Merge pull request #3 from Dolibarr/develop

Merge latest changes to fork
2021-05-01 22:53:57 +03:00 · 2021-05-01 22:53:57 +03:00 · 6064321d8b
commit 6064321d8b
parent 721b78dab9 7a986b3e50
14 changed files with 159 additions and 78 deletions
--- a/1
+++ b/1
@ -7,6 +7,7 @@ English Dolibarr ChangeLog

 For users:
 ----------
+NEW: Feature to make inventories
 NEW: Several security issues after a second private bug bounty campaign. 
 NEW: Add a security center page with all information and advices related to the security of your instance 
 NEW: Add a performance center page with all information and advices related to the performance of your instance 
--- a/htdocs/core/lib/files.lib.php
+++ b/htdocs/core/lib/files.lib.php
@ -62,8 +62,10 @@ function dol_dir_list($path, $types = "all", $recursive = 0, $filter = "", $excl
 	global $db, $hookmanager;
 	global $object;

-	dol_syslog("files.lib.php::dol_dir_list path=".$path." types=".$types." recursive=".$recursive." filter=".$filter." excludefilter=".json_encode($excludefilter));
-	//print 'xxx'."files.lib.php::dol_dir_list path=".$path." types=".$types." recursive=".$recursive." filter=".$filter." excludefilter=".json_encode($excludefilter);
+	if ($recursive <= 1) {	// Avoid too verbose log
+		dol_syslog("files.lib.php::dol_dir_list path=".$path." types=".$types." recursive=".$recursive." filter=".$filter." excludefilter=".json_encode($excludefilter));
+		//print 'xxx'."files.lib.php::dol_dir_list path=".$path." types=".$types." recursive=".$recursive." filter=".$filter." excludefilter=".json_encode($excludefilter);
+	}

 	$loaddate = ($mode == 1 || $mode == 2) ?true:false;
 	$loadsize = ($mode == 1 || $mode == 3) ?true:false;
@ -133,7 +135,7 @@ function dol_dir_list($path, $types = "all", $recursive = 0, $filter = "", $excl
 				if ($qualified) {
 					$isdir = is_dir(dol_osencode($path."/".$file));
 					// Check whether this is a file or directory and whether we're interested in that type
-					if ($isdir && (($types == "directories") || ($types == "all") || $recursive)) {
+					if ($isdir && (($types == "directories") || ($types == "all") || $recursive > 0)) {
 						// Add entry into file_list array
 						if (($types == "directories") || ($types == "all")) {
 							if ($loaddate || $sortcriteria == 'date') {
@ -165,10 +167,10 @@ function dol_dir_list($path, $types = "all", $recursive = 0, $filter = "", $excl
 						}

 						// if we're in a directory and we want recursive behavior, call this function again
-						if ($recursive) {
+						if ($recursive > 0) {
 							if (empty($donotfollowsymlinks) || !is_link($path."/".$file)) {
 								//var_dump('eee '. $path."/".$file. ' '.is_dir($path."/".$file).' '.is_link($path."/".$file));
-								$file_list = array_merge($file_list, dol_dir_list($path."/".$file, $types, $recursive, $filter, $excludefilter, $sortcriteria, $sortorder, $mode, $nohook, ($relativename != '' ? $relativename.'/' : '').$file, $donotfollowsymlinks));
+								$file_list = array_merge($file_list, dol_dir_list($path."/".$file, $types, $recursive + 1, $filter, $excludefilter, $sortcriteria, $sortorder, $mode, $nohook, ($relativename != '' ? $relativename.'/' : '').$file, $donotfollowsymlinks));
 							}
 						}
 					} elseif (!$isdir && (($types == "files") || ($types == "all"))) {
--- a/htdocs/core/lib/images.lib.php
+++ b/htdocs/core/lib/images.lib.php
@ -148,10 +148,11 @@ function dol_getImageSize($file, $url = false)
 * 	@param	int		$src_x			Position of croping image in source image (not use if mode=0)
 * 	@param	int		$src_y			Position of croping image in source image (not use if mode=0)
 * 	@param	string	$filetowrite	Path of file to write (overwrite source file if not provided)
+ *  @param	int		$newquality		Value for the new quality of image, for supported format (use 0 for maximum/unchanged).
 *	@return	string                  File name if OK, error message if KO
 *	@see dol_convert_file()
 */
-function dol_imageResizeOrCrop($file, $mode, $newWidth, $newHeight, $src_x = 0, $src_y = 0, $filetowrite = '')
+function dol_imageResizeOrCrop($file, $mode, $newWidth, $newHeight, $src_x = 0, $src_y = 0, $filetowrite = '', $newquality = 0)
 {
 	require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';

@ -234,7 +235,7 @@ function dol_imageResizeOrCrop($file, $mode, $newWidth, $newHeight, $src_x = 0,
 		case 2:	// Jpg
 			$img = imagecreatefromjpeg($filetoread);
 			$extImg = '.jpg';
-			$newquality = 100; // % quality maximum
+			$newquality = ($newquality ? $newquality : '100'); // % quality maximum
 			break;
 		case 3:	// Png
 			$img = imagecreatefrompng($filetoread);
@ -249,7 +250,7 @@ function dol_imageResizeOrCrop($file, $mode, $newWidth, $newHeight, $src_x = 0,
 		case 18: // Webp
 			$img = imagecreatefromwebp($filetoread);
 			$extImg = '.webp';
-			$newquality = '100'; // % quality maximum
+			$newquality = ($newquality ? $newquality : '100'); // % quality maximum
 			break;
 	}

--- a/htdocs/core/tpl/filemanager.tpl.php
+++ b/htdocs/core/tpl/filemanager.tpl.php
@ -71,44 +71,56 @@ print '<div class="inline-block toolbarbutton centpercent">';

 // Toolbar
 if ($permtoadd) {
-	$websitekeyandpageid = (!empty($websitekey) ? '&website='.$websitekey : '').(!empty($pageid) ? '&pageid='.$pageid : '');
-	print '<a href="'.DOL_URL_ROOT.'/ecm/dir_add_card.php?action=create&module='.urlencode($module).$websitekeyandpageid.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?file_manager=1'.$websitekeyandpageid).'" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.dol_escape_htmltag($langs->trans('ECMAddSection')).'">';
+	$websitekeyandpageid = (!empty($websitekey) ? '&website='.urlencode($websitekey) : '').(!empty($pageid) ? '&pageid='.urlencode($pageid) : '');
+	print '<a id="acreatedir" href="'.DOL_URL_ROOT.'/ecm/dir_add_card.php?action=create&module='.urlencode($module).$websitekeyandpageid.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?file_manager=1'.$websitekeyandpageid).'" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.dol_escape_htmltag($langs->trans('ECMAddSection')).'">';
 	print img_picto('', 'folder-plus', '', false, 0, 0, '', 'size15x marginrightonly');
 	print '</a>';
 } else {
-	print '<a href="#" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.$langs->trans("NotAllowed").'">';
+	print '<a id="acreatedir" href="#" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.$langs->trans("NotAllowed").'">';
 	print img_picto('', 'folder-plus', 'disabled', false, 0, 0, '', 'size15x marginrightonly');
 	print '</a>';
 }
 if ($module == 'ecm') {
 	$tmpurl = ((!empty($conf->use_javascript_ajax) && empty($conf->global->MAIN_ECM_DISABLE_JS)) ? '#' : ($_SERVER["PHP_SELF"].'?action=refreshmanual'.($module ? '&amp;module='.$module : '').($section ? '&amp;section='.$section : '')));
-	print '<a href="'.$tmpurl.'" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.dol_escape_htmltag($langs->trans('ReSyncListOfDir')).'">';
+	print '<a id="arefreshbutton" href="'.$tmpurl.'" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.dol_escape_htmltag($langs->trans('ReSyncListOfDir')).'">';
 	print img_picto('', 'refresh', 'id="refreshbutton"', false, 0, 0, '', 'size15x marginrightonly');
 	print '</a>';
 }
 if ($permtoadd && GETPOSTISSET('website')) {	// If on file manager to manage medias of a web site
-	print '<a id="generateimgwebp" href="'.$_SERVER["PHP_SELF"].'?action=confirmconvertimgwebp&website='.$website->ref.'" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.dol_escape_htmltag($langs->trans("GenerateImgWebp")).'">';
-	print img_picto('', 'images', '', false, 0, 0, '', 'size15x flip marginrightonly');
-	print '</a>';
-}
-if ($permtoadd && $module == 'ecm') {	// If on file manager medias in ecm
-	print '<a id="generateimgwebp" href="'.$_SERVER["PHP_SELF"].'?action=confirmconvertimgwebp" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.dol_escape_htmltag($langs->trans("GenerateImgWebp")).'">';
+	print '<a id="agenerateimgwebp" href="'.$_SERVER["PHP_SELF"].'?action=confirmconvertimgwebp&website='.$website->ref.'" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.dol_escape_htmltag($langs->trans("GenerateImgWebp")).'">';
+	print img_picto('', 'images', '', false, 0, 0, '', 'size15x flip marginrightonly');
+	print '</a>';
+} elseif ($permtoadd && $module == 'ecm') {	// If on file manager medias in ecm
+	print '<a id="agenerateimgwebp" href="'.$_SERVER["PHP_SELF"].'?action=confirmconvertimgwebp" class="inline-block valignmiddle toolbarbutton paddingtop" title="'.dol_escape_htmltag($langs->trans("GenerateImgWebp")).'">';
 	print img_picto('', 'images', '', false, 0, 0, '', 'size15x flip marginrightonly');
 	print '</a>';
 }
+
 print "<script>
-$(\"#generateimgwebp\").on(\"click\",function(){
+$('#acreatedir').on('click', function() {
 	try{
-		console.log(\"We click to generate webp image, we set current dir into hidden vars\");
-		section_dir = $(\".directory.expanded\")[$(\".directory.expanded\").length-1].children[0].rel
-		section=$(\".directory.expanded\")[$(\".directory.expanded\").length-1].children[0].id.split('_')[2]
-	}catch{
-		section_dir = '/'
-		section=0
+		section_dir = $('.directory.expanded')[$('.directory.expanded').length-1].children[0].rel;
+		section = $('.directory.expanded')[$('.directory.expanded').length-1].children[0].id.split('_')[2];
+	} catch{
+		section_dir = '/';
+		section = 0;
 	}
-	console.log(\"We add hiden vars in href of button to create webp \");
-	$(\"#generateimgwebp\").attr(\"href\",$(\"#generateimgwebp\").attr(\"href\")+'&section_dir='+section_dir+'&section='+section)
-  })
+	console.log('We click to create a new directory, we set current section_dir='+section_dir+' into href url of button acreatedir');
+	$('#acreatedir').attr('href', $('#acreatedir').attr('href')+'&section_dir='+encodeURI(section_dir)+'&section='+encodeURI(section));
+	console.log($('#acreatedir').attr('href'));
+});
+$('#agenerateimgwebp').on('click', function() {
+	try{
+		section_dir = $('.directory.expanded')[$('.directory.expanded').length-1].children[0].rel;
+		section = $('.directory.expanded')[$('.directory.expanded').length-1].children[0].id.split('_')[2];
+	} catch{
+		section_dir = '/';
+		section = 0;
+	}
+	console.log('We click to generate webp image, we set current section_dir='+section_dir+' into href url of button agenerateimgwebp');
+	$('#agenerateimgwebp').attr('href', $('#agenerateimgwebp').attr('href')+'&section_dir='+encodeURI(section_dir)+'&section='+encodeURI(section));
+	console.log($('#agenerateimgwebp').attr('href'));
+});
 </script>";

 // Start "Add new file" area
@ -157,6 +169,7 @@ if ($action == 'delete_section') {
 }
 // End confirm

+// Ask confirmation to build webp images
 if ($action == 'confirmconvertimgwebp') {
 	$section_dir=GETPOST('section_dir', 'alpha');
 	$section=GETPOST('section', 'alpha');
@ -170,9 +183,10 @@ if ($action == 'confirmconvertimgwebp') {
 	$action = 'file_manager';
 }

+// Duplicate images into .webp
 if ($action == 'convertimgwebp' && $permtoadd) {
 	if ($module == 'medias') {
-		$imagefolder = $conf->website->dir_output.'/'.$websitekey.'/medias/'.dol_sanitizeFileName(GETPOST('section_dir', 'alpha'));
+		$imagefolder = $conf->website->dir_output.'/'.$websitekey.'/medias/'.dol_sanitizePathName(GETPOST('section_dir', 'alpha'));
 	} else {
 		$imagefolder = $conf->ecm->dir_output.'/'.dol_sanitizePathName(GETPOST('section_dir', 'alpha'));
 	}
@ -188,10 +202,13 @@ if ($action == 'convertimgwebp' && $permtoadd) {
 		if (!(substr_compare($filepath, 'webp', -strlen('webp')) === 0)) {
 			if (image_format_supported($filepath) == 1) {
 				$filepathnoext = preg_replace("/\..*/", "", $filepath);
-				$result = dol_imageResizeOrCrop($filepath, 0, 0, 0, 0, 0, $filepathnoext.'.webp');
-				if (!dol_is_file($result)) {
-					$error++;
-					setEventMessages($result, null, 'errors');
+
+				if (! dol_is_file($filepathnoext.'.webp')) {	// If file does not exists yet
+					$result = dol_imageResizeOrCrop($filepath, 0, 0, 0, 0, 0, $filepathnoext.'.webp', 90);
+					if (!dol_is_file($result)) {
+						$error++;
+						setEventMessages($result, null, 'errors');
+					}
 				}
 			}
 		}
@ -213,7 +230,7 @@ if (empty($action) || $action == 'editfile' || $action == 'file_manager' || preg
 	print '<!-- Title for manual directories -->'."\n";
 	print '<tr class="liste_titre">'."\n";
 	print '<th class="liste_titre left">';
-	print '&nbsp;'.$langs->trans("ECMSections");
+	print '<span style="padding-left: 5px; padding-right: 5px;">'.$langs->trans("ECMSections").'</span>';
 	print '</th></tr>';

 	$showonrightsize = '';
@ -224,7 +241,7 @@ if (empty($action) || $action == 'editfile' || $action == 'file_manager' || preg
 	if (!empty($conf->use_javascript_ajax) && empty($conf->global->MAIN_ECM_DISABLE_JS)) {
 		// Show the link to "Root"
 		if ($showroot) {
-			print '<tr><td><div style="padding-left: 5px; padding-right: 5px;"><a href="'.$_SERVER["PHP_SELF"].'?file_manager=1&pageid='.$pageid.'">';
+			print '<tr><td><div style="padding-left: 5px; padding-right: 5px;"><a href="'.$_SERVER["PHP_SELF"].'?file_manager=1'.(!empty($websitekey) ? '&website='.urlencode($websitekey) : '').'&pageid='.urlencode($pageid).'">';
 			if ($module == 'medias') {
 				print $langs->trans("RootOfMedias");
 			} else {
--- a/htdocs/ecm/dir_add_card.php
+++ b/htdocs/ecm/dir_add_card.php
@ -23,6 +23,8 @@
 *	\brief		Main page for ECM section area
 */

+if (! defined('DISABLE_JS_GRAHP')) define('DISABLE_JS_GRAPH', 1);
+
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
 require_once DOL_DOCUMENT_ROOT.'/ecm/class/htmlecm.form.class.php';
@ -124,7 +126,7 @@ if ($action == 'add' && $permtoadd) {
 	}

 	$ref = (string) GETPOST("ref", 'alpha');
-	$label = (string) GETPOST("label", 'alpha');
+	$label = dol_sanitizeFileName(GETPOST("label", 'alpha'));
 	$desc = (string) GETPOST("desc", 'alpha');
 	$catParent = GETPOST("catParent", 'alpha'); // Can be an int (with ECM) or a string (with generic filemanager)
 	if ($catParent == '-1') {
@ -153,8 +155,7 @@ if ($action == 'add' && $permtoadd) {
 				setEventMessages($ecmdir->error, $ecmdir->errors, 'errors');
 				$action = 'create';
 			}
-		} else // For example $module == 'medias'
-		{
+		} else { // For example $module == 'medias'
 			$dirfornewdir = '';
 			if ($module == 'medias') {
 				$dirfornewdir = $conf->medias->multidir_output[$conf->entity];
@ -168,6 +169,7 @@ if ($action == 'add' && $permtoadd) {
 				$fullpathofdir = $dirfornewdir.'/'.($catParent ? $catParent.'/' : '').$label;
 				$result = dol_mkdir($fullpathofdir, DOL_DATA_ROOT);
 				if ($result < 0) {
+					$langs->load("errors");
 					setEventMessages($langs->trans('ErrorFailToCreateDir', $label), null, 'errors');
 					$error++;
 				} else {
--- a/htdocs/ecm/tpl/enablefiletreeajax.tpl.php
+++ b/htdocs/ecm/tpl/enablefiletreeajax.tpl.php
@ -62,7 +62,7 @@ $(document).ready(function() {
 			id=elem.attr('id').substr(12);	// We get id that is 'fmdirlia_id_xxx' (id we want is xxx)
 			rel=elem.attr('rel')
 			console.log("We click on a dir, we call the ajaxdirtree.php with modulepart=<?php echo $module; ?>, param=<?php echo $paramwithoutsection; ?>");
-			console.log("We also save dir name or id into <?php echo $nameforformuserfile ?>_section_... with name section_... id="+id+" rel="+rel);
+			console.log("We also save id and dir name into <?php echo $nameforformuserfile ?>_section_id|dir (vars into form to attach new file in filemanager.tpl.php) with id="+id+" and rel="+rel);
 			jQuery("#<?php echo $nameforformuserfile ?>_section_dir").val(rel);
 			jQuery("#<?php echo $nameforformuserfile ?>_section_id").val(id);
 			jQuery("#section_dir").val(rel);
--- a/htdocs/langs/en_US/ecm.lang
+++ b/htdocs/langs/en_US/ecm.lang
@ -42,6 +42,6 @@ ExtraFieldsEcmFiles=Extrafields Ecm Files
 ExtraFieldsEcmDirectories=Extrafields Ecm Directories
 ECMSetup=ECM Setup
 GenerateImgWebp=Duplicate all images with another version with .webp format
-ConfirmGenerateImgWebp=If you confirm, you will generate an image in .webp format for all images currently into this folder and its subfolder...
+ConfirmGenerateImgWebp=If you confirm, you will generate an image in .webp format for all images currently into this folder (subfolders are not included)...
 ConfirmImgWebpCreation=Confirm all images duplication
 SucessConvertImgWebp=Images successfully duplicated
--- a/htdocs/langs/en_US/main.lang
+++ b/htdocs/langs/en_US/main.lang
@ -1131,3 +1131,4 @@ ConfirmAffectTagQuestion=Are you sure you want to affect tags to the %s selected
 CategTypeNotFound=No tag type found for type of records
 CopiedToClipboard=Copied to clipboard
 InformationOnLinkToContract=This amount is only the total of all the lines of the contract. No notion of time is taken into consideration.
+ConfirmCancel=Are you sure you want to cancel
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@ -1579,7 +1579,7 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr
 				print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jnotify/jquery.jnotify.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
 			}
 			// Chart
-			if (empty($conf->global->MAIN_JS_GRAPH) || $conf->global->MAIN_JS_GRAPH == 'chart') {
+			if ((empty($conf->global->MAIN_JS_GRAPH) || $conf->global->MAIN_JS_GRAPH == 'chart') && !defined('DISABLE_JS_GRAPH')) {
 				print '<script src="'.DOL_URL_ROOT.'/includes/nnnick/chartjs/dist/Chart.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
 			}

--- a/htdocs/product/inventory/card.php
+++ b/htdocs/product/inventory/card.php
@ -398,35 +398,35 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
 		if (empty($reshook)) {
 			// Send
 			if (empty($user->socid)) {
-				print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init#formmailbeforetitle">'.$langs->trans('SendMail').'</a>'."\n";
+				print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init&token='.newToken().'#formmailbeforetitle">'.$langs->trans('SendMail').'</a>'."\n";
 			}

 			// Back to draft
 			if ($object->status == $object::STATUS_VALIDATED) {
 				if ($permissiontoadd) {
-					print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_setdraft&confirm=yes">'.$langs->trans("SetToDraft").'</a>';
+					print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_setdraft&confirm=yes&token='.newToken().'">'.$langs->trans("SetToDraft").'</a>';
 				}
 			}
 			// Back to validate
 			if ($object->status == $object::STATUS_RECORDED) {
 				if ($permissiontoadd) {
-					print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_validate&confirm=yes">'.$langs->trans("ReOpen").'</a>';
+					print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_validate&confirm=yes&token='.newToken().'">'.$langs->trans("ReOpen").'</a>';
 				}
 			}

 			// Modify
 			if ($object->status == $object::STATUS_DRAFT) {
 				if ($permissiontoadd) {
-					print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit">'.$langs->trans("Modify").'</a>'."\n";
+					print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit&token='.newToken().'">'.$langs->trans("Modify").'</a>'."\n";
 				} else {
 					print '<a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans('Modify').'</a>'."\n";
 				}
 			}

 			// Validate
-			if ($object->status == $object::STATUS_DRAFT) {
+			if ($object->status == $object::STATUS_DRAFT || $object->status == $object::STATUS_CANCELED) {
 				if ($permissiontoadd) {
-					print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_validate&confirm=yes">'.$langs->trans("Validate").' ('.$langs->trans("Start").')</a>';
+					print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_validate&confirm=yes&token='.newToken().'">'.$langs->trans("Validate").' ('.$langs->trans("Start").')</a>';
 				}
 			}

@ -438,7 +438,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea

 			// Delete (need delete permission, or if draft, just need create/modify permission)
 			if ($permissiontodelete || ($object->status == $object::STATUS_DRAFT && $permissiontoadd)) {
-				print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=delete&amp;token='.newToken().'">'.$langs->trans('Delete').'</a>'."\n";
+				print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delete&token='.newToken().'">'.$langs->trans('Delete').'</a>'."\n";
 			} else {
 				print '<a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans('Delete').'</a>'."\n";
 			}
--- a/htdocs/product/inventory/class/inventory.class.php
+++ b/htdocs/product/inventory/class/inventory.class.php
@ -619,7 +619,12 @@ class Inventory extends CommonObject
 		$labelStatusShort[self::STATUS_CANCELED] = $langs->trans('Canceled');
 		$labelStatusShort[self::STATUS_RECORDED] = $langs->trans('Closed');

-		return dolGetStatus($labelStatus[$status], $labelStatusShort[$status], '', 'status'.$status, $mode);
+		$statusType = 'status'.$status;
+		if ($status == self::STATUS_RECORDED) {
+			$statusType = 'status5';
+		}
+
+		return dolGetStatus($labelStatus[$status], $labelStatusShort[$status], '', $statusType, $mode);
 	}

 	/**
--- a/htdocs/product/inventory/inventory.php
+++ b/htdocs/product/inventory/inventory.php
@ -160,27 +160,55 @@ if ($action == 'update' && $user->rights->stock->mouvement->creer) {
 	}
 }

-if ($action =='updateinventorylines' && $permissiontoadd) {
+if (($action == 'record' || $action =='updateinventorylines') && $permissiontoadd) {
 	$sql = 'SELECT id.rowid, id.datec as date_creation, id.tms as date_modification, id.fk_inventory, id.fk_warehouse,';
 	$sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated';
 	$sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id';
 	$sql .= ' WHERE id.fk_inventory = '.$object->id;

+	$db->begin();
+
 	$resql = $db->query($sql);
 	if ($resql) {
 		$num = $db->num_rows($resql);
 		$i = 0;
 		$totalarray = array();
+		$inventoryline = new InventoryLine($db);
+
 		while ($i < $num) {
 			$line = $db->fetch_object($resql);
 			$lineid = $line->rowid;
-			$inventoryline = new InventoryLine($db);
-			$inventoryline->fetch($lineid);
-			$inventoryline->qty_view = GETPOST("id_".$inventoryline->id);
-			$inventoryline->update($user);
+
+			if (GETPOST("id_".$lineid, 'alpha') != '') {		// If a value was set ('0' or something else)
+				$qtytoupdate = price2num(GETPOST("id_".$lineid, 'alpha'), 'MS');
+
+				$result = $inventoryline->fetch($lineid);
+				if ($result > 0) {
+					$inventoryline->qty_view = $qtytoupdate;
+					$resultupdate = $inventoryline->update($user);
+				}
+			} else {
+				// Delete record
+				$result = $inventoryline->fetch($lineid);
+				if ($result > 0) {
+					$inventoryline->qty_view = null;
+					$resultupdate = $inventoryline->update($user);
+				}
+			}
+
+			if ($result < 0 || $resultupdate < 0) {
+				$error++;
+			}
+
 			$i++;
 		}
 	}
+
+	if (!$error) {
+		$db->commit();
+	} else {
+		$db->rollback();
+	}
 }

 $parameters = array();
@ -242,6 +270,7 @@ if (empty($reshook)) {
 			$tmp->fk_product = $fk_product;
 			$tmp->batch = $batch;
 			$tmp->datec = $now;
+			$tmp->qty_view = (GETPOST('qtytoadd') != '' ? price2num(GETPOST('qtytoadd', 'MS')) : null);

 			$result = $tmp->create($user);
 			if ($result < 0) {
@ -270,6 +299,23 @@ $help_url = '';
 llxHeader('', $langs->trans('Inventory'), $help_url);


+// Disable button Generate movement if data were not saved
+print '<script type="text/javascript" language="javascript">
+jQuery(document).ready(function() {
+	jQuery(".realqty").keyup(function() {
+		console.log("Disable button idbuttonmakemovementandclose until we save");
+		jQuery("#idbuttonmakemovementandclose").attr(\'disabled\',\'disabled\');
+		jQuery("#idbuttonmakemovementandclose").attr(\'class\',\'butActionRefused\');
+	});
+	jQuery(".realqty").change(function() {
+		console.log("Disable button idbuttonmakemovementandclose until we save");
+		jQuery("#idbuttonmakemovementandclose").attr(\'disabled\',\'disabled\');
+		jQuery("#idbuttonmakemovementandclose").attr(\'class\',\'butActionRefused\');
+	});
+});
+</script>';
+
+
 // Part to show record
 if ($object->id > 0) {
 	$res = $object->fetch_optionals();
@ -411,7 +457,7 @@ if ($object->id > 0) {
 		if (empty($reshook)) {
 			if ($object->status == Inventory::STATUS_DRAFT) {
 				if ($permissiontoadd) {
-					print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=confirm_validate&confirm=yes">'.$langs->trans("Validate").' ('.$langs->trans("Start").')</a>'."\n";
+					print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=confirm_validate&confirm=yes&token='.newToken().'">'.$langs->trans("Validate").' ('.$langs->trans("Start").')</a>'."\n";
 				} else {
 					print '<a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans('Validate').' ('.$langs->trans("Start").')</a>'."\n";
 				}
@ -419,16 +465,14 @@ if ($object->id > 0) {

 			// Save
 			if ($object->status == $object::STATUS_VALIDATED) {
-				if ($object->status == Inventory::STATUS_VALIDATED) {
-					if ($permissiontoadd) {
-						print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=record">'.$langs->trans("MakeMovementsAndClose").'</a>'."\n";
-					} else {
-						print '<a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans('MakeMovementsAndClose').'</a>'."\n";
-					}
+				if ($permissiontoadd) {
+					print '<a class="butAction" id="idbuttonmakemovementandclose" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=record&token='.newToken().'">'.$langs->trans("MakeMovementsAndClose").'</a>'."\n";
+				} else {
+					print '<a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans('MakeMovementsAndClose').'</a>'."\n";
 				}

 				if ($permissiontoadd) {
-					print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=confirm_cancel">'.$langs->trans("Cancel").'</a>'."\n";
+					print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=confirm_cancel&token='.newToken().'">'.$langs->trans("Cancel").'</a>'."\n";
 				}
 			}
 		}
@ -458,14 +502,17 @@ if ($object->id > 0) {

 			print '<script>';
 			print '$( document ).ready(function() {';
-			print ' $("#fillwithexpected").on("click",function fillWithExpected(){
-					  $(".expectedqty").each(function(){
-						var object = $(this)[0];
-						var objecttofill = $("#"+object.id+"_input")[0];
-						objecttofill.value = object.innerText;
+			print '	$("#fillwithexpected").on("click",function fillWithExpected(){
+						$(".expectedqty").each(function(){
+							var object = $(this)[0];
+							var objecttofill = $("#"+object.id+"_input")[0];
+							objecttofill.value = object.innerText;
 						})
 						console.log("Values filled");
-			         });';
+						console.log("Disable button idbuttonmakemovementandclose until we save");
+						jQuery("#idbuttonmakemovementandclose").attr(\'disabled\',\'disabled\');
+						jQuery("#idbuttonmakemovementandclose").attr(\'class\',\'butActionRefused\');
+			        });';
 			print '});';
 			print '</script>';
 		}
@ -553,11 +600,11 @@ if ($object->id > 0) {
 		}
 		print '<td class="right"></td>';
 		print '<td class="center">';
-		print '<input type="submit" class="button paddingright" name="addline" value="'.$langs->trans("Add").'">';
-		//print '<input type="submit" class="button paddingrightonly button-cancel" name="canceladdline" value="'.$langs->trans("Cancel").'">';
+		print '<input type="text" name="qtytoadd" class="maxwidth75" value="">';
 		print '</td>';
 		// Actions
 		print '<td class="center">';
+		print '<input type="submit" class="button paddingright" name="addline" value="'.$langs->trans("Add").'">';
 		print '</td>';
 		print '</tr>';
 	}
@ -617,13 +664,16 @@ if ($object->id > 0) {
 				print '</td>';
 			}

+			// Expected quantity
 			print '<td class="right expectedqty" id="id_'.$obj->rowid.'">';
 			print $obj->qty_stock;
 			print '</td>';
+
+			// Real quantity
 			print '<td class="center">';
 			if ($object->status == $object::STATUS_VALIDATED) {
 				$qty_view = GETPOST("id_".$obj->rowid) ? GETPOST("id_".$obj->rowid) : $obj->qty_view;
-				print '<input type="text" class="maxwidth75 right" name="id_'.$obj->rowid.'" id="id_'.$obj->rowid.'_input" value="'.$qty_view.'">';
+				print '<input type="text" class="maxwidth75 right realqty" name="id_'.$obj->rowid.'" id="id_'.$obj->rowid.'_input" value="'.$qty_view.'">';
 				print '</td>';
 				print '<td class="right">';
 				print '<a class="reposition" href="'.DOL_URL_ROOT.'/product/inventory/inventory.php?id='.$object->id.'&lineid='.$obj->rowid.'&action=deleteline&token='.newToken().'">'.img_delete().'</a>';
@ -644,7 +694,9 @@ if ($object->id > 0) {

 	print '</div>';

-	print '<center><input type="submit" class="button button-save" name="save" value="'.$langs->trans("Save").'"></center>';
+	if ($object->status == $object::STATUS_VALIDATED) {
+		print '<center><input type="submit" class="button button-save" name="save" value="'.$langs->trans("Save").'"></center>';
+	}

 	print '</div>';

--- a/htdocs/theme/eldy/btn.inc.php
+++ b/htdocs/theme/eldy/btn.inc.php
@ -85,9 +85,9 @@ span.butAction, span.butActionDelete {
 	display: inline-block;
 	text-align: center;
 	cursor: pointer;
-	/* color: #fff; */
-	/* background: rgb(<?php echo $colorbackhmenu1 ?>); */
 	color: #444;
+    border: 1px solid transparent;	/* So for buttonRefused with a border, it will not have any flash effect */
+
 	/* border: 1px solid #aaa; */
 	/* border-color: rgba(0, 0, 0, 0.15) rgba(0, 0, 0, 0.15) rgba(0, 0, 0, 0.25); */

@ -161,17 +161,16 @@ span.butActionNewRefused>span.fa, span.butActionNewRefused>span.fa:hover

 	white-space: nowrap !important;
 	cursor: not-allowed !important;
-	margin: 0em <?php echo ($dol_optimize_smallscreen ? '0.6' : '0.9'); ?>em;
-	padding: 0.6em <?php echo ($dol_optimize_smallscreen ? '0.6' : '0.7'); ?>em;
 	font-family: <?php print $fontlist ?> !important;
 	display: inline-block;
 	text-align: center;
 	cursor: pointer;
-	color: #999 !important;
-	border: 1px solid #ccc;
 	box-sizing: border-box;
 	-moz-box-sizing: border-box;
 	-webkit-box-sizing: border-box;
+	color: #999 !important;
+
+	border: 1px solid #ccc;
 }
 .butActionNewRefused, .butActionNewRefused:link, .butActionNewRefused:visited, .butActionNewRefused:hover, .butActionNewRefused:active {
 	text-decoration: none !important;
--- a/htdocs/website/index.php
+++ b/htdocs/website/index.php
@ -26,6 +26,7 @@ define('NOSCANPOSTFORINJECTION', 1);
 define('NOSTYLECHECK', 1);
 define('USEDOLIBARREDITOR', 1);
 define('FORCE_CKEDITOR', 1); // We need CKEditor, even if module is off.
+if (!defined('DISABLE_JS_GRAHP')) define('DISABLE_JS_GRAPH', 1);

 //header('X-XSS-Protection:0');	// Disable XSS filtering protection of some browsers (note: use of Content-Security-Policy is more efficient). Disabled as deprecated.