From ab558ee5fae5fbbaa92452160e80d8664e83453a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?=
 <frederic34@users.noreply.github.com>
Date: Thu, 14 Dec 2017 09:49:55 +0100
Subject: [PATCH 01/20] Update product.php

---
 htdocs/product/admin/product.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/htdocs/product/admin/product.php b/htdocs/product/admin/product.php
index 2757234251d..69355a7f1e8 100644
--- a/htdocs/product/admin/product.php
+++ b/htdocs/product/admin/product.php
@@ -56,7 +56,6 @@ $select_pricing_rules=array(
 );
 if ($conf->global->MAIN_FEATURES_LEVEL >= 2)
 {
-    $langs->load("admin");
 	$select_pricing_rules['PRODUIT_CUSTOMER_PRICES_BY_QTY'] = $langs->trans('PriceByQuantity').' ('.$langs->trans("VersionExperimental").')';	// TODO If this is enabled, price must be hidden when price by qty is enabled, also price for quantity must be used when adding product into order/propal/invoice
 	$select_pricing_rules['PRODUIT_CUSTOMER_PRICES_BY_QTY&PRODUIT_MULTIPRICES'] = $langs->trans('MultiPricesAbility') . '+' . $langs->trans('PriceByQuantity').' ('.$langs->trans("VersionExperimental").')';
 }

From 28214598943d0bbb46013fb661448954e5a584d0 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@capnetworks.com>
Date: Wed, 20 Dec 2017 11:36:51 +0100
Subject: [PATCH 02/20] Fix: avoid php warning

---
 htdocs/compta/paiement.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/compta/paiement.php b/htdocs/compta/paiement.php
index 7a494113090..fc65c6f05c3 100644
--- a/htdocs/compta/paiement.php
+++ b/htdocs/compta/paiement.php
@@ -102,7 +102,7 @@ if (empty($reshook))
 	    $tmpinvoice=new Facture($db);
 	    foreach ($_POST as $key => $value)
 	    {
-	        if (substr($key,0,7) == 'amount_')
+			if (substr($key,0,7) == 'amount_' && GETPOST($key) != '')
 	        {
 	            $cursorfacid = substr($key,7);
 	            $amounts[$cursorfacid] = price2num(trim(GETPOST($key)));

From b1f98b5903cdc46a83345420963ef0ac6c483835 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 20 Dec 2017 12:45:38 +0100
Subject: [PATCH 03/20] Fix inline edit

---
 htdocs/core/ajax/saveinplace.php | 19 +++++++++++++++----
 htdocs/expedition/card.php       | 14 +++++++-------
 htdocs/theme/eldy/style.css.php  |  5 ++++-
 htdocs/theme/md/style.css.php    |  4 +++-
 4 files changed, 29 insertions(+), 13 deletions(-)

diff --git a/htdocs/core/ajax/saveinplace.php b/htdocs/core/ajax/saveinplace.php
index eb04379a778..4c46ab43e23 100644
--- a/htdocs/core/ajax/saveinplace.php
+++ b/htdocs/core/ajax/saveinplace.php
@@ -94,10 +94,21 @@ if (! empty($field) && ! empty($element) && ! empty($table_element) && ! empty($
 	}
 	else $newelement = $element;
 
-	if (! empty($user->rights->$newelement->creer) || ! empty($user->rights->$newelement->create) || ! empty($user->rights->$newelement->write)
-	|| (isset($subelement) && (! empty($user->rights->$newelement->$subelement->creer) || ! empty($user->rights->$newelement->$subelement->write)))
-	|| ($element == 'payment' && $user->rights->facture->paiement)
-	|| ($element == 'payment_supplier' && $user->rights->fournisseur->facture->creer))
+	$_POST['action']='update';	// Hack so restrictarea can test permission on write too
+	$feature = $newelement;
+	$object_id = $fk_element;
+	if ($feature == 'expedition' || $feature == 'shipping')
+	{
+		$feature = 'commande';
+		$object_id = 0;
+	}
+	if ($feature == 'shipping') $feature = 'commande';
+	//var_dump(GETPOST('action','aZ09'));
+	//var_dump($newelement.'-'.$subelement."-".$feature."-".$object_id);
+	$check_access = restrictedArea($user, $feature, $object_id, '', $subelement);
+	//var_dump($user->rights);
+
+	if ($check_access)
 	{
 		// Clean parameters
 		$newvalue = trim($value);
diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php
index 81b6ed455a7..15caab8a1ee 100644
--- a/htdocs/expedition/card.php
+++ b/htdocs/expedition/card.php
@@ -127,7 +127,7 @@ if (empty($reshook))
 
 	include DOL_DOCUMENT_ROOT.'/core/actions_dellink.inc.php';		// Must be include, not include_once
 
-	// Set incoterm
+	// Reopen
 	if ($action == 'reopen' && $user->rights->expedition->creer)
 	{
 	    $object->fetch($id);
@@ -503,8 +503,8 @@ if (empty($reshook))
 	    }
 	}
 
-	// Action update description of emailing
-	else if ($action == 'settrackingnumber' || $action == 'settrackingurl'
+	// Action update
+	else if ($action == 'settracking_number' || $action == 'settracking_url'
 	|| $action == 'settrueWeight'
 	|| $action == 'settrueWidth'
 	|| $action == 'settrueHeight'
@@ -513,8 +513,8 @@ if (empty($reshook))
 	{
 	    $error=0;
 
-	    if ($action == 'settrackingnumber')		$object->tracking_number = trim(GETPOST('trackingnumber','alpha'));
-	    if ($action == 'settrackingurl')		$object->tracking_url = trim(GETPOST('trackingurl','int'));
+	    if ($action == 'settracking_number')		$object->tracking_number = trim(GETPOST('tracking_number','alpha'));
+	    if ($action == 'settracking_url')		$object->tracking_url = trim(GETPOST('tracking_url','int'));
 	    if ($action == 'settrueWeight')	{
 	    	$object->trueWeight = trim(GETPOST('trueWeight','int'));
 			$object->weight_units = GETPOST('weight_units','int');
@@ -1692,8 +1692,8 @@ else if ($id || $ref)
 		print '</tr>';
 
 		// Tracking Number
-		print '<tr><td class="titlefield">'.$form->editfieldkey("TrackingNumber",'trackingnumber',$object->tracking_number,$object,$user->rights->expedition->creer).'</td><td colspan="3">';
-		print $form->editfieldval("TrackingNumber",'trackingnumber',$object->tracking_url,$object,$user->rights->expedition->creer,'string',$object->tracking_number);
+		print '<tr><td class="titlefield">'.$form->editfieldkey("TrackingNumber",'tracking_number',$object->tracking_number,$object,$user->rights->expedition->creer).'</td><td colspan="3">';
+		print $form->editfieldval("TrackingNumber",'tracking_number',$object->tracking_url,$object,$user->rights->expedition->creer,'string',$object->tracking_number);
 		print '</td></tr>';
 
 		// Incoterms
diff --git a/htdocs/theme/eldy/style.css.php b/htdocs/theme/eldy/style.css.php
index e809f800bb5..7f294d78e4e 100644
--- a/htdocs/theme/eldy/style.css.php
+++ b/htdocs/theme/eldy/style.css.php
@@ -3472,17 +3472,20 @@ td.gtaskname {
 
 
 /* ============================================================================== */
-/*  jQuery - jeditable                                                            */
+/*  jQuery - jeditable for inline edit                                            */
 /* ============================================================================== */
 
 .editkey_textarea, .editkey_ckeditor, .editkey_string, .editkey_email, .editkey_numeric, .editkey_select, .editkey_autocomplete {
 	background: url(<?php echo dol_buildpath($path.'/theme/'.$theme.'/img/edit.png',1) ?>) right top no-repeat;
 	cursor: pointer;
+	margin-right: 3px;
 }
 
 .editkey_datepicker {
 	background: url(<?php echo dol_buildpath($path.'/theme/'.$theme.'/img/calendar.png',1) ?>) right center no-repeat;
+	margin-right: 3px;
 	cursor: pointer;
+	margin-right: 3px;
 }
 
 .editval_textarea.active:hover, .editval_ckeditor.active:hover, .editval_string.active:hover, .editval_email.active:hover, .editval_numeric.active:hover, .editval_select.active:hover, .editval_autocomplete.active:hover, .editval_datepicker.active:hover {
diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php
index f4966a105b7..5a56d027b15 100644
--- a/htdocs/theme/md/style.css.php
+++ b/htdocs/theme/md/style.css.php
@@ -3542,17 +3542,19 @@ td.gtaskname {
 
 
 /* ============================================================================== */
-/*  jQuery - jeditable                                                            */
+/*  jQuery - jeditable for inline edit                                            */
 /* ============================================================================== */
 
 .editkey_textarea, .editkey_ckeditor, .editkey_string, .editkey_email, .editkey_numeric, .editkey_select, .editkey_autocomplete {
 	background: url(<?php echo dol_buildpath($path.'/theme/'.$theme.'/img/edit.png',1) ?>) right top no-repeat;
 	cursor: pointer;
+	margin-right: 3px;
 }
 
 .editkey_datepicker {
 	background: url(<?php echo dol_buildpath($path.'/theme/'.$theme.'/img/calendar.png',1) ?>) right center no-repeat;
 	cursor: pointer;
+	margin-right: 3px;
 }
 
 .editval_textarea.active:hover, .editval_ckeditor.active:hover, .editval_string.active:hover, .editval_email.active:hover, .editval_numeric.active:hover, .editval_select.active:hover, .editval_autocomplete.active:hover, .editval_datepicker.active:hover {

From ca8ae3c7230aea9f8414e50f6a2b437f01b39bd8 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 20 Dec 2017 13:17:21 +0100
Subject: [PATCH 04/20] Fix option MAIN_USE_JQUERY_JEDITABLE

---
 dev/dolibarr_changes.txt                      | 10 ++-
 htdocs/core/ajax/saveinplace.php              | 13 ++-
 htdocs/core/js/editinplace.js                 | 89 ++++++++++---------
 .../plugins/jeditable/jquery.jeditable.js     |  4 +-
 htdocs/main.inc.php                           |  2 +-
 5 files changed, 68 insertions(+), 50 deletions(-)

diff --git a/dev/dolibarr_changes.txt b/dev/dolibarr_changes.txt
index 0570525cdad..53f58c6790e 100644
--- a/dev/dolibarr_changes.txt
+++ b/dev/dolibarr_changes.txt
@@ -123,4 +123,12 @@ PARSEDOWN
 	else $len = strlen($line);
 	$shortage = 4 - $len % 4;
                 	
-    	
+
+
+JEDITABLE.JS
+------------
+
+* <button type="submit" />  =>  <button class="button" type="submit" />
+* <button type="cancel" />  =>  <button class="button" type="cancel" />
+
+
diff --git a/htdocs/core/ajax/saveinplace.php b/htdocs/core/ajax/saveinplace.php
index 4c46ab43e23..61c2dca675b 100644
--- a/htdocs/core/ajax/saveinplace.php
+++ b/htdocs/core/ajax/saveinplace.php
@@ -94,8 +94,9 @@ if (! empty($field) && ! empty($element) && ! empty($table_element) && ! empty($
 	}
 	else $newelement = $element;
 
-	$_POST['action']='update';	// Hack so restrictarea can test permission on write too
+	$_POST['action']='update';	// Hack so restrictarea will test permissions on write too
 	$feature = $newelement;
+	$feature2 = $subelement;
 	$object_id = $fk_element;
 	if ($feature == 'expedition' || $feature == 'shipping')
 	{
@@ -103,10 +104,18 @@ if (! empty($field) && ! empty($element) && ! empty($table_element) && ! empty($
 		$object_id = 0;
 	}
 	if ($feature == 'shipping') $feature = 'commande';
+	if ($feature == 'payment') { $feature = 'facture'; }
+	if ($feature == 'payment_supplier') { $feature = 'fournisseur'; $feature2 = 'facture'; }
 	//var_dump(GETPOST('action','aZ09'));
 	//var_dump($newelement.'-'.$subelement."-".$feature."-".$object_id);
-	$check_access = restrictedArea($user, $feature, $object_id, '', $subelement);
+	$check_access = restrictedArea($user, $feature, $object_id, '', $feature2);
 	//var_dump($user->rights);
+	/*
+	if (! empty($user->rights->$newelement->creer) || ! empty($user->rights->$newelement->create) || ! empty($user->rights->$newelement->write)
+		|| (isset($subelement) && (! empty($user->rights->$newelement->$subelement->creer) || ! empty($user->rights->$newelement->$subelement->write)))
+		|| ($element == 'payment' && $user->rights->facture->paiement)
+		|| ($element == 'payment_supplier' && $user->rights->fournisseur->facture->creer))
+	*/
 
 	if ($check_access)
 	{
diff --git a/htdocs/core/js/editinplace.js b/htdocs/core/js/editinplace.js
index 830aec5cd13..d1d4b6254ee 100644
--- a/htdocs/core/js/editinplace.js
+++ b/htdocs/core/js/editinplace.js
@@ -1,5 +1,5 @@
 // Copyright (C) 2011-2014	Regis Houssin		<regis.houssin@capnetworks.com>
-// Copyright (C) 2011		Laurent Destailleur	<eldy@users.sourceforge.net>
+// Copyright (C) 2011-2017	Laurent Destailleur	<eldy@users.sourceforge.net>
 //
 // This program is free software; you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
@@ -26,6 +26,50 @@ $(document).ready(function() {
 	var table_element = $('#jeditable_table_element').html();
 	var fk_element = $('#jeditable_fk_element').html();
 	
+	
+	if ($('.editval_string').length > 0) {
+		$('.editval_string').editable(urlSaveInPlace, {
+			type		: 'text',
+			id			: 'field',
+			width		: withInPlace,				/* Size of string area in px ? */
+			tooltip		: tooltipInPlace,
+			placeholder	: placeholderInPlace,
+			cancel		: cancelInPlace,
+			submit		: submitInPlace,
+			indicator	: indicatorInPlace,
+			submitdata	: function(result, settings) {
+				return getParameters(this, 'string');
+			},
+			callback	: function(result, settings) {
+				getResult(this, result);
+			},
+			onreset		: function(result, settings) {
+				getDefault(settings);
+			}
+		});
+		$('.editkey_string').hover(
+				function () {
+					console.log("We are hover (entry) an editkey_string");
+					$('#viewval_' + $(this).attr('id')).addClass("viewval_hover");
+				},
+				function () {
+					console.log("We are no more hover an editkey_string");
+					$('#viewval_' + $(this).attr('id')).removeClass("viewval_hover");
+				}
+		);
+		$('.editkey_string').click(function() {
+			console.log("We click on the edit field");
+			$('#viewval_' + $(this).attr('id')).click();
+			$('#viewval_' + $(this).attr('id')).hide();
+			$('#editval_' + $(this).attr('id')).show().click();
+		});
+		$('.viewval_string.active').click(function() {
+			console.log("We click on the viewed value");
+			$('#viewval_' + $(this).attr('id').substr(8)).hide();
+			$('#editval_' + $(this).attr('id').substr(8)).show().click();
+		});
+	}
+	
 	if ($('.editval_textarea').length > 0) {
 		$('.editval_textarea').editable(urlSaveInPlace, {
 			type		: 'textarea',
@@ -127,49 +171,6 @@ $(document).ready(function() {
 		});
 	}
 	
-	if ($('.editval_string').length > 0) {
-		$('.editval_string').editable(urlSaveInPlace, {
-			type		: 'text',
-			id			: 'field',
-			width		: withInPlace,				/* Size of string area in px ? */
-			tooltip		: tooltipInPlace,
-			placeholder	: placeholderInPlace,
-			cancel		: cancelInPlace,
-			submit		: submitInPlace,
-			indicator	: indicatorInPlace,
-			submitdata	: function(result, settings) {
-				return getParameters(this, 'string');
-			},
-			callback	: function(result, settings) {
-				getResult(this, result);
-			},
-			onreset		: function(result, settings) {
-				getDefault(settings);
-			}
-		});
-		$('.editkey_string').hover(
-				function () {
-					console.log("We are hover (entry) an editkey_string");
-					$('#viewval_' + $(this).attr('id')).addClass("viewval_hover");
-				},
-				function () {
-					console.log("We are no more hover an editkey_string");
-					$('#viewval_' + $(this).attr('id')).removeClass("viewval_hover");
-				}
-		);
-		$('.editkey_string').click(function() {
-			$( '#viewval_' + $(this).attr('id') ).click();
-		});
-		$('.viewval_string.active').click(function() {
-			$('#viewval_' + $(this).attr('id').substr(8)).hide();
-			$('#editval_' + $(this).attr('id').substr(8)).show().click();
-		});
-		$('.editkey_string').click(function() {
-			$('#viewval_' + $(this).attr('id')).hide();
-			$('#editval_' + $(this).attr('id')).show().click();
-		});
-	}
-	
 	if ($('.editval_numeric').length > 0) {
 		$('.editval_numeric').editable(urlSaveInPlace, {
 			type		: 'text',
diff --git a/htdocs/includes/jquery/plugins/jeditable/jquery.jeditable.js b/htdocs/includes/jquery/plugins/jeditable/jquery.jeditable.js
index 003000ed8ea..b5560535aec 100644
--- a/htdocs/includes/jquery/plugins/jeditable/jquery.jeditable.js
+++ b/htdocs/includes/jquery/plugins/jeditable/jquery.jeditable.js
@@ -424,7 +424,7 @@
                             });
                         /* otherwise use button with given string as text */
                         } else {
-                            var submit = $('<button type="submit" />');
+                            var submit = $('<button class="button" type="submit" />');
                             submit.html(settings.submit);                            
                         }
                         $(this).append(submit);
@@ -435,7 +435,7 @@
                             var cancel = $(settings.cancel);
                         /* otherwise use button with given string as text */
                         } else {
-                            var cancel = $('<button type="cancel" />');
+                            var cancel = $('<button class="button" type="cancel" />');
                             cancel.html(settings.cancel);
                         }
                         $(this).append(cancel);
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index cd5cb0ba296..4febe121156 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -1244,7 +1244,7 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs
             if (! empty($conf->global->MAIN_USE_JQUERY_JEDITABLE) && ! defined('DISABLE_JQUERY_JEDITABLE'))
             {
             	print '<!-- JS to manage editInPlace feature -->'."\n";
-                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.min.js'.($ext?'?'.$ext:'').'"></script>'."\n";
+                print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.js'.($ext?'?'.$ext:'').'"></script>'."\n";
                 print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ui-datepicker.js'.($ext?'?'.$ext:'').'"></script>'."\n";
                 print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ui-autocomplete.js'.($ext?'?'.$ext:'').'"></script>'."\n";
                 print '<script type="text/javascript">'."\n";

From 3f6b3b51caf0b35842951b2da88232cea36aa193 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 20 Dec 2017 15:09:58 +0100
Subject: [PATCH 05/20] Fix css

---
 htdocs/core/class/html.form.class.php | 8 ++++----
 htdocs/theme/eldy/style.css.php       | 2 ++
 htdocs/theme/md/style.css.php         | 2 ++
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 71b7b42fdcd..2c5e41ce75a 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -166,7 +166,7 @@ class Form
                 $ret.='<input type="hidden" name="action" value="set'.$htmlname.'">';
                 $ret.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
                 $ret.='<input type="hidden" name="id" value="'.$object->id.'">';
-                if (empty($notabletag)) $ret.='<table class="nobordernopadding" cellpadding="0" cellspacing="0">';
+                if (empty($notabletag)) $ret.='<table class="nobordernopadding centpercent" cellpadding="0" cellspacing="0">';
                 if (empty($notabletag)) $ret.='<tr><td>';
                 if (preg_match('/^(string|email)/',$typeofdata))
                 {
@@ -189,7 +189,7 @@ class Form
                         $morealt=' style="width: '.$cols.'"';
                         $cols='';
                     }
-                    $ret.='<textarea id="'.$htmlname.'" name="'.$htmlname.'" wrap="soft" rows="'.($tmp[1]?$tmp[1]:'20').'"'.($cols?' cols="'.$cols.'"':'').$morealt.'">'.($editvalue?$editvalue:$value).'</textarea>';
+                    $ret.='<textarea id="'.$htmlname.'" name="'.$htmlname.'" wrap="soft" rows="'.($tmp[1]?$tmp[1]:'20').'"'.($cols?' cols="'.$cols.'"':'class="quatrevingtpercent"').$morealt.'">'.($editvalue?$editvalue:$value).'</textarea>';
                 }
                 else if ($typeofdata == 'day' || $typeofdata == 'datepicker')
                 {
@@ -4170,12 +4170,12 @@ class Form
                 {
                 	print $langs->trans("CompanyHasAbsoluteDiscount",price($amount,0,$langs,0,0,-1,$conf->currency));
                 }
-                elseif ($filter=="fk_facture_source IS NULL OR (fk_facture_source IS NOT NULL AND (description LIKE '(DEPOSIT)%' AND description NOT LIKE '(EXCESS RECEIVED)%'))") 
+                elseif ($filter=="fk_facture_source IS NULL OR (fk_facture_source IS NOT NULL AND (description LIKE '(DEPOSIT)%' AND description NOT LIKE '(EXCESS RECEIVED)%'))")
                 {
                 	// Replace trans key with CompanyHasDownPaymentOrCommercialDiscount
                 	print $langs->trans("CompanyHasAbsoluteDiscount",price($amount,0,$langs,0,0,-1,$conf->currency));
                 }
-                else 
+                else
                 {
                 	print $langs->trans("CompanyHasCreditNote",price($amount,0,$langs,0,0,-1,$conf->currency));
                 }
diff --git a/htdocs/theme/eldy/style.css.php b/htdocs/theme/eldy/style.css.php
index 7f294d78e4e..8586a77b687 100644
--- a/htdocs/theme/eldy/style.css.php
+++ b/htdocs/theme/eldy/style.css.php
@@ -3479,6 +3479,7 @@ td.gtaskname {
 	background: url(<?php echo dol_buildpath($path.'/theme/'.$theme.'/img/edit.png',1) ?>) right top no-repeat;
 	cursor: pointer;
 	margin-right: 3px;
+	margin-top: 3px;
 }
 
 .editkey_datepicker {
@@ -3486,6 +3487,7 @@ td.gtaskname {
 	margin-right: 3px;
 	cursor: pointer;
 	margin-right: 3px;
+	margin-top: 3px;
 }
 
 .editval_textarea.active:hover, .editval_ckeditor.active:hover, .editval_string.active:hover, .editval_email.active:hover, .editval_numeric.active:hover, .editval_select.active:hover, .editval_autocomplete.active:hover, .editval_datepicker.active:hover {
diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php
index 5a56d027b15..fe947935ec5 100644
--- a/htdocs/theme/md/style.css.php
+++ b/htdocs/theme/md/style.css.php
@@ -3549,12 +3549,14 @@ td.gtaskname {
 	background: url(<?php echo dol_buildpath($path.'/theme/'.$theme.'/img/edit.png',1) ?>) right top no-repeat;
 	cursor: pointer;
 	margin-right: 3px;
+	margin-top: 3px;
 }
 
 .editkey_datepicker {
 	background: url(<?php echo dol_buildpath($path.'/theme/'.$theme.'/img/calendar.png',1) ?>) right center no-repeat;
 	cursor: pointer;
 	margin-right: 3px;
+	margin-top: 3px;
 }
 
 .editval_textarea.active:hover, .editval_ckeditor.active:hover, .editval_string.active:hover, .editval_email.active:hover, .editval_numeric.active:hover, .editval_select.active:hover, .editval_autocomplete.active:hover, .editval_datepicker.active:hover {

From ae7f8c3fe499bd061ce157cb948314a785508bdb Mon Sep 17 00:00:00 2001
From: arnaud <arnaud.saint-patrice@atm-consulting.fr>
Date: Thu, 21 Dec 2017 12:01:30 +0100
Subject: [PATCH 06/20] FIX search on contact list

---
 htdocs/contact/list.php | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php
index 7508381e6cd..5aacbc2f16f 100644
--- a/htdocs/contact/list.php
+++ b/htdocs/contact/list.php
@@ -68,6 +68,9 @@ $search_categ_thirdparty=GETPOST("search_categ_thirdparty",'int');
 $search_categ_supplier=GETPOST("search_categ_supplier",'int');
 $search_status=GETPOST("search_status",'int');
 $search_type=GETPOST('search_type','alpha');
+$search_zip=GETPOST('search_zip','alpha');
+$search_town=GETPOST('search_town','alpha');
+
 if ($search_status=='') $search_status=1; // always display activ customer first
 
 $optioncss = GETPOST('optioncss','alpha');
@@ -289,7 +292,7 @@ if (strlen($search_poste))          $sql.= natural_search('p.poste', $search_pos
 if (strlen($search_phone_perso))    $sql.= natural_search('p.phone_perso', $search_phone_perso);
 if (strlen($search_phone_pro))      $sql.= natural_search('p.phone', $search_phone);
 if (strlen($search_phone_mobile))   $sql.= natural_search('p.phone_mobile', $search_phone_mobile);
-if (strlen($search_fax))            $sql.= natural_search('p.phone_fax', $search_fax);
+if (strlen($search_fax))            $sql.= natural_search('p.fax', $search_fax);
 if (strlen($search_skype))          $sql.= natural_search('p.skype', $search_skype);
 if (strlen($search_email))          $sql.= natural_search('p.email', $search_email);
 if ($search_status != '' && $search_status >= 0) $sql.= " AND p.statut = ".$db->escape($search_status);
@@ -396,6 +399,7 @@ if ($search_email != '') $param.='&amp;search_email='.urlencode($search_email);
 if ($search_status != '') $param.='&amp;search_status='.urlencode($search_status);
 if ($search_priv == '0' || $search_priv == '1') $param.="&search_priv=".urlencode($search_priv);
 if ($optioncss != '') $param.='&optioncss='.$optioncss;
+
 // Add $param from extra fields
 foreach ($search_array_options as $key => $val)
 {
@@ -491,12 +495,6 @@ if (! empty($arrayfields['p.firstname']['checked']))
     print '<input class="flat" type="text" name="search_firstname" size="6" value="'.dol_escape_htmltag($search_firstname).'">';
     print '</td>';
 }
-if (! empty($arrayfields['p.poste']['checked']))
-{
-    print '<td class="liste_titre">';
-    print '<input class="flat" type="text" name="search_poste" size="5" value="'.dol_escape_htmltag($search_poste).'">';
-    print '</td>';
-}
 if (! empty($arrayfields['p.zip']['checked']))
 {
     print '<td class="liste_titre">';
@@ -509,6 +507,12 @@ if (! empty($arrayfields['p.town']['checked']))
     print '<input class="flat" type="text" name="search_town" size="5" value="'.dol_escape_htmltag($search_town).'">';
     print '</td>';
 }
+if (! empty($arrayfields['p.poste']['checked']))
+{
+	print '<td class="liste_titre">';
+	print '<input class="flat" type="text" name="search_poste" size="5" value="'.dol_escape_htmltag($search_poste).'">';
+	print '</td>';
+}
 if (! empty($arrayfields['p.phone']['checked']))
 {
     print '<td class="liste_titre">';

From 4ba039d2296d6e09c2f1e15ffa8a9e443231b0fc Mon Sep 17 00:00:00 2001
From: arnaud <arnaud.saint-patrice@atm-consulting.fr>
Date: Thu, 21 Dec 2017 12:07:29 +0100
Subject: [PATCH 07/20] FIX trans unactivate on contractline

---
 htdocs/contrat/card.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php
index 43f086fbab4..a1a38d04626 100644
--- a/htdocs/contrat/card.php
+++ b/htdocs/contrat/card.php
@@ -1840,7 +1840,7 @@ else
                         {
                             $tmpaction='unactivateline';
                             $tmpactionpicto='playstop';
-                            $tmpactiontext=$langs->trans("Unactivate");
+                            $tmpactiontext=$langs->trans("Disable");
                         }
 						if (($tmpaction=='activateline' && $user->rights->contrat->activer) || ($tmpaction=='unactivateline' && $user->rights->contrat->desactiver))
 						{
@@ -1982,7 +1982,7 @@ else
                 print '<tr '.$bc[false].'>';
                 print '<td class="nohover">'.$langs->trans("Comment").'</td><td class="nohover"><input size="70" type="text" class="flat" name="comment" value="'.dol_escape_htmltag(GETPOST('comment', 'alpha')).'"></td>';
                 print '<td class="nohover right">';
-                print '<input type="submit" class="button" name="close" value="'.$langs->trans("Unactivate").'"> &nbsp; ';
+                print '<input type="submit" class="button" name="close" value="'.$langs->trans("Disable").'"> &nbsp; ';
                 print '<input type="submit" class="button" name="cancel" value="'.$langs->trans("Cancel").'">';
                 print '</td>';
                 print '</tr>';

From b1ce3fc5c806b44512f51b436681a276df540e8c Mon Sep 17 00:00:00 2001
From: arnaud <arnaud.saint-patrice@atm-consulting.fr>
Date: Thu, 21 Dec 2017 12:12:50 +0100
Subject: [PATCH 08/20] FIX stats trad for customerinvoice

---
 htdocs/langs/fr_FR/other.lang | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/langs/fr_FR/other.lang b/htdocs/langs/fr_FR/other.lang
index 346fcf42934..066e1ec5015 100644
--- a/htdocs/langs/fr_FR/other.lang
+++ b/htdocs/langs/fr_FR/other.lang
@@ -172,7 +172,7 @@ NumberOfSupplierOrders=Nombre de commandes fournisseurs
 NumberOfSupplierInvoices=Nombre de factures fournisseurs
 NumberOfUnitsProposals=Quantités présentes dans les propositions commerciales
 NumberOfUnitsCustomerOrders=Quantités présentes dans les commandes clients
-NumberOfUnitsCustomerInvoices=Quantités présentes dans les factures fournisseurs
+NumberOfUnitsCustomerInvoices=Quantités présentes dans les factures clients
 NumberOfUnitsSupplierProposals=Quantités présentes dans les demande de prix
 NumberOfUnitsSupplierOrders=Quantités  présentes dans les commandes fournisseurs
 NumberOfUnitsSupplierInvoices=Quantités présentes dans les factures fournisseurs

From 4a5988accbb770b74105baacd5a034689272128c Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 21 Dec 2017 12:47:49 +0100
Subject: [PATCH 09/20] FIX security vulnerability reported by ADLab of
 Venustech

---
 htdocs/adherents/subscription/info.php     |  6 +++---
 htdocs/cashdesk/tpl/facturation1.tpl.php   |  8 ++++++++
 htdocs/cashdesk/tpl/liste_articles.tpl.php |  8 ++++++++
 htdocs/cashdesk/tpl/menu.tpl.php           |  8 ++++++++
 htdocs/cashdesk/tpl/ticket.tpl.php         |  9 +++++++++
 htdocs/cashdesk/tpl/validation1.tpl.php    |  8 ++++++++
 htdocs/cashdesk/tpl/validation2.tpl.php    |  8 ++++++++
 htdocs/comm/multiprix.php                  | 13 +++++++------
 htdocs/fourn/index.php                     | 14 +++++++-------
 htdocs/main.inc.php                        |  3 ++-
 10 files changed, 68 insertions(+), 17 deletions(-)

diff --git a/htdocs/adherents/subscription/info.php b/htdocs/adherents/subscription/info.php
index c83771d22ff..05856c35f75 100644
--- a/htdocs/adherents/subscription/info.php
+++ b/htdocs/adherents/subscription/info.php
@@ -36,7 +36,7 @@ $langs->load("users");
 if (!$user->rights->adherent->lire)
 	accessforbidden();
 
-$rowid=isset($_GET["rowid"])?$_GET["rowid"]:$_POST["rowid"];
+$rowid=GETPOST("rowid",'int');
 
 
 
@@ -44,10 +44,10 @@ $rowid=isset($_GET["rowid"])?$_GET["rowid"]:$_POST["rowid"];
  * View
  */
 
-llxHeader();
-
 $form = new Form($db);
 
+llxHeader();
+
 $object = new Subscription($db);
 $result = $object->fetch($rowid);
 
diff --git a/htdocs/cashdesk/tpl/facturation1.tpl.php b/htdocs/cashdesk/tpl/facturation1.tpl.php
index 580012847f5..4372f422518 100644
--- a/htdocs/cashdesk/tpl/facturation1.tpl.php
+++ b/htdocs/cashdesk/tpl/facturation1.tpl.php
@@ -19,6 +19,14 @@
  *
  */
 
+// Protection to avoid direct call of template
+if (empty($langs) || ! is_object($langs))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $langs->load("main");
 $langs->load("bills");
 $langs->load("cashdesk");
diff --git a/htdocs/cashdesk/tpl/liste_articles.tpl.php b/htdocs/cashdesk/tpl/liste_articles.tpl.php
index e4b6bc14436..65f48b0603c 100644
--- a/htdocs/cashdesk/tpl/liste_articles.tpl.php
+++ b/htdocs/cashdesk/tpl/liste_articles.tpl.php
@@ -17,6 +17,14 @@
  *
  */
 
+// Protection to avoid direct call of template
+if (empty($langs) || ! is_object($langs))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
 require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
 
diff --git a/htdocs/cashdesk/tpl/menu.tpl.php b/htdocs/cashdesk/tpl/menu.tpl.php
index fd9bcbca77c..4197db6b1b0 100644
--- a/htdocs/cashdesk/tpl/menu.tpl.php
+++ b/htdocs/cashdesk/tpl/menu.tpl.php
@@ -19,6 +19,14 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($langs) || ! is_object($langs))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 include_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
 include_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
 include_once DOL_DOCUMENT_ROOT.'/product/stock/class/entrepot.class.php';
diff --git a/htdocs/cashdesk/tpl/ticket.tpl.php b/htdocs/cashdesk/tpl/ticket.tpl.php
index 82b84ba3b56..3937c9dbde3 100644
--- a/htdocs/cashdesk/tpl/ticket.tpl.php
+++ b/htdocs/cashdesk/tpl/ticket.tpl.php
@@ -16,6 +16,15 @@
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
+
+// Protection to avoid direct call of template
+if (empty($langs) || ! is_object($langs))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 include_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
 
 $langs->load("main");
diff --git a/htdocs/cashdesk/tpl/validation1.tpl.php b/htdocs/cashdesk/tpl/validation1.tpl.php
index bb3d63a9e58..2a390b99c65 100644
--- a/htdocs/cashdesk/tpl/validation1.tpl.php
+++ b/htdocs/cashdesk/tpl/validation1.tpl.php
@@ -16,6 +16,14 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($langs) || ! is_object($langs))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $langs->load("main");
 $langs->load("bills");
 $langs->load("banks");
diff --git a/htdocs/cashdesk/tpl/validation2.tpl.php b/htdocs/cashdesk/tpl/validation2.tpl.php
index a6e2fe2a3f3..a9889451bda 100644
--- a/htdocs/cashdesk/tpl/validation2.tpl.php
+++ b/htdocs/cashdesk/tpl/validation2.tpl.php
@@ -17,6 +17,14 @@
  *
  */
 
+// Protection to avoid direct call of template
+if (empty($langs) || ! is_object($langs))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $langs->load("main");
 $langs->load("bills");
 
diff --git a/htdocs/comm/multiprix.php b/htdocs/comm/multiprix.php
index 80c6305fcec..dd4e6cef1fa 100644
--- a/htdocs/comm/multiprix.php
+++ b/htdocs/comm/multiprix.php
@@ -30,7 +30,8 @@ require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
 $langs->load("orders");
 $langs->load("companies");
 
-$_socid = $_GET["id"];
+$id = GETPOST('id','int');
+$_socid = GETPOST("id",'int');
 // Security check
 if ($user->societe_id > 0)
 {
@@ -45,10 +46,10 @@ if ($user->societe_id > 0)
 if ($_POST["action"] == 'setpricelevel')
 {
 	$soc = New Societe($db);
-	$soc->fetch($_GET["id"]);
+	$soc->fetch($id);
 	$soc->set_price_level($_POST["price_level"],$user);
 
-	header("Location: multiprix.php?id=".$_GET["id"]);
+	header("Location: multiprix.php?id=".$id);
 	exit;
 }
 
@@ -87,7 +88,7 @@ if ($_socid > 0)
 	print '<form method="POST" action="multiprix.php?id='.$objsoc->id.'">';
 	print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 	print '<input type="hidden" name="action" value="setpricelevel">';
-	
+
 	dol_fiche_head($head, $tabchoice, $langs->trans("ThirdParty"), 0, 'company');
 
 	print '<table width="100%" border="0">';
@@ -122,12 +123,12 @@ if ($_socid > 0)
 	print "</table>";
 
 	dol_fiche_end();
-	
+
 	print '<div align="center"><input type="submit" class="button" value="'.$langs->trans("Save").'"></div>';
 
 	print "</form>";
 
-	
+
 	print '<br><br>';
 
 
diff --git a/htdocs/fourn/index.php b/htdocs/fourn/index.php
index 690835a5e99..8f34077ab34 100644
--- a/htdocs/fourn/index.php
+++ b/htdocs/fourn/index.php
@@ -33,7 +33,7 @@ $langs->load("orders");
 $langs->load("companies");
 
 // Security check
-$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$socid = GETPOST("socid", 'int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe',$socid,'');
 
@@ -81,7 +81,7 @@ if ($resql)
 	while ($i < $num)
 	{
 		$row = $db->fetch_row($resql);
-		
+
 
 		print '<tr class="oddeven">';
 		print '<td>'.$langs->trans($commande->statuts[$row[1]]).'</td>';
@@ -132,7 +132,7 @@ if (! empty($conf->fournisseur->enabled))
 			$var = true;
 			while ($i < $num)
 			{
-				
+
 				$obj = $db->fetch_object($resql);
 				print '<tr class="oddeven"><td  class="nowrap">';
 				$commandestatic->id=$obj->rowid;
@@ -151,7 +151,7 @@ if (! empty($conf->fournisseur->enabled))
 			}
 			if ($total>0)
 			{
-				
+
 				print '<tr class="liste_total"><td>'.$langs->trans("Total").'</td><td colspan="2" align="right">'.price($total)."</td></tr>";
 			}
 			print "</table>";
@@ -190,7 +190,7 @@ if (! empty($conf->fournisseur->enabled) && $user->rights->fournisseur->facture-
 			while ($i < $num && $i < 20)
 			{
 				$obj = $db->fetch_object($resql);
-				
+
 				print '<tr class="oddeven"><td class="nowrap">';
 				$facturestatic->ref=$obj->ref;
 				$facturestatic->id=$obj->rowid;
@@ -263,7 +263,7 @@ if ($resql)
 
 	while ($obj = $db->fetch_object($resql) )
 	{
-		
+
 
 		print '<tr class="oddeven">';
 		print '<td><a href="card.php?socid='.$obj->socid.'">'.img_object($langs->trans("ShowSupplier"),"company").'</a>';
@@ -300,7 +300,7 @@ if (count($companystatic->SupplierCategories))
 
 	foreach ($companystatic->SupplierCategories as $rowid => $label)
 	{
-		
+
 		print "<tr ".$bc[$var].">\n";
 		print '<td>';
 		$categstatic->id=$rowid;
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 4febe121156..d5a692ca86e 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -81,7 +81,8 @@ function test_sql_and_script_inject($val, $type)
     // For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
     if ($type != 2)
     {
-        $inj += preg_match('/delete\s+from/i',	 $val);
+    	$inj += preg_match('/updatexml^(/i',	 $val);
+    	$inj += preg_match('/delete\s+from/i',	 $val);
         $inj += preg_match('/create\s+table/i',	 $val);
         $inj += preg_match('/update.+set.+=/i',  $val);
         $inj += preg_match('/insert\s+into/i', 	 $val);

From 62f895e2ecadd533683dbb3a9cfa070a741045ec Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 21 Dec 2017 13:31:39 +0100
Subject: [PATCH 10/20] Fix: avoid infinite loop

---
 htdocs/core/actions_builddoc.inc.php | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/htdocs/core/actions_builddoc.inc.php b/htdocs/core/actions_builddoc.inc.php
index 70876d4bf9a..420715e3d97 100644
--- a/htdocs/core/actions_builddoc.inc.php
+++ b/htdocs/core/actions_builddoc.inc.php
@@ -33,7 +33,7 @@
 // Build doc
 if ($action == 'builddoc' && $permissioncreate)
 {
-	
+
     if (is_numeric(GETPOST('model')))
     {
         $error=$langs->trans("ErrorFieldRequired",$langs->transnoentities("Model"));
@@ -48,13 +48,13 @@ if ($action == 'builddoc' && $permissioncreate)
             dol_print_error('Object must have been loaded by a fetch');
             exit;
         }*/
-        
+
         // Save last template used to generate document
     	if (GETPOST('model'))
     	{
     	    $object->setDocModel($user, GETPOST('model','alpha'));
     	}
-    
+
         // Special case to force bank account
         //if (property_exists($object, 'fk_bank'))
         //{
@@ -76,13 +76,13 @@ if ($action == 'builddoc' && $permissioncreate)
             $outputlangs = new Translate("",$conf);
             $outputlangs->setDefaultLang($newlang);
         }
-        
+
         // To be sure vars is defined
         if (empty($hidedetails)) $hidedetails=0;
         if (empty($hidedesc)) $hidedesc=0;
         if (empty($hideref)) $hideref=0;
         if (empty($moreparams)) $moreparams=null;
-        
+
         $result= $object->generateDocument($object->modelpdf, $outputlangs, $hidedetails, $hidedesc, $hideref, $moreparams);
         if ($result <= 0)
         {
@@ -91,11 +91,15 @@ if ($action == 'builddoc' && $permissioncreate)
         }
         else
         {
-        	if (empty($donotredirect))	// This is se when include is done by bulk action "Bill Orders"
+        	if (empty($donotredirect))	// This is set when include is done by bulk action "Bill Orders"
         	{
 	            setEventMessages($langs->trans("FileGenerated"), null);
 
-	            header('Location: '.$_SERVER['REQUEST_URI'].'#builddoc');
+	            $urltoredirect = $_SERVER['REQUEST_URI'];
+	            $urltoredirect = preg_replace('/#builddoc$/', '', $urltoredirect);
+	            $urltoredirect = preg_replace('/action=builddoc&?/', '', $urltoredirect);	// To avoid infinite loop
+
+	            header('Location: '.$urltoredirect.'#builddoc');
 	            exit;
         	}
         }

From 6a62e139604dbbd5729e57df2433b37a5950c35c Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 21 Dec 2017 13:32:16 +0100
Subject: [PATCH 11/20] FIX security vulnerability reported by ADLab of
 Venustech

---
 htdocs/accountancy/tpl/export_journal.tpl.php |   9 ++
 .../default/tpl/adherentcard_create.tpl.php   |   9 +-
 .../default/tpl/adherentcard_edit.tpl.php     |   9 +-
 .../default/tpl/adherentcard_view.tpl.php     |  10 +-
 .../adherents/tpl/linkedobjectblock.tpl.php   |  11 +-
 .../comm/propal/tpl/linkedobjectblock.tpl.php |  12 +-
 htdocs/commande/tpl/linkedobjectblock.tpl.php |  13 ++-
 htdocs/compta/facture/card.php                |   2 +-
 .../facture/tpl/linkedobjectblock.tpl.php     |  15 ++-
 .../tpl/linkedobjectblockForRec.tpl.php       |  11 +-
 .../default/tpl/contactcard_create.tpl.php    |   9 +-
 .../default/tpl/contactcard_edit.tpl.php      |   9 +-
 .../default/tpl/contactcard_view.tpl.php      |   9 +-
 htdocs/contrat/tpl/linkedobjectblock.tpl.php  |  10 +-
 htdocs/core/tpl/admin_extrafields_add.tpl.php |  23 ++--
 .../core/tpl/admin_extrafields_edit.tpl.php   |  27 +++--
 .../core/tpl/admin_extrafields_view.tpl.php   |  12 +-
 htdocs/core/tpl/ajax/fileupload_main.tpl.php  |   9 +-
 htdocs/core/tpl/ajax/fileupload_view.tpl.php  |   9 +-
 htdocs/core/tpl/ajaxrow.tpl.php               |   8 ++
 htdocs/core/tpl/bloc_showhide.tpl.php         |   7 ++
 htdocs/core/tpl/contacts.tpl.php              |   8 ++
 .../tpl/document_actions_post_headers.tpl.php |   8 ++
 htdocs/core/tpl/extrafields_view.tpl.php      |   8 ++
 htdocs/core/tpl/login.tpl.php                 |   8 ++
 htdocs/core/tpl/notes.tpl.php                 |   8 ++
 htdocs/core/tpl/objectline_create.tpl.php     |   7 ++
 htdocs/core/tpl/objectline_edit.tpl.php       |  13 ++-
 htdocs/core/tpl/objectline_view.tpl.php       |   8 ++
 htdocs/core/tpl/originproductline.tpl.php     |   9 +-
 htdocs/core/tpl/passwordforgotten.tpl.php     |   8 ++
 htdocs/core/tpl/resource_add.tpl.php          |   8 ++
 htdocs/core/tpl/resource_view.tpl.php         |  14 ++-
 htdocs/ecm/tpl/enablefiletreeajax.tpl.php     |   8 ++
 .../expedition/tpl/linkedobjectblock.tpl.php  |  13 ++-
 .../tpl/linkedobjectblock.tpl.php             |  11 +-
 .../fichinter/tpl/linkedobjectblock.tpl.php   |  11 +-
 .../commande/tpl/linkedobjectblock.tpl.php    |  13 ++-
 .../facture/tpl/linkedobjectblock.tpl.php     |  16 ++-
 htdocs/main.inc.php                           |   2 +-
 .../template/core/tpl/mytemplate.tpl.php      |   8 ++
 .../canvas/product/tpl/card_create.tpl.php    |   8 ++
 .../canvas/product/tpl/card_edit.tpl.php      |   8 ++
 .../canvas/product/tpl/card_view.tpl.php      |   8 ++
 .../product/canvas/product/tpl/list.tpl.php   |  11 +-
 .../canvas/service/tpl/card_create.tpl.php    |   9 +-
 .../canvas/service/tpl/card_edit.tpl.php      |   8 ++
 .../canvas/service/tpl/card_view.tpl.php      |   8 ++
 .../product/canvas/service/tpl/list.tpl.php   |  11 +-
 .../product/inventory/tpl/inventory.tpl.php   | 108 ++++++++++--------
 .../product/stock/tpl/stockcorrection.tpl.php |   8 ++
 .../product/stock/tpl/stocktransfer.tpl.php   |   8 ++
 .../canvas/company/tpl/card_create.tpl.php    |   9 +-
 .../canvas/company/tpl/card_edit.tpl.php      |   9 +-
 .../canvas/company/tpl/card_view.tpl.php      |   9 +-
 .../canvas/individual/tpl/card_create.tpl.php |   9 +-
 .../canvas/individual/tpl/card_edit.tpl.php   |   9 +-
 .../canvas/individual/tpl/card_view.tpl.php   |   9 +-
 .../tpl/linesalesrepresentative.tpl.php       |   9 +-
 .../tpl/linkedobjectblock.tpl.php             |  11 +-
 60 files changed, 562 insertions(+), 129 deletions(-)

diff --git a/htdocs/accountancy/tpl/export_journal.tpl.php b/htdocs/accountancy/tpl/export_journal.tpl.php
index b5b6920e853..d9d158607b6 100644
--- a/htdocs/accountancy/tpl/export_journal.tpl.php
+++ b/htdocs/accountancy/tpl/export_journal.tpl.php
@@ -15,6 +15,15 @@
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $prefix = $conf->global->ACCOUNTING_EXPORT_PREFIX_SPEC;
 $format = $conf->global->ACCOUNTING_EXPORT_FORMAT;
 $nodateexport = $conf->global->ACCOUNTING_EXPORT_NO_DATE_IN_FILENAME;
diff --git a/htdocs/adherents/canvas/default/tpl/adherentcard_create.tpl.php b/htdocs/adherents/canvas/default/tpl/adherentcard_create.tpl.php
index f0a50e2e9ba..81f34706966 100644
--- a/htdocs/adherents/canvas/default/tpl/adherentcard_create.tpl.php
+++ b/htdocs/adherents/canvas/default/tpl/adherentcard_create.tpl.php
@@ -14,8 +14,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE ADHERENTCARD_CREATE.TPL.PHP DEFAULT -->
diff --git a/htdocs/adherents/canvas/default/tpl/adherentcard_edit.tpl.php b/htdocs/adherents/canvas/default/tpl/adherentcard_edit.tpl.php
index 8f3af3fe8df..4a699b75a22 100644
--- a/htdocs/adherents/canvas/default/tpl/adherentcard_edit.tpl.php
+++ b/htdocs/adherents/canvas/default/tpl/adherentcard_edit.tpl.php
@@ -14,9 +14,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $contact = $GLOBALS['objcanvas']->control->object;
 
 ?>
diff --git a/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php b/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php
index e426429ae05..f19ba96c167 100644
--- a/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php
+++ b/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php
@@ -14,10 +14,18 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $contact = $GLOBALS['objcanvas']->control->object;
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE ADHERENTCARD_VIEW.TPL.PHP DEFAULT -->
diff --git a/htdocs/adherents/tpl/linkedobjectblock.tpl.php b/htdocs/adherents/tpl/linkedobjectblock.tpl.php
index 19324812beb..118f51a1a89 100644
--- a/htdocs/adherents/tpl/linkedobjectblock.tpl.php
+++ b/htdocs/adherents/tpl/linkedobjectblock.tpl.php
@@ -15,8 +15,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -33,7 +40,7 @@ $var=true;
 $total=0;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
-	
+
 ?>
 <tr <?php echo $GLOBALS['bc'][$var]; ?> >
     <td><?php echo $langs->trans("Subscription"); ?></td>
diff --git a/htdocs/comm/propal/tpl/linkedobjectblock.tpl.php b/htdocs/comm/propal/tpl/linkedobjectblock.tpl.php
index f797025a5de..cc8c6fe0547 100644
--- a/htdocs/comm/propal/tpl/linkedobjectblock.tpl.php
+++ b/htdocs/comm/propal/tpl/linkedobjectblock.tpl.php
@@ -22,6 +22,14 @@
  *  \ingroup	propal
  *  \brief		Template to show objects linked to proposals
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -40,7 +48,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>
@@ -71,7 +79,7 @@ if (count($linkedObjectBlock) > 1)
     	<td align="right"></td>
     	<td align="right"></td>
     </tr>
-    <?php  
+    <?php
 }
 ?>
 
diff --git a/htdocs/commande/tpl/linkedobjectblock.tpl.php b/htdocs/commande/tpl/linkedobjectblock.tpl.php
index 629cd3c0fb0..39479ba220b 100644
--- a/htdocs/commande/tpl/linkedobjectblock.tpl.php
+++ b/htdocs/commande/tpl/linkedobjectblock.tpl.php
@@ -15,8 +15,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -36,7 +43,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>
@@ -76,7 +83,7 @@ if (count($linkedObjectBlock) > 1)
     	<td align="right"></td>
     	<td align="right"></td>
     </tr>
-    <?php  
+    <?php
 }
 ?>
 
diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php
index fd9386672e2..e6c30abda2d 100644
--- a/htdocs/compta/facture/card.php
+++ b/htdocs/compta/facture/card.php
@@ -2538,7 +2538,7 @@ if ($action == 'create')
 				print '&nbsp;&nbsp;&nbsp; <input data-role="none" type="checkbox" name="invoiceAvoirWithLines" id="invoiceAvoirWithLines" value="1" onclick="$(\'#credit_note_options input[type=checkbox]\').not(this).prop(\'checked\', false);" '.(GETPOST('invoiceAvoirWithLines','int')>0 ? 'checked':'').' /> <label for="invoiceAvoirWithLines">'.$langs->trans('invoiceAvoirWithLines')."</label>";
 				print '<br>&nbsp;&nbsp;&nbsp; <input data-role="none" type="checkbox" name="invoiceAvoirWithPaymentRestAmount" id="invoiceAvoirWithPaymentRestAmount" value="1" onclick="$(\'#credit_note_options input[type=checkbox]\').not(this).prop(\'checked\', false);" '.(GETPOST('invoiceAvoirWithPaymentRestAmount','int')>0 ? 'checked':'').' /> <label for="invoiceAvoirWithPaymentRestAmount">'.$langs->trans('invoiceAvoirWithPaymentRestAmount')."</label>";
 				print '</div>';
-				
+
     			print '</div></div>';
     		}
 		}
diff --git a/htdocs/compta/facture/tpl/linkedobjectblock.tpl.php b/htdocs/compta/facture/tpl/linkedobjectblock.tpl.php
index 63c16afae15..ca3ec7c89c0 100644
--- a/htdocs/compta/facture/tpl/linkedobjectblock.tpl.php
+++ b/htdocs/compta/facture/tpl/linkedobjectblock.tpl.php
@@ -15,8 +15,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -36,7 +43,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>
@@ -54,7 +61,7 @@ foreach($linkedObjectBlock as $key => $objectlink)
     				$total = $total + $sign * $objectlink->total_ht;
     				echo price($objectlink->total_ht);
     			}
-    			else 
+    			else
     			{
     				echo '<strike>'.price($objectlink->total_ht).'</strike>';
     			}
@@ -76,7 +83,7 @@ if (count($linkedObjectBlock) > 1)
     	<td align="right"></td>
     	<td align="right"></td>
     </tr>
-    <?php  
+    <?php
 }
 ?>
 
diff --git a/htdocs/compta/facture/tpl/linkedobjectblockForRec.tpl.php b/htdocs/compta/facture/tpl/linkedobjectblockForRec.tpl.php
index 2e7858fdb08..288e852de71 100644
--- a/htdocs/compta/facture/tpl/linkedobjectblockForRec.tpl.php
+++ b/htdocs/compta/facture/tpl/linkedobjectblockForRec.tpl.php
@@ -15,8 +15,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -36,7 +43,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>
diff --git a/htdocs/contact/canvas/default/tpl/contactcard_create.tpl.php b/htdocs/contact/canvas/default/tpl/contactcard_create.tpl.php
index fbd1d1909a8..1561f046845 100644
--- a/htdocs/contact/canvas/default/tpl/contactcard_create.tpl.php
+++ b/htdocs/contact/canvas/default/tpl/contactcard_create.tpl.php
@@ -13,8 +13,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE CONTACTCARD_CREATE.TPL.PHP DEFAULT -->
diff --git a/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php b/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php
index 56e91894cdd..1eaccff5a1f 100644
--- a/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php
+++ b/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php
@@ -13,9 +13,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $contact = $GLOBALS['objcanvas']->control->object;
 
 ?>
diff --git a/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php b/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php
index 5dc1c12808f..6041e7c3e2c 100644
--- a/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php
+++ b/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php
@@ -13,9 +13,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $contact = $GLOBALS['objcanvas']->control->object;
 ?>
 
diff --git a/htdocs/contrat/tpl/linkedobjectblock.tpl.php b/htdocs/contrat/tpl/linkedobjectblock.tpl.php
index a2da6cef24e..eae46dad772 100644
--- a/htdocs/contrat/tpl/linkedobjectblock.tpl.php
+++ b/htdocs/contrat/tpl/linkedobjectblock.tpl.php
@@ -14,6 +14,14 @@
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -33,7 +41,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>
diff --git a/htdocs/core/tpl/admin_extrafields_add.tpl.php b/htdocs/core/tpl/admin_extrafields_add.tpl.php
index 62821372e56..d9ba847925d 100644
--- a/htdocs/core/tpl/admin_extrafields_add.tpl.php
+++ b/htdocs/core/tpl/admin_extrafields_add.tpl.php
@@ -26,6 +26,13 @@
  * $elementtype
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE admin_extrafields_add.tpl.php -->
@@ -56,11 +63,11 @@
 
     		// Case of computed field
     		console.log(type);
-    		if (type == '' || type == 'varchar' || type == 'int' || type == 'double' || type == 'price') { 
-    			jQuery("tr.extra_computed_value").show(); 
+    		if (type == '' || type == 'varchar' || type == 'int' || type == 'double' || type == 'price') {
+    			jQuery("tr.extra_computed_value").show();
     		} else {
     			computed_value.val(''); jQuery("tr.extra_computed_value").hide();
-    		} 
+    		}
     		if (computed_value.val())
     		{
         		console.log("We enter a computed formula");
@@ -75,7 +82,7 @@
         		jQuery("#default_value, #unique, #required, #alwayseditable, #ishidden, #list").attr('disabled', false);
         		jQuery("tr.extra_default_value, tr.extra_unique, tr.extra_required, tr.extra_alwayseditable, tr.extra_ishidden, tr.extra_list").show();
     		}
-    		
+
 			if (type == 'date')          { size.val('').prop('disabled', true); unique.removeAttr('disabled'); jQuery("#value_choice").hide();jQuery("#helpchkbxlst").hide(); }
 			else if (type == 'datetime') { size.val('').prop('disabled', true); unique.removeAttr('disabled'); jQuery("#value_choice").hide(); jQuery("#helpchkbxlst").hide();}
     		else if (type == 'double')   { size.val('24,8').removeAttr('disabled'); unique.removeAttr('disabled'); jQuery("#value_choice").hide(); jQuery("#helpchkbxlst").hide();}
@@ -90,8 +97,8 @@
 			else if (type == 'checkbox') { size.val('').prop('disabled', true); unique.removeAttr('checked').prop('disabled', true); jQuery("#value_choice").show();jQuery("#helpselect").show();jQuery("#helpsellist").hide();jQuery("#helpchkbxlst").hide();jQuery("#helplink").hide();}
 			else if (type == 'chkbxlst') { size.val('').prop('disabled', true); unique.removeAttr('checked').prop('disabled', true); jQuery("#value_choice").show();jQuery("#helpselect").hide();jQuery("#helpsellist").hide();jQuery("#helpchkbxlst").show();jQuery("#helplink").hide();}
 			else if (type == 'link')     { size.val('').prop('disabled', true); unique.removeAttr('disabled'); jQuery("#value_choice").show();jQuery("#helpselect").hide();jQuery("#helpsellist").hide();jQuery("#helpchkbxlst").hide();jQuery("#helplink").show();}
-			else if (type == 'separate') { 
-				size.val('').prop('disabled', true); unique.removeAttr('checked').prop('disabled', true); required.val('').prop('disabled', true); 
+			else if (type == 'separate') {
+				size.val('').prop('disabled', true); unique.removeAttr('checked').prop('disabled', true); required.val('').prop('disabled', true);
 				jQuery("#value_choice").hide();jQuery("#helpselect").hide();jQuery("#helpsellist").hide();jQuery("#helpchkbxlst").hide();jQuery("#helplink").hide();
 			}
 			else {	// type = string
@@ -102,12 +109,12 @@
 			if (type == 'separate')
 			{
 				required.removeAttr('checked').prop('disabled', true); alwayseditable.removeAttr('checked').prop('disabled', true); list.val('').prop('disabled', true);
-				jQuery('#size, #default_value').val('').prop('disabled', true); 
+				jQuery('#size, #default_value').val('').prop('disabled', true);
 			}
 			else
 			{
 				default_value.removeAttr('disabled');
-				required.removeAttr('disabled'); alwayseditable.removeAttr('disabled'); list.val('').removeAttr('disabled'); 
+				required.removeAttr('disabled'); alwayseditable.removeAttr('disabled'); list.val('').removeAttr('disabled');
 			}
     	}
     	init_typeoffields('<?php echo GETPOST('type'); ?>');
diff --git a/htdocs/core/tpl/admin_extrafields_edit.tpl.php b/htdocs/core/tpl/admin_extrafields_edit.tpl.php
index 6f049c506a3..b8d3cba1d59 100644
--- a/htdocs/core/tpl/admin_extrafields_edit.tpl.php
+++ b/htdocs/core/tpl/admin_extrafields_edit.tpl.php
@@ -25,6 +25,13 @@
  * $elementtype
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE admin_extrafields_edit.tpl.php -->
@@ -54,11 +61,11 @@
     		?>
 
     		// Case of computed field
-    		if (type == 'varchar' || type == 'int' || type == 'double' || type == 'price') { 
-    			jQuery("tr.extra_computed_value").show(); 
+    		if (type == 'varchar' || type == 'int' || type == 'double' || type == 'price') {
+    			jQuery("tr.extra_computed_value").show();
     		} else {
     			computed_value.val(''); jQuery("tr.extra_computed_value").hide();
-    		} 
+    		}
     		if (computed_value.val())
     		{
         		console.log("We enter a computed formula");
@@ -73,7 +80,7 @@
         		jQuery("#default_value, #unique, #required, #alwayseditable, #ishidden, #list").attr('disabled', false);
         		jQuery("tr.extra_default_value, tr.extra_unique, tr.extra_required, tr.extra_alwayseditable, tr.extra_ishidden, tr.extra_list").show();
     		}
-    		
+
 			if (type == 'date') { size.val('').prop('disabled', true); unique.removeAttr('disabled'); jQuery("#value_choice").hide();jQuery("#helpchkbxlst").hide(); }
 			else if (type == 'datetime') { size.val('').prop('disabled', true); unique.removeAttr('disabled'); jQuery("#value_choice").hide(); jQuery("#helpchkbxlst").hide();}
     		else if (type == 'double')   { size.removeAttr('disabled'); unique.removeAttr('disabled'); jQuery("#value_choice").hide(); jQuery("#helpchkbxlst").hide();}
@@ -91,19 +98,19 @@
 			else if (type == 'separate') { size.val('').prop('disabled', true); unique.removeAttr('checked').prop('disabled', true); required.val('').prop('disabled', true); default_value.val('').prop('disabled', true); jQuery("#value_choice").hide();jQuery("#helpselect").hide();jQuery("#helpsellist").hide();jQuery("#helpchkbxlst").hide();jQuery("#helplink").hide();}
 			else {	// type = string
 				size.val('').prop('disabled', true);
-				unique.removeAttr('disabled');		
+				unique.removeAttr('disabled');
 			}
 
 			if (type == 'separate')
 			{
-				required.removeAttr('checked').prop('disabled', true); alwayseditable.removeAttr('checked').prop('disabled', true); list.val('').prop('disabled', true); 
-				jQuery('#size, #default_value').val('').prop('disabled', true); 
+				required.removeAttr('checked').prop('disabled', true); alwayseditable.removeAttr('checked').prop('disabled', true); list.val('').prop('disabled', true);
+				jQuery('#size, #default_value').val('').prop('disabled', true);
 			}
 			else
 			{
 				default_value.removeAttr('disabled');
-				required.removeAttr('disabled'); alwayseditable.removeAttr('disabled'); list.val('').removeAttr('disabled'); 
-			}			
+				required.removeAttr('disabled'); alwayseditable.removeAttr('disabled'); list.val('').removeAttr('disabled');
+			}
     	}
     	init_typeoffields(jQuery("#type").val());
     	jQuery("#type").change(function() {
@@ -113,7 +120,7 @@
     	// If we enter a formula, we disable other fields
     	jQuery("#computed_value").keyup(function() {
     		init_typeoffields(jQuery('#type').val());
-    	});    	
+    	});
     });
 </script>
 
diff --git a/htdocs/core/tpl/admin_extrafields_view.tpl.php b/htdocs/core/tpl/admin_extrafields_view.tpl.php
index a6d7e735735..6d3bb43f3b2 100644
--- a/htdocs/core/tpl/admin_extrafields_view.tpl.php
+++ b/htdocs/core/tpl/admin_extrafields_view.tpl.php
@@ -22,6 +22,14 @@
  * $extrafield
  * $elementtype
  */
+
+// Protection to avoid direct call of template
+if (empty($langs) || ! is_object($langs))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE admin_extrafields_view.tpl.php -->
@@ -56,7 +64,7 @@ if (count($extrafields->attribute_type))
 {
     foreach($extrafields->attribute_type as $key => $value)
     {
-        
+
         print '<tr class="oddeven">';
         print "<td>".$extrafields->attribute_pos[$key]."</td>\n";
         print "<td>".$extrafields->attribute_label[$key]."</td>\n";
@@ -77,7 +85,7 @@ else
 {
     $colspan=9;
     if (! empty($conf->global->MAIN_CAN_HIDE_EXTRAFIELDS)) $colspan++;
-    
+
     print '<tr class="oddeven">';
     print '<td class="opacitymedium" colspan="'.$colspan.'">';
     print $langs->trans("None");
diff --git a/htdocs/core/tpl/ajax/fileupload_main.tpl.php b/htdocs/core/tpl/ajax/fileupload_main.tpl.php
index 034e9ebc3fc..93f0826e160 100644
--- a/htdocs/core/tpl/ajax/fileupload_main.tpl.php
+++ b/htdocs/core/tpl/ajax/fileupload_main.tpl.php
@@ -13,8 +13,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- START TEMPLATE FILE UPLOAD MAIN -->
diff --git a/htdocs/core/tpl/ajax/fileupload_view.tpl.php b/htdocs/core/tpl/ajax/fileupload_view.tpl.php
index 0c048933473..482a3aef8e4 100644
--- a/htdocs/core/tpl/ajax/fileupload_view.tpl.php
+++ b/htdocs/core/tpl/ajax/fileupload_view.tpl.php
@@ -13,8 +13,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- START TEMPLATE FILE UPLOAD -->
diff --git a/htdocs/core/tpl/ajaxrow.tpl.php b/htdocs/core/tpl/ajaxrow.tpl.php
index a5d8ab039b8..af300528111 100644
--- a/htdocs/core/tpl/ajaxrow.tpl.php
+++ b/htdocs/core/tpl/ajaxrow.tpl.php
@@ -19,6 +19,14 @@
  * You can use this if you want to be abale to drag and drop rows of a table.
  * You must add id="tablelines" on table level tag and have ($nboflines or count($object->lines) or count($taskarray) > 0)
  */
+
+// Protection to avoid direct call of template
+if (empty($object) || ! is_object($object))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE AJAXROW.TPL.PHP - Script to enable drag and drop on tables -->
diff --git a/htdocs/core/tpl/bloc_showhide.tpl.php b/htdocs/core/tpl/bloc_showhide.tpl.php
index 2c5d71c79d5..c572012ca60 100644
--- a/htdocs/core/tpl/bloc_showhide.tpl.php
+++ b/htdocs/core/tpl/bloc_showhide.tpl.php
@@ -16,6 +16,13 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($blocname))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 $hide = true;	// Hide by default
 if (isset($parameters['showblocbydefault'])) $hide=(empty($parameters['showblocbydefault']) ? true : false);
 if (isset($object->extraparams[$blocname]['showhide'])) $hide = (empty($object->extraparams[$blocname]['showhide']) ? true : false);
diff --git a/htdocs/core/tpl/contacts.tpl.php b/htdocs/core/tpl/contacts.tpl.php
index c7b3ea7342f..27d57d3e48a 100644
--- a/htdocs/core/tpl/contacts.tpl.php
+++ b/htdocs/core/tpl/contacts.tpl.php
@@ -21,6 +21,14 @@
  * $withproject (if we are on task contact)
  */
 
+// Protection to avoid direct call of template
+if (empty($object) || ! is_object($object))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
 
diff --git a/htdocs/core/tpl/document_actions_post_headers.tpl.php b/htdocs/core/tpl/document_actions_post_headers.tpl.php
index e613c479ee0..63046fefa3f 100644
--- a/htdocs/core/tpl/document_actions_post_headers.tpl.php
+++ b/htdocs/core/tpl/document_actions_post_headers.tpl.php
@@ -24,6 +24,14 @@
 // $modulepart = for download
 // $param      = param to add to download links
 
+// Protection to avoid direct call of template
+if (empty($langs) || ! is_object($langs))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $langs->load("link");
 if (empty($relativepathwithnofile)) $relativepathwithnofile='';
 if (empty($permtoedit)) $permtoedit=-1;
diff --git a/htdocs/core/tpl/extrafields_view.tpl.php b/htdocs/core/tpl/extrafields_view.tpl.php
index 0f1d581c99f..433e8d07094 100644
--- a/htdocs/core/tpl/extrafields_view.tpl.php
+++ b/htdocs/core/tpl/extrafields_view.tpl.php
@@ -24,6 +24,14 @@
  * $parameters
  * $cols
  */
+
+// Protection to avoid direct call of template
+if (empty($object) || ! is_object($object))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 <!-- BEGIN PHP TEMPLATE extrafields_view.tpl.php -->
 <?php
diff --git a/htdocs/core/tpl/login.tpl.php b/htdocs/core/tpl/login.tpl.php
index 251540b004e..d2c18e6f92f 100644
--- a/htdocs/core/tpl/login.tpl.php
+++ b/htdocs/core/tpl/login.tpl.php
@@ -19,6 +19,14 @@
 // Need global variable $title to be defined by caller (like dol_loginfunction)
 // Caller can also set 	$morelogincontent = array(['options']=>array('js'=>..., 'table'=>...);
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 header('Cache-Control: Public, must-revalidate');
 header("Content-type: text/html; charset=".$conf->file->character_set_client);
 
diff --git a/htdocs/core/tpl/notes.tpl.php b/htdocs/core/tpl/notes.tpl.php
index 2538e052ae4..da3ad8fb234 100644
--- a/htdocs/core/tpl/notes.tpl.php
+++ b/htdocs/core/tpl/notes.tpl.php
@@ -17,6 +17,14 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($object) || ! is_object($object))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 // $cssclass must be defined by caller. For example cssclass='fieldtitle"
 $module = $object->element;
 $note_public = 'note_public';
diff --git a/htdocs/core/tpl/objectline_create.tpl.php b/htdocs/core/tpl/objectline_create.tpl.php
index b123a6e91c2..d44008704be 100644
--- a/htdocs/core/tpl/objectline_create.tpl.php
+++ b/htdocs/core/tpl/objectline_create.tpl.php
@@ -30,6 +30,13 @@
  * $inputalsopricewithtax (0 by default, 1 to also show column with unit price including tax)
  */
 
+// Protection to avoid direct call of template
+if (empty($object) || ! is_object($object))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 
 $usemargins=0;
 if (! empty($conf->margin->enabled) && ! empty($object->element) && in_array($object->element,array('facture','propal','commande')))
diff --git a/htdocs/core/tpl/objectline_edit.tpl.php b/htdocs/core/tpl/objectline_edit.tpl.php
index 2f839e06281..3b62c0e7814 100644
--- a/htdocs/core/tpl/objectline_edit.tpl.php
+++ b/htdocs/core/tpl/objectline_edit.tpl.php
@@ -30,6 +30,13 @@
  * $inputalsopricewithtax (0 by default, 1 to also show column with unit price including tax)
  */
 
+// Protection to avoid direct call of template
+if (empty($object) || ! is_object($object))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 
 $usemargins=0;
 if (! empty($conf->margin->enabled) && ! empty($object->element) && in_array($object->element,array('facture','propal','commande'))) $usemargins=1;
@@ -266,21 +273,21 @@ jQuery(document).ready(function()
 		if (event.which != 9 && (event.which < 37 ||event.which > 40) && jQuery("#price_ht").val() != '') {
 			jQuery("#price_ttc").val('');
 			jQuery("#multicurrency_subprice").val('');
-		} 
+		}
 	});
 	jQuery("#price_ttc").keyup(function(event) {
 		// console.log(event.which);		// discard event tag and arrows
 		if (event.which != 9 && (event.which < 37 || event.which > 40) && jQuery("#price_ttc").val() != '') {
 			jQuery("#price_ht").val('');
 			jQuery("#multicurrency_subprice").val('');
-		} 
+		}
 	});
 	jQuery("#multicurrency_subprice").keyup(function(event) {
 		// console.log(event.which);		// discard event tag and arrows
 		if (event.which != 9 && (event.which < 37 || event.which > 40) && jQuery("#price_ttc").val() != '') {
 			jQuery("#price_ht").val('');
 			jQuery("#price_ttc").val('');
-		} 
+		}
 	});
 
     <?php
diff --git a/htdocs/core/tpl/objectline_view.tpl.php b/htdocs/core/tpl/objectline_view.tpl.php
index 94c05fd9ffe..f14bb24d1a8 100644
--- a/htdocs/core/tpl/objectline_view.tpl.php
+++ b/htdocs/core/tpl/objectline_view.tpl.php
@@ -37,6 +37,14 @@
  * $type, $text, $description, $line
  */
 
+// Protection to avoid direct call of template
+if (empty($object) || ! is_object($object))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 global $forceall, $senderissupplier, $inputalsopricewithtax, $outputalsopricetotalwithtax;
 
 $usemargins=0;
diff --git a/htdocs/core/tpl/originproductline.tpl.php b/htdocs/core/tpl/originproductline.tpl.php
index 78006316f63..adaee2bf414 100644
--- a/htdocs/core/tpl/originproductline.tpl.php
+++ b/htdocs/core/tpl/originproductline.tpl.php
@@ -13,8 +13,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE originproductline.tpl.php -->
diff --git a/htdocs/core/tpl/passwordforgotten.tpl.php b/htdocs/core/tpl/passwordforgotten.tpl.php
index 9e155be88c9..bdcca51b4e7 100644
--- a/htdocs/core/tpl/passwordforgotten.tpl.php
+++ b/htdocs/core/tpl/passwordforgotten.tpl.php
@@ -16,6 +16,14 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 header('Cache-Control: Public, must-revalidate');
 header("Content-type: text/html; charset=".$conf->file->character_set_client);
 
diff --git a/htdocs/core/tpl/resource_add.tpl.php b/htdocs/core/tpl/resource_add.tpl.php
index 28c42c85b71..af1d25aaee1 100644
--- a/htdocs/core/tpl/resource_add.tpl.php
+++ b/htdocs/core/tpl/resource_add.tpl.php
@@ -1,6 +1,14 @@
 <!-- BEGIN TEMPLATE resource_add.tpl.php -->
 <?php
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 require_once(DOL_DOCUMENT_ROOT.'/resource/class/html.formresource.class.php');
 
 $form = new Form($db);
diff --git a/htdocs/core/tpl/resource_view.tpl.php b/htdocs/core/tpl/resource_view.tpl.php
index f718e431b39..1603d3ff001 100644
--- a/htdocs/core/tpl/resource_view.tpl.php
+++ b/htdocs/core/tpl/resource_view.tpl.php
@@ -1,6 +1,12 @@
 <!-- BEGIN TEMPLATE resource_view.tpl.php -->
 <?php
-//var_dump($linked_resources);
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 
 $form= new Form($db);
 
@@ -34,11 +40,11 @@ if( (array) $linked_resources && count($linked_resources) > 0)
 
 	foreach ($linked_resources as $linked_resource)
 	{
-		
+
 		$object_resource = fetchObjectByElement($linked_resource['resource_id'],$linked_resource['resource_type']);
-		
+
 		//$element_id = $linked_resource['rowid'];
-		
+
 		if ($mode == 'edit' && $linked_resource['rowid'] == GETPOST('lineid'))
 		{
 
diff --git a/htdocs/ecm/tpl/enablefiletreeajax.tpl.php b/htdocs/ecm/tpl/enablefiletreeajax.tpl.php
index bbcbb7090a4..d002281ae34 100644
--- a/htdocs/ecm/tpl/enablefiletreeajax.tpl.php
+++ b/htdocs/ecm/tpl/enablefiletreeajax.tpl.php
@@ -16,6 +16,14 @@
  *
  * Output javascript for interactions code of ecm module
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE ecm/tpl/enablefiletreeajax.tpl.php -->
diff --git a/htdocs/expedition/tpl/linkedobjectblock.tpl.php b/htdocs/expedition/tpl/linkedobjectblock.tpl.php
index b55654f4786..88811da2eab 100644
--- a/htdocs/expedition/tpl/linkedobjectblock.tpl.php
+++ b/htdocs/expedition/tpl/linkedobjectblock.tpl.php
@@ -14,8 +14,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -34,7 +41,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>
@@ -73,7 +80,7 @@ if (count($linkedObjectBlock) > 1)
     	<td align="right"></td>
     	<td align="right"></td>
     </tr>
-    <?php  
+    <?php
 }
 ?>
 
diff --git a/htdocs/expensereport/tpl/linkedobjectblock.tpl.php b/htdocs/expensereport/tpl/linkedobjectblock.tpl.php
index 7fec53bf3d8..95894a8987e 100644
--- a/htdocs/expensereport/tpl/linkedobjectblock.tpl.php
+++ b/htdocs/expensereport/tpl/linkedobjectblock.tpl.php
@@ -15,8 +15,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -32,7 +39,7 @@ $var=true;
 $total=0;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
-	
+
 ?>
 <tr <?php echo $GLOBALS['bc'][$var]; ?> >
 	<td><?php echo $langs->trans("ExpenseReport"); ?></td>
diff --git a/htdocs/fichinter/tpl/linkedobjectblock.tpl.php b/htdocs/fichinter/tpl/linkedobjectblock.tpl.php
index 455f383fd4a..5d180f0aa82 100644
--- a/htdocs/fichinter/tpl/linkedobjectblock.tpl.php
+++ b/htdocs/fichinter/tpl/linkedobjectblock.tpl.php
@@ -13,8 +13,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -33,7 +40,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>
diff --git a/htdocs/fourn/commande/tpl/linkedobjectblock.tpl.php b/htdocs/fourn/commande/tpl/linkedobjectblock.tpl.php
index 232d12fad3d..113115f9ff8 100644
--- a/htdocs/fourn/commande/tpl/linkedobjectblock.tpl.php
+++ b/htdocs/fourn/commande/tpl/linkedobjectblock.tpl.php
@@ -14,8 +14,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -35,7 +42,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>
@@ -66,7 +73,7 @@ if (count($linkedObjectBlock) > 1)
     	<td align="right"></td>
     	<td align="right"></td>
     </tr>
-    <?php  
+    <?php
 }
 ?>
 
diff --git a/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php b/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php
index e8154cd8259..ce72f5be42e 100644
--- a/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php
+++ b/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php
@@ -17,6 +17,14 @@
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -36,7 +44,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>
@@ -54,7 +62,7 @@ foreach($linkedObjectBlock as $key => $objectlink)
     				$total = $total + $sign * $objectlink->total_ht;
     				echo price($objectlink->total_ht);
     			}
-    			else 
+    			else
     			{
     				echo '<strike>'.price($objectlink->total_ht).'</strike>';
     			}
@@ -62,7 +70,7 @@ foreach($linkedObjectBlock as $key => $objectlink)
     	<td align="right"><?php echo $objectlink->getLibStatut(3); ?></td>
     	<td align="right"><a href="<?php echo $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=dellink&dellinkid='.$key; ?>"><?php echo img_delete($langs->transnoentitiesnoconv("RemoveLink")); ?></a></td>
     </tr>
-<?php 
+<?php
 }
 if (count($linkedObjectBlock) > 1)
 {
@@ -76,7 +84,7 @@ if (count($linkedObjectBlock) > 1)
     	<td align="right"></td>
     	<td align="right"></td>
     </tr>
-    <?php  
+    <?php
 }
 ?>
 
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index d5a692ca86e..2b4ad4de3c5 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -81,7 +81,7 @@ function test_sql_and_script_inject($val, $type)
     // For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
     if ($type != 2)
     {
-    	$inj += preg_match('/updatexml^(/i',	 $val);
+    	$inj += preg_match('/updatexml\(/i',	 $val);
     	$inj += preg_match('/delete\s+from/i',	 $val);
         $inj += preg_match('/create\s+table/i',	 $val);
         $inj += preg_match('/update.+set.+=/i',  $val);
diff --git a/htdocs/modulebuilder/template/core/tpl/mytemplate.tpl.php b/htdocs/modulebuilder/template/core/tpl/mytemplate.tpl.php
index 9d399c44e85..3684ded0092 100644
--- a/htdocs/modulebuilder/template/core/tpl/mytemplate.tpl.php
+++ b/htdocs/modulebuilder/template/core/tpl/mytemplate.tpl.php
@@ -23,5 +23,13 @@
  * Put detailed description here.
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 /** Your code here. */
 echo "Hello world!";
diff --git a/htdocs/product/canvas/product/tpl/card_create.tpl.php b/htdocs/product/canvas/product/tpl/card_create.tpl.php
index 514c5d213d5..e763605f701 100644
--- a/htdocs/product/canvas/product/tpl/card_create.tpl.php
+++ b/htdocs/product/canvas/product/tpl/card_create.tpl.php
@@ -15,6 +15,14 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $object=$GLOBALS['object'];
 
 $statutarray=array('1' => $langs->trans("OnSell"), '0' => $langs->trans("NotOnSell"));
diff --git a/htdocs/product/canvas/product/tpl/card_edit.tpl.php b/htdocs/product/canvas/product/tpl/card_edit.tpl.php
index 686ad7217b7..c64c5dbe1e4 100644
--- a/htdocs/product/canvas/product/tpl/card_edit.tpl.php
+++ b/htdocs/product/canvas/product/tpl/card_edit.tpl.php
@@ -15,6 +15,14 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $object=$GLOBALS['object'];
 
 $statutarray=array('1' => $langs->trans("OnSell"), '0' => $langs->trans("NotOnSell"));
diff --git a/htdocs/product/canvas/product/tpl/card_view.tpl.php b/htdocs/product/canvas/product/tpl/card_view.tpl.php
index 771005781cd..44b1f96203b 100644
--- a/htdocs/product/canvas/product/tpl/card_view.tpl.php
+++ b/htdocs/product/canvas/product/tpl/card_view.tpl.php
@@ -15,6 +15,14 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $object=$GLOBALS['object'];
 ?>
 
diff --git a/htdocs/product/canvas/product/tpl/list.tpl.php b/htdocs/product/canvas/product/tpl/list.tpl.php
index db7cac7e51c..e5c315e8148 100644
--- a/htdocs/product/canvas/product/tpl/list.tpl.php
+++ b/htdocs/product/canvas/product/tpl/list.tpl.php
@@ -13,8 +13,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -69,7 +76,7 @@
  		if ($searchfield['enabled']) {
  			if ($searchfield['search'])	{ ?>
   				<td class="liste_titre" align="<?php echo $searchfield['align']; ?>"><input class="flat" type="text" name="s<?php echo $searchfield['alias']; ?>" value=""></td>
-	<?php } else if ($key == $num) { 
+	<?php } else if ($key == $num) {
         print '<td class="liste_titre" align="right">';
         $searchpicto=$form->showFilterAndCheckAddButtons(0);
         print $searchpicto;
diff --git a/htdocs/product/canvas/service/tpl/card_create.tpl.php b/htdocs/product/canvas/service/tpl/card_create.tpl.php
index e25f69d8848..46db54d63b8 100644
--- a/htdocs/product/canvas/service/tpl/card_create.tpl.php
+++ b/htdocs/product/canvas/service/tpl/card_create.tpl.php
@@ -13,9 +13,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $object=$GLOBALS['object'];
 
 $statutarray=array('1' => $langs->trans("OnSell"), '0' => $langs->trans("NotOnSell"));
diff --git a/htdocs/product/canvas/service/tpl/card_edit.tpl.php b/htdocs/product/canvas/service/tpl/card_edit.tpl.php
index 27348b7820d..06d1b3ff612 100644
--- a/htdocs/product/canvas/service/tpl/card_edit.tpl.php
+++ b/htdocs/product/canvas/service/tpl/card_edit.tpl.php
@@ -15,6 +15,14 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $object=$GLOBALS['object'];
 
 $statutarray=array('1' => $langs->trans("OnSell"), '0' => $langs->trans("NotOnSell"));
diff --git a/htdocs/product/canvas/service/tpl/card_view.tpl.php b/htdocs/product/canvas/service/tpl/card_view.tpl.php
index fd5d9ad73bf..fc129132dee 100644
--- a/htdocs/product/canvas/service/tpl/card_view.tpl.php
+++ b/htdocs/product/canvas/service/tpl/card_view.tpl.php
@@ -15,6 +15,14 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $object=$GLOBALS['object'];
 ?>
 
diff --git a/htdocs/product/canvas/service/tpl/list.tpl.php b/htdocs/product/canvas/service/tpl/list.tpl.php
index ee2a894de98..9951c71fcc3 100644
--- a/htdocs/product/canvas/service/tpl/list.tpl.php
+++ b/htdocs/product/canvas/service/tpl/list.tpl.php
@@ -13,8 +13,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -69,7 +76,7 @@
  		if ($searchfield['enabled']) {
  			if ($searchfield['search'])	{ ?>
   				<td class="liste_titre" align="<?php echo $searchfield['align']; ?>"><input class="flat" type="text" name="s<?php echo $searchfield['alias']; ?>" value=""></td>
-	<?php } else if ($key == $num) { 	
+	<?php } else if ($key == $num) {
         print '<td class="liste_titre" align="right">';
         $searchpicto=$form->showFilterAndCheckAddButtons(0);
         print $searchpicto;
diff --git a/htdocs/product/inventory/tpl/inventory.tpl.php b/htdocs/product/inventory/tpl/inventory.tpl.php
index 05de0f4c002..cf74aa21bdc 100644
--- a/htdocs/product/inventory/tpl/inventory.tpl.php
+++ b/htdocs/product/inventory/tpl/inventory.tpl.php
@@ -1,12 +1,22 @@
+<?php
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+?>
 <script type="text/javascript">
     function save_qty(k) {
-        
+
         var $input = $('input[name="qty_to_add['+k+']"]');
         var fk_det_inventory = $('input[name=det_id_'+k+']').val();
         var qty = $input.val();
-        
+
         $('#a_save_qty_'+k).hide();
-        
+
         $.ajax({
             url:"ajax/ajax.inventory.php"
             ,data:{
@@ -14,28 +24,28 @@
                 ,'qty': qty
                 ,'put':'qty'
             }
-            
+
         }).done(function(data) {
             $('#qty_view_'+k).html(data);
             $input.val(0);
             $.jnotify("Quantité ajoutée : "+qty, "mesgs" );
-            
+
             $('#a_save_qty_'+k).show();
-            
+
             hide_save_button();
         });
-        
-        
+
+
     }
-    
+
     function save_pmp(k) {
-    	
+
         var $input = $('input[name="new_pmp['+k+']"]');
         var fk_det_inventory = $('input[name=det_id_'+k+']').val();
         var pmp = $input.val();
-        
+
         $('#a_save_new_pmp_'+k).hide();
-        
+
         $.ajax({
             url:"ajax/ajax.inventory.php"
             ,data:{
@@ -43,31 +53,31 @@
                 ,'pmp': pmp
                 ,'put':'pmp'
             }
-            
+
         }).done(function(data) {
            	$input.css({"background-color":"#66ff66"});
             $.jnotify("PMP sauvegardé : "+pmp, "mesgs" );
             $('#a_save_new_pmp_'+k).show();
-             
+
         });
-        
+
     }
-    
+
     function hide_save_button() {
        var nb = 0;
        $('input[name^="qty_to_add"]').each(function() {
            nb += $(this).val();
        });
-       
+
        if(nb>0) {
            $('input[name=modify]').show();
-           
+
        }
        else{
            $('input[name=modify]').hide();
-           
+
        }
-        
+
     }
 </script>
 
@@ -76,37 +86,37 @@
 	<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
 		<input type="hidden" name="action" value="add_line" />
 		<input type="hidden" name="id" value="<?php echo $object->id; ?>" />
-	
+
 		<?php echo inventorySelectProducts($object); ?>
-		
+
 			<input class="button" type="submit" value="<?php echo $langs->trans('AddProduct'); ?>" />
 	</form><br>
 <?php } ?>
 
 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
-	
+
 	<?php if ($view['is_already_validate'] == 1) { ?>
 		<div class="warning">Cet inventaire est validé</div>
 	<?php } ?>
-	
+
 	<input type="hidden" name="action" value="save" />
 	<input type="hidden" name="id" value="<?php echo $object->id; ?>" />
-	
+
 	<table width="100%" class="noborder workstation">
 		<?php
-		
-		_headerList($view); 
-        
+
+		_headerList($view);
+
         $total_pmp = $total_pa = $total_pmp_actual = $total_pa_actual =$total_current_pa=$total_current_pa_actual = 0;
         $i=1;
-        
-        foreach ($lines as $k=>$row) { 
-            
+
+        foreach ($lines as $k=>$row) {
+
             $total_pmp+=$row['pmp_stock'];
             $total_pa+=$row['pa_stock'];
             $total_pmp_actual+=$row['pmp_actual'];
             $total_pa_actual+=$row['pa_actual'];
-            
+
 			if($i%20 === 0)
 			{
             	_headerList($view);
@@ -126,18 +136,18 @@
 	                 if(!empty($conf->global->INVENTORY_USE_MIN_PA_IF_NO_LAST_PA)){
 	                 	echo '<td align="right" style="background-color: #e8e8ff;">'.price($row['current_pa_stock']).'</td>';
 						 $total_current_pa+=$row['current_pa_stock'];
-	                 }   
-	                    
+	                 }
+
 	               ?>
 				<?php } ?>
 				<td align="center"><?php echo $row['qty']; ?>&nbsp;&nbsp;<span id="qty_view_<?php echo $row['k']; ?>"><?php echo $row['qty_view']; ?></span>
-                    <input type="hidden" name="det_id_<?php echo $row['k']; ?>" value="<?php echo $row['id']; ?>" /> 
+                    <input type="hidden" name="det_id_<?php echo $row['k']; ?>" value="<?php echo $row['id']; ?>" />
                 </td>
                 <?php if ($can_validate == 1) { ?>
                     <td align="right"><?php echo price($row['pmp_actual']); ?></td>
                     <?php
                     if(!empty($user->rights->stock->changePMP)) {
-                    	echo '<td align="right">'.$row['pmp_new'].'</td>';	
+                    	echo '<td align="right">'.$row['pmp_new'].'</td>';
 					}
                     ?>
                     <td align="right"><?php echo price($row['pa_actual']); ?></td>
@@ -145,8 +155,8 @@
 		                 if(!empty($conf->global->INVENTORY_USE_MIN_PA_IF_NO_LAST_PA)){
 		                 	echo '<td align="right">'.price($row['current_pa_actual']).'</td>';
 							 $total_current_pa_actual+=$row['current_pa_actual'];
-		                 }   
-		                    
+		                 }
+
 		               ?>
                     <td align="center"><?php echo $row['qty_regulated']; ?></td>
 				<?php } ?>
@@ -154,25 +164,25 @@
 					<td align="center" width="20%"><?php echo $row['action']; ?></td>
 				<?php } ?>
 			</tr>
-			<?php $i++; 
-        
-        } 
-		
+			<?php $i++;
+
+        }
+
 		_footerList($view,$total_pmp,$total_pmp_actual,$total_pa,$total_pa_actual, $total_current_pa,$total_current_pa_actual);
-	
+
 		?>
 	</table>
-	
+
 	<?php if ($object->status != 1) { ?>
 		<div class="tabsAction" style="height:30px;">
 			<?php if ($action!= 'edit') { ?>
 				<!-- <a href="<?php echo $view_url; ?>?id=<?php echo $object->id; ?>&action=exportCSV" class="butAction"><?php echo $langs->trans('ExportCSV') ?></a> -->
 				<a href="<?php echo $view_url; ?>?id=<?php echo $object->id; ?>&action=edit" class="butAction"><?php echo $langs->trans('Modify') ?></a>
-				<?php 
+				<?php
 				 if(!empty($user->rights->stock->changePMP)) {
 				 	echo '<a href="'.$view_url.'?id='.$object->id.'&action=changePMP" class="butAction">'.$langs->trans('ApplyPMP').'</a>';
 				 }
-				
+
 				if ($can_validate == 1) { ?>
 					<a href="<?php echo $view_url; ?>?id=<?php echo $object->id; ?>&action=regulate&token=" class="butAction"><?php echo $langs->trans('RegulateStock') ?></a>
 				<?php } ?>
@@ -193,13 +203,13 @@
 
 				<!-- <a href="<?php echo $view_url; ?>?id=<?php echo $object->id; ?>&action=exportCSV" class="butAction"><?php echo $langs->trans('ExportCSV') ?></a> -->
 				<a href="#" title="<?php echo $langs->trans('InventoryAlreadyValidated'); ?>" class="butActionRefused"><?php echo $langs->trans('Delete') ?></a>
-				
+
 			<?php } ?>
 		</div>
 	<?php } ?>
 </form>
 <p>Date de création : <?php echo $object->getDate('datec') ?>
 <br />Dernière mise à jour : <?php echo $object->getDate('tms') ?></p>
-	
 
-	
+
+
diff --git a/htdocs/product/stock/tpl/stockcorrection.tpl.php b/htdocs/product/stock/tpl/stockcorrection.tpl.php
index 4242121177c..732fa8c889d 100644
--- a/htdocs/product/stock/tpl/stockcorrection.tpl.php
+++ b/htdocs/product/stock/tpl/stockcorrection.tpl.php
@@ -17,6 +17,14 @@
  * $object must be defined
  * $backtopage
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE STOCKCORRECTION.TPL.PHP -->
diff --git a/htdocs/product/stock/tpl/stocktransfer.tpl.php b/htdocs/product/stock/tpl/stocktransfer.tpl.php
index 6d028da5663..18f6b831cf2 100644
--- a/htdocs/product/stock/tpl/stocktransfer.tpl.php
+++ b/htdocs/product/stock/tpl/stocktransfer.tpl.php
@@ -17,6 +17,14 @@
  * $object must be defined
  * $backtopage
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE STOCKCORRECTION.TPL.PHP -->
diff --git a/htdocs/societe/canvas/company/tpl/card_create.tpl.php b/htdocs/societe/canvas/company/tpl/card_create.tpl.php
index d542f0553ba..80740381e05 100644
--- a/htdocs/societe/canvas/company/tpl/card_create.tpl.php
+++ b/htdocs/societe/canvas/company/tpl/card_create.tpl.php
@@ -14,8 +14,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE CARD_CREATE.TPL.PHP COMPANY -->
diff --git a/htdocs/societe/canvas/company/tpl/card_edit.tpl.php b/htdocs/societe/canvas/company/tpl/card_edit.tpl.php
index 1f6201ec829..82474ae405f 100644
--- a/htdocs/societe/canvas/company/tpl/card_edit.tpl.php
+++ b/htdocs/societe/canvas/company/tpl/card_edit.tpl.php
@@ -14,9 +14,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $contact = $GLOBALS['objcanvas']->control->object;
 
 ?>
diff --git a/htdocs/societe/canvas/company/tpl/card_view.tpl.php b/htdocs/societe/canvas/company/tpl/card_view.tpl.php
index 21645f14d00..3865e9b95a0 100644
--- a/htdocs/societe/canvas/company/tpl/card_view.tpl.php
+++ b/htdocs/societe/canvas/company/tpl/card_view.tpl.php
@@ -13,9 +13,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $soc = $GLOBALS['objcanvas']->control->object;
 
 ?>
diff --git a/htdocs/societe/canvas/individual/tpl/card_create.tpl.php b/htdocs/societe/canvas/individual/tpl/card_create.tpl.php
index 1be20214c35..ba5aaf68e44 100644
--- a/htdocs/societe/canvas/individual/tpl/card_create.tpl.php
+++ b/htdocs/societe/canvas/individual/tpl/card_create.tpl.php
@@ -14,8 +14,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE CARD_CREATE.TPL.PHP INDIVIDUAL -->
diff --git a/htdocs/societe/canvas/individual/tpl/card_edit.tpl.php b/htdocs/societe/canvas/individual/tpl/card_edit.tpl.php
index 90543958902..76db85282db 100644
--- a/htdocs/societe/canvas/individual/tpl/card_edit.tpl.php
+++ b/htdocs/societe/canvas/individual/tpl/card_edit.tpl.php
@@ -14,8 +14,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE CARD_EDIT.TPL.PHP INDIVIDUAL -->
diff --git a/htdocs/societe/canvas/individual/tpl/card_view.tpl.php b/htdocs/societe/canvas/individual/tpl/card_view.tpl.php
index 10136048ae6..359f4ec7b44 100644
--- a/htdocs/societe/canvas/individual/tpl/card_view.tpl.php
+++ b/htdocs/societe/canvas/individual/tpl/card_view.tpl.php
@@ -13,9 +13,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $object = $GLOBALS['objcanvas']->control->object;
 
 ?>
diff --git a/htdocs/societe/tpl/linesalesrepresentative.tpl.php b/htdocs/societe/tpl/linesalesrepresentative.tpl.php
index 3ec07697ec7..dc6d6ec4d08 100644
--- a/htdocs/societe/tpl/linesalesrepresentative.tpl.php
+++ b/htdocs/societe/tpl/linesalesrepresentative.tpl.php
@@ -1,5 +1,12 @@
 <?php
-        // Sale representative
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+		// Sale representative
         print '<tr><td>';
         print '<table width="100%" class="nobordernopadding"><tr><td>';
         print $langs->trans('SalesRepresentatives');
diff --git a/htdocs/supplier_proposal/tpl/linkedobjectblock.tpl.php b/htdocs/supplier_proposal/tpl/linkedobjectblock.tpl.php
index d313eca10bd..8c49e42f557 100644
--- a/htdocs/supplier_proposal/tpl/linkedobjectblock.tpl.php
+++ b/htdocs/supplier_proposal/tpl/linkedobjectblock.tpl.php
@@ -17,6 +17,13 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE LINKEDOBJECTBOCK-->
@@ -33,7 +40,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>
@@ -64,7 +71,7 @@ if (count($linkedObjectBlock) > 1)
     	<td align="right"></td>
     	<td align="right"></td>
     </tr>
-    <?php  
+    <?php
 }
 ?>
 

From b70dd36ffa485888c08cc6c7b8eb32a9f8379001 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sun, 24 Dec 2017 12:16:48 +0100
Subject: [PATCH 12/20] Better js comment

---
 htdocs/core/tpl/login.tpl.php             | 2 +-
 htdocs/core/tpl/passwordforgotten.tpl.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/tpl/login.tpl.php b/htdocs/core/tpl/login.tpl.php
index d2c18e6f92f..14bdd8e4d9d 100644
--- a/htdocs/core/tpl/login.tpl.php
+++ b/htdocs/core/tpl/login.tpl.php
@@ -62,7 +62,7 @@ print top_htmlhead('', $titleofloginpage, 0, 0, $arrayofjs, array(), 0, $disable
 <?php if (empty($conf->dol_use_jmobile)) { ?>
 <script type="text/javascript">
 $(document).ready(function () {
-	// Set focus on correct field
+	/* Set focus on correct field */
 	<?php if ($focus_element) { ?>$('#<?php echo $focus_element; ?>').focus(); <?php } ?>		// Warning to use this only on visible element
 });
 </script>
diff --git a/htdocs/core/tpl/passwordforgotten.tpl.php b/htdocs/core/tpl/passwordforgotten.tpl.php
index bdcca51b4e7..30bc70b72cc 100644
--- a/htdocs/core/tpl/passwordforgotten.tpl.php
+++ b/htdocs/core/tpl/passwordforgotten.tpl.php
@@ -48,7 +48,7 @@ print top_htmlhead('',$langs->trans('SendNewPassword'));
 <?php if (empty($conf->dol_use_jmobile)) { ?>
 <script type="text/javascript">
 $(document).ready(function () {
-	// Set focus on correct field
+	/* Set focus on correct field */
 	<?php if ($focus_element) { ?>$('#<?php echo $focus_element; ?>').focus(); <?php } ?>		// Warning to use this only on visible element
 });
 </script>

From 1c7b99d3dcd08e0a545ae4feeb0d7922047d52a7 Mon Sep 17 00:00:00 2001
From: Ferran Marcet <fmarcet@2byte.es>
Date: Tue, 26 Dec 2017 12:13:35 +0100
Subject: [PATCH 13/20] Fix: Missing include for Project class

---
 htdocs/comm/propal/document.php       | 4 ++++
 htdocs/comm/propal/info.php           | 4 ++++
 htdocs/comm/propal/note.php           | 4 ++++
 htdocs/commande/document.php          | 4 ++++
 htdocs/commande/info.php              | 4 ++++
 htdocs/commande/note.php              | 4 ++++
 htdocs/compta/facture/contact.php     | 4 ++++
 htdocs/compta/facture/document.php    | 4 ++++
 htdocs/compta/facture/info.php        | 4 ++++
 htdocs/compta/facture/note.php        | 4 ++++
 htdocs/compta/facture/prelevement.php | 4 ++++
 htdocs/contrat/contact.php            | 4 ++++
 htdocs/contrat/document.php           | 4 ++++
 htdocs/contrat/info.php               | 4 ++++
 htdocs/contrat/note.php               | 4 ++++
 htdocs/fichinter/document.php         | 4 ++++
 htdocs/fichinter/info.php             | 4 ++++
 htdocs/fichinter/note.php             | 4 ++++
 htdocs/fourn/commande/contact.php     | 4 ++++
 htdocs/fourn/commande/document.php    | 4 ++++
 htdocs/fourn/commande/info.php        | 4 ++++
 htdocs/fourn/commande/note.php        | 4 ++++
 htdocs/fourn/facture/contact.php      | 4 ++++
 htdocs/fourn/facture/document.php     | 4 ++++
 htdocs/fourn/facture/info.php         | 4 ++++
 htdocs/fourn/facture/note.php         | 4 ++++
 htdocs/loan/document.php              | 4 ++++
 htdocs/loan/info.php                  | 4 ++++
 htdocs/loan/note.php                  | 4 ++++
 htdocs/supplier_proposal/document.php | 4 ++++
 htdocs/supplier_proposal/info.php     | 4 ++++
 htdocs/supplier_proposal/note.php     | 4 ++++
 32 files changed, 128 insertions(+)

diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php
index 3a9f3a98e26..ba373c78f44 100644
--- a/htdocs/comm/propal/document.php
+++ b/htdocs/comm/propal/document.php
@@ -4,6 +4,7 @@
  * Copyright (C) 2005      Marc Barilley / Ocebo <marc@ocebo.com>
  * Copyright (C) 2005-2012 Regis Houssin         <regis.houssin@capnetworks.com>
  * Copyright (C) 2013      Cédric Salvador       <csalvador@gpcsolutions.fr>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -31,6 +32,9 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/propal.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load('compta');
 $langs->load('other');
diff --git a/htdocs/comm/propal/info.php b/htdocs/comm/propal/info.php
index a94eeaa092c..67cc8210402 100644
--- a/htdocs/comm/propal/info.php
+++ b/htdocs/comm/propal/info.php
@@ -2,6 +2,7 @@
 /* Copyright (C) 2004		Rodolphe Quiedeville	<rodolphe@quiedeville.org>
  * Copyright (C) 2004-2006	Laurent Destailleur		<eldy@users.sourceforge.net>
  * Copyright (C) 2005-2012	Regis Houssin			<regis.houssin@capnetworks.com>
+ * Copyright (C) 2017    	Ferran Marcet       	<fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -27,6 +28,9 @@ require '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/propal.lib.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load('propal');
 $langs->load('compta');
diff --git a/htdocs/comm/propal/note.php b/htdocs/comm/propal/note.php
index 29fc43b0899..17e53b89948 100644
--- a/htdocs/comm/propal/note.php
+++ b/htdocs/comm/propal/note.php
@@ -4,6 +4,7 @@
  * Copyright (C) 2004      Eric Seigne          <eric.seigne@ryxeo.com>
  * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@capnetworks.com>
  * Copyright (C) 2013      Florian Henry		  	<florian.henry@open-concept.pro>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -28,6 +29,9 @@
 require '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/propal.lib.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load('propal');
 $langs->load('compta');
diff --git a/htdocs/commande/document.php b/htdocs/commande/document.php
index d69ec07360a..ee688bed307 100644
--- a/htdocs/commande/document.php
+++ b/htdocs/commande/document.php
@@ -4,6 +4,7 @@
  * Copyright (C) 2005      Marc Barilley / Ocebo <marc@ocebo.com>
  * Copyright (C) 2005-2012 Regis Houssin         <regis.houssin@capnetworks.com>
  * Copyright (C) 2013      Cédric Salvador       <csalvador@gpcsolutions.fr>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -31,6 +32,9 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
 require_once DOL_DOCUMENT_ROOT .'/commande/class/commande.class.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 
 $langs->load('companies');
diff --git a/htdocs/commande/info.php b/htdocs/commande/info.php
index 05adc9def54..518ab856474 100644
--- a/htdocs/commande/info.php
+++ b/htdocs/commande/info.php
@@ -1,6 +1,7 @@
 <?php
 /* Copyright (C) 2005-2006 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2005-2009 Regis Houssin        <regis.houssin@capnetworks.com>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -26,6 +27,9 @@ require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/order.lib.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 if (!$user->rights->commande->lire)	accessforbidden();
 
diff --git a/htdocs/commande/note.php b/htdocs/commande/note.php
index 0d42cc69611..6598805490d 100644
--- a/htdocs/commande/note.php
+++ b/htdocs/commande/note.php
@@ -3,6 +3,7 @@
  * Copyright (C) 2004-2016 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@capnetworks.com>
  * Copyright (C) 2013      Florian Henry		<florian.henry@open-concept.pro>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -27,6 +28,9 @@
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/order.lib.php';
 require_once DOL_DOCUMENT_ROOT .'/commande/class/commande.class.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 
 $langs->load("companies");
diff --git a/htdocs/compta/facture/contact.php b/htdocs/compta/facture/contact.php
index 93b23834e9f..f4b9ef5f5c7 100644
--- a/htdocs/compta/facture/contact.php
+++ b/htdocs/compta/facture/contact.php
@@ -3,6 +3,7 @@
  * Copyright (C) 2005-2009 Destailleur Laurent  <eldy@users.sourceforge.net>
  * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@capnetworks.com>
  * Copyright (C) 2011-2015 Philippe Grand       <philippe.grand@atoo-net.com>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -30,6 +31,9 @@ require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/discount.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/invoice.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load("bills");
 $langs->load("companies");
diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php
index 1ab0d7ceb93..b559003007b 100644
--- a/htdocs/compta/facture/document.php
+++ b/htdocs/compta/facture/document.php
@@ -4,6 +4,7 @@
  * Copyright (C) 2005      Marc Barilley / Ocebo <marc@ocebo.com>
  * Copyright (C) 2005-2011 Regis Houssin         <regis.houssin@capnetworks.com>
  * Copyright (C) 2013      Cédric Salvador       <csalvador@gpcsolutions.fr>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -32,6 +33,9 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/invoice.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load('propal');
 $langs->load('compta');
diff --git a/htdocs/compta/facture/info.php b/htdocs/compta/facture/info.php
index fd43cc42982..5d8750fef60 100644
--- a/htdocs/compta/facture/info.php
+++ b/htdocs/compta/facture/info.php
@@ -1,6 +1,7 @@
 <?php
 /* Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
  * Copyright (C) 2004-2005 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -27,6 +28,9 @@ require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/discount.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/invoice.lib.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load("companies");
 $langs->load("bills");
diff --git a/htdocs/compta/facture/note.php b/htdocs/compta/facture/note.php
index 223480e4ba8..f179a9bd3d3 100644
--- a/htdocs/compta/facture/note.php
+++ b/htdocs/compta/facture/note.php
@@ -3,6 +3,7 @@
  * Copyright (C) 2004-2016 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@capnetworks.com>
  * Copyright (C) 2013      Florian Henry		<florian.henry@open-concept.pro>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -28,6 +29,9 @@ require '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/discount.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/invoice.lib.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load("companies");
 $langs->load("bills");
diff --git a/htdocs/compta/facture/prelevement.php b/htdocs/compta/facture/prelevement.php
index e9b1694808b..0b5791ea351 100644
--- a/htdocs/compta/facture/prelevement.php
+++ b/htdocs/compta/facture/prelevement.php
@@ -4,6 +4,7 @@
  * Copyright (C) 2004-2016	Laurent Destailleur		<eldy@users.sourceforge.net>
  * Copyright (C) 2005-2012	Regis Houssin			<regis.houssin@capnetworks.com>
  * Copyright (C) 2010-2014	Juanjo Menent			<jmenent@2byte.es>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -30,6 +31,9 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/invoice.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
 require_once DOL_DOCUMENT_ROOT.'/compta/prelevement/class/bonprelevement.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/discount.class.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 if (!$user->rights->facture->lire) accessforbidden();
 
diff --git a/htdocs/contrat/contact.php b/htdocs/contrat/contact.php
index 8510888cf35..f975e979767 100644
--- a/htdocs/contrat/contact.php
+++ b/htdocs/contrat/contact.php
@@ -2,6 +2,7 @@
 /* Copyright (C) 2005		Patrick Rouillon	<patrick@rouillon.net>
  * Copyright (C) 2005-2009	Destailleur Laurent	<eldy@users.sourceforge.net>
  * Copyright (C) 2005-2012	Regis Houssin		<regis.houssin@capnetworks.com>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -28,6 +29,9 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/contract.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php';
 require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 
 $langs->load("contracts");
diff --git a/htdocs/contrat/document.php b/htdocs/contrat/document.php
index 132ab187777..8d5d99603e8 100644
--- a/htdocs/contrat/document.php
+++ b/htdocs/contrat/document.php
@@ -5,6 +5,7 @@
  * Copyright (C) 2005-2012	Regis Houssin			<regis.houssin@capnetworks.com>
  * Copyright (C) 2005		Simon TOSSER			<simon@kornog-computing.com>
  * Copyright (C) 2013		Cédric Salvador			<csalvador@gpcsolutions.fr>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -32,6 +33,9 @@ require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load("other");
 $langs->load("products");
diff --git a/htdocs/contrat/info.php b/htdocs/contrat/info.php
index 95ab0b9ca25..a986a633201 100644
--- a/htdocs/contrat/info.php
+++ b/htdocs/contrat/info.php
@@ -1,5 +1,6 @@
 <?php
 /* Copyright (C) 2004-2009 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -25,6 +26,9 @@ require ("../main.inc.php");
 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/contract.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load("contracts");
 
diff --git a/htdocs/contrat/note.php b/htdocs/contrat/note.php
index 7d4927d19b8..0b301600978 100644
--- a/htdocs/contrat/note.php
+++ b/htdocs/contrat/note.php
@@ -2,6 +2,7 @@
 /* Copyright (C) 2004		Rodolphe Quiedeville	<rodolphe@quiedeville.org>
  * Copyright (C) 2004-2016	Laurent Destailleur		<eldy@users.sourceforge.net>
  * Copyright (C) 2005-2012	Regis Houssin			<regis.houssin@capnetworks.com>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -26,6 +27,9 @@
 require ("../main.inc.php");
 require_once DOL_DOCUMENT_ROOT.'/core/lib/contract.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load("companies");
 $langs->load("contracts");
diff --git a/htdocs/fichinter/document.php b/htdocs/fichinter/document.php
index 3d5a3c544e8..b257afd3d3b 100644
--- a/htdocs/fichinter/document.php
+++ b/htdocs/fichinter/document.php
@@ -6,6 +6,7 @@
  * Copyright (C) 2005      Simon TOSSER          <simon@kornog-computing.com>
  * Copyright (C) 2011-2012 Juanjo Menent         <jmenent@2byte.es>
  * Copyright (C) 2013      Cédric Salvador       <csalvador@gpcsolutions.fr>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -33,6 +34,9 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/fichinter.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load("other");
 $langs->load("fichinter");
diff --git a/htdocs/fichinter/info.php b/htdocs/fichinter/info.php
index a32cda9bb57..4e59d44b98c 100644
--- a/htdocs/fichinter/info.php
+++ b/htdocs/fichinter/info.php
@@ -2,6 +2,7 @@
 /* Copyright (C) 2005-2009  Regis Houssin        <regis.houssin@capnetworks.com>
  * Copyright (C) 2009-2016  Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2011       Juanjo Menent        <jmenent@2byte.es>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -27,6 +28,9 @@ require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/fichinter/class/fichinter.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/fichinter.lib.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load('companies');
 $langs->load("interventions");
diff --git a/htdocs/fichinter/note.php b/htdocs/fichinter/note.php
index 43a2654d1fd..d5a58b1578e 100644
--- a/htdocs/fichinter/note.php
+++ b/htdocs/fichinter/note.php
@@ -2,6 +2,7 @@
 /* Copyright (C) 2005-2012	Regis Houssin	<regis.houssin@capnetworks.com>
  * Copyright (C) 2011-2012	Juanjo Menent	<jmenent@2byte.es>
  * Copyright (C) 2013       Florian Henry		  	<florian.henry@open-concept.pro>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -26,6 +27,9 @@
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/fichinter/class/fichinter.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/fichinter.lib.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load('companies');
 $langs->load("interventions");
diff --git a/htdocs/fourn/commande/contact.php b/htdocs/fourn/commande/contact.php
index 564057d991a..ce9ce39ac4a 100644
--- a/htdocs/fourn/commande/contact.php
+++ b/htdocs/fourn/commande/contact.php
@@ -2,6 +2,7 @@
 /* Copyright (C) 2005      Patrick Rouillon     <patrick@rouillon.net>
  * Copyright (C) 2005-2009 Destailleur Laurent  <eldy@users.sourceforge.net>
  * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@capnetworks.com>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -28,6 +29,9 @@ require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php';
 require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/fourn.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load("facture");
 $langs->load("orders");
diff --git a/htdocs/fourn/commande/document.php b/htdocs/fourn/commande/document.php
index 700ce7a770a..df04b06939c 100644
--- a/htdocs/fourn/commande/document.php
+++ b/htdocs/fourn/commande/document.php
@@ -5,6 +5,7 @@
  * Copyright (C) 2005-2012 Regis Houssin         <regis.houssin@capnetworks.com>
  * Copyright (C) 2012      Marcos García         <marcosgdf@gmail.com>
  * Copyright (C) 2013      Cédric Salvador       <csalvador@gpcsolutions.fr>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -33,6 +34,9 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/fourn.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
 require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load('orders');
 $langs->load('other');
diff --git a/htdocs/fourn/commande/info.php b/htdocs/fourn/commande/info.php
index 25dc8932049..67d57b658fd 100644
--- a/htdocs/fourn/commande/info.php
+++ b/htdocs/fourn/commande/info.php
@@ -2,6 +2,7 @@
 /* Copyright (C) 2003-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
  * Copyright (C) 2004-2016 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@capnetworks.com>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -28,6 +29,9 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/fourn.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load("orders");
 $langs->load("suppliers");
diff --git a/htdocs/fourn/commande/note.php b/htdocs/fourn/commande/note.php
index 45e4bd80e3a..85c7094265b 100644
--- a/htdocs/fourn/commande/note.php
+++ b/htdocs/fourn/commande/note.php
@@ -3,6 +3,7 @@
  * Copyright (C) 2004-2016 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2005-2009 Regis Houssin        <regis.houssin@capnetworks.com>
  * Copyright (C) 2012      Marcos García        <marcosgdf@gmail.com>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -27,6 +28,9 @@
 require '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/fourn.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load("orders");
 $langs->load("suppliers");
diff --git a/htdocs/fourn/facture/contact.php b/htdocs/fourn/facture/contact.php
index 0f56c5f7bae..6a9d4662e4b 100644
--- a/htdocs/fourn/facture/contact.php
+++ b/htdocs/fourn/facture/contact.php
@@ -2,6 +2,7 @@
 /* Copyright (C) 2005		Patrick Rouillon	<patrick@rouillon.net>
  * Copyright (C) 2005-2015	Laurent Destailleur	<eldy@users.sourceforge.net>
  * Copyright (C) 2005-2012	Regis Houssin		<regis.houssin@capnetworks.com>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -29,6 +30,9 @@ require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php';
 require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/fourn.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load("bills");
 $langs->load('other');
diff --git a/htdocs/fourn/facture/document.php b/htdocs/fourn/facture/document.php
index 180e72e8262..6ed13c68ff7 100644
--- a/htdocs/fourn/facture/document.php
+++ b/htdocs/fourn/facture/document.php
@@ -5,6 +5,7 @@
  * Copyright (C) 2005-2012	Regis Houssin			<regis.houssin@capnetworks.com>
  * Copyright (C) 2013		Cédric Salvador			<csalvador@gpcsolutions.fr>
  * Copyright (C) 2016		Alexandre Spangaro		<aspangaro@zendsi.com>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -33,6 +34,9 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/fourn.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load('bills');
 $langs->load('other');
diff --git a/htdocs/fourn/facture/info.php b/htdocs/fourn/facture/info.php
index 73d6b94a0d6..6a0410a7334 100644
--- a/htdocs/fourn/facture/info.php
+++ b/htdocs/fourn/facture/info.php
@@ -3,6 +3,7 @@
  * Copyright (C) 2004-2006 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2005-2009 Regis Houssin        <regis.houssin@capnetworks.com>
  * Copyright (C) 2016      Alexandre Spangaro   <aspangaro@zendsi.com>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -29,6 +30,9 @@ require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.class.php';
 require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/fourn.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load('bills');
 
diff --git a/htdocs/fourn/facture/note.php b/htdocs/fourn/facture/note.php
index 9df425040e1..a722a72cb72 100644
--- a/htdocs/fourn/facture/note.php
+++ b/htdocs/fourn/facture/note.php
@@ -3,6 +3,7 @@
  * Copyright (C) 2004-2011	Laurent Destailleur		<eldy@users.sourceforge.net>
  * Copyright (C) 2005-2012	Regis Houssin			<regis.houssin@capnetworks.com>
  * Copyright (C) 2013       Florian Henry		  	<florian.henry@open-concept.pro>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -28,6 +29,9 @@ require '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/fourn.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.class.php';
 require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load('bills');
 $langs->load("companies");
diff --git a/htdocs/loan/document.php b/htdocs/loan/document.php
index b43261d2b9d..30f1efc69f7 100644
--- a/htdocs/loan/document.php
+++ b/htdocs/loan/document.php
@@ -1,5 +1,6 @@
 <?php
 /* Copyright (C) 2014-2016	Alexandre Spangaro   <aspangaro@zendsi.com>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -27,6 +28,9 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/loan.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load("other");
 $langs->load("companies");
diff --git a/htdocs/loan/info.php b/htdocs/loan/info.php
index 64987afa8b5..ea7237cdd34 100644
--- a/htdocs/loan/info.php
+++ b/htdocs/loan/info.php
@@ -1,5 +1,6 @@
 <?php
 /* Copyright (C) 2014-2016	Alexandre Spangaro	<aspangaro@zendsi.com>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -25,6 +26,9 @@ require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/loan/class/loan.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/loan.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load("compta");
 $langs->load("bills");
diff --git a/htdocs/loan/note.php b/htdocs/loan/note.php
index 5f435444f32..8f64036f819 100644
--- a/htdocs/loan/note.php
+++ b/htdocs/loan/note.php
@@ -5,6 +5,7 @@
  * Copyright (C) 2013       Florian Henry           <florian.henry@open-concept.pro>
  * Copyright (C) 2015       Frederic France         <frederic.france@free.fr>
  * Copyright (C) 2016       Alexandre Spangaro      <aspangaro@zendsi.com>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -29,6 +30,9 @@
 require '../main.inc.php';
 require_once(DOL_DOCUMENT_ROOT.'/loan/class/loan.class.php');
 require_once DOL_DOCUMENT_ROOT.'/core/lib/loan.lib.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $action = GETPOST('action','aZ09');
 
diff --git a/htdocs/supplier_proposal/document.php b/htdocs/supplier_proposal/document.php
index 4985fd34629..b3f28d13007 100644
--- a/htdocs/supplier_proposal/document.php
+++ b/htdocs/supplier_proposal/document.php
@@ -4,6 +4,7 @@
  * Copyright (C) 2005      Marc Barilley / Ocebo <marc@ocebo.com>
  * Copyright (C) 2005-2012 Regis Houssin         <regis.houssin@capnetworks.com>
  * Copyright (C) 2013      Cédric Salvador       <csalvador@gpcsolutions.fr>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -31,6 +32,9 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/supplier_proposal.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load('compta');
 $langs->load('other');
diff --git a/htdocs/supplier_proposal/info.php b/htdocs/supplier_proposal/info.php
index 8cee304e3bb..e5b038ad85e 100644
--- a/htdocs/supplier_proposal/info.php
+++ b/htdocs/supplier_proposal/info.php
@@ -2,6 +2,7 @@
 /* Copyright (C) 2004		Rodolphe Quiedeville	<rodolphe@quiedeville.org>
  * Copyright (C) 2004-2006	Laurent Destailleur		<eldy@users.sourceforge.net>
  * Copyright (C) 2005-2012	Regis Houssin			<regis.houssin@capnetworks.com>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -27,6 +28,9 @@ require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/supplier_proposal/class/supplier_proposal.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/supplier_proposal.lib.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load('supplier_proposal');
 $langs->load('compta');
diff --git a/htdocs/supplier_proposal/note.php b/htdocs/supplier_proposal/note.php
index 10a9668382c..f17b7d6b6f9 100644
--- a/htdocs/supplier_proposal/note.php
+++ b/htdocs/supplier_proposal/note.php
@@ -4,6 +4,7 @@
  * Copyright (C) 2004      Eric Seigne          <eric.seigne@ryxeo.com>
  * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@capnetworks.com>
  * Copyright (C) 2013      Florian Henry		  	<florian.henry@open-concept.pro>
+ * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -28,6 +29,9 @@
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/supplier_proposal/class/supplier_proposal.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/supplier_proposal.lib.php';
+if (! empty($conf->projet->enabled)) {
+	require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
+}
 
 $langs->load('supplier_proposal');
 $langs->load('compta');

From 59a89b250da4b2b6ac8465b07161355af3c5bb08 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@capnetworks.com>
Date: Wed, 27 Dec 2017 11:56:58 +0100
Subject: [PATCH 14/20] Fix: avoid warning
 (https://github.com/Dolibarr/dolibarr/issues/7993)

---
 htdocs/core/lib/ajax.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/lib/ajax.lib.php b/htdocs/core/lib/ajax.lib.php
index dc86a2ef9f3..1fc5e23ebb4 100644
--- a/htdocs/core/lib/ajax.lib.php
+++ b/htdocs/core/lib/ajax.lib.php
@@ -414,7 +414,7 @@ function ajax_combobox($htmlname, $events=array(), $minLengthToAutocomplete=0, $
 	if ($forcefocus) $msg.= '.select2(\'focus\')';
 	$msg.= ';'."\n";
 
-	if (count($events))    // If an array of js events to do were provided.
+	if (is_array($events) && count($events))    // If an array of js events to do were provided.
 	{
 		$msg.= '
 			jQuery("#'.$htmlname.'").change(function () {

From bbcf70cf4ea200830bda74f2294875a49cbd0bba Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 28 Dec 2017 09:48:41 +0100
Subject: [PATCH 15/20] Remove spaces

---
 htdocs/compta/facture/document.php | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php
index 412935b9971..654f5361ccb 100644
--- a/htdocs/compta/facture/document.php
+++ b/htdocs/compta/facture/document.php
@@ -4,11 +4,8 @@
  * Copyright (C) 2005      Marc Barilley / Ocebo <marc@ocebo.com>
  * Copyright (C) 2005-2011 Regis Houssin         <regis.houssin@capnetworks.com>
  * Copyright (C) 2013      Cédric Salvador       <csalvador@gpcsolutions.fr>
-
  * Copyright (C) 2017      Ferran Marcet       	 <fmarcet@2byte.es>
-
  * Copyright (C) 2017      Frédéric France       <frederic.france@netlogic.fr>
-
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

From 1331e8add737ae66638fef468fbd31d879db78c9 Mon Sep 17 00:00:00 2001
From: John <john.botella@atm-consulting.fr>
Date: Tue, 2 Jan 2018 17:19:42 +0100
Subject: [PATCH 16/20] fix filter for TYPE_SITUATION invoice

---
 htdocs/compta/facture/list.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php
index 4b734a5e7d9..d7f9384399f 100644
--- a/htdocs/compta/facture/list.php
+++ b/htdocs/compta/facture/list.php
@@ -785,7 +785,8 @@ if ($resql)
 		    Facture::TYPE_STANDARD=>$langs->trans("InvoiceStandard"),
 		    Facture::TYPE_REPLACEMENT=>$langs->trans("InvoiceReplacement"),
 		    Facture::TYPE_CREDIT_NOTE=>$langs->trans("InvoiceAvoir"),
-		    Facture::TYPE_DEPOSIT=>$langs->trans("InvoiceDeposit"),
+			Facture::TYPE_DEPOSIT=>$langs->trans("InvoiceDeposit"),
+			Facture::TYPE_SITUATION=>$langs->trans("InvoiceSituation"),
         );
 		//$listtype[Facture::TYPE_PROFORMA]=$langs->trans("InvoiceProForma");     // A proformat invoice is not an invoice but must be an order.
 		print $form->selectarray('search_type', $listtype, $search_type, 1, 0, 0, '', 0, 0, 0, 'ASC', 'maxwidth100');

From 61efda4cbd148b2656df9ddc8023c05fe6badfc3 Mon Sep 17 00:00:00 2001
From: ATM-Nicolas <nicolas.prevost@atm-consulting.fr>
Date: Tue, 2 Jan 2018 17:21:04 +0100
Subject: [PATCH 17/20] FIX : product best price on product list

---
 htdocs/product/list.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/product/list.php b/htdocs/product/list.php
index 8322fec244e..84cf070b39d 100644
--- a/htdocs/product/list.php
+++ b/htdocs/product/list.php
@@ -821,7 +821,7 @@ else
     							if (! empty($conf->fournisseur->enabled) && $user->rights->fournisseur->lire)
     							{
     								$htmltext=$product_fourn->display_price_product_fournisseur(1, 1, 0, 1);
-    								print $form->textwithpicto(price($product_fourn->fourn_unitprice).' '.$langs->trans("HT"),$htmltext);
+    								print $form->textwithpicto(price($product_fourn->fourn_unitprice * (1 - $product_fourn->fourn_remise_percent/100) + $product_fourn->fourn_unitcharges - $product_fourn->fourn_remise).' '.$langs->trans("HT"),$htmltext);
     							}
     							else print price($product_fourn->fourn_unitprice).' '.$langs->trans("HT");
     						}

From 25390e5f73f5497ced8d451ea1e903255e619f96 Mon Sep 17 00:00:00 2001
From: florian HENRY <florian.henry@atm-consulting.fr>
Date: Wed, 3 Jan 2018 17:03:00 +0100
Subject: [PATCH 18/20] fix : linked object (new format  of linked_object
 atribut on 6.0)

---
 htdocs/fourn/commande/orderstoinvoice.php | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/htdocs/fourn/commande/orderstoinvoice.php b/htdocs/fourn/commande/orderstoinvoice.php
index b1a8c0c08c1..20f9a3674cf 100644
--- a/htdocs/fourn/commande/orderstoinvoice.php
+++ b/htdocs/fourn/commande/orderstoinvoice.php
@@ -171,16 +171,15 @@ if (($action == 'create' || $action == 'add') && ! $error) {
 			if ($ret < 0) $error++;
 
 			if ($_POST['origin'] && $_POST['originid']) {
-				$object->linked_objects = $orders_id;
+				$linked_orders_ids=array();
+				foreach ( $orders_id as $origin => $origin_id ) {
+					$origin_id = (! empty($origin_id) ? $origin_id : $orders_id[$ii]);
+					$linked_orders_ids[]=$origin_id;
+				}
+				$object->linked_objects = array(GETPOST('origin')=>$linked_orders_ids);
 				$id = $object->create($user);
 
 				if ($id > 0) {
-					foreach ( $orders_id as $origin => $origin_id ) {
-						$origin_id = (! empty($origin_id) ? $origin_id : $orders_id[$ii]);
-
-						$object->add_object_linked(GETPOST('origin'), $origin_id);
-					}
-
 					while ( $ii < $nn ) {
 						$objectsrc = new CommandeFournisseur($db);
 						dol_syslog("Try to find source object origin=" . $object->origin . " originid=" . $object->origin_id . " to add lines");

From 58470e0913ad38f4462185295f58379b21005b5a Mon Sep 17 00:00:00 2001
From: gauthier <gauthier.verdol@atm-consulting.fr>
Date: Thu, 4 Jan 2018 12:01:21 +0100
Subject: [PATCH 19/20] FIX : $oldvatrateclean & $newvatrateclean must be set
 if preg_match === false

---
 htdocs/product/admin/product_tools.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/product/admin/product_tools.php b/htdocs/product/admin/product_tools.php
index f19f672a25e..c9323f75823 100644
--- a/htdocs/product/admin/product_tools.php
+++ b/htdocs/product/admin/product_tools.php
@@ -73,7 +73,7 @@ if ($action == 'convert')
 		{
 			$vat_src_code_old = $reg[1];
 			$oldvatrateclean = preg_replace('/\s*\(.*\)/', '', $oldvatrate);    // Remove code into vatrate.
-		}
+		} else $oldvatrateclean=$oldvatrate;
 
 		// Clean vat code new
 		$vat_src_code_new='';
@@ -81,7 +81,7 @@ if ($action == 'convert')
 		{
 			$vat_src_code_new = $reg[1];
 			$newvatrateclean = preg_replace('/\s*\(.*\)/', '', $newvatrate);    // Remove code into vatrate.
-		}
+		} else $newvatrateclean=$newvatrate;
 
 		// If country to edit is my country, so we change customer prices
 		if ($country_id == $mysoc->country_id)

From b2feac9d90f2ecfd5916c4d49176ff1a138744c8 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 4 Jan 2018 19:25:52 +0100
Subject: [PATCH 20/20] CVE-2017-17971

---
 htdocs/main.inc.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 2b4ad4de3c5..501b7d8a97f 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -102,6 +102,8 @@ function test_sql_and_script_inject($val, $type)
     $inj += preg_match('/onerror\s*=/i', $val);       // onerror can be set on img or any html tag like <img title='...' onerror = alert(1)>
     $inj += preg_match('/onfocus\s*=/i', $val);       // onfocus can be set on input text html tag like <input type='text' value='...' onfocus = alert(1)>
     $inj += preg_match('/onload\s*=/i', $val);        // onload can be set on input text html tag like <input type='text' value='...' onfocus = alert(1)>
+    $inj += preg_match('/onclick\s*=/i', $val);       // onclick can be set on img text html tag like <img onclick = alert(1)>
+    $inj += preg_match('/onscroll\s*=/i', $val);      // onscroll can be textarea
     if ($type == 1)
     {
         $inj += preg_match('/javascript:/i', $val);