From aab9c2e6cacb0ca194d028481645c236be4652f3 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 11 Nov 2021 18:20:31 +0100
Subject: [PATCH 1/3] Fix #yogosha7605

---
 htdocs/core/db/mysqli.class.php  | 5 +++--
 htdocs/core/db/pgsql.class.php   | 5 +++--
 htdocs/core/db/sqlite3.class.php | 5 +++--
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/htdocs/core/db/mysqli.class.php b/htdocs/core/db/mysqli.class.php
index b64ec0708e2..4dd71f0e351 100644
--- a/htdocs/core/db/mysqli.class.php
+++ b/htdocs/core/db/mysqli.class.php
@@ -933,8 +933,9 @@ class DoliDBMysqli extends DoliDB
 	public function DDLDropField($table, $field_name)
 	{
 		// phpcs:enable
-		$sql = "ALTER TABLE ".$table." DROP COLUMN `".$field_name."`";
-		dol_syslog(get_class($this)."::DDLDropField ".$sql, LOG_DEBUG);
+		$tmp_field_name = preg_replace('/[^a-z0-9\.\-\_]/i', '', $field_name);
+
+		$sql = "ALTER TABLE ".$table." DROP COLUMN `".$tmp_field_name."`";
 		if ($this->query($sql)) {
 			return 1;
 		}
diff --git a/htdocs/core/db/pgsql.class.php b/htdocs/core/db/pgsql.class.php
index ac6b8de33f3..7cf0a5d905a 100644
--- a/htdocs/core/db/pgsql.class.php
+++ b/htdocs/core/db/pgsql.class.php
@@ -1240,8 +1240,9 @@ class DoliDBPgsql extends DoliDB
 	public function DDLDropField($table, $field_name)
 	{
 		// phpcs:enable
-		$sql = "ALTER TABLE ".$table." DROP COLUMN ".$field_name;
-		dol_syslog($sql, LOG_DEBUG);
+		$tmp_field_name = preg_replace('/[^a-z0-9\.\-\_]/i', '', $field_name);
+
+		$sql = "ALTER TABLE ".$table." DROP COLUMN ".$tmp_field_name;
 		if (!$this->query($sql)) {
 			$this->error = $this->lasterror();
 			return -1;
diff --git a/htdocs/core/db/sqlite3.class.php b/htdocs/core/db/sqlite3.class.php
index bc01ee7a535..d1d6a4b680a 100644
--- a/htdocs/core/db/sqlite3.class.php
+++ b/htdocs/core/db/sqlite3.class.php
@@ -1120,8 +1120,9 @@ class DoliDBSqlite3 extends DoliDB
 	public function DDLDropField($table, $field_name)
 	{
 		// phpcs:enable
-		$sql = "ALTER TABLE ".$table." DROP COLUMN `".$field_name."`";
-		dol_syslog(get_class($this)."::DDLDropField ".$sql, LOG_DEBUG);
+		$tmp_field_name = preg_replace('/[^a-z0-9\.\-\_]/i', '', $field_name);
+
+		$sql = "ALTER TABLE ".$table." DROP COLUMN `".$tmp_field_name."`";
 		if (!$this->query($sql)) {
 			$this->error = $this->lasterror();
 			return -1;

From a725ffefdd80286502770c9eddfda64d69f30aa4 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 11 Nov 2021 18:30:17 +0100
Subject: [PATCH 2/3] Fix sql error

---
 htdocs/takepos/index.php | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/htdocs/takepos/index.php b/htdocs/takepos/index.php
index 4d729bde2fa..1ec50dd3799 100644
--- a/htdocs/takepos/index.php
+++ b/htdocs/takepos/index.php
@@ -1037,13 +1037,10 @@ if ($conf->global->TAKEPOS_PRINT_METHOD == "receiptprinter") {
 }
 
 $sql = "SELECT rowid, status, entity FROM ".MAIN_DB_PREFIX."pos_cash_fence WHERE";
-$sql .= " entity = ".$conf->entity." AND ";
-<<<<<<< HEAD
+$sql .= " entity = ".((int) $conf->entity)." AND ";
+$sql .= " posnumber = ".((int) $_SESSION["takeposterminal"])." AND ";
 $sql .= " date_creation > '".$db->idate(dol_get_first_hour(dol_now()))."'";
-=======
-$sql .= " posnumber = ".$_SESSION["takeposterminal"]." AND ";
-$sql .= " date(date_creation) = CURDATE()";
->>>>>>> branch '12.0' of git@github.com:Dolibarr/dolibarr.git
+
 $resql = $db->query($sql);
 if ($resql)
 {

From 21c2dba9222913883e3aa46d6ea0af9ef007a64b Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 11 Nov 2021 19:06:55 +0100
Subject: [PATCH 3/3] Fix phpcs

---
 htdocs/compta/facture/card.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php
index d9be7ff3f1c..e01d71a1020 100644
--- a/htdocs/compta/facture/card.php
+++ b/htdocs/compta/facture/card.php
@@ -5118,7 +5118,6 @@ if ($action == 'create') {
 			print ' :</td><td align="right">'.price($retainedWarranty).'</td><td>&nbsp;</td></tr>';
 		}
 	} else { // Credit note
-
 		$resteapayeraffiche = $resteapayer;
 		$cssforamountpaymentcomplete = 'amountpaymentneutral';