From 2f98d8035c866cd93fa559d096fd55c6fa41e947 Mon Sep 17 00:00:00 2001
From: Juanjo Menent <jmenent@2byte.es>
Date: Thu, 28 Jan 2021 13:37:43 +0100
Subject: [PATCH 1/2] Fix: Bad supplier price updater

---
 htdocs/fourn/commande/dispatch.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/htdocs/fourn/commande/dispatch.php b/htdocs/fourn/commande/dispatch.php
index 2ada245ff8b..a47e544848d 100644
--- a/htdocs/fourn/commande/dispatch.php
+++ b/htdocs/fourn/commande/dispatch.php
@@ -3,7 +3,7 @@
  * Copyright (C) 2004-2016 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2005      Eric Seigne          <eric.seigne@ryxeo.com>
  * Copyright (C) 2005-2009 Regis Houssin        <regis.houssin@inodbox.com>
- * Copyright (C) 2010-2019 Juanjo Menent        <jmenent@2byte.es>
+ * Copyright (C) 2010-2021 Juanjo Menent        <jmenent@2byte.es>
  * Copyright (C) 2014      Cedric Gross         <c.gross@kreiz-it.fr>
  * Copyright (C) 2016      Florian Henry        <florian.henry@atm-consulting.fr>
  * Copyright (C) 2017      Ferran Marcet        <fmarcet@2byte.es>
@@ -268,12 +268,16 @@ if ($action == 'dispatch' && $user->rights->fournisseur->commande->receptionner)
 					if (!$error && !empty($conf->global->SUPPLIER_ORDER_CAN_UPDATE_BUYINGPRICE_DURING_RECEIPT)) {
 						if (empty($conf->multicurrency->enabled) && empty($conf->dynamicprices->enabled)) {
 							$dto = GETPOST("dto_".$reg[1].'_'.$reg[2]);
+							if (empty($dto)) {
+								$dto = 0;
+							}
+
 							//update supplier price
 							if (isset($_POST[$saveprice])) {
 								// TODO Use class
 								$sql = "UPDATE ".MAIN_DB_PREFIX."product_fournisseur_price";
-								$sql .= " SET unitprice='".GETPOST($pu)."'";
-								$sql .= ", price=".GETPOST($pu)."*quantity";
+								$sql .= " SET unitprice='".price2num(GETPOST($pu),'MT')."'";
+								$sql .= ", price=".price2num(GETPOST($pu),'MT')."*quantity";
 								$sql .= ", remise_percent='".$dto."'";
 								$sql .= " WHERE fk_soc=".$object->socid;
 								$sql .= " AND fk_product=".GETPOST($prod, 'int');

From c63a124d1c3813a4400b814bcc0c4e8f5c79c8b4 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 28 Jan 2021 14:13:29 +0100
Subject: [PATCH 2/2] More complete fix

---
 htdocs/fourn/commande/dispatch.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/htdocs/fourn/commande/dispatch.php b/htdocs/fourn/commande/dispatch.php
index a47e544848d..c6813af0eba 100644
--- a/htdocs/fourn/commande/dispatch.php
+++ b/htdocs/fourn/commande/dispatch.php
@@ -227,6 +227,7 @@ if ($action == 'dispatch' && $user->rights->fournisseur->commande->receptionner)
 	foreach ($_POST as $key => $value)
 	{
 		// without batch module enabled
+		$reg = array();
 		if (preg_match('/^product_([0-9]+)_([0-9]+)$/i', $key, $reg))
 		{
 			$pos++;
@@ -276,11 +277,11 @@ if ($action == 'dispatch' && $user->rights->fournisseur->commande->receptionner)
 							if (isset($_POST[$saveprice])) {
 								// TODO Use class
 								$sql = "UPDATE ".MAIN_DB_PREFIX."product_fournisseur_price";
-								$sql .= " SET unitprice='".price2num(GETPOST($pu),'MT')."'";
-								$sql .= ", price=".price2num(GETPOST($pu),'MT')."*quantity";
+								$sql .= " SET unitprice='".price2num(GETPOST($pu), 'MU')."'";
+								$sql .= ", price=".price2num(GETPOST($pu), 'MU')."*quantity";
 								$sql .= ", remise_percent='".$dto."'";
-								$sql .= " WHERE fk_soc=".$object->socid;
-								$sql .= " AND fk_product=".GETPOST($prod, 'int');
+								$sql .= " WHERE fk_soc=".((int) $object->socid);
+								$sql .= " AND fk_product=".((int) GETPOST($prod, 'int'));
 
 								$resql = $db->query($sql);
 							}