From c3fb0fde85e8f787da18f6b0f56aeb45973ee4fe Mon Sep 17 00:00:00 2001
From: Gauthier PC portable 024 <gauthier.verdol@atm-consulting.fr>
Date: Thu, 20 Oct 2022 15:53:03 +0200
Subject: [PATCH 1/4] FIX : we must be able to select only bom of a specific
 product + several fixes on select_bom() function

---
 htdocs/core/class/html.form.class.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 5869a85f3cf..7388da7596e 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -2428,7 +2428,7 @@ class Form
 	 * @param int $forcecombo Force to use combo box
 	 * @return        void|string
 	 */
-	public function select_bom($selected = '', $htmlname = 'bom_id', $limit = 0, $status = 1, $type = 1, $showempty = '1', $morecss = '', $nooutput = '', $forcecombo = 0)
+	public function select_bom($selected = '', $htmlname = 'bom_id', $limit = 0, $status = 1, $type = 0, $showempty = '1', $morecss = '', $nooutput = '', $forcecombo = 0, $TProducts = [])
 	{
 		// phpcs:enable
 		global $conf, $user, $langs, $db;
@@ -2450,8 +2450,9 @@ class Form
 		$sql.= ' FROM '.MAIN_DB_PREFIX.'bom_bom as b';
 		$sql.= ' WHERE b.entity IN ('.getEntity('bom').')';
 		if (!empty($status)) $sql.= ' AND status = '. (int) $status;
-		if (!empty($type)) $sql.= ' AND status = '. (int) $type;
-		if (!empty($limit)) $sql.= 'LIMIT '. (int) $limit;
+		if (!empty($type)) $sql.= ' AND bomtype = '. (int) $type;
+		if(! empty($TProducts)) $sql .= ' AND fk_product IN ('.implode(',', $TProducts).')';
+		if (!empty($limit)) $sql.= ' LIMIT '. (int) $limit;
 		$resql = $db->query($sql);
 		if ($resql) {
 			if ($showempty)	{

From 06646d45409002f31e8bfda104693d3ebf71812e Mon Sep 17 00:00:00 2001
From: Gauthier PC portable 024 <gauthier.verdol@atm-consulting.fr>
Date: Thu, 20 Oct 2022 15:56:32 +0200
Subject: [PATCH 2/4] FIX : php doc

---
 htdocs/core/class/html.form.class.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 7388da7596e..5dd4db65bab 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -2426,6 +2426,7 @@ class Form
 	 * @param string $morecss Add more css on select
 	 * @param string $nooutput No print, return the output into a string
 	 * @param int $forcecombo Force to use combo box
+	 * @param array $TProducts  Add filter on a defined product
 	 * @return        void|string
 	 */
 	public function select_bom($selected = '', $htmlname = 'bom_id', $limit = 0, $status = 1, $type = 0, $showempty = '1', $morecss = '', $nooutput = '', $forcecombo = 0, $TProducts = [])

From 02d9c9897a19573cc5043ca16090e9baac3a1509 Mon Sep 17 00:00:00 2001
From: Gauthier PC portable 024 <gauthier.verdol@atm-consulting.fr>
Date: Thu, 20 Oct 2022 16:27:20 +0200
Subject: [PATCH 3/4] FIX : bug on selected value for select_bom() function

---
 htdocs/core/class/html.form.class.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 5dd4db65bab..564c917ef1a 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -2464,8 +2464,9 @@ class Form
 			while ($obj = $db->fetch_object($resql)) {
 				$product = new Product($db);
 				$res = $product->fetch($obj->fk_product);
-				if ($obj->rowid == $selected) $out .= '<option value="'.$obj->rowid.'" selected>'.$obj->ref.' - '. $product->label .' - '.$obj->label.'</option>';
-				$out .= '<option value="'.$obj->rowid.'">'.$obj->ref.' - '.$product->label .' - '. $obj->label.'</option>';
+				$out .= '<option value="'.$obj->rowid.'"';
+				if ($obj->rowid == $selected) $out .= 'selected';
+				$out .= '>'.$obj->ref.' - '.$product->label .' - '. $obj->label.'</option>';
 			}
 		} else {
 			$error++;

From d9f067eabb17ba32f54c2293a65adb59404672da Mon Sep 17 00:00:00 2001
From: Gauthier PC portable 024 <gauthier.verdol@atm-consulting.fr>
Date: Mon, 24 Oct 2022 09:46:41 +0200
Subject: [PATCH 4/4] FIX : travis & stickler feedbacks

---
 htdocs/core/class/html.form.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 564c917ef1a..5efbdeae8e1 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -2452,7 +2452,7 @@ class Form
 		$sql.= ' WHERE b.entity IN ('.getEntity('bom').')';
 		if (!empty($status)) $sql.= ' AND status = '. (int) $status;
 		if (!empty($type)) $sql.= ' AND bomtype = '. (int) $type;
-		if(! empty($TProducts)) $sql .= ' AND fk_product IN ('.implode(',', $TProducts).')';
+		if (!empty($TProducts)) $sql .= ' AND fk_product IN ('.$this->db->sanitize(implode(',', $TProducts)).')';
 		if (!empty($limit)) $sql.= ' LIMIT '. (int) $limit;
 		$resql = $db->query($sql);
 		if ($resql) {