From 86a58def3b659676dd9c7483e05df7d3ddd6faef Mon Sep 17 00:00:00 2001
From: gauthier <gauthier.verdol@atm-consulting.fr>
Date: Wed, 27 Jun 2018 17:13:50 +0200
Subject: [PATCH 1/7] FIX : getEntity project and not projet

---
 htdocs/projet/class/project.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php
index 551bdcb9d5f..d42c67a09dc 100644
--- a/htdocs/projet/class/project.class.php
+++ b/htdocs/projet/class/project.class.php
@@ -1750,7 +1750,7 @@ class Project extends CommonObject
 	    $sql = "SELECT count(p.rowid) as nb";
 	    $sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
 	    $sql.= " WHERE";
-	    $sql.= " p.entity IN (".getEntity('projet').")";
+	    $sql.= " p.entity IN (".getEntity('project').")";
 		if (! $user->rights->projet->all->lire)
 		{
 			$projectsListId = $this->getProjectsAuthorizedForUser($user,0,1);

From d8ca9f2947cc3928bc02b10c5176bd9b3015d08e Mon Sep 17 00:00:00 2001
From: gauthier <gauthier.verdol@atm-consulting.fr>
Date: Wed, 27 Jun 2018 17:26:04 +0200
Subject: [PATCH 2/7] FIX : we must see number of all shared projects

---
 htdocs/projet/class/project.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php
index d42c67a09dc..5dce267d965 100644
--- a/htdocs/projet/class/project.class.php
+++ b/htdocs/projet/class/project.class.php
@@ -1674,7 +1674,7 @@ class Project extends CommonObject
         // For external user, no check is done on company permission because readability is managed by public status of project and assignement.
         //if (! $user->rights->societe->client->voir && ! $socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
         $sql.= " WHERE p.fk_statut = 1";
-        $sql.= " AND p.entity IN (".getEntity('project', 0).')';
+        $sql.= " AND p.entity IN (".getEntity('project').')';
         if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";
         // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser
         //if ($socid || ! $user->rights->societe->client->voir)	$sql.= "  AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";

From 2d13b5b59d4a1db3b0c6ff30493fe57ed09aaa5d Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@capnetworks.com>
Date: Fri, 29 Jun 2018 15:57:34 +0200
Subject: [PATCH 3/7] Fix: broken feature with edit in place

---
 htdocs/core/class/html.form.class.php | 2 +-
 htdocs/core/tpl/notes.tpl.php         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 634071791e3..f782da206da 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -282,7 +282,7 @@ class Form
         $out='';
 
         // Check parameters
-        if ($inputType == 'textarea') $value = dol_nl2br($value);
+        if (preg_match('/^text/',$inputType)) $value = dol_nl2br($value);
         else if (preg_match('/^numeric/',$inputType)) $value = price($value);
         else if ($inputType == 'day' || $inputType == 'datepicker') $value = dol_print_date($value, 'day');
 
diff --git a/htdocs/core/tpl/notes.tpl.php b/htdocs/core/tpl/notes.tpl.php
index da3ad8fb234..7fe5a5b1c77 100644
--- a/htdocs/core/tpl/notes.tpl.php
+++ b/htdocs/core/tpl/notes.tpl.php
@@ -71,7 +71,7 @@ elseif ($module == 'shipping')    		 { $permission=$user->rights->expedition->cr
 elseif ($module == 'product')    		 { $permission=$user->rights->produit->creer;}
 //else dol_print_error('','Bad value '.$module.' for param module');
 
-if (! empty($conf->global->FCKEDITOR_ENABLE_SOCIETE)) $typeofdata='ckeditor:dolibarr_notes:100%:200::1:12:95%';	// Rem: This var is for all notes, not only thirdparties note.
+if (! empty($conf->fckeditor->enabled) && ! empty($conf->global->FCKEDITOR_ENABLE_SOCIETE)) $typeofdata='ckeditor:dolibarr_notes:100%:200::1:12:95%';	// Rem: This var is for all notes, not only thirdparties note.
 else $typeofdata='textarea:12:95%';
 
 ?>

From 41709f07d0aef384723164877395ed081b44b810 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@capnetworks.com>
Date: Fri, 29 Jun 2018 18:18:10 +0200
Subject: [PATCH 4/7] Fix: #9032 Vulnerability

---
 htdocs/install/step1.php | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/htdocs/install/step1.php b/htdocs/install/step1.php
index 14695f914cb..c53a5996a67 100644
--- a/htdocs/install/step1.php
+++ b/htdocs/install/step1.php
@@ -47,16 +47,16 @@ $main_data_dir = GETPOST('main_data_dir') ? GETPOST('main_data_dir') : $main_dir
 // Dolibarr root URL
 $main_url = GETPOST('main_url');
 // Database login informations
-$userroot=GETPOST('db_user_root');
-$passroot=GETPOST('db_pass_root');
+$userroot=GETPOST('db_user_root','aZ09');
+$passroot=GETPOST('db_pass_root');	// FIXME protect for injection
 // Database server
-$db_type=GETPOST('db_type','alpha');
-$db_host=GETPOST('db_host','alpha');
-$db_name=GETPOST('db_name','alpha');
-$db_user=GETPOST('db_user','alpha');
-$db_pass=GETPOST('db_pass');
+$db_type=GETPOST('db_type','aZ09');
+$db_host=GETPOST('db_host','aZ09');
+$db_name=GETPOST('db_name','aZ09');
+$db_user=GETPOST('db_user','aZ09');
+$db_pass=GETPOST('db_pass');		// FIXME protect for injection
 $db_port=GETPOST('db_port','int');
-$db_prefix=GETPOST('db_prefix','alpha');
+$db_prefix=GETPOST('db_prefix','aZ09');
 $db_create_database = GETPOST('db_create_database','none');
 $db_create_user = GETPOST('db_create_user','none');
 // Force https

From c4143763beb511f2f8dc3d61152c2530956caa05 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 29 Jun 2018 19:23:17 +0200
Subject: [PATCH 5/7] Update step1.php

---
 htdocs/install/step1.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/htdocs/install/step1.php b/htdocs/install/step1.php
index c53a5996a67..ee30534f438 100644
--- a/htdocs/install/step1.php
+++ b/htdocs/install/step1.php
@@ -47,14 +47,14 @@ $main_data_dir = GETPOST('main_data_dir') ? GETPOST('main_data_dir') : $main_dir
 // Dolibarr root URL
 $main_url = GETPOST('main_url');
 // Database login informations
-$userroot=GETPOST('db_user_root','aZ09');
-$passroot=GETPOST('db_pass_root');	// FIXME protect for injection
+$userroot=GETPOST('db_user_root','alpha');
+$passroot=GETPOST('db_pass_root','none');
 // Database server
 $db_type=GETPOST('db_type','aZ09');
-$db_host=GETPOST('db_host','aZ09');
-$db_name=GETPOST('db_name','aZ09');
-$db_user=GETPOST('db_user','aZ09');
-$db_pass=GETPOST('db_pass');		// FIXME protect for injection
+$db_host=GETPOST('db_host','alpha');
+$db_name=GETPOST('db_name','alpha');
+$db_user=GETPOST('db_user','alpha');
+$db_pass=GETPOST('db_pass','none');
 $db_port=GETPOST('db_port','int');
 $db_prefix=GETPOST('db_prefix','aZ09');
 $db_create_database = GETPOST('db_create_database','none');

From 3f2b3c08404ed3b99d038b966ce5ab5d90177f66 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 29 Jun 2018 19:38:12 +0200
Subject: [PATCH 6/7] FIX #9032

---
 htdocs/install/step1.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/install/step1.php b/htdocs/install/step1.php
index ee30534f438..7aab5d2f1a2 100644
--- a/htdocs/install/step1.php
+++ b/htdocs/install/step1.php
@@ -52,7 +52,7 @@ $passroot=GETPOST('db_pass_root','none');
 // Database server
 $db_type=GETPOST('db_type','aZ09');
 $db_host=GETPOST('db_host','alpha');
-$db_name=GETPOST('db_name','alpha');
+$db_name=GETPOST('db_name','aZ09');
 $db_user=GETPOST('db_user','alpha');
 $db_pass=GETPOST('db_pass','none');
 $db_port=GETPOST('db_port','int');

From 9c5d34fc5fbceb030c73ecd31faeffd6d93a5a9d Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 2 Jul 2018 11:47:04 +0200
Subject: [PATCH 7/7] Fix translation

---
 htdocs/core/modules/facture/doc/pdf_crabe.modules.php | 8 ++++----
 htdocs/langs/fr_FR/bills.lang                         | 1 +
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
index 8b316e29dca..0e781044a18 100644
--- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
+++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
@@ -797,10 +797,10 @@ class pdf_crabe extends ModelePDFFactures
 				$y+=3;
 				$obj = $this->db->fetch_object($resql);
 
-				if ($obj->type == 2) $text=$outputlangs->trans("CreditNote");
-				elseif ($obj->type == 3) $text=$outputlangs->trans("Deposit");
-				elseif ($obj->type == 0) $text=$outputlangs->trans("ExcessReceived");
-				else $text=$outputlangs->trans("UnknownType");
+				if ($obj->type == 2) $text=$outputlangs->transnoentities("CreditNote");
+				elseif ($obj->type == 3) $text=$outputlangs->transnoentities("Deposit");
+				elseif ($obj->type == 0) $text=$outputlangs->transnoentities("ExcessReceived");
+				else $text=$outputlangs->transnoentities("UnknownType");
 
 				$invoice->fetch($obj->fk_facture_source);
 
diff --git a/htdocs/langs/fr_FR/bills.lang b/htdocs/langs/fr_FR/bills.lang
index 9f2f21fbe77..1f5c33c2ef9 100644
--- a/htdocs/langs/fr_FR/bills.lang
+++ b/htdocs/langs/fr_FR/bills.lang
@@ -282,6 +282,7 @@ RelativeDiscount=Remise relative
 GlobalDiscount=Ligne de déduction
 CreditNote=Avoir
 CreditNotes=Avoirs
+CreditNotesOrExcessReceived=Avoirs ou trop perçus
 Deposit=Acompte
 Deposits=Acomptes
 DiscountFromCreditNote=Remise issue de l'avoir %s