From 7b29ce036a06325e464d39ff7c08af6e13103bac Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 19 May 2020 00:50:30 +0200
Subject: [PATCH 1/6] Fix input of virtual host and canonical url

---
 htdocs/core/lib/website2.lib.php | 4 +++-
 htdocs/website/index.php         | 6 ++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/htdocs/core/lib/website2.lib.php b/htdocs/core/lib/website2.lib.php
index 0ab35c55fd8..ce1f27b49fc 100644
--- a/htdocs/core/lib/website2.lib.php
+++ b/htdocs/core/lib/website2.lib.php
@@ -196,7 +196,9 @@ function dolSavePageContent($filetpl, Website $object, WebsitePage $objectpage)
 		else dol_print_error($db);
 	}
 	// Add canonical reference
-	$tplcontent .= '<link rel="canonical" href="'.(($objectpage->id == $object->fk_default_home) ? '/' : (($shortlangcode != substr($object->lang, 0, 2) ? '/'.$shortlangcode : '').'/'.$objectpage->pageurl.'.php')).'" />'."\n";
+	if ($object->virtualhost) {
+		$tplcontent .= '<link rel="canonical" href="'.$object->virtualhost.(($objectpage->id == $object->fk_default_home) ? '/' : (($shortlangcode != substr($object->lang, 0, 2) ? '/'.$shortlangcode : '').'/'.$objectpage->pageurl.'.php')).'" />'."\n";
+	}
 	// Add manifest.json on homepage
 	$tplcontent .= '<?php if ($website->use_manifest) { print \'<link rel="manifest" href="/manifest.json.php" />\'."\n"; } ?>'."\n";
 	$tplcontent .= '<!-- Include link to CSS file -->'."\n";
diff --git a/htdocs/website/index.php b/htdocs/website/index.php
index 4f7cba09e89..70cfe780f55 100644
--- a/htdocs/website/index.php
+++ b/htdocs/website/index.php
@@ -681,6 +681,7 @@ if ($action == 'addcontainer')
 				//$objectpage->htmlheader = preg_replace('/<meta name="msvalidate.01[^>]*>\n*/ims', '', $objectpage->htmlheader);
 				$objectpage->htmlheader = preg_replace('/<title>[^<]*<\/title>\n*/ims', '', $objectpage->htmlheader);
 				$objectpage->htmlheader = preg_replace('/<link[^>]*rel="shortcut[^>]*>\n/ims', '', $objectpage->htmlheader);
+				$objectpage->htmlheader = preg_replace('/<link[^>]*rel="alternate[^>]*>\n/ims', '', $objectpage->htmlheader);
 				$objectpage->htmlheader = preg_replace('/<link[^>]*rel="canonical[^>]*>\n/ims', '', $objectpage->htmlheader);
 
 				// Now loop to fetch JS
@@ -1155,7 +1156,8 @@ if ($action == 'updatecss')
 
 		if (GETPOSTISSET('virtualhost'))
 		{
-		    if (GETPOST('virtualhost', 'alpha') && !preg_match('/^http/', GETPOST('virtualhost', 'alpha')))
+			$tmpvirtualhost = preg_replace('/\/$/', '', GETPOST('virtualhost', 'alpha'));
+			if ($tmpvirtualhost && !preg_match('/^http/', $tmpvirtualhost))
     		{
     		    $error++;
     		    setEventMessages($langs->trans('ErrorURLMustStartWithHttp', $langs->transnoentitiesnoconv("VirtualHost")), null, 'errors');
@@ -1169,7 +1171,7 @@ if ($action == 'updatecss')
     				$arrayotherlang[$key] = substr(trim($val), 0, 2); // Kept short language code only
     			}
 
-    		    $object->virtualhost = GETPOST('virtualhost', 'alpha');
+    			$object->virtualhost = $tmpvirtualhost;
     		    $object->lang = GETPOST('WEBSITE_LANG', 'aZ09');
     		    $object->otherlang = join(',', $arrayotherlang);
     		    $object->use_manifest = GETPOST('use_manifest', 'alpha');

From d35a24ee76b0639d7b3697ba95e0149b053421fe Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 19 May 2020 01:36:33 +0200
Subject: [PATCH 2/6] Removed not expected file

---
 htdocs/website/index.html | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 htdocs/website/index.html

diff --git a/htdocs/website/index.html b/htdocs/website/index.html
deleted file mode 100644
index e69de29bb2d..00000000000

From 3e187f8ce06325d0a4e3fca35205006640abe290 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 19 May 2020 03:36:29 +0200
Subject: [PATCH 3/6] Fix add check on size limit

---
 htdocs/compta/prelevement/card.php | 4 ----
 htdocs/website/index.php           | 1 +
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/htdocs/compta/prelevement/card.php b/htdocs/compta/prelevement/card.php
index cb3205a0e70..d81e101be3d 100644
--- a/htdocs/compta/prelevement/card.php
+++ b/htdocs/compta/prelevement/card.php
@@ -272,10 +272,6 @@ if ($id > 0 || $ref)
 		print '<tr class="oddeven"><td>'.$langs->trans("TransMetod").'</td><td>';
 		print $form->selectarray("methode", $object->methodes_trans);
 		print '</td></tr>';
-        /*print '<tr><td width="20%">'.$langs->trans("File").'</td><td>';
-		print '<input type="hidden" name="max_file_size" value="'.$conf->maxfilesize.'">';
-		print '<input class="flat" type="file" name="userfile"><br>';
-		print '</td></tr>';*/
 		print '</table><br>';
 		print '<div class="center"><input type="submit" class="button" value="'.dol_escape_htmltag($langs->trans("SetToStatusSent")).'"></div>';
 		print '</form>';
diff --git a/htdocs/website/index.php b/htdocs/website/index.php
index 70cfe780f55..a48b6d92548 100644
--- a/htdocs/website/index.php
+++ b/htdocs/website/index.php
@@ -3069,6 +3069,7 @@ if ($action == 'importsite')
 
 	print '<span class="opacitymedium">'.$langs->trans("ZipOfWebsitePackageToImport").'</span><br><br>';
 
+	print '<input type="hidden" name="max_file_size" value="'.$conf->maxfilesize.'">';
 	print '<input class="flat minwidth400" type="file" name="userfile[]" accept=".zip">';
 	print '<input type="submit" class="button" name="buttonsubmitimportfile" value="'.dol_escape_htmltag($langs->trans("Upload")).'">';
 	print '<input type="submit" class="button" name="preview" value="'.dol_escape_htmltag($langs->trans("Cancel")).'">';

From b3a17c8da4550e620fd7e87c9a473d9c3ae09053 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 19 May 2020 04:21:38 +0200
Subject: [PATCH 4/6] Look and feel v12

---
 htdocs/admin/security.php      | 14 +++++++-------
 htdocs/admin/security_file.php |  4 ++--
 htdocs/langs/en_US/admin.lang  |  2 +-
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/htdocs/admin/security.php b/htdocs/admin/security.php
index f016c305a15..d9d61673c5e 100644
--- a/htdocs/admin/security.php
+++ b/htdocs/admin/security.php
@@ -168,9 +168,9 @@ elseif ($action == 'disable_MAIN_SECURITY_DISABLEFORGETPASSLINK')
 	exit;
 }
 
-if ($action == 'maj_pattern')
+if ($action == 'updatepattern')
 {
-    $pattern = GETPOST("pattern");
+    $pattern = GETPOST("pattern", "alpha");
     $explodePattern = explode(';', $pattern);
 
     $patternInError = false;
@@ -184,6 +184,7 @@ if ($action == 'maj_pattern')
 
     if (!$patternInError) {
 	    dolibarr_set_const($db, "USER_PASSWORD_PATTERN", $pattern, 'chaine', 0, '', $conf->entity);
+	    setEventMessages($langs->trans("SetupSaved"), null, 'mesgs');
 	    header("Location: security.php");
 	    exit;
     }
@@ -336,11 +337,9 @@ if ($conf->global->USER_PASSWORD_GENERATED == "Perso") {
 	print '</table>';
 
 	print '<br>';
-	print '<table class="right">';
-	print '<tr><td>';
+	print '<div class="center">';
 	print '<a class="button" id="linkChangePattern">'.$langs->trans("Save").'</a>';
-	print '</td></tr>';
-	print '</table>';
+	print '</div>';
 	print '<br><br>';
 
 	print '<script type="text/javascript">';
@@ -369,10 +368,11 @@ if ($conf->global->USER_PASSWORD_GENERATED == "Perso") {
 	print '	}';
 
 	print '	function generatelink(){';
-	print '		return "security.php?action=maj_pattern&pattern="+getStringArg();';
+	print '		return "security.php?action=updatepattern&pattern="+getStringArg();';
 	print '	}';
 
 	print '	function valuePatternChange(){';
+	print '     console.log("valuePatternChange");';
 	print '		var lang_save = "'.$langs->trans("Save").'";';
 	print '		var lang_error = "'.$langs->trans("Error").'";';
 	print '		var lang_Disabled = "'.$langs->trans("Disabled").'";';
diff --git a/htdocs/admin/security_file.php b/htdocs/admin/security_file.php
index 039f6c80331..0f3c5e4a851 100644
--- a/htdocs/admin/security_file.php
+++ b/htdocs/admin/security_file.php
@@ -138,7 +138,7 @@ print '</tr>';
 
 print '<tr class="oddeven">';
 print '<td colspan="2">'.$langs->trans("AntiVirusCommand").'<br>';
-print $langs->trans("AntiVirusCommandExample");
+print '<span class="opacitymedium">'.$langs->trans("AntiVirusCommandExample").'</span>';
 // Check command in inside safe_mode
 print '</td>';
 print '<td>';
@@ -161,7 +161,7 @@ print '</tr>';
 
 print '<tr class="oddeven">';
 print '<td colspan="2">'.$langs->trans("AntiVirusParam").'<br>';
-print $langs->trans("AntiVirusParamExample");
+print '<span class="opacitymedium">'.$langs->trans("AntiVirusParamExample").'</span>';
 print '</td>';
 print '<td>';
 print '<input type="text" name="MAIN_ANTIVIRUS_PARAM" class="minwidth500imp" value="'.(!empty($conf->global->MAIN_ANTIVIRUS_PARAM) ?dol_escape_htmltag($conf->global->MAIN_ANTIVIRUS_PARAM) : '').'">';
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index 84c64a23615..fef27b5b7de 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -95,7 +95,7 @@ NextValueForInvoices=Next value (invoices)
 NextValueForCreditNotes=Next value (credit notes)
 NextValueForDeposit=Next value (down payment)
 NextValueForReplacements=Next value (replacements)
-MustBeLowerThanPHPLimit=Note: <b>your</b> PHP configuration currently limits the maximum filesize for upload to <b>%s</b> %s, irrespective of the value of this parameter
+MustBeLowerThanPHPLimit=Note: your PHP configuration currently limits the maximum filesize for upload to <b>%s</b> %s, irrespective of the value of this parameter
 NoMaxSizeByPHPLimit=Note: No limit is set in your PHP configuration
 MaxSizeForUploadedFiles=Maximum size for uploaded files (0 to disallow any upload)
 UseCaptchaCode=Use graphical code (CAPTCHA) on login page

From 2d0abebca301cc88afb503b5786bef802661c436 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 19 May 2020 04:40:08 +0200
Subject: [PATCH 5/6] CSS

---
 htdocs/hrm/index.php             |  2 +-
 htdocs/theme/eldy/global.inc.php | 14 +++++++++-----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/htdocs/hrm/index.php b/htdocs/hrm/index.php
index ba33ecbbdb3..e31266f755c 100644
--- a/htdocs/hrm/index.php
+++ b/htdocs/hrm/index.php
@@ -77,7 +77,7 @@ $childids[] = $user->id;
 
 llxHeader('', $langs->trans('HRMArea'));
 
-print load_fiche_titre($langs->trans("HRMArea"), '', 'hrm');
+print load_fiche_titre($langs->trans("HRMArea"), '', 'user');
 
 
 if (!empty($setupcompanynotcomplete))
diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php
index 2430257b268..fc365ae5812 100644
--- a/htdocs/theme/eldy/global.inc.php
+++ b/htdocs/theme/eldy/global.inc.php
@@ -1638,10 +1638,14 @@ td.nobordernopadding.widthpictotitle.col-picto {
 }
 
 span.widthpictotitle.pictotitle {
-/*    background: var(--colortexttitlenotab);
-    color: #fff;
-    padding: 10px;
-    border-radius: 2px;*/
+	/* background: rgba(70, 3, 62, 0.5); */
+    background: var(--colortexttitlenotab);
+    opacity: 0.8;
+    color: #fff !important;
+    padding: 7px;
+    border-radius: 2px;
+    min-width: 30px;
+    text-align: center;
 }
 .pictotitle {
 	margin-<?php echo $right; ?>: 8px;
@@ -3913,7 +3917,7 @@ div.boximport {
 
 .fieldrequired { font-weight: bold; color: var(--fieldrequiredcolor); }
 
-.widthpictotitle { width: 26px; text-align: <?php echo $left; ?>; }
+td.widthpictotitle { width: 26px; text-align: <?php echo $left; ?>; }
 span.widthpictotitle { font-size: 1.7em; };
 
 .dolgraphtitle { margin-top: 6px; margin-bottom: 4px; }

From 00d7947ee8e8c9d7ec058c956c4e5947a729c686 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 19 May 2020 19:55:28 +0200
Subject: [PATCH 6/6] Fix link replaced twice

---
 htdocs/core/lib/website.lib.php | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/htdocs/core/lib/website.lib.php b/htdocs/core/lib/website.lib.php
index 782c22a7d33..1075a91ebc0 100644
--- a/htdocs/core/lib/website.lib.php
+++ b/htdocs/core/lib/website.lib.php
@@ -219,10 +219,13 @@ function dolWebsiteOutput($content, $contenttype = 'html', $containerid = '')
 {
 	global $db, $langs, $conf, $user;
 	global $dolibarr_main_url_root, $dolibarr_main_data_root;
+	global $includehtmlcontentopened;
 
 	$nbrep = 0;
 
-	dol_syslog("dolWebsiteOutput start (contenttype=".$contenttype." containerid=".$containerid." USEDOLIBARREDITOR=".(defined('USEDOLIBARREDITOR') ? '1' : '')." USEDOLIBARRSERVER=".(defined('USEDOLIBARRSERVER') ? '1' : '').')');
+	dol_syslog("dolWebsiteOutput start - contenttype=".$contenttype." containerid=".$containerid." USEDOLIBARREDITOR=".(defined('USEDOLIBARREDITOR') ? '1' : '')." USEDOLIBARRSERVER=".(defined('USEDOLIBARRSERVER') ? '1' : '').' includehtmlcontentopened='.$includehtmlcontentopened);
+
+	//print $containerid.' '.$content;
 
 	// Define $urlwithroot
 	$urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
@@ -259,6 +262,8 @@ function dolWebsiteOutput($content, $contenttype = 'html', $containerid = '')
 		// Replace relative link /xxx.php#aaa or /xxx.php with dolibarr URL:  ...href="....php" (we discard param ?...)
 		$content = preg_replace('/(href=")\/?([^:\"\!]*)\.php(#[^\"<>]*)?\"/', '\1!~!~!~'.DOL_URL_ROOT.'/public/website/index.php?website='.$website->ref.'&pageref=\2\3"', $content, -1, $nbrep);
 		// Replace relative link /xxx.php?a=b&c=d#aaa or /xxx.php?a=b&c=d with dolibarr URL
+		// Warning: we may replace twice if href="..." was inside an include (dolWebsiteOutput called by include and the by final page), that's why
+		// at end we replace the '!~!~!~' only if we are in final parent page.
 		$content = preg_replace('/(href=")\/?([^:\"\!]*)\.php\?([^#\"<>]*)(#[^\"<>]*)?\"/', '\1!~!~!~'.DOL_URL_ROOT.'/public/website/index.php?website='.$website->ref.'&pageref=\2&\3\4"', $content, -1, $nbrep);
 		// Replace relative link without .php like /xxx#aaa or /xxx with dolibarr URL:  ...href="....php"
 		$content = preg_replace('/(href=")\/?([a-zA-Z0-9\-_#]+)(\"|\?)/', '\1!~!~!~'.DOL_URL_ROOT.'/public/website/index.php?website='.$website->ref.'&pageref=\2\3', $content, -1, $nbrep);
@@ -291,8 +296,10 @@ function dolWebsiteOutput($content, $contenttype = 'html', $containerid = '')
 		$content = str_replace('src="!~!~!~/viewimage.php', 'src="!~!~!~'.DOL_URL_ROOT.'/viewimage.php', $content);
 		$content = str_replace('href="!~!~!~/document.php', 'href="!~!~!~'.DOL_URL_ROOT.'/document.php', $content);
 
-		// Remove the protection tag !~!~!~
-		$content = str_replace('!~!~!~', '', $content);
+		// Remove the protection tag !~!~!~, but only if this is the parent page and not an include
+		if (empty($includehtmlcontentopened)) {
+			$content = str_replace('!~!~!~', '', $content);
+		}
 	}
 	else									// REPLACEMENT OF LINKS When page called from virtual host
 	{
@@ -511,6 +518,9 @@ function includeContainer($containerref)
 		print 'ERROR: RECURSIVE CONTENT LEVEL. Depth of recursive call is more than the limit of '.$MAXLEVEL.".\n";
 		return;
 	}
+
+	//dol_syslog("Include container ".$containerref.' includehtmlcontentopened='.$includehtmlcontentopened);
+
 	// file_get_contents is not possible. We must execute code with include
 	//$content = file_get_contents($fullpathfile);
 	//print preg_replace(array('/^.*<body[^>]*>/ims','/<\/body>.*$/ims'), array('', ''), $content);*/
@@ -520,7 +530,7 @@ function includeContainer($containerref)
 	$tmpoutput = ob_get_contents();
 	ob_end_clean();
 
-	print "\n".'<!-- include '.$websitekey.'/'.$containerref.' level = '.$includehtmlcontentopened.' -->'."\n";
+	print "\n".'<!-- include '.$websitekey.'/'.$containerref.(is_object($websitepage) ? ' parent id='.$websitepage->id : '').' level = '.$includehtmlcontentopened.' -->'."\n";
 	print preg_replace(array('/^.*<body[^>]*>/ims', '/<\/body>.*$/ims'), array('', ''), $tmpoutput);
 
 	if (!$res)