From 49982b36accdd8c8c7491b5bd2cc2eb4a5a47733 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 26 Sep 2017 11:55:19 +0200
Subject: [PATCH] FIX #7490

---
 htdocs/compta/facture/list.php                | 13 +++++----
 htdocs/core/actions_massactions.inc.php       | 29 ++++++++++---------
 .../fourn/class/fournisseur.facture.class.php |  2 +-
 htdocs/fourn/facture/list.php                 | 23 +++++++--------
 4 files changed, 33 insertions(+), 34 deletions(-)

diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php
index 3ffd0af9cd3..67ef9c96973 100644
--- a/htdocs/compta/facture/list.php
+++ b/htdocs/compta/facture/list.php
@@ -95,8 +95,10 @@ $month_lim	= GETPOST('month_lim','int');
 $year_lim	= GETPOST('year_lim','int');
 
 $option = GETPOST('option');
-if ($option == 'late') $filter = 'paye:0';
-$filtre	= GETPOST('filtre');
+if ($option == 'late') {
+	$search_status = '1';
+}
+$filtre	= GETPOST('filtre','alpha');
 
 $limit = GETPOST('limit')?GETPOST('limit','int'):$conf->liste_limit;
 $sortfield = GETPOST("sortfield",'alpha');
@@ -386,7 +388,7 @@ if ($search_user > 0)
 $sql.= ' WHERE f.fk_soc = s.rowid';
 $sql.= ' AND f.entity IN ('.getEntity('facture').')';
 if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
-if ($search_product_category > 0) $sql.=" AND cp.fk_categorie = ".$search_product_category;
+if ($search_product_category > 0) $sql.=" AND cp.fk_categorie = ".$db->escape($search_product_category);
 if ($socid > 0) $sql.= ' AND s.rowid = '.$socid;
 if ($userid)
 {
@@ -399,7 +401,7 @@ if ($filtre)
     foreach ($aFilter as $filter)
     {
         $filt = explode(':', $filter);
-        $sql .= ' AND ' . trim($filt[0]) . ' = ' . trim($filt[1]);
+        $sql .= ' AND ' . $db->escape(trim($filt[0])) . ' = ' . $db->escape(trim($filt[1]));
     }
 }
 if ($search_ref) $sql .= natural_search('f.facnumber', $search_ref);
@@ -433,7 +435,7 @@ if ($search_status != '' && $search_status >= 0)
     if ($search_status == '2') $sql.=" AND f.fk_statut = 2";  // payed     Not that some corrupted data may contains f.fk_statut = 1 AND f.paye = 1 (it means payed too but should not happend. If yes, reopen and reclassify billed)
     if ($search_status == '3') $sql.=" AND f.fk_statut = 3";  // abandonned
 }
-if ($search_paymentmode > 0) $sql .= " AND f.fk_mode_reglement = ".$search_paymentmode;
+if ($search_paymentmode > 0) $sql .= " AND f.fk_mode_reglement = ".$db->escape($search_paymentmode);
 if ($month > 0)
 {
     if ($year > 0 && empty($day))
@@ -461,7 +463,6 @@ else if ($year_lim > 0)
 	$sql.= " AND f.date_lim_reglement BETWEEN '".$db->idate(dol_get_first_day($year_lim,1,false))."' AND '".$db->idate(dol_get_last_day($year_lim,12,false))."'";
 }
 if ($option == 'late') $sql.=" AND f.date_lim_reglement < '".$db->idate(dol_now() - $conf->facture->client->warning_delay)."'";
-if ($filter == 'paye:0') $sql.= " AND f.fk_statut = 1";
 if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$search_sale;
 if ($search_user > 0)
 {
diff --git a/htdocs/core/actions_massactions.inc.php b/htdocs/core/actions_massactions.inc.php
index d03fb5df214..6dc6fed25f1 100644
--- a/htdocs/core/actions_massactions.inc.php
+++ b/htdocs/core/actions_massactions.inc.php
@@ -463,22 +463,23 @@ if (! $error && $massaction == "builddoc" && $permtoread && ! GETPOST('button_se
         $outputlangs->setDefaultLang($newlang);
     }
 
-    if(!empty($conf->global->USE_PDFTK_FOR_PDF_CONCAT)) {
+    if(!empty($conf->global->USE_PDFTK_FOR_PDF_CONCAT))
+    {
     	// Create output dir if not exists
-	dol_mkdir($diroutputmassaction);
+		dol_mkdir($diroutputmassaction);
 
-	// Defined name of merged file
-	$filename=strtolower(dol_sanitizeFileName($langs->transnoentities($objectlabel)));
-	$filename=preg_replace('/\s/','_',$filename);
+		// Defined name of merged file
+		$filename=strtolower(dol_sanitizeFileName($langs->transnoentities($objectlabel)));
+		$filename=preg_replace('/\s/','_',$filename);
 
-	// Save merged file
-	if ($filter=='paye:0')
-	{
-	if ($option=='late') $filename.='_'.strtolower(dol_sanitizeFileName($langs->transnoentities("Unpaid"))).'_'.strtolower(dol_sanitizeFileName($langs->transnoentities("Late")));
-	else $filename.='_'.strtolower(dol_sanitizeFileName($langs->transnoentities("Unpaid")));
-	}
-	if ($year) $filename.='_'.$year;
-	if ($month) $filename.='_'.$month;
+		// Save merged file
+	    if (in_array($object->element, array('facture', 'facture_fournisseur')) && $search_status == Facture::STATUS_VALIDATED)
+		{
+			if ($option=='late') $filename.='_'.strtolower(dol_sanitizeFileName($langs->transnoentities("Unpaid"))).'_'.strtolower(dol_sanitizeFileName($langs->transnoentities("Late")));
+			else $filename.='_'.strtolower(dol_sanitizeFileName($langs->transnoentities("Unpaid")));
+		}
+		if ($year) $filename.='_'.$year;
+		if ($month) $filename.='_'.$month;
 
     	if (count($files)>0)
     	{
@@ -546,7 +547,7 @@ if (! $error && $massaction == "builddoc" && $permtoread && ! GETPOST('button_se
 	    $filename=preg_replace('/\s/','_',$filename);
 
 	    // Save merged file
-	    if ($filter=='paye:0')
+	    if (in_array($object->element, array('facture', 'facture_fournisseur')) && $search_status == Facture::STATUS_VALIDATED)
 	    {
 			if ($option=='late') $filename.='_'.strtolower(dol_sanitizeFileName($langs->transnoentities("Unpaid"))).'_'.strtolower(dol_sanitizeFileName($langs->transnoentities("Late")));
 			else $filename.='_'.strtolower(dol_sanitizeFileName($langs->transnoentities("Unpaid")));
diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php
index 6e5e7fce66a..8b573679f82 100644
--- a/htdocs/fourn/class/fournisseur.facture.class.php
+++ b/htdocs/fourn/class/fournisseur.facture.class.php
@@ -1799,7 +1799,7 @@ class FactureFournisseur extends CommonInvoice
 	        $response->warning_delay=$conf->facture->fournisseur->warning_delay/60/60/24;
 	        $response->label=$langs->trans("SupplierBillsToPay");
 
-	        $response->url=DOL_URL_ROOT.'/fourn/facture/list.php?filtre=fac.fk_statut:1,paye:0&mainmenu=accountancy&leftmenu=suppliers_bills';
+	        $response->url=DOL_URL_ROOT.'/fourn/facture/list.php?search_status=1&mainmenu=accountancy&leftmenu=suppliers_bills';
 	        $response->img=img_object($langs->trans("Bills"),"bill");
 
             $facturestatic = new FactureFournisseur($this->db);
diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php
index e4b18202d7b..6d388540053 100644
--- a/htdocs/fourn/facture/list.php
+++ b/htdocs/fourn/facture/list.php
@@ -54,6 +54,7 @@ $massaction=GETPOST('massaction','alpha');
 $show_files=GETPOST('show_files','int');
 $confirm=GETPOST('confirm','alpha');
 $toselect = GETPOST('toselect', 'array');
+$optioncss = GETPOST('optioncss','alpha');
 
 $socid = GETPOST('socid','int');
 
@@ -67,6 +68,11 @@ if ($user->societe_id > 0)
 
 $mode=GETPOST("mode");
 
+$search_all = GETPOST('sall', 'alphanohtml');
+$search_label = GETPOST("search_label","alpha");
+$search_company = GETPOST("search_company","alpha");
+$search_amount_no_tax = GETPOST("search_amount_no_tax","alpha");
+$search_amount_all_tax = GETPOST("search_amount_all_tax","alpha");
 $search_product_category=GETPOST('search_product_category','int');
 $search_ref=GETPOST('sf_ref')?GETPOST('sf_ref','alpha'):GETPOST('search_ref','alpha');
 $search_refsupplier=GETPOST('search_refsupplier','alpha');
@@ -93,20 +99,12 @@ $day_lim	= GETPOST('day_lim','int');
 $month_lim	= GETPOST('month_lim','int');
 $year_lim	= GETPOST('year_lim','int');
 $toselect = GETPOST('toselect', 'array');
-$filter = GETPOST('filtre','alpha');
 
 $option = GETPOST('option');
 if ($option == 'late') {
-	$filter = 'paye:0';
+	$search_status = '1';
 }
-
-$search_all = GETPOST('sall', 'alphanohtml');
-$search_label = GETPOST("search_label","alpha");
-$search_company = GETPOST("search_company","alpha");
-$search_amount_no_tax = GETPOST("search_amount_no_tax","alpha");
-$search_amount_all_tax = GETPOST("search_amount_all_tax","alpha");
-$search_status=GETPOST('search_status','alpha');
-$optioncss = GETPOST('optioncss','alpha');
+$filter = GETPOST('filtre','alpha');
 
 $limit = GETPOST('limit')?GETPOST('limit','int'):$conf->liste_limit;
 $sortfield = GETPOST("sortfield",'alpha');
@@ -348,7 +346,6 @@ else if ($year_lim > 0)
 	$sql.= " AND f.date_lim_reglement BETWEEN '".$db->idate(dol_get_first_day($year_lim,1,false))."' AND '".$db->idate(dol_get_last_day($year_lim,12,false))."'";
 }
 if ($option == 'late') $sql.=" AND f.date_lim_reglement < '".$db->idate(dol_now() - $conf->facture->fournisseur->warning_delay)."'";
-if ($filter == 'paye:0') $sql.= " AND f.fk_statut = 1";
 if ($search_label) $sql .= natural_search('f.libelle', $search_label);
 if ($search_status != '' && $search_status >= 0)
 {
@@ -360,10 +357,10 @@ if ($filter && $filter != -1)
 	foreach ($aFilter as $fil)
 	{
 		$filt = explode(':', $fil);
-		$sql .= ' AND ' . trim($filt[0]) . ' = ' . trim($filt[1]);
+		$sql .= ' AND ' . $db->escape(trim($filt[0])) . ' = ' . $db->escape(trim($filt[1]));
 	}
 }
-if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$search_sale;
+if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$db->escape($search_sale);
 if ($search_user > 0)
 {
     $sql.= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='invoice_supplier' AND tc.source='internal' AND ec.element_id = f.rowid AND ec.fk_socpeople = ".$search_user;