From de5a2d738bc8e5a68a5fcbc0e283842005d6647c Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 17 Jun 2020 18:39:25 +0200
Subject: [PATCH 1/3] FIX #14001

---
 htdocs/product/composition/card.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/product/composition/card.php b/htdocs/product/composition/card.php
index f67910cbef4..1fbbe2ecefa 100644
--- a/htdocs/product/composition/card.php
+++ b/htdocs/product/composition/card.php
@@ -70,7 +70,7 @@ if ($cancel) $action ='';
 if ($action == 'add_prod' && ($user->rights->produit->creer || $user->rights->service->creer))
 {
 	$error=0;
-	var_dump(GETPOST("max_prod", 'int'));
+
 	for ($i=0; $i < GETPOST("max_prod", 'int'); $i++)
 	{
 		$qty = price2num(GETPOST("prod_qty_".$i, 'alpha'), 'MS');

From b8c0ed13f3bf560f0f7f5c1c2c018f86febcc2a0 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 19 Jun 2020 00:25:59 +0200
Subject: [PATCH 2/3] Fix can't find link to generate barcode sheets

---
 htdocs/barcode/codeinit.php   | 8 +++++++-
 htdocs/barcode/printsheet.php | 2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/htdocs/barcode/codeinit.php b/htdocs/barcode/codeinit.php
index 1bfb1836a39..a75aaa5543d 100644
--- a/htdocs/barcode/codeinit.php
+++ b/htdocs/barcode/codeinit.php
@@ -193,7 +193,7 @@ llxHeader('', $langs->trans("MassBarcodeInit"));
 print load_fiche_titre($langs->trans("MassBarcodeInit"), '', 'title_setup.png');
 print '<br>';
 
-print $langs->trans("MassBarcodeInitDesc").'<br>';
+print '<span class="opacitymedium">'.$langs->trans("MassBarcodeInitDesc").'</span><br>';
 print '<br>';
 
 //print img_picto('','puce').' '.$langs->trans("PrintsheetForOneBarCode").'<br>';
@@ -317,6 +317,12 @@ if ($conf->product->enabled || $conf->product->service)
 }
 
 
+print load_fiche_titre($langs->trans("BarCodePrintsheet"), '', 'generic');
+print '<br>'."\n";
+print $langs->trans("ClickHereToGoTo").' : <a href="'.DOL_URL_ROOT.'/barcode/printsheet.php">'.$langs->trans("BarCodePrintsheet").'</a>';
+
+
+
 print '</form>';
 print '<br>';
 
diff --git a/htdocs/barcode/printsheet.php b/htdocs/barcode/printsheet.php
index 5cd988a5bed..cf74a46bb2a 100644
--- a/htdocs/barcode/printsheet.php
+++ b/htdocs/barcode/printsheet.php
@@ -267,7 +267,7 @@ llxHeader('', $langs->trans("BarCodePrintsheet"));
 print load_fiche_titre($langs->trans("BarCodePrintsheet"), '', 'barcode');
 print '<br>';
 
-print $langs->trans("PageToGenerateBarCodeSheets", $langs->transnoentitiesnoconv("BuildPageToPrint")).'<br>';
+print '<span class="opacitymedium">'.$langs->trans("PageToGenerateBarCodeSheets", $langs->transnoentitiesnoconv("BuildPageToPrint")).'</span><br>';
 print '<br>';
 
 dol_htmloutput_errors($mesg);

From 22ca5e067189bffe8066df26df923a386f044c08 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 19 Jun 2020 00:39:27 +0200
Subject: [PATCH 3/3] Fix XSS reported by C. Weiler <sak1.s3curity@gmail.com>
 in notice.php

---
 htdocs/public/notice.php | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/htdocs/public/notice.php b/htdocs/public/notice.php
index 43344c376aa..9663bff3cf0 100644
--- a/htdocs/public/notice.php
+++ b/htdocs/public/notice.php
@@ -41,9 +41,8 @@ if (! GETPOST('transkey', 'alphanohtml') && ! GETPOST('transphrase', 'alphanohtm
 }
 else
 {
-    $langs->load("error");
-    $langs->load("other");
+    $langs->loadLangs(array("error", "other"));
 
-    if (GETPOST('transphrase', 'alphanohtml')) print GETPOST('transphrase', 'alphanohtml');
-    if (GETPOST('transkey', 'alphanohtml')) print $langs->trans(GETPOST('transkey', 'alphanohtml'));
+    if (GETPOST('transphrase', 'alphanohtml')) print dol_escape_htmltag(GETPOST('transphrase', 'alphanohtml'));
+    elseif (GETPOST('transkey', 'alphanohtml')) print dol_escape_htmltag($langs->trans(GETPOST('transkey', 'alphanohtml')));
 }