From 9f7be989c2f4150ec5327a5ae784fe69fb609884 Mon Sep 17 00:00:00 2001
From: Florian Mortgat <florian.mortgat@atm-consulting.fr>
Date: Tue, 6 Jul 2021 17:38:37 +0200
Subject: [PATCH 1/6] FIX 13.0 - fatal - missing inclusion of ajax.lib.php for
 calling `ajax_autocompleter()`

---
 htdocs/core/class/html.form.class.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 945897856f2..1019e9623e4 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -1118,6 +1118,7 @@ class Form
 
 		if (!empty($conf->use_javascript_ajax) && !empty($conf->global->COMPANY_USE_SEARCH_TO_SELECT) && !$forcecombo)
 		{
+			require_once DOL_DOCUMENT_ROOT . '/core/lib/ajax.lib.php';
 			// No immediate load of all database
 			$placeholder = '';
 			if ($selected && empty($selected_input_value))

From 2f250799813e7e4faa65cde9e137b420a6ece1e7 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 7 Jul 2021 14:38:52 +0200
Subject: [PATCH 2/6] Fix CSRF token generation must be fast, can have low
 entropy.

---
 htdocs/main.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 2301ca75161..df61e752f5c 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -420,7 +420,7 @@ if (!defined('NOTOKENRENEWAL')) {
 		if (isset($_SESSION['newtoken'])) $_SESSION['token'] = $_SESSION['newtoken'];
 
 		// Save in $_SESSION['newtoken'] what will be next token. Into forms, we will add param token = $_SESSION['newtoken']
-		$token = dol_hash(uniqid(mt_rand(), true)); // Generates a hash of a random number
+		$token = dol_hash(uniqid(mt_rand(), false), 'md5'); // Generates a hash of a random number. We don't need a secured hash, just a changing random value.
 		$_SESSION['newtoken'] = $token;
 		dol_syslog("NEW TOKEN generated by : " . $_SERVER['PHP_SELF'], LOG_DEBUG);
 	}

From eaa6987e8b6769af55c08868d3f4cc6731c7e167 Mon Sep 17 00:00:00 2001
From: Alexandre SPANGARO <aspangaro.dolibarr@gmail.com>
Date: Thu, 8 Jul 2021 17:15:03 +0200
Subject: [PATCH 3/6] Fix: formconfim if type radio must be :checked to get
 correct value

---
 htdocs/core/class/html.form.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 1019e9623e4..ff6a1a4334a 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -4434,7 +4434,7 @@ class Form
                          			var more = "";
 									var inputvalue;
                          			if ($("input[name=\'" + inputname + "\']").attr("type") == "radio") {
-										inputvalue = $("input[name=\'" + inputname + "\']").val();
+										inputvalue = $("input[name=\'" + inputname + "\']:checked").val();
 									} else {
                          		    	if ($("#" + inputname).attr("type") == "checkbox") { more = ":checked"; }
                          				inputvalue = $("#" + inputname + more).val();

From a44d646946a17b91e002be17d68136075c468a03 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 8 Jul 2021 17:31:41 +0200
Subject: [PATCH 4/6] Fix to allow html content

---
 htdocs/admin/fckeditor.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/admin/fckeditor.php b/htdocs/admin/fckeditor.php
index bc6b0dc33ac..0aed2767048 100644
--- a/htdocs/admin/fckeditor.php
+++ b/htdocs/admin/fckeditor.php
@@ -114,7 +114,7 @@ if (GETPOST('save', 'alpha'))
 		$error++;
 	}
 
-	$fckeditor_test = GETPOST('formtestfield');
+	$fckeditor_test = GETPOST('formtestfield', 'restricthtml');
 	if (!empty($fckeditor_test)) {
 		if (!dolibarr_set_const($db, 'FCKEDITOR_TEST', $fckeditor_test, 'chaine', 0, '', $conf->entity)) {
 			$error++;

From cd215cda17f3e2c41f25de8304f207a13615e8f9 Mon Sep 17 00:00:00 2001
From: Alexandre SPANGARO <aspangaro.dolibarr@gmail.com>
Date: Thu, 8 Jul 2021 21:49:53 +0200
Subject: [PATCH 5/6] FIX Accountancy - if we define a date start, automatic
 binding try to solve old binding

---
 htdocs/accountancy/customer/index.php | 3 +++
 htdocs/accountancy/supplier/index.php | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/htdocs/accountancy/customer/index.php b/htdocs/accountancy/customer/index.php
index 1a5098bda38..943d914a980 100644
--- a/htdocs/accountancy/customer/index.php
+++ b/htdocs/accountancy/customer/index.php
@@ -136,6 +136,9 @@ if ($action == 'validatehistory') {
 	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
 	$sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
 	$sql .= " AND l.product_type <= 2";
+	if (!empty($conf->global->ACCOUNTING_DATE_START_BINDING)) {
+		$sql .= " AND f.datef >= '".$db->idate($conf->global->ACCOUNTING_DATE_START_BINDING)."'";
+	}
 
 	dol_syslog('htdocs/accountancy/customer/index.php');
 	$result = $db->query($sql);
diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php
index 0dbe09fa468..f20c238514a 100644
--- a/htdocs/accountancy/supplier/index.php
+++ b/htdocs/accountancy/supplier/index.php
@@ -133,6 +133,9 @@ if ($action == 'validatehistory') {
 	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_buy_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
 	$sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
 	$sql .= " AND l.product_type <= 2";
+	if (!empty($conf->global->ACCOUNTING_DATE_START_BINDING)) {
+		$sql .= " AND f.datef >= '".$db->idate($conf->global->ACCOUNTING_DATE_START_BINDING)."'";
+	}
 
 	dol_syslog('htdocs/accountancy/supplier/index.php');
 

From be62c2f7f44cd8852f9204301bffbebc7bb814a9 Mon Sep 17 00:00:00 2001
From: Alexandre SPANGARO <aspangaro.dolibarr@gmail.com>
Date: Thu, 8 Jul 2021 22:11:41 +0200
Subject: [PATCH 6/6] FIX Problem of z-index with popup and top menu

---
 htdocs/theme/eldy/global.inc.php | 3 +++
 htdocs/theme/md/style.css.php    | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php
index e5db84f9719..61cddc1f5a8 100644
--- a/htdocs/theme/eldy/global.inc.php
+++ b/htdocs/theme/eldy/global.inc.php
@@ -4108,6 +4108,9 @@ div#card-errors {
 .ui-dialog-content {
 }
 
+.ui-dialog.ui-corner-all.ui-widget.ui-widget-content.ui-front.ui-dialog-buttons.ui-draggable {
+	z-index: 1002 !important;		/* Default 101 with jquery, top menu have a z-index of 1000 */
+}
 
 /* ============================================================================== */
 /* For content of image preview                                                   */
diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php
index 3b690993c5d..0912fe2d38b 100644
--- a/htdocs/theme/md/style.css.php
+++ b/htdocs/theme/md/style.css.php
@@ -4025,6 +4025,9 @@ div#card-errors {
     font-size: <?php print $fontsize; ?>px !important;
 }
 
+.ui-dialog.ui-corner-all.ui-widget.ui-widget-content.ui-front.ui-dialog-buttons.ui-draggable {
+	z-index: 1002 !important;		/* Default 101 with jquery, top menu have a z-index of 1000 */
+}
 
 /* ============================================================================== */
 /* For content of image preview                                                   */