From a1cccc021ed1c6c963680ea62044c014bc304337 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@capnetworks.com>
Date: Sat, 12 Nov 2016 09:48:34 +0100
Subject: [PATCH 1/3] Fix: missing encrypt data for llx_const

---
 htdocs/install/mysql/migration/3.8.0-3.9.0.sql | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/install/mysql/migration/3.8.0-3.9.0.sql b/htdocs/install/mysql/migration/3.8.0-3.9.0.sql
index 1a776c27e66..86d2549a8bc 100755
--- a/htdocs/install/mysql/migration/3.8.0-3.9.0.sql
+++ b/htdocs/install/mysql/migration/3.8.0-3.9.0.sql
@@ -22,7 +22,7 @@
 -- -- VMYSQL4.1 DELETE FROM llx_usergroup_user      WHERE fk_usergroup NOT IN (SELECT rowid from llx_usergroup);
 
 
-insert into llx_const (name, value, type, note, visible, entity) values ('MAIN_ENABLE_LOG_TO_HTML','0','chaine','If this option is set to 1, it is possible to see log output at end of HTML sources by adding paramater logtohtml=1 on URL',1,0);
+insert into llx_const (name, value, type, note, visible, entity) values (__ENCRYPT('MAIN_ENABLE_LOG_TO_HTML')__,__ENCRYPT('0')__,'chaine','If this option is set to 1, it is possible to see log output at end of HTML sources by adding paramater logtohtml=1 on URL',1,0);
 
 
 -- Was done into a 3.8 fix, so we must do it also in 3.9 
@@ -61,7 +61,7 @@ update llx_opensurvey_sondage set format = 'D' where format = 'D+';
 update llx_opensurvey_sondage set format = 'A' where format = 'A+';
 
 INSERT INTO llx_const (name, value, type, note, visible) values (__ENCRYPT('MAIN_DELAY_EXPENSEREPORTS_TO_PAY')__,__ENCRYPT('31')__,'chaine','Tolérance de retard avant alerte (en jours) sur les notes de frais impayées',0);
-INSERT INTO llx_const (name, value, type, note, visible) values ('MAIN_SIZE_SHORTLISTE_LIMIT','4','chaine','Longueur maximum des listes courtes (fiche client)',0);
+INSERT INTO llx_const (name, value, type, note, visible) values (__ENCRYPT('MAIN_SIZE_SHORTLISTE_LIMIT')__,__ENCRYPT('4')__,'chaine','Longueur maximum des listes courtes (fiche client)',0);
 
 ALTER TABLE llx_accounting_system MODIFY COLUMN pcg_version varchar(32);
 ALTER TABLE llx_accountingaccount MODIFY COLUMN fk_pcg_version varchar(32);

From 5b49b7bca0ccd265424de8b5fb7af3b75f9d4239 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 22 Nov 2016 21:06:44 +0100
Subject: [PATCH 2/3] FIX #6010

---
 htdocs/public/paypal/paymentko.php | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/htdocs/public/paypal/paymentko.php b/htdocs/public/paypal/paymentko.php
index f21b2d2409c..4bad572ed8b 100644
--- a/htdocs/public/paypal/paymentko.php
+++ b/htdocs/public/paypal/paymentko.php
@@ -51,6 +51,13 @@ $langs->load("companies");
 $langs->load("paybox");
 $langs->load("paypal");
 
+$PAYPALTOKEN=GETPOST('TOKEN');
+if (empty($PAYPALTOKEN)) $PAYPALTOKEN=GETPOST('token');
+$PAYPALPAYERID=GETPOST('PAYERID');
+if (empty($PAYPALPAYERID)) $PAYPALPAYERID=GETPOST('PayerID');
+$PAYPALFULLTAG=GETPOST('FULLTAG');
+if (empty($PAYPALFULLTAG)) $PAYPALFULLTAG=GETPOST('fulltag');
+
 
 /*
  * Actions
@@ -73,6 +80,18 @@ dol_syslog("POST=".$tracepost, LOG_DEBUG, 0, '_paypal');
 // Send an email
 if (! empty($conf->global->PAYPAL_PAYONLINE_SENDEMAIL))
 {
+    // Get on url call
+    $token              = $PAYPALTOKEN;
+    $fulltag            = $PAYPALFULLTAG;
+    $payerID            = $PAYPALPAYERID;
+    // Set by newpayment.php
+    $paymentType        = $_SESSION['PaymentType'];
+    $currencyCodeType   = $_SESSION['currencyCodeType'];
+    $FinalPaymentAmt    = $_SESSION["Payment_Amount"];
+    // From env
+    $ipaddress          = $_SESSION['ipaddress'];
+    
+    
 	$sendto=$conf->global->PAYPAL_PAYONLINE_SENDEMAIL;
 	$from=$conf->global->MAILING_EMAIL_FROM;
 
@@ -102,11 +121,6 @@ print '<span id="dolpaymentspan"></span>'."\n";
 print '<div id="dolpaymentdiv" align="center">'."\n";
 print $langs->trans("YourPaymentHasNotBeenRecorded")."<br><br>";
 
-$PAYPALTOKEN=GETPOST('TOKEN');
-if (empty($PAYPALTOKEN)) $PAYPALTOKEN=GETPOST('token');
-$PAYPALFULLTAG=GETPOST('FULLTAG');
-if (empty($PAYPALFULLTAG)) $PAYPALFULLTAG=GETPOST('fulltag');
-
 if (! empty($conf->global->PAYPAL_MESSAGE_KO)) print $conf->global->PAYPAL_MESSAGE_KO;
 print "\n</div>\n";
 

From e539842c281da09430dc6ddff74431a2e9b96ae9 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 26 Nov 2016 15:46:41 +0100
Subject: [PATCH 3/3] Fix eatdate and selldate not correctly set.

---
 htdocs/product/stock/mouvement.php | 4 ++--
 htdocs/product/stock/product.php   | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/htdocs/product/stock/mouvement.php b/htdocs/product/stock/mouvement.php
index 48b8d089375..ba257721746 100644
--- a/htdocs/product/stock/mouvement.php
+++ b/htdocs/product/stock/mouvement.php
@@ -115,8 +115,8 @@ if ($action == "correct_stock")
 
         	//$eatby=GETPOST('eatby');
         	//$sellby=GETPOST('sellby');
-        	$eatby=dol_mktime(12, 0, 0, GETPOST('eatbymonth'), GETPOST('eatbyday'), GETPOST('eatbyyear'));
-        	$sellby=dol_mktime(12, 0, 0, GETPOST('sellbymonth'), GETPOST('sellbyday'), GETPOST('sellbyyear'));
+        	$eatby=dol_mktime(0, 0, 0, GETPOST('eatbymonth'), GETPOST('eatbyday'), GETPOST('eatbyyear'));
+        	$sellby=dol_mktime(0, 0, 0, GETPOST('sellbymonth'), GETPOST('sellbyday'), GETPOST('sellbyyear'));
         	 
 	        $result=$product->correct_stock_batch(
 	            $user,
diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php
index 3170f329ea7..d37219db898 100644
--- a/htdocs/product/stock/product.php
+++ b/htdocs/product/stock/product.php
@@ -54,8 +54,8 @@ $stocklimit = GETPOST('seuil_stock_alerte');
 $desiredstock = GETPOST('desiredstock');
 $cancel = GETPOST('cancel');
 $fieldid = isset($_GET["ref"])?'ref':'rowid';
-$d_eatby=dol_mktime(12, 0, 0, $_POST['eatbymonth'], $_POST['eatbyday'], $_POST['eatbyyear']);
-$d_sellby=dol_mktime(12, 0, 0, $_POST['sellbymonth'], $_POST['sellbyday'], $_POST['sellbyyear']);
+$d_eatby=dol_mktime(0, 0, 0, $_POST['eatbymonth'], $_POST['eatbyday'], $_POST['eatbyyear']);
+$d_sellby=dol_mktime(0, 0, 0, $_POST['sellbymonth'], $_POST['sellbyday'], $_POST['sellbyyear']);
 $pdluoid=GETPOST('pdluoid','int');
 
 // Security check
@@ -352,8 +352,8 @@ if ($action == 'updateline' && GETPOST('save') == $langs->trans('Save'))
             }
             else
             {
-                $d_eatby=dol_mktime(12, 0, 0, $_POST['eatbymonth'], $_POST['eatbyday'], $_POST['eatbyyear']);
-                $d_sellby=dol_mktime(12, 0, 0, $_POST['sellbymonth'], $_POST['sellbyday'], $_POST['sellbyyear']);
+                $d_eatby=dol_mktime(0, 0, 0, $_POST['eatbymonth'], $_POST['eatbyday'], $_POST['eatbyyear']);
+                $d_sellby=dol_mktime(0, 0, 0, $_POST['sellbymonth'], $_POST['sellbyday'], $_POST['sellbyyear']);
                 $pdluo->batch=GETPOST("batch_number",'san_alpha');
                 $pdluo->eatby=$d_eatby;
                 $pdluo->sellby=$d_sellby;