From 259737f08218d11dd53ff30434911708e5d93154 Mon Sep 17 00:00:00 2001
From: lvessiller <lvessiller@open-dsi.fr>
Date: Wed, 30 Sep 2020 15:09:45 +0200
Subject: [PATCH 01/10] FIX set paid on total discount of a product in cash
 desk

---
 htdocs/takepos/invoice.php | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php
index 2b8b0f21921..e1afc524cb1 100644
--- a/htdocs/takepos/invoice.php
+++ b/htdocs/takepos/invoice.php
@@ -153,22 +153,23 @@ if ($action == 'valid' && $user->rights->facture->creer)
 	    $res = $invoice->validate($user);
 	}
 
-	$remaintopay = $invoice->getRemainToPay();
-
 	// Add the payment
-	if ($res >= 0 && $remaintopay > 0) {
-		$payment = new Paiement($db);
-		$payment->datepaye = $now;
-		$payment->fk_account = $bankaccount;
-		$payment->amounts[$invoice->id] = $amountofpayment;
+	if ($res >= 0) {
+		$remaintopay = $invoice->getRemainToPay();
+		if ($remaintopay > 0) {
+			$payment = new Paiement($db);
+			$payment->datepaye = $now;
+			$payment->fk_account = $bankaccount;
+			$payment->amounts[$invoice->id] = $amountofpayment;
 
-		$payment->paiementid = $paiementid;
-		$payment->num_payment = $invoice->ref;
+			$payment->paiementid = $paiementid;
+			$payment->num_payment = $invoice->ref;
 
-		$payment->create($user);
-		$payment->addPaymentToBank($user, 'payment', '(CustomerInvoicePayment)', $bankaccount, '', '');
+			$payment->create($user);
+			$payment->addPaymentToBank($user, 'payment', '(CustomerInvoicePayment)', $bankaccount, '', '');
+			$remaintopay = $invoice->getRemainToPay();    // Recalculate remain to pay after the payment is recorded
+		}
 
-		$remaintopay = $invoice->getRemainToPay();	// Recalculate remain to pay after the payment is recorded
 		if ($remaintopay == 0) {
 			dol_syslog("Invoice is paid, so we set it to status Paid");
 			$result = $invoice->set_paid($user);

From c16cd91d8e886b782408df6424e603b8db9fb250 Mon Sep 17 00:00:00 2001
From: John Botella <john.botella@atm-consulting.fr>
Date: Thu, 1 Oct 2020 09:40:11 +0200
Subject: [PATCH 02/10] FIX default accountancy values and posted values

---
 htdocs/product/card.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/htdocs/product/card.php b/htdocs/product/card.php
index d0dc01bac33..ea1b2ef0e9f 100644
--- a/htdocs/product/card.php
+++ b/htdocs/product/card.php
@@ -78,6 +78,14 @@ $confirm = GETPOST('confirm', 'alpha');
 $socid = GETPOST('socid', 'int');
 $duration_value = GETPOST('duration_value', 'int');
 $duration_unit = GETPOST('duration_unit', 'alpha');
+
+$accountancy_code_sell = GETPOST('accountancy_code_sell', 'alpha');
+$accountancy_code_sell_intra = GETPOST('accountancy_code_sell_intra', 'alpha');
+$accountancy_code_sell_export = GETPOST('accountancy_code_sell_export', 'alpha');
+$accountancy_code_buy = GETPOST('accountancy_code_buy', 'alpha');
+$accountancy_code_buy_intra = GETPOST('accountancy_code_buy_intra', 'alpha');
+$accountancy_code_buy_export = GETPOST('accountancy_code_buy_export', 'alpha');
+
 if (!empty($user->socid)) $socid = $user->socid;
 
 $object = new Product($db);
@@ -1323,6 +1331,14 @@ else
 		}
 		else // For external software
 		{
+
+			if (!empty($accountancy_code_sell)) { $object->accountancy_code_sell = $accountancy_code_sell; }
+			if (!empty($accountancy_code_sell_intra)) { $object->accountancy_code_sell_intra = $accountancy_code_sell_intra; }
+			if (!empty($accountancy_code_sell_export)) { $object->accountancy_code_sell_export = $accountancy_code_sell_export; }
+			if (!empty($accountancy_code_buy)) { $object->accountancy_code_buy = $accountancy_code_buy; }
+			if (!empty($accountancy_code_buy_intra)) { $object->accountancy_code_buy_intra = $accountancy_code_buy_intra; }
+			if (!empty($accountancy_code_buy_export)) { $object->accountancy_code_buy_export = $accountancy_code_buy_export; }
+
 			// Accountancy_code_sell
 			print '<tr><td class="titlefieldcreate">'.$langs->trans("ProductAccountancySellCode").'</td>';
 			print '<td class="maxwidthonsmartphone"><input class="minwidth100" name="accountancy_code_sell" value="'.$object->accountancy_code_sell.'">';

From e558dc3f275b95507298eb52d4778a50ef8ea639 Mon Sep 17 00:00:00 2001
From: stickler-ci <support@stickler-ci.com>
Date: Thu, 1 Oct 2020 07:48:24 +0000
Subject: [PATCH 03/10] Fixing style errors.

---
 htdocs/product/card.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/htdocs/product/card.php b/htdocs/product/card.php
index ea1b2ef0e9f..8b4654ba921 100644
--- a/htdocs/product/card.php
+++ b/htdocs/product/card.php
@@ -1331,7 +1331,6 @@ else
 		}
 		else // For external software
 		{
-
 			if (!empty($accountancy_code_sell)) { $object->accountancy_code_sell = $accountancy_code_sell; }
 			if (!empty($accountancy_code_sell_intra)) { $object->accountancy_code_sell_intra = $accountancy_code_sell_intra; }
 			if (!empty($accountancy_code_sell_export)) { $object->accountancy_code_sell_export = $accountancy_code_sell_export; }

From 676d70d86dc71aa9b878b8b6c437eafafaff2086 Mon Sep 17 00:00:00 2001
From: ptibogxiv <support@ptibogxiv.net>
Date: Thu, 1 Oct 2020 12:14:50 +0200
Subject: [PATCH 04/10] FIX stripe for connect mode

---
 htdocs/public/stripe/ipn.php | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/htdocs/public/stripe/ipn.php b/htdocs/public/stripe/ipn.php
index 4291cb6f834..16160e94200 100644
--- a/htdocs/public/stripe/ipn.php
+++ b/htdocs/public/stripe/ipn.php
@@ -1,6 +1,6 @@
 <?php
-/* Copyright (C) 2018       Thibault FOUCART        <support@ptibogxiv.net>
- * Copyright (C) 2018       Frédéric France         <frederic.france@netlogic.fr>
+/* Copyright (C) 2018-2020      Thibault FOUCART        <support@ptibogxiv.net>
+ * Copyright (C) 2018       	Frédéric France         <frederic.france@netlogic.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -115,7 +115,7 @@ if (!empty($conf->multicompany->enabled) && !empty($conf->stripeconnect->enabled
 {
 	$sql = "SELECT entity";
 	$sql .= " FROM ".MAIN_DB_PREFIX."oauth_token";
-	$sql .= " WHERE service = '".$db->escape($service)."' and tokenstring = '%".$db->escape($event->account)."%'";
+	$sql .= " WHERE service = '".$db->escape($service)."' and tokenstring LIKE '%".$db->escape($event->account)."%'";
 
 	dol_syslog(get_class($db)."::fetch", LOG_DEBUG);
 	$result = $db->query($sql);
@@ -134,8 +134,6 @@ if (!empty($conf->multicompany->enabled) && !empty($conf->stripeconnect->enabled
 		$key = 1;
 	}
 	$ret = $mc->switchEntity($key);
-	if (!$res && file_exists("../../main.inc.php")) $res = @include "../../main.inc.php";
-	if (!$res) die("Include of main fails");
 }
 
 // list of  action

From 3f78d8fe258f43d3e4716663f86d8b291b78e9b4 Mon Sep 17 00:00:00 2001
From: ptibogxiv <support@ptibogxiv.net>
Date: Thu, 1 Oct 2020 12:19:12 +0200
Subject: [PATCH 05/10] Update stripe.class.php

---
 htdocs/stripe/class/stripe.class.php | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/htdocs/stripe/class/stripe.class.php b/htdocs/stripe/class/stripe.class.php
index a72e5291f58..2ac8193a71e 100644
--- a/htdocs/stripe/class/stripe.class.php
+++ b/htdocs/stripe/class/stripe.class.php
@@ -90,15 +90,12 @@ class Stripe extends CommonObject
 		global $conf;
 
 		$sql = "SELECT tokenstring";
-		$sql .= " FROM ".MAIN_DB_PREFIX."oauth_token";
-		$sql .= " WHERE entity = ".$conf->entity;
-		$sql .= " AND service = '".$mode."'";
+		$sql .= " FROM ".MAIN_DB_PREFIX."oauth_token WHERE";
+		if (empty($fk_soc)) $sql .= " entity = ".$conf->entity. " AND";
+		$sql .= " service = '".$mode."'";
 		if ($fk_soc > 0) {
 			$sql .= " AND fk_soc = ".$fk_soc;
 		}
-		else {
-			$sql .= " AND fk_soc IS NULL";
-		}
 		$sql .= " AND fk_user IS NULL AND fk_adherent IS NULL";
 
 		dol_syslog(get_class($this)."::fetch", LOG_DEBUG);

From 4e16db1e5f71dfe1f2ca416f222ed24a2b5dea83 Mon Sep 17 00:00:00 2001
From: ptibogxiv <support@ptibogxiv.net>
Date: Thu, 1 Oct 2020 12:22:53 +0200
Subject: [PATCH 06/10] Update paymentmodes.php

---
 htdocs/societe/paymentmodes.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/societe/paymentmodes.php b/htdocs/societe/paymentmodes.php
index b29a3073c85..5894c3245a9 100644
--- a/htdocs/societe/paymentmodes.php
+++ b/htdocs/societe/paymentmodes.php
@@ -1329,7 +1329,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
 	}
 
   	// List of Stripe payment modes
-	if (!empty($conf->stripe->enabled) && !empty($conf->stripeconnect->enabled) && $object->fournisseur && !empty($stripesupplieracc))
+	if (!empty($conf->stripe->enabled) && !empty($conf->stripeconnect->enabled) && !empty($stripesupplieracc))
 	{
         print load_fiche_titre($langs->trans('StripeBalance').($stripesupplieracc ? ' (Stripe connection with StripeConnect account '.$stripesupplieracc.')' : ' (Stripe connection with keys from Stripe module setup)'), $morehtmlright, 'stripe-s');
         $balance = \Stripe\Balance::retrieve(array("stripe_account" => $stripesupplieracc));

From 2f89d526eb49b16d03138414ca4ef5789259d273 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 1 Oct 2020 16:43:56 +0200
Subject: [PATCH 07/10] Avoid to get a random result.

---
 htdocs/stripe/class/stripe.class.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/htdocs/stripe/class/stripe.class.php b/htdocs/stripe/class/stripe.class.php
index 2ac8193a71e..e50f48aad69 100644
--- a/htdocs/stripe/class/stripe.class.php
+++ b/htdocs/stripe/class/stripe.class.php
@@ -90,11 +90,13 @@ class Stripe extends CommonObject
 		global $conf;
 
 		$sql = "SELECT tokenstring";
-		$sql .= " FROM ".MAIN_DB_PREFIX."oauth_token WHERE";
+		$sql .= " FROM ".MAIN_DB_PREFIX."oauth_token";
+		$sql .= " WHERE service = '".$this->db->escape($mode)."'";
 		if (empty($fk_soc)) $sql .= " entity = ".$conf->entity. " AND";
-		$sql .= " service = '".$mode."'";
 		if ($fk_soc > 0) {
 			$sql .= " AND fk_soc = ".$fk_soc;
+		} else {
+			$sql .= " AND fk_soc IS NULL";
 		}
 		$sql .= " AND fk_user IS NULL AND fk_adherent IS NULL";
 

From a2efdee8656066355a436a575c8f2ad6ec3341ad Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 1 Oct 2020 16:49:27 +0200
Subject: [PATCH 08/10] Fix after regression of #14886

---
 htdocs/stripe/class/stripe.class.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/htdocs/stripe/class/stripe.class.php b/htdocs/stripe/class/stripe.class.php
index e50f48aad69..392607ad89e 100644
--- a/htdocs/stripe/class/stripe.class.php
+++ b/htdocs/stripe/class/stripe.class.php
@@ -83,16 +83,17 @@ class Stripe extends CommonObject
 	 *
 	 * @param 	string	$mode		'StripeTest' or 'StripeLive'
 	 * @param	int		$fk_soc		Id of thirdparty
+	 * @param	int		$entity		Id of entity
 	 * @return 	string				Stripe account 'acc_....' or '' if no OAuth token found
 	 */
-	public function getStripeAccount($mode = 'StripeTest', $fk_soc = 0)
+	public function getStripeAccount($mode = 'StripeTest', $fk_soc = 0, $entity = 1)
 	{
 		global $conf;
 
 		$sql = "SELECT tokenstring";
 		$sql .= " FROM ".MAIN_DB_PREFIX."oauth_token";
 		$sql .= " WHERE service = '".$this->db->escape($mode)."'";
-		if (empty($fk_soc)) $sql .= " entity = ".$conf->entity. " AND";
+		$sql .= " AND entity = ".((int) $entity);
 		if ($fk_soc > 0) {
 			$sql .= " AND fk_soc = ".$fk_soc;
 		} else {

From f5f2ea57e35eac728b309c648798d00cfdd9568f Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 1 Oct 2020 16:57:49 +0200
Subject: [PATCH 09/10] Fix compatibility

---
 htdocs/stripe/class/stripe.class.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/htdocs/stripe/class/stripe.class.php b/htdocs/stripe/class/stripe.class.php
index 392607ad89e..83b3905de43 100644
--- a/htdocs/stripe/class/stripe.class.php
+++ b/htdocs/stripe/class/stripe.class.php
@@ -83,13 +83,15 @@ class Stripe extends CommonObject
 	 *
 	 * @param 	string	$mode		'StripeTest' or 'StripeLive'
 	 * @param	int		$fk_soc		Id of thirdparty
-	 * @param	int		$entity		Id of entity
+	 * @param	int		$entity		Id of entity (-1 = current environment)
 	 * @return 	string				Stripe account 'acc_....' or '' if no OAuth token found
 	 */
-	public function getStripeAccount($mode = 'StripeTest', $fk_soc = 0, $entity = 1)
+	public function getStripeAccount($mode = 'StripeTest', $fk_soc = 0, $entity = -1)
 	{
 		global $conf;
 
+		if ($entity < 0) $entity = $conf->entity;
+
 		$sql = "SELECT tokenstring";
 		$sql .= " FROM ".MAIN_DB_PREFIX."oauth_token";
 		$sql .= " WHERE service = '".$this->db->escape($mode)."'";

From 2f5a2d0e281e1d192609418bcb77ca3d4bd31448 Mon Sep 17 00:00:00 2001
From: Florian HENRY <florian.henry@open-concept.pro>
Date: Thu, 1 Oct 2020 17:42:04 +0200
Subject: [PATCH 10/10] fix CSRF not provided

---
 htdocs/core/filemanagerdol/browser/default/frmupload.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/htdocs/core/filemanagerdol/browser/default/frmupload.php b/htdocs/core/filemanagerdol/browser/default/frmupload.php
index 08c76f374e4..e0f0f03e430 100644
--- a/htdocs/core/filemanagerdol/browser/default/frmupload.php
+++ b/htdocs/core/filemanagerdol/browser/default/frmupload.php
@@ -122,6 +122,7 @@ window.onload = function()
 	</head>
 	<body>
 		<form id="frmUpload" action="" target="frmUploadWorker" method="post" enctype="multipart/form-data" onsubmit="return OnSubmit();">
+			<input type="hidden" name="token" value="<?php echo newToken(); ?>" />
 			<table class="fullHeight" cellspacing="0" cellpadding="0" width="100%" border="0">
 				<tr>
 					<td class="nowrap">