From 45df52343b6d7048b615a70d0ff245be0a0948cc Mon Sep 17 00:00:00 2001
From: daraelmin <daraelmin@gmail.com>
Date: Sun, 13 Mar 2022 14:42:38 +0100
Subject: [PATCH 01/17] Fix Warning in htdocs/adherents/card.php

Fix Warning: Creating default object from empty value in htdocs/adherents/card.php on line 1058
---
 htdocs/adherents/card.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php
index e081b126dfe..b36781a99b1 100644
--- a/htdocs/adherents/card.php
+++ b/htdocs/adherents/card.php
@@ -789,8 +789,8 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
 			$object->country = $tmparray['label'];
 		}
 
+		$soc = new Societe($db);
 		if (!empty($socid)) {
-			$soc = new Societe($db);
 			if ($socid > 0) $soc->fetch($socid);
 
 			if (!($soc->id > 0)) {

From b1197d4f4e089c42dd44979a78ca6f0a7e30b6ef Mon Sep 17 00:00:00 2001
From: ptibogxiv <support@ptibogxiv.net>
Date: Sun, 13 Mar 2022 15:31:37 +0100
Subject: [PATCH 02/17] Fix for multicompany on online sign url

---
 htdocs/core/lib/signature.lib.php | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/htdocs/core/lib/signature.lib.php b/htdocs/core/lib/signature.lib.php
index 1d529be6327..c57807800d7 100644
--- a/htdocs/core/lib/signature.lib.php
+++ b/htdocs/core/lib/signature.lib.php
@@ -119,11 +119,9 @@ function getOnlineSignatureUrl($mode, $type, $ref = '', $localorexternal = 1)
 	}
 
 	// For multicompany
-	/*
-	if (!empty($out)) {
-		$out .= "&entity=".$conf->entity; // Check the entity because He may be the same reference in several entities
+	if (!empty($out) && !empty($conf->multicompany->enabled)) {
+		$out .= "&entity=".$conf->entity; // Check the entity because we may have the same reference in several entities
 	}
-	*/
 
 	return $out;
 }

From 1a20afe29b7ce023ddc3574a11c4f35b3dc93acf Mon Sep 17 00:00:00 2001
From: lmarcouiller <lucas.marcouiller@gmail.com>
Date: Mon, 14 Mar 2022 16:11:34 +0100
Subject: [PATCH 03/17] Fix #20351 : top navbar no longer hiden in extarnal
 site

---
 htdocs/core/js/lib_head.js.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/js/lib_head.js.php b/htdocs/core/js/lib_head.js.php
index c0d4f0f3829..3037fe29c4f 100644
--- a/htdocs/core/js/lib_head.js.php
+++ b/htdocs/core/js/lib_head.js.php
@@ -1138,7 +1138,7 @@ $(document).ready(function() {
 
 // Force to hide menus when page is inside an iFrame
 $(document).ready(function() {
-	if (window.location !== window.parent.location ) {
+	if (window.location.pathname.indexOf("externalsite/frametop.php") == -1 &&window.location !== window.parent.location ) {
 		console.log("Page is detected to be into an iframe, we hide by CSS the menus");
 		// The page is in an iframe
 		jQuery(".side-nav-vert, .side-nav, .websitebar").hide();

From 22706b70e9fde88e7a31e1d19a035fd4714dafaa Mon Sep 17 00:00:00 2001
From: lmarcouiller <lucas.marcouiller@gmail.com>
Date: Mon, 14 Mar 2022 16:21:12 +0100
Subject: [PATCH 04/17] fix syntax error

---
 htdocs/core/js/lib_head.js.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/js/lib_head.js.php b/htdocs/core/js/lib_head.js.php
index 3037fe29c4f..53e89182227 100644
--- a/htdocs/core/js/lib_head.js.php
+++ b/htdocs/core/js/lib_head.js.php
@@ -1138,7 +1138,7 @@ $(document).ready(function() {
 
 // Force to hide menus when page is inside an iFrame
 $(document).ready(function() {
-	if (window.location.pathname.indexOf("externalsite/frametop.php") == -1 &&window.location !== window.parent.location ) {
+	if (window.location.pathname.indexOf("externalsite/frametop.php") == -1 && window.location !== window.parent.location ) {
 		console.log("Page is detected to be into an iframe, we hide by CSS the menus");
 		// The page is in an iframe
 		jQuery(".side-nav-vert, .side-nav, .websitebar").hide();

From 92bfd6893d84d13410591d74b52c2ec6100b376e Mon Sep 17 00:00:00 2001
From: Florian HENRY <florian.henry@open-concept.pro>
Date: Tue, 15 Mar 2022 09:10:41 +0100
Subject: [PATCH 05/17] fix:incoterm bad sql request

---
 htdocs/core/class/commonincoterm.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/class/commonincoterm.class.php b/htdocs/core/class/commonincoterm.class.php
index f98f3aaabad..f349925a00a 100644
--- a/htdocs/core/class/commonincoterm.class.php
+++ b/htdocs/core/class/commonincoterm.class.php
@@ -122,7 +122,7 @@ trait CommonIncoterm
 				$this->fk_incoterms = $id_incoterm;
 				$this->location_incoterms = $location;
 
-				$sql = 'SELECT libelle as label_incotermsFROM '.MAIN_DB_PREFIX.'c_incoterms WHERE rowid = '.(int) $this->fk_incoterms;
+				$sql = 'SELECT libelle as label_incoterms FROM '.MAIN_DB_PREFIX.'c_incoterms WHERE rowid = '.(int) $this->fk_incoterms;
 				$res = $this->db->query($sql);
 				if ($res)
 				{

From 58f5cafc3497e2b3bcece75fa45587d746a56fd7 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 15 Mar 2022 19:15:02 +0100
Subject: [PATCH 06/17] FIX #20359

---
 htdocs/projet/card.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php
index 6f587a67a7f..433a933c75b 100644
--- a/htdocs/projet/card.php
+++ b/htdocs/projet/card.php
@@ -632,11 +632,11 @@ if ($action == 'create' && $user->rights->projet->creer) {
 	}
 
 	if (count($array) > 0) {
-		print $form->selectarray('public', $array, GETPOSTISSET('public') ? GETPOST('public') : $object->public, 0, 0, 0, '', 0, 0, 0, '', '', 1);
+		print $form->selectarray('public', $array, GETPOST('public'), 0, 0, 0, '', 0, 0, 0, '', '', 1);
 	} else {
-		print '<input type="hidden" name="public" id="public" value="'.(GETPOSTISSET('public') ? GETPOST('public') : $object->public).'">';
+		print '<input type="hidden" name="public" id="public" value="'.GETPOST('public').'">';
 
-		if ( (GETPOSTISSET('public') ? GETPOST('public') : $object->public)==0) {
+		if (GETPOST('public') == 0) {
 			print $langs->trans("PrivateProject");
 		} else {
 			print $langs->trans("SharedProject");

From 0899caf74d7ba437b539765cc6d49d71ab8b4668 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 15 Mar 2022 19:23:17 +0100
Subject: [PATCH 07/17] Update lib_head.js.php

---
 htdocs/core/js/lib_head.js.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/js/lib_head.js.php b/htdocs/core/js/lib_head.js.php
index 53e89182227..9a0eaf0e0ed 100644
--- a/htdocs/core/js/lib_head.js.php
+++ b/htdocs/core/js/lib_head.js.php
@@ -1138,7 +1138,7 @@ $(document).ready(function() {
 
 // Force to hide menus when page is inside an iFrame
 $(document).ready(function() {
-	if (window.location.pathname.indexOf("externalsite/frametop.php") == -1 && window.location !== window.parent.location ) {
+	if (window.location && window.location.pathname.indexOf("externalsite/frametop.php") == -1 && window.location !== window.parent.location ) {
 		console.log("Page is detected to be into an iframe, we hide by CSS the menus");
 		// The page is in an iframe
 		jQuery(".side-nav-vert, .side-nav, .websitebar").hide();

From 9514062868456d7270dedd492373d4f09dd68d98 Mon Sep 17 00:00:00 2001
From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com>
Date: Wed, 16 Mar 2022 09:40:31 +0100
Subject: [PATCH 08/17] FIX: holiday monthly report: wrong 'Employee' and
 holiday type translations

---
 htdocs/holiday/month_report.php | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/htdocs/holiday/month_report.php b/htdocs/holiday/month_report.php
index 6f8b0830b2a..fe98779c516 100644
--- a/htdocs/holiday/month_report.php
+++ b/htdocs/holiday/month_report.php
@@ -32,7 +32,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
 
 // Load translation files required by the page
-$langs->loadLangs(array("holiday"));
+$langs->loadLangs(array('holiday', 'hrm'));
 
 // Security check
 $socid = 0;
@@ -106,7 +106,7 @@ if (empty($reshook))
 $arrayfields = array(
 	'cp.ref'=>array('label'=>$langs->trans('Ref'), 'checked'=>1),
 	'cp.fk_user'=>array('label'=>$langs->trans('Employee'), 'checked'=>1),
-	'ct.label'=>array('label'=>$langs->trans('Type'), 'checked'=>1),
+	'cp.fk_type'=>array('label'=>$langs->trans('Type'), 'checked'=>1),
 	'cp.date_debut'=>array('label'=>$langs->trans('DateDebCP'), 'checked'=>1),
 	'cp.date_fin'=>array('label'=>$langs->trans('DateFinCP'), 'checked'=>1),
 	'used_days'=>array('label'=>$langs->trans('NbUseDaysCPShort'), 'checked'=>1),
@@ -133,10 +133,9 @@ $search_month = GETPOST("remonth", 'int') ?GETPOST("remonth", 'int') : date("m",
 $search_year = GETPOST("reyear", 'int') ?GETPOST("reyear", 'int') : date("Y", time());
 $year_month = sprintf("%04d", $search_year).'-'.sprintf("%02d", $search_month);
 
-$sql = "SELECT cp.rowid, cp.ref, cp.fk_user, cp.date_debut, cp.date_fin, ct.label, cp.description, cp.halfday";
+$sql = "SELECT cp.rowid, cp.ref, cp.fk_user, cp.date_debut, cp.date_fin, cp.fk_type, cp.description, cp.halfday";
 $sql .= " FROM ".MAIN_DB_PREFIX."holiday cp";
 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user u ON cp.fk_user = u.rowid";
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_holiday_types ct ON cp.fk_type = ct.rowid";
 $sql .= " WHERE cp.rowid > 0";
 $sql .= " AND cp.statut = ".Holiday::STATUS_APPROVED;
 $sql .= " AND (";
@@ -223,7 +222,7 @@ if (!empty($arrayfields['cp.fk_user']['checked'])) {
 }
 
 // Filter: Type
-if (!empty($arrayfields['ct.label']['checked'])) {
+if (!empty($arrayfields['cp.fk_type']['checked'])) {
 	$typeleaves = $holidaystatic->getTypes(1, -1);
 	$arraytypeleaves = array();
 	foreach ($typeleaves as $key => $val)
@@ -261,7 +260,7 @@ print '</tr>';
 print '<tr class="liste_titre">';
 if (!empty($arrayfields['cp.ref']['checked'])) print_liste_field_titre($arrayfields['cp.ref']['label'], $_SERVER["PHP_SELF"], 'cp.ref', '', '', '', $sortfield, $sortorder);
 if (!empty($arrayfields['cp.fk_user']['checked'])) print_liste_field_titre($arrayfields['cp.fk_user']['label'], $_SERVER["PHP_SELF"], 'cp.fk_user', '', '', '', $sortfield, $sortorder);
-if (!empty($arrayfields['ct.label']['checked'])) print_liste_field_titre($arrayfields['ct.label']['label'], $_SERVER["PHP_SELF"], 'ct.label', '', '', '', $sortfield, $sortorder);
+if (!empty($arrayfields['cp.fk_type']['checked'])) print_liste_field_titre($arrayfields['cp.fk_type']['label'], $_SERVER["PHP_SELF"], 'cp.fk_type', '', '', '', $sortfield, $sortorder);
 if (!empty($arrayfields['cp.date_debut']['checked'])) print_liste_field_titre($arrayfields['cp.date_debut']['label'], $_SERVER["PHP_SELF"], 'cp.date_debut', '', '', '', $sortfield, $sortorder);
 if (!empty($arrayfields['cp.date_fin']['checked'])) print_liste_field_titre($arrayfields['cp.date_fin']['label'], $_SERVER["PHP_SELF"], 'cp.date_fin', '', '', '', $sortfield, $sortorder);
 if (!empty($arrayfields['used_days']['checked'])) print_liste_field_titre($arrayfields['used_days']['label'], $_SERVER["PHP_SELF"], '', '', '', '', $sortfield, $sortorder);
@@ -323,7 +322,10 @@ else {
 
 		if (!empty($arrayfields['cp.ref']['checked'])) print '<td>'.$holidaystatic->getNomUrl(1, 1).'</td>';
 		if (!empty($arrayfields['cp.fk_user']['checked'])) print '<td>'.$user->getFullName($langs).'</td>';
-		if (!empty($arrayfields['ct.label']['checked'])) print '<td>'.$obj->label.'</td>';
+
+		if (!empty($arrayfields['cp.fk_type']['checked'])) {
+			print '<td>'.$arraytypeleaves[$obj->fk_type].'</td>';
+		}
 
 		if (!empty($arrayfields['cp.date_debut']['checked']))
 		{

From 8a8462bf5785e8fb1aa165851b892a40edb0f047 Mon Sep 17 00:00:00 2001
From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com>
Date: Wed, 16 Mar 2022 09:47:57 +0100
Subject: [PATCH 09/17] FIX: holiday monthly report: html entity codes showing
 in description with WYSIWYG activated

---
 htdocs/holiday/month_report.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/htdocs/holiday/month_report.php b/htdocs/holiday/month_report.php
index fe98779c516..b45444524f7 100644
--- a/htdocs/holiday/month_report.php
+++ b/htdocs/holiday/month_report.php
@@ -358,7 +358,10 @@ else {
 		}
 
 		if (!empty($arrayfields['used_days_month']['checked'])) print '<td class="right">'.num_open_day($date_start_inmonth, $date_end_inmonth, 0, 1, $halfdayinmonth).'</td>';
-		if (!empty($arrayfields['cp.description']['checked'])) print '<td class="maxwidth300">'.dol_escape_htmltag(dolGetFirstLineOfText($obj->description)).'</td>';
+
+		if (!empty($arrayfields['cp.description']['checked'])) {
+			print '<td class="maxwidth300">'.dolGetFirstLineOfText($obj->description).'</td>';
+		}
 
 		print '<td></td>';
 		print '</tr>';

From 4f395a836ea3b180f38c2d6e42d2d0cd76096a63 Mon Sep 17 00:00:00 2001
From: ATM john <john.botella@atm-consulting.fr>
Date: Wed, 16 Mar 2022 12:10:10 +0100
Subject: [PATCH 10/17] fix crabe multidir output

---
 htdocs/core/modules/facture/doc/pdf_crabe.modules.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
index e26b03cdc46..00f91b6399b 100644
--- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
+++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
@@ -290,11 +290,11 @@ class pdf_crabe extends ModelePDFFactures
 
 			// Definition of $dir and $file
 			if ($object->specimen) {
-				$dir = $conf->facture->dir_output;
+				$dir = $conf->facture->multidir_output[$conf->entity];
 				$file = $dir."/SPECIMEN.pdf";
 			} else {
 				$objectref = dol_sanitizeFileName($object->ref);
-				$dir = $conf->facture->dir_output."/".$objectref;
+				$dir = $conf->facture->multidir_output[$object->entity]."/".$objectref;
 				$file = $dir."/".$objectref.".pdf";
 			}
 			if (!file_exists($dir)) {

From 536bae97e8dda9b720720bee954902cf24367b9c Mon Sep 17 00:00:00 2001
From: Alexandre SPANGARO <aspangaro.dolibarr@gmail.com>
Date: Wed, 16 Mar 2022 15:49:49 +0100
Subject: [PATCH 11/17] FIX Update icon of module reception

---
 htdocs/admin/mails_templates.php                             | 2 +-
 htdocs/core/boxes/box_supplier_orders_awaiting_reception.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php
index 0adc526d69e..3abeb0bde54 100644
--- a/htdocs/admin/mails_templates.php
+++ b/htdocs/admin/mails_templates.php
@@ -205,7 +205,7 @@ if (!empty($conf->expedition->enabled)) {
 	$elementList['shipping_send'] = img_picto('', 'dolly', 'class="paddingright"').dol_escape_htmltag($langs->trans('MailToSendShipment'));
 }
 if (!empty($conf->reception->enabled)) {
-	$elementList['reception_send'] = img_picto('', 'dolly', 'class="paddingright"').dol_escape_htmltag($langs->trans('MailToSendReception'));
+	$elementList['reception_send'] = img_picto('', 'dollyrevert', 'class="paddingright"').dol_escape_htmltag($langs->trans('MailToSendReception'));
 }
 if (!empty($conf->ficheinter->enabled)) {
 	$elementList['fichinter_send'] = img_picto('', 'intervention', 'class="paddingright"').dol_escape_htmltag($langs->trans('MailToSendIntervention'));
diff --git a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php
index 78d38455d83..6345e13cce0 100644
--- a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php
+++ b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php
@@ -162,7 +162,7 @@ class box_supplier_orders_awaiting_reception extends ModeleBoxes
 
 					$this->info_box_contents[$line][] = array(
 						'td' => 'class="right"',
-						'text' => $delayIcon.'<span class="classfortooltip" title="'.$langs->trans('DateDeliveryPlanned').'"><i class="fa fa-dolly" ></i> '.dol_print_date($delivery_date, 'day', 'tzuserrel').'</span>',
+						'text' => $delayIcon.'<span class="classfortooltip" title="'.$langs->trans('DateDeliveryPlanned').'"><i class="fa fa-flip-dolly" ></i> '.dol_print_date($delivery_date, 'day', 'tzuserrel').'</span>',
 						'asis' => 1
 					);
 

From 149f3e65175085a9c1be17a8ac2e48b8ac6471e6 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Wed, 16 Mar 2022 16:01:03 +0100
Subject: [PATCH 12/17] Fix for #20372

---
 htdocs/core/lib/functions.lib.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 9f9435fcdc2..addbb0191f1 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -8213,7 +8213,7 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1'
 	// Test dangerous char (used for RCE), we allow only PHP variable testing.
 	if ($onlysimplestring == '1') {
 		//print preg_quote('$_->&|', '/');
-		if (preg_match('/[^a-z0-9\s'.preg_quote('$_->&|=!?():"', '/').']/i', $s)) {
+		if (preg_match('/[^a-z0-9\s'.preg_quote('$_+->&|=!?():"', '/').']/i', $s)) {
 			if ($returnvalue) {
 				return 'Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s;
 			} else {
@@ -8223,7 +8223,7 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1'
 		}
 	} elseif ($onlysimplestring == '2') {
 		//print preg_quote('$_->&|', '/');
-		if (preg_match('/[^a-z0-9\s'.preg_quote('^$_->&|=!?():"\';,/', '/').']/i', $s)) {
+		if (preg_match('/[^a-z0-9\s'.preg_quote('^$_+->&|=!?():"\';,/', '/').']/i', $s)) {
 			if ($returnvalue) {
 				return 'Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s;
 			} else {

From 319f21ef69327f6b83589e13ac54ee9db21678ed Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Wed, 16 Mar 2022 16:23:27 +0100
Subject: [PATCH 13/17] Fix regression

---
 htdocs/core/modules/facture/doc/pdf_crabe.modules.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
index 00f91b6399b..eac6a8df762 100644
--- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
+++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
@@ -290,11 +290,11 @@ class pdf_crabe extends ModelePDFFactures
 
 			// Definition of $dir and $file
 			if ($object->specimen) {
-				$dir = $conf->facture->multidir_output[$conf->entity];
+				$dir = empty($conf->facture->multidir_output[$conf->entity]) ? $conf->facture->dir_output : $conf->facture->multidir_output[$conf->entity];
 				$file = $dir."/SPECIMEN.pdf";
 			} else {
 				$objectref = dol_sanitizeFileName($object->ref);
-				$dir = $conf->facture->multidir_output[$object->entity]."/".$objectref;
+				$dir = (empty($conf->facture->multidir_output[$conf->entity]) ? $conf->facture->dir_output : $conf->facture->multidir_output[$conf->entity])."/".$objectref;
 				$file = $dir."/".$objectref.".pdf";
 			}
 			if (!file_exists($dir)) {

From 4731ce9f1d45797abe069fb9f10188521771ffe4 Mon Sep 17 00:00:00 2001
From: Gauthier PC portable 024 <gauthier.verdol@atm-consulting.fr>
Date: Wed, 16 Mar 2022 16:40:08 +0100
Subject: [PATCH 14/17] FIX : allow all maths classical operators in custom
 groups accountancy report

---
 htdocs/core/lib/functions.lib.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index addbb0191f1..288fd9f8ece 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -8213,7 +8213,7 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1'
 	// Test dangerous char (used for RCE), we allow only PHP variable testing.
 	if ($onlysimplestring == '1') {
 		//print preg_quote('$_->&|', '/');
-		if (preg_match('/[^a-z0-9\s'.preg_quote('$_+->&|=!?():"', '/').']/i', $s)) {
+		if (preg_match('/[^a-z0-9\s'.preg_quote('$_+-*/>&|=!?():"', '/').']/i', $s)) {
 			if ($returnvalue) {
 				return 'Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s;
 			} else {
@@ -8223,7 +8223,7 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1'
 		}
 	} elseif ($onlysimplestring == '2') {
 		//print preg_quote('$_->&|', '/');
-		if (preg_match('/[^a-z0-9\s'.preg_quote('^$_+->&|=!?():"\';,/', '/').']/i', $s)) {
+		if (preg_match('/[^a-z0-9\s'.preg_quote('^$_+-*/>&|=!?():"\';,/', '/').']/i', $s)) {
 			if ($returnvalue) {
 				return 'Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s;
 			} else {

From abe542f49e164f31905c629d188404368e2c334b Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 16 Mar 2022 19:45:39 +0100
Subject: [PATCH 15/17] Fix removed the cache.manifest file (useless and pb
 with some browsers)

---
 htdocs/cache.manifest  | 36 ------------------------------------
 htdocs/main.inc.php    |  7 ++-----
 htdocs/support/inc.php |  1 -
 3 files changed, 2 insertions(+), 42 deletions(-)
 delete mode 100644 htdocs/cache.manifest

diff --git a/htdocs/cache.manifest b/htdocs/cache.manifest
deleted file mode 100644
index 5e514a32a47..00000000000
--- a/htdocs/cache.manifest
+++ /dev/null
@@ -1,36 +0,0 @@
-CACHE MANIFEST
-# version 2013-05-21 13:30:21
-# Note: If this file is dynamic, it must return MIME text/cache-manifest
-# Note: Order of CACHE, NETWORK and FALLBACK section does not change behaviour
-" Note: 
-
-
-# Files listed under CACHE will be ALWAYS cached after they are loaded.
-# And they will be always used from Cache after (even after refresh).
-CACHE:
-theme/dolibarr_logo.svg
-support/
-support/index.php
-
-support/default.css
-support/helpcenter.png
-support/internet.png
-support/mail.png
-support/pagemaster.png
-support/redstar.png
-support/star.png
-support/who.png
-
-
-# The NETWORK section contains the path to a folder to ensure that requests
-# to load resources will use internet. 
-# CACHE has priority on NETWORK, so usage is useless
-NETWORK: 
-/
-
-# The FALLBACK section contains entries that provide a backup strategy.
-# If the browser is unable to retrieve the original content, the fallback resource will be used.
-# In the example above, we display a static image in case the dynamic one is unavailable.
-FALLBACK: 
-#/ public/notice.php
-#theme/eldy/img/* theme/md/img/*
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index e4b6d88a42c..10e836af1c9 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -1428,11 +1428,8 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr
 
 	print '<!doctype html>'."\n";
 
-	if (!empty($conf->global->MAIN_USE_CACHE_MANIFEST)) {
-		print '<html lang="'.substr($langs->defaultlang, 0, 2).'" manifest="'.DOL_URL_ROOT.'/cache.manifest">'."\n";
-	} else {
-		print '<html lang="'.substr($langs->defaultlang, 0, 2).'">'."\n";
-	}
+	print '<html lang="'.substr($langs->defaultlang, 0, 2).'">'."\n";
+
 	//print '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr">'."\n";
 	if (empty($disablehead)) {
 		if (!is_object($hookmanager)) {
diff --git a/htdocs/support/inc.php b/htdocs/support/inc.php
index 2836650fe71..d5c92cade7b 100644
--- a/htdocs/support/inc.php
+++ b/htdocs/support/inc.php
@@ -238,7 +238,6 @@ function pHeader($soutitre, $next, $action = 'none')
 	header("X-Content-Type-Options: nosniff");
 
 	print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">'."\n";
-	print '<html manifest="'.DOL_URL_ROOT.'/cache.manifest">'."\n";
 	print '<head>'."\n";
 	print '<meta http-equiv="content-type" content="text/html; charset='.$conf->file->character_set_client.'">'."\n";
 	print '<meta name="robots" content="index,follow">'."\n";

From 800c490c12d52e22054226c32ac0c57f1bff5871 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 16 Mar 2022 20:07:50 +0100
Subject: [PATCH 16/17] Fix travis

---
 .travis.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 08fa830a6fe..ff28cbddf8b 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -48,7 +48,7 @@ jobs:
       php: '5.6'
       env: DB=postgresql
     - if: type = pull_request OR type = push
-      php: '7.4'
+      php: '7.4.22'
       env: DB=mysql
     - if: type = push AND branch = develop
       php: nightly 
@@ -102,7 +102,7 @@ install:
                         php-parallel-lint/php-console-highlighter ^0 \
                         squizlabs/php_codesniffer ^3
   fi
-  if [ "$TRAVIS_PHP_VERSION" = '7.3' ] || [ "$TRAVIS_PHP_VERSION" = '7.4' ]; then
+  if [ "$TRAVIS_PHP_VERSION" = '7.3' ] || [ "$TRAVIS_PHP_VERSION" = '7.4' ] || [ "$TRAVIS_PHP_VERSION" = '7.4.22' ]; then
     composer -n require phpunit/phpunit ^7 \
                         php-parallel-lint/php-parallel-lint ^1.2 \
                         php-parallel-lint/php-console-highlighter ^0 \
@@ -237,7 +237,7 @@ before_script:
   # enable php-fpm
   - sudo cp ~/.phpenv/versions/$(phpenv version-name)/etc/php-fpm.conf.default ~/.phpenv/versions/$(phpenv version-name)/etc/php-fpm.conf
   - |
-    if [ "$TRAVIS_PHP_VERSION" = '7.0' ] || [ "$TRAVIS_PHP_VERSION" = '7.1' ] || [ "$TRAVIS_PHP_VERSION" = '7.2' ] || [ "$TRAVIS_PHP_VERSION" = '7.3' ] || [ "$TRAVIS_PHP_VERSION" = '7.4' ] || [ "$TRAVIS_PHP_VERSION" = 'nightly' ]; then
+    if [ "$TRAVIS_PHP_VERSION" = '7.0' ] || [ "$TRAVIS_PHP_VERSION" = '7.1' ] || [ "$TRAVIS_PHP_VERSION" = '7.2' ] || [ "$TRAVIS_PHP_VERSION" = '7.3' ] || [ "$TRAVIS_PHP_VERSION" = '7.4' ] || [ "$TRAVIS_PHP_VERSION" = '7.4.22' ] || [ "$TRAVIS_PHP_VERSION" = 'nightly' ]; then
       # Copy the included pool
       sudo cp ~/.phpenv/versions/$(phpenv version-name)/etc/php-fpm.d/www.conf.default ~/.phpenv/versions/$(phpenv version-name)/etc/php-fpm.d/www.conf
     fi
@@ -272,7 +272,7 @@ script:
   set -e
   #parallel-lint --exclude htdocs/includes --blame .
   # Exclusions are defined in the ruleset.xml file
-  if [ "$TRAVIS_PHP_VERSION" = "7.4" ]; then
+  if [ "$TRAVIS_PHP_VERSION" = "7.4.22" ]; then
     parallel-lint -e php --exclude dev/tools/test/namespacemig --exclude htdocs/includes/composer --exclude htdocs/includes/myclabs --exclude htdocs/includes/phpspec --exclude dev/initdata/dbf/includes \
       --exclude htdocs/includes/sabre --exclude htdocs/includes/phpoffice/PhpSpreadsheet --exclude htdocs/includes/sebastian \
       --exclude htdocs/includes/squizlabs/php_codesniffer --exclude htdocs/includes/jakub-onderka --exclude htdocs/includes/php-parallel-lint --exclude htdocs/includes/symfony \
@@ -287,7 +287,7 @@ script:
   # Ensure we catch errors
   set -e
   # Exclusions are defined in the ruleset.xml file
-  if [ "$TRAVIS_PULL_REQUEST" = "false" ] && [ "$TRAVIS_PHP_VERSION" = "7.4" ]; then
+  if [ "$TRAVIS_PULL_REQUEST" = "false" ] && [ "$TRAVIS_PHP_VERSION" = "7.4.22" ]; then
     phpcs -s -p -d memory_limit=-1 --extensions=php --colors --tab-width=4 --standard=dev/setup/codesniffer/ruleset.xml --encoding=utf-8 --runtime-set ignore_warnings_on_exit true .;
   fi
   set +e

From 6c210f72dcdf1eceaf3ef2c5d9734dcf008368db Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 16 Mar 2022 20:31:40 +0100
Subject: [PATCH 17/17] Fix missing var declaration and constructor

---
 .../class/accountancyexport.class.php          |  4 ++++
 .../class/accountancyimport.class.php          | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/htdocs/accountancy/class/accountancyexport.class.php b/htdocs/accountancy/class/accountancyexport.class.php
index 0d0d013a69f..3c30200c130 100644
--- a/htdocs/accountancy/class/accountancyexport.class.php
+++ b/htdocs/accountancy/class/accountancyexport.class.php
@@ -64,6 +64,10 @@ class AccountancyExport
 	public static $EXPORT_TYPE_FEC = 1000;
 	public static $EXPORT_TYPE_FEC2 = 1010;
 
+	/**
+	 * @var DoliDB	Database handler
+	 */
+	public $db;
 
 	/**
 	 * @var string[] Error codes (or messages)
diff --git a/htdocs/accountancy/class/accountancyimport.class.php b/htdocs/accountancy/class/accountancyimport.class.php
index ea88534b6ed..8ca60e37796 100644
--- a/htdocs/accountancy/class/accountancyimport.class.php
+++ b/htdocs/accountancy/class/accountancyimport.class.php
@@ -39,6 +39,24 @@
  */
 class AccountancyImport
 {
+	/**
+	 * @var DoliDB	Database handler
+	 */
+	public $db;
+
+
+	/**
+	 * Constructor
+	 *
+	 * @param DoliDb $db Database handler
+	 */
+	public function __construct(DoliDB $db)
+	{
+		global $conf;
+
+		$this->db = $db;
+	}
+
 	/**
 	 *  Compute amount
 	 *