From 745acdf313c7bb884c1d37909772247ff1939e6e Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Tue, 22 Mar 2011 11:29:17 +0000
Subject: [PATCH] Fix: missing contactid and socid Fix: missing contact in
 event if no company

---
 htdocs/comm/action/fiche.php |  2 +-
 htdocs/contact/index.php     | 13 ++++++-------
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/htdocs/comm/action/fiche.php b/htdocs/comm/action/fiche.php
index 8a545e3bab5..c3b941685c2 100644
--- a/htdocs/comm/action/fiche.php
+++ b/htdocs/comm/action/fiche.php
@@ -573,7 +573,7 @@ if (GETPOST('action') == 'create')
 	print '</td></tr>';
 
 	// If company is forced, we propose contacts (may be contact is also forced)
-	if (GETPOST("socid") > 0)
+	if (GETPOST("contactid") > 0 || GETPOST("socid") > 0)
 	{
 		print '<tr><td nowrap>'.$langs->trans("ActionOnContact").'</td><td>';
 		$html->select_contacts(GETPOST("socid"),GETPOST('contactid'),'contactid',1,1);
diff --git a/htdocs/contact/index.php b/htdocs/contact/index.php
index 86088cd7c5a..7eea92b2415 100644
--- a/htdocs/contact/index.php
+++ b/htdocs/contact/index.php
@@ -136,19 +136,19 @@ else
 
 if ($search_nom)        // filtre sur le nom
 {
-    $sql .= " AND p.name like '%".addslashes($search_nom)."%'";
+    $sql .= " AND p.name like '%".$db->escape($search_nom)."%'";
 }
 if ($search_prenom)     // filtre sur le prenom
 {
-    $sql .= " AND p.firstname like '%".addslashes($search_prenom)."%'";
+    $sql .= " AND p.firstname like '%".$db->escape($search_prenom)."%'";
 }
 if ($search_societe)    // filtre sur la societe
 {
-    $sql .= " AND s.nom like '%".addslashes($search_societe)."%'";
+    $sql .= " AND s.nom like '%".$db->escape($search_societe)."%'";
 }
 if ($search_email)      // filtre sur l'email
 {
-    $sql .= " AND p.email like '%".addslashes($search_email)."%'";
+    $sql .= " AND p.email like '%".$db->escape($search_email)."%'";
 }
 if ($type == "o")        // filtre sur type
 {
@@ -168,7 +168,7 @@ if ($type == "p")        // filtre sur type
 }
 if ($sall)
 {
-    $sql .= " AND (p.name like '%".addslashes($sall)."%' OR p.firstname like '%".addslashes($sall)."%' OR p.email like '%".addslashes($sall)."%') ";
+    $sql .= " AND (p.name like '%".$db->escape($sall)."%' OR p.firstname like '%".$db->escape($sall)."%' OR p.email like '%".$db->escape($sall)."%') ";
 }
 if ($socid)
 {
@@ -339,8 +339,7 @@ if ($result)
 
         // Links Add action and Export vcard
         print '<td align="right">';
-        $link='<a href="'.DOL_URL_ROOT.'/comm/action/fiche.php?action=create&amp;backtopage=1&amp;contactid='.$cid.'&amp;socid='.$socid.'">'.img_object($langs->trans("AddAction"),"calendar").'</a>';
-        print $link;
+        print '<a href="'.DOL_URL_ROOT.'/comm/action/fiche.php?action=create&amp;backtopage=1&amp;contactid='.$obj->cidp.'&amp;socid='.$obj->socid.'">'.img_object($langs->trans("AddAction"),"calendar").'</a>';
         print ' &nbsp; ';
         print '<a href="'.DOL_URL_ROOT.'/contact/vcard.php?id='.$obj->cidp.'">';
         print img_picto($langs->trans("VCard"),'vcard.png').' ';