From d79340a6325aada703073a2a295e8be27234e1bd Mon Sep 17 00:00:00 2001
From: Marc de Lima Lucio <marc.delimalucio@atm-consulting.fr>
Date: Thu, 17 Oct 2019 09:55:02 +0200
Subject: [PATCH 1/5] FIX: stock replenish: fetching and freeing non existing
 SQL result set

---
 htdocs/product/stock/replenish.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php
index cc7f5d1f2f5..0bd7f95373b 100644
--- a/htdocs/product/stock/replenish.php
+++ b/htdocs/product/stock/replenish.php
@@ -137,7 +137,6 @@ if ($action == 'order' && isset($_POST['valid']))
                 	if ($qty)
                 	{
 	                    //might need some value checks
-	                    $obj = $db->fetch_object($resql);
 	                    $line = new CommandeFournisseurLigne($db);
 	                    $line->qty = $qty;
 	                    $line->fk_product = $idprod;
@@ -176,7 +175,7 @@ if ($action == 'order' && isset($_POST['valid']))
                     $error=$db->lasterror();
                     dol_print_error($db);
                 }
-                $db->free($resql);
+
                 unset($_POST['fourn' . $i]);
             }
             unset($_POST[$i]);

From 373d6d60e7bbf9c0a75df69d5a6c304526788280 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 17 Oct 2019 21:12:18 +0200
Subject: [PATCH 2/5] Add a message

---
 htdocs/filefunc.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/filefunc.inc.php b/htdocs/filefunc.inc.php
index a5d8df20cfc..3c0608c06e2 100644
--- a/htdocs/filefunc.inc.php
+++ b/htdocs/filefunc.inc.php
@@ -164,7 +164,7 @@ if (! defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck))
     	if ($csrfattack)
     	{
     		//print 'NOCSRFCHECK='.defined('NOCSRFCHECK').' REQUEST_METHOD='.$_SERVER['REQUEST_METHOD'].' HTTP_HOST='.$_SERVER['HTTP_HOST'].' HTTP_REFERER='.$_SERVER['HTTP_REFERER'];
-    		print "Access refused by CSRF protection in main.inc.php. Referer of form is outside server that serve the POST.\n";
+    		print "Access refused by CSRF protection in main.inc.php. Referer of form (".$_SERVER['HTTP_REFERER'].") is outside server that serve the POST.\n";
         	print "If you access your server behind a proxy using url rewriting, you might check that all HTTP header is propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file).\n";
     		die;
     	}

From d442134a51d7cbca93605d968ce2aaa18b7fb23c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?=
 <frederic34@users.noreply.github.com>
Date: Thu, 17 Oct 2019 21:15:34 +0200
Subject: [PATCH 3/5] fix cant add bookmark with csrf active

---
 htdocs/bookmarks/bookmarks.lib.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/htdocs/bookmarks/bookmarks.lib.php b/htdocs/bookmarks/bookmarks.lib.php
index 319c44c9d73..f49fd1f93a3 100644
--- a/htdocs/bookmarks/bookmarks.lib.php
+++ b/htdocs/bookmarks/bookmarks.lib.php
@@ -72,6 +72,7 @@ function printBookmarksList($aDb, $aLangs)
 
 		$ret.= '<!-- form with POST method by default, will be replaced with GET for external link by js -->'."\n";
 		$ret.= '<form id="actionbookmark" name="actionbookmark" method="POST" action="">';
+        $ret.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 		$ret.= '<select name="bookmark" id="boxbookmark" class="flat boxcombo vmenusearchselectcombo" alt="Bookmarks">';
 		$ret.= '<option hidden value="listbookmarks" class="optiongrey" selected rel="'.DOL_URL_ROOT.'/bookmarks/list.php">'.$langs->trans('Bookmarks').'</option>';
 	    $ret.= '<option value="listbookmark" class="optionblue" rel="'.dol_escape_htmltag(DOL_URL_ROOT.'/bookmarks/list.php').'" ';

From aeafdae34c87a5c3324abdc87a054907badeefcb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?=
 <frederic34@users.noreply.github.com>
Date: Thu, 17 Oct 2019 22:58:47 +0200
Subject: [PATCH 4/5] Update main.lang

---
 htdocs/langs/en_US/main.lang | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang
index 6efba19536b..c6165925703 100644
--- a/htdocs/langs/en_US/main.lang
+++ b/htdocs/langs/en_US/main.lang
@@ -469,6 +469,7 @@ Category=Tag/category
 By=By
 From=From
 to=to
+To=to
 and=and
 or=or
 Other=Other
@@ -959,4 +960,4 @@ FileSharedViaALink=File shared via a link
 SelectAThirdPartyFirst=Select a third party first...
 YouAreCurrentlyInSandboxMode=You are currently in the %s "sandbox" mode
 Inventory=Inventory
-SeePrivateNote=See private note
\ No newline at end of file
+SeePrivateNote=See private note

From f9c0e63f169ecc68f048251c4116d0594ac9db39 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?=
 <frederic34@users.noreply.github.com>
Date: Thu, 17 Oct 2019 22:59:52 +0200
Subject: [PATCH 5/5] Update main.lang

---
 htdocs/langs/fr_FR/main.lang | 1 +
 1 file changed, 1 insertion(+)

diff --git a/htdocs/langs/fr_FR/main.lang b/htdocs/langs/fr_FR/main.lang
index f17cbaed86c..bbc9dd08ecf 100644
--- a/htdocs/langs/fr_FR/main.lang
+++ b/htdocs/langs/fr_FR/main.lang
@@ -466,6 +466,7 @@ Category=Tag/catégorie
 By=Par
 From=Du
 to=au
+To=à
 and=et
 or=ou
 Other=Autre