From 9f7be989c2f4150ec5327a5ae784fe69fb609884 Mon Sep 17 00:00:00 2001
From: Florian Mortgat <florian.mortgat@atm-consulting.fr>
Date: Tue, 6 Jul 2021 17:38:37 +0200
Subject: [PATCH 01/11] FIX 13.0 - fatal - missing inclusion of ajax.lib.php
 for calling `ajax_autocompleter()`

---
 htdocs/core/class/html.form.class.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 945897856f2..1019e9623e4 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -1118,6 +1118,7 @@ class Form
 
 		if (!empty($conf->use_javascript_ajax) && !empty($conf->global->COMPANY_USE_SEARCH_TO_SELECT) && !$forcecombo)
 		{
+			require_once DOL_DOCUMENT_ROOT . '/core/lib/ajax.lib.php';
 			// No immediate load of all database
 			$placeholder = '';
 			if ($selected && empty($selected_input_value))

From 2f250799813e7e4faa65cde9e137b420a6ece1e7 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 7 Jul 2021 14:38:52 +0200
Subject: [PATCH 02/11] Fix CSRF token generation must be fast, can have low
 entropy.

---
 htdocs/main.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 2301ca75161..df61e752f5c 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -420,7 +420,7 @@ if (!defined('NOTOKENRENEWAL')) {
 		if (isset($_SESSION['newtoken'])) $_SESSION['token'] = $_SESSION['newtoken'];
 
 		// Save in $_SESSION['newtoken'] what will be next token. Into forms, we will add param token = $_SESSION['newtoken']
-		$token = dol_hash(uniqid(mt_rand(), true)); // Generates a hash of a random number
+		$token = dol_hash(uniqid(mt_rand(), false), 'md5'); // Generates a hash of a random number. We don't need a secured hash, just a changing random value.
 		$_SESSION['newtoken'] = $token;
 		dol_syslog("NEW TOKEN generated by : " . $_SERVER['PHP_SELF'], LOG_DEBUG);
 	}

From 4e77a0d16a4b46314fc13a6c5d70d7cd179a162b Mon Sep 17 00:00:00 2001
From: altairis-noe <noe.cendrier@altairis.fr>
Date: Thu, 8 Jul 2021 15:55:07 +0200
Subject: [PATCH 03/11] don't display custom masks if they are not used

---
 htdocs/product/card.php | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/htdocs/product/card.php b/htdocs/product/card.php
index 3d5afd1b16c..5b8c431d65d 100644
--- a/htdocs/product/card.php
+++ b/htdocs/product/card.php
@@ -1649,21 +1649,30 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
 
 						print '<script type="text/javascript">
 						$(document).ready(function() {
-							$("#field_mask, #mask_option").addClass("hideobject");
-							var preselect = $("#status_batch option:selected");
-							if (preselect !== "0") {
-								$("#field_mask, #mask_option").toggleClass("hideobject");
-							}
-							$("#status_batch").on("change", function () {
+							$("#field_mask").parent().addClass("hideobject");
+							var preselect = $("#status_batch option:selected");';
+						if ($conf->global->PRODUCTBATCH_SN_USE_PRODUCT_MASKS)
+						{
+						print 'if (preselect == "2") {
+								$("#field_mask").parent().toggleClass("hideobject");
+							}';
+						}
+						if ($conf->global->PRODUCTBATCH_LOT_USE_PRODUCT_MASKS)
+						{
+						print 'if (preselect == "1") {
+								$("#field_mask").parent().toggleClass("hideobject");
+							}';
+						}
+						print '$("#status_batch").on("change", function () {
 								console.log("We change batch status");
 								var optionSelected = $("option:selected", this);
 								var valueSelected = this.value;
-								$("#field_mask, #mask_option").addClass("hideobject");
+								$("#field_mask").parent().addClass("hideobject");
 						';
 						if ($conf->global->PRODUCTBATCH_LOT_USE_PRODUCT_MASKS && $conf->global->PRODUCTBATCH_LOT_ADDON == 'mod_lot_advanced') {
 							print '
 								if (this.value == 1) {
-									$("#field_mask, #mask_option").toggleClass("hideobject");
+									$("#field_mask").parent().toggleClass("hideobject");
 									$("#batch_mask_input").val("'.$inherited_mask_lot.'");
 								}
 							';
@@ -1671,7 +1680,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
 						if ($conf->global->PRODUCTBATCH_SN_USE_PRODUCT_MASKS && $conf->global->PRODUCTBATCH_SN_ADDON == 'mod_sn_advanced') {
 							print '
 								if (this.value == 2) {
-									$("#field_mask, #mask_option").toggleClass("hideobject");
+									$("#field_mask").parent().toggleClass("hideobject");
 									$("#batch_mask_input").val("'.$inherited_mask_sn.'");
 								}
 							';

From cbd8fa357295477854f244bc4760d59d1ddd64e2 Mon Sep 17 00:00:00 2001
From: altairis-noe <noe.cendrier@altairis.fr>
Date: Thu, 8 Jul 2021 16:42:54 +0200
Subject: [PATCH 04/11] better element id

---
 htdocs/product/card.php | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/htdocs/product/card.php b/htdocs/product/card.php
index 5b8c431d65d..be278127220 100644
--- a/htdocs/product/card.php
+++ b/htdocs/product/card.php
@@ -1650,21 +1650,20 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
 						print '<script type="text/javascript">
 						$(document).ready(function() {
 							$("#field_mask").parent().addClass("hideobject");
-							var preselect = $("#status_batch option:selected");';
+							var preselect = document.getElementById("status_batch");';
 						if ($conf->global->PRODUCTBATCH_SN_USE_PRODUCT_MASKS)
 						{
-						print 'if (preselect == "2") {
-								$("#field_mask").parent().toggleClass("hideobject");
+						print 'if (preselect.value == "2") {
+								$("#field_mask").parent().removeClass("hideobject");
 							}';
 						}
 						if ($conf->global->PRODUCTBATCH_LOT_USE_PRODUCT_MASKS)
 						{
-						print 'if (preselect == "1") {
-								$("#field_mask").parent().toggleClass("hideobject");
+						print 'if (preselect.value == "1") {
+								$("#field_mask").parent().removeClass("hideobject");
 							}';
 						}
 						print '$("#status_batch").on("change", function () {
-								console.log("We change batch status");
 								var optionSelected = $("option:selected", this);
 								var valueSelected = this.value;
 								$("#field_mask").parent().addClass("hideobject");
@@ -1672,7 +1671,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
 						if ($conf->global->PRODUCTBATCH_LOT_USE_PRODUCT_MASKS && $conf->global->PRODUCTBATCH_LOT_ADDON == 'mod_lot_advanced') {
 							print '
 								if (this.value == 1) {
-									$("#field_mask").parent().toggleClass("hideobject");
+									$("#field_mask").parent().removeClass("hideobject");
 									$("#batch_mask_input").val("'.$inherited_mask_lot.'");
 								}
 							';
@@ -1680,7 +1679,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
 						if ($conf->global->PRODUCTBATCH_SN_USE_PRODUCT_MASKS && $conf->global->PRODUCTBATCH_SN_ADDON == 'mod_sn_advanced') {
 							print '
 								if (this.value == 2) {
-									$("#field_mask").parent().toggleClass("hideobject");
+									$("#field_mask").parent().removeClass("hideobject");
 									$("#batch_mask_input").val("'.$inherited_mask_sn.'");
 								}
 							';

From 68442a2d13ff00641b47fdc24b5bcc0e21dbbfed Mon Sep 17 00:00:00 2001
From: altairis-noe <noe.cendrier@altairis.fr>
Date: Thu, 8 Jul 2021 16:49:13 +0200
Subject: [PATCH 05/11] stickler corrections

---
 htdocs/product/card.php | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/htdocs/product/card.php b/htdocs/product/card.php
index be278127220..5adb29cbe80 100644
--- a/htdocs/product/card.php
+++ b/htdocs/product/card.php
@@ -1651,17 +1651,15 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
 						$(document).ready(function() {
 							$("#field_mask").parent().addClass("hideobject");
 							var preselect = document.getElementById("status_batch");';
-						if ($conf->global->PRODUCTBATCH_SN_USE_PRODUCT_MASKS)
-						{
-						print 'if (preselect.value == "2") {
-								$("#field_mask").parent().removeClass("hideobject");
-							}';
+						if ($conf->global->PRODUCTBATCH_SN_USE_PRODUCT_MASKS) {
+							print 'if (preselect.value == "2") {
+									$("#field_mask").parent().removeClass("hideobject");
+								}';
 						}
-						if ($conf->global->PRODUCTBATCH_LOT_USE_PRODUCT_MASKS)
-						{
-						print 'if (preselect.value == "1") {
-								$("#field_mask").parent().removeClass("hideobject");
-							}';
+						if ($conf->global->PRODUCTBATCH_LOT_USE_PRODUCT_MASKS) {
+							print 'if (preselect.value == "1") {
+									$("#field_mask").parent().removeClass("hideobject");
+								}';
 						}
 						print '$("#status_batch").on("change", function () {
 								var optionSelected = $("option:selected", this);

From 66590ba810f5031ae06e9e36146bbf51444ca78c Mon Sep 17 00:00:00 2001
From: altairis-noe <noe.cendrier@altairis.fr>
Date: Thu, 8 Jul 2021 17:10:03 +0200
Subject: [PATCH 06/11] getDolGlobalString instead of $conf->global

---
 htdocs/product/card.php | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/htdocs/product/card.php b/htdocs/product/card.php
index 5adb29cbe80..c16c11ef90e 100644
--- a/htdocs/product/card.php
+++ b/htdocs/product/card.php
@@ -1636,14 +1636,14 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
 						$tooltip .= '<br>'.$langs->trans("GenericMaskCodes4a", $langs->transnoentities("Batch"), $langs->transnoentities("Batch"));
 						$tooltip .= '<br>'.$langs->trans("GenericMaskCodes5");
 						print '<tr><td id="mask_option">'.$langs->trans("ManageLotMask").'</td>';
-						if ($object->status_batch == '1' && $conf->global->PRODUCTBATCH_LOT_USE_PRODUCT_MASKS && $conf->global->PRODUCTBATCH_LOT_ADDON == 'mod_lot_advanced') {
-							$mask = !empty($object->batch_mask) ? $object->batch_mask : $conf->global->LOT_ADVANCED_MASK;
+						if ($object->status_batch == '1' && getDolGlobalString('PRODUCTBATCH_LOT_USE_PRODUCT_MASKS') && getDolGlobalString('PRODUCTBATCH_LOT_ADDON') == 'mod_lot_advanced') {
+							$mask = !empty($object->batch_mask) ? $object->batch_mask : getDolGlobalString('LOT_ADVANCED_MASK');
 						}
-						if ($object->status_batch == '2' && $conf->global->PRODUCTBATCH_SN_USE_PRODUCT_MASKS && $conf->global->PRODUCTBATCH_SN_ADDON == 'mod_sn_advanced') {
+						if ($object->status_batch == '2' && getDolGlobalString('PRODUCTBATCH_SN_USE_PRODUCT_MASKS') && $conf->global->PRODUCTBATCH_SN_ADDON == 'mod_sn_advanced') {
 							$mask = !empty($object->batch_mask) ? $object->batch_mask : $conf->global->SN_ADVANCED_MASK;
 						}
-						$inherited_mask_lot = $conf->global->LOT_ADVANCED_MASK;
-						$inherited_mask_sn = $conf->global->SN_ADVANCED_MASK;
+						$inherited_mask_lot = getDolGlobalString('LOT_ADVANCED_MASK');
+						$inherited_mask_sn = getDolGlobalString('SN_ADVANCED_MASK');
 						print '<td id="field_mask">';
 						print $form->textwithpicto('<input type="text" class="flat minwidth175" name="batch_mask" id="batch_mask_input" value="'.$mask.'">', $tooltip, 1, 1);
 
@@ -1651,12 +1651,12 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
 						$(document).ready(function() {
 							$("#field_mask").parent().addClass("hideobject");
 							var preselect = document.getElementById("status_batch");';
-						if ($conf->global->PRODUCTBATCH_SN_USE_PRODUCT_MASKS) {
+						if (getDolGlobalString('PRODUCTBATCH_SN_USE_PRODUCT_MASKS')) {
 							print 'if (preselect.value == "2") {
 									$("#field_mask").parent().removeClass("hideobject");
 								}';
 						}
-						if ($conf->global->PRODUCTBATCH_LOT_USE_PRODUCT_MASKS) {
+						if (getDolGlobalString('PRODUCTBATCH_LOT_USE_PRODUCT_MASKS')) {
 							print 'if (preselect.value == "1") {
 									$("#field_mask").parent().removeClass("hideobject");
 								}';
@@ -1666,7 +1666,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
 								var valueSelected = this.value;
 								$("#field_mask").parent().addClass("hideobject");
 						';
-						if ($conf->global->PRODUCTBATCH_LOT_USE_PRODUCT_MASKS && $conf->global->PRODUCTBATCH_LOT_ADDON == 'mod_lot_advanced') {
+						if (getDolGlobalString('PRODUCTBATCH_LOT_USE_PRODUCT_MASKS') && getDolGlobalString('PRODUCTBATCH_LOT_ADDON') == 'mod_lot_advanced') {
 							print '
 								if (this.value == 1) {
 									$("#field_mask").parent().removeClass("hideobject");
@@ -1674,7 +1674,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
 								}
 							';
 						}
-						if ($conf->global->PRODUCTBATCH_SN_USE_PRODUCT_MASKS && $conf->global->PRODUCTBATCH_SN_ADDON == 'mod_sn_advanced') {
+						if (getDolGlobalString('PRODUCTBATCH_SN_USE_PRODUCT_MASKS') && getDolGlobalString('PRODUCTBATCH_SN_ADDON') == 'mod_sn_advanced') {
 							print '
 								if (this.value == 2) {
 									$("#field_mask").parent().removeClass("hideobject");

From eaa6987e8b6769af55c08868d3f4cc6731c7e167 Mon Sep 17 00:00:00 2001
From: Alexandre SPANGARO <aspangaro.dolibarr@gmail.com>
Date: Thu, 8 Jul 2021 17:15:03 +0200
Subject: [PATCH 07/11] Fix: formconfim if type radio must be :checked to get
 correct value

---
 htdocs/core/class/html.form.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 1019e9623e4..ff6a1a4334a 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -4434,7 +4434,7 @@ class Form
                          			var more = "";
 									var inputvalue;
                          			if ($("input[name=\'" + inputname + "\']").attr("type") == "radio") {
-										inputvalue = $("input[name=\'" + inputname + "\']").val();
+										inputvalue = $("input[name=\'" + inputname + "\']:checked").val();
 									} else {
                          		    	if ($("#" + inputname).attr("type") == "checkbox") { more = ":checked"; }
                          				inputvalue = $("#" + inputname + more).val();

From 9983163e7a27d4c568e18257ff1373fcf0ea1c83 Mon Sep 17 00:00:00 2001
From: altairis-noe <noe.cendrier@altairis.fr>
Date: Thu, 8 Jul 2021 17:21:36 +0200
Subject: [PATCH 08/11] a few more getDolGlobalString

---
 htdocs/product/card.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/product/card.php b/htdocs/product/card.php
index c16c11ef90e..19ed281ab00 100644
--- a/htdocs/product/card.php
+++ b/htdocs/product/card.php
@@ -1639,8 +1639,8 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
 						if ($object->status_batch == '1' && getDolGlobalString('PRODUCTBATCH_LOT_USE_PRODUCT_MASKS') && getDolGlobalString('PRODUCTBATCH_LOT_ADDON') == 'mod_lot_advanced') {
 							$mask = !empty($object->batch_mask) ? $object->batch_mask : getDolGlobalString('LOT_ADVANCED_MASK');
 						}
-						if ($object->status_batch == '2' && getDolGlobalString('PRODUCTBATCH_SN_USE_PRODUCT_MASKS') && $conf->global->PRODUCTBATCH_SN_ADDON == 'mod_sn_advanced') {
-							$mask = !empty($object->batch_mask) ? $object->batch_mask : $conf->global->SN_ADVANCED_MASK;
+						if ($object->status_batch == '2' && getDolGlobalString('PRODUCTBATCH_SN_USE_PRODUCT_MASKS') && getDolGlobalString('PRODUCTBATCH_SN_ADDON') == 'mod_sn_advanced') {
+							$mask = !empty($object->batch_mask) ? $object->batch_mask : getDolGlobalString('SN_ADVANCED_MASK');
 						}
 						$inherited_mask_lot = getDolGlobalString('LOT_ADVANCED_MASK');
 						$inherited_mask_sn = getDolGlobalString('SN_ADVANCED_MASK');

From a44d646946a17b91e002be17d68136075c468a03 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 8 Jul 2021 17:31:41 +0200
Subject: [PATCH 09/11] Fix to allow html content

---
 htdocs/admin/fckeditor.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/admin/fckeditor.php b/htdocs/admin/fckeditor.php
index bc6b0dc33ac..0aed2767048 100644
--- a/htdocs/admin/fckeditor.php
+++ b/htdocs/admin/fckeditor.php
@@ -114,7 +114,7 @@ if (GETPOST('save', 'alpha'))
 		$error++;
 	}
 
-	$fckeditor_test = GETPOST('formtestfield');
+	$fckeditor_test = GETPOST('formtestfield', 'restricthtml');
 	if (!empty($fckeditor_test)) {
 		if (!dolibarr_set_const($db, 'FCKEDITOR_TEST', $fckeditor_test, 'chaine', 0, '', $conf->entity)) {
 			$error++;

From cd215cda17f3e2c41f25de8304f207a13615e8f9 Mon Sep 17 00:00:00 2001
From: Alexandre SPANGARO <aspangaro.dolibarr@gmail.com>
Date: Thu, 8 Jul 2021 21:49:53 +0200
Subject: [PATCH 10/11] FIX Accountancy - if we define a date start, automatic
 binding try to solve old binding

---
 htdocs/accountancy/customer/index.php | 3 +++
 htdocs/accountancy/supplier/index.php | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/htdocs/accountancy/customer/index.php b/htdocs/accountancy/customer/index.php
index 1a5098bda38..943d914a980 100644
--- a/htdocs/accountancy/customer/index.php
+++ b/htdocs/accountancy/customer/index.php
@@ -136,6 +136,9 @@ if ($action == 'validatehistory') {
 	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
 	$sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
 	$sql .= " AND l.product_type <= 2";
+	if (!empty($conf->global->ACCOUNTING_DATE_START_BINDING)) {
+		$sql .= " AND f.datef >= '".$db->idate($conf->global->ACCOUNTING_DATE_START_BINDING)."'";
+	}
 
 	dol_syslog('htdocs/accountancy/customer/index.php');
 	$result = $db->query($sql);
diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php
index 0dbe09fa468..f20c238514a 100644
--- a/htdocs/accountancy/supplier/index.php
+++ b/htdocs/accountancy/supplier/index.php
@@ -133,6 +133,9 @@ if ($action == 'validatehistory') {
 	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_buy_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
 	$sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
 	$sql .= " AND l.product_type <= 2";
+	if (!empty($conf->global->ACCOUNTING_DATE_START_BINDING)) {
+		$sql .= " AND f.datef >= '".$db->idate($conf->global->ACCOUNTING_DATE_START_BINDING)."'";
+	}
 
 	dol_syslog('htdocs/accountancy/supplier/index.php');
 

From be62c2f7f44cd8852f9204301bffbebc7bb814a9 Mon Sep 17 00:00:00 2001
From: Alexandre SPANGARO <aspangaro.dolibarr@gmail.com>
Date: Thu, 8 Jul 2021 22:11:41 +0200
Subject: [PATCH 11/11] FIX Problem of z-index with popup and top menu

---
 htdocs/theme/eldy/global.inc.php | 3 +++
 htdocs/theme/md/style.css.php    | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php
index e5db84f9719..61cddc1f5a8 100644
--- a/htdocs/theme/eldy/global.inc.php
+++ b/htdocs/theme/eldy/global.inc.php
@@ -4108,6 +4108,9 @@ div#card-errors {
 .ui-dialog-content {
 }
 
+.ui-dialog.ui-corner-all.ui-widget.ui-widget-content.ui-front.ui-dialog-buttons.ui-draggable {
+	z-index: 1002 !important;		/* Default 101 with jquery, top menu have a z-index of 1000 */
+}
 
 /* ============================================================================== */
 /* For content of image preview                                                   */
diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php
index 3b690993c5d..0912fe2d38b 100644
--- a/htdocs/theme/md/style.css.php
+++ b/htdocs/theme/md/style.css.php
@@ -4025,6 +4025,9 @@ div#card-errors {
     font-size: <?php print $fontsize; ?>px !important;
 }
 
+.ui-dialog.ui-corner-all.ui-widget.ui-widget-content.ui-front.ui-dialog-buttons.ui-draggable {
+	z-index: 1002 !important;		/* Default 101 with jquery, top menu have a z-index of 1000 */
+}
 
 /* ============================================================================== */
 /* For content of image preview                                                   */