From d04c741a3b40bf6c994930f837bab17f5fd0ba20 Mon Sep 17 00:00:00 2001
From: Alexis LAURIER <a.laurier@kreactive.com>
Date: Sat, 8 May 2021 09:12:17 +0200
Subject: [PATCH 1/3] add payment_fourn delete proper check into security.lib

---
 htdocs/core/lib/security.lib.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index a9c6435348e..1607f8df28c 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -372,6 +372,9 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
 			} elseif ($feature == 'salaries')
 			{
 				if (!$user->rights->salaries->delete) $deleteok = 0;
+			} elseif ($feature == 'payment_supplier')
+			{
+				if (!$user->rights->fournisseur->facture->creer) { $deleteok = 0; }
 			} elseif (!empty($feature2))							// This is for permissions on 2 levels
 			{
 				foreach ($feature2 as $subfeature)

From e4a430f638046be74b430ef8e591bb7f16a14528 Mon Sep 17 00:00:00 2001
From: Alexis LAURIER <a.laurier@kreactive.com>
Date: Sat, 8 May 2021 10:24:08 +0200
Subject: [PATCH 2/3] add entity check on verif_dispo mod_codeclient_elephant

---
 htdocs/core/modules/societe/mod_codeclient_elephant.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/htdocs/core/modules/societe/mod_codeclient_elephant.php b/htdocs/core/modules/societe/mod_codeclient_elephant.php
index 18947732b16..ed1cf31216b 100644
--- a/htdocs/core/modules/societe/mod_codeclient_elephant.php
+++ b/htdocs/core/modules/societe/mod_codeclient_elephant.php
@@ -330,6 +330,7 @@ class mod_codeclient_elephant extends ModeleThirdPartyCode
 		if ($type == 1) $sql .= " WHERE code_fournisseur = '".$db->escape($code)."'";
 		else $sql .= " WHERE code_client = '".$db->escape($code)."'";
 		if ($soc->id > 0) $sql .= " AND rowid <> ".$soc->id;
+		$sql .= " AND entity IN (".getEntity('societe').")";
 
 		$resql = $db->query($sql);
 		if ($resql)

From 107374748ea4ef674914fe2f776e52da7cc465ed Mon Sep 17 00:00:00 2001
From: ksar <35605507+ksar-ksar@users.noreply.github.com>
Date: Mon, 10 May 2021 15:42:24 +0200
Subject: [PATCH 3/3] FIX #13955

---
 htdocs/accountancy/customer/lines.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/accountancy/customer/lines.php b/htdocs/accountancy/customer/lines.php
index a5c603c2504..e084bdcfc5b 100644
--- a/htdocs/accountancy/customer/lines.php
+++ b/htdocs/accountancy/customer/lines.php
@@ -197,7 +197,7 @@ $sql .= " AND f.fk_statut > 0";
 if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) {
 	$sql .= " AND f.type IN (".Facture::TYPE_STANDARD.",".Facture::TYPE_REPLACEMENT.",".Facture::TYPE_CREDIT_NOTE.",".Facture::TYPE_SITUATION.")";
 } else {
-	$sql .= " AND f.type IN (".Facture::TYPE_STANDARD.",".Facture::TYPE_STANDARD.",".Facture::TYPE_CREDIT_NOTE.",".Facture::TYPE_DEPOSIT.",".Facture::TYPE_SITUATION.")";
+	$sql .= " AND f.type IN (".Facture::TYPE_STANDARD.",".Facture::TYPE_REPLACEMENT.",".Facture::TYPE_CREDIT_NOTE.",".Facture::TYPE_DEPOSIT.",".Facture::TYPE_SITUATION.")";
 }
 // Add search filter like
 if ($search_societe) {