From 4776c9fdaaf29caa7b228e491acb96dc7372dad2 Mon Sep 17 00:00:00 2001
From: bagtaib <bagtaib@ubuntu>
Date: Tue, 26 Jul 2022 16:30:21 +0200
Subject: [PATCH 01/14] change button position

---
 htdocs/admin/tools/dolibarr_export.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/htdocs/admin/tools/dolibarr_export.php b/htdocs/admin/tools/dolibarr_export.php
index fae91d3ecb4..83ae97bafa3 100644
--- a/htdocs/admin/tools/dolibarr_export.php
+++ b/htdocs/admin/tools/dolibarr_export.php
@@ -171,8 +171,7 @@ print '</tr>';
 print '<tr class="oddeven nohover"><td style="padding-left: 8px" class="nohover">';
 
 print '<table class="centpercent noborderbottom">';
-print '<tr>';
-print '<td class="tdtop nopaddingleftimp">';
+print '<tr class="tdtop nopaddingleftimp">';
 
 print '<div id="div_container_exportoptions">';
 print '<fieldset id="exportoptions"><legend>'.$langs->trans("ExportMethod").'</legend>';
@@ -194,8 +193,9 @@ if (in_array($type, array('mysql', 'mysqli'))) {
 print '</fieldset>';
 print '</div>';
 
-print '</td>';
-print '<td class="tdtop nopaddingrightimp">';
+print '</tr>';
+print '<br>';
+print '<tr class="tdtop nopaddingrightimp">';
 
 print '<button id="btn" type="button" onclick="hideoptions()">'.$langs->trans("ShowAdvancedOptions").'</button>';
 
@@ -216,6 +216,7 @@ function hideoptions(){
 </script>';
 
 print '<div id="div_container_sub_exportoptions" style="display: none;">';
+print '<br>';
 if (in_array($type, array('mysql', 'mysqli'))) {
 	print "<!--  Fieldset mysqldump -->\n";
 	print '<fieldset id="mysql_options"><legend>'.$langs->trans("MySqlExportParameters").'</legend>';
@@ -430,7 +431,7 @@ if (in_array($type, array('pgsql'))) {
 }
 print '</div>';
 
-print '</td>';
+print '</tr>';
 print '</tr>';
 print '</table>';
 

From 3f81d21c7cea2245989e5ce873b9f4d80b99ef28 Mon Sep 17 00:00:00 2001
From: bagtaib <bagtaib@ubuntu>
Date: Tue, 26 Jul 2022 18:32:48 +0200
Subject: [PATCH 02/14] make a button look like a link

---
 htdocs/admin/tools/dolibarr_export.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/htdocs/admin/tools/dolibarr_export.php b/htdocs/admin/tools/dolibarr_export.php
index 83ae97bafa3..78c0d9690c1 100644
--- a/htdocs/admin/tools/dolibarr_export.php
+++ b/htdocs/admin/tools/dolibarr_export.php
@@ -197,7 +197,8 @@ print '</tr>';
 print '<br>';
 print '<tr class="tdtop nopaddingrightimp">';
 
-print '<button id="btn" type="button" onclick="hideoptions()">'.$langs->trans("ShowAdvancedOptions").'</button>';
+print '<button id="btn" type="button" style="all: unset; color: var(--colortextlink); text-decoration: underline;
+cursor: pointer;" onclick="hideoptions()">'.$langs->trans("ShowAdvancedOptions").'</button>';
 
 print '<script type="text/javascript">
 

From d7f4e82b32e1f13decd0f9171c3aad76f91f99f2 Mon Sep 17 00:00:00 2001
From: Anthony Berton <bertonanthony@gmail.com>
Date: Wed, 27 Jul 2022 11:31:22 +0200
Subject: [PATCH 03/14] FIX - php V8 Save Options

---
 ChangeLog | 35 ++++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 76709bd8f85..763d8a0920c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -30,25 +30,23 @@ For users:
 NEW: PHP 8.1 compatibility
 NEW: Support for recurring purchase invoices.
 NEW: #20292 Include German public holidays
-NEW: Can show ZATCA QRCode on PDFs
-NEW: Can show Swiss QR Code on PDFs
+NEW: Can show ZATCA QR-Code on PDFs
+NEW: Can show Swiss QR-Code on PDFs
 NEW: #17123 added ExtraFields for Stock Mouvement
-NEW: #20609 : new massaction to assign a sale representatives on a selection of thirdparties
+NEW: #20609 new massaction to assign a sale representatives on a selection of thirdparties
 NEW: #20653 edit discount pourcentage for all lines in one shot
 NEW: Accept 'auto' for ref of object on import of purchase order/proposal
 NEW: Accountancy - Add more filters and info on page to bind accounting accounts
-NEW: Accountancy - Add subledger account when we generate a transaction with a deposit invoice
+NEW: Accountancy - Add subledger account when generate a transaction with a deposit invoice
 NEW: Accountancy - Add a massaction to preselect an account (customer and supplier list)
 NEW: ACE Editor is restored at same cursor position after a save.
 NEW: Add "addMoreActionsButtons" hook to subscription form
 NEW: Add an option in GUI to show a Quick add button into top menu bar
-NEW: Module Recruitment - Add a public page with all list of open job positions.
-NEW: Module Recruitment - Add a tab with list of application on the jobposition file.
 NEW: Add a workflow to auto link contract on a ticket
 NEW: Add column date of Signature on proposal list
 NEW: Add column template invoice in invoice list
 NEW: Add column "Total HT" to products array on document creation card
-NEW: ADD configuration for text color of button action
+NEW: Add configuration for text color of button action
 NEW: Add constant to hide categories in TakePos
 NEW: Add constant to show category description in TakePos
 NEW: Add constant to show only the products in stock in TakePos
@@ -56,7 +54,7 @@ NEW: Add entity filter in exports
 NEW: Show the event block on recurring invoices #20870
 NEW: Add filter "opportunity status" on statistics of projects.
 NEW: Add firstname, lastname and max number of attendees for module "Event Organization"
-NEW: add margin info in proposal and order list
+NEW: Add margin info in proposal and order list
 NEW: Add massaction "Edit Extrafield" for Product
 NEW: Add more fields to detect duplicate during import of thirdparties
 NEW: Add option to foce delivery on email for purchase order receipt to yes
@@ -67,14 +65,12 @@ NEW: Add possibility with constant MAIN_LOGIN_BADCHARUNAUTHORIZED to define bad
 NEW: Add private and public notes on tax files.
 NEW: Add status "Obsolete" to KM articles
 NEW: Add substitutions "user numbers"
-NEW: Add the possibility to add sub-BOMs to BOM
 NEW: allow a ticket to be automatically marked as read when created from backend.
 NEW: allow cut&paste as real numeric value to excel
 NEW: A public form to send a message and create a lead is available
 NEW: automatically set totally received status in reception
 NEW: Auto set invoice paid when adding credit not and remain to pay is 0
 NEW: Availibility dictionnary has a new column unit and number
-NEW: barcode rule to insert product in takepos
 NEW: Can change value of AWP during the inventory
 NEW: Can enter price with tax for predefined products on purchase objects
 NEW: Can filter on a thirdparty on product statistics
@@ -90,7 +86,7 @@ NEW: create third-party with contact if not found on public ticket
 NEW: Default value for MAIN_SECURITY_CSRF_WITH_TOKEN is now 2 (GET are also protected agains CSRF attacks)
 NEW: deposit payment terms: add field into dictionary admin page to define default percentage of deposit. 
 NEW: Dictionaries - add possibility to manage countries in EEC
-NEW: display errors in a message box after generating documents
+NEW: Display errors in a message box after generating documents
 NEW: Display physical and virtual stock of the products when creating OF from a BOM
 NEW: Display product ref in "Object link" product tab for BOM
 NEW: Enhance the import. Can use 'auto' for the ref (import of orders)
@@ -102,10 +98,13 @@ NEW: leave requests: add field into type dictionary to block request if balance
 NEW: MAIN_MAIL_AUTOCOPY_TO can accept several email and special keys
 NEW: MAIN_SEARCH_CAT_OR_BY_DEFAULT const for search by category
 NEW: Mass action "Close shipments"
+NEW: Module BOM - Add tabs for nets Bom
+NEW: Module BOM - Add the possibility to add sub-BOMs to BOM
+NEW: Module Recruitment - Add a public page with all list of open job positions.
+NEW: Module Recruitment - Add a tab with list of application on the jobposition file.
 NEW: Module website now supports the multicompany module
 NEW: More mode for THEME_TOPMENU_DISABLE_IMAGE (2, 3, ...)
 NEW: Add option to move checkbox column as first column on Thirdparty list (only few screens)
-NEW: Add tabs for nets Bom
 NEW: on redirect of page in website module, GET parameters are kept.
 NEW: optional display warning icons on ticket list
 NEW: option to default check "notify tier at creation" in ticket module
@@ -117,15 +116,15 @@ NEW: Send email to the supplier order contact
 NEW: New permission to report time on timesheet.
 NEW: SEPA XML - option to place payment Type Info at Credit transfer Transaction level
 NEW: Show number of votes into the label of tab "Results" of a survey
-NEW: Show product reference in Takepos
 NEW: Some core tables are created only at module activation
 NEW: split consumption line on MO
 NEW: stock filter in reassort lists
 NEW: stock limit in stock export CSV
-NEW: Sub-bom are availables
 NEW: Supplier order - Show ref supplier of reception in linked object block
 NEW: support user_modif in order
-NEW: TakePos - pagination on search results
+NEW: TakePOS - barcode rule to insert product in TakePOS
+NEW: TakePOS - pagination on search results
+NEW: TakePOS - show product reference
 NEW: The backup tools has an "lowmemory" option for mysqldump on large database
 NEW: The 'reposition' class works on ajax constantonoff that make redirects
 NEW: Thirdparty - Add rules "customer accountancy code" is mandatory to validate invoice
@@ -140,7 +139,7 @@ NEW: Added MMK currency (Myanmar Kyat)
 
  Modules
 NEW: Module Partnership Management
-NEW: Experimental module Event Organization Management
+NEW: Experimental Module Event Organization Management
 
 
 For developers or integrators:
@@ -155,7 +154,6 @@ NEW: Suggest a way to run upgrade per entities.
 NEW: Support html content for multiselect component.
 NEW: ModuleBuilder - Add tabs view in module builder
 NEW: ModuleBuilder - More feature that can be modifed after module generation
-NEW: Hook getNomUrl available everywhere in tooltip of ref links
 NEW: Identification of tr is possible with by attribute data-id on some pages
 NEW: Import with select boxes V2
 NEW: Can update rank of invoice, proposal and order lines with API update
@@ -182,6 +180,9 @@ NEW: Add a protection into PHPunit to avoid to forget a var_dump
 NEW: Add datem and type parameters to API to create movements
 NEW: Add hidden option on contract PDF line to hide qty and price
 NEW: Option MAIL_MASS_ACTION_ADD_LAST_IF_MAIN_DOC_NOT_FOUND to send last document in mass mailing action
+
+Hooks: 
+NEW: Hook getNomUrl available everywhere in tooltip of ref links
 NEW: Add hooks: selectContactListWhere hook, selectThirdpartyListWhere hook 
 NEW: TakePos - add hooks complete product display
 NEW: TakePos - add hooks for cart display

From 26033b92977d64f818b0a19a9590b26ad3989588 Mon Sep 17 00:00:00 2001
From: bagtaib <bagtaib@ubuntu>
Date: Wed, 27 Jul 2022 11:50:18 +0200
Subject: [PATCH 04/14] changed the button to a link

---
 htdocs/admin/tools/dolibarr_export.php | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/htdocs/admin/tools/dolibarr_export.php b/htdocs/admin/tools/dolibarr_export.php
index 78c0d9690c1..0cde0348314 100644
--- a/htdocs/admin/tools/dolibarr_export.php
+++ b/htdocs/admin/tools/dolibarr_export.php
@@ -171,7 +171,8 @@ print '</tr>';
 print '<tr class="oddeven nohover"><td style="padding-left: 8px" class="nohover">';
 
 print '<table class="centpercent noborderbottom">';
-print '<tr class="tdtop nopaddingleftimp">';
+print '<tr>';
+print '<td class="tdtop nopaddingleftimp">';
 
 print '<div id="div_container_exportoptions">';
 print '<fieldset id="exportoptions"><legend>'.$langs->trans("ExportMethod").'</legend>';
@@ -193,25 +194,24 @@ if (in_array($type, array('mysql', 'mysqli'))) {
 print '</fieldset>';
 print '</div>';
 
-print '</tr>';
+print '</td>';
+print '<tr>';
+print '<td class="tdtop nopaddingrightimp">';
 print '<br>';
-print '<tr class="tdtop nopaddingrightimp">';
-
-print '<button id="btn" type="button" style="all: unset; color: var(--colortextlink); text-decoration: underline;
-cursor: pointer;" onclick="hideoptions()">'.$langs->trans("ShowAdvancedOptions").'</button>';
+print '<a id="lnk" href="javascript:hideoptions()"> '.$langs->trans("ShowAdvancedOptions").'</a>';
 
 print '<script type="text/javascript">
 
 function hideoptions(){
-	const btn = document.getElementById("btn");
+	const lnk = document.getElementById("lnk");
 	const div = document.getElementById("div_container_sub_exportoptions");
 
   	if (div.style.display === "none") {
     	div.style.display = "block";
-		btn.innerText="'.$langs->trans("HideAdvancedoptions").'";
+		lnk.innerText="'.$langs->trans("HideAdvancedoptions").'";
   	} else {
     	div.style.display = "none";
-		btn.innerText="'.$langs->trans("ShowAdvancedOptions").'";
+		lnk.innerText="'.$langs->trans("ShowAdvancedOptions").'";
 	}
 }
 </script>';
@@ -432,7 +432,7 @@ if (in_array($type, array('pgsql'))) {
 }
 print '</div>';
 
-print '</tr>';
+print '</td>';
 print '</tr>';
 print '</table>';
 

From f1b3f51b3a3a901f33db90161fe81c8c6b3bf638 Mon Sep 17 00:00:00 2001
From: bagtaib <bagtaib@ubuntu>
Date: Wed, 27 Jul 2022 14:14:34 +0200
Subject: [PATCH 05/14] add missing </tr>

---
 htdocs/admin/tools/dolibarr_export.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/htdocs/admin/tools/dolibarr_export.php b/htdocs/admin/tools/dolibarr_export.php
index 0cde0348314..1a68b17c3e0 100644
--- a/htdocs/admin/tools/dolibarr_export.php
+++ b/htdocs/admin/tools/dolibarr_export.php
@@ -195,6 +195,7 @@ print '</fieldset>';
 print '</div>';
 
 print '</td>';
+print '</tr>';
 print '<tr>';
 print '<td class="tdtop nopaddingrightimp">';
 print '<br>';

From 29cb21fdabeb7e2026598ccd0da2ef477f837026 Mon Sep 17 00:00:00 2001
From: Anthony Berton <bertonanthony@gmail.com>
Date: Wed, 27 Jul 2022 17:48:10 +0200
Subject: [PATCH 06/14] FIX - php V8 functions lib dolGetButtonAction

---
 htdocs/core/lib/functions.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 61a603f48bd..1eb72d50455 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -10422,7 +10422,7 @@ function dolGetButtonAction($label, $html = '', $actionType = 'default', $url =
 	global $hookmanager, $action, $object, $langs;
 
 	//var_dump($params);
-	if ($params['isDropdown'])
+	if (isset($params['isDropdown']))
 		$class = "dropdown-item";
 	else {
 		$class = 'butAction';

From d66aa960bb57ccdf7cd137ea1ece07540b1d7d31 Mon Sep 17 00:00:00 2001
From: Anthony Berton <bertonanthony@gmail.com>
Date: Thu, 28 Jul 2022 14:33:33 +0200
Subject: [PATCH 07/14] Resolve

---
 htdocs/core/lib/functions.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 1eb72d50455..707f8cb7384 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -10422,7 +10422,7 @@ function dolGetButtonAction($label, $html = '', $actionType = 'default', $url =
 	global $hookmanager, $action, $object, $langs;
 
 	//var_dump($params);
-	if (isset($params['isDropdown']))
+	if (!empty($params['isDropdown']))
 		$class = "dropdown-item";
 	else {
 		$class = 'butAction';

From 07f9541efd0eed00ae5c447970ec97300dc6129e Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sun, 10 Jul 2022 20:12:35 +0200
Subject: [PATCH 08/14] Fix missing migration

---
 htdocs/core/lib/ftp.lib.php | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/htdocs/core/lib/ftp.lib.php b/htdocs/core/lib/ftp.lib.php
index 42f5806fba5..928a7e4a934 100644
--- a/htdocs/core/lib/ftp.lib.php
+++ b/htdocs/core/lib/ftp.lib.php
@@ -218,6 +218,35 @@ function dol_ftp_get($connect_id, $file, $newsection)
 	}
 }
 
+/**
+ * Upload a FTP file
+ *
+ * @param 		resource	$connect_id		Connection handler
+ * @param 		string		$file			File
+ * @param 		string		$newsection			$newsection
+ * @return		result
+ */
+function dol_ftp_put($connect_id, $file, $newsection)
+{
+
+	global $conf;
+
+	if (!empty($conf->global->FTP_CONNECT_WITH_SFTP)) {
+		$newsection = ssh2_sftp_realpath($connect_id, ".").'/./'; // workaround for bug https://bugs.php.net/bug.php?id=64169
+	}
+
+	// Remote file
+	$filename = $file;
+	$remotefile = $newsection.(preg_match('@[\\\/]$@', $newsection) ? '' : '/').$file;
+	$newremotefileiso = utf8_decode($remotefile);
+
+	if (!empty($conf->global->FTP_CONNECT_WITH_SFTP)) {
+		return fopen('ssh2.sftp://'.intval($connect_id).$newremotefileiso, 'r');
+	} else {
+		return ftp_put($connect_id, $localfile, $newremotefileiso, FTP_BINARY);
+	}
+}
+
 /**
  * Remove FTP directory
  *

From c7652af3bc9dc0ee6017607f2bb45b792bc20d13 Mon Sep 17 00:00:00 2001
From: lmarcouiller <lucas.marcouiller@gmail.com>
Date: Wed, 3 Aug 2022 14:24:27 +0200
Subject: [PATCH 09/14] New : Add DoS security on GETPOST with img

---
 htdocs/admin/security_other.php                  | 15 +++++++++++++--
 htdocs/core/lib/functions.lib.php                |  5 +++++
 htdocs/install/mysql/migration/16.0.0-17.0.0.sql |  1 +
 htdocs/langs/en_US/admin.lang                    |  2 ++
 4 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php
index 79190725c16..090e2254541 100644
--- a/htdocs/admin/security_other.php
+++ b/htdocs/admin/security_other.php
@@ -61,14 +61,17 @@ if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) {
 		dol_print_error($db);
 	}
 } elseif ($action == 'updateform') {
-	$res1 = 1; $res2 = 1;
+	$res1 = 1; $res2 = 1; $res3 = 1;
 	if (GETPOSTISSET('MAIN_APPLICATION_TITLE')) {
 		$res1 = dolibarr_set_const($db, "MAIN_APPLICATION_TITLE", GETPOST("MAIN_APPLICATION_TITLE", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
 	}
 	if (GETPOSTISSET('MAIN_SESSION_TIMEOUT')) {
 		$res2 = dolibarr_set_const($db, "MAIN_SESSION_TIMEOUT", GETPOST("MAIN_SESSION_TIMEOUT", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
 	}
-	if ($res1 && $res2) {
+	if (GETPOSTISSET('MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT')) {
+		$res3 = dolibarr_set_const($db, "MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT", GETPOST("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT", 'alphanohtml'), 'int', 0, '', $conf->entity);
+	}
+	if ($res1 && $res2 && $res3) {
 		setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs');
 	}
 }
@@ -174,6 +177,14 @@ print '<input class="flat right width50" name="MAIN_SESSION_TIMEOUT" type="text"
 print '</td>';
 print '</tr>';
 
+print '<tr class="oddeven">';
+print '<td>'.$langs->trans("MaxNumberOfImagesInGetPost").'</td><td class="right">';
+print '</td>';
+print '<td class="nowrap">';
+print '<input class="flat right width50" name="MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT" type="text" value="'.dol_escape_htmltag($conf->global->MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT).'"> '.strtolower($langs->trans("Images"));
+print '</td>';
+print '</tr>';
+
 /*
 if (empty($conf->global->MAIN_APPLICATION_TITLE)) {
 	$conf->global->MAIN_APPLICATION_TITLE = "";
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 90288645003..cf4b19d3aa6 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -954,6 +954,11 @@ function sanitizeVal($out = '', $check = 'alphanohtml', $filter = null, $options
 
 				// Restore entity &apos; into &#39; (restricthtml is for html content so we can use html entity)
 				$out = preg_replace('/&apos;/i', "&#39;", $out);
+
+				preg_match_all('/(<img)/', $out, $reg);
+				if (count($reg[0]) > (getDolGlobalInt("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT") ? getDolGlobalInt("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT") : 1000)) {
+					$out = '';
+				}
 			} while ($oldstringtoclean != $out);
 			break;
 		case 'custom':
diff --git a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql
index 4ab1b1e1fa3..597681c4ad5 100644
--- a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql
+++ b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql
@@ -73,3 +73,4 @@ ALTER TABLE llx_commande_fournisseur_dispatch ADD INDEX idx_commande_fournisseur
 ALTER TABLE llx_recruitment_recruitmentcandidature ADD email_date datetime after email_msgid;
 ALTER TABLE llx_ticket ADD email_date datetime after email_msgid;
 
+INSERT INTO llx_const (name, entity, value, type, visible) VALUES ('MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT', 1, 1000, 'int', 0);
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index 7148e19fb48..6ca93dc7788 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -2287,4 +2287,6 @@ DoesNotWorkWithAllThemes=Will not work with all themes
 NoName=No name
 ShowAdvancedOptions= Show advanced options
 HideAdvancedoptions= Hide advanced options
+Images=Images
+MaxNumberOfImagesInGetPost=Max number of images allowed in GETPOST check
 CIDLookupURL=The module brings an URL that can be used by an external tool to get the name of a thirdparty or contact from its phone number. URL to use is: 

From 09e47a5a8a23aa96ce26a61894d221494a5f25d9 Mon Sep 17 00:00:00 2001
From: lmarcouiller <lucas.marcouiller@gmail.com>
Date: Wed, 3 Aug 2022 14:27:58 +0200
Subject: [PATCH 10/14] Add DoS security on sanitizeVal() with img

---
 htdocs/core/lib/functions.lib.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index cf4b19d3aa6..5f9e1b7f4cc 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -923,6 +923,10 @@ function sanitizeVal($out = '', $check = 'alphanohtml', $filter = null, $options
 						// Remove the trick added to solve pb with text without parent tag
 						$out = preg_replace('/^<div class="tricktoremove">/', '', $out);
 						$out = preg_replace('/<\/div>$/', '', $out);
+						preg_match_all('/(<img)/', $out, $reg);
+						if (count($reg[0]) > (getDolGlobalInt("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT") ? getDolGlobalInt("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT") : 1000)) {
+							$out = '';
+						}
 					} catch (Exception $e) {
 						//print $e->getMessage();
 						return 'InvalidHTMLString';

From 02c09704513f847e084d3f169b71d4e339ee6ccb Mon Sep 17 00:00:00 2001
From: lmarcouiller <lucas.marcouiller@gmail.com>
Date: Wed, 3 Aug 2022 14:35:41 +0200
Subject: [PATCH 11/14] remove error

---
 htdocs/core/lib/functions.lib.php | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 5f9e1b7f4cc..cf4b19d3aa6 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -923,10 +923,6 @@ function sanitizeVal($out = '', $check = 'alphanohtml', $filter = null, $options
 						// Remove the trick added to solve pb with text without parent tag
 						$out = preg_replace('/^<div class="tricktoremove">/', '', $out);
 						$out = preg_replace('/<\/div>$/', '', $out);
-						preg_match_all('/(<img)/', $out, $reg);
-						if (count($reg[0]) > (getDolGlobalInt("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT") ? getDolGlobalInt("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT") : 1000)) {
-							$out = '';
-						}
 					} catch (Exception $e) {
 						//print $e->getMessage();
 						return 'InvalidHTMLString';

From 985d9b3624a8e0b4b9b97bda0558b08a1b88eaa2 Mon Sep 17 00:00:00 2001
From: Anthony Berton <bertonanthony@gmail.com>
Date: Wed, 3 Aug 2022 15:59:53 +0200
Subject: [PATCH 12/14] Function

---
 htdocs/core/lib/ftp.lib.php   | 11 +++++----
 htdocs/ftp/index.php          | 43 +++++++++++++++++++++++++++++++++++
 htdocs/langs/en_US/other.lang |  4 +++-
 3 files changed, 52 insertions(+), 6 deletions(-)

diff --git a/htdocs/core/lib/ftp.lib.php b/htdocs/core/lib/ftp.lib.php
index 928a7e4a934..3d680de08a0 100644
--- a/htdocs/core/lib/ftp.lib.php
+++ b/htdocs/core/lib/ftp.lib.php
@@ -222,11 +222,12 @@ function dol_ftp_get($connect_id, $file, $newsection)
  * Upload a FTP file
  *
  * @param 		resource	$connect_id		Connection handler
- * @param 		string		$file			File
- * @param 		string		$newsection			$newsection
+ * @param 		string		$file			File name
+ * @param 		string		$localfile		The path to the local file
+ * @param 		string		$newsection		$newsection
  * @return		result
  */
-function dol_ftp_put($connect_id, $file, $newsection)
+function dol_ftp_put($connect_id, $file, $localfile, $newsection)
 {
 
 	global $conf;
@@ -241,9 +242,9 @@ function dol_ftp_put($connect_id, $file, $newsection)
 	$newremotefileiso = utf8_decode($remotefile);
 
 	if (!empty($conf->global->FTP_CONNECT_WITH_SFTP)) {
-		return fopen('ssh2.sftp://'.intval($connect_id).$newremotefileiso, 'r');
+		return ssh2_scp_send($connect_id, $localfile, $newremotefileiso, 0644);
 	} else {
-		return ftp_put($connect_id, $localfile, $newremotefileiso, FTP_BINARY);
+		return ftp_put($connect_id, $newremotefileiso, $localfile, FTP_BINARY);
 	}
 }
 
diff --git a/htdocs/ftp/index.php b/htdocs/ftp/index.php
index cf647929ac8..ccbc7d6a0df 100644
--- a/htdocs/ftp/index.php
+++ b/htdocs/ftp/index.php
@@ -131,6 +131,39 @@ if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC)) {
 	}
 }
 
+if ($action == 'uploadfile') {
+	// set up a connection or die
+	if (!$conn_id) {
+		$newsectioniso = utf8_decode($section);
+		$resultarray = dol_ftp_connect($ftp_server, $ftp_port, $ftp_user, $ftp_password, $newsectioniso, $ftp_passive);
+		$conn_id = $resultarray['conn_id'];
+		$ok = $resultarray['ok'];
+		$mesg = $resultarray['mesg'];
+	}
+	if ($conn_id && $ok && !$mesg) {
+		// var_dump($_FILES['userfile']['name']);
+		$nbfile = count($_FILES['userfile']['name']);
+		$i = 0;
+		for (; $i < $nbfile; $i++) {
+			var_dump($i);
+			$newsection = $newsectioniso;
+			$fileupload = $_FILES['userfile']['name'][$i];
+			$fileuploadpath = $_FILES['userfile']['tmp_name'][$i];
+			$result = dol_ftp_put($conn_id, $fileupload, $fileuploadpath, $newsection);
+
+			if ($result) {
+				setEventMessages($langs->trans("FileWasUpload", $fileupload), null, 'mesgs');
+			} else {
+				dol_syslog("ftp/index.php ftp_delete", LOG_ERR);
+				setEventMessages($langs->trans("FTPFailedToUploadFile", $fileupload), null, 'errors');
+			}
+		}
+		$action = '';
+	} else {
+		dol_print_error('', $mesg);
+	}
+}
+
 // Action ajout d'un rep
 if ($action == 'add' && $user->rights->ftp->setup) {
 	$ecmdir->ref                = GETPOST("ref");
@@ -589,6 +622,16 @@ if (!function_exists('ftp_connect')) {
 		print '</div>';
 
 		print "</form>";
+
+		print '<form enctype="multipart/form-data" action="'.$_SERVER["PHP_SELF"].'" method="post">';
+		print '<input type="hidden" name="token" value="'.newToken().'">';
+		print '<input type="hidden" name="numero_ftp" value="'.$numero_ftp.'">';
+		print '<input type="hidden" name="section" value="'.$section.'">';
+		print '<input type="hidden" name="action" value="uploadfile">';
+		print '<td><input type="file" class="flat"  name="userfile[]" multiple></td>';
+		print '<td></td>';
+		print '<td align="center"><button type="submit" class="butAction" name="uploadfile" value="'.$langs->trans("Save").'">'.$langs->trans("Upload").'</button></td>';
+		print '</form>';
 	} else {
 		$foundsetup = false;
 		$MAXFTP = 20;
diff --git a/htdocs/langs/en_US/other.lang b/htdocs/langs/en_US/other.lang
index 0918bf54ac7..daa52aac9fe 100644
--- a/htdocs/langs/en_US/other.lang
+++ b/htdocs/langs/en_US/other.lang
@@ -325,4 +325,6 @@ FTPFailedToRemoveDir=Failed to remove directory <b>%s</b>: check permissions and
 FTPPassiveMode=Passive mode
 ChooseAFTPEntryIntoMenu=Choose a FTP/SFTP site from the menu...
 FailedToGetFile=Failed to get files %s
-ErrorFTPNodisconnect=Error to disconnect FTP/SFTP server
\ No newline at end of file
+ErrorFTPNodisconnect=Error to disconnect FTP/SFTP server
+FileWasUpload=File <b>%s</b> was upload
+FTPFailedToUploadFile=Failed to upload file <b>%s</b>.

From 259fe11634dccff7b90466cb0422affc0939cb9e Mon Sep 17 00:00:00 2001
From: Anthony Berton <bertonanthony@gmail.com>
Date: Wed, 3 Aug 2022 16:18:43 +0200
Subject: [PATCH 13/14] Add title

---
 htdocs/ftp/index.php | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/htdocs/ftp/index.php b/htdocs/ftp/index.php
index ccbc7d6a0df..4df7e1512a6 100644
--- a/htdocs/ftp/index.php
+++ b/htdocs/ftp/index.php
@@ -622,16 +622,18 @@ if (!function_exists('ftp_connect')) {
 		print '</div>';
 
 		print "</form>";
-
-		print '<form enctype="multipart/form-data" action="'.$_SERVER["PHP_SELF"].'" method="post">';
-		print '<input type="hidden" name="token" value="'.newToken().'">';
-		print '<input type="hidden" name="numero_ftp" value="'.$numero_ftp.'">';
-		print '<input type="hidden" name="section" value="'.$section.'">';
-		print '<input type="hidden" name="action" value="uploadfile">';
-		print '<td><input type="file" class="flat"  name="userfile[]" multiple></td>';
-		print '<td></td>';
-		print '<td align="center"><button type="submit" class="butAction" name="uploadfile" value="'.$langs->trans("Save").'">'.$langs->trans("Upload").'</button></td>';
-		print '</form>';
+		if ($user->hasRight('ftp', 'write')) {
+			print load_fiche_titre($langs->trans("AttachANewFile"), null, null);
+			print '<form enctype="multipart/form-data" action="'.$_SERVER["PHP_SELF"].'" method="post">';
+			print '<input type="hidden" name="token" value="'.newToken().'">';
+			print '<input type="hidden" name="numero_ftp" value="'.$numero_ftp.'">';
+			print '<input type="hidden" name="section" value="'.$section.'">';
+			print '<input type="hidden" name="action" value="uploadfile">';
+			print '<td><input type="file" class="flat"  name="userfile[]" multiple></td>';
+			print '<td></td>';
+			print '<td align="center"><button type="submit" class="butAction" name="uploadfile" value="'.$langs->trans("Save").'">'.$langs->trans("Upload").'</button></td>';
+			print '</form>';
+		}
 	} else {
 		$foundsetup = false;
 		$MAXFTP = 20;

From 99141928a3cbf0e95ca15e6099584fa71eac923d Mon Sep 17 00:00:00 2001
From: lmarcouiller <lucas.marcouiller@gmail.com>
Date: Wed, 3 Aug 2022 17:00:39 +0200
Subject: [PATCH 14/14] better fix

---
 htdocs/core/lib/functions.lib.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index cf4b19d3aa6..90698c95f80 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -955,8 +955,8 @@ function sanitizeVal($out = '', $check = 'alphanohtml', $filter = null, $options
 				// Restore entity &apos; into &#39; (restricthtml is for html content so we can use html entity)
 				$out = preg_replace('/&apos;/i', "&#39;", $out);
 
-				preg_match_all('/(<img)/', $out, $reg);
-				if (count($reg[0]) > (getDolGlobalInt("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT") ? getDolGlobalInt("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT") : 1000)) {
+				preg_match_all('/(<img)/i', $out, $reg);
+				if (count($reg[0]) > getDolGlobalInt("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT", 1000)) {
 					$out = '';
 				}
 			} while ($oldstringtoclean != $out);