Merge branch '11.0' of git@github.com:Dolibarr/dolibarr.git into 12.0

Conflicts:
	htdocs/expedition/class/expedition.class.php
	scripts/cron/cron_run_jobs.php

ChangeLog

@@ -78,7 +78,7 @@ FIX: we must export company mail address on contact vcard only if contact email
 FIX: when we filter a list on a view status, we want this filter to be on bookmark that we create
 FIX: Wrong Sql on getListOfTowns api method
 FIX: wrong user right's name to top menu "commercial"
-FIX: XSS Vulnerability
+FIX: XSS Vulnerability reported by Mehmet Kelepçe / Gais Cyber Security
 
 ***** ChangeLog for 12.0.0 compared to 11.0.0 *****
 For Users:

htdocs/admin/dict.php

@@ -644,6 +644,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify'))
         if ($value == 'localtax2' && empty($_POST['localtax2_type'])) continue;
         if ($value == 'color' && empty($_POST['color'])) continue;
 		if ($value == 'formula' && empty($_POST['formula'])) continue;
+		if ($value == 'dayrule' && empty($_POST['dayrule'])) continue;
 		if ($value == 'sortorder') continue; // For a column name 'sortorder', we use the field name 'position'
 		if ((!isset($_POST[$value]) || $_POST[$value] == '')
         	&& (!in_array($listfield[$f], array('decalage', 'module', 'accountancy_code', 'accountancy_code_sell', 'accountancy_code_buy', 'tracking'))  // Fields that are not mandatory

htdocs/comm/action/class/actioncomm.class.php

@@ -679,6 +679,7 @@ class ActionComm extends CommonObject
 
         $sql = "SELECT a.id,";
         $sql .= " a.id as ref,";
+        $sql .= " a.entity,";
         $sql .= " a.ref_ext,";
         $sql .= " a.datep,";
         $sql .= " a.datep2,";
@@ -715,6 +716,7 @@ class ActionComm extends CommonObject
                 $obj = $this->db->fetch_object($resql);
 
                 $this->id         = $obj->id;
+				$this->entity     = $obj->entity;
                 $this->ref        = $obj->ref;
                 $this->ref_ext    = $obj->ref_ext;
 

htdocs/compta/paiement/card.php

@@ -342,7 +342,7 @@ if ($resql)
 	print '<tr class="liste_titre">';
 	print '<td>'.$langs->trans('Bill').'</td>';
 	print '<td>'.$langs->trans('Company').'</td>';
-	if ($conf->global->MULTICOMPANY_INVOICE_SHARING_ENABLED)print '<td>'.$langs->trans('Entity').'</td>';
+	if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_INVOICE_SHARING_ENABLED)) print '<td>'.$langs->trans('Entity').'</td>';
 	print '<td class="right">'.$langs->trans('ExpectedToPay').'</td>';
     print '<td class="right">'.$langs->trans('PayedByThisPayment').'</td>';
     print '<td class="right">'.$langs->trans('RemainderToPay').'</td>';
@@ -379,7 +379,7 @@ if ($resql)
 			print '</td>';
 
 			// Expected to pay
-			if ($conf->global->MULTICOMPANY_INVOICE_SHARING_ENABLED) {
+			if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_INVOICE_SHARING_ENABLED)) {
 				print '<td>';
 				$mc->getInfo($objp->entity);
 				print $mc->label;

htdocs/contact/class/contact.class.php

@@ -1590,7 +1590,7 @@ class Contact extends CommonObject
 	public static function replaceThirdparty(DoliDB $db, $origin_id, $dest_id)
 	{
 		$tables = array(
-			'socpeople'
+			'socpeople', 'societe_contacts'
 		);
 
 		return CommonObject::commonReplaceThirdparty($db, $origin_id, $dest_id, $tables);

htdocs/expedition/class/expedition.class.php

@@ -539,7 +539,7 @@ class Expedition extends CommonObject
 		// Check parameters
 		if (empty($id) && empty($ref) && empty($ref_ext)) return -1;
 
-		$sql = "SELECT e.rowid, e.ref, e.fk_soc as socid, e.date_creation, e.ref_customer, e.ref_ext, e.ref_int, e.fk_user_author, e.fk_statut, e.fk_projet as fk_project, e.billed";
+		$sql = "SELECT e.rowid, e.entity, e.ref, e.fk_soc as socid, e.date_creation, e.ref_customer, e.ref_ext, e.ref_int, e.fk_user_author, e.fk_statut, e.fk_projet as fk_project, e.billed";
         $sql .= ", e.date_valid";
 		$sql .= ", e.weight, e.weight_units, e.size, e.size_units, e.width, e.height";
 		$sql .= ", e.date_expedition as date_expedition, e.model_pdf, e.fk_address, e.date_delivery";
@@ -568,6 +568,7 @@ class Expedition extends CommonObject
 				$obj = $this->db->fetch_object($result);
 
 				$this->id                   = $obj->rowid;
+				$this->entity               = $obj->entity;
 				$this->ref                  = $obj->ref;
 				$this->socid                = $obj->socid;
 				$this->ref_customer = $obj->ref_customer;

scripts/cron/cron_run_jobs.php

@@ -176,11 +176,12 @@ if (is_array($qualifiedjobs) && (count($qualifiedjobs) > 0)) {
 		// Force reload of setup for the current entity
 		if ((empty($line->entity) ? 1 : $line->entity) != $conf->entity)
 		{
-			dol_syslog("cron_run_jobs.php we work on another entity conf than ".$conf->entity." so we reload user and conf", LOG_DEBUG);
+			dol_syslog("cron_run_jobs.php we work on another entity conf than ".$conf->entity." so we reload mysoc, langs, user and conf", LOG_DEBUG);
-		    echo " -> we change entity so we reload user and conf";
+			echo " -> we change entity so we reload mysoc, langs, user and conf";
 
 		    $conf->entity = (empty($line->entity) ? 1 : $line->entity);
 		    $conf->setValues($db); // This make also the $mc->setValues($conf); that reload $mc->sharings
+		    $mysoc->setMysoc($conf);
 
 		    // Force recheck that user is ok for the entity to process and reload permission for entity
 		    if ($conf->entity != $user->entity && $user->entity != 0)
@@ -203,6 +204,11 @@ if (is_array($qualifiedjobs) && (count($qualifiedjobs) > 0)) {
     		    }
     		    $user->getrights();
 		    }
+
+		    // Reload langs
+		    $langcode = (empty($conf->global->MAIN_LANG_DEFAULT)?'auto':$conf->global->MAIN_LANG_DEFAULT);
+		    if (! empty($user->conf->MAIN_LANG_DEFAULT)) $langcode = $user->conf->MAIN_LANG_DEFAULT;
+		    if ($langs->getDefaultLang() != $langcode) $langs->setDefaultLang($langcode);
 		}
 
 		//If date_next_jobs is less of current date, execute the program, and store the execution time of the next execution in database