From 30fb1e5e0558e9675b37e7c3f2077173510c4674 Mon Sep 17 00:00:00 2001
From: fhenry <florian.henry@open-concept.pro>
Date: Thu, 9 May 2013 10:26:04 +0200
Subject: [PATCH 1/5] Fix bug [ bug #885 ] silent pgsql errors with click2dial

---
 htdocs/install/mysql/migration/3.3.0-3.4.0.sql | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/htdocs/install/mysql/migration/3.3.0-3.4.0.sql b/htdocs/install/mysql/migration/3.3.0-3.4.0.sql
index 7d3b69345b8..46affb6327a 100755
--- a/htdocs/install/mysql/migration/3.3.0-3.4.0.sql
+++ b/htdocs/install/mysql/migration/3.3.0-3.4.0.sql
@@ -374,3 +374,5 @@ create table llx_facture_fourn_extrafields
   import_key                varchar(14)                          		-- import key
 ) ENGINE=innodb;
 ALTER TABLE llx_facture_fourn_extrafields ADD INDEX idx_facture_fourn_extrafields (fk_object);
+
+ALTER TABLE llx_user_clicktodial ADD COLUMN url varchar(255) AFTER fk_user;

From a4e8e8eb4bcf30a1966b2a44e8e386781fa7be6e Mon Sep 17 00:00:00 2001
From: fhenry <florian.henry@open-concept.pro>
Date: Fri, 10 May 2013 12:03:27 +0200
Subject: [PATCH 2/5] Add fecth extrafield into fetch user class

---
 htdocs/user/class/user.class.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index 0d50e08e0fd..32dafcef617 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -219,6 +219,15 @@ class User extends CommonObject
 				$this->contact_id           = $obj->fk_socpeople;
 				$this->fk_member            = $obj->fk_member;
 				$this->fk_user        		= $obj->fk_user;
+				
+				// Retreive all extrafield for thirdparty
+				// fetch optionals attributes and labels
+				require_once(DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php');
+				$extrafields=new ExtraFields($this->db);
+				$extralabels=$extrafields->fetch_name_optionals_label($this->table_element,true);
+				if (count($extralabels)>0) {
+					$this->fetch_optionals($this->id,$extralabels);
+				}
 
 				$this->db->free($result);
 			}

From 0a26be3f04559f5f49a9b84d3cfefa9adf256478 Mon Sep 17 00:00:00 2001
From: fhenry <florian.henry@open-concept.pro>
Date: Fri, 10 May 2013 15:11:49 +0200
Subject: [PATCH 3/5] Fix security leak

---
 htdocs/adherents/fiche.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/htdocs/adherents/fiche.php b/htdocs/adherents/fiche.php
index 52f2c3fb13e..05833bbce10 100644
--- a/htdocs/adherents/fiche.php
+++ b/htdocs/adherents/fiche.php
@@ -931,9 +931,10 @@ else
 		$adht->fetch($object->typeid);
 
 		// We set country_id, and country_code, country of the chosen country
-		if (isset($_POST["country"]) || $object->country_id)
+		$country=GETPOST('country','int');
+		if (!empty($country) || $object->country_id)
 		{
-			$sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(isset($_POST["country"])?$_POST["country"]:$object->country_id);
+			$sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(!empty($country)?$country:$object->country_id);
 			$resql=$db->query($sql);
 			if ($resql)
 			{

From aab3e0a8a5e2d886bbbfc08a1930d3d81a1fd733 Mon Sep 17 00:00:00 2001
From: fhenry <florian.henry@open-concept.pro>
Date: Fri, 10 May 2013 15:33:28 +0200
Subject: [PATCH 4/5] Fix Extrafield problem on propal pages

---
 htdocs/comm/propal.php | 41 ++++++++++++++++++++++++++++++++++-------
 1 file changed, 34 insertions(+), 7 deletions(-)

diff --git a/htdocs/comm/propal.php b/htdocs/comm/propal.php
index 9cde868a97a..075c3879aa1 100644
--- a/htdocs/comm/propal.php
+++ b/htdocs/comm/propal.php
@@ -1837,30 +1837,56 @@ else
 
 		if ($action == 'edit_extras')
 		{
-			print '</table>';
 			print '<form enctype="multipart/form-data" action="'.$_SERVER["PHP_SELF"].'" method="post" name="formsoc">';
 			print '<input type="hidden" name="action" value="update_extras">';
 			print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 			print '<input type="hidden" name="id" value="'.$object->id.'">';
-			print '<table class="border" width="100%">';
 		}
 
-		print $object->showOptionals($extrafields,'edit');
+		foreach($extrafields->attribute_label as $key=>$label)
+		{
+			$value=(isset($_POST["options_".$key])?$_POST["options_".$key]:$object->array_options["options_".$key]);
+			if ($extrafields->attribute_type[$key] == 'separate')
+			{
+				print $extrafields->showSeparator($key);
+			}
+			else
+			{
+				print '<tr><td';
+				if (! empty($extrafields->attribute_required[$key])) print ' class="fieldrequired"';
+				print '>'.$label.'</td><td colspan="5">';
+				// Convert date into timestamp format
+				if (in_array($extrafields->attribute_type[$key],array('date','datetime')))
+				{
+					$value = isset($_POST["options_".$key])?dol_mktime($_POST["options_".$key."hour"], $_POST["options_".$key."min"], 0, $_POST["options_".$key."month"], $_POST["options_".$key."day"], $_POST["options_".$key."year"]):$object->array_options['options_'.$key];
+				}
+
+				if ($action == 'edit_extras' && $user->rights->propal->creer)
+				{
+					print $extrafields->showInputField($key,$value);
+				}
+				else
+				{
+					print $extrafields->showOutputField($key,$value);
+				}
+				print '</td></tr>'."\n";
+			}
+		}
 
 		if(count($extrafields->attribute_label) > 0) {
 
 			if ($action == 'edit_extras' && $user->rights->propal->creer)
 			{
-				print '<tr><td width="25%"></td><td>';
+				print '<tr><td></td><td colspan="5">';
 				print '<input type="submit" class="button" value="'.$langs->trans('Modify').'">';
+				print '</form>';
 				print '</td></tr>';
-				print '</table></form>';
-				print '<table class="border" width="100%">';
+
 			}
 			else {
 				if ($object->statut == 0 && $user->rights->propal->creer)
 				{
-					print '<tr><td width="25%"></td><td><a href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=edit_extras">'.img_picto('','edit').' '.$langs->trans('Modify').'</a></td></tr>';
+					print '<tr><td></td><td><a href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=edit_extras">'.img_picto('','edit').' '.$langs->trans('Modify').'</a></td></tr>';
 				}
 			}
 		}
@@ -1923,6 +1949,7 @@ else
 		include DOL_DOCUMENT_ROOT.'/core/tpl/bloc_showhide.tpl.php';
 	}
 
+
 	/*
 	 * Lines
 	*/

From cdc1e55b26df20950338ad494c56232309b4dc6f Mon Sep 17 00:00:00 2001
From: fhenry <florian.henry@open-concept.pro>
Date: Fri, 10 May 2013 15:39:54 +0200
Subject: [PATCH 5/5] Fix bug on Extrafield order and propal

---
 htdocs/comm/propal.php    |   1 -
 htdocs/commande/fiche.php | 112 +++++++++++++++++++++++---------------
 2 files changed, 67 insertions(+), 46 deletions(-)

diff --git a/htdocs/comm/propal.php b/htdocs/comm/propal.php
index 075c3879aa1..0c95d919d2f 100644
--- a/htdocs/comm/propal.php
+++ b/htdocs/comm/propal.php
@@ -1834,7 +1834,6 @@ else
 	$reshook=$hookmanager->executeHooks('formObjectOptions',$parameters,$object,$action);    // Note that $action and $object may have been modified by hook
 	if (empty($reshook) && ! empty($extrafields->attribute_label))
 	{
-
 		if ($action == 'edit_extras')
 		{
 			print '<form enctype="multipart/form-data" action="'.$_SERVER["PHP_SELF"].'" method="post" name="formsoc">';
diff --git a/htdocs/commande/fiche.php b/htdocs/commande/fiche.php
index 99168cdc6a0..a7d04670961 100644
--- a/htdocs/commande/fiche.php
+++ b/htdocs/commande/fiche.php
@@ -1,34 +1,34 @@
 <?php
 /* Copyright (C) 2003-2006	Rodolphe Quiedeville	<rodolphe@quiedeville.org>
  * Copyright (C) 2004-2013	Laurent Destailleur		<eldy@users.sourceforge.net>
- * Copyright (C) 2005		Marc Barilley / Ocebo	<marc@ocebo.com>
- * Copyright (C) 2005-2013	Regis Houssin			<regis.houssin@capnetworks.com>
- * Copyright (C) 2006		Andre Cianfarani		<acianfa@free.fr>
- * Copyright (C) 2010-2013	Juanjo Menent			<jmenent@2byte.es>
- * Copyright (C) 2011		Philippe Grand			<philippe.grand@atoo-net.com>
- * Copyright (C) 2012		Christophe Battarel		<christophe.battarel@altairis.fr>
- * Copyright (C) 2012		Marcos García			<marcosgdf@gmail.com>
- * Copyright (C) 2013		Florian Henry			<florian.henry@open-concept.pro>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
+* Copyright (C) 2005		Marc Barilley / Ocebo	<marc@ocebo.com>
+* Copyright (C) 2005-2013	Regis Houssin			<regis.houssin@capnetworks.com>
+* Copyright (C) 2006		Andre Cianfarani		<acianfa@free.fr>
+* Copyright (C) 2010-2013	Juanjo Menent			<jmenent@2byte.es>
+* Copyright (C) 2011		Philippe Grand			<philippe.grand@atoo-net.com>
+* Copyright (C) 2012		Christophe Battarel		<christophe.battarel@altairis.fr>
+* Copyright (C) 2012		Marcos García			<marcosgdf@gmail.com>
+* Copyright (C) 2013		Florian Henry			<florian.henry@open-concept.pro>
+*
+* This program is free software; you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation; either version 3 of the License, or
+* (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*  GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
 
 /**
  *	\file       htdocs/commande/fiche.php
- *	\ingroup    commande
- *	\brief      Page to show customer order
- */
+*	\ingroup    commande
+*	\brief      Page to show customer order
+*/
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
@@ -2135,34 +2135,56 @@ else
 		$reshook=$hookmanager->executeHooks('formObjectOptions',$parameters,$object,$action);    // Note that $action and $object may have been modified by hook
 		if (empty($reshook) && ! empty($extrafields->attribute_label))
 		{
+			if ($action == 'edit_extras')
+			{
+				print '<form enctype="multipart/form-data" action="'.$_SERVER["PHP_SELF"].'" method="post" name="formsoc">';
+				print '<input type="hidden" name="action" value="update_extras">';
+				print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
+				print '<input type="hidden" name="id" value="'.$object->id.'">';
+			}
+
+			foreach($extrafields->attribute_label as $key=>$label)
+			{
+				$value=(isset($_POST["options_".$key])?$_POST["options_".$key]:$object->array_options["options_".$key]);
+				if ($extrafields->attribute_type[$key] == 'separate')
+				{
+					print $extrafields->showSeparator($key);
+				}
+				else
+				{
+					print '<tr><td';
+					if (! empty($extrafields->attribute_required[$key])) print ' class="fieldrequired"';
+					print '>'.$label.'</td><td colspan="5">';
+					// Convert date into timestamp format
+					if (in_array($extrafields->attribute_type[$key],array('date','datetime')))
+					{
+						$value = isset($_POST["options_".$key])?dol_mktime($_POST["options_".$key."hour"], $_POST["options_".$key."min"], 0, $_POST["options_".$key."month"], $_POST["options_".$key."day"], $_POST["options_".$key."year"]):$object->array_options['options_'.$key];
+					}
+
+					if ($action == 'edit_extras' && $user->rights->commande->creer)
+					{
+						print $extrafields->showInputField($key,$value);
+					}
+					else
+					{
+						print $extrafields->showOutputField($key,$value);
+					}
+					print '</td></tr>'."\n";
+				}
+			}
+
 			if(count($extrafields->attribute_label) > 0) {
 
-				if ($action == 'edit_extras')
+				if ($action == 'edit_extras' && $user->rights->commande->creer)
 				{
-					print '<form enctype="multipart/form-data" action="'.$_SERVER["PHP_SELF"].'" method="post" name="formsoc">';
-					print '<input type="hidden" name="action" value="update_extras">';
-					print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
-					print '<input type="hidden" name="id" value="'.$object->id.'">';
-				}
-
-
-				if ($action == 'edit_extras' &&  $user->rights->propal->creer) {
-					print $object->showOptionals($extrafields,'edit');
-				}
-				else {
-					print $object->showOptionals($extrafields);
-				}
-
-				if ($action == 'edit_extras' && $user->rights->propal->creer)
-				{
-					print '<tr><td></td><td>';
+					print '<tr><td></td><td colspan="5">';
 					print '<input type="submit" class="button" value="'.$langs->trans('Modify').'">';
 					print '</form>';
 					print '</td></tr>';
 
 				}
 				else {
-					if ($object->statut == 0 && $user->rights->propal->creer)
+					if ($object->statut == 0 && $user->rights->commande->creer)
 					{
 						print '<tr><td></td><td><a href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=edit_extras">'.img_picto('','edit').' '.$langs->trans('Modify').'</a></td></tr>';
 					}
@@ -2320,7 +2342,7 @@ else
 					if ($object->statut > 0 && $object->statut < 3 && $object->getNbOfProductsLines() > 0)
 					{
 						if (($conf->expedition_bon->enabled && $user->rights->expedition->creer)
-							|| ($conf->livraison_bon->enabled && $user->rights->expedition->livraison->creer))
+						|| ($conf->livraison_bon->enabled && $user->rights->expedition->livraison->creer))
 						{
 							if ($user->rights->expedition->creer)
 							{