From 59c4559a781238ac5f6c78507812ef42a9483d8c Mon Sep 17 00:00:00 2001
From: philippe grand <philippe.grand@atoo-net.com>
Date: Wed, 2 Mar 2016 21:13:12 +0100
Subject: [PATCH 1/8] fix : missing translation

---
 htdocs/langs/en_US/admin.lang | 1 +
 1 file changed, 1 insertion(+)

diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index cfb5e9644be..8b1643f84a6 100755
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -783,6 +783,7 @@ Permission2403=Delete actions (events or tasks) linked to his account
 Permission2411=Read actions (events or tasks) of others
 Permission2412=Create/modify actions (events or tasks) of others
 Permission2413=Delete actions (events or tasks) of others
+Permission2414=Export actions/tasks of others
 Permission2501=Read/Download documents
 Permission2502=Download documents
 Permission2503=Submit or delete documents

From 6fd533481225ce81d6ccfc862d2d70961a66e94e Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@capnetworks.com>
Date: Thu, 3 Mar 2016 10:10:55 +0100
Subject: [PATCH 2/8] Fix: compatibility with multicompany transversal mode and
 more security issue

---
 htdocs/societe/commerciaux.php | 40 ++++++++++++++++++++--------------
 1 file changed, 24 insertions(+), 16 deletions(-)

diff --git a/htdocs/societe/commerciaux.php b/htdocs/societe/commerciaux.php
index 498257ea496..245626752e4 100644
--- a/htdocs/societe/commerciaux.php
+++ b/htdocs/societe/commerciaux.php
@@ -33,7 +33,7 @@ $langs->load("suppliers");
 $langs->load("banks");
 
 // Security check
-$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$socid = GETPOST('socid', 'int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe','','');
 
@@ -43,7 +43,7 @@ $hookmanager->initHooks(array('salesrepresentativescard','globalcard'));
  *	Actions
  */
 
-if($_GET["socid"] && $_GET["commid"])
+if (! empty($socid) && $_GET["commid"])
 {
 	$action = 'add';
 
@@ -51,8 +51,8 @@ if($_GET["socid"] && $_GET["commid"])
 	{
 
 		$soc = new Societe($db);
-		$soc->id = $_GET["socid"];
-		$soc->fetch($_GET["socid"]);
+		$soc->id = $socid;
+		$soc->fetch($socid);
 
 
 		$parameters=array('id'=>$_GET["commid"]);
@@ -61,17 +61,17 @@ if($_GET["socid"] && $_GET["commid"])
 
 		if (empty($reshook)) $soc->add_commercial($user, $_GET["commid"]);
 
-		header("Location: commerciaux.php?socid=".$soc->id);
+		header("Location: ".$_SERVER["PHP_SELF"]."?socid=".$soc->id);
 		exit;
 	}
 	else
 	{
-		header("Location: commerciaux.php?socid=".$_GET["socid"]);
+		header("Location: ".$_SERVER["PHP_SELF"]."?socid=".$socid);
 		exit;
 	}
 }
 
-if($_GET["socid"] && $_GET["delcommid"])
+if (! empty($socid) && $_GET["delcommid"])
 {
 	$action = 'delete';
 
@@ -87,12 +87,12 @@ if($_GET["socid"] && $_GET["delcommid"])
 
 		if (empty($reshook)) $soc->del_commercial($user, $_GET["delcommid"]);
 
-		header("Location: commerciaux.php?socid=".$soc->id);
+		header("Location: ".$_SERVER["PHP_SELF"]."?socid=".$soc->id);
 		exit;
 	}
 	else
 	{
-		header("Location: commerciaux.php?socid=".$_GET["socid"]);
+		header("Location: ".$_SERVER["PHP_SELF"]."?socid=".$socid);
 		exit;
 	}
 }
@@ -107,11 +107,11 @@ llxHeader('',$langs->trans("ThirdParty"),$help_url);
 
 $form = new Form($db);
 
-if ($_GET["socid"])
+if (! empty($socid))
 {
 	$soc = new Societe($db);
-	$soc->id = $_GET["socid"];
-	$result=$soc->fetch($_GET["socid"]);
+	$soc->id = $socid;
+	$result=$soc->fetch($socid);
 
 	$action='view';
 
@@ -190,7 +190,7 @@ if ($_GET["socid"])
 			print '</a>&nbsp;';
 			if ($user->rights->societe->creer)
 			{
-			    print '<a href="commerciaux.php?socid='.$_GET["socid"].'&amp;delcommid='.$obj->rowid.'">';
+			    print '<a href="'.$_SERVER["PHP_SELF"].'?socid='.$soc->id.'&amp;delcommid='.$obj->rowid.'">';
 			    print img_delete();
 			    print '</a>';
 			}
@@ -222,9 +222,17 @@ if ($_GET["socid"])
 		$langs->load("users");
 		$title=$langs->trans("ListOfUsers");
 
-		$sql = "SELECT u.rowid, u.lastname, u.firstname, u.login";
+		$sql = "SELECT DISTINCT u.rowid, u.lastname, u.firstname, u.login";
 		$sql.= " FROM ".MAIN_DB_PREFIX."user as u";
-		$sql.= " WHERE u.entity IN (0,".$conf->entity.")";
+		if (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode))
+		{
+			$sql.= ", ".MAIN_DB_PREFIX."usergroup_user as ug";
+			$sql.= " WHERE (ug.fk_user = u.rowid";
+			$sql.= " AND ug.entity = ".$conf->entity.")";
+			$sql.= " OR u.admin = 1";
+		}
+		else
+			$sql.= " WHERE u.entity IN (0,".$conf->entity.")";
 		if (! empty($conf->global->USER_HIDE_INACTIVE_IN_COMBOBOX)) $sql.= " AND u.statut<>0 ";
 		$sql.= " ORDER BY u.lastname ASC ";
 
@@ -256,7 +264,7 @@ if ($_GET["socid"])
 				print dolGetFirstLastname($obj->firstname, $obj->lastname)."\n";
 				print '</a>';
 				print '</td><td>'.$obj->login.'</td>';
-				print '<td><a href="commerciaux.php?socid='.$_GET["socid"].'&amp;commid='.$obj->rowid.'">'.$langs->trans("Add").'</a></td>';
+				print '<td><a href="'.$_SERVER["PHP_SELF"].'?socid='.$soc->id.'&amp;commid='.$obj->rowid.'">'.$langs->trans("Add").'</a></td>';
 
 				print '</tr>'."\n";
 				$i++;

From 9e80a3794736a219fa8c197481896364e80d01a2 Mon Sep 17 00:00:00 2001
From: philippe grand <philippe.grand@atoo-net.com>
Date: Thu, 3 Mar 2016 15:45:42 +0100
Subject: [PATCH 3/8] fix : missing translation

---
 htdocs/langs/fr_FR/admin.lang | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/langs/fr_FR/admin.lang b/htdocs/langs/fr_FR/admin.lang
index d566f1d3677..48bcac3abdc 100644
--- a/htdocs/langs/fr_FR/admin.lang
+++ b/htdocs/langs/fr_FR/admin.lang
@@ -1660,7 +1660,7 @@ NotSupportedByAllThemes=Fonctionne avec le thème eldy mais n'est pas pris en ch
 BackgroundColor=Couleur de fond
 TopMenuBackgroundColor=Couleur de fond pour le menu Gauche
 LeftMenuBackgroundColor=Couleur de fond pour le menu Gauche
-BackgroundTableTitleColor=Background color for Table title line
+BackgroundTableTitleColor=Couleur de fond pour les titres des lignes des tables
 BackgroundTableLineOddColor=Couleur de fond pour les lignes impaires des tables
 BackgroundTableLineEvenColor=Couleur de fond pour les lignes paires des tales
 MinimumNoticePeriod=Période de préavis minimum (Votre demande de congé doit être faite avant ce délai)

From 74601a0b1d0911445b0bb3593f1b8afff0232a96 Mon Sep 17 00:00:00 2001
From: philippe grand <philippe.grand@atoo-net.com>
Date: Thu, 3 Mar 2016 16:01:50 +0100
Subject: [PATCH 4/8] fix : missing translation

---
 htdocs/langs/en_US/admin.lang | 1 +
 1 file changed, 1 insertion(+)

diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index 8b1643f84a6..55e43d390f1 100755
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -635,6 +635,7 @@ Permission162=Create/modify contracts/subscriptions
 Permission163=Activate a service/subscription of a contract
 Permission164=Disable a service/subscription of a contract
 Permission165=Delete contracts/subscriptions
+Permission167=Export contracts
 Permission171=Read trips and expenses (yours and your subordinates) 
 Permission172=Create/modify trips and expenses
 Permission173=Delete trips and expenses

From 4a3509d35022bed3a9fb6dc53a2c4935e78f19b1 Mon Sep 17 00:00:00 2001
From: philippe grand <philippe.grand@atoo-net.com>
Date: Thu, 3 Mar 2016 16:09:19 +0100
Subject: [PATCH 5/8] fix : missing translation

---
 htdocs/langs/fr_FR/admin.lang | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/langs/fr_FR/admin.lang b/htdocs/langs/fr_FR/admin.lang
index 48bcac3abdc..0837c240c9e 100644
--- a/htdocs/langs/fr_FR/admin.lang
+++ b/htdocs/langs/fr_FR/admin.lang
@@ -772,8 +772,8 @@ Permission20001=Lire les demandes de congé (les vôtres et celle de vos subordo
 Permission20002=Créer/modifier vos demandes de congé
 Permission20003=Supprimer les demandes de congé
 Permission20004=Lire toutes les demandes de congé (même celle des utilisateurs non subordonnés)
-Permission20005=Create/modify leave requests for everybody
-Permission20006=Admin leave requests (setup and update balance)
+Permission20005=Créer/modifier les congés pour tout le monde
+Permission20006=Administration des demandes de congés (configuration et mise à jour du solde)
 Permission23001=Voir les travaux planifiés
 Permission23002=Créer/Modifier des travaux planifiées
 Permission23003=Effacer travail planifié

From 6851c3fdb059f4558f3d580ed10759b5ab596650 Mon Sep 17 00:00:00 2001
From: philippe grand <philippe.grand@atoo-net.com>
Date: Thu, 3 Mar 2016 16:18:07 +0100
Subject: [PATCH 6/8] fix : missing translation

---
 htdocs/langs/en_US/admin.lang | 1 +
 htdocs/langs/fr_FR/admin.lang | 1 +
 2 files changed, 2 insertions(+)

diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index 55e43d390f1..2a8b4b717b1 100755
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -582,6 +582,7 @@ Permission38=Export products
 Permission41=Read projects and tasks (shared project and projects i'm contact for). Can also enter time consumed on assigned tasks (timesheet)
 Permission42=Create/modify projects (shared project and projects i'm contact for)
 Permission44=Delete projects (shared project and projects i'm contact for)
+Permission45=Export projects
 Permission61=Read interventions
 Permission62=Create/modify interventions
 Permission64=Delete interventions
diff --git a/htdocs/langs/fr_FR/admin.lang b/htdocs/langs/fr_FR/admin.lang
index 0837c240c9e..c58c9e3b0ec 100644
--- a/htdocs/langs/fr_FR/admin.lang
+++ b/htdocs/langs/fr_FR/admin.lang
@@ -583,6 +583,7 @@ Permission38=Exporter les produits
 Permission41=Lire les projets et les tâches (projets publiques et projets dont je suis contact). Peut également entrer le temps consommé sur les tâches assignées (feuille de temps)
 Permission42=Créer/modifier les projets et tâches (partagés ou dont je suis contact)
 Permission44=Supprimer les projets et tâches (partagés ou dont je suis contact)
+Permission45=Exporter les projets
 Permission61=Consulter les interventions
 Permission62=Créer/modifier les interventions
 Permission64=Supprimer les interventions

From f9d8aba32568ac52a6478966c372230bcae5c43e Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@capnetworks.com>
Date: Fri, 4 Mar 2016 11:48:46 +0100
Subject: [PATCH 7/8] Fix: wrong modelpdf var name

---
 htdocs/fichinter/card.php | 42 ++++++++++++++++++++++-----------------
 1 file changed, 24 insertions(+), 18 deletions(-)

diff --git a/htdocs/fichinter/card.php b/htdocs/fichinter/card.php
index 4aab3a99573..bada34e924c 100644
--- a/htdocs/fichinter/card.php
+++ b/htdocs/fichinter/card.php
@@ -116,17 +116,20 @@ if (empty($reshook))
 
 		if ($result >= 0)
 		{
-			// Define output language
-			$outputlangs = $langs;
-			$newlang='';
-			if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha');
-			if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
-			if (! empty($newlang))
+			if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE))
 			{
-				$outputlangs = new Translate("",$conf);
-				$outputlangs->setDefaultLang($newlang);
+				// Define output language
+				$outputlangs = $langs;
+				$newlang='';
+				if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha');
+				if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
+				if (! empty($newlang))
+				{
+					$outputlangs = new Translate("",$conf);
+					$outputlangs->setDefaultLang($newlang);
+				}
+				$result=fichinter_create($db, $object, (!GETPOST('model','alpha'))?$object->modelpdf:GETPOST('model','alpha'), $outputlangs);
 			}
-			if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) $result=fichinter_create($db, $object, GETPOST('model','alpha'), $outputlangs);
 
 			header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
 			exit;
@@ -142,17 +145,20 @@ if (empty($reshook))
 		$result = $object->setDraft($user);
 		if ($result >= 0)
 		{
-			// Define output language
-			$outputlangs = $langs;
-			$newlang='';
-			if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha');
-			if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
-			if (! empty($newlang))
+			if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE))
 			{
-				$outputlangs = new Translate("",$conf);
-				$outputlangs->setDefaultLang($newlang);
+				// Define output language
+				$outputlangs = $langs;
+				$newlang='';
+				if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha');
+				if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
+				if (! empty($newlang))
+				{
+					$outputlangs = new Translate("",$conf);
+					$outputlangs->setDefaultLang($newlang);
+				}
+				$result=fichinter_create($db, $object, (!GETPOST('model','alpha'))?$object->modelpdf:GETPOST('model','alpha'), $outputlangs);
 			}
-			if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) $result=fichinter_create($db, $object, (!GETPOST('model','alpha'))?$object->model:GETPOST('model','apha'), $outputlangs);
 
 			header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
 			exit;

From e03f4b4de98e426046f55cd726f7414ab2ba799e Mon Sep 17 00:00:00 2001
From: phf <phf@atm-consulting.fr>
Date: Fri, 4 Mar 2016 12:21:14 +0100
Subject: [PATCH 8/8] Fix can't send mail to thirdparty contact if no mail
 defined on thirdparty card

---
 htdocs/societe/soc.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/htdocs/societe/soc.php b/htdocs/societe/soc.php
index 4bad452110b..76a2c948636 100644
--- a/htdocs/societe/soc.php
+++ b/htdocs/societe/soc.php
@@ -2366,7 +2366,18 @@ else
 		$reshook=$hookmanager->executeHooks('addMoreActionsButtons',$parameters,$object,$action);    // Note that $action and $object may have been modified by hook
 		if (empty($reshook))
 		{
-	        if (! empty($object->email))
+			$at_least_one_email_contact = false;
+			$TContact = $object->contact_array_objects();
+			foreach ($TContact as &$contact)
+			{
+				if (!empty($contact->email)) 
+				{
+					$at_least_one_email_contact = true;
+					break;
+				}
+			}
+			
+	        if (! empty($object->email) || $at_least_one_email_contact)
 	        {
 	        	$langs->load("mails");
 	        	print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER['PHP_SELF'].'?socid='.$object->id.'&amp;action=presend&amp;mode=init">'.$langs->trans('SendMail').'</a></div>';