From 6a3310daf7aecda23535f21d8848bf2185e6d030 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@capnetworks.com>
Date: Thu, 4 Jun 2015 15:42:51 +0200
Subject: [PATCH 1/5] Fix: PRODUCT_USE_OLD_PATH_FOR_PHOTO use entity 0 for
 multicompany Fix: use encrypt/decrypt with llx_const for experimental
 encryption of sensitive data

---
 .../install/mysql/migration/3.6.0-3.7.0.sql   | 64 +++++++++----------
 1 file changed, 32 insertions(+), 32 deletions(-)

diff --git a/htdocs/install/mysql/migration/3.6.0-3.7.0.sql b/htdocs/install/mysql/migration/3.6.0-3.7.0.sql
index 080fbdc699d..b74c8ddba17 100755
--- a/htdocs/install/mysql/migration/3.6.0-3.7.0.sql
+++ b/htdocs/install/mysql/migration/3.6.0-3.7.0.sql
@@ -98,36 +98,36 @@ ALTER TABLE llx_accountingaccount add column fk_user_author integer DEFAULT NULL
 ALTER TABLE llx_accountingaccount add column fk_user_modif integer DEFAULT NULL AFTER fk_user_author;
 
 -- Qual
-UPDATE llx_const SET name = 'ACCOUNTING_MODE' WHERE name = 'COMPTA_MODE';
-UPDATE llx_const SET name = 'ACCOUNTING_ACCOUNT_CUSTOMER' WHERE name = 'COMPTA_ACCOUNT_CUSTOMER';
-UPDATE llx_const SET name = 'ACCOUNTING_ACCOUNT_SUPPLIER' WHERE name = 'COMPTA_ACCOUNT_SUPPLIER';
-UPDATE llx_const SET name = 'ACCOUNTING_PRODUCT_BUY_ACCOUNT' WHERE name = 'COMPTA_PRODUCT_BUY_ACCOUNT';
-UPDATE llx_const SET name = 'ACCOUNTING_PRODUCT_SOLD_ACCOUNT' WHERE name = 'COMPTA_PRODUCT_SOLD_ACCOUNT';
-UPDATE llx_const SET name = 'ACCOUNTING_SERVICE_BUY_ACCOUNT' WHERE name = 'COMPTA_SERVICE_BUY_ACCOUNT';
-UPDATE llx_const SET name = 'ACCOUNTING_SERVICE_SOLD_ACCOUNT' WHERE name = 'COMPTA_SERVICE_SOLD_ACCOUNT';
-UPDATE llx_const SET name = 'ACCOUNTING_VAT_ACCOUNT' WHERE name = 'COMPTA_VAT_ACCOUNT';
-UPDATE llx_const SET name = 'ACCOUNTING_VAT_BUY_ACCOUNT' WHERE name = 'COMPTA_VAT_BUY_ACCOUNT';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_MODE')__ WHERE __DECRYPT('name')__ = 'COMPTA_MODE';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_ACCOUNT_CUSTOMER')__ WHERE __DECRYPT('name')__ = 'COMPTA_ACCOUNT_CUSTOMER';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_ACCOUNT_SUPPLIER')__ WHERE __DECRYPT('name')__ = 'COMPTA_ACCOUNT_SUPPLIER';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_PRODUCT_BUY_ACCOUNT')__ WHERE __DECRYPT('name')__ = 'COMPTA_PRODUCT_BUY_ACCOUNT';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_PRODUCT_SOLD_ACCOUNT')__ WHERE __DECRYPT('name')__ = 'COMPTA_PRODUCT_SOLD_ACCOUNT';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_SERVICE_BUY_ACCOUNT')__ WHERE __DECRYPT('name')__ = 'COMPTA_SERVICE_BUY_ACCOUNT';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_SERVICE_SOLD_ACCOUNT')__ WHERE __DECRYPT('name')__ = 'COMPTA_SERVICE_SOLD_ACCOUNT';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_VAT_ACCOUNT')__ WHERE __DECRYPT('name')__ = 'COMPTA_VAT_ACCOUNT';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_VAT_BUY_ACCOUNT')__ WHERE __DECRYPT('name')__ = 'COMPTA_VAT_BUY_ACCOUNT';
 
 -- Compatibility with module Accounting Expert
-UPDATE llx_const SET name = 'ACCOUNTING_EXPORT_MODELCSV' WHERE name = 'ACCOUNTINGEX_MODELCSV';
-UPDATE llx_const SET name = 'ACCOUNTING_EXPORT_SEPARATORCSV' WHERE name = 'ACCOUNTINGEX_SEPARATORCSV';
-UPDATE llx_const SET name = 'ACCOUNTING_EXPORT_DATE' WHERE name = 'ACCOUNTINGEX_EXP_DATE';
-UPDATE llx_const SET name = 'ACCOUNTING_EXPORT_PIECE' WHERE name = 'ACCOUNTINGEX_EXP_PIECE';
-UPDATE llx_const SET name = 'ACCOUNTING_EXPORT_GLOBAL_ACCOUNT' WHERE name = 'ACCOUNTINGEX_EXP_GLOBAL_ACCOUNT';
-UPDATE llx_const SET name = 'ACCOUNTING_EXPORT_LABEL' WHERE name = 'ACCOUNTINGEX_EXP_LABEL';
-UPDATE llx_const SET name = 'ACCOUNTING_EXPORT_AMOUNT' WHERE name = 'ACCOUNTINGEX_EXP_AMOUNT';
-UPDATE llx_const SET name = 'ACCOUNTING_EXPORT_DEVISE' WHERE name = 'ACCOUNTINGEX_EXP_DEVISE';
-UPDATE llx_const SET name = 'ACCOUNTING_ACCOUNT_SUSPENSE' WHERE name = 'ACCOUNTINGEX_ACCOUNT_SUSPENSE';
-UPDATE llx_const SET name = 'ACCOUNTING_SELL_JOURNAL' WHERE name = 'ACCOUNTINGEX_SELL_JOURNAL';
-UPDATE llx_const SET name = 'ACCOUNTING_PURCHASE_JOURNAL' WHERE name = 'ACCOUNTINGEX_PURCHASE_JOURNAL';
-UPDATE llx_const SET name = 'ACCOUNTING_SOCIAL_JOURNAL' WHERE name = 'ACCOUNTINGEX_SOCIAL_JOURNAL';
-UPDATE llx_const SET name = 'ACCOUNTING_MISCELLANEOUS_JOURNAL' WHERE name = 'ACCOUNTINGEX_MISCELLANEOUS_JOURNAL';
-UPDATE llx_const SET name = 'ACCOUNTING_ACCOUNT_TRANSFER_CASH' WHERE name = 'ACCOUNTINGEX_ACCOUNT_TRANSFER_CASH';
-UPDATE llx_const SET name = 'ACCOUNTING_LENGTH_GACCOUNT' WHERE name = 'ACCOUNTINGEX_LENGTH_GACCOUNT';
-UPDATE llx_const SET name = 'ACCOUNTING_LENGTH_AACCOUNT' WHERE name = 'ACCOUNTINGEX_LENGTH_AACCOUNT';
-UPDATE llx_const SET name = 'ACCOUNTING_LIMIT_LIST_VENTILATION' WHERE name = 'ACCOUNTINGEX_LIMIT_LIST_VENTILATION';
-UPDATE llx_const SET name = 'ACCOUNTING_LIST_SORT_VENTILATION_TODO' WHERE name = 'ACCOUNTINGEX_LIST_SORT_VENTILATION_TODO';
-UPDATE llx_const SET name = 'ACCOUNTING_LIST_SORT_VENTILATION_DONE' WHERE name = 'ACCOUNTINGEX_LIST_SORT_VENTILATION_DONE';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_EXPORT_MODELCSV')__ WHERE __DECRYPT('name')__ = 'ACCOUNTINGEX_MODELCSV';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_EXPORT_SEPARATORCSV')__ WHERE __DECRYPT('name')__ = 'ACCOUNTINGEX_SEPARATORCSV';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_EXPORT_DATE')__ WHERE __DECRYPT('name')__ = 'ACCOUNTINGEX_EXP_DATE';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_EXPORT_PIECE')__ WHERE __DECRYPT('name')__ = 'ACCOUNTINGEX_EXP_PIECE';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_EXPORT_GLOBAL_ACCOUNT')__ WHERE __DECRYPT('name')__ = 'ACCOUNTINGEX_EXP_GLOBAL_ACCOUNT';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_EXPORT_LABEL')__ WHERE __DECRYPT('name')__ = 'ACCOUNTINGEX_EXP_LABEL';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_EXPORT_AMOUNT')__ WHERE __DECRYPT('name')__ = 'ACCOUNTINGEX_EXP_AMOUNT';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_EXPORT_DEVISE')__ WHERE __DECRYPT('name')__ = 'ACCOUNTINGEX_EXP_DEVISE';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_ACCOUNT_SUSPENSE')__ WHERE __DECRYPT('name')__ = 'ACCOUNTINGEX_ACCOUNT_SUSPENSE';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_SELL_JOURNAL')__ WHERE __DECRYPT('name')__ = 'ACCOUNTINGEX_SELL_JOURNAL';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_PURCHASE_JOURNAL')__ WHERE __DECRYPT('name')__ = 'ACCOUNTINGEX_PURCHASE_JOURNAL';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_SOCIAL_JOURNAL')__ WHERE __DECRYPT('name')__ = 'ACCOUNTINGEX_SOCIAL_JOURNAL';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_MISCELLANEOUS_JOURNAL')__ WHERE __DECRYPT('name')__ = 'ACCOUNTINGEX_MISCELLANEOUS_JOURNAL';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_ACCOUNT_TRANSFER_CASH')__ WHERE __DECRYPT('name')__ = 'ACCOUNTINGEX_ACCOUNT_TRANSFER_CASH';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_LENGTH_GACCOUNT')__ WHERE __DECRYPT('name')__ = 'ACCOUNTINGEX_LENGTH_GACCOUNT';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_LENGTH_AACCOUNT')__ WHERE __DECRYPT('name')__ = 'ACCOUNTINGEX_LENGTH_AACCOUNT';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_LIMIT_LIST_VENTILATION')__ WHERE __DECRYPT('name')__ = 'ACCOUNTINGEX_LIMIT_LIST_VENTILATION';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_LIST_SORT_VENTILATION_TODO')__ WHERE __DECRYPT('name')__ = 'ACCOUNTINGEX_LIST_SORT_VENTILATION_TODO';
+UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_LIST_SORT_VENTILATION_DONE')__ WHERE __DECRYPT('name')__ = 'ACCOUNTINGEX_LIST_SORT_VENTILATION_DONE';
 
 -- Drop old table
 DROP TABLE llx_compta;
@@ -1133,9 +1133,9 @@ ALTER TABLE llx_c_email_templates ADD UNIQUE INDEX uk_c_email_templates(entity,
 ALTER TABLE llx_c_email_templates ADD INDEX idx_type(type_template);
 
 -- Remove OSC module
-DELETE FROM llx_const WHERE name = 'MAIN_MODULE_BOUTIQUE';
-DELETE FROM llx_const WHERE name = 'OSC_DB_HOST';
-DELETE FROM llx_menu WHERE module = 'boutique';
+DELETE FROM llx_const WHERE __DECRYPT('name')__ = 'MAIN_MODULE_BOUTIQUE';
+DELETE FROM llx_const WHERE __DECRYPT('name')__ = 'OSC_DB_HOST';
+DELETE FROM llx_menu WHERE __DECRYPT('module')__ = 'boutique';
 
 -- Add option always editable on extrafield
 ALTER TABLE llx_extrafields ADD alwayseditable INTEGER DEFAULT 0 AFTER pos;
@@ -1177,4 +1177,4 @@ insert into llx_c_tva(rowid,fk_pays,taux,recuperableonly,localtax1,localtax1_typ
 
 ALTER TABLE llx_livraison MODIFY COLUMN date_delivery DATETIME NULL DEFAULT NULL;
 
-INSERT INTO llx_const (name, value, type, note, visible, entity) SELECT 'PRODUCT_USE_OLD_PATH_FOR_PHOTO','1','chaine','Use old path for products images',1,1 FROM llx_const WHERE name='MAIN_VERSION_LAST_INSTALL' AND value < '3.7.0';
+INSERT INTO llx_const (name, value, type, note, visible, entity) SELECT __ENCRYPT('PRODUCT_USE_OLD_PATH_FOR_PHOTO')__,__ENCRYPT('1')__,'chaine','Use old path for products images',1,0 FROM llx_const WHERE __DECRYPT('name')__ = 'MAIN_VERSION_LAST_INSTALL' AND __DECRYPT('value')__ <= '3.7.2';

From 5139954365489c3d7e65a7525a27d094944b8ab3 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@capnetworks.com>
Date: Thu, 4 Jun 2015 16:39:39 +0200
Subject: [PATCH 2/5] Fix: add filter in "dol_most_recent_files" for avoid
 conflict with option "Save file on server with name "FA0700034_Original
 filename""

---
 htdocs/comm/propal.php         | 4 ++--
 htdocs/commande/card.php       | 4 ++--
 htdocs/compta/facture.php      | 4 ++--
 htdocs/expedition/card.php     | 4 ++--
 htdocs/fichinter/card.php      | 4 ++--
 htdocs/fourn/commande/card.php | 4 ++--
 htdocs/fourn/facture/card.php  | 4 ++--
 7 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/htdocs/comm/propal.php b/htdocs/comm/propal.php
index a0ef8878d1f..38e485ae563 100644
--- a/htdocs/comm/propal.php
+++ b/htdocs/comm/propal.php
@@ -2194,7 +2194,7 @@ if ($action == 'create')
 
 		$ref = dol_sanitizeFileName($object->ref);
 		include_once DOL_DOCUMENT_ROOT . '/core/lib/files.lib.php';
-		$fileparams = dol_most_recent_file($conf->propal->dir_output . '/' . $ref, preg_quote($ref, '/'));
+		$fileparams = dol_most_recent_file($conf->propal->dir_output . '/' . $ref, preg_quote($ref, '/').'\.([a-z0-9])+$');
 		$file = $fileparams ['fullname'];
 
 		// Define output language
@@ -2219,7 +2219,7 @@ if ($action == 'create')
 				dol_print_error($db, $result);
 				exit();
 			}
-			$fileparams = dol_most_recent_file($conf->propal->dir_output . '/' . $ref, preg_quote($ref, '/'));
+			$fileparams = dol_most_recent_file($conf->propal->dir_output . '/' . $ref, preg_quote($ref, '/').'\.([a-z0-9])+$');
 			$file = $fileparams ['fullname'];
 		}
 
diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php
index e6be7a8d74b..e932a9eb499 100644
--- a/htdocs/commande/card.php
+++ b/htdocs/commande/card.php
@@ -2285,7 +2285,7 @@ if ($action == 'create' && $user->rights->commande->creer) {
 
 			$ref = dol_sanitizeFileName($object->ref);
 			include_once DOL_DOCUMENT_ROOT . '/core/lib/files.lib.php';
-			$fileparams = dol_most_recent_file($conf->commande->dir_output . '/' . $ref, preg_quote($ref, '/'));
+			$fileparams = dol_most_recent_file($conf->commande->dir_output . '/' . $ref, preg_quote($ref, '/').'\.([a-z0-9])+$');
 			$file = $fileparams ['fullname'];
 
 			// Define output language
@@ -2310,7 +2310,7 @@ if ($action == 'create' && $user->rights->commande->creer) {
 					dol_print_error($db, $result);
 					exit();
 				}
-				$fileparams = dol_most_recent_file($conf->commande->dir_output . '/' . $ref, preg_quote($ref, '/'));
+				$fileparams = dol_most_recent_file($conf->commande->dir_output . '/' . $ref, preg_quote($ref, '/').'\.([a-z0-9])+$');
 				$file = $fileparams ['fullname'];
 			}
 
diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php
index e247863a015..86e027034b0 100644
--- a/htdocs/compta/facture.php
+++ b/htdocs/compta/facture.php
@@ -3561,7 +3561,7 @@ if ($action == 'create')
 
 		$ref = dol_sanitizeFileName($object->ref);
 		include_once DOL_DOCUMENT_ROOT . '/core/lib/files.lib.php';
-		$fileparams = dol_most_recent_file($conf->facture->dir_output . '/' . $ref, preg_quote($ref, '/'));
+		$fileparams = dol_most_recent_file($conf->facture->dir_output . '/' . $ref, preg_quote($ref, '/').'\.([a-z0-9])+$');
 		$file = $fileparams ['fullname'];
 
 		// Define output language
@@ -3586,7 +3586,7 @@ if ($action == 'create')
 				dol_print_error($db, $result);
 				exit();
 			}
-			$fileparams = dol_most_recent_file($conf->facture->dir_output . '/' . $ref, preg_quote($ref, '/'));
+			$fileparams = dol_most_recent_file($conf->facture->dir_output . '/' . $ref, preg_quote($ref, '/').'\.([a-z0-9])+$');
 			$file = $fileparams ['fullname'];
 		}
 
diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php
index 7187506db14..d072e9978a3 100644
--- a/htdocs/expedition/card.php
+++ b/htdocs/expedition/card.php
@@ -1621,7 +1621,7 @@ else if ($id || $ref)
 	{
 		$ref = dol_sanitizeFileName($object->ref);
 		include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
-		$fileparams = dol_most_recent_file($conf->expedition->dir_output . '/sending/' . $ref, preg_quote($ref,'/'));
+		$fileparams = dol_most_recent_file($conf->expedition->dir_output . '/sending/' . $ref, preg_quote($ref, '/').'\.([a-z0-9])+$');
 		$file=$fileparams['fullname'];
 
 		// Define output language
@@ -1648,7 +1648,7 @@ else if ($id || $ref)
 				dol_print_error($db,$result);
 				exit;
 			}
-			$fileparams = dol_most_recent_file($conf->expedition->dir_output . '/sending/' . $ref, preg_quote($ref,'/'));
+			$fileparams = dol_most_recent_file($conf->expedition->dir_output . '/sending/' . $ref, preg_quote($ref, '/').'\.([a-z0-9])+$');
 			$file=$fileparams['fullname'];
 		}
 
diff --git a/htdocs/fichinter/card.php b/htdocs/fichinter/card.php
index f5fcd076709..19616ba8fa0 100644
--- a/htdocs/fichinter/card.php
+++ b/htdocs/fichinter/card.php
@@ -1732,7 +1732,7 @@ else if ($id > 0 || ! empty($ref))
 	{
 		$ref = dol_sanitizeFileName($object->ref);
 		include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
-		$fileparams = dol_most_recent_file($conf->ficheinter->dir_output . '/' . $ref, preg_quote($ref,'/'));
+		$fileparams = dol_most_recent_file($conf->ficheinter->dir_output . '/' . $ref, preg_quote($ref, '/').'\.([a-z0-9])+$');
 		$file=$fileparams['fullname'];
 
 		// Define output language
@@ -1759,7 +1759,7 @@ else if ($id > 0 || ! empty($ref))
 				dol_print_error($db,$result);
 				exit;
 			}
-			$fileparams = dol_most_recent_file($conf->ficheinter->dir_output . '/' . $ref, preg_quote($ref,'/'));
+			$fileparams = dol_most_recent_file($conf->ficheinter->dir_output . '/' . $ref, preg_quote($ref, '/').'\.([a-z0-9])+$');
 			$file=$fileparams['fullname'];
 		}
 
diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php
index a6ac9c42b56..b886ed55d88 100644
--- a/htdocs/fourn/commande/card.php
+++ b/htdocs/fourn/commande/card.php
@@ -1920,7 +1920,7 @@ elseif (! empty($object->id))
 	{
 		$ref = dol_sanitizeFileName($object->ref);
 		include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
-		$fileparams = dol_most_recent_file($conf->fournisseur->commande->dir_output . '/' . $ref, preg_quote($ref,'/'));
+		$fileparams = dol_most_recent_file($conf->fournisseur->commande->dir_output . '/' . $ref, preg_quote($ref, '/').'\.([a-z0-9])+$');
 		$file=$fileparams['fullname'];
 
 		// Define output language
@@ -1947,7 +1947,7 @@ elseif (! empty($object->id))
 				dol_print_error($db,$result);
 				exit;
 			}
-			$fileparams = dol_most_recent_file($conf->fournisseur->commande->dir_output . '/' . $ref, preg_quote($ref,'/'));
+			$fileparams = dol_most_recent_file($conf->fournisseur->commande->dir_output . '/' . $ref, preg_quote($ref, '/').'\.([a-z0-9])+$');
 			$file=$fileparams['fullname'];
 		}
 
diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php
index 54ef660f6aa..947db69fda5 100644
--- a/htdocs/fourn/facture/card.php
+++ b/htdocs/fourn/facture/card.php
@@ -2396,7 +2396,7 @@ else
         {
             $ref = dol_sanitizeFileName($object->ref);
             include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
-            $fileparams = dol_most_recent_file($conf->fournisseur->facture->dir_output.'/'.get_exdir($object->id,2).$ref, preg_quote($ref,'/'));
+            $fileparams = dol_most_recent_file($conf->fournisseur->facture->dir_output.'/'.get_exdir($object->id,2).$ref, preg_quote($ref, '/').'\.([a-z0-9])+$');
             $file=$fileparams['fullname'];
 
             // Define output language
@@ -2423,7 +2423,7 @@ else
                     dol_print_error($db,$result);
                     exit;
                 }
-                $fileparams = dol_most_recent_file($conf->fournisseur->facture->dir_output.'/'.get_exdir($object->id,2).$ref, preg_quote($ref,'/'));
+                $fileparams = dol_most_recent_file($conf->fournisseur->facture->dir_output.'/'.get_exdir($object->id,2).$ref, preg_quote($ref, '/').'\.([a-z0-9])+$');
                 $file=$fileparams['fullname'];
             }
 

From 65b049fdf559aee19a45a6d4bca664c9767114c9 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@capnetworks.com>
Date: Mon, 8 Jun 2015 09:13:21 +0200
Subject: [PATCH 3/5] Fix: Drop foreign key for avoid Mysql crash

---
 htdocs/install/mysql/migration/3.6.0-3.7.0.sql | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/htdocs/install/mysql/migration/3.6.0-3.7.0.sql b/htdocs/install/mysql/migration/3.6.0-3.7.0.sql
index b74c8ddba17..59c448526ce 100755
--- a/htdocs/install/mysql/migration/3.6.0-3.7.0.sql
+++ b/htdocs/install/mysql/migration/3.6.0-3.7.0.sql
@@ -208,10 +208,14 @@ UPDATE llx_product SET fk_barcode_type = NULL WHERE fk_barcode_type NOT IN (SELE
 ALTER TABLE  llx_product_price ADD INDEX idx_product_price_fk_user_author (fk_user_author);
 UPDATE llx_product_price set fk_user_author = null where fk_user_author = 0;
 UPDATE llx_product_price set fk_user_author = null where fk_user_author not in (select rowid from llx_user);
+-- drop foreign key for avoid a mysql crash
+ALTER TABLE  llx_product_price DROP FOREIGN KEY fk_product_price_user_author;
 ALTER TABLE  llx_product_price ADD CONSTRAINT fk_product_price_user_author FOREIGN KEY (fk_user_author) REFERENCES  llx_user (rowid);
 -- fk_product
 ALTER TABLE  llx_product_price ADD INDEX idx_product_price_fk_product (fk_product);
 DELETE from llx_product_price where fk_product NOT IN (SELECT rowid from llx_product);
+-- drop foreign key for avoid a mysql crash
+ALTER TABLE  llx_product_price DROP FOREIGN KEY fk_product_price_product;
 ALTER TABLE  llx_product_price ADD CONSTRAINT fk_product_price_product FOREIGN KEY (fk_product) REFERENCES  llx_product (rowid);
 
 ALTER TABLE llx_commande_fournisseur MODIFY COLUMN date_livraison datetime; 

From 792911b14f02b7c2226b626a2761bc949c624ac5 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@capnetworks.com>
Date: Mon, 8 Jun 2015 09:28:53 +0200
Subject: [PATCH 4/5] Revert "Fix: Drop foreign key for avoid Mysql crash"

This reverts commit 65b049fdf559aee19a45a6d4bca664c9767114c9.
---
 htdocs/install/mysql/migration/3.6.0-3.7.0.sql | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/htdocs/install/mysql/migration/3.6.0-3.7.0.sql b/htdocs/install/mysql/migration/3.6.0-3.7.0.sql
index 59c448526ce..b74c8ddba17 100755
--- a/htdocs/install/mysql/migration/3.6.0-3.7.0.sql
+++ b/htdocs/install/mysql/migration/3.6.0-3.7.0.sql
@@ -208,14 +208,10 @@ UPDATE llx_product SET fk_barcode_type = NULL WHERE fk_barcode_type NOT IN (SELE
 ALTER TABLE  llx_product_price ADD INDEX idx_product_price_fk_user_author (fk_user_author);
 UPDATE llx_product_price set fk_user_author = null where fk_user_author = 0;
 UPDATE llx_product_price set fk_user_author = null where fk_user_author not in (select rowid from llx_user);
--- drop foreign key for avoid a mysql crash
-ALTER TABLE  llx_product_price DROP FOREIGN KEY fk_product_price_user_author;
 ALTER TABLE  llx_product_price ADD CONSTRAINT fk_product_price_user_author FOREIGN KEY (fk_user_author) REFERENCES  llx_user (rowid);
 -- fk_product
 ALTER TABLE  llx_product_price ADD INDEX idx_product_price_fk_product (fk_product);
 DELETE from llx_product_price where fk_product NOT IN (SELECT rowid from llx_product);
--- drop foreign key for avoid a mysql crash
-ALTER TABLE  llx_product_price DROP FOREIGN KEY fk_product_price_product;
 ALTER TABLE  llx_product_price ADD CONSTRAINT fk_product_price_product FOREIGN KEY (fk_product) REFERENCES  llx_product (rowid);
 
 ALTER TABLE llx_commande_fournisseur MODIFY COLUMN date_livraison datetime; 

From f5168625d810fb14d4c8b976979eae05eabc2ded Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@capnetworks.com>
Date: Sat, 13 Jun 2015 10:43:55 +0200
Subject: [PATCH 5/5] Fix: broken feature: barcode search #3019

---
 htdocs/cashdesk/facturation_dhtml.php    | 17 ++++++++++++-----
 htdocs/cashdesk/javascript/dhtml.js      |  7 ++++---
 htdocs/cashdesk/tpl/facturation1.tpl.php |  5 +++--
 3 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/htdocs/cashdesk/facturation_dhtml.php b/htdocs/cashdesk/facturation_dhtml.php
index e481fcbecf6..8d4ebf8af31 100644
--- a/htdocs/cashdesk/facturation_dhtml.php
+++ b/htdocs/cashdesk/facturation_dhtml.php
@@ -1,6 +1,7 @@
 <?php
-/* Copyright (C) 2007-2008 Jeremie Ollivier <jeremie.o@laposte.net>
- * Copyright (C) 2008-2009 Laurent Destailleur   <eldy@uers.sourceforge.net>
+/* Copyright (C) 2007-2008 	Jeremie Ollivier 	<jeremie.o@laposte.net>
+ * Copyright (C) 2008-2009 	Laurent Destailleur <eldy@uers.sourceforge.net>
+ * Copyright (C) 2015		Regis Houssin		<regis.houssin@capnetworks.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -41,8 +42,10 @@ require_once DOL_DOCUMENT_ROOT.'/cashdesk/include/environnement.php';
 //header("Content-type: text/html; charset=UTF-8");
 header("Content-type: text/html; charset=".$conf->file->character_set_client);
 
+$search = GETPOST("code", "alpha");
+
 // Search from criteria
-if (dol_strlen($_GET["code"]) >= 0)	// If search criteria is on char length at least
+if (dol_strlen($search) >= 0)	// If search criteria is on char length at least
 {
 	$sql = "SELECT p.rowid, p.ref, p.label, p.tva_tx";
 	if (! empty($conf->stock->enabled) && !empty($conf_fkentrepot)) $sql.= ", ps.reel";
@@ -54,11 +57,15 @@ if (dol_strlen($_GET["code"]) >= 0)	// If search criteria is on char length at l
 	// Add criteria on ref/label
 	if (! empty($conf->global->PRODUCT_DONOTSEARCH_ANYWHERE))
 	{
-		$sql.= " AND (p.ref LIKE '".$_GET['code']."%' OR p.label LIKE '".$_GET['code']."%')";
+		$sql.= " AND (p.ref LIKE '".$db->escape($search)."%' OR p.label LIKE '".$db->escape($search)."%'";
+		if (! empty($conf->barcode->enabled)) $sql.= " OR p.barcode LIKE '".$db->escape($search)."%'";
+		$sql.= ")";
 	}
 	else
 	{
-		$sql.= " AND (p.ref LIKE '%".$_GET['code']."%' OR p.label LIKE '%".$_GET['code']."%')";
+		$sql.= " AND (p.ref LIKE '%".$db->escape($search)."%' OR p.label LIKE '%".$db->escape($search)."%'";
+		if (! empty($conf->barcode->enabled)) $sql.= " OR p.barcode LIKE '%".$db->escape($search)."%'";
+		$sql.= ")";
 	}
 	$sql.= " ORDER BY label";
 
diff --git a/htdocs/cashdesk/javascript/dhtml.js b/htdocs/cashdesk/javascript/dhtml.js
index caf0cd94abd..a2af98d65a8 100644
--- a/htdocs/cashdesk/javascript/dhtml.js
+++ b/htdocs/cashdesk/javascript/dhtml.js
@@ -1,5 +1,6 @@
 
-/* Copyright (C) 2007-2008 Jeremie Ollivier <jeremie.o@laposte.net>
+/* Copyright (C) 2007-2008	Jeremie Ollivier	<jeremie.o@laposte.net>
+ * Copyright (C) 2015		Regis Houssin		<regis.houssin@capnetworks.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -59,8 +60,8 @@ function afficheDonnees(aId, aTexte) {
 
 
 // aCible : id du bloc de destination; aCode : argument a passer a la page php chargee du traitement et de l'affichage
-function verifResultat(aCible, aCode) {
-	if (aCode != '') {
+function verifResultat(aCible, aCode, iLimit = 1) {
+	if (aCode != '' && aCode.length >= iLimit) {
 
 		if (texte = file ('facturation_dhtml.php?code='+escape(aCode))) {
 
diff --git a/htdocs/cashdesk/tpl/facturation1.tpl.php b/htdocs/cashdesk/tpl/facturation1.tpl.php
index 338c0f23b16..2d7d170f22e 100644
--- a/htdocs/cashdesk/tpl/facturation1.tpl.php
+++ b/htdocs/cashdesk/tpl/facturation1.tpl.php
@@ -2,6 +2,7 @@
 /* Copyright (C) 2007-2008	Jeremie Ollivier	<jeremie.o@laposte.net>
  * Copyright (C) 2011		Laurent Destailleur	<eldy@users.sourceforge.net>
  * Copyright (C) 2011		Juanjo Menent		<jmenent@2byte.es>
+ * Copyright (C) 2015		Regis Houssin		<regis.houssin@capnetworks.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -43,8 +44,8 @@ $langs->load("cashdesk");
 			<!-- Affichage de la reference et de la designation -->
 			<td><input class="texte_ref" type="text" id ="txtRef" name="txtRef" value="<?php echo $obj_facturation->ref() ?>"
 				onchange="javascript: setSource('REF');"
-				onkeyup="javascript: verifResultat('resultats_dhtml', this.value);"
-				onfocus="javascript: this.select(); verifResultat('resultats_dhtml', this.value);"
+				onkeyup="javascript: verifResultat('resultats_dhtml', this.value, <?php echo (! empty($conf->global->BARCODE_USE_SEARCH_TO_SELECT)?(int)$conf->global->BARCODE_USE_SEARCH_TO_SELECT:1) ?>);"
+				onfocus="javascript: this.select(); verifResultat('resultats_dhtml', this.value, <?php echo (! empty($conf->global->BARCODE_USE_SEARCH_TO_SELECT)?(int)$conf->global->BARCODE_USE_SEARCH_TO_SELECT:1) ?>);"
 				onBlur="javascript: document.getElementById('resultats_dhtml').innerHTML = '';"/>
 			</td>
 			<td class="select_design">