From 4ee6c1810ef54af0613053cf252fa30fd9e84f9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Doursenaud?= <rdoursenaud@gpcsolutions.fr>
Date: Thu, 11 Jun 2015 10:38:29 +0200
Subject: [PATCH 1/4] FIX #3009: Better filtering to prevent SQL injection

---
 htdocs/product/list.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/product/list.php b/htdocs/product/list.php
index 8212722bf57..b5caf210904 100644
--- a/htdocs/product/list.php
+++ b/htdocs/product/list.php
@@ -49,8 +49,8 @@ $sall=GETPOST("sall");
 $type=GETPOST("type","int");
 $search_sale = GETPOST("search_sale");
 $search_categ = GETPOST("search_categ",'int');
-$tosell = GETPOST("tosell");
-$tobuy = GETPOST("tobuy");
+$tosell = GETPOST("tosell", 'int');
+$tobuy = GETPOST("tobuy", 'int');
 $fourn_id = GETPOST("fourn_id",'int');
 $catid = GETPOST('catid','int');
 

From 5783c185bddfe5bc0d8c89b97319d4de2d55bd89 Mon Sep 17 00:00:00 2001
From: fmarcet <fmarcet@imedia>
Date: Thu, 11 Jun 2015 10:43:12 +0200
Subject: [PATCH 2/4] Fix: Not reading external barcode numeration module

---
 htdocs/product/card.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/htdocs/product/card.php b/htdocs/product/card.php
index 2525e5c3d7b..d28846c059e 100644
--- a/htdocs/product/card.php
+++ b/htdocs/product/card.php
@@ -10,7 +10,7 @@
  * Copyright (C) 2013		Cédric Salvador			<csalvador@gpcsolutions.fr>
  * Copyright (C) 2011-2014	Alexandre Spangaro		<alexandre.spangaro@gmail.com>
  * Copyright (C) 2014		Cédric Gross			<c.gross@kreiz-it.fr>
- * Copyright (C) 2014		Ferran Marcet			<fmarcet@2byte.es>
+ * Copyright (C) 2014-2015	Ferran Marcet			<fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -820,8 +820,13 @@ else
 		if (! empty($conf->barcode->enabled) && ! empty($conf->global->BARCODE_PRODUCT_ADDON_NUM))
 		{
 			$module=strtolower($conf->global->BARCODE_PRODUCT_ADDON_NUM);
-        	$result=dol_include_once('/core/modules/barcode/'.$module.'.php');
-        	if ($result > 0)
+			$dirbarcode=array_merge(array('/core/modules/barcode/'),$conf->modules_parts['barcode']);
+            foreach ($dirbarcode as $dirroot)
+            {
+                $res=dol_include_once($dirroot.$module.'.php');
+                if ($res) break;
+            }
+        	if ($res > 0)
         	{
 				$modBarCodeProduct =new $module();
         	}

From 200eb7b1bbf1d2b0b3b63ac18de7913a674a5aa3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?=
 <marcosgdf@gmail.com>
Date: Fri, 12 Jun 2015 16:27:17 +0200
Subject: [PATCH 3/4] FIX Close bug #2855 Wrong translation key in localtax
 report page

---
 ChangeLog                                | 2 ++
 htdocs/compta/localtax/clients.php       | 2 +-
 htdocs/compta/localtax/quadri_detail.php | 4 ++--
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 31a6c7266a1..ad676e01966 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,8 @@ You may also experience troubles with Mysql 5.5.41 with error "Lost connection"
 Upgrading to any other version or database system is abolutely required BEFORE trying to
 make a Dolibarr upgrade.
 
+***** ChangeLog for 3.7.2 compared to 3.7.* *****
+FIX [ bug #2855 ] Wrong translation key in localtax report page
 
 ***** ChangeLog for 3.7.1 compared to 3.7.* *****
 FIX Bug in the new photo system
diff --git a/htdocs/compta/localtax/clients.php b/htdocs/compta/localtax/clients.php
index 90d6cbe8599..31eaf4375c3 100644
--- a/htdocs/compta/localtax/clients.php
+++ b/htdocs/compta/localtax/clients.php
@@ -109,7 +109,7 @@ $calc=$conf->global->MAIN_INFO_LOCALTAX_CALC.$local;
 if ($conf->global->$calc==0 || $conf->global->$calc==1)	// Calculate on invoice for goods and services
 {
     $nom=$langs->transcountry($local==1?"LT1ReportByCustomersInInputOutputMode":"LT2ReportByCustomersInInputOutputMode",$mysoc->country_code);
-    $calcmode=$calc==0?$langs->trans("CalcModeLT".$local):$langs->trans("CalcModeLT'.$local.'Rec");
+    $calcmode=$calc==0?$langs->trans("CalcModeLT".$local):$langs->trans("CalcModeLT".$local."Rec");
     $calcmode.='<br>('.$langs->trans("TaxModuleSetupToModifyRulesLT",DOL_URL_ROOT.'/admin/company.php').')';
     $period=$form->select_date($date_start,'date_start',0,0,0,'',1,0,1).' - '.$form->select_date($date_end,'date_end',0,0,0,'',1,0,1);
     if (! empty($conf->global->MAIN_MODULE_COMPTABILITE)) $description.='<br>'.$langs->trans("WarningDepositsNotIncluded");
diff --git a/htdocs/compta/localtax/quadri_detail.php b/htdocs/compta/localtax/quadri_detail.php
index 612014ac741..7396c625165 100644
--- a/htdocs/compta/localtax/quadri_detail.php
+++ b/htdocs/compta/localtax/quadri_detail.php
@@ -129,7 +129,7 @@ $calc=$conf->global->MAIN_INFO_LOCALTAX_CALC.$local;
 if ($conf->global->$calc==0 || $conf->global->$calc==1)	// Calculate on invoice for goods and services
 {
     $nom=$langs->trans($local==1?"LT1ReportByQuartersInDueDebtMode":"LT2ReportByQuartersInDueDebtMode");
-    $calcmode=$calc==0?$langs->trans("CalcModeLT".$local):$langs->trans("CalcModeLT'.$local.'Rec");
+    $calcmode=$calc==0?$langs->trans("CalcModeLT".$local):$langs->trans("CalcModeLT".$local."Rec");
     $calcmode.='<br>('.$langs->trans("TaxModuleSetupToModifyRulesLT",DOL_URL_ROOT.'/admin/company.php').')';
     $period=$form->select_date($date_start,'date_start',0,0,0,'',1,0,1).' - '.$form->select_date($date_end,'date_end',0,0,0,'',1,0,1);
     $prevyear=$year_start; $prevquarter=$q;
@@ -161,7 +161,7 @@ if ($conf->global->$calc==0 || $conf->global->$calc==1)	// Calculate on invoice
 if ($conf->global->$calc==2) 	// Invoice for goods, payment for services
 {
     $nom=$langs->trans($local==1?"LT1ReportByQuartersInInputOutputMode":"LT2ReportByQuartersInInputOutputMode");
-    $calcmode=$calc==0?$langs->trans("CalcModeLT".$local):$langs->trans("CalcModeLT'.$local.'Rec");
+    $calcmode=$calc==0?$langs->trans("CalcModeLT".$local):$langs->trans("CalcModeLT".$local."Rec");
     $calcmode.='<br>('.$langs->trans("TaxModuleSetupToModifyRulesLT",DOL_URL_ROOT.'/admin/company.php').')';
     $period=$form->select_date($date_start,'date_start',0,0,0,'',1,0,1).' - '.$form->select_date($date_end,'date_end',0,0,0,'',1,0,1);
     $prevyear=$year_start; $prevquarter=$q;

From f068203a794b37fd41f51b725f9372372fbdc6d7 Mon Sep 17 00:00:00 2001
From: Juanjo Menent <jmenent@2byte.es>
Date: Fri, 12 Jun 2015 21:31:14 +0200
Subject: [PATCH 4/4] Update changelog

---
 ChangeLog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index ad676e01966..092c4d9a207 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,7 +8,7 @@ You may also experience troubles with Mysql 5.5.41 with error "Lost connection"
 Upgrading to any other version or database system is abolutely required BEFORE trying to
 make a Dolibarr upgrade.
 
-***** ChangeLog for 3.7.2 compared to 3.7.* *****
+***** ChangeLog for 3.7.2 compared to 3.7.1 *****
 FIX [ bug #2855 ] Wrong translation key in localtax report page
 
 ***** ChangeLog for 3.7.1 compared to 3.7.* *****