From 3afb57788803afdf18fb97e180ef59c1cf578ea4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?=
 <frederic34@users.noreply.github.com>
Date: Mon, 2 Nov 2020 18:35:39 +0100
Subject: [PATCH 1/2] Update card.php

---
 htdocs/adherents/subscription/card.php | 55 +++++++++++++-------------
 1 file changed, 27 insertions(+), 28 deletions(-)

diff --git a/htdocs/adherents/subscription/card.php b/htdocs/adherents/subscription/card.php
index 6479b5c479f..aead80cd1d0 100644
--- a/htdocs/adherents/subscription/card.php
+++ b/htdocs/adherents/subscription/card.php
@@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2007-2019  Laurent Destailleur     <eldy@users.sourceforge.net>
- * Copyright (C) 2018       Frédéric France         <frederic.france@netlogic.fr>
+ * Copyright (C) 2018-2020  Frédéric France         <frederic.france@netlogic.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -40,10 +40,13 @@ $object = new Subscription($db);
 $errmsg = '';
 
 $action = GETPOST("action", 'alpha');
-$rowid = GETPOST("rowid", "int") ?GETPOST("rowid", "int") : GETPOST("id", "int");
+$rowid = GETPOST("rowid", "int") ? GETPOST("rowid", "int") : GETPOST("id", "int");
 $typeid = GETPOST("typeid", "int");
 $cancel = GETPOST('cancel', 'alpha');
 $confirm = GETPOST('confirm');
+$note = GETPOST('note', 'alpha');
+$typeid = (int) GETPOST('typeid', 'int');
+$amount = GETPOST('amount', 'alpha');
 
 if (!$user->rights->adherent->cotisation->lire)
 	 accessforbidden();
@@ -84,7 +87,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'update' && !$cance
 			} else {
 				$accountline->datev = dol_mktime($_POST['datesubhour'], $_POST['datesubmin'], 0, $_POST['datesubmonth'], $_POST['datesubday'], $_POST['datesubyear']);
 				$accountline->dateo = dol_mktime($_POST['datesubhour'], $_POST['datesubmin'], 0, $_POST['datesubmonth'], $_POST['datesubday'], $_POST['datesubyear']);
-				$accountline->amount = $_POST["amount"];
+				$accountline->amount = $amount;
 				$result = $accountline->update($user);
 				if ($result < 0) {
 					$errmsg = $accountline->error;
@@ -96,9 +99,9 @@ if ($user->rights->adherent->cotisation->creer && $action == 'update' && !$cance
 			// Modify values
 			$object->dateh = dol_mktime($_POST['datesubhour'], $_POST['datesubmin'], 0, $_POST['datesubmonth'], $_POST['datesubday'], $_POST['datesubyear']);
 			$object->datef = dol_mktime($_POST['datesubendhour'], $_POST['datesubendmin'], 0, $_POST['datesubendmonth'], $_POST['datesubendday'], $_POST['datesubendyear']);
-			$object->fk_type = $_POST["typeid"];
-			$object->note = $_POST["note"];
-			$object->amount = $_POST["amount"];
+			$object->fk_type = $typeid;
+			$object->note = $note;
+			$object->amount = $amount;
 			//print 'datef='.$object->datef.' '.$_POST['datesubendday'];
 
 			$result = $object->update($user);
@@ -216,18 +219,16 @@ if ($user->rights->adherent->cotisation->creer && $action == 'edit') {
 	print '<input type="text" class="flat" size="60" name="note" value="'.$object->note.'"></td></tr>';
 
 	// Bank line
-	if (!empty($conf->banque->enabled)) {
-		if ($conf->global->ADHERENT_BANK_USE || $object->fk_bank) {
-			print '<tr><td>'.$langs->trans("BankTransactionLine").'</td><td class="valeur" colspan="2">';
-			if ($object->fk_bank) {
-				$bankline = new AccountLine($db);
-				$result = $bankline->fetch($object->fk_bank);
-				print $bankline->getNomUrl(1, 0, 'showall');
-			} else {
-				print $langs->trans("NoneF");
-			}
-			print '</td></tr>';
+	if (!empty($conf->banque->enabled) && ($conf->global->ADHERENT_BANK_USE || $object->fk_bank)) {
+		print '<tr><td>'.$langs->trans("BankTransactionLine").'</td><td class="valeur" colspan="2">';
+		if ($object->fk_bank) {
+			$bankline = new AccountLine($db);
+			$result = $bankline->fetch($object->fk_bank);
+			print $bankline->getNomUrl(1, 0, 'showall');
+		} else {
+			print $langs->trans("NoneF");
 		}
+		print '</td></tr>';
 	}
 
 	print '</table>';
@@ -316,18 +317,16 @@ if ($rowid && $action != 'edit') {
 	print '<tr><td>'.$langs->trans("Label").'</td><td class="valeur">'.$object->note.'</td></tr>';
 
 	// Bank line
-	if (!empty($conf->banque->enabled)) {
-		if ($conf->global->ADHERENT_BANK_USE || $object->fk_bank) {
-			print '<tr><td>'.$langs->trans("BankTransactionLine").'</td><td class="valeur">';
-			if ($object->fk_bank) {
-				$bankline = new AccountLine($db);
-				$result = $bankline->fetch($object->fk_bank);
-				print $bankline->getNomUrl(1, 0, 'showall');
-			} else {
-				print $langs->trans("NoneF");
-			}
-			print '</td></tr>';
+	if (!empty($conf->banque->enabled) && ($conf->global->ADHERENT_BANK_USE || $object->fk_bank)) {
+		print '<tr><td>'.$langs->trans("BankTransactionLine").'</td><td class="valeur">';
+		if ($object->fk_bank) {
+			$bankline = new AccountLine($db);
+			$result = $bankline->fetch($object->fk_bank);
+			print $bankline->getNomUrl(1, 0, 'showall');
+		} else {
+			print $langs->trans("NoneF");
 		}
+		print '</td></tr>';
 	}
 
 	print "</table>\n";

From f5bdc1db6d1dd38d8af1f0e0df0aefab3ca370d3 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 2 Nov 2020 20:15:03 +0100
Subject: [PATCH 2/2] Update card.php

---
 htdocs/adherents/subscription/card.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/adherents/subscription/card.php b/htdocs/adherents/subscription/card.php
index aead80cd1d0..c97c502abaf 100644
--- a/htdocs/adherents/subscription/card.php
+++ b/htdocs/adherents/subscription/card.php
@@ -46,7 +46,7 @@ $cancel = GETPOST('cancel', 'alpha');
 $confirm = GETPOST('confirm');
 $note = GETPOST('note', 'alpha');
 $typeid = (int) GETPOST('typeid', 'int');
-$amount = GETPOST('amount', 'alpha');
+$amount = price2num(GETPOST('amount', 'alpha'), 'MT');
 
 if (!$user->rights->adherent->cotisation->lire)
 	 accessforbidden();