Merge remote-tracking branch 'origin/3.7' into develop

Conflicts:
	htdocs/core/lib/security.lib.php
	htdocs/product/stock/mouvement.php

ChangeLog

@@ -238,6 +238,7 @@ FIX: Not showing delivery date on rouget pdf
 FIX: Not showing task extrafields when creating from left menu
 FIX [ bug #3288 ] Tasks box is not properly drawn
 FIX [ bug #3211 ] Outstading bill amount of a client showed wrong amounts
+FIX [ bug #3321 ] Users with certain permissions were shown a "forbidden access" page even if they had the rights
 
 NEW: Created new ContratLigne::insert function
 

build.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<!-- Script build for hudson CI -->
 <project name="dolibarr" default="hudson" basedir=".">
-fdfds
 <!-- Exclude/ignore paths -->
  <property name="ignorepaths" value="${basedir}/htdocs/conf,${basedir}/htdocs/core/filemanagerdol,${basedir}/htdocs/includes" />
  <property name="ignoreregexp" value="**/PEAR/*,**/NET/*,**/HTTP/*,**/zendgdata/*,**/reportico/*" />

htdocs/product/stock/mouvement.php

@@ -498,7 +498,6 @@ if ($resql)
     print "</tr>\n";
 
     // Lignes des champs de filtre
-
     print '<tr class="liste_titre">';
     print '<td class="liste_titre" valign="right">';
     print '<input class="flat" type="text" size="2" maxlength="2" placeholder="'.dol_escape_htmltag($langs->trans("Month")).'" name="month" value="'.$month.'">';
@@ -549,7 +548,6 @@ if ($resql)
     print '<input type="image" class="liste_titre" src="'.img_picto($langs->trans("Search"),'searchclear.png','','',1).'" name="button_removefilter" value="'.dol_escape_htmltag($langs->trans("RemoveFilter")).'" title="'.dol_escape_htmltag($langs->trans("RemoveFilter")).'">';
     print '</td>';
     print "</tr>\n";
-    print '</form>';
 
     $arrayofuniqueproduct=array();
 
@@ -621,7 +619,7 @@ if ($resql)
     }
     $db->free($resql);
 
-    print "</table><br>";
+    print "</table></form><br>";
 
     // Add number of product when there is a filter on period
     if (count($arrayofuniqueproduct) == 1 && is_numeric($year))

htdocs/societe/class/societe.class.php

@@ -709,7 +709,7 @@ class Societe extends CommonObject
         $this->localtax2_value=trim($this->localtax2_value);
 
         $this->capital=price2num(trim($this->capital),'MT');
-        if (empty($this->capital)) $this->capital = 0;
+        if (empty($this->capital) || ! is_numeric($this->capital)) $this->capital = 0;
 
         $this->effectif_id=trim($this->effectif_id);
         $this->forme_juridique_code=trim($this->forme_juridique_code);

htdocs/user/card.php

@@ -725,7 +725,7 @@ if (($action == 'create') || ($action == 'adduserldap'))
     print '<form action="'.$_SERVER['PHP_SELF'].'" method="POST" name="createuser">';
     print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
     print '<input type="hidden" name="action" value="add">';
-    if (! empty($ldap_sid)) print '<input type="hidden" name="ldap_sid" value="'.$ldap_sid.'">';
+    if (! empty($ldap_sid)) print '<input type="hidden" name="ldap_sid" value="'.dol_escape_htmltag($ldap_sid).'">';
     print '<input type="hidden" name="entity" value="'.$conf->entity.'">';
 
     dol_fiche_head('', '', '', 0, '');