diff --git a/htdocs/categories/index.php b/htdocs/categories/index.php
index 065b4dfa83e..708fb3a3e83 100644
--- a/htdocs/categories/index.php
+++ b/htdocs/categories/index.php
@@ -205,10 +205,14 @@ foreach ($fulltree as $key => $val) {
$entry .= ''.img_view().'';
$entry .= '';
$entry .= '| ';
- $entry .= ''.img_edit().'';
+ if ($user->rights->categorie->creer) {
+ $entry .= '' . img_edit() . '';
+ }
$entry .= ' | ';
$entry .= '';
- $entry .= ''.img_delete().'';
+ if ($user->rights->categorie->supprimer) {
+ $entry .= '' . img_delete() . '';
+ }
$entry .= ' | ';
$entry .= '';
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 9490a52a333..7137d843ba7 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -1359,7 +1359,7 @@ class Form
$sql .= " AND s.status <> 0";
}
if (!empty($excludeids)) {
- $sql .= " AND rowid NOT IN (".$this->db->sanitize(join(',', $excludeids)).")";
+ $sql .= " AND s.rowid NOT IN (".$this->db->sanitize(join(',', $excludeids)).")";
}
// Add criteria
if ($filterkey && $filterkey != '') {
diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php
index 4b536ccb2ad..8c79ef337f8 100644
--- a/htdocs/core/lib/company.lib.php
+++ b/htdocs/core/lib/company.lib.php
@@ -1548,7 +1548,7 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin
$sql .= "OR (";
}
if (!empty($code)) {
- addEventTypeSQL($sql, $code, $donetodo, $now, $filters, "");
+ addEventTypeSQL($sql, $code);
}
if ($key != 0) {
$sql .= ")";
@@ -1556,9 +1556,11 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin
}
$sql .= ')';
} elseif (!empty($actioncode)) {
- addEventTypeSQL($sql, $actioncode, $donetodo, $now, $filters);
+ addEventTypeSQL($sql, $actioncode);
}
+ addOtherFilterSQL($sql, $donetodo, $now, $filters);
+
if (is_array($actioncode)) {
foreach ($actioncode as $code) {
$sql2 = addMailingEventTypeSQL($code, $objcon, $filterobj);
@@ -2021,13 +2023,10 @@ function show_subsidiaries($conf, $langs, $db, $object)
*
* @param string $sql $sql modified
* @param string $actioncode Action code
- * @param string $donetodo donetodo
- * @param string $now now
- * @param string $filters array
* @param string $sqlANDOR "AND", "OR" or "" sql condition
* @return string sql request
*/
-function addEventTypeSQL(&$sql, $actioncode, $donetodo, $now, $filters, $sqlANDOR = "AND")
+function addEventTypeSQL(&$sql, $actioncode, $sqlANDOR = "AND")
{
global $conf, $db;
// Condition on actioncode
@@ -2054,6 +2053,23 @@ function addEventTypeSQL(&$sql, $actioncode, $donetodo, $now, $filters, $sqlANDO
}
}
+ return $sql;
+}
+
+/**
+ * Add Event Type SQL
+ *
+ * @param string $sql $sql modified
+ * @param string $donetodo donetodo
+ * @param string $now now
+ * @param string $filters array
+ * @return string sql request
+ */
+function addOtherFilterSQL(&$sql, $donetodo, $now, $filters)
+{
+ global $conf, $db;
+ // Condition on actioncode
+
if ($donetodo == 'todo') {
$sql .= " AND ((a.percent >= 0 AND a.percent < 100) OR (a.percent = -1 AND a.datep > '".$db->idate($now)."'))";
} elseif ($donetodo == 'done') {
diff --git a/htdocs/societe/ajax/company.php b/htdocs/societe/ajax/company.php
index 76151bccb97..b2578ea6562 100644
--- a/htdocs/societe/ajax/company.php
+++ b/htdocs/societe/ajax/company.php
@@ -119,10 +119,12 @@ if (!empty($action) && $action == 'fetch' && !empty($id)) {
}
if (!empty($excludeids)) {
- $filter .= 'rowid NOT IN ('.$db->sanitize($excludeids).')';
+ $excludeids = explode(',', $excludeids);
+ } else {
+ $excludeids = array();
}
- $arrayresult = $form->select_thirdparty_list(0, $htmlname, $filter, 1, $showtype, 0, null, $searchkey, $outjson);
+ $arrayresult = $form->select_thirdparty_list(0, $htmlname, $filter, 1, $showtype, 0, null, $searchkey, $outjson, 0, 'minwidth100', '', false, $excludeids);
$db->close();