Merge remote-tracking branch 'origin/3.9' into develop

Conflicts:
	htdocs/compta/bank/search.php
	htdocs/user/card.php

htdocs/compta/bank/search.php

@@ -64,6 +64,8 @@ if (dol_strlen($search_dt_start) > 0)
 	$param .= '&search_start_dtmonth=' . GETPOST('search_start_dtmonth', 'int') . '&search_start_dtday=' . GETPOST('search_start_dtday', 'int') . '&search_start_dtyear=' . GETPOST('search_start_dtyear', 'int');
 if (dol_strlen($search_dt_end) > 0)
 	$param .= '&search_end_dtmonth=' . GETPOST('search_end_dtmonth', 'int') . '&search_end_dtday=' . GETPOST('search_end_dtday', 'int') . '&search_end_dtyear=' . GETPOST('search_end_dtyear', 'int');
+if (GETPOST("req_nb")) $param.='&req_nb='.urlencode(GETPOST("req_nb"));
+if (GETPOST("thirdparty")) $param.='&thirdparty='.urlencode(GETPOST("thirdparty"));
 
 $limit = GETPOST('limit')?GETPOST('limit','int'):$conf->liste_limit;
 $sortfield = GETPOST("sortfield",'alpha');
@@ -95,7 +97,7 @@ if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter")) // Both
 $companystatic=new Societe($db);
 $bankaccountstatic=new Account($db);
 
-llxHeader();
+llxHeader('', $langs->trans("BankTransactions"), '', '', 0, 0, array(), array(), $param);
 
 $form = new Form($db);
 $formother = new FormOther($db);
@@ -118,12 +120,10 @@ $sql.= " AND ba.entity IN (".getEntity('bank_account', 1).")";
 if ($search_req_nb)
 {
     $sql.= " AND b.num_chq LIKE '%".$db->escape($search_req_nb)."%'";
-    $param.='&req_nb='.urlencode($search_req_nb);
 }
 if ($search_thirdparty)
 {
     $sql.=" AND s.nom LIKE '%".$db->escape($search_thirdparty)."%'";
-    $param.='&thirdparty='.urlencode($search_thirdparty);
 }
 if ($bid)
 {
@@ -225,16 +225,16 @@ if ($resql)
     print '<td class="liste_titre" align="center">';
     $form->select_types_paiements(empty($type)?'':$type, 'type', '', 2, 0, 1, 8);
     print '</td>';
-    print '<td class="liste_titre"><input type="text" class="flat" name="req_nb" value="'.$search_req_nb.'" size="2"></td>';
+    print '<td class="liste_titre"><input type="text" class="flat" name="req_nb" value="'.dol_escape_htmltag($search_req_nb).'" size="2"></td>';
     print '<td class="liste_titre">';
-	print '<input type="text" class="flat" name="description" size="10" value="'.$description.'">';
+	print '<input type="text" class="flat" name="description" size="10" value="'.dol_escape_htmltag($description).'">';
 	print '</td>';
-    print '<td class="liste_titre"><input type="text" class="flat" name="thirdparty" value="'.$search_thirdparty.'" size="10"></td>';
+    print '<td class="liste_titre"><input type="text" class="flat" name="thirdparty" value="'.dol_escape_htmltag($search_thirdparty).'" size="10"></td>';
 	print '<td class="liste_titre" align="right">';
-	print '<input type="text" class="flat" name="debit" size="4" value="'.$debit.'">';
+	print '<input type="text" class="flat" name="debit" size="4" value="'.dol_escape_htmltag($debit).'">';
 	print '</td>';
 	print '<td class="liste_titre" align="right">';
-	print '<input type="text" class="flat" name="credit" size="4" value="'.$credit.'">';
+	print '<input type="text" class="flat" name="credit" size="4" value="'.dol_escape_htmltag($credit).'">';
 	print '</td>';
 	print '<td></td>';
     print '<td class="liste_titre" align="right">';

htdocs/contact/list.php

@@ -211,7 +211,7 @@ $sql.= " p.rowid as cidp, p.lastname as lastname, p.statut, p.firstname, p.zip,
 $sql.= " p.phone as phone_pro, p.phone_mobile, p.phone_perso, p.fax, p.fk_pays, p.priv, p.datec as date_creation, p.tms as date_update,";
 $sql.= " co.code as country_code";
 // Add fields from extrafields
-foreach ($extrafields->attribute_label as $key => $val) $sql.=",ef.".$key.' as options_'.$key;
+foreach ($extrafields->attribute_label as $key => $val) $sql.=($extrafields->attribute_type[$key] != 'separate' ? ",ef.".$key.' as options_'.$key : '');
 // Add fields from hooks
 $parameters=array();
 $reshook=$hookmanager->executeHooks('printFieldListSelect',$parameters);    // Note that $action and $object may have been modified by hook

htdocs/core/lib/functions.lib.php

@@ -4698,7 +4698,7 @@ function setEventMessage($mesgs, $style='mesgs')
  */
 function setEventMessages($mesg, $mesgs, $style='mesgs')
 {
-	if (! in_array((string) $style, array('mesgs','warnings','errors'))) dol_print_error('','Bad parameter for setEventMessage');
+	if (! in_array((string) $style, array('mesgs','warnings','errors'))) dol_print_error('','Bad parameter style='.$style.' for setEventMessages');
 	if (empty($mesgs)) setEventMessage($mesg, $style);
 	else
 	{

htdocs/langs/en_US/errors.lang

@@ -196,3 +196,4 @@ WarningFeatureDisabledWithDisplayOptimizedForBlindNoJs=Feature disabled when dis
 WarningPaymentDateLowerThanInvoiceDate=Payment date (%s) is earlier than invoice date (%s) for invoice %s. 
 WarningTooManyDataPleaseUseMoreFilters=Too many data (more than %s lines). Please use more filters or set the constant %s to a higher limit. 
 WarningSomeLinesWithNullHourlyRate=Some times were recorded by users when their hourly rate was not defined. A value of 0 was used but this may result in wrong valuation of time spent.
+WarningYourLoginWasModifiedPleaseLogin=Your login was modified. For security purpose you will have to login with your new login before next action.

htdocs/product/list.php

@@ -220,7 +220,7 @@ else
     //$sql.= ' pfp.ref_fourn as ref_supplier, ';
     $sql.= ' MIN(pfp.unitprice) as minsellprice';
 	// Add fields from extrafields
-	foreach ($extrafields->attribute_label as $key => $val) $sql.=",ef.".$key.' as options_'.$key;
+    foreach ($extrafields->attribute_label as $key => $val) $sql.=($extrafields->attribute_type[$key] != 'separate' ? ",ef.".$key.' as options_'.$key : '');
 	// Add fields from hooks
 	$parameters=array();
 	$reshook=$hookmanager->executeHooks('printFieldListSelect',$parameters);    // Note that $action and $object may have been modified by hook
@@ -274,7 +274,7 @@ else
     $sql.= " p.fk_product_type, p.duration, p.tosell, p.tobuy, p.seuil_stock_alerte, p.desiredstock,";
     $sql.= ' p.datec, p.tms';
 	// Add fields from extrafields
-	foreach ($extrafields->attribute_label as $key => $val) $sql.=",ef.".$key;
+    foreach ($extrafields->attribute_label as $key => $val) $sql.=($extrafields->attribute_type[$key] != 'separate' ? ",ef.".$key : '');
 	// Add fields from hooks
 	$parameters=array();
 	$reshook=$hookmanager->executeHooks('printFieldSelect',$parameters);    // Note that $action and $object may have been modified by hook

htdocs/societe/list.php

@@ -350,7 +350,7 @@ if ($search_sale) $sql .= ", sc.fk_soc, sc.fk_user";
 // We'll need these fields in order to filter by categ
 if ($search_categ) $sql .= ", cs.fk_categorie, cs.fk_soc";
 // Add fields from extrafields
-foreach ($extrafields->attribute_label as $key => $val) $sql.=",ef.".$key.' as options_'.$key;
+foreach ($extrafields->attribute_label as $key => $val) $sql.=($extrafields->attribute_type[$key] != 'separate' ? ",ef.".$key.' as options_'.$key : '');
 // Add fields from hooks
 $parameters=array();
 $reshook=$hookmanager->executeHooks('printFieldListSelect',$parameters);    // Note that $action and $object may have been modified by hook

htdocs/societe/soc.php

@@ -5,7 +5,7 @@
  * Copyright (C) 2005       Eric Seigne             <eric.seigne@ryxeo.com>
  * Copyright (C) 2005-2012  Regis Houssin           <regis.houssin@capnetworks.com>
  * Copyright (C) 2008       Patrick Raguin          <patrick.raguin@auguria.net>
- * Copyright (C) 2010-2014  Juanjo Menent           <jmenent@2byte.es>
+ * Copyright (C) 2010-2016  Juanjo Menent           <jmenent@2byte.es>
  * Copyright (C) 2011-2013  Alexandre Spangaro      <aspangaro.dolibarr@gmail.com>
  * Copyright (C) 2015       Jean-François Ferry     <jfefe@aternatik.fr>
  * Copyright (C) 2015       Marcos García           <marcosgdf@gmail.com>
@@ -1219,7 +1219,7 @@ else
             print '<tr>';
             print '<td>'.fieldLabel('AllocateCommercial','commercial_id').'</td>';
             print '<td colspan="3" class="maxwidthonsmartphone">';
-            $form->select_dolusers((! empty($object->commercial_id)?$object->commercial_id:$user->id),'commercial_id',1); // Add current user by default
+            print $form->select_dolusers((! empty($object->commercial_id)?$object->commercial_id:$user->id),'commercial_id',1); // Add current user by default
             print '</td></tr>';
         }
 

htdocs/user/card.php

@@ -483,9 +483,9 @@ if (empty($reshook)) {
 						$login = $_SESSION["dol_login"];
 						if ($login && $login == $object->oldcopy->login && $object->oldcopy->login != $object->login)    // Current user has changed its login
 						{
-						    $error++;
-						    $langs->load("errors");
-						    setEventMessages($langs->transnoentitiesnoconv("ErrorFailedToCreateDir", $dir), $mesgs, 'errors');
+							$error++;
+							$langs->load("errors");
+							setEventMessages($langs->transnoentitiesnoconv("WarningYourLoginWasModifiedPleaseLogin"), null, 'warnings');
 						}
 					}
 					else {

htdocs/user/index.php

@@ -176,7 +176,7 @@ $sql.= " u.tms as date_update, u.datec as date_creation,";
 $sql.= " u2.rowid as id2, u2.login as login2, u2.firstname as firstname2, u2.lastname as lastname2, u2.admin as admin2, u2.fk_soc as fk_soc2, u2.email as email2, u2.gender as gender2, u2.photo as photo2, u2.entity as entity2,";
 $sql.= " s.nom as name, s.canvas";
 // Add fields from extrafields
-foreach ($extrafields->attribute_label as $key => $val) $sql.=",ef.".$key.' as options_'.$key;
+foreach ($extrafields->attribute_label as $key => $val) $sql.=($extrafields->attribute_type[$key] != 'separate' ? ",ef.".$key.' as options_'.$key : '');
 // Add fields from hooks
 $parameters=array();
 $reshook=$hookmanager->executeHooks('printFieldListSelect',$parameters);    // Note that $action and $object may have been modified by hook