From bb191021de6e8a3401ab29656002a2d13166c5ad Mon Sep 17 00:00:00 2001
From: Alexis Algoud <alexis@atm-consulting.fr>
Date: Mon, 2 Dec 2013 16:04:30 +0100
Subject: [PATCH 1/3] Add entitytotest test, because a LDAP user can override
 the entity restriction without this test

---
 htdocs/core/login/functions_ldap.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/htdocs/core/login/functions_ldap.php b/htdocs/core/login/functions_ldap.php
index b9c5d89a72e..ca9fcfd3a02 100644
--- a/htdocs/core/login/functions_ldap.php
+++ b/htdocs/core/login/functions_ldap.php
@@ -41,6 +41,7 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest)
 	global $dolibarr_main_auth_ldap_admin_login,$dolibarr_main_auth_ldap_admin_pass;
 	global $dolibarr_main_auth_ldap_filter;
 	global $dolibarr_main_auth_ldap_debug;
+	global $mc;
 
 	if (! function_exists("ldap_connect"))
 	{
@@ -168,6 +169,9 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest)
 					{
 						dol_syslog("functions_ldap::check_user_password_ldap Sync user found id=".$user->id);
 						// On verifie si le login a change et on met a jour les attributs dolibarr
+						$ret=$mc->checkRight($user->id, $entitytotest);
+						if ($ret < 0) $login=false; // provoque l'echec de l'identification
+						
 						if ($user->login != $ldap->login && $ldap->login)
 						{
 							$user->login = $ldap->login;

From 895f5452b4080aa2d0e3df037ea685d4415b3344 Mon Sep 17 00:00:00 2001
From: Alexis Algoud <alexis@atm-consulting.fr>
Date: Wed, 11 Dec 2013 15:14:29 +0100
Subject: [PATCH 2/3] In some cases of improper use of the delete () function,
 the complete repertoire of propale objects, invoice or order was deleted.

Ex in agefodd module:
	$obj_link=new Propal($db);
        $obj_link->id=$agf->propalid;
        $resultdel=$obj_link->delete($user);

To prevent misuse of the function, the reference is not considered given
---
 htdocs/comm/propal/class/propal.class.php     | 2 +-
 htdocs/commande/class/commande.class.php      | 2 +-
 htdocs/compta/facture/class/facture.class.php | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php
index de67b9c78de..990af29d90f 100644
--- a/htdocs/comm/propal/class/propal.class.php
+++ b/htdocs/comm/propal/class/propal.class.php
@@ -2056,7 +2056,7 @@ class Propal extends CommonObject
                     {
                         // We remove directory
                         $ref = dol_sanitizeFileName($this->ref);
-                        if ($conf->propal->dir_output)
+                        if ($conf->propal->dir_output && !empty($this->ref))
                         {
                             $dir = $conf->propal->dir_output . "/" . $ref ;
                             $file = $dir . "/" . $ref . ".pdf";
diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php
index 27503790375..a2225b033b8 100644
--- a/htdocs/commande/class/commande.class.php
+++ b/htdocs/commande/class/commande.class.php
@@ -2457,7 +2457,7 @@ class Commande extends CommonOrder
 
         	// On efface le repertoire de pdf provisoire
         	$comref = dol_sanitizeFileName($this->ref);
-        	if ($conf->commande->dir_output)
+        	if ($conf->commande->dir_output && !empty($this->ref))
         	{
         		$dir = $conf->commande->dir_output . "/" . $comref ;
         		$file = $conf->commande->dir_output . "/" . $comref . "/" . $comref . ".pdf";
diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php
index 461b3606cd6..80911290521 100644
--- a/htdocs/compta/facture/class/facture.class.php
+++ b/htdocs/compta/facture/class/facture.class.php
@@ -1323,7 +1323,7 @@ class Facture extends CommonInvoice
 				{
 					// On efface le repertoire de pdf provisoire
 					$ref = dol_sanitizeFileName($this->ref);
-					if ($conf->facture->dir_output)
+					if ($conf->facture->dir_output && !empty($this->ref))
 					{
 						$dir = $conf->facture->dir_output . "/" . $ref;
 						$file = $conf->facture->dir_output . "/" . $ref . "/" . $ref . ".pdf";

From ba70794c1df50e9a31d836dc77b1c50919316467 Mon Sep 17 00:00:00 2001
From: Alexis Algoud <alexis@atm-consulting.fr>
Date: Mon, 16 Dec 2013 09:45:38 +0100
Subject: [PATCH 3/3] Add multicompany->enabled test

---
 htdocs/core/login/functions_ldap.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/htdocs/core/login/functions_ldap.php b/htdocs/core/login/functions_ldap.php
index ca9fcfd3a02..07c568d41fc 100644
--- a/htdocs/core/login/functions_ldap.php
+++ b/htdocs/core/login/functions_ldap.php
@@ -41,7 +41,6 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest)
 	global $dolibarr_main_auth_ldap_admin_login,$dolibarr_main_auth_ldap_admin_pass;
 	global $dolibarr_main_auth_ldap_filter;
 	global $dolibarr_main_auth_ldap_debug;
-	global $mc;
 
 	if (! function_exists("ldap_connect"))
 	{
@@ -169,8 +168,14 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest)
 					{
 						dol_syslog("functions_ldap::check_user_password_ldap Sync user found id=".$user->id);
 						// On verifie si le login a change et on met a jour les attributs dolibarr
-						$ret=$mc->checkRight($user->id, $entitytotest);
-						if ($ret < 0) $login=false; // provoque l'echec de l'identification
+						
+						if ($conf->multicompany->enabled) {
+							global $mc;		
+								
+							$ret=$mc->checkRight($user->id, $entitytotest);
+							if ($ret < 0) $login=false; // provoque l'echec de l'identification
+						}
+						
 						
 						if ($user->login != $ldap->login && $ldap->login)
 						{