From efda10333cf8938f01db9b403537325957e6130f Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@inodbox.com>
Date: Wed, 1 Dec 2021 10:40:10 +0100
Subject: [PATCH 1/3] FIX missing default value for more comprehensive

---
 htdocs/admin/ihm.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/admin/ihm.php b/htdocs/admin/ihm.php
index cf4c250a678..a4c6f27c4b2 100644
--- a/htdocs/admin/ihm.php
+++ b/htdocs/admin/ihm.php
@@ -417,7 +417,7 @@ print '</tr>';
 
 // Show bugtrack link
 print '<tr class="oddeven"><td>'.$langs->trans("ShowBugTrackLink", $langs->transnoentitiesnoconv("FindBug")).'</td><td>';
-print '<input type="text" name="MAIN_BUGTRACK_ENABLELINK" value="'.(empty($conf->global->MAIN_BUGTRACK_ENABLELINK) ? '' : $conf->global->MAIN_BUGTRACK_ENABLELINK).'">';
+print '<input type="text" name="MAIN_BUGTRACK_ENABLELINK" value="'.(empty($conf->global->MAIN_BUGTRACK_ENABLELINK) ? 'github' : $conf->global->MAIN_BUGTRACK_ENABLELINK).'">';
 print '</td>';
 print '<td width="20">&nbsp;</td>';
 print '</tr>';

From 92a0c9e4fba7513969da026eebf30b230a59f624 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 9 Dec 2021 10:00:42 +0100
Subject: [PATCH 2/3] Fix sql error in repair.php

---
 htdocs/install/repair.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php
index ad3a3ca13a3..4aba1d10c4b 100644
--- a/htdocs/install/repair.php
+++ b/htdocs/install/repair.php
@@ -1178,9 +1178,9 @@ if ($ok && GETPOST('clean_perm_table', 'alpha')) {
 
 	$listofmods = '';
 	foreach ($conf->modules as $key => $val) {
-		$listofmods .= ($listofmods ? ',' : '')."'".$val."'";
+		$listofmods .= ($listofmods ? ',' : '')."'".$db->escape($val)."'";
 	}
-	$sql = 'SELECT id, libelle as label, module from '.MAIN_DB_PREFIX.'rights_def WHERE module NOT IN ('.$db->sanitize($listofmods).') AND id > 100000';
+	$sql = 'SELECT id, libelle as label, module from '.MAIN_DB_PREFIX.'rights_def WHERE module NOT IN ('.$db->sanitize($listofmods, 1).') AND id > 100000';
 	$resql = $db->query($sql);
 	if ($resql) {
 		$num = $db->num_rows($resql);

From a9bdefa3587bb05b6b94523ebc91e1260db48f5c Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 9 Dec 2021 11:12:40 +0100
Subject: [PATCH 3/3] FIX select too large into addrights (pb of missing
 parenthesis)

---
 htdocs/user/class/user.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index 09bb34ddef3..be1db952aa0 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -738,7 +738,7 @@ class User extends CommonObject
 			$sql .= " FROM ".MAIN_DB_PREFIX."rights_def";
 			$sql .= " WHERE entity = ".((int) $entity);
 			if (!empty($whereforadd) && $whereforadd != 'allmodules') {
-				$sql .= " AND ".$whereforadd;
+				$sql .= " AND (".$whereforadd.")";	// Note: parenthesis are important because whereforadd can contains OR. Also note that $whereforadd is already sanitized
 			}
 
 			$result = $this->db->query($sql);
@@ -864,7 +864,7 @@ class User extends CommonObject
 			$sql .= " FROM ".MAIN_DB_PREFIX."rights_def";
 			$sql .= " WHERE entity = ".((int) $entity);
 			if (!empty($wherefordel) && $wherefordel != 'allmodules') {
-				$sql .= " AND ".$wherefordel;
+				$sql .= " AND (".$wherefordel.")";	// Note: parenthesis are important because wherefordel can contains OR. Also note that $wherefordel is already sanitized
 			}
 
 			// avoid admin can remove his own important rights