From b0bac770e555864c01539a7b760321920ac93504 Mon Sep 17 00:00:00 2001
From: BENKE Charlie <charles.fr@benke.fr>
Date: Thu, 25 May 2017 08:07:11 +0200
Subject: [PATCH 01/12] menu descriptor must be only present in main

If we add the same menu descriptor
the additionnal menu are added on the second, not the main
I propose to suppress it OR change "customers_bills" as "customers_bills_list" who allow to add some menu as sub-menu
---
 htdocs/core/menus/standard/eldy.lib.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php
index 521fd6831f2..25ab9e9c154 100644
--- a/htdocs/core/menus/standard/eldy.lib.php
+++ b/htdocs/core/menus/standard/eldy.lib.php
@@ -802,7 +802,7 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu
 				$langs->load("bills");
 				$newmenu->add("/compta/facture/list.php?leftmenu=customers_bills",$langs->trans("BillsCustomers"),0,$user->rights->facture->lire, '', $mainmenu, 'customers_bills');
 				$newmenu->add("/compta/facture/card.php?action=create",$langs->trans("NewBill"),1,$user->rights->facture->creer);
-				$newmenu->add("/compta/facture/list.php?leftmenu=customers_bills",$langs->trans("List"),1,$user->rights->facture->lire, '', $mainmenu, 'customers_bills');
+				$newmenu->add("/compta/facture/list.php?leftmenu=customers_bills",$langs->trans("List"),1,$user->rights->facture->lire);
 
 				if ($usemenuhider || empty($leftmenu) || preg_match('/customers_bills/', $leftmenu))
 				{
@@ -830,7 +830,7 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu
 				$langs->load("bills");
 				$newmenu->add("/fourn/facture/list.php?leftmenu=suppliers_bills", $langs->trans("BillsSuppliers"),0,$user->rights->fournisseur->facture->lire, '', $mainmenu, 'suppliers_bills');
 				$newmenu->add("/fourn/facture/card.php?action=create",$langs->trans("NewBill"),1,$user->rights->fournisseur->facture->creer);
-				$newmenu->add("/fourn/facture/list.php?leftmenu=suppliers_bills", $langs->trans("List"),1,$user->rights->fournisseur->facture->lire, '', $mainmenu, 'suppliers_bills');
+				$newmenu->add("/fourn/facture/list.php?leftmenu=suppliers_bills", $langs->trans("List"),1,$user->rights->fournisseur->facture->lire);
 
 				if ($usemenuhider || empty($leftmenu) || preg_match('/suppliers_bills/', $leftmenu)) {
 					$newmenu->add("/fourn/facture/list.php?leftmenu=suppliers_bills_draft&amp;search_status=0", $langs->trans("BillShortStatusDraft"),2,$user->rights->fournisseur->facture->lire, '', $mainmenu, 'suppliers_bills_draft');

From 4c382f94e1698b4a7abecfd3b5ae5c092742894a Mon Sep 17 00:00:00 2001
From: BENKE Charlie <charles.fr@benke.fr>
Date: Mon, 29 May 2017 10:39:02 +0200
Subject: [PATCH 02/12] Changes done

---
 htdocs/core/menus/standard/eldy.lib.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php
index 25ab9e9c154..54fdae3aba0 100644
--- a/htdocs/core/menus/standard/eldy.lib.php
+++ b/htdocs/core/menus/standard/eldy.lib.php
@@ -802,7 +802,7 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu
 				$langs->load("bills");
 				$newmenu->add("/compta/facture/list.php?leftmenu=customers_bills",$langs->trans("BillsCustomers"),0,$user->rights->facture->lire, '', $mainmenu, 'customers_bills');
 				$newmenu->add("/compta/facture/card.php?action=create",$langs->trans("NewBill"),1,$user->rights->facture->creer);
-				$newmenu->add("/compta/facture/list.php?leftmenu=customers_bills",$langs->trans("List"),1,$user->rights->facture->lire);
+				$newmenu->add("/compta/facture/list.php?leftmenu=customers_bills",$langs->trans("List"),1,$user->rights->facture->lire'customers_bills_list');
 
 				if ($usemenuhider || empty($leftmenu) || preg_match('/customers_bills/', $leftmenu))
 				{
@@ -830,7 +830,7 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu
 				$langs->load("bills");
 				$newmenu->add("/fourn/facture/list.php?leftmenu=suppliers_bills", $langs->trans("BillsSuppliers"),0,$user->rights->fournisseur->facture->lire, '', $mainmenu, 'suppliers_bills');
 				$newmenu->add("/fourn/facture/card.php?action=create",$langs->trans("NewBill"),1,$user->rights->fournisseur->facture->creer);
-				$newmenu->add("/fourn/facture/list.php?leftmenu=suppliers_bills", $langs->trans("List"),1,$user->rights->fournisseur->facture->lire);
+				$newmenu->add("/fourn/facture/list.php?leftmenu=suppliers_bills", $langs->trans("List"),1,$user->rights->fournisseur->facture->lire, 'suppliers_bills_list');
 
 				if ($usemenuhider || empty($leftmenu) || preg_match('/suppliers_bills/', $leftmenu)) {
 					$newmenu->add("/fourn/facture/list.php?leftmenu=suppliers_bills_draft&amp;search_status=0", $langs->trans("BillShortStatusDraft"),2,$user->rights->fournisseur->facture->lire, '', $mainmenu, 'suppliers_bills_draft');

From b74a0dd5fd448ea00985693a75f650d45a4e3771 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 29 May 2017 12:06:26 +0200
Subject: [PATCH 03/12] Look and feel v6

---
 htdocs/accountancy/bookkeeping/balance.php | 6 +++---
 htdocs/accountancy/expensereport/index.php | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/htdocs/accountancy/bookkeeping/balance.php b/htdocs/accountancy/bookkeeping/balance.php
index 3111707cff6..34db60f7a0f 100644
--- a/htdocs/accountancy/bookkeeping/balance.php
+++ b/htdocs/accountancy/bookkeeping/balance.php
@@ -98,7 +98,7 @@ if (! empty($search_accountancy_code_end)) {
  * Action
  */
 
-if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter.x") || GETPOST("button_removefilter")) // Both test are required to be compatible with all browsers
+if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter.x") || GETPOST("button_removefilter")) // All tests are required to be compatible with all browsers
 {
     $search_accountancy_code_start = '';
     $search_accountancy_code_end = '';
@@ -137,7 +137,7 @@ if ($action == 'export_csv') {
 }
 
 else {
-    $title_page = $langs->trans("AccountBalance") . ' ' . dol_print_date($search_date_start) . '-' . dol_print_date($search_date_end);
+    $title_page = $langs->trans("AccountBalance") . (($search_date_start || $search_date_end) ? ' ' . dol_print_date($search_date_start) . '-' . dol_print_date($search_date_end) : '');
     
     llxHeader('', $title_page);
     
@@ -160,7 +160,7 @@ else {
     print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
     
     $button = '<input type="submit" name="button_export_csv" class="butAction" value="' . $langs->trans("Export") . '" />';
-    print_barre_liste($title_page, $page, $_SERVER["PHP_SELF"], $options, $sortfield, $sortorder, '', $result, 0, 'title_accountancy', 0, $button);
+    print_barre_liste($title_page, $page, $_SERVER["PHP_SELF"], $options, $sortfield, $sortorder, '', $result, $result, 'title_accountancy', 0, $button);
     
     
     $moreforfilter = '';
diff --git a/htdocs/accountancy/expensereport/index.php b/htdocs/accountancy/expensereport/index.php
index a38194356bd..c062d4e09c2 100644
--- a/htdocs/accountancy/expensereport/index.php
+++ b/htdocs/accountancy/expensereport/index.php
@@ -167,7 +167,7 @@ print '<br>';
 
 //print '<div class="inline-block divButAction">';
 // TODO Remove this. Should be done always.
-if ($conf->global->MAIN_FEATURES_LEVEL > 0) print '<a class="butActionDelete" href="' . $_SERVER['PHP_SELF'] . '?year=' . $year_current . '&action=fixaccountancycode">' . $langs->trans("CleanFixHistory", $year_current) . '</a>';
+if ($conf->global->MAIN_FEATURES_LEVEL > 1) print '<a class="butActionDelete" href="' . $_SERVER['PHP_SELF'] . '?year=' . $year_current . '&action=fixaccountancycode">' . $langs->trans("CleanFixHistory", $year_current) . '</a>';
 //print '</div>';
 
 

From 6f723490c25291435ebb50495925139d7ff48214 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 29 May 2017 12:58:23 +0200
Subject: [PATCH 04/12] Fix syntax error

---
 htdocs/core/menus/standard/eldy.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php
index 54fdae3aba0..6248f294476 100644
--- a/htdocs/core/menus/standard/eldy.lib.php
+++ b/htdocs/core/menus/standard/eldy.lib.php
@@ -802,7 +802,7 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu
 				$langs->load("bills");
 				$newmenu->add("/compta/facture/list.php?leftmenu=customers_bills",$langs->trans("BillsCustomers"),0,$user->rights->facture->lire, '', $mainmenu, 'customers_bills');
 				$newmenu->add("/compta/facture/card.php?action=create",$langs->trans("NewBill"),1,$user->rights->facture->creer);
-				$newmenu->add("/compta/facture/list.php?leftmenu=customers_bills",$langs->trans("List"),1,$user->rights->facture->lire'customers_bills_list');
+				$newmenu->add("/compta/facture/list.php?leftmenu=customers_bills",$langs->trans("List"),1,$user->rights->facture->lire, '', $mainmenu, 'customers_bills_list');
 
 				if ($usemenuhider || empty($leftmenu) || preg_match('/customers_bills/', $leftmenu))
 				{

From 7066ec7dabeb311880b18afd755dc7d52628afda Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 29 May 2017 13:19:45 +0200
Subject: [PATCH 05/12] NEW Can clone expense report on another user

---
 htdocs/expensereport/card.php                 | 38 ++++++++++---------
 .../class/expensereport.class.php             | 12 +++---
 htdocs/expensereport/payment/payment.php      |  9 ++---
 htdocs/langs/en_US/main.lang                  |  1 +
 htdocs/langs/en_US/trips.lang                 |  2 +-
 5 files changed, 32 insertions(+), 30 deletions(-)

diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php
index 1dbcbfc1335..dff27139581 100644
--- a/htdocs/expensereport/card.php
+++ b/htdocs/expensereport/card.php
@@ -156,10 +156,10 @@ if (empty($reshook))
         {
             if ($object->id > 0)
             {
-                // Because createFromClone modifies the object, we must clone it so that we can restore it later
+                // Because createFromClone modifies the object, we must clone it so that we can restore it later if it fails
                 $orig = clone $object;
     
-                $result=$object->createFromClone($socid);
+                $result=$object->createFromClone(GETPOST('fk_user_author','int'));
                 if ($result > 0)
                 {
                     header("Location: ".$_SERVER['PHP_SELF'].'?id='.$result);
@@ -1448,8 +1448,11 @@ else
 				print '<td>'.$langs->trans("User").'</td>';
 				print '<td>';
 				$userfee=new User($db);
-				$userfee->fetch($object->fk_user_author);
-				print $userfee->getNomUrl(-1);
+				if ($object->fk_user_author > 0)
+				{
+				    $userfee->fetch($object->fk_user_author);
+				    print $userfee->getNomUrl(-1);
+				}
 				print '</td></tr>';
 
             	// Ref
@@ -1536,12 +1539,11 @@ else
 				// Clone confirmation
 				if ($action == 'clone') {
 				    // Create an array for form
+				    $criteriaforfilter='hierarchyme';
+				    if (! empty($user->rights->expensereport->readall)) $criteriaforfilter='';
 				    $formquestion = array(
-				        // 'text' => $langs->trans("ConfirmClone"),
-				        // array('type' => 'checkbox', 'name' => 'clone_content', 'label' => $langs->trans("CloneMainAttributes"), 'value' =>
-				        // 1),
-				        // array('type' => 'checkbox', 'name' => 'update_prices', 'label' => $langs->trans("PuttingPricesUpToDate"), 'value'
-				        // => 1),
+				        'text' => '',
+				        array('type' => 'other','name' => 'fk_user_author','label' => $langs->trans("SelectTargetUser"),'value' => $form->select_dolusers((GETPOST('fk_user_author', 'int')> 0 ? GETPOST('fk_user_author', 'int') : $user->id), 'fk_user_author', 0, null, 0, $criteriaforfilter))
                     );
 				    // Paiement incomplet. On demande si motif = escompte ou autre
 				    $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"] . '?id=' . $object->id, $langs->trans('CloneExpenseReport'), $langs->trans('ConfirmCloneExpenseReport', $object->ref), 'confirm_clone', $formquestion, 'yes', 1);
@@ -1658,7 +1660,7 @@ else
 				    $userauthor=new User($db);
 				    $result=$userauthor->fetch($object->fk_user_author);
 				    if ($result < 0) dol_print_error('',$userauthor->error);
-				    print $userauthor->getNomUrl(-1);
+				    elseif ($result > 0) print $userauthor->getNomUrl(-1);
 				}
 				print '</td></tr>';
 
@@ -1694,8 +1696,8 @@ else
 					if ($object->fk_user_validator > 0)
 					{
 						$userfee=new User($db);
-						$userfee->fetch($object->fk_user_validator);
-						print $userfee->getNomUrl(-1);
+						$result = $userfee->fetch($object->fk_user_validator);
+						if ($result > 0) print $userfee->getNomUrl(-1);
 						if (empty($userfee->email) || ! isValidEmail($userfee->email)) 
 						{
 						    $langs->load("errors");
@@ -1712,8 +1714,8 @@ else
 					if ($object->fk_user_cancel > 0)
 					{
 						$userfee=new User($db);
-						$userfee->fetch($object->fk_user_cancel);
-						print $userfee->getNomUrl(-1);
+						$result = $userfee->fetch($object->fk_user_cancel);
+						if ($result > 0) print $userfee->getNomUrl(-1);
 					}
 					print '</td></tr>';
 
@@ -1734,8 +1736,8 @@ else
 					if ($object->fk_user_approve > 0)
 					{
 						$userapp=new User($db);
-						$userapp->fetch($object->fk_user_approve);
-						print $userapp->getNomUrl(-1);
+						$result = $userapp->fetch($object->fk_user_approve);
+						if ($result > 0) print $userapp->getNomUrl(-1);
 					}
 					print '</td></tr>';
 
@@ -1751,8 +1753,8 @@ else
 					print '<td>'.$langs->trans("REFUSEUR").'</td>';
 					print '<td>';
 					$userfee=new User($db);
-					$userfee->fetch($object->fk_user_refuse);
-					print $userfee->getNomUrl(-1);
+					$result = $userfee->fetch($object->fk_user_refuse);
+					if ($result > 0) print $userfee->getNomUrl(-1);
 					print '</td></tr>';
 
 					print '<tr>';
diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php
index eb16583df26..d62de0596e1 100644
--- a/htdocs/expensereport/class/expensereport.class.php
+++ b/htdocs/expensereport/class/expensereport.class.php
@@ -256,17 +256,19 @@ class ExpenseReport extends CommonObject
     /**
      *	Load an object from its id and create a new one in database
      *
-     *	@param		int			$socid			Id of thirdparty
-     *	@return		int							New id of clone
+     *	@param		int			$fk_user_author		  Id of new user
+     *	@return		int							      New id of clone
      */
-    function createFromClone($socid=0)
+    function createFromClone($fk_user_author)
     {
         global $user,$hookmanager;
     
         $error=0;
     
+        if (empty($fk_user_author)) $fk_user_author = $user->id;
+        
         $this->context['createfromclone'] = 'createfromclone';
-    
+        
         $this->db->begin();
     
         // get extrafields so they will be clone
@@ -282,7 +284,7 @@ class ExpenseReport extends CommonObject
         $this->fk_statut=0;
 
         // Clear fields
-        $this->fk_user_author     = $user->id;     // Note fk_user_author is not the 'author' but the guy the expense report is for.
+        $this->fk_user_author     = $fk_user_author;     // Note fk_user_author is not the 'author' but the guy the expense report is for.
         $this->fk_user_valid      = '';
         $this->date_create  	  = '';
         $this->date_creation      = '';
diff --git a/htdocs/expensereport/payment/payment.php b/htdocs/expensereport/payment/payment.php
index cb81598fc83..fdac304ffcb 100644
--- a/htdocs/expensereport/payment/payment.php
+++ b/htdocs/expensereport/payment/payment.php
@@ -29,6 +29,7 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
 
 $langs->load("bills");
 $langs->load("banks");
+$langs->load("trips");
 
 $chid=GETPOST("id",'int');
 $ref=GETPOST('ref','alpha');
@@ -285,16 +286,11 @@ if ($action == 'create' || empty($action))
 	{
 		$objp = $expensereport;
 
-		
-
 		print '<tr class="oddeven">';
 
 		print '<td align="right">'.price($objp->total_ttc)."</td>";
-
 		print '<td align="right">'.price($sumpaid)."</td>";
-
 		print '<td align="right">'.price($objp->total_ttc - $sumpaid)."</td>";
-
 		print '<td align="center">';
 		if ($sumpaid < $objp->total_ttc)
 		{
@@ -308,6 +304,7 @@ if ($action == 'create' || empty($action))
 		print "</td>";
 
 		print "</tr>\n";
+		
 		$total+=$objp->total;
 		$total_ttc+=$objp->total_ttc;
 		$totalrecu+=$objp->am;
@@ -316,7 +313,7 @@ if ($action == 'create' || empty($action))
 	if ($i > 1)
 	{
 		// Print total
-		print "<tr ".$bc[!$var].">";
+		print '<tr class="oddeven">';
 		print '<td colspan="2" align="left">'.$langs->trans("Total").':</td>';
 		print "<td align=\"right\"><b>".price($total_ttc)."</b></td>";
 		print "<td align=\"right\"><b>".price($totalrecu)."</b></td>";
diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang
index 96973ad1b46..1ff0b9a9aa4 100644
--- a/htdocs/langs/en_US/main.lang
+++ b/htdocs/langs/en_US/main.lang
@@ -715,6 +715,7 @@ from=from
 toward=toward
 Access=Access
 SelectAction=Select action
+SelectTargetUser=Select target user/employee
 HelpCopyToClipboard=Use Ctrl+C to copy to clipboard
 SaveUploadedFileWithMask=Save file on server with name "<strong>%s</strong>" (otherwise "%s")
 OriginFileName=Original filename
diff --git a/htdocs/langs/en_US/trips.lang b/htdocs/langs/en_US/trips.lang
index 9c6902d3279..a51a392499b 100644
--- a/htdocs/langs/en_US/trips.lang
+++ b/htdocs/langs/en_US/trips.lang
@@ -88,5 +88,5 @@ NoTripsToExportCSV=No expense report to export for this period.
 ExpenseReportPayment=Expense report payment
 ExpenseReportsToApprove=Expense reports to approve
 ExpenseReportsToPay=Expense reports to pay
-CloneExpenseReport=Clone expese report
+CloneExpenseReport=Clone expense report
 ConfirmCloneExpenseReport=Are you sure you want to clone this expense report ?
\ No newline at end of file

From c26e072694190a73800268c25b178a4c541a3f6a Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 29 May 2017 13:29:27 +0200
Subject: [PATCH 06/12] Code comment

---
 test/phpunit/CodingPhpTest.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php
index 159323a9e83..dbd02ffdfc9 100644
--- a/test/phpunit/CodingPhpTest.php
+++ b/test/phpunit/CodingPhpTest.php
@@ -157,6 +157,7 @@ class CodingPhpTest extends PHPUnit_Framework_TestCase
             
             $ok=true;
             $matches=array();
+            // Check string   ='".$this->xxx   with xxx that is not 'escape'. It means we forget a db->escape when forging sql request.
             preg_match_all('/=\s*\'"\s*\.\s*\$this->(....)/', $filecontent, $matches, PREG_SET_ORDER);
             foreach($matches as $key => $val)
             {

From 85e0ded5736742b376352536db6d88047afe26fc Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 29 May 2017 13:35:51 +0200
Subject: [PATCH 07/12] FIX #6881

---
 htdocs/install/upgrade2.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php
index 4646c3b6eb9..264a45bca91 100644
--- a/htdocs/install/upgrade2.php
+++ b/htdocs/install/upgrade2.php
@@ -468,11 +468,11 @@ if (! GETPOST('action','aZ09') || preg_match('/upgrade/i',GETPOST('action','aZ09
         $db->close();
 
 
-        // Actions for all version (not in database)
+        // Actions for all versions (not in database)
         migrate_delete_old_files($db, $langs, $conf);
-
         migrate_delete_old_dir($db, $langs, $conf);
         
+        
         dol_mkdir(DOL_DATA_ROOT.'/bank');
         migrate_directories($db, $langs, $conf, '/banque/bordereau', '/bank/checkdeposits');
     }
@@ -3941,7 +3941,11 @@ function migrate_delete_old_files($db,$langs,$conf)
     DOL_DOCUMENT_ROOT.'/core/modules/mailings/poire.modules.php',
     DOL_DOCUMENT_ROOT.'/core/modules/mailings/kiwi.modules.php',
     DOL_DOCUMENT_ROOT.'/core/modules/facture/pdf_crabe.modules.php',
-    DOL_DOCUMENT_ROOT.'/core/modules/facture/pdf_oursin.modules.php'
+    DOL_DOCUMENT_ROOT.'/core/modules/facture/pdf_oursin.modules.php',
+    
+    DOL_DOCUMENT_ROOT.'/compta/facture/class/api_invoice.class.php',
+    DOL_DOCUMENT_ROOT.'/commande/class/api_commande.class.php',
+    DOL_DOCUMENT_ROOT.'/user/class/api_user.class.php'
     );
 
     foreach ($filetodeletearray as $filetodelete)

From 482494236971b600f7776761161a2cb484eff179 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 29 May 2017 13:39:07 +0200
Subject: [PATCH 08/12] FIX #6877

---
 htdocs/install/mysql/migration/5.0.0-6.0.0.sql | 1 +
 htdocs/install/mysql/tables/llx_projet.sql     | 1 +
 2 files changed, 2 insertions(+)

diff --git a/htdocs/install/mysql/migration/5.0.0-6.0.0.sql b/htdocs/install/mysql/migration/5.0.0-6.0.0.sql
index 85c1ff61017..f8b638b079a 100644
--- a/htdocs/install/mysql/migration/5.0.0-6.0.0.sql
+++ b/htdocs/install/mysql/migration/5.0.0-6.0.0.sql
@@ -104,6 +104,7 @@ ALTER TABLE llx_c_email_templates ADD COLUMN content_lines text;
 ALTER TABLE llx_loan ADD COLUMN fk_projet integer DEFAULT NULL;
 
 ALTER TABLE llx_holiday ADD COLUMN fk_user_modif integer;
+ALTER TABLE llx_projet ADD COLUMN fk_user_modif integer;
 
 ALTER TABLE llx_projet_task_time ADD COLUMN datec date;
 ALTER TABLE llx_projet_task_time ADD COLUMN tms timestamp;
diff --git a/htdocs/install/mysql/tables/llx_projet.sql b/htdocs/install/mysql/tables/llx_projet.sql
index d50547b711b..8ca404d3a0e 100644
--- a/htdocs/install/mysql/tables/llx_projet.sql
+++ b/htdocs/install/mysql/tables/llx_projet.sql
@@ -30,6 +30,7 @@ create table llx_projet
   title            varchar(255) NOT NULL,
   description      text,
   fk_user_creat    integer NOT NULL,			-- createur du projet
+  fk_user_modif    integer,
   public           integer,						-- project is public or not
   fk_statut        integer DEFAULT 0 NOT NULL,	-- open or close
   fk_opp_status    integer DEFAULT NULL,	        -- if project is used to manage opportunities

From ae6c58fb579c25e13580728d5162f758fcd0ab4c Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 29 May 2017 14:16:09 +0200
Subject: [PATCH 09/12] FIX #6808

---
 htdocs/compta/facture/card.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php
index e6278d1fc6a..b739e551b9d 100644
--- a/htdocs/compta/facture/card.php
+++ b/htdocs/compta/facture/card.php
@@ -4186,7 +4186,7 @@ else if ($id > 0 || ! empty($ref))
 			{
 				if (! $objectidnext && count($object->lines) > 0)
 				{
-					print '<div class="inline-block divButAction"><a class="butAction" href="facture/fiche-rec.php?facid=' . $object->id . '&amp;action=create">' . $langs->trans("ChangeIntoRepeatableInvoice") . '</a></div>';
+					print '<div class="inline-block divButAction"><a class="butAction" href="'.DOL_URL_ROOT.'/compta/facture/fiche-rec.php.php?facid=' . $object->id . '&amp;action=create">' . $langs->trans("ChangeIntoRepeatableInvoice") . '</a></div>';
 				}
 			}
 

From c71488e58bb3beddd2b3c161a6f770e85ce8111e Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 29 May 2017 15:09:13 +0200
Subject: [PATCH 10/12] Removed deprecated code

---
 htdocs/core/lib/security2.lib.php  | 1 -
 htdocs/core/lib/usergroups.lib.php | 1 -
 htdocs/main.inc.php                | 7 ++++---
 htdocs/user/passwordforgotten.php  | 1 -
 4 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php
index b6b8d4ddd72..3f41e74b7f6 100644
--- a/htdocs/core/lib/security2.lib.php
+++ b/htdocs/core/lib/security2.lib.php
@@ -156,7 +156,6 @@ function dol_loginfunction($langs,$conf,$mysoc)
 
 	// Note: $conf->css looks like '/theme/eldy/style.css.php'
 	$conf->css = "/theme/".(GETPOST('theme','alpha')?GETPOST('theme','alpha'):$conf->theme)."/style.css.php";
-	//$themepath=dol_buildpath((empty($conf->global->MAIN_FORCETHEMEDIR)?'':$conf->global->MAIN_FORCETHEMEDIR).$conf->css,1);
 	$themepath=dol_buildpath($conf->css,1);
 	if (! empty($conf->modules_parts['theme']))		// Using this feature slow down application
 	{
diff --git a/htdocs/core/lib/usergroups.lib.php b/htdocs/core/lib/usergroups.lib.php
index 3086e7d264a..1c919237f44 100644
--- a/htdocs/core/lib/usergroups.lib.php
+++ b/htdocs/core/lib/usergroups.lib.php
@@ -326,7 +326,6 @@ function show_theme($fuser,$edit=0,$foruserprofile=false)
 
     $formother = new FormOther($db);
 
-    //$dirthemes=array(empty($conf->global->MAIN_FORCETHEMEDIR)?'/theme':$conf->global->MAIN_FORCETHEMEDIR.'/theme');
     $dirthemes=array('/theme');
     if (! empty($conf->modules_parts['theme']))		// Using this feature slow down application
     {
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index da9e65f47ce..730c2caba4a 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -1005,8 +1005,10 @@ function top_httphead($contenttype='text/html')
 
     if ($contenttype == 'text/html' ) header("Content-Type: text/html; charset=".$conf->file->character_set_client);
     else header("Content-Type: ".$contenttype);
-    header("X-Content-Type-Options: nosniff");
-    header("X-Frame-Options: SAMEORIGIN");
+    // Security options
+    header("X-Content-Type-Options: nosniff");  // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on)
+    header("X-Frame-Options: SAMEORIGIN");      // Frames allowed only if on same domain (stop some XSS attacks)
+    // TODO Content-Security-Policy
     
     // On the fly GZIP compression for all pages (if browser support it). Must set the bit 3 of constant to 1.
     /*if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x04)) {
@@ -1121,7 +1123,6 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs
             
         print '<!-- Includes CSS for Dolibarr theme -->'."\n";
         // Output style sheets (optioncss='print' or ''). Note: $conf->css looks like '/theme/eldy/style.css.php'
-        //$themepath=dol_buildpath((empty($conf->global->MAIN_FORCETHEMEDIR)?'':$conf->global->MAIN_FORCETHEMEDIR).$conf->css,1);
         $themepath=dol_buildpath($conf->css,1);
         $themesubdir='';
         if (! empty($conf->modules_parts['theme']))	// This slow down
diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php
index 6530a4f8536..0e906fe0738 100644
--- a/htdocs/user/passwordforgotten.php
+++ b/htdocs/user/passwordforgotten.php
@@ -173,7 +173,6 @@ else
 
 // Note: $conf->css looks like '/theme/eldy/style.css.php'
 $conf->css = "/theme/".(GETPOST('theme','alpha')?GETPOST('theme','alpha'):$conf->theme)."/style.css.php";
-//$themepath=dol_buildpath((empty($conf->global->MAIN_FORCETHEMEDIR)?'':$conf->global->MAIN_FORCETHEMEDIR).$conf->css,1);
 $themepath=dol_buildpath($conf->css,1);
 if (! empty($conf->modules_parts['theme']))	// This slow down
 {

From 400b3320aa60ecd2255278fe66555febaeeb8cad Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 29 May 2017 15:20:50 +0200
Subject: [PATCH 11/12] NEW Introduction option
 MAIN_HTTP_CONTENT_SECURITY_POLICY

---
 htdocs/main.inc.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 730c2caba4a..26f455131cd 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -1008,7 +1008,15 @@ function top_httphead($contenttype='text/html')
     // Security options
     header("X-Content-Type-Options: nosniff");  // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on)
     header("X-Frame-Options: SAMEORIGIN");      // Frames allowed only if on same domain (stop some XSS attacks)
-    // TODO Content-Security-Policy
+    if (! empty($conf->global->MAIN_HTTP_CONTENT_SECURITY_POLICY))
+    {
+        // For example, to restrict script, object, frames or img to some domains
+        // script-src https://api.google.com https://anotherhost.com; object-src https://youtube.com; child-src https://youtube.com; img-src: https://static.example.com  
+        // For example, to restrict everything to one domain, except object, ...
+        // default-src https://cdn.example.net; object-src 'none'
+        header("Content-Security-Policy: ".$conf->global->MAIN_HTTP_CONTENT_SECURITY_POLICY);
+    }
+      
     
     // On the fly GZIP compression for all pages (if browser support it). Must set the bit 3 of constant to 1.
     /*if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x04)) {

From 59ab9a442199d1907543c833c76f9c57fc4b8171 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 29 May 2017 15:25:37 +0200
Subject: [PATCH 12/12] FIX #6850

---
 htdocs/admin/bank.php              | 2 +-
 htdocs/admin/bank_extrafields.php  | 2 +-
 htdocs/admin/chequereceipts.php    | 5 +++--
 htdocs/admin/commande.php          | 1 +
 htdocs/admin/contract.php          | 1 +
 htdocs/admin/expedition.php        | 1 +
 htdocs/admin/expensereport.php     | 1 +
 htdocs/admin/facture.php           | 1 +
 htdocs/admin/fichinter.php         | 1 +
 htdocs/admin/livraison.php         | 1 +
 htdocs/admin/propal.php            | 1 +
 htdocs/admin/supplier_invoice.php  | 1 +
 htdocs/admin/supplier_order.php    | 1 +
 htdocs/admin/supplier_proposal.php | 1 +
 14 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/htdocs/admin/bank.php b/htdocs/admin/bank.php
index 8ed1e3cd9ac..afe60acff2e 100644
--- a/htdocs/admin/bank.php
+++ b/htdocs/admin/bank.php
@@ -166,7 +166,7 @@ $linkback='<a href="'.DOL_URL_ROOT.'/admin/modules.php">'.$langs->trans("BackToM
 print load_fiche_titre($langs->trans("BankSetupModule"),$linkback,'title_setup');
 
 $head = bank_admin_prepare_head(null);
-dol_fiche_head($head, 'general', $langs->trans("BankSetupModule"), 0, 'account');
+dol_fiche_head($head, 'general', $langs->trans("BankSetupModule"), -1, 'account');
 
 $var=true;
 
diff --git a/htdocs/admin/bank_extrafields.php b/htdocs/admin/bank_extrafields.php
index 2d03c51e34d..794483350f1 100644
--- a/htdocs/admin/bank_extrafields.php
+++ b/htdocs/admin/bank_extrafields.php
@@ -71,7 +71,7 @@ print load_fiche_titre($langs->trans("BankSetupModule"),$linkback,'title_setup')
 
 $head = bank_admin_prepare_head(null);
 
-dol_fiche_head($head, 'attributes', $langs->trans("BankSetupModule"), 0, 'account');
+dol_fiche_head($head, 'attributes', $langs->trans("BankSetupModule"), -1, 'account');
 
 require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_view.tpl.php';
 
diff --git a/htdocs/admin/chequereceipts.php b/htdocs/admin/chequereceipts.php
index fd1da0c328b..bc55eb4b9f6 100644
--- a/htdocs/admin/chequereceipts.php
+++ b/htdocs/admin/chequereceipts.php
@@ -27,6 +27,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/bank.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/compta/paiement/cheque/class/remisecheque.class.php';
 
@@ -71,7 +72,7 @@ if ($action == 'updateMask')
 
 if ($action == 'setmod')
 {
-	dolibarr_set_const($db, "CHEQUERECEIPTS_ADDON",$value,'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "CHEQUERECEIPTS_ADDON",$value, 'chaine', 0, '', $conf->entity);
 }
 
 if ($action == 'set_BANK_CHEQUERECEIPT_FREE_TEXT')
@@ -105,7 +106,7 @@ $linkback='<a href="'.DOL_URL_ROOT.'/admin/modules.php">'.$langs->trans("BackToM
 print load_fiche_titre($langs->trans("BankSetupModule"),$linkback,'title_setup');
 
 $head = bank_admin_prepare_head(null);
-dol_fiche_head($head, 'checkreceipts', $langs->trans("BankSetupModule"), 0, 'account');
+dol_fiche_head($head, 'checkreceipts', $langs->trans("BankSetupModule"), -1, 'account');
 
 /*
  *  Numbering module
diff --git a/htdocs/admin/commande.php b/htdocs/admin/commande.php
index a4680f4d16e..d60144a3492 100644
--- a/htdocs/admin/commande.php
+++ b/htdocs/admin/commande.php
@@ -32,6 +32,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/order.lib.php';
 
diff --git a/htdocs/admin/contract.php b/htdocs/admin/contract.php
index 37c0b9bccde..4c0a9572761 100644
--- a/htdocs/admin/contract.php
+++ b/htdocs/admin/contract.php
@@ -24,6 +24,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/contract.lib.php';
 
diff --git a/htdocs/admin/expedition.php b/htdocs/admin/expedition.php
index d31b788a1ab..3c89960ede6 100644
--- a/htdocs/admin/expedition.php
+++ b/htdocs/admin/expedition.php
@@ -30,6 +30,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/expedition.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php';
 
diff --git a/htdocs/admin/expensereport.php b/htdocs/admin/expensereport.php
index b8626827595..eefe5747abd 100644
--- a/htdocs/admin/expensereport.php
+++ b/htdocs/admin/expensereport.php
@@ -30,6 +30,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/expensereport.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
 
diff --git a/htdocs/admin/facture.php b/htdocs/admin/facture.php
index d89c9711e3f..77230dc3f68 100644
--- a/htdocs/admin/facture.php
+++ b/htdocs/admin/facture.php
@@ -29,6 +29,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/invoice.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
 
diff --git a/htdocs/admin/fichinter.php b/htdocs/admin/fichinter.php
index d99fd9456d9..3ce82ce59cb 100644
--- a/htdocs/admin/fichinter.php
+++ b/htdocs/admin/fichinter.php
@@ -30,6 +30,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/fichinter.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/fichinter/class/fichinter.class.php';
 
diff --git a/htdocs/admin/livraison.php b/htdocs/admin/livraison.php
index 143c54ec24d..74081266f43 100644
--- a/htdocs/admin/livraison.php
+++ b/htdocs/admin/livraison.php
@@ -30,6 +30,7 @@
  */
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/expedition.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/livraison/class/livraison.class.php';
 
diff --git a/htdocs/admin/propal.php b/htdocs/admin/propal.php
index 6a9884e263c..7c8413a28a6 100644
--- a/htdocs/admin/propal.php
+++ b/htdocs/admin/propal.php
@@ -30,6 +30,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/propal.lib.php';
 $langs->load("admin");
diff --git a/htdocs/admin/supplier_invoice.php b/htdocs/admin/supplier_invoice.php
index de128184d18..d408657ac8c 100644
--- a/htdocs/admin/supplier_invoice.php
+++ b/htdocs/admin/supplier_invoice.php
@@ -29,6 +29,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/fourn.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.class.php';
 require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php';
diff --git a/htdocs/admin/supplier_order.php b/htdocs/admin/supplier_order.php
index 030a507ce20..acce3a38c7c 100644
--- a/htdocs/admin/supplier_order.php
+++ b/htdocs/admin/supplier_order.php
@@ -29,6 +29,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/fourn.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.class.php';
 require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php';
diff --git a/htdocs/admin/supplier_proposal.php b/htdocs/admin/supplier_proposal.php
index 8fc0c4877c8..8a8d2a181a4 100644
--- a/htdocs/admin/supplier_proposal.php
+++ b/htdocs/admin/supplier_proposal.php
@@ -25,6 +25,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/supplier_proposal/class/supplier_proposal.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/supplier_proposal.lib.php';
 $langs->load("admin");