_titre center">';
-	print '<input class="flat valignmiddle" type="text" size="1" maxlength="2" name="search_month_update" value="'.dol_escape_htmltag($search_month_update).'">';
-	$formother->select_year($search_year_update, 'search_year_update', 1, $min_year, 0);
-	print '</td>';
-}
-
-// Status
-if (! empty($arrayfields['cp.statut']['checked']))
-{
-	print '<td class="liste_titre maxwidthonsmartphone maxwidth200 right">';
-	$object->selectStatutCP($search_statut, 'search_statut');
-	print '</td>';
-}
-
-// Actions
-print '<td class="liste_titre maxwidthsearch">';
-$searchpicto=$form->showFilterButtons();
-print $searchpicto;
-print '</td>';
-
-print "</tr>\n";
-
-print '<tr class="liste_titre">';
-if (! empty($arrayfields['cp.ref']['checked']))                  print_liste_field_titre($arrayfields['cp.ref']['label'],          $_SERVER["PHP_SELF"], "cp.ref", "", $param, '', $sortfield, $sortorder);
-if (! empty($arrayfields['cp.fk_user']['checked']))              print_liste_field_titre($arrayfields['cp.fk_user']['label'],      $_SERVER["PHP_SELF"], "cp.fk_user", "", $param, '', $sortfield, $sortorder);
-if (! empty($arrayfields['cp.fk_validator']['checked']))         print_liste_field_titre($arrayfields['cp.fk_validator']['label'], $_SERVER["PHP_SELF"], "cp.fk_validator", "", $param, '', $sortfield, $sortorder);
-if (! empty($arrayfields['cp.fk_type']['checked']))              print_liste_field_titre($arrayfields['cp.fk_type']['label'],      $_SERVER["PHP_SELF"], '', '', $param, '', $sortfield, $sortorder);
-if (! empty($arrayfields['duration']['checked']))                print_liste_field_titre($arrayfields['duration']['label'],        $_SERVER["PHP_SELF"], '', '', $param, '', $sortfield, $sortorder, 'right ');
-if (! empty($arrayfields['cp.date_debut']['checked']))           print_liste_field_titre($arrayfields['cp.date_debut']['label'],   $_SERVER["PHP_SELF"], "cp.date_debut", "", $param, '', $sortfield, $sortorder, 'center ');
-if (! empty($arrayfields['cp.date_fin']['checked']))             print_liste_field_titre($arrayfields['cp.date_fin']['label'],     $_SERVER["PHP_SELF"], "cp.date_fin", "", $param, '', $sortfield, $sortorder, 'center ');
-// Extra fields
-include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_title.tpl.php';
-// Hook fields
-$parameters=array('arrayfields'=>$arrayfields,'param'=>$param,'sortfield'=>$sortfield,'sortorder'=>$sortorder);
-$reshook=$hookmanager->executeHooks('printFieldListTitle', $parameters);    // Note that $action and $object may have been modified by hook
-print $hookmanager->resPrint;
-if (! empty($arrayfields['cp.date_create']['checked']))          print_liste_field_titre($arrayfields['cp.date_create']['label'], $_SERVER["PHP_SELF"], "cp.date_create", "", $param, '', $sortfield, $sortorder, 'center ');
-if (! empty($arrayfields['cp.tms']['checked']))                  print_liste_field_titre($arrayfields['cp.tms']['label'],   $_SERVER["PHP_SELF"], "cp.tms", "", $param, '', $sortfield, $sortorder, 'center ');
-if (! empty($arrayfields['cp.statut']['checked']))               print_liste_field_titre("Status",       $_SERVER["PHP_SELF"], "cp.statut", "", $param, '', $sortfield, $sortorder, 'right ');
-print_liste_field_titre($selectedfields, $_SERVER["PHP_SELF"], "", '', '', 'align="center"', $sortfield, $sortorder, 'maxwidthsearch ');
-print "</tr>\n";
-
-$listhalfday=array('morning'=>$langs->trans("Morning"),"afternoon"=>$langs->trans("Afternoon"));
-
-
-// If we ask a dedicated card and not allow to see it, we forc on user.
-if ($id && empty($user->rights->holiday->read_all) && ! in_array($id, $childids)) {
-	$langs->load("errors");
-	print '<tr class="oddeven opacitymediuem"><td colspan="10">'.$langs->trans("NotEnoughPermissions").'</td></tr>';
-	$result = 0;
-}
-elseif (! empty($object->holiday) && !empty($mysoc->country_id))
-{
-    // Lines
-    $userstatic = new User($db);
-    $approbatorstatic = new User($db);
-
-	$typeleaves=$object->getTypes(1, -1);
-
-	$i = 0;
-	$totalarray=array();
-	foreach($object->holiday as $infos_CP)
+	if (! empty($arrayfields['cp.fk_user']['checked']))
 	{
-		// Leave request
-		$holidaystatic->id=$infos_CP['rowid'];
-		$holidaystatic->ref=($infos_CP['ref']?$infos_CP['ref']:$infos_CP['rowid']);
+		$morefilter = 'AND employee = 1';
+		if (! empty($conf->global->HOLIDAY_FOR_NON_SALARIES_TOO)) $morefilter = '';
 
 		// User
-		$userstatic->id=$infos_CP['fk_user'];
-		$userstatic->lastname=$infos_CP['user_lastname'];
-		$userstatic->firstname=$infos_CP['user_firstname'];
-		$userstatic->login=$infos_CP['user_login'];
-		$userstatic->statut=$infos_CP['user_statut'];
-		$userstatic->photo=$infos_CP['user_photo'];
-
-		// Validator
-		$approbatorstatic->id=$infos_CP['fk_validator'];
-		$approbatorstatic->lastname=$infos_CP['validator_lastname'];
-		$approbatorstatic->firstname=$infos_CP['validator_firstname'];
-		$approbatorstatic->login=$infos_CP['validator_login'];
-		$approbatorstatic->statut=$infos_CP['validator_statut'];
-		$approbatorstatic->photo=$infos_CP['validator_photo'];
-
-		$date = $infos_CP['date_create'];
-		$date_modif = $infos_CP['date_update'];
-
-		$starthalfday=($infos_CP['halfday'] == -1 || $infos_CP['halfday'] == 2)?'afternoon':'morning';
-		$endhalfday=($infos_CP['halfday'] == 1 || $infos_CP['halfday'] == 2)?'morning':'afternoon';
-
-		print '<tr class="oddeven">';
-
-		if (! empty($arrayfields['cp.ref']['checked']))
+		$disabled=0;
+		// If into the tab holiday of a user ($id is set in such a case)
+		if ($id && ! GETPOSTISSET('search_employee'))
 		{
-			print '<td>';
-			print $holidaystatic->getNomUrl(1, 1);
-			print '</td>';
-			if (! $i) $totalarray['nbfield']++;
-		}
-		if (! empty($arrayfields['cp.fk_user']['checked']))
-		{
-			print '<td>'.$userstatic->getNomUrl(-1, 'leave').'</td>';
-			if (! $i) $totalarray['nbfield']++;
-		}
-		if (! empty($arrayfields['cp.fk_validator']['checked']))
-		{
-			print '<td>'.$approbatorstatic->getNomUrl(-1).'</td>';
-			if (! $i) $totalarray['nbfield']++;
-		}
-		if (! empty($arrayfields['cp.fk_type']['checked']))
-		{
-			print '<td>';
-			$labeltypeleavetoshow = ($langs->trans($typeleaves[$infos_CP['fk_type']]['code'])!=$typeleaves[$infos_CP['fk_type']]['code'] ? $langs->trans($typeleaves[$infos_CP['fk_type']]['code']) : $typeleaves[$infos_CP['fk_type']]['label']);
-			print empty($typeleaves[$infos_CP['fk_type']]['label']) ? $langs->trans("TypeWasDisabledOrRemoved", $infos_CP['fk_type']) : $labeltypeleavetoshow;
-			print '</td>';
-			if (! $i) $totalarray['nbfield']++;
-		}
-		if (! empty($arrayfields['duration']['checked']))
-		{
-			print '<td class="right">';
-			$nbopenedday=num_open_day($infos_CP['date_debut_gmt'], $infos_CP['date_fin_gmt'], 0, 1, $infos_CP['halfday']);
-			print $nbopenedday.' '.$langs->trans('DurationDays');
-			print '</td>';
-			if (! $i) $totalarray['nbfield']++;
-		}
-		if (! empty($arrayfields['cp.date_debut']['checked']))
-		{
-			print '<td class="center">';
-			print dol_print_date($infos_CP['date_debut'], 'day');
-			print ' <span class="opacitymedium">('.$langs->trans($listhalfday[$starthalfday]).')</span>';
-			print '</td>';
-			if (! $i) $totalarray['nbfield']++;
-		}
-		if (! empty($arrayfields['cp.date_fin']['checked']))
-		{
-			print '<td class="center">';
-			print dol_print_date($infos_CP['date_fin'], 'day');
-			print ' <span class="opacitymedium">('.$langs->trans($listhalfday[$endhalfday]).')</span>';
-			print '</td>';
-			if (! $i) $totalarray['nbfield']++;
+			$search_employee=$id;
+			$disabled=1;
 		}
 
-		// Extra fields
-		include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_print_fields.tpl.php';
-		// Fields from hook
-		$parameters=array('arrayfields'=>$arrayfields, 'obj'=>$obj);
-		$reshook=$hookmanager->executeHooks('printFieldListValue', $parameters);    // Note that $action and $object may have been modified by hook
-		print $hookmanager->resPrint;
-
-		// Date creation
-		if (! empty($arrayfields['cp.date_create']['checked']))
-		{
-			print '<td style="text-align: center;">'.dol_print_date($date, 'day').'</td>';
-			if (! $i) $totalarray['nbfield']++;
-		}
-		if (! empty($arrayfields['cp.tms']['checked']))
-		{
-			print '<td style="text-align: center;">'.dol_print_date($date_modif, 'day').'</td>';
-			if (! $i) $totalarray['nbfield']++;
-		}
-		if (! empty($arrayfields['cp.statut']['checked']))
-		{
-			print '<td class="right nowrap">'.$holidaystatic->LibStatut($infos_CP['statut'], 5).'</td>';
-			if (! $i) $totalarray['nbfield']++;
-		}
-
-	    // Action column
-	    print '<td class="nowrap center">';
-		if ($massactionbutton || $massaction)   // If we are in select mode (massactionbutton defined) or if we have already selected and sent an action ($massaction) defined
-	    {
-		    $selected=0;
-			if (in_array($infos_CP['rowid'], $arrayofselected)) $selected=1;
-			print '<input id="cb'.$infos_CP['rowid'].'" class="flat checkforselect" type="checkbox" name="toselect[]" value="'.$infos_CP['rowid'].'"'.($selected?' checked="checked"':'').'>';
-	    }
+		print '<td class="liste_titre maxwidthonsmartphone left">';
+		print $form->select_dolusers($search_employee, "search_employee", 1, "", $disabled, $include, '', 0, 0, 0, $morefilter, 0, '', 'maxwidth200');
 		print '</td>';
-		if (! $i) $totalarray['nbfield']++;
-
-		print '</tr>'."\n";
-
-		$i++;
 	}
-}
 
-// Si il n'y a pas d'enregistrement suite à une recherche
-if ($result == '2')
-{
-    print '<tr>';
-    print '<td colspan="10" class="opacitymedium">'.$langs->trans('NoRecordFound').'</td>';
-    print '</tr>';
-}
+	// Approver
+	if (! empty($arrayfields['cp.fk_validator']['checked']))
+	{
+		if ($user->rights->holiday->read_all)
+		{
+		    print '<td class="liste_titre maxwidthonsmartphone left">';
+		    $validator = new UserGroup($db);
+		    $excludefilter=$user->admin?'':'u.rowid <> '.$user->id;
+		    $valideurobjects = $validator->listUsersForGroup($excludefilter);
+		    $valideurarray = array();
+		    foreach($valideurobjects as $val) $valideurarray[$val->id]=$val->id;
+		    print $form->select_dolusers($search_valideur, "search_valideur", 1, "", 0, $valideurarray, '', 0, 0, 0, $morefilter, 0, '', 'maxwidth200');
+		    print '</td>';
+		}
+		else
+		{
+		    print '<td class="liste_titre">&nbsp;</td>';
+		}
+	}
 
-print '</table>';
-print '</div>';
+	// Type
+	if (! empty($arrayfields['cp.fk_type']['checked']))
+	{
+		print '<td class="liste_titre">';
+		if (empty($mysoc->country_id)) {
+			setEventMessages(null, array($langs->trans("ErrorSetACountryFirst"),$langs->trans("CompanyFoundation")), 'errors');
+		} else {
+			$typeleaves=$holidaystatic->getTypes(1, -1);
+			$arraytypeleaves=array();
+			foreach($typeleaves as $key => $val)
+			{
+				$labeltoshow = ($langs->trans($val['code'])!=$val['code'] ? $langs->trans($val['code']) : $val['label']);
+				//$labeltoshow .= ($val['delay'] > 0 ? ' ('.$langs->trans("NoticePeriod").': '.$val['delay'].' '.$langs->trans("days").')':'');
+				$arraytypeleaves[$val['rowid']]=$labeltoshow;
+			}
+			print $form->selectarray('search_type', $arraytypeleaves, $search_type, 1);
+		}
+		print '</td>';
+	}
 
-print '</form>';
+	// Duration
+	if (! empty($arrayfields['duration']['checked']))
+	{
+		print '<td class="liste_titre">&nbsp;</td>';
+	}
 
-/*if ($user_id == $user->id)
-{
-	print '<br>';
-	print '<div style="float: right; margin-top: 8px;">';
-	print '<a href="./card.php?action=request" class="butAction">'.$langs->trans('AddCP').'</a>';
+	// Start date
+	if (! empty($arrayfields['cp.date_debut']['checked']))
+	{
+		print '<td class="liste_titre center nowraponall">';
+		print '<input class="flat valignmiddle maxwidth25" type="text" maxlength="2" name="search_month_start" value="'.dol_escape_htmltag($search_month_start).'">';
+		$formother->select_year($search_year_start, 'search_year_start', 1, $min_year, $max_year);
+		print '</td>';
+	}
+
+	// End date
+	if (! empty($arrayfields['cp.date_fin']['checked']))
+	{
+		print '<td class="liste_titre center nowraponall">';
+		print '<input class="flat valignmiddle maxwidth25" type="text" maxlength="2" name="search_month_end" value="'.dol_escape_htmltag($search_month_end).'">';
+		$formother->select_year($search_year_end, 'search_year_end', 1, $min_year, $max_year);
+		print '</td>';
+	}
+
+	// Extra fields
+	include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_input.tpl.php';
+	// Fields from hook
+	$parameters=array('arrayfields'=>$arrayfields);
+	$reshook=$hookmanager->executeHooks('printFieldListOption', $parameters);    // Note that $action and $object may have been modified by hook
+	print $hookmanager->resPrint;
+
+	// Create date
+	if (! empty($arrayfields['cp.date_create']['checked']))
+	{
+		print '<td class="liste_titre center nowraponall">';
+		print '<input class="flat valignmiddle maxwidth25" type="text" maxlength="2" name="search_month_create" value="'.dol_escape_htmltag($search_month_create).'">';
+		$formother->select_year($search_year_create, 'search_year_create', 1, $min_year, 0);
+		print '</td>';
+	}
+
+	// Create date
+	if (! empty($arrayfields['cp.tms']['checked']))
+	{
+		print '<td class="liste_titre center nowraponall">';
+		print '<input class="flat valignmiddle maxwidth25" type="text" maxlength="2" name="search_month_update" value="'.dol_escape_htmltag($search_month_update).'">';
+		$formother->select_year($search_year_update, 'search_year_update', 1, $min_year, 0);
+		print '</td>';
+	}
+
+	// Status
+	if (! empty($arrayfields['cp.statut']['checked']))
+	{
+		print '<td class="liste_titre maxwidthonsmartphone maxwidth200 right">';
+		$object->selectStatutCP($search_statut, 'search_statut');
+		print '</td>';
+	}
+
+	// Action column
+	print '<td class="liste_titre maxwidthsearch">';
+	$searchpicto=$form->showFilterButtons();
+	print $searchpicto;
+	print '</td>';
+
+	print "</tr>\n";
+
+	print '<tr class="liste_titre">';
+	if (! empty($arrayfields['cp.ref']['checked']))                  print_liste_field_titre($arrayfields['cp.ref']['label'],          $_SERVER["PHP_SELF"], "cp.ref", "", $param, '', $sortfield, $sortorder);
+	if (! empty($arrayfields['cp.fk_user']['checked']))              print_liste_field_titre($arrayfields['cp.fk_user']['label'],      $_SERVER["PHP_SELF"], "cp.fk_user", "", $param, '', $sortfield, $sortorder);
+	if (! empty($arrayfields['cp.fk_validator']['checked']))         print_liste_field_titre($arrayfields['cp.fk_validator']['label'], $_SERVER["PHP_SELF"], "cp.fk_validator", "", $param, '', $sortfield, $sortorder);
+	if (! empty($arrayfields['cp.fk_type']['checked']))              print_liste_field_titre($arrayfields['cp.fk_type']['label'],      $_SERVER["PHP_SELF"], '', '', $param, '', $sortfield, $sortorder);
+	if (! empty($arrayfields['duration']['checked']))                print_liste_field_titre($arrayfields['duration']['label'],        $_SERVER["PHP_SELF"], '', '', $param, '', $sortfield, $sortorder, 'right ');
+	if (! empty($arrayfields['cp.date_debut']['checked']))           print_liste_field_titre($arrayfields['cp.date_debut']['label'],   $_SERVER["PHP_SELF"], "cp.date_debut", "", $param, '', $sortfield, $sortorder, 'center ');
+	if (! empty($arrayfields['cp.date_fin']['checked']))             print_liste_field_titre($arrayfields['cp.date_fin']['label'],     $_SERVER["PHP_SELF"], "cp.date_fin", "", $param, '', $sortfield, $sortorder, 'center ');
+	// Extra fields
+	include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_title.tpl.php';
+	// Hook fields
+	$parameters=array('arrayfields'=>$arrayfields,'param'=>$param,'sortfield'=>$sortfield,'sortorder'=>$sortorder);
+	$reshook=$hookmanager->executeHooks('printFieldListTitle', $parameters);    // Note that $action and $object may have been modified by hook
+	print $hookmanager->resPrint;
+	if (! empty($arrayfields['cp.date_create']['checked']))          print_liste_field_titre($arrayfields['cp.date_create']['label'], $_SERVER["PHP_SELF"], "cp.date_create", "", $param, '', $sortfield, $sortorder, 'center ');
+	if (! empty($arrayfields['cp.tms']['checked']))                  print_liste_field_titre($arrayfields['cp.tms']['label'],   $_SERVER["PHP_SELF"], "cp.tms", "", $param, '', $sortfield, $sortorder, 'center ');
+	if (! empty($arrayfields['cp.statut']['checked']))               print_liste_field_titre("Status",       $_SERVER["PHP_SELF"], "cp.statut", "", $param, '', $sortfield, $sortorder, 'right ');
+	print_liste_field_titre($selectedfields, $_SERVER["PHP_SELF"], "", '', '', 'align="center"', $sortfield, $sortorder, 'maxwidthsearch ');
+	print "</tr>\n";
+
+	$listhalfday=array('morning'=>$langs->trans("Morning"),"afternoon"=>$langs->trans("Afternoon"));
+
+
+	// If we ask a dedicated card and not allow to see it, we force on user.
+	if ($id && empty($user->rights->holiday->read_all) && ! in_array($id, $childids)) {
+		$langs->load("errors");
+		print '<tr class="oddeven opacitymediuem"><td colspan="10">'.$langs->trans("NotEnoughPermissions").'</td></tr>';
+		$result = 0;
+	}
+	elseif ($num > 0 && !empty($mysoc->country_id))
+	{
+	    // Lines
+	    $userstatic = new User($db);
+	    $approbatorstatic = new User($db);
+
+		$typeleaves=$object->getTypes(1, -1);
+
+		$i = 0;
+		$totalarray=array();
+		while ($i < min($num, $limit))
+		{
+			$obj = $db->fetch_object($resql);
+
+			// Leave request
+			$holidaystatic->id=$obj->rowid;
+			$holidaystatic->ref=($obj->ref?$obj->ref:$obj->rowid);
+
+			// User
+			$userstatic->id=$obj->fk_user;
+			$userstatic->lastname=$obj->user_lastname;
+			$userstatic->firstname=$obj->user_firstname;
+			$userstatic->login=$obj->user_login;
+			$userstatic->statut=$obj->user_statut;
+			$userstatic->photo=$obj->user_photo;
+
+			// Validator
+			$approbatorstatic->id=$obj->fk_validator;
+			$approbatorstatic->lastname=$obj->validator_lastname;
+			$approbatorstatic->firstname=$obj->validator_firstname;
+			$approbatorstatic->login=$obj->validator_login;
+			$approbatorstatic->statut=$obj->validator_statut;
+			$approbatorstatic->photo=$obj->validator_photo;
+
+			$date = $obj->date_create;
+			$date_modif = $obj->date_update;
+
+			$starthalfday=($obj->halfday == -1 || $obj->halfday == 2)?'afternoon':'morning';
+			$endhalfday=($obj->halfday == 1 || $obj->halfday == 2)?'morning':'afternoon';
+
+			print '<tr class="oddeven">';
+
+			if (! empty($arrayfields['cp.ref']['checked']))
+			{
+				print '<td class="nowraponall">';
+				print $holidaystatic->getNomUrl(1, 1);
+				print '</td>';
+				if (! $i) $totalarray['nbfield']++;
+			}
+			if (! empty($arrayfields['cp.fk_user']['checked']))
+			{
+				print '<td>'.$userstatic->getNomUrl(-1, 'leave').'</td>';
+				if (! $i) $totalarray['nbfield']++;
+			}
+			if (! empty($arrayfields['cp.fk_validator']['checked']))
+			{
+				print '<td>'.$approbatorstatic->getNomUrl(-1).'</td>';
+				if (! $i) $totalarray['nbfield']++;
+			}
+			if (! empty($arrayfields['cp.fk_type']['checked']))
+			{
+				print '<td>';
+				$labeltypeleavetoshow = ($langs->trans($typeleaves[$obj->fk_type]['code'])!=$typeleaves[$obj->fk_type]['code'] ? $langs->trans($typeleaves[$obj->fk_type]['code']) : $typeleaves[$obj->fk_type]['label']);
+				print empty($typeleaves[$obj->fk_type]['label']) ? $langs->trans("TypeWasDisabledOrRemoved", $obj->fk_type) : $labeltypeleavetoshow;
+				print '</td>';
+				if (! $i) $totalarray['nbfield']++;
+			}
+			if (! empty($arrayfields['duration']['checked']))
+			{
+				print '<td class="right">';
+				$nbopenedday=num_open_day($db->jdate($obj->date_debut, 1), $db->jdate($obj->date_fin, 1), 0, 1, $obj->halfday);
+				print $nbopenedday.' '.$langs->trans('DurationDays');
+				print '</td>';
+				if (! $i) $totalarray['nbfield']++;
+			}
+			if (! empty($arrayfields['cp.date_debut']['checked']))
+			{
+				print '<td class="center">';
+				print dol_print_date($db->jdate($obj->date_debut), 'day');
+				print ' <span class="opacitymedium">('.$langs->trans($listhalfday[$starthalfday]).')</span>';
+				print '</td>';
+				if (! $i) $totalarray['nbfield']++;
+			}
+			if (! empty($arrayfields['cp.date_fin']['checked']))
+			{
+				print '<td class="center">';
+				print dol_print_date($db->jdate($obj->date_fin), 'day');
+				print ' <span class="opacitymedium">('.$langs->trans($listhalfday[$endhalfday]).')</span>';
+				print '</td>';
+				if (! $i) $totalarray['nbfield']++;
+			}
+
+			// Extra fields
+			include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_print_fields.tpl.php';
+			// Fields from hook
+			$parameters=array('arrayfields'=>$arrayfields, 'obj'=>$obj);
+			$reshook=$hookmanager->executeHooks('printFieldListValue', $parameters);    // Note that $action and $object may have been modified by hook
+			print $hookmanager->resPrint;
+
+			// Date creation
+			if (! empty($arrayfields['cp.date_create']['checked']))
+			{
+				print '<td style="text-align: center;">'.dol_print_date($date, 'dayhour').'</td>';
+				if (! $i) $totalarray['nbfield']++;
+			}
+			if (! empty($arrayfields['cp.tms']['checked']))
+			{
+				print '<td style="text-align: center;">'.dol_print_date($date_modif, 'dayhour').'</td>';
+				if (! $i) $totalarray['nbfield']++;
+			}
+			if (! empty($arrayfields['cp.statut']['checked']))
+			{
+				print '<td class="right nowrap">'.$holidaystatic->LibStatut($obj->statut, 5).'</td>';
+				if (! $i) $totalarray['nbfield']++;
+			}
+
+		    // Action column
+		    print '<td class="nowrap center">';
+			if ($massactionbutton || $massaction)   // If we are in select mode (massactionbutton defined) or if we have already selected and sent an action ($massaction) defined
+		    {
+			    $selected=0;
+				if (in_array($obj->rowid, $arrayofselected)) $selected=1;
+				print '<input id="cb'.$obj->rowid.'" class="flat checkforselect" type="checkbox" name="toselect[]" value="'.$obj->rowid.'"'.($selected?' checked="checked"':'').'>';
+		    }
+			print '</td>';
+			if (! $i) $totalarray['nbfield']++;
+
+			print '</tr>'."\n";
+
+			$i++;
+		}
+	}
+
+	// Si il n'y a pas d'enregistrement suite à une recherche
+	if ($num == 0)
+	{
+		$colspan=1;
+		foreach($arrayfields as $key => $val) { if (! empty($val['checked'])) $colspan++; }
+		print '<tr><td colspan="'.$colspan.'" class="opacitymedium">'.$langs->trans("NoRecordFound").'</td></tr>';
+	}
+
+	print '</table>';
 	print '</div>';
-}*/
+
+	print '</form>';
+}
+else
+{
+	dol_print_error($db);
+}
 
 // End of page
 llxFooter();