From ce677c4f272fbc4fcac7754592ba5566ee9f8cf4 Mon Sep 17 00:00:00 2001
From: lmarcouiller <lucas.marcouiller@gmail.com>
Date: Fri, 30 Apr 2021 14:50:18 +0200
Subject: [PATCH 1/9] Fix #17361 : change of llx_export_model type to
 varchar(64)

---
 htdocs/install/mysql/migration/12.0.0-13.0.0.sql | 1 +
 1 file changed, 1 insertion(+)

diff --git a/htdocs/install/mysql/migration/12.0.0-13.0.0.sql b/htdocs/install/mysql/migration/12.0.0-13.0.0.sql
index bfa8bf01b39..81471e18e4c 100644
--- a/htdocs/install/mysql/migration/12.0.0-13.0.0.sql
+++ b/htdocs/install/mysql/migration/12.0.0-13.0.0.sql
@@ -583,4 +583,5 @@ insert into llx_c_actioncomm (id, code, type, libelle, module, active, position)
 -- VMYSQL4.3 ALTER TABLE llx_accounting_bookkeeping MODIFY COLUMN montant double(24,8) NULL;
 -- VPGSQL8.2 ALTER TABLE llx_accounting_bookkeeping ALTER COLUMN montant DROP NOT NULL;
 
+ALTER TABLE llx_export_model MODIFY COLUMN type varchar(64);
 

From c4e0d8da42696410089d4dca02f611cb60d6ec33 Mon Sep 17 00:00:00 2001
From: Florian HENRY <florian.henry@open-concept.pro>
Date: Tue, 4 May 2021 17:28:20 +0200
Subject: [PATCH 2/9] FIX: merge thirparty also work for bank URL entry

---
 htdocs/compta/bank/class/account.class.php | 22 ++++++++++++++++++++++
 htdocs/societe/card.php                    |  3 ++-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php
index 0002dbcb8ed..c59e768f6dc 100644
--- a/htdocs/compta/bank/class/account.class.php
+++ b/htdocs/compta/bank/class/account.class.php
@@ -1676,6 +1676,28 @@ class Account extends CommonObject
 		$this->owner_address   = 'Owner address';
 		$this->country_id      = 1;
 	}
+
+	/**
+	 * Function used to replace a thirdparty id with another one.
+	 *
+	 * @param DoliDB 	$db 			Database handler
+	 * @param int 		$origin_id 		Old thirdparty id
+	 * @param int 		$dest_id 		New thirdparty id
+	 * @return bool
+	 */
+	public static function replaceThirdparty($db, $origin_id, $dest_id)
+	{
+		$sql = 'UPDATE '.MAIN_DB_PREFIX.'bank_url SET url_id = '.$dest_id.' WHERE url_id = '.$origin_id.' AND type=\'company\'';
+
+		if (!$db->query($sql))
+		{
+			//if ($ignoreerrors) return true; // TODO Not enough. If there is A-B on kept thirdarty and B-C on old one, we must get A-B-C after merge. Not A-B.
+			//$this->errors = $db->lasterror();
+			return false;
+		} else {
+			return true;
+		}
+	}
 }
 
 
diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php
index 66b5f68564e..1fbb1ad6082 100644
--- a/htdocs/societe/card.php
+++ b/htdocs/societe/card.php
@@ -254,7 +254,8 @@ if (empty($reshook))
 						'Product' => '/product/class/product.class.php',
 						'Project' => '/projet/class/project.class.php',
 						'Ticket' => '/ticket/class/ticket.class.php',
-						'User' => '/user/class/user.class.php'
+						'User' => '/user/class/user.class.php',
+						'Account' => '/compta/bank/class/account.class.php',
 					);
 
 					//First, all core objects must update their tables

From 6574e54a41e9f2be5aae55c4478767e15b38236b Mon Sep 17 00:00:00 2001
From: ATM john <john.botella@atm-consulting.fr>
Date: Tue, 4 May 2021 18:09:13 +0200
Subject: [PATCH 3/9] Fix saving template email

---
 htdocs/admin/mails_templates.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php
index 60a15f4899e..f82e67096eb 100644
--- a/htdocs/admin/mails_templates.php
+++ b/htdocs/admin/mails_templates.php
@@ -257,7 +257,7 @@ if (empty($reshook))
             $sql = "INSERT INTO ".$tabname[$id]." (";
             // List of fields
             $sql .= $tabfieldinsert[$id];
-            $sql .= ",active)";
+            $sql .= ",active,enabled)";
             $sql .= " VALUES(";
 
             // List of values
@@ -289,7 +289,7 @@ if (empty($reshook))
 
                 $i++;
             }
-            $sql .= ", 1)";
+            $sql .= ", 1, 1)";
 
             dol_syslog("actionadd", LOG_DEBUG);
             $result = $db->query($sql);

From 209682e7102155684cc5f6fa4835ed16fe163a54 Mon Sep 17 00:00:00 2001
From: lmarcouiller <lucas.marcouiller@gmail.com>
Date: Wed, 5 May 2021 11:30:13 +0200
Subject: [PATCH 4/9] Fix #17361 : changes into mysql/tables of export_model

---
 htdocs/install/mysql/tables/llx_export_model.sql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/install/mysql/tables/llx_export_model.sql b/htdocs/install/mysql/tables/llx_export_model.sql
index 53952430c14..7e68eab4ad5 100644
--- a/htdocs/install/mysql/tables/llx_export_model.sql
+++ b/htdocs/install/mysql/tables/llx_export_model.sql
@@ -24,7 +24,7 @@ create table llx_export_model
   	rowid		integer AUTO_INCREMENT PRIMARY KEY,
 	fk_user		integer DEFAULT 0 NOT NULL,
   	label		varchar(50) NOT NULL,
-  	type		varchar(20) NOT NULL,
+  	type		varchar(64) NOT NULL,
   	field		text NOT NULL,
   	filter		text
   	

From 139ae3db0025ce86d1898739f3df4e6e7a24ec0a Mon Sep 17 00:00:00 2001
From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com>
Date: Wed, 5 May 2021 11:49:11 +0200
Subject: [PATCH 5/9] FIX: pgsql: prevent 'WHERE 1'

---
 build/exe/doliwamp/config.inc.php.install | 2 +-
 htdocs/core/lib/functions.lib.php         | 2 +-
 htdocs/user/class/user.class.php          | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/build/exe/doliwamp/config.inc.php.install b/build/exe/doliwamp/config.inc.php.install
index 19a3d36a45e..6ad04752766 100644
--- a/build/exe/doliwamp/config.inc.php.install
+++ b/build/exe/doliwamp/config.inc.php.install
@@ -542,7 +542,7 @@ $cfg['ThemePerServer']      = FALSE;         // allow diferent theme for each co
  * %f will be replaced by a list of field names.
  * (%t and %f only applies to DefaultQueryTable)
  */
-$cfg['DefaultQueryTable']    = 'SELECT * FROM %t WHERE 1';
+$cfg['DefaultQueryTable']    = 'SELECT * FROM %t WHERE 1 = 1';
 $cfg['DefaultQueryDatabase'] = '';
 
 /**
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index fccb019a730..4148d385716 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -8123,7 +8123,7 @@ function getDictvalue($tablename, $field, $id, $checkentity = false, $rowidfield
 	if (!isset($dictvalues[$tablename]))
 	{
 		$dictvalues[$tablename] = array();
-		$sql = 'SELECT * FROM '.$tablename.' WHERE 1'; // Here select * is allowed as it is generic code and we don't have list of fields
+		$sql = 'SELECT * FROM '.$tablename.' WHERE 1 = 1'; // Here select * is allowed as it is generic code and we don't have list of fields
 		if ($checkentity) $sql .= ' AND entity IN (0,'.getEntity($tablename).')';
 
 		$resql = $db->query($sql);
diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index cc405571990..89995a4584e 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -3320,7 +3320,7 @@ class User extends CommonObject
 		}
 		else
 		{
-			$sql .= " WHERE 1";
+			$sql .= " WHERE 1 = 1";
 		}
 
 		// Manage filter

From 7857da4db755937deb9d7d6c3691ae0c2a9b525c Mon Sep 17 00:00:00 2001
From: Florian HENRY <florian.henry@open-concept.pro>
Date: Wed, 5 May 2021 17:05:51 +0200
Subject: [PATCH 6/9] fix missing token

---
 htdocs/core/class/html.formfile.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php
index 0ca49a49ff2..3adb6265564 100644
--- a/htdocs/core/class/html.formfile.class.php
+++ b/htdocs/core/class/html.formfile.class.php
@@ -1870,7 +1870,7 @@ class FormFile
 				print '<td class="center">'.dol_print_date($link->datea, "dayhour", "tzuser").'</td>';
 				print '<td class="center"></td>';
 				print '<td class="right">';
-				print '<a href="'.$_SERVER['PHP_SELF'].'?action=update&linkid='.$link->id.$param.'" class="editfilelink editfielda reposition" >'.img_edit().'</a>'; // id= is included into $param
+				print '<a href="'.$_SERVER['PHP_SELF'].'?action=update&linkid='.$link->id.$param.'&token='.newToken().'" class="editfilelink editfielda reposition" >'.img_edit().'</a>'; // id= is included into $param
 				if ($permissiontodelete) {
 					print ' &nbsp; <a class="deletefilelink" href="'.$_SERVER['PHP_SELF'].'?action=delete&token='.newToken().'&linkid='.$link->id.$param.'">'.img_delete().'</a>'; // id= is included into $param
 				} else {

From adc862050692184a4feb2c5b5157174e9ae155e6 Mon Sep 17 00:00:00 2001
From: Florian HENRY <florian.henry@open-concept.pro>
Date: Wed, 5 May 2021 17:14:58 +0200
Subject: [PATCH 7/9] fix: allow webdavs link type

---
 htdocs/core/actions_linkedfiles.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/actions_linkedfiles.inc.php b/htdocs/core/actions_linkedfiles.inc.php
index b0671bbf555..73b80a47973 100644
--- a/htdocs/core/actions_linkedfiles.inc.php
+++ b/htdocs/core/actions_linkedfiles.inc.php
@@ -68,7 +68,7 @@ if (GETPOST('sendit', 'alpha') && !empty($conf->global->MAIN_UPLOAD_DOC))
 	$link = GETPOST('link', 'alpha');
 	if ($link)
 	{
-		if (substr($link, 0, 7) != 'http://' && substr($link, 0, 8) != 'https://' && substr($link, 0, 7) != 'file://') {
+		if (substr($link, 0, 7) != 'http://' && substr($link, 0, 8) != 'https://' && substr($link, 0, 7) != 'file://' && substr($link, 0, 7) != 'davs://') {
 			$link = 'http://'.$link;
 		}
 		dol_add_file_process($upload_dir, 0, 1, 'userfile', null, $link, '', 0);

From 63292255ccbc7ad08270bb6820f033f2bc7ed0ff Mon Sep 17 00:00:00 2001
From: ATM john <john.botella@atm-consulting.fr>
Date: Wed, 5 May 2021 18:45:23 +0200
Subject: [PATCH 8/9] Fix search accented words in product description

---
 htdocs/societe/consumption.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/societe/consumption.php b/htdocs/societe/consumption.php
index cd82533fc88..420282c4cef 100644
--- a/htdocs/societe/consumption.php
+++ b/htdocs/societe/consumption.php
@@ -309,7 +309,7 @@ if (!empty($sql_select))
 	if ($sref) $sql.= " AND ".$doc_number." LIKE '%".$db->escape($sref)."%'";
 	if ($sprod_fulldescr)
 	{
-	    $sql.= " AND (d.description LIKE '%".$db->escape($sprod_fulldescr)."%'";
+	    $sql.= " AND (d.description LIKE '%".$db->escape($sprod_fulldescr)."%' OR d.description LIKE '%".$db->escape(dol_htmlentities($sprod_fulldescr))."%'";
 	    if (GETPOST('type_element') != 'fichinter') $sql.= " OR p.ref LIKE '%".$db->escape($sprod_fulldescr)."%'";
 	    if (GETPOST('type_element') != 'fichinter') $sql.= " OR p.label LIKE '%".$db->escape($sprod_fulldescr)."%'";
 	    $sql.=")";

From 7386a223e80572284bf833b170d85974c9592564 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 6 May 2021 16:38:34 +0200
Subject: [PATCH 9/9] Update account.class.php

---
 htdocs/compta/bank/class/account.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php
index c59e768f6dc..75738abc3d4 100644
--- a/htdocs/compta/bank/class/account.class.php
+++ b/htdocs/compta/bank/class/account.class.php
@@ -1687,7 +1687,7 @@ class Account extends CommonObject
 	 */
 	public static function replaceThirdparty($db, $origin_id, $dest_id)
 	{
-		$sql = 'UPDATE '.MAIN_DB_PREFIX.'bank_url SET url_id = '.$dest_id.' WHERE url_id = '.$origin_id.' AND type=\'company\'';
+		$sql = "UPDATE ".MAIN_DB_PREFIX."bank_url SET url_id = ".((int) $dest_id)." WHERE url_id = ".((int) $origin_id)." AND type='company'";
 
 		if (!$db->query($sql))
 		{