From da2f97134596b7f9955f053e8ae4d27dac631a14 Mon Sep 17 00:00:00 2001
From: florian HENRY <florian.henry@atm-consulting.fr>
Date: Fri, 8 Sep 2017 10:33:00 +0200
Subject: [PATCH 1/9] fix upload images on category

---
 htdocs/categories/class/categorie.class.php | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php
index ecf95c5096d..94113799be9 100644
--- a/htdocs/categories/class/categorie.class.php
+++ b/htdocs/categories/class/categorie.class.php
@@ -1525,11 +1525,13 @@ class Categorie extends CommonObject
 	 *  Deplace fichier uploade sous le nom $files dans le repertoire sdir
 	 *
 	 *  @param      string	$sdir       Repertoire destination finale
-	 *  @param      string	$file		Nom du fichier uploade
+	 *  @param      string	$files		Nom du fichier uploade
 	 *	@return		void
 	 */
 	function add_photo($sdir, $file)
 	{
+
+
 		require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 
 		$dir = $sdir .'/'. get_exdir($this->id,2,0,0,$this,'category') . $this->id ."/";
@@ -1542,15 +1544,18 @@ class Categorie extends CommonObject
 
 		if (file_exists($dir))
 		{
-			$originImage = $dir . $file['name'];
+			for ($i=0;$i<=count($file['name']);$i++) {
 
-			// Cree fichier en taille origine
-			dol_move_uploaded_file($file['tmp_name'], $originImage, 1, 0, 0);
+				$originImage = $dir . $file['name'][$i];
 
-			if (file_exists($originImage))
-			{
-			    // Create thumbs
-				$this->addThumbs($originImage);
+				// Cree fichier en taille origine
+				dol_move_uploaded_file($file['tmp_name'][$i], $originImage, 1, 0, 0);
+
+				if (file_exists($originImage))
+				{
+				    // Create thumbs
+					$this->addThumbs($originImage);
+				}
 			}
 		}
 	}

From 20ed279489cd87f2dd386d8bbb5421e3317e9d75 Mon Sep 17 00:00:00 2001
From: florian HENRY <florian.henry@atm-consulting.fr>
Date: Fri, 8 Sep 2017 10:34:38 +0200
Subject: [PATCH 2/9] better fix

---
 htdocs/categories/class/categorie.class.php | 26 ++++++++++++++-------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php
index 94113799be9..23cced4f0e5 100644
--- a/htdocs/categories/class/categorie.class.php
+++ b/htdocs/categories/class/categorie.class.php
@@ -1542,18 +1542,28 @@ class Categorie extends CommonObject
 			dol_mkdir($dir);
 		}
 
-		if (file_exists($dir))
-		{
-			for ($i=0;$i<=count($file['name']);$i++) {
+		if (file_exists($dir)) {
+			if (is_array($file['name']) && count($file['name']) > 0) {
+				for($i = 0; $i <= count($file['name']); $i ++) {
 
-				$originImage = $dir . $file['name'][$i];
+					$originImage = $dir . $file['name'][$i];
+
+					// Cree fichier en taille origine
+					dol_move_uploaded_file($file['tmp_name'][$i], $originImage, 1, 0, 0);
+
+					if (file_exists($originImage)) {
+						// Create thumbs
+						$this->addThumbs($originImage);
+					}
+				}
+			} else {
+				$originImage = $dir . $file['name'];
 
 				// Cree fichier en taille origine
-				dol_move_uploaded_file($file['tmp_name'][$i], $originImage, 1, 0, 0);
+				dol_move_uploaded_file($file['tmp_name'], $originImage, 1, 0, 0);
 
-				if (file_exists($originImage))
-				{
-				    // Create thumbs
+				if (file_exists($originImage)) {
+					// Create thumbs
 					$this->addThumbs($originImage);
 				}
 			}

From 34f08ce082dd5f0c2aff5173ed549d5cd2312856 Mon Sep 17 00:00:00 2001
From: florian HENRY <florian.henry@atm-consulting.fr>
Date: Fri, 8 Sep 2017 10:36:11 +0200
Subject: [PATCH 3/9] fix travis

---
 htdocs/categories/class/categorie.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php
index 23cced4f0e5..1e494c4a1ff 100644
--- a/htdocs/categories/class/categorie.class.php
+++ b/htdocs/categories/class/categorie.class.php
@@ -1525,7 +1525,7 @@ class Categorie extends CommonObject
 	 *  Deplace fichier uploade sous le nom $files dans le repertoire sdir
 	 *
 	 *  @param      string	$sdir       Repertoire destination finale
-	 *  @param      string	$files		Nom du fichier uploade
+	 *  @param      string	$file		Nom du fichier uploade
 	 *	@return		void
 	 */
 	function add_photo($sdir, $file)

From 1a389b6faf891d4b3ffc51ad87e0b7d1ffcebb11 Mon Sep 17 00:00:00 2001
From: florian HENRY <florian.henry@atm-consulting.fr>
Date: Fri, 8 Sep 2017 10:36:45 +0200
Subject: [PATCH 4/9] fix upload photo for categ

---
 htdocs/categories/class/categorie.class.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php
index 1e494c4a1ff..05d9049ff03 100644
--- a/htdocs/categories/class/categorie.class.php
+++ b/htdocs/categories/class/categorie.class.php
@@ -1530,8 +1530,6 @@ class Categorie extends CommonObject
 	 */
 	function add_photo($sdir, $file)
 	{
-
-
 		require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 
 		$dir = $sdir .'/'. get_exdir($this->id,2,0,0,$this,'category') . $this->id ."/";

From 03fe9d4e976b3968ec336ac406c67b6521960bdc Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 8 Sep 2017 13:23:12 +0200
Subject: [PATCH 5/9] Escape all status

---
 htdocs/adherents/type.php                     |  4 +-
 .../mailing/class/advtargetemailing.class.php | 10 ++--
 htdocs/comm/propal/stats/index.php            |  4 +-
 htdocs/commande/stats/index.php               |  4 +-
 htdocs/compta/facture/stats/index.php         |  8 ++--
 htdocs/core/class/html.form.class.php         |  2 +-
 htdocs/don/list.php                           |  4 +-
 htdocs/expensereport/stats/index.php          |  6 +--
 htdocs/fichinter/stats/index.php              |  6 +--
 htdocs/fourn/commande/list.php                |  4 +-
 .../product/class/html.formproduct.class.php  | 46 +++++++++----------
 htdocs/product/class/product.class.php        |  2 +-
 htdocs/supplier_proposal/list.php             |  2 +-
 13 files changed, 51 insertions(+), 51 deletions(-)

diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php
index 016fc5e0499..a0f36c409de 100644
--- a/htdocs/adherents/type.php
+++ b/htdocs/adherents/type.php
@@ -390,13 +390,13 @@ if ($rowid > 0)
 		}
 		if ($status != '')
 		{
-		    $sql.= " AND d.statut IN (".$status.")";     // Peut valoir un nombre ou liste de nombre separes par virgules
+		    $sql.= " AND d.statut IN (".$db->escape($status).")";     // Peut valoir un nombre ou liste de nombre separes par virgules
 		}
 		if ($action == 'search')
 		{
 			if (GETPOST('search'))
 			{
-		  		$sql.= natural_search(array("d.firstname","d.lastname"), GETPOST('search'));
+		  		$sql.= natural_search(array("d.firstname","d.lastname"), GETPOST('search','alpha'));
 		  	}
 		}
 		if (! empty($search_lastname))
diff --git a/htdocs/comm/mailing/class/advtargetemailing.class.php b/htdocs/comm/mailing/class/advtargetemailing.class.php
index a0744fcfa04..ce6a9cf9896 100644
--- a/htdocs/comm/mailing/class/advtargetemailing.class.php
+++ b/htdocs/comm/mailing/class/advtargetemailing.class.php
@@ -640,16 +640,16 @@ class AdvanceTargetingMailing extends CommonObject
 				$sqlwhere[]=$this->transformToSQL('t.firstname',$arrayquery['contact_firstname']);
 			}
 			if (!empty($arrayquery['contact_country']) && count($arrayquery['contact_country'])) {
-				$sqlwhere[]= " (t.fk_pays IN (".implode(',',$arrayquery['contact_country'])."))";
+				$sqlwhere[]= " (t.fk_pays IN (".$db->escape(implode(',',$arrayquery['contact_country']))."))";
 			}
 			if (!empty($arrayquery['contact_status']) && count($arrayquery['contact_status'])>0) {
-				$sqlwhere[]= " (t.statut IN (".implode(',',$arrayquery['contact_status'])."))";
+				$sqlwhere[]= " (t.statut IN (".$db->escape(implode(',',$arrayquery['contact_status']))."))";
 			}
 			if (!empty($arrayquery['contact_civility']) && count($arrayquery['contact_civility'])>0) {
-				$sqlwhere[]= " (t.civility IN ('".implode("','",$arrayquery['contact_civility'])."'))";
+				$sqlwhere[]= " (t.civility IN ('".$db->escape(implode("','",$arrayquery['contact_civility']))."'))";
 			}
 			if ($arrayquery['contact_no_email']!='') {
-				$sqlwhere[]= " (t.no_email='".$arrayquery['contact_no_email']."')";
+				$sqlwhere[]= " (t.no_email='".$db->escape($arrayquery['contact_no_email'])."')";
 			}
 			if ($arrayquery['contact_update_st_dt']!='') {
 				$sqlwhere[]= " (t.tms >= '".$this->db->idate($arrayquery['contact_update_st_dt'])."' AND t.tms <= '".$this->db->idate($arrayquery['contact_update_end_dt'])."')";
@@ -658,7 +658,7 @@ class AdvanceTargetingMailing extends CommonObject
 				$sqlwhere[]= " (t.datec >= '".$this->db->idate($arrayquery['contact_create_st_dt'])."' AND t.datec <= '".$this->db->idate($arrayquery['contact_create_end_dt'])."')";
 			}
 			if (!empty($arrayquery['contact_categ']) && count($arrayquery['contact_categ'])>0) {
-				$sqlwhere[]= " (contactcateg.fk_categorie IN (".implode(",",$arrayquery['contact_categ'])."))";
+				$sqlwhere[]= " (contactcateg.fk_categorie IN (".$db->escape(implode(",",$arrayquery['contact_categ']))."))";
 			}
 
 			//Standard Extrafield feature
diff --git a/htdocs/comm/propal/stats/index.php b/htdocs/comm/propal/stats/index.php
index 5c74c8374a0..273862f68bf 100644
--- a/htdocs/comm/propal/stats/index.php
+++ b/htdocs/comm/propal/stats/index.php
@@ -92,7 +92,7 @@ dol_mkdir($dir);
 
 
 $stats = new PropaleStats($db, $socid, ($userid>0?$userid:0), $mode);
-if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND p.fk_statut IN ('.$object_status.')';
+if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND p.fk_statut IN ('.$db->escape($object_status).')';
 
 // Build graphic number of object
 $data = $stats->getNbByMonthWithPrevYear($endyear,$startyear);
@@ -299,7 +299,7 @@ foreach ($data as $val)
     while (! empty($year) && $oldyear > $year+1)
     {	// If we have empty year
         $oldyear--;
-        
+
         print '<tr class="oddeven" height="24">';
         print '<td align="center"><a href="'.$_SERVER["PHP_SELF"].'?year='.$oldyear.'&amp;mode='.$mode.($socid>0?'&socid='.$socid:'').($userid>0?'&userid='.$userid:'').'">'.$oldyear.'</a></td>';
         print '<td align="right">0</td>';
diff --git a/htdocs/commande/stats/index.php b/htdocs/commande/stats/index.php
index ed9f8906804..6a8b57e3707 100644
--- a/htdocs/commande/stats/index.php
+++ b/htdocs/commande/stats/index.php
@@ -88,11 +88,11 @@ dol_mkdir($dir);
 $stats = new CommandeStats($db, $socid, $mode, ($userid>0?$userid:0));
 if ($mode == 'customer')
 {
-    if ($object_status != '' && $object_status >= -1) $stats->where .= ' AND c.fk_statut IN ('.$object_status.')';
+    if ($object_status != '' && $object_status >= -1) $stats->where .= ' AND c.fk_statut IN ('.$db->escape($object_status).')';
 }
 if ($mode == 'supplier')
 {
-    if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND c.fk_statut IN ('.$object_status.')';
+    if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND c.fk_statut IN ('.$db->escape($object_status).')';
 }
 
 
diff --git a/htdocs/compta/facture/stats/index.php b/htdocs/compta/facture/stats/index.php
index 55ff4dad6e3..bf54e4f58ab 100644
--- a/htdocs/compta/facture/stats/index.php
+++ b/htdocs/compta/facture/stats/index.php
@@ -84,11 +84,11 @@ dol_mkdir($dir);
 $stats = new FactureStats($db, $socid, $mode, ($userid>0?$userid:0));
 if ($mode == 'customer')
 {
-    if ($object_status != '' && $object_status >= -1) $stats->where .= ' AND f.fk_statut IN ('.$object_status.')';
+    if ($object_status != '' && $object_status >= -1) $stats->where .= ' AND f.fk_statut IN ('.$db->escape($object_status).')';
 }
 if ($mode == 'supplier')
 {
-    if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND f.fk_statut IN ('.$object_status.')';
+    if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND f.fk_statut IN ('.$db->escape($object_status).')';
 }
 
 // Build graphic number of object
@@ -299,7 +299,7 @@ foreach ($data as $val)
 	while ($year && $oldyear > $year+1)
 	{	// If we have empty year
 		$oldyear--;
-		
+
 		print '<tr class="oddeven" height="24">';
 		print '<td align="center"><a href="'.$_SERVER["PHP_SELF"].'?year='.$oldyear.'&amp;mode='.$mode.($socid>0?'&socid='.$socid:'').($userid>0?'&userid='.$userid:'').'">'.$oldyear.'</a></td>';
 		print '<td align="right">0</td>';
@@ -310,7 +310,7 @@ foreach ($data as $val)
 		print '<td align="right"></td>';
 		print '</tr>';
 	}
-	
+
 	print '<tr class="oddeven" height="24">';
 	print '<td align="center"><a href="'.$_SERVER["PHP_SELF"].'?year='.$year.'&amp;mode='.$mode.($socid>0?'&socid='.$socid:'').($userid>0?'&userid='.$userid:'').'">'.$year.'</a></td>';
 	print '<td align="right">'.$val['nb'].'</td>';
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index b7a2b46dfc0..c8ea494ad3a 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -1918,7 +1918,7 @@ class Form
         $sql.= ' WHERE p.entity IN ('.getEntity('product').')';
         if (count($warehouseStatusArray))
         {
-            $sql.= ' AND (p.fk_product_type = 1 OR e.statut IN ('.implode(',',$warehouseStatusArray).'))';
+            $sql.= ' AND (p.fk_product_type = 1 OR e.statut IN ('.$db->escape(implode(',',$warehouseStatusArray)).'))';
         }
 
         if (!empty($conf->global->PRODUIT_ATTRIBUTES_HIDECHILD)) {
diff --git a/htdocs/don/list.php b/htdocs/don/list.php
index 5521b233a28..9602b69a615 100644
--- a/htdocs/don/list.php
+++ b/htdocs/don/list.php
@@ -92,11 +92,11 @@ $sql.= " FROM ".MAIN_DB_PREFIX."don as d LEFT JOIN ".MAIN_DB_PREFIX."projet AS p
 $sql.= " ON p.rowid = d.fk_projet WHERE 1 = 1";
 if ($statut != '' && $statut != '-1')
 {
-	$sql .= " AND d.fk_statut IN (".$statut.")";
+	$sql .= " AND d.fk_statut IN (".$db->escape($statut).")";
 }
 if (trim($search_ref) != '')
 {
-    $sql.= natural_search('d.ref',$search_ref);
+    $sql.= natural_search('d.ref', $search_ref);
 }
 if (trim($search_all) != '')
 {
diff --git a/htdocs/expensereport/stats/index.php b/htdocs/expensereport/stats/index.php
index e158e4728a8..d0e3a1164bc 100644
--- a/htdocs/expensereport/stats/index.php
+++ b/htdocs/expensereport/stats/index.php
@@ -74,7 +74,7 @@ print load_fiche_titre($title, $mesg);
 dol_mkdir($dir);
 
 $stats = new ExpenseReportStats($db, $socid, $userid);
-if ($object_status != '' && $object_status >= -1) $stats->where .= ' AND e.fk_statut IN ('.$object_status.')';
+if ($object_status != '' && $object_status >= -1) $stats->where .= ' AND e.fk_statut IN ('.$db->escape($object_status).')';
 
 // Build graphic number of object
 // $data = array(array('Lib',val1,val2,val3),...)
@@ -262,7 +262,7 @@ foreach ($data as $val)
 	while ($year && $oldyear > $year+1)
 	{	// If we have empty year
 		$oldyear--;
-		
+
 		print '<tr '.$bc[$var].' height="24">';
 		print '<td align="center"><a href="'.$_SERVER["PHP_SELF"].'?year='.$oldyear.'&amp;mode='.$mode.'">'.$oldyear.'</a></td>';
 		print '<td align="right">0</td>';
@@ -271,7 +271,7 @@ foreach ($data as $val)
 		print '</tr>';
 	}
 
-	
+
 	print '<tr '.$bc[$var].' height="24">';
 	print '<td align="center"><a href="'.$_SERVER["PHP_SELF"].'?year='.$year.'&amp;mode='.$mode.'">'.$year.'</a></td>';
 	print '<td align="right">'.$val['nb'].'</td>';
diff --git a/htdocs/fichinter/stats/index.php b/htdocs/fichinter/stats/index.php
index 4daa0b7e00d..1c0ba5764ed 100644
--- a/htdocs/fichinter/stats/index.php
+++ b/htdocs/fichinter/stats/index.php
@@ -75,7 +75,7 @@ print load_fiche_titre($title,'','title_commercial.png');
 dol_mkdir($dir);
 
 $stats = new FichinterStats($db, $socid, $mode, ($userid>0?$userid:0));
-if ($object_status != '' && $object_status > -1) $stats->where .= ' AND c.fk_statut IN ('.$object_status.')';
+if ($object_status != '' && $object_status > -1) $stats->where .= ' AND c.fk_statut IN ('.$db->escape($object_status).')';
 
 // Build graphic number of object
 $data = $stats->getNbByMonthWithPrevYear($endyear,$startyear);
@@ -291,7 +291,7 @@ foreach ($data as $val)
 	while (! empty($year) && $oldyear > $year+1)
 	{ // If we have empty year
 		$oldyear--;
-		
+
 		print '<tr '.$bc[$var].' height="24">';
 		print '<td align="center"><a href="'.$_SERVER["PHP_SELF"].'?year='.$oldyear.'&amp;mode='.$mode.($socid>0?'&socid='.$socid:'').($userid>0?'&userid='.$userid:'').'">'.$oldyear.'</a></td>';
 
@@ -304,7 +304,7 @@ foreach ($data as $val)
 		print '</tr>';
 	}
 
-	
+
 	print '<tr '.$bc[$var].' height="24">';
 	print '<td align="center"><a href="'.$_SERVER["PHP_SELF"].'?year='.$year.'&amp;mode='.$mode.($socid>0?'&socid='.$socid:'').($userid>0?'&userid='.$userid:'').'">'.$year.'</a></td>';
 	print '<td align="right">'.$val['nb'].'</td>';
diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php
index ee9a6b3e490..ac67d256824 100644
--- a/htdocs/fourn/commande/list.php
+++ b/htdocs/fourn/commande/list.php
@@ -535,9 +535,9 @@ if ($search_request_author) $sql.=natural_search(array('u.lastname','u.firstname
 if ($billed != '' && $billed >= 0) $sql .= " AND cf.billed = ".$billed;
 
 //Required triple check because statut=0 means draft filter
-if (GETPOST('statut', 'alpha') !== '')
+if (GETPOST('statut', 'intcomma') !== '')
 {
-	$sql .= " AND cf.fk_statut IN (".$db->escape(GETPOST('statut', 'alpha')).")";
+	$sql .= " AND cf.fk_statut IN (".$db->escape($db->escape(GETPOST('statut', 'intcomma'))).")";
 }
 if ($search_status != '' && $search_status >= 0)
 {
diff --git a/htdocs/product/class/html.formproduct.class.php b/htdocs/product/class/html.formproduct.class.php
index 1dbfbc7662f..c526e7ae52b 100644
--- a/htdocs/product/class/html.formproduct.class.php
+++ b/htdocs/product/class/html.formproduct.class.php
@@ -57,7 +57,7 @@ class FormProduct
 	 * @param	string	$batch			    Add quantity of batch stock in label for product with batch name batch, batch name precedes batch_id. Nothing if ''.
 	 * @param	string	$status		      	warehouse status filter, following comma separated filter options can be used
      *										'warehouseopen' = select products from open warehouses,
-	 *										'warehouseclosed' = select products from closed warehouses, 
+	 *										'warehouseclosed' = select products from closed warehouses,
 	 *										'warehouseinternal' = select products from warehouses for internal correct/transfer only
 	 * @param	boolean	$sumStock		    sum total stock of a warehouse, default true
 	 * @param	array	$exclude		    warehouses ids to exclude
@@ -68,28 +68,28 @@ class FormProduct
 		global $conf, $langs;
 
 		if (empty($fk_product) && count($this->cache_warehouses)) return 0;    // Cache already loaded and we do not want a list with information specific to a product
-		
+
 		if (is_array($exclude))	$excludeGroups = implode("','",$exclude);
 
 		$warehouseStatus = array();
 
-		if (preg_match('/warehouseclosed/', $status)) 
+		if (preg_match('/warehouseclosed/', $status))
 		{
 			$warehouseStatus[] = Entrepot::STATUS_CLOSED;
 		}
-		if (preg_match('/warehouseopen/', $status)) 
+		if (preg_match('/warehouseopen/', $status))
 		{
 			$warehouseStatus[] = Entrepot::STATUS_OPEN_ALL;
 		}
-		if (preg_match('/warehouseinternal/', $status)) 
+		if (preg_match('/warehouseinternal/', $status))
 		{
 			$warehouseStatus[] = Entrepot::STATUS_OPEN_INTERNAL;
 		}
-		
+
 		$sql = "SELECT e.rowid, e.label, e.description, e.fk_parent";
-		if (!empty($fk_product)) 
+		if (!empty($fk_product))
 		{
-			if (!empty($batch)) 
+			if (!empty($batch))
 			{
 				$sql.= ", pb.qty as stock";
 			}
@@ -107,7 +107,7 @@ class FormProduct
 		if (!empty($fk_product))
 		{
 			$sql.= " AND ps.fk_product = '".$fk_product."'";
-			if (!empty($batch)) 
+			if (!empty($batch))
             {
                 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_batch as pb on pb.fk_product_stock = ps.rowid AND pb.batch = '".$batch."'";
             }
@@ -115,15 +115,15 @@ class FormProduct
 		$sql.= " WHERE e.entity IN (".getEntity('stock').")";
 		if (count($warehouseStatus))
 		{
-			$sql.= " AND e.statut IN (".implode(',',$warehouseStatus).")";
+			$sql.= " AND e.statut IN (".$db->escape(implode(',',$warehouseStatus)).")";
 		}
 		else
 		{
 			$sql.= " AND e.statut = 1";
 		}
-		
-		if(!empty($exclude)) $sql.= ' AND e.rowid NOT IN('.implode(',', $exclude).')';
-		
+
+		if(!empty($exclude)) $sql.= ' AND e.rowid NOT IN('.$db->escape(implode(',', $exclude)).')';
+
 		if ($sumStock && empty($fk_product)) $sql.= " GROUP BY e.rowid, e.label, e.description, e.fk_parent";
 		$sql.= " ORDER BY e.label";
 
@@ -144,7 +144,7 @@ class FormProduct
 				$this->cache_warehouses[$obj->rowid]['stock'] = $obj->stock;
 				$i++;
 			}
-			
+
 			// Full label init
 			foreach($this->cache_warehouses as $obj_rowid=>$tab) {
 				$this->cache_warehouses[$obj_rowid]['full_label'] = $this->get_parent_path($tab);
@@ -158,18 +158,18 @@ class FormProduct
 			return -1;
 		}
 	}
-	
+
 	/**
 	 * Return full path to current warehouse in $tab (recursive function)
-	 * 
+	 *
 	 * @param	array	$tab			warehouse data in $this->cache_warehouses line
 	 * @param	String	$final_label	full label with all parents, separated by ' >> ' (completed on each call)
 	 * @return	String					full label with all parents, separated by ' >> '
 	 */
 	private function get_parent_path($tab, $final_label='') {
-		
+
 		if(empty($final_label)) $final_label = $tab['label'];
-		
+
 		if(empty($tab['parent_id'])) return $final_label;
 		else {
 			if(!empty($this->cache_warehouses[$tab['parent_id']])) {
@@ -177,9 +177,9 @@ class FormProduct
 				return $this->get_parent_path($this->cache_warehouses[$tab['parent_id']], $final_label);
 			}
 		}
-		
+
 		return $final_label;
-		
+
 	}
 
 	/**
@@ -189,7 +189,7 @@ class FormProduct
 	 *  @param  string	$htmlname       Name of html select html
 	 *  @param  string	$filterstatus   warehouse status filter, following comma separated filter options can be used
      *									'warehouseopen' = select products from open warehouses,
-	 *									'warehouseclosed' = select products from closed warehouses, 
+	 *									'warehouseclosed' = select products from closed warehouses,
 	 *									'warehouseinternal' = select products from warehouses for internal correct/transfer only
 	 *  @param  int		$empty			1=Can be empty, 0 if not
 	 * 	@param	int		$disabled		1=Select is disabled
@@ -208,7 +208,7 @@ class FormProduct
 		global $conf,$langs,$user;
 
 		dol_syslog(get_class($this)."::selectWarehouses $selected, $htmlname, $filterstatus, $empty, $disabled, $fk_product, $empty_label, $showstock, $forcecombo, $morecss",LOG_DEBUG);
-		
+
 		$out='';
 		if (empty($conf->global->ENTREPOT_EXTRA_STATUS)) $filterstatus = '';
 		$this->loadWarehouses($fk_product, '', $filterstatus, true, $exclude);
@@ -221,7 +221,7 @@ class FormProduct
 			$out.= $comboenhancement;
 			$nodatarole=($comboenhancement?' data-role="none"':'');
 		}
-		
+
 		$out.='<select class="flat'.($morecss?' '.$morecss:'').'"'.($disabled?' disabled':'').' id="'.$htmlname.'" name="'.($htmlname.($disabled?'_disabled':'')).'"'.$nodatarole.'>';
 		if ($empty) $out.='<option value="-1">'.($empty_label?$empty_label:'&nbsp;').'</option>';
 		foreach($this->cache_warehouses as $id => $arraytypes)
diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php
index 14b60473687..06afce94c89 100644
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@@ -3750,7 +3750,7 @@ class Product extends CommonObject
 		$sql.= " WHERE w.entity IN (".getEntity('stock').")";
 		$sql.= " AND w.rowid = ps.fk_entrepot";
 		$sql.= " AND ps.fk_product = ".$this->id;
-		if ($conf->global->ENTREPOT_EXTRA_STATUS && count($warehouseStatus)) $sql.= " AND w.statut IN (".implode(',',$warehouseStatus).")";
+		if ($conf->global->ENTREPOT_EXTRA_STATUS && count($warehouseStatus)) $sql.= " AND w.statut IN (".$db->escape(implode(',',$warehouseStatus)).")";
 
 		dol_syslog(get_class($this)."::load_stock", LOG_DEBUG);
 		$result = $this->db->query($sql);
diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php
index 6a8a0884ce2..e6e205def8a 100644
--- a/htdocs/supplier_proposal/list.php
+++ b/htdocs/supplier_proposal/list.php
@@ -284,7 +284,7 @@ if ($search_montant_vat != '') $sql.= natural_search("sp.tva", $search_montant_v
 if ($search_montant_ttc != '') $sql.= natural_search("sp.total", $search_montant_ttc, 1);
 if ($sall) $sql .= natural_search(array_keys($fieldstosearchall), $sall);
 if ($socid) $sql.= ' AND s.rowid = '.$socid;
-if ($search_status >= 0 && $search_status != '') $sql.= ' AND sp.fk_statut IN ('.$search_status.')';
+if ($search_status >= 0 && $search_status != '') $sql.= ' AND sp.fk_statut IN ('.$db->escape($search_status).')';
 if ($month > 0)
 {
     if ($year > 0 && empty($day))

From a6a142753a259c681dec77f6971888787c2f2114 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 8 Sep 2017 15:24:27 +0200
Subject: [PATCH 6/9] Fix bad label when account not set

---
 htdocs/accountancy/customer/index.php      | 41 ++++++++++++---
 htdocs/accountancy/expensereport/index.php | 60 +++++++++++++++-------
 htdocs/accountancy/supplier/index.php      | 42 +++++++++++----
 htdocs/langs/en_US/accountancy.lang        |  1 +
 4 files changed, 109 insertions(+), 35 deletions(-)

diff --git a/htdocs/accountancy/customer/index.php b/htdocs/accountancy/customer/index.php
index f1bea3bd4a1..c07f15a6ef4 100644
--- a/htdocs/accountancy/customer/index.php
+++ b/htdocs/accountancy/customer/index.php
@@ -213,8 +213,8 @@ for($i = 1; $i <= 12; $i ++) {
 }
 print '<td width="60" align="right"><b>' . $langs->trans("Total") . '</b></td></tr>';
 
-$sql = "SELECT " . $db->ifsql('aa.account_number IS NULL', "'".$langs->trans('NotMatch')."'", 'aa.account_number') . " AS codecomptable,";
-$sql .= "  " . $db->ifsql('aa.label IS NULL', "'".$langs->trans('NotMatch')."'", 'aa.label') . " AS intitule,";
+$sql = "SELECT " . $db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number') . " AS codecomptable,";
+$sql .= "  " . $db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label') . " AS intitule,";
 for($i = 1; $i <= 12; $i ++) {
 	$sql .= "  SUM(" . $db->ifsql('MONTH(f.datef)=' . $i, 'fd.total_ht', '0') . ") AS month" . str_pad($i, 2, '0', STR_PAD_LEFT) . ",";
 }
@@ -240,8 +240,20 @@ if ($resql) {
 
 	while ( $row = $db->fetch_row($resql)) {
 
-		print '<tr class="oddeven"><td>' . length_accountg($row[0]) . '</td>';
-		print '<td align="left">' . $row[1] . '</td>';
+		print '<tr class="oddeven"><td>';
+		if ($row[0] == 'tobind')
+		{
+			print $langs->trans("Unknown");
+		}
+		else print length_accountg($row[0]);
+		print '</td>';
+		print '<td align="left">';
+		if ($row[0] == 'tobind')
+		{
+			print $langs->trans("UseMenuToSetBindindManualy", DOL_URL_ROOT.'/accountancy/customer/list.php?search_year='.$y, $langs->transnoentitiesnoconv("ToBind"));
+		}
+		else print $row[1];
+		print '</td>';
 		for($i = 2; $i <= 12; $i ++) {
 			print '<td align="right">' . price($row[$i]) . '</td>';
 		}
@@ -269,8 +281,8 @@ for($i = 1; $i <= 12; $i ++) {
 }
 print '<td width="60" align="right"><b>' . $langs->trans("Total") . '</b></td></tr>';
 
-$sql = "SELECT " . $db->ifsql('aa.account_number IS NULL', "'".$langs->trans('NotMatch')."'", 'aa.account_number') . " AS codecomptable,";
-$sql .= "  " . $db->ifsql('aa.label IS NULL', "'".$langs->trans('NotMatch')."'", 'aa.label') . " AS intitule,";
+$sql = "SELECT " . $db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number') . " AS codecomptable,";
+$sql .= "  " . $db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label') . " AS intitule,";
 for($i = 1; $i <= 12; $i ++) {
 	$sql .= "  SUM(" . $db->ifsql('MONTH(f.datef)=' . $i, 'fd.total_ht', '0') . ") AS month" . str_pad($i, 2, '0', STR_PAD_LEFT) . ",";
 }
@@ -296,7 +308,20 @@ if ($resql) {
 
 	while ( $row = $db->fetch_row($resql)) {
 
-		print '<tr class="oddeven"><td>' . length_accountg($row[0]) . '</td>';
+		print '<tr class="oddeven"><td>';
+		if ($row[0] == 'tobind')
+		{
+			print $langs->trans("Unknown");
+		}
+		else print length_accountg($row[0]);
+		print '</td>';
+		print '<td align="left">';
+		if ($row[0] == 'tobind')
+		{
+			print $langs->trans("UseMenuToSetBindindManualy", DOL_URL_ROOT.'/accountancy/customer/list.php?search_year='.$y, $langs->transnoentitiesnoconv("ToBind"));
+		}
+		else print $row[1];
+		print '</td>';
 		print '<td align="left">' . $row[1] . '</td>';
 		for($i = 2; $i <= 12; $i ++) {
 			print '<td align="right">' . price($row[$i]) . '</td>';
@@ -363,7 +388,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) // This part of code looks strange.
 	}
 	print "</table>\n";
 
-	
+
 	if (! empty($conf->margin->enabled)) {
 		print "<br>\n";
 		print '<table class="noborder" width="100%">';
diff --git a/htdocs/accountancy/expensereport/index.php b/htdocs/accountancy/expensereport/index.php
index b17aeedb4bd..19a0a6b5187 100644
--- a/htdocs/accountancy/expensereport/index.php
+++ b/htdocs/accountancy/expensereport/index.php
@@ -94,7 +94,7 @@ if ($action == 'validatehistory') {
 	}
 
 	dol_syslog('htdocs/accountancy/expensereport/index.php');
-	
+
 	$resql1 = $db->query($sql1);
 	if (! $resql1) {
 		$error ++;
@@ -139,7 +139,7 @@ if ($action == 'validatehistory') {
 	$sql1.= " AND er.date_debut <= '" . $db->idate(dol_get_last_day($year_current, 12, false)) . "'";
 	$sql1.= " AND er.entity IN (" . getEntity('accountancy') . ")";
 	$sql1.=")";
-	
+
 	dol_syslog("htdocs/accountancy/customer/index.php fixaccountancycode", LOG_DEBUG);
 
 	$resql1 = $db->query($sql1);
@@ -194,8 +194,8 @@ for($i = 1; $i <= 12; $i ++) {
 }
 print '<td width="60" align="right"><b>' . $langs->trans("Total") . '</b></td></tr>';
 
-$sql = "SELECT  ".$db->ifsql('aa.account_number IS NULL', "'".$langs->trans('NotMatch')."'", 'aa.account_number') ." AS codecomptable,";
-$sql .= "  " . $db->ifsql('aa.label IS NULL', "'".$langs->trans('NotMatch')."'", 'aa.label') . " AS intitule,";
+$sql = "SELECT  ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number') ." AS codecomptable,";
+$sql .= "  " . $db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label') . " AS intitule,";
 for($i = 1; $i <= 12; $i ++) {
     $sql .= "  SUM(" . $db->ifsql('MONTH(er.date_debut)=' . $i, 'erd.total_ht', '0') . ") AS month" . str_pad($i, 2, '0', STR_PAD_LEFT) . ",";
 }
@@ -217,9 +217,21 @@ if ($resql) {
 
     while ( $row = $db->fetch_row($resql)) {
 
-        print '<tr class="oddeven"><td>' . length_accountg($row[0]) . '</td>';
-        print '<td align="left">' . $row[1] . '</td>';
-        for($i = 2; $i <= 12; $i ++) {
+		print '<tr class="oddeven"><td>';
+		if ($row[0] == 'tobind')
+		{
+			print $langs->trans("Unknown");
+		}
+		else print length_accountg($row[0]);
+		print '</td>';
+		print '<td align="left">';
+		if ($row[0] == 'tobind')
+		{
+			print $langs->trans("UseMenuToSetBindindManualy", DOL_URL_ROOT.'/accountancy/expensereport/list.php?search_year='.$y, $langs->transnoentitiesnoconv("ToBind"));
+		}
+		else print $row[1];
+		print '</td>';
+    	for($i = 2; $i <= 12; $i ++) {
             print '<td align="right">' . price($row[$i]) . '</td>';
         }
         print '<td align="right">' . price($row[13]) . '</td>';
@@ -247,8 +259,8 @@ for($i = 1; $i <= 12; $i ++) {
 }
 print '<td width="60" align="right"><b>' . $langs->trans("Total") . '</b></td></tr>';
 
-$sql = "SELECT  ".$db->ifsql('aa.account_number IS NULL', "'".$langs->trans('NotMatch')."'", 'aa.account_number') ." AS codecomptable,";
-$sql .= "  " . $db->ifsql('aa.label IS NULL', "'".$langs->trans('NotMatch')."'", 'aa.label') . " AS intitule,";
+$sql = "SELECT  ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number') ." AS codecomptable,";
+$sql .= "  " . $db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label') . " AS intitule,";
 for($i = 1; $i <= 12; $i ++) {
     $sql .= "  SUM(" . $db->ifsql('MONTH(er.date_debut)=' . $i, 'erd.total_ht', '0') . ") AS month" . str_pad($i, 2, '0', STR_PAD_LEFT) . ",";
 }
@@ -270,9 +282,21 @@ if ($resql) {
 
     while ( $row = $db->fetch_row($resql)) {
 
-        print '<tr class="oddeven"><td>' . length_accountg($row[0]) . '</td>';
-        print '<td align="left">' . $row[1] . '</td>';
-        for($i = 2; $i <= 12; $i ++) {
+		print '<tr class="oddeven"><td>';
+		if ($row[0] == 'tobind')
+		{
+			print $langs->trans("Unknown");
+		}
+		else print length_accountg($row[0]);
+		print '</td>';
+		print '<td align="left">';
+		if ($row[0] == 'tobind')
+		{
+			print $langs->trans("UseMenuToSetBindindManualy", DOL_URL_ROOT.'/accountancy/expensereport/list.php?search_year='.$y, $langs->transnoentitiesnoconv("ToBind"));
+		}
+		else print $row[1];
+		print '</td>';
+    	for($i = 2; $i <= 12; $i ++) {
             print '<td align="right">' . price($row[$i]) . '</td>';
         }
         print '<td align="right">' . price($row[13]) . '</td>';
@@ -292,9 +316,9 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) // This part of code looks strange.
 {
     print '<br>';
     print '<br>';
-    
+
     print_fiche_titre($langs->trans("OtherInfo"), '', '');
-    
+
     print "<br>\n";
     print '<table class="noborder" width="100%">';
     print '<tr class="liste_titre"><td width="400" align="left">' . $langs->trans("Total") . '</td>';
@@ -302,7 +326,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) // This part of code looks strange.
     	print '<td width="60" align="right">' . $langs->trans('MonthShort' . str_pad($i, 2, '0', STR_PAD_LEFT)) . '</td>';
     }
     print '<td width="60" align="right"><b>' . $langs->trans("Total") . '</b></td></tr>';
-    
+
     $sql = "SELECT '" . $langs->trans("TotalExpenseReport") . "' AS label,";
     for($i = 1; $i <= 12; $i ++) {
     	$sql .= " SUM(" . $db->ifsql('MONTH(er.date_create)=' . $i, 'erd.total_ht', '0') . ") AS month" . str_pad($i, 2, '0', STR_PAD_LEFT) . ",";
@@ -314,12 +338,12 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) // This part of code looks strange.
     $sql .= " AND er.date_debut <= '" . $db->idate(dol_get_last_day($y, 12, false)) . "'";
     $sql .= " AND er.fk_statut > 0 ";
     $sql .= " AND er.entity IN (" . getEntity('expensereport', 0) . ")";     // We don't share object for accountancy
-    
+
     dol_syslog('htdocs/accountancy/expensereport/index.php');
     $resql = $db->query($sql);
     if ($resql) {
     	$num = $db->num_rows($resql);
-    
+
     	while ( $row = $db->fetch_row($resql)) {
     		print '<tr><td>' . $row[0] . '</td>';
     			for($i = 1; $i <= 12; $i ++) {
@@ -328,7 +352,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) // This part of code looks strange.
     		print '<td align="right"><b>' . price($row[13]) . '</b></td>';
     		print '</tr>';
     	}
-    
+
     	$db->free($resql);
     } else {
     	print $db->lasterror(); // Show last sql error
diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php
index f862feb5ba3..3dac6a23567 100644
--- a/htdocs/accountancy/supplier/index.php
+++ b/htdocs/accountancy/supplier/index.php
@@ -190,8 +190,8 @@ for($i = 1; $i <= 12; $i ++) {
 }
 print '<td width="60" align="right"><b>' . $langs->trans("Total") . '</b></td></tr>';
 
-$sql = "SELECT  ".$db->ifsql('aa.account_number IS NULL', "'".$langs->trans('NotMatch')."'", 'aa.account_number') ." AS codecomptable,";
-$sql .= "  " . $db->ifsql('aa.label IS NULL', "'".$langs->trans('NotMatch')."'", 'aa.label') . " AS intitule,";
+$sql = "SELECT  ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number') ." AS codecomptable,";
+$sql .= "  " . $db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label') . " AS intitule,";
 for($i = 1; $i <= 12; $i ++) {
 	$sql .= "  SUM(" . $db->ifsql('MONTH(ff.datef)=' . $i, 'ffd.total_ht', '0') . ") AS month" . str_pad($i, 2, '0', STR_PAD_LEFT) . ",";
 }
@@ -213,8 +213,20 @@ if ($resql) {
 
 	while ( $row = $db->fetch_row($resql)) {
 
-		print '<tr class="oddeven"><td>' . length_accountg($row[0]) . '</td>';
-		print '<td align="left">' . $row[1] . '</td>';
+		print '<tr class="oddeven"><td>';
+		if ($row[0] == 'tobind')
+		{
+			print $langs->trans("Unknown");
+		}
+		else print length_accountg($row[0]);
+		print '</td>';
+		print '<td align="left">';
+		if ($row[0] == 'tobind')
+		{
+			print $langs->trans("UseMenuToSetBindindManualy", DOL_URL_ROOT.'/accountancy/supplier/list.php?search_year='.$y, $langs->transnoentitiesnoconv("ToBind"));
+		}
+		else print $row[1];
+		print '</td>';
 		for($i = 2; $i <= 12; $i ++) {
 			print '<td align="right">' . price($row[$i]) . '</td>';
 		}
@@ -244,8 +256,8 @@ for($i = 1; $i <= 12; $i ++) {
 }
 print '<td width="60" align="right"><b>' . $langs->trans("Total") . '</b></td></tr>';
 
-$sql = "SELECT  ".$db->ifsql('aa.account_number IS NULL', "'".$langs->trans('NotMatch')."'", 'aa.account_number') ." AS codecomptable,";
-$sql .= "  " . $db->ifsql('aa.label IS NULL', "'".$langs->trans('NotMatch')."'", 'aa.label') . " AS intitule,";
+$sql = "SELECT  ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number') ." AS codecomptable,";
+$sql .= "  " . $db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label') . " AS intitule,";
 for($i = 1; $i <= 12; $i ++) {
     $sql .= "  SUM(" . $db->ifsql('MONTH(ff.datef)=' . $i, 'ffd.total_ht', '0') . ") AS month" . str_pad($i, 2, '0', STR_PAD_LEFT) . ",";
 }
@@ -267,9 +279,21 @@ if ($resql) {
 
     while ( $row = $db->fetch_row($resql)) {
 
-        print '<tr class="oddeven"><td>' . length_accountg($row[0]) . '</td>';
-        print '<td align="left">' . $row[1] . '</td>';
-        for($i = 2; $i <= 12; $i ++) {
+		print '<tr class="oddeven"><td>';
+		if ($row[0] == 'tobind')
+		{
+			print $langs->trans("Unknown");
+		}
+		else print length_accountg($row[0]);
+		print '</td>';
+		print '<td align="left">';
+		if ($row[0] == 'tobind')
+		{
+			print $langs->trans("UseMenuToSetBindindManualy", DOL_URL_ROOT.'/accountancy/supplier/list.php?search_year='.$y, $langs->transnoentitiesnoconv("ToBind"));
+		}
+		else print $row[1];
+		print '</td>';
+    	for($i = 2; $i <= 12; $i ++) {
             print '<td align="right">' . price($row[$i]) . '</td>';
         }
         print '<td align="right">' . price($row[13]) . '</td>';
diff --git a/htdocs/langs/en_US/accountancy.lang b/htdocs/langs/en_US/accountancy.lang
index e200f0ca7c0..757dbde1c0b 100644
--- a/htdocs/langs/en_US/accountancy.lang
+++ b/htdocs/langs/en_US/accountancy.lang
@@ -273,5 +273,6 @@ BookeppingLineAlreayExists=Lines already existing into bookeeping
 NoJournalDefined=No journal defined
 Binded=Lines bound
 ToBind=Lines to bind
+UseMenuToSetBindindManualy=Autodection not possible, use menu <a href="%s">%s</a> to make the binding manually
 
 WarningReportNotReliable=Warning, this report is not based on the Ledger, so does not contains transaction modified manualy in the Ledger. It will be replaced by a more complete report in a next version. 

From 8b20c5edab762bf71208a281f76fa07645422e4f Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 8 Sep 2017 15:44:11 +0200
Subject: [PATCH 7/9] FIX Remove warning when using log into syslog

---
 htdocs/accountancy/journal/bankjournal.php       | 11 ++++++++---
 htdocs/core/modules/syslog/mod_syslog_syslog.php |  8 ++++----
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php
index 505e2a9f534..35f612802c2 100644
--- a/htdocs/accountancy/journal/bankjournal.php
+++ b/htdocs/accountancy/journal/bankjournal.php
@@ -172,13 +172,16 @@ if ($result) {
 	{
 		$obj = $db->fetch_object($result);
 
+		$lineisapurchase = ($obj->label == '(SupplierInvoicePayment)' || $obj->label == '(SupplierInvoicePaymentBack)');
+		$lineisasell = ($obj->label == '(CustomerInvoicePayment)' || $obj->label == '(CustomerInvoicePaymentBack)');
+
 		// Set accountancy code (for bank and thirdparty)
 		$compta_bank = $obj->account_number;
 
 		$compta_soc = 'NotDefined';
-		if ($obj->label == '(SupplierInvoicePayment)' || $obj->label == '(SupplierInvoicePaymentBack)')
+		if ($lineisapurchase)
 			$compta_soc = (! empty($obj->code_compta_fournisseur) ? $obj->code_compta_fournisseur : $account_supplier);
-		if ($obj->label == '(CustomerInvoicePayment)' || $obj->label == '(CustomerInvoicePaymentBack)')
+		if ($lineisasell)
 			$compta_soc = (! empty($obj->code_compta) ? $obj->code_compta : $account_customer);
 
 		$tabcompany[$obj->rowid] = array (
@@ -604,6 +607,8 @@ if (! $error && $action == 'writebookkeeping') {
 	}
 }
 
+
+
 // Export
 if ($action == 'exportcsv') {		// ISO and not UTF8 !
 	$sep = $conf->global->ACCOUNTING_EXPORT_SEPARATORCSV;
@@ -936,7 +941,7 @@ $db->close();
  * Return source for doc_ref of a bank transaction
  *
  * @param 	string 	$val			Array of val
- * @param 	string	$typerecord		Type of record
+ * @param 	string	$typerecord		Type of record ('payment', 'payment_supplier', 'payment_expensereport', 'payment_vat', ...)
  * @return string|unknown
  */
 function getSourceDocRef($val, $typerecord)
diff --git a/htdocs/core/modules/syslog/mod_syslog_syslog.php b/htdocs/core/modules/syslog/mod_syslog_syslog.php
index e0283ac9a9f..1f2f499fbac 100644
--- a/htdocs/core/modules/syslog/mod_syslog_syslog.php
+++ b/htdocs/core/modules/syslog/mod_syslog_syslog.php
@@ -49,7 +49,7 @@ class mod_syslog_syslog extends LogHandler implements LogHandlerInterface
 	public function isActive()
 	{
 	    global $conf;
-	    
+
 		// This function does not exists on some ISP (Ex: Free in France)
 		if (!function_exists('openlog')) return 0;
 
@@ -81,15 +81,15 @@ class mod_syslog_syslog extends LogHandler implements LogHandlerInterface
 	 */
 	public function checkConfiguration()
 	{
-		global $langs;
+		global $conf, $langs;
 
 		$errors = array();
 
-	    $facility = SYSLOG_FACILITY;
+	    $facility = constant($conf->global->SYSLOG_FACILITY);
 	    if ($facility)
 		{
 			// Only LOG_USER supported on Windows
-			if (! empty($_SERVER["WINDIR"])) $facility='LOG_USER';
+			if (! empty($_SERVER["WINDIR"])) $facility=constant('LOG_USER');
 
 			dol_syslog("admin/syslog: facility ".$facility);
 		}

From c498ce3c41d8847f279169fc15202ba0bb8c830d Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 8 Sep 2017 17:50:39 +0200
Subject: [PATCH 8/9] FIX journalization for bank journal should not rely on a
 label.

---
 htdocs/accountancy/journal/bankjournal.php | 82 +++++++++++++++++-----
 htdocs/langs/en_US/accountancy.lang        |  3 +-
 2 files changed, 67 insertions(+), 18 deletions(-)

diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php
index 35f612802c2..640c4b03353 100644
--- a/htdocs/accountancy/journal/bankjournal.php
+++ b/htdocs/accountancy/journal/bankjournal.php
@@ -104,12 +104,15 @@ $idpays = $mysoc->country_id;
 
 $sql  = "SELECT b.rowid, b.dateo as do, b.datev as dv, b.amount, b.label, b.rappro, b.num_releve, b.num_chq, b.fk_type, b.fk_account,";
 $sql .= " ba.courant, ba.ref as baref, ba.account_number, ba.fk_accountancy_journal,";
-$sql .= " soc.code_compta, soc.code_compta_fournisseur, soc.rowid as socid, soc.nom as name, bu1.type as typeop,";
-$sql .= " u.accountancy_code, u.rowid as userid, u.lastname as lastname, u.firstname as firstname, bu2.type as typeop";
+$sql .= " soc.code_compta, soc.code_compta_fournisseur, soc.rowid as socid, soc.nom as name, bu1.type as typeop_company,";
+$sql .= " u.accountancy_code, u.rowid as userid, u.lastname as lastname, u.firstname as firstname, bu2.type as typeop_user,";
+$sql .= " bu3.type as typeop_payment, bu4.type as typeop_payment_supplier";
 $sql .= " FROM " . MAIN_DB_PREFIX . "bank as b";
 $sql .= " JOIN " . MAIN_DB_PREFIX . "bank_account as ba on b.fk_account=ba.rowid";
 $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "bank_url as bu1 ON bu1.fk_bank = b.rowid AND bu1.type='company'";
 $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "bank_url as bu2 ON bu2.fk_bank = b.rowid AND bu2.type='user'";
+$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "bank_url as bu3 ON bu3.fk_bank = b.rowid AND bu3.type='payment'";
+$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "bank_url as bu4 ON bu4.fk_bank = b.rowid AND bu4.type='payment_supplier'";
 $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe as soc on bu1.url_id=soc.rowid";
 $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "user as u on bu2.url_id=u.rowid";
 $sql .= " WHERE ba.fk_accountancy_journal=" . $id_journal;
@@ -147,6 +150,7 @@ $result = $db->query($sql);
 if ($result) {
 
 	$num = $db->num_rows($result);
+	//print $sql;
 
 	// Variables
 	$account_supplier = (! empty($conf->global->ACCOUNTING_ACCOUNT_SUPPLIER) ? $conf->global->ACCOUNTING_ACCOUNT_SUPPLIER : 'NotDefined');	// NotDefined is a reserved word
@@ -172,16 +176,31 @@ if ($result) {
 	{
 		$obj = $db->fetch_object($result);
 
-		$lineisapurchase = ($obj->label == '(SupplierInvoicePayment)' || $obj->label == '(SupplierInvoicePaymentBack)');
-		$lineisasell = ($obj->label == '(CustomerInvoicePayment)' || $obj->label == '(CustomerInvoicePaymentBack)');
+		$lineisapurchase = -1;
+		$lineisasale = -1;
+		// Old method to detect if it's a sale or purchase
+		if ($obj->label == '(SupplierInvoicePayment)' || $obj->label == '(SupplierInvoicePaymentBack)') $lineisapurchase=1;
+		if ($obj->label == '(CustomerInvoicePayment)' || $obj->label == '(CustomerInvoicePaymentBack)') $lineisasale=1;
+		// Try a more reliable method to detect if record is a supplier payment or a customer payment
+		if ($lineisapurchase < 0)
+		{
+			if ($obj->typeop_payment_supplier == 'payment_supplier') $lineisapurchase = 1;
+		}
+		if ($lineisasale < 0)
+		{
+			if ($obj->typeop_payment == 'payment') $lineisasale = 1;
+		}
+		//var_dump($obj->type_payment); var_dump($obj->type_payment_supplier);
+		//var_dump($lineisapurchase); //var_dump($lineisasale);
 
-		// Set accountancy code (for bank and thirdparty)
+		// Set accountancy code for bank
 		$compta_bank = $obj->account_number;
 
+		// Set accountancy code for thirdparty
 		$compta_soc = 'NotDefined';
-		if ($lineisapurchase)
+		if ($lineisapurchase > 0)
 			$compta_soc = (! empty($obj->code_compta_fournisseur) ? $obj->code_compta_fournisseur : $account_supplier);
-		if ($lineisasell)
+		if ($lineisasale > 0)
 			$compta_soc = (! empty($obj->code_compta) ? $obj->code_compta : $account_customer);
 
 		$tabcompany[$obj->rowid] = array (
@@ -190,6 +209,7 @@ if ($result) {
 				'code_compta' => $compta_soc,
 		);
 
+		// Set accountancy code for user
 		$compta_user = (! empty($obj->accountancy_code) ? $obj->accountancy_code : $account_employee);
 
 		$tabuser[$obj->rowid] = array (
@@ -205,6 +225,7 @@ if ($result) {
 		$tabpay[$obj->rowid]["type_payment"] = $obj->fk_type;		// CHQ, VIR, LIQ, CB, ...
 		$tabpay[$obj->rowid]["ref"] = $obj->label;					// By default. Not unique. May be changed later
 		$tabpay[$obj->rowid]["fk_bank"] = $obj->rowid;
+		$tabpay[$obj->rowid]["bank_account_ref"] = $obj->baref;
 		$tabpay[$obj->rowid]["fk_bank_account"] = $obj->fk_account;
 		if (preg_match('/^\((.*)\)$/i', $obj->label, $reg)) {
 			$tabpay[$obj->rowid]["lib"] = $langs->trans($reg[1]);
@@ -217,7 +238,7 @@ if ($result) {
 		//var_dump($tabpay);
 
 		// By default
-		$tabpay[$obj->rowid]['type'] = 'unknown';	// Can be SOLD, miscellaneous entry, payment of patient, or old record with no links in bank_url.
+		$tabpay[$obj->rowid]['type'] = 'unknown';	// Can be SOLD, miscellaneous entry, payment of patient, or any old record with no links in bank_url.
 		$tabtype[$obj->rowid] = 'unknown';
 
 		// get_url may return -1 which is not traversable
@@ -742,6 +763,22 @@ if (empty($action) || $action == 'view') {
 
 	journalHead($nom, $nomlink, $period, $periodlink, $description, $builddate, $exportlink, array('action' => ''), '', $varlink);
 
+
+	// Test that setup is complete
+	$sql='SELECT COUNT(rowid) as nb FROM '.MAIN_DB_PREFIX.'bank_account WHERE fk_accountancy_journal IS NULL';
+	$resql=$db->query($sql);
+	if ($resql)
+	{
+		$obj=$db->fetch_object($resql);
+		if ($obj->nb > 0)
+		{
+			print img_warning().' '.$langs->trans("TheJournalCodeIsNotDefinedOnSomeBankAccount");
+			print ' : '.$langs->trans("AccountancyAreaDescBank", 9, '<strong>'.$langs->transnoentitiesnoconv("MenuBankCash").'</strong>');
+		}
+	}
+	else dol_print_error($db);
+
+
 	// Button to write into Ledger
 	if (empty($conf->global->ACCOUNTING_ACCOUNT_CUSTOMER) || $conf->global->ACCOUNTING_ACCOUNT_CUSTOMER == '-1'
 		|| empty($conf->global->ACCOUNTING_ACCOUNT_SUPPLIER) || $conf->global->ACCOUNTING_ACCOUNT_SUPPLIER == '-1'
@@ -802,8 +839,10 @@ if (empty($action) || $action == 'view') {
 		// Bank
 		foreach ( $tabbq[$key] as $k => $mt )
 		{
+			//var_dump($tabpay[$key]);
+			print '<!-- Bank bank.rowid='.$key.' type='.$tabpay[$key]['type'].' ref='.$tabpay[$key]['ref'].'-->';
 			print '<tr class="oddeven">';
-			print "<td><!-- Bank bank.rowid=".$key."--></td>";
+			print "<td></td>";
 			print "<td>" . $date . "</td>";
 			print "<td>" . $ref . "</td>";
 			// Ledger account
@@ -824,11 +863,14 @@ if (empty($action) || $action == 'view') {
 			}
 			else print $accounttoshow;*/
 			print "</td>";
-			if ($val['soclib'] == '') {
-				print "<td>" . $langs->trans("Bank") . " - " . $reflabel . "</td>";
-			} else {
-				print "<td>" . $langs->trans("Bank") . " - " . $val['soclib'] . "</td>";
+			print "<td>";
+			//var_dump($tabpay[$key]);
+			print $langs->trans("Bank");
+			print ' '.$val['bank_account_ref'];
+			if (! empty($val['soclib'])) {
+				print  " - " . $val['soclib'];
 			}
+			print "</td>";
 			print "<td>" . $val["type_payment"] . "</td>";
 			print "<td align='right'>" . ($mt >= 0 ? price($mt) : '') . "</td>";
 			print "<td align='right'>" . ($mt < 0 ? price(- $mt) : '') . "</td>";
@@ -839,14 +881,15 @@ if (empty($action) || $action == 'view') {
 		if (is_array($tabtp[$key])) {
 			foreach ( $tabtp[$key] as $k => $mt ) {
 				if ($k != 'type') {
+					print '<!-- Thirdparty bank.rowid='.$key.' -->';
 					print '<tr class="oddeven">';
-					print "<td><!-- Thirdparty bank.rowid=".$key." --></td>";
+					print "<td></td>";
 					print "<td>" . $date . "</td>";
 					print "<td>" . $ref . "</td>";
 					// Ledger account
 					print "<td>";
 					$account_ledger = $k;
-
+					// Try to force general ledger account depending on type
 					if ($tabtype[$key] == 'payment') $account_ledger = $conf->global->ACCOUNTING_ACCOUNT_CUSTOMER;
 					if ($tabtype[$key] == 'payment_supplier') $account_ledger = $conf->global->ACCOUNTING_ACCOUNT_SUPPLIER;
 					if ($tabtype[$key] == 'payment_expensereport') $account_ledger = $conf->global->SALARIES_ACCOUNTING_ACCOUNT_PAYMENT;
@@ -883,7 +926,11 @@ if (empty($action) || $action == 'view') {
 						{
 							if (empty($accounttoshowsubledger) || $accounttoshowsubledger == 'NotDefined')
 							{
-								print '<span class="error">'.$langs->trans("ThirdpartyAccountNotDefined").'</span>';
+								/*var_dump($tabpay[$key]);
+								var_dump($tabtype[$key]);
+								var_dump($tabbq[$key]);*/
+								//print '<span class="error">'.$langs->trans("ThirdpartyAccountNotDefined").'</span>';
+								print '<span class="error">'.$langs->trans("ThirdpartyAccountNotDefinedOrThirdPartyUnknown").'</span>';
 							}
 							else print $accounttoshowsubledger;
 						}
@@ -898,8 +945,9 @@ if (empty($action) || $action == 'view') {
 			}
 		} else {
 			foreach ( $tabbq[$key] as $k => $mt ) {
+				print '<!-- Wait bank.rowid='.$key.' -->';
 				print '<tr class="oddeven">';
-				print "<td><!-- Wait bank.rowid=".$key." --></td>";
+				print "<td></td>";
 				print "<td>" . $date . "</td>";
 				print "<td>" . $ref . "</td>";
 				// Ledger account
diff --git a/htdocs/langs/en_US/accountancy.lang b/htdocs/langs/en_US/accountancy.lang
index 757dbde1c0b..0ef6afd193a 100644
--- a/htdocs/langs/en_US/accountancy.lang
+++ b/htdocs/langs/en_US/accountancy.lang
@@ -54,7 +54,7 @@ AccountancyAreaDescContrib=STEP %s: Define default accounting accounts for speci
 AccountancyAreaDescDonation=STEP %s: Define default accounting accounts for donation. For this, use the menu entry %s.
 AccountancyAreaDescMisc=STEP %s: Define mandatory default account and default accounting accounts for miscellaneous transactions. For this, use the menu entry %s.
 AccountancyAreaDescLoan=STEP %s: Define default accounting accounts for loans. For this, use the menu entry %s. 
-AccountancyAreaDescBank=STEP %s: Define accounting accounts for each bank and financial accounts. For this, go on the card of each financial account. You can start from page %s.
+AccountancyAreaDescBank=STEP %s: Define accounting accounts and journal code for each bank and financial accounts. For this, go on the card of each financial account. You can start from page %s.
 AccountancyAreaDescProd=STEP %s: Define accounting accounts on your products/services. For this, use the menu entry %s.
 
 AccountancyAreaDescBind=STEP %s: Check the binding between existing %s lines and accounting account is done, so application will be able to journalize transactions in Ledger in one click. Complete missing bindings. For this, use the menu entry %s.
@@ -63,6 +63,7 @@ AccountancyAreaDescAnalyze=STEP %s: Add or edit existing transactions and genera
 
 AccountancyAreaDescClosePeriod=STEP %s: Close period so we can't make modification in a future.
 
+TheJournalCodeIsNotDefinedOnSomeBankAccount=A mandatory step in setup was not complete (accountancy code journal not defined for all bank accounts)
 MenuAccountancy=Accountancy
 Selectchartofaccounts=Select active chart of accounts
 ChangeAndLoad=Change and load

From 310e912a9d5ccb11f1777ca67aa1b190f3926b9c Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@capnetworks.com>
Date: Fri, 8 Sep 2017 19:57:59 +0200
Subject: [PATCH 9/9] Fix: missing parameters for filter and sort

---
 htdocs/societe/list.php | 162 ++++++++++++++++++++--------------------
 1 file changed, 81 insertions(+), 81 deletions(-)

diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php
index 7d7fa8baabb..c7506f31e08 100644
--- a/htdocs/societe/list.php
+++ b/htdocs/societe/list.php
@@ -208,63 +208,63 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e
 
 if (empty($reshook))
 {
-    // Selection of new fields
-    include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php';
+	// Selection of new fields
+	include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php';
 
-    // Did we click on purge search criteria ?
-    if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') || GETPOST('button_removefilter','alpha')) // All tests are required to be compatible with all browsers
-    {
-        $search_nom='';
-        $search_alias='';
-        $search_categ_cus=0;
-        $search_categ_sup=0;
-        $search_sale='';
-    	$search_barcode="";
-        $search_customer_code='';
-        $search_supplier_code='';
-        $search_account_customer_code='';
-        $search_account_supplier_code='';
-    	$search_town="";
-    	$search_zip="";
-    	$search_state="";
-    	$search_country='';
-    	$search_email='';
-    	$search_phone='';
-    	$search_url='';
-    	$search_idprof1='';
-    	$search_idprof2='';
-    	$search_idprof3='';
-    	$search_idprof4='';
-    	$search_idprof5='';
-    	$search_idprof6='';
-    	$search_type='';
-    	$search_type_thirdparty='';
-    	$search_status=-1;
-    	$search_stcomm='';
-     	$search_level_from='';
-     	$search_level_to='';
-     	$toselect='';
-    	$search_array_options=array();
-    }
+	// Did we click on purge search criteria ?
+	if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') || GETPOST('button_removefilter','alpha')) // All tests are required to be compatible with all browsers
+	{
+		$search_nom='';
+		$search_alias='';
+		$search_categ_cus=0;
+		$search_categ_sup=0;
+		$search_sale='';
+		$search_barcode="";
+		$search_customer_code='';
+		$search_supplier_code='';
+		$search_account_customer_code='';
+		$search_account_supplier_code='';
+		$search_town="";
+		$search_zip="";
+		$search_state="";
+		$search_country='';
+		$search_email='';
+		$search_phone='';
+		$search_url='';
+		$search_idprof1='';
+		$search_idprof2='';
+		$search_idprof3='';
+		$search_idprof4='';
+		$search_idprof5='';
+		$search_idprof6='';
+		$search_type='';
+		$search_type_thirdparty='';
+		$search_status=-1;
+		$search_stcomm='';
+		$search_level_from='';
+		$search_level_to='';
+		$toselect='';
+		$search_array_options=array();
+	}
 
-    // Mass actions
-    $objectclass='Societe';
-    $objectlabel='ThirdParty';
-    $permtoread = $user->rights->societe->lire;
-    $permtodelete = $user->rights->societe->supprimer;
-    $uploaddir = $conf->societe->dir_output;
-    include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
+	// Mass actions
+	$objectclass='Societe';
+	$objectlabel='ThirdParty';
+	$permtoread = $user->rights->societe->lire;
+	$permtodelete = $user->rights->societe->supprimer;
+	$uploaddir = $conf->societe->dir_output;
+	include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
 
-    if ($action == 'setstcomm')
-    {
-        $object = new Client($db);
-        $result=$object->fetch(GETPOST('stcommsocid'));
-        $object->stcomm_id=dol_getIdFromCode($db, GETPOST('stcomm','alpha'), 'c_stcomm');
-        $result=$object->update($object->id, $user);
-        if ($result < 0) setEventMessages($object->error,$object->errors,'errors');
+	if ($action == 'setstcomm')
+	{
+		$object = new Client($db);
+		$result=$object->fetch(GETPOST('stcommsocid'));
+		$object->stcomm_id=dol_getIdFromCode($db, GETPOST('stcomm','alpha'), 'c_stcomm');
+		$result=$object->update($object->id, $user);
+		if ($result < 0) setEventMessages($object->error,$object->errors,'errors');
 
-        $action='';
-    }
+		$action='';
+	}
 }
 
 if ($search_status=='') $search_status=1; // always display active thirdparty first
@@ -906,30 +906,30 @@ print '</td>';
 print "</tr>\n";
 
 print '<tr class="liste_titre">';
-if (! empty($arrayfields['s.nom']['checked']))                     print_liste_field_titre($arrayfields['s.nom']['label'], $_SERVER["PHP_SELF"],"s.nom","",$param,"",$sortfield,$sortorder);
-if (! empty($arrayfields['s.name_alias']['checked']))              print_liste_field_titre($arrayfields['s.name_alias']['label'], $_SERVER["PHP_SELF"],"s.name_alias","",$param,"",$sortfield,$sortorder);
-if (! empty($arrayfields['s.barcode']['checked']))                 print_liste_field_titre($arrayfields['s.barcode']['label'], $_SERVER["PHP_SELF"], "s.barcode",$param,'','',$sortfield,$sortorder);
-if (! empty($arrayfields['s.code_client']['checked']))             print_liste_field_titre($arrayfields['s.code_client']['label'],$_SERVER["PHP_SELF"],"s.code_client","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['s.code_fournisseur']['checked']))        print_liste_field_titre($arrayfields['s.code_fournisseur']['label'],$_SERVER["PHP_SELF"],"s.code_fournisseur","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['s.code_compta']['checked']))             print_liste_field_titre($arrayfields['s.code_compta']['label'],$_SERVER["PHP_SELF"],"s.code_compta","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['s.code_compta_fournisseur']['checked'])) print_liste_field_titre($arrayfields['s.code_compta_fournisseur']['label'],$_SERVER["PHP_SELF"],"s.code_compta_fournisseur","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['s.town']['checked']))           print_liste_field_titre($arrayfields['s.town']['label'],$_SERVER["PHP_SELF"],"s.town","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['s.zip']['checked']))            print_liste_field_titre($arrayfields['s.zip']['label'],$_SERVER["PHP_SELF"],"s.zip","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['state.nom']['checked']))        print_liste_field_titre($arrayfields['state.nom']['label'],$_SERVER["PHP_SELF"],"state.nom","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['country.code_iso']['checked'])) print_liste_field_titre($arrayfields['country.code_iso']['label'],$_SERVER["PHP_SELF"],"country.code_iso","",$param,'align="center"',$sortfield,$sortorder);
-if (! empty($arrayfields['typent.code']['checked']))      print_liste_field_titre($arrayfields['typent.code']['label'],$_SERVER["PHP_SELF"],"typent.code","",$param,'align="center"',$sortfield,$sortorder);
-if (! empty($arrayfields['s.email']['checked']))          print_liste_field_titre($arrayfields['s.email']['label'],$_SERVER["PHP_SELF"],"s.email","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['s.phone']['checked']))          print_liste_field_titre($arrayfields['s.phone']['label'],$_SERVER["PHP_SELF"],"s.phone","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['s.url']['checked']))            print_liste_field_titre($arrayfields['s.url']['label'],$_SERVER["PHP_SELF"],"s.url","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['s.siren']['checked']))          print_liste_field_titre($form->textwithpicto($langs->trans("ProfId1Short"),$textprofid[1],1,0),$_SERVER["PHP_SELF"],"s.siren","",$param,'class="nowrap"',$sortfield,$sortorder);
-if (! empty($arrayfields['s.siret']['checked']))          print_liste_field_titre($form->textwithpicto($langs->trans("ProfId2Short"),$textprofid[2],1,0),$_SERVER["PHP_SELF"],"s.siret","",$param,'class="nowrap"',$sortfield,$sortorder);
-if (! empty($arrayfields['s.ape']['checked']))            print_liste_field_titre($form->textwithpicto($langs->trans("ProfId3Short"),$textprofid[3],1,0),$_SERVER["PHP_SELF"],"s.ape","",$param,'class="nowrap"',$sortfield,$sortorder);
-if (! empty($arrayfields['s.idprof4']['checked']))        print_liste_field_titre($form->textwithpicto($langs->trans("ProfId4Short"),$textprofid[4],1,0),$_SERVER["PHP_SELF"],"s.idprof4","",$param,'class="nowrap"',$sortfield,$sortorder);
-if (! empty($arrayfields['s.idprof5']['checked']))        print_liste_field_titre($form->textwithpicto($langs->trans("ProfId5Short"),$textprofid[4],1,0),$_SERVER["PHP_SELF"],"s.idprof5","",$param,'class="nowrap"',$sortfield,$sortorder);
-if (! empty($arrayfields['s.idprof6']['checked']))        print_liste_field_titre($form->textwithpicto($langs->trans("ProfId6Short"),$textprofid[4],1,0),$_SERVER["PHP_SELF"],"s.idprof6","",$param,'class="nowrap"',$sortfield,$sortorder);
-if (! empty($arrayfields['customerorsupplier']['checked']))        print_liste_field_titre('');   // type of customer
-if (! empty($arrayfields['s.fk_prospectlevel']['checked']))        print_liste_field_titre($arrayfields['s.fk_prospectlevel']['label'],$_SERVER["PHP_SELF"],"s.fk_prospectlevel","",$param,'align="center"',$sortfield,$sortorder);
-if (! empty($arrayfields['s.fk_stcomm']['checked']))               print_liste_field_titre($arrayfields['s.fk_stcomm']['label'],$_SERVER["PHP_SELF"],"s.fk_stcomm","",$param,'align="center"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.nom']['checked']))						print_liste_field_titre($arrayfields['s.nom']['label'], $_SERVER["PHP_SELF"],"s.nom","",$param,"",$sortfield,$sortorder);
+if (! empty($arrayfields['s.name_alias']['checked']))					print_liste_field_titre($arrayfields['s.name_alias']['label'], $_SERVER["PHP_SELF"],"s.name_alias","",$param,"",$sortfield,$sortorder);
+if (! empty($arrayfields['s.barcode']['checked']))					print_liste_field_titre($arrayfields['s.barcode']['label'], $_SERVER["PHP_SELF"], "s.barcode",$param,'','',$sortfield,$sortorder);
+if (! empty($arrayfields['s.code_client']['checked']))				print_liste_field_titre($arrayfields['s.code_client']['label'],$_SERVER["PHP_SELF"],"s.code_client","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['s.code_fournisseur']['checked']))			print_liste_field_titre($arrayfields['s.code_fournisseur']['label'],$_SERVER["PHP_SELF"],"s.code_fournisseur","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['s.code_compta']['checked']))				print_liste_field_titre($arrayfields['s.code_compta']['label'],$_SERVER["PHP_SELF"],"s.code_compta","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['s.code_compta_fournisseur']['checked']))	print_liste_field_titre($arrayfields['s.code_compta_fournisseur']['label'],$_SERVER["PHP_SELF"],"s.code_compta_fournisseur","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['s.town']['checked']))						print_liste_field_titre($arrayfields['s.town']['label'],$_SERVER["PHP_SELF"],"s.town","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['s.zip']['checked']))						print_liste_field_titre($arrayfields['s.zip']['label'],$_SERVER["PHP_SELF"],"s.zip","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['state.nom']['checked']))					print_liste_field_titre($arrayfields['state.nom']['label'],$_SERVER["PHP_SELF"],"state.nom","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['country.code_iso']['checked']))				print_liste_field_titre($arrayfields['country.code_iso']['label'],$_SERVER["PHP_SELF"],"country.code_iso","",$param,'align="center"',$sortfield,$sortorder);
+if (! empty($arrayfields['typent.code']['checked']))					print_liste_field_titre($arrayfields['typent.code']['label'],$_SERVER["PHP_SELF"],"typent.code","",$param,'align="center"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.email']['checked']))						print_liste_field_titre($arrayfields['s.email']['label'],$_SERVER["PHP_SELF"],"s.email","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['s.phone']['checked']))						print_liste_field_titre($arrayfields['s.phone']['label'],$_SERVER["PHP_SELF"],"s.phone","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['s.url']['checked']))						print_liste_field_titre($arrayfields['s.url']['label'],$_SERVER["PHP_SELF"],"s.url","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['s.siren']['checked']))						print_liste_field_titre($form->textwithpicto($langs->trans("ProfId1Short"),$textprofid[1],1,0),$_SERVER["PHP_SELF"],"s.siren","",$param,'class="nowrap"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.siret']['checked']))						print_liste_field_titre($form->textwithpicto($langs->trans("ProfId2Short"),$textprofid[2],1,0),$_SERVER["PHP_SELF"],"s.siret","",$param,'class="nowrap"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.ape']['checked']))						print_liste_field_titre($form->textwithpicto($langs->trans("ProfId3Short"),$textprofid[3],1,0),$_SERVER["PHP_SELF"],"s.ape","",$param,'class="nowrap"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.idprof4']['checked']))					print_liste_field_titre($form->textwithpicto($langs->trans("ProfId4Short"),$textprofid[4],1,0),$_SERVER["PHP_SELF"],"s.idprof4","",$param,'class="nowrap"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.idprof5']['checked']))					print_liste_field_titre($form->textwithpicto($langs->trans("ProfId5Short"),$textprofid[4],1,0),$_SERVER["PHP_SELF"],"s.idprof5","",$param,'class="nowrap"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.idprof6']['checked']))					print_liste_field_titre($form->textwithpicto($langs->trans("ProfId6Short"),$textprofid[4],1,0),$_SERVER["PHP_SELF"],"s.idprof6","",$param,'class="nowrap"',$sortfield,$sortorder);
+if (! empty($arrayfields['customerorsupplier']['checked']))			print_liste_field_titre('');   // type of customer
+if (! empty($arrayfields['s.fk_prospectlevel']['checked']))			print_liste_field_titre($arrayfields['s.fk_prospectlevel']['label'],$_SERVER["PHP_SELF"],"s.fk_prospectlevel","",$param,'align="center"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.fk_stcomm']['checked']))					print_liste_field_titre($arrayfields['s.fk_stcomm']['label'],$_SERVER["PHP_SELF"],"s.fk_stcomm","",$param,'align="center"',$sortfield,$sortorder);
 // Extra fields
 if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label))
 {
@@ -945,12 +945,12 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab
     }
 }
 // Hook fields
-$parameters=array('arrayfields'=>$arrayfields);
+$parameters=array('arrayfields'=>$arrayfields,'param'=>$param,'sortfield'=>$sortfield,'sortorder'=>$sortorder);
 $reshook=$hookmanager->executeHooks('printFieldListTitle',$parameters);    // Note that $action and $object may have been modified by hook
 print $hookmanager->resPrint;
-if (! empty($arrayfields['s.datec']['checked']))  print_liste_field_titre($arrayfields['s.datec']['label'],$_SERVER["PHP_SELF"],"s.datec","",$param,'align="center" class="nowrap"',$sortfield,$sortorder);
-if (! empty($arrayfields['s.tms']['checked']))    print_liste_field_titre($arrayfields['s.tms']['label'],$_SERVER["PHP_SELF"],"s.tms","",$param,'align="center" class="nowrap"',$sortfield,$sortorder);
-if (! empty($arrayfields['s.status']['checked'])) print_liste_field_titre($arrayfields['s.status']['label'],$_SERVER["PHP_SELF"],"s.status","",$param,'align="center"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.datec']['checked']))		print_liste_field_titre($arrayfields['s.datec']['label'],$_SERVER["PHP_SELF"],"s.datec","",$param,'align="center" class="nowrap"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.tms']['checked']))		print_liste_field_titre($arrayfields['s.tms']['label'],$_SERVER["PHP_SELF"],"s.tms","",$param,'align="center" class="nowrap"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.status']['checked']))		print_liste_field_titre($arrayfields['s.status']['label'],$_SERVER["PHP_SELF"],"s.status","",$param,'align="center"',$sortfield,$sortorder);
 print_liste_field_titre($selectedfields, $_SERVER["PHP_SELF"],"",'','','align="center"',$sortfield,$sortorder,'maxwidthsearch ');
 print "</tr>\n";