Merge remote-tracking branch 'origin/3.6' into develop

Conflicts:
	build/debian/get-orig-source.sh
	htdocs/product/class/product.class.php
	htdocs/societe/soc.php

ChangeLog

@@ -135,6 +135,7 @@ For users:
 - Fix: Iban was used instead of Bic into SEPA file.
 - Fix: Must unaccent strings into SEPA file.
 - Fix: Extrafield feature select from table should try to translate multiple column when not needed 
+- Fix: cents for indian ruppes are calle paisa and paise.
 
 ***** ChangeLog for 3.6 compared to 3.5.* *****
 For users:
@@ -268,9 +269,16 @@ Fix: When disabled, all fields to add time into task line must be disabled.
 Fix: Missing include files.lib.php in some pages that use dol_delete_recursive
 Fix: [ bug #1558 ] Product/service edit page title shows new Ref instead of old ref.
 Fix: [ bug #1553 ] Saving User displays setup removes menu.
-Fix: [ bug #1544 ] Can remove date from invoice
-Fix: list event view lost type event filter
-Fix: Add code save on create event
+Fix: [ bug #1544 ] Can remove date from invoice.
+Fix: list event view lost type event filter.
+Fix: Add code save on create event.
+Fix: SQL injection.
+Fix: [ bug #1589 ] Menu type in "Edit menu" page is not translated
+Fix: [ bug #1591 ] Linked object block shows Total HT/TTC even if not having permission to read them
+Fix: [ bug #1577 ] When creating new Private individual third, selected third type is ignored
+Fix: [ bug #1555 ] Update accountancy code of products does not throw PRODUCT_MODIFY trigger
+Fix: [ bug #1548 ] Supplier payment card shows type in French
+Fix: [ bug #1546 ] Incorrect page number when searching in the list of bank transactions
 
 ***** ChangeLog for 3.5.4 compared to 3.5.3 *****
 Fix: Hide title of event when agenda module disabled.

build/debian/control

@@ -39,7 +39,7 @@ Description: Web based software to manage a company or foundation
  It's a web software you can install as a standalone program or on any web
  hosting provider to use it from anywhere with any web browser.
  .
- Dolibarr was designed to be easy to use. Only the features that you need 
+ Dolibarr was designed to be easy to use. Only the features that you need
  are visible, depending on which modules were activated.
  .
  This is an example of most common used modules:

build/debian/copyright

@@ -61,7 +61,7 @@ License: GPL-3+
 Files: htdocs/includes/adodbtime/*
 Copyright: 2003-2005, John Lim
            unknown, jackbbs
-License: BSD
+License: BSD-3-Clause
  Redistribution and use in source and binary forms, with or without
  modification, are permitted provided that the following conditions
  are met:
@@ -272,7 +272,7 @@ Comment:
 
 Files: htdocs/includes/jquery/plugins/flot/*
 Copyright: Flot team
-License: Public Domain
+License: Public-Domain
  This work is not subject to copyright in any jurisdiction
 Comment:
  Those files are not shipped in the binary package because we configure

build/debian/get-orig-source.sh

@@ -7,40 +7,20 @@ tmpdir=$(mktemp -d)
 if [ -n "$1" ]; then
     uscan_opts="--download-version=$1"
 fi
-#uscan --noconf --force-download --no-symlink --destdir=$tmpdir $uscan_opts
+#uscan --noconf --force-download --no-symlink --verbose --destdir=$tmpdir $uscan_opts
 
 cd $tmpdir
 
 # Other method to download (comment uscan if you use this)
-wget http://sourceforge.net/projects/tcpdf/files/tcpdf_6_0_093.zip
+wget http://www.dolibarr.org/files/stable/standard/dolibarr-3.5.4.tgz
 
 # Rename file to add +dfsg
-zipfile=$(echo *.zip)
-version=$(echo "$zipfile" | perl -pi -e 's/^tcpdf_//; s/\.zip$//; s/_/./g; s/$/+dfsg/;')
-
-# Extract the zip file
-unzip -q $zipfile
-srcdir=$(find . -maxdepth 1 -mindepth 1 -type d | sed -e 's/\.\///')
-
-if [ ! -d "$srcdir" ]; then
-    echo "ERROR: Failed to identify the extracted directory in $tmpdir (got $srcdir)" >&2
-    rm -rf $tmpdir
-    exit 1
-fi
-
-# Cleanup unwanted files
-rm -rf $srcdir/fonts/free*
-
-# Repack as tar.xz
-tar Jcf tcpdf_${version}.orig.tar.xz $srcdir
+tgzfile=$(echo *.tgz)
+version=$(echo "$tgzfile" | perl -pi -e 's/^dolibarr-//; s/\.tgz$//; s/_/./g; s/\+nmu1//; ')
 
 cd - >/dev/null
 
-if [ -e ../tcpdf_${version}.orig.tar.xz ]; then
-    echo "Not overwriting ../tcpdf_${version}.orig.tar.xz";
-else
-    echo "Created ../tcpdf_${version}.orig.tar.xz"
-    mv $tmpdir/tcpdf_${version}.orig.tar.xz ../
-fi
+mv $tmpdir/dolibarr-${version}.tgz ../
+echo "File ../dolibarr-${version}.tgz is ready for git-import-orig"
 
 rm -rf $tmpdir

htdocs/adherents/class/adherent.class.php

@@ -1070,7 +1070,7 @@ class Adherent extends CommonObject
         if ($rowid) $sql.= " AND d.rowid=".$rowid;
         elseif ($ref || $fk_soc) {
         	$sql.= " AND d.entity IN (".getEntity().")";
-        	if ($ref) $sql.= " AND d.rowid='".$ref."'";
+        	if ($ref) $sql.= " AND d.rowid='".$this->db->escape($ref)."'";
         	elseif ($fk_soc) $sql.= " AND d.fk_soc='".$fk_soc."'";
         }
         elseif ($ref_ext)

htdocs/admin/menus/edit.php

@@ -316,7 +316,7 @@ if ($action == 'create')
     print '<tr><td class="fieldrequired">'.$langs->trans('Type').'</td><td>';
     if ($parent_rowid)
     {
-        print 'Left';
+        print $langs->trans('Left');
         print '<input type="hidden" name="type" value="left">';
     }
     else

htdocs/cashdesk/index.php

@@ -39,6 +39,7 @@ if ( $_SESSION['uid'] > 0 )
 }
 
 $usertxt=GETPOST('user','',1);
+$err=GETPOST("err");
 
 
 /*
@@ -64,7 +65,7 @@ top_htmlhead('','',0,0,'',$arrayofcss);
 
 <div class="contenu">
 <div class="principal_login">
-<?php if (! empty($_GET["err"])) print $_GET["err"]."<br><br>\n"; ?>
+<?php if ($err) print dol_escape_htmltag($err)."<br><br>\n"; ?>
 <fieldset class="cadre_facturation"><legend class="titre1"><?php echo $langs->trans("Identification"); ?></legend>
 <form id="frmLogin" method="POST" action="index_verif.php">
 	<input type="hidden" name="token" value="<?php echo $_SESSION['newtoken']; ?>" />

htdocs/comm/propal/class/propal.class.php

@@ -1069,7 +1069,7 @@ class Propal extends CommonObject
         $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_input_reason as dr ON p.fk_input_reason = dr.rowid';
         $sql.= " WHERE p.fk_statut = c.id";
         $sql.= " AND p.entity = ".$conf->entity;
-        if ($ref) $sql.= " AND p.ref='".$ref."'";
+        if ($ref) $sql.= " AND p.ref='".$this->db->escape($ref)."'";
         else $sql.= " AND p.rowid=".$rowid;
 
         dol_syslog(get_class($this)."::fetch", LOG_DEBUG);

htdocs/comm/propal/tpl/linkedobjectblock.tpl.php

@@ -1,6 +1,7 @@
 <?php
 /* Copyright (C) 2010-2011  Regis Houssin <regis.houssin@capnetworks.com>
- * Copyright (C) 2013		Juanjo Menent <jmenent@2byte.es>
+ * Copyright (C) 2013       Juanjo Menent <jmenent@2byte.es>
+ * Copyright (C) 2014       Marcos García <marcosgdf@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -27,6 +28,8 @@
 
 <?php
 
+global $user;
+
 $langs = $GLOBALS['langs'];
 $linkedObjectBlock = $GLOBALS['linkedObjectBlock'];
 
@@ -52,17 +55,23 @@ foreach($linkedObjectBlock as $object)
 	<a href="<?php echo DOL_URL_ROOT.'/comm/propal.php?id='.$object->id ?>"><?php echo img_object($langs->trans("ShowPropal"),"propal").' '.$object->ref; ?></a></td>
 	<td><?php echo $object->ref_client; ?></td>
 	<td align="center"><?php echo dol_print_date($object->date,'day'); ?></td>
-	<td align="right"><?php echo price($object->total_ht); ?></td>
+	<td align="right"><?php
+		if ($user->rights->propale->lire) {
+			$total = $total + $object->total_ht;
+			echo price($object->total_ht);
+		} ?></td>
 	<td align="right"><?php echo $object->getLibStatut(3); ?></td>
 </tr>
 <?php
-$total = $total + $object->total_ht;
 }
 
 ?>
 <tr class="liste_total">
 	<td align="left" colspan="3"><?php echo $langs->trans('TotalHT'); ?></td>
-	<td align="right"><?php echo price($total); ?></td>
+	<td align="right"><?php
+		if ($user->rights->propale->lire) {
+			echo price($total);
+		} ?></td>
 	<td>&nbsp;</td>
 </tr>
 </table>

htdocs/commande/info.php

@@ -34,7 +34,7 @@ $langs->load("sendings");
 
 // Security check
 $socid=0;
-$comid = isset($_GET["id"])?$_GET["id"]:'';
+$comid = GETPOST("id",'int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result=restrictedArea($user,'commande',$comid,'');
 
@@ -47,8 +47,8 @@ $result=restrictedArea($user,'commande',$comid,'');
 llxHeader('',$langs->trans('Order'),'EN:Customers_Orders|FR:Commandes_Clients|ES:Pedidos de clientes');
 
 $commande = new Commande($db);
-$commande->fetch($_GET["id"]);
-$commande->info($_GET["id"]);
+$commande->fetch($comid);
+$commande->info($comid);
 $soc = new Societe($db);
 $soc->fetch($commande->socid);
 

htdocs/commande/orderstoinvoice.php

@@ -45,7 +45,7 @@ $langs->load('companies');
 if (! $user->rights->facture->creer)
 	accessforbidden();
 
-$id				= (GETPOST('id')?GETPOST("id"):GETPOST("facid"));  // For backward compatibility
+$id				= (GETPOST('id')?GETPOST('id','int'):GETPOST("facid"));  // For backward compatibility
 $ref			= GETPOST('ref','alpha');
 $action			= GETPOST('action','alpha');
 $confirm		= GETPOST('confirm','alpha');

htdocs/commande/tpl/linkedobjectblock.tpl.php

@@ -1,6 +1,7 @@
 <?php
 /* Copyright (C) 2010-2011	Regis Houssin <regis.houssin@capnetworks.com>
  * Copyright (C) 2013		Juanjo Menent <jmenent@2byte.es>
+ * Copyright (C) 2014       Marcos García <marcosgdf@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -22,6 +23,8 @@
 
 <?php
 
+global $user;
+
 $langs = $GLOBALS['langs'];
 $linkedObjectBlock = $GLOBALS['linkedObjectBlock'];
 
@@ -47,17 +50,23 @@ foreach($linkedObjectBlock as $object)
 <tr <?php echo $GLOBALS['bc'][$var]; ?> ><td>
 	<a href="<?php echo DOL_URL_ROOT.'/commande/fiche.php?id='.$object->id ?>"><?php echo img_object($langs->trans("ShowOrder"),"order").' '.$object->ref; ?></a></td>
 	<td align="center"><?php echo dol_print_date($object->date,'day'); ?></td>
-	<td align="right"><?php echo price($object->total_ht); ?></td>
+	<td align="right"><?php
+		if ($user->rights->commande->lire) {
+			$total = $total + $object->total_ht;
+			echo price($object->total_ht);
+		} ?></td>
 	<td align="right"><?php echo $object->getLibStatut(3); ?></td>
 </tr>
 <?php
-$total = $total + $object->total_ht;
 }
 
 ?>
 <tr class="liste_total">
 	<td align="left" colspan="2"><?php echo $langs->trans('TotalHT'); ?></td>
-	<td align="right"><?php echo price($total); ?></td>
+	<td align="right"><?php
+		if ($user->rights->commande->lire) {
+			echo price($total);
+		} ?></td>
 	<td>&nbsp;</td>
 </tr>
 </table>

htdocs/compta/bank/account.php

@@ -5,7 +5,7 @@
  * Copyright (C) 2004      Christophe Combelles <ccomb@free.fr>
  * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@capnetworks.com>
  * Copyright (C) 2010-2011 Juanjo Menent        <jmenent@@2byte.es>
- * Copyright (C) 2012      Marcos García        <marcosgdf@gmail.com>
+ * Copyright (C) 2012-2014 Marcos García        <marcosgdf@gmail.com>
  * Copyright (C) 2011-2014 Alexandre Spangaro   <alexandre.spangaro@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify
@@ -268,17 +268,22 @@ if ($id > 0 || ! empty($ref))
 	//Total pages
 	$totalPages = ceil($total_lines/$viewline);
 
-	if ($page > 0)
-	{
-		$limitsql = ($totalPages - $page) * $viewline;
-		if ($limitsql < $viewline) $limitsql = $viewline;
-		$nbline = $limitsql;
-	}
-	else
-	{
+	if ($totalPages == 0) {
 		$page = 0;
-		$limitsql = $nbline;
+	} else {
+
+		if ($page > 0) {
+			$limitsql = ($totalPages - $page) * $viewline;
+			if ($limitsql < $viewline) {
+				$limitsql = $viewline;
+			}
+			$nbline = $limitsql;
+		} else {
+			$page = 0;
+			$limitsql = $nbline;
+		}
 	}
+
 	//print $limitsql.'-'.$page.'-'.$viewline;
 
 	// Onglets
@@ -474,7 +479,7 @@ if ($id > 0 || ! empty($ref))
 		// VAT
 		$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."bank_url as bu2 ON bu2.fk_bank = b.rowid AND bu2.type='payment_vat'";
 		$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."tva as t ON bu2.url_id = t.rowid";
-		
+
 		// Salary payment
 		$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."bank_url as bu3 ON bu3.fk_bank = b.rowid AND bu3.type='payment_salary'";
 		$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."payment_salary as sal ON bu3.url_id = sal.rowid";

htdocs/compta/bank/bankid_fr.php

@@ -34,7 +34,7 @@ $langs->load("categories");
 $langs->load("bills");
 
 $action=GETPOST('action');
-$id=GETPOST('id');
+$id=GETPOST('id','int');
 $ref=GETPOST('ref');
 
 // Security check

htdocs/compta/facture/tpl/linkedobjectblock.tpl.php

@@ -1,6 +1,7 @@
 <?php
 /* Copyright (C) 2010-2011	Regis Houssin <regis.houssin@capnetworks.com>
  * Copyright (C) 2013		Juanjo Menent <jmenent@2byte.es>
+ * Copyright (C) 2014       Marcos García <marcosgdf@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -22,6 +23,8 @@
 
 <?php
 
+global $user;
+
 $langs = $GLOBALS['langs'];
 $linkedObjectBlock = $GLOBALS['linkedObjectBlock'];
 
@@ -47,16 +50,22 @@ foreach($linkedObjectBlock as $object)
 <tr <?php echo $GLOBALS['bc'][$var]; ?> ><td>
 	<a href="<?php echo DOL_URL_ROOT.'/compta/facture.php?facid='.$object->id ?>"><?php echo img_object($langs->trans("ShowBill"),"bill").' '.$object->ref; ?></a></td>
 	<td align="center"><?php echo dol_print_date($object->date,'day'); ?></td>
-	<td align="right"><?php echo price($object->total_ht); ?></td>
+	<td align="right"><?php
+		if ($user->rights->facture->lire) {
+			$total = $total + $object->total_ht;
+			echo price($object->total_ht);
+		} ?></td>
 	<td align="right"><?php echo $object->getLibStatut(3); ?></td>
 </tr>
 <?php
-$total = $total + $object->total_ht;
 }
 ?>
 <tr class="liste_total">
 	<td align="left" colspan="2"><?php echo $langs->trans("TotalHT"); ?></td>
-	<td align="right"><?php echo price($total); ?></td>
+	<td align="right"><?php
+		if ($user->rights->facture->lire) {
+			echo price($total);
+		} ?></td>
 	<td>&nbsp;</td>
 </tr>
 </table>

htdocs/compta/prelevement/class/bonprelevement.class.php

@@ -914,7 +914,7 @@ class BonPrelevement extends CommonObject
                 $sql = "INSERT INTO ".MAIN_DB_PREFIX."prelevement_bons (";
                 $sql.= " ref, entity, datec";
                 $sql.= ") VALUES (";
-                $sql.= "'".$ref."'";
+                $sql.= "'".$this->db->escape($ref)."'";
                 $sql.= ", ".$conf->entity;
                 $sql.= ", '".$this->db->idate($now)."'";
                 $sql.= ")";

htdocs/compta/prelevement/liste.php

@@ -78,19 +78,19 @@ $sql.= " AND f.entity = ".$conf->entity;
 if ($socid) $sql.= " AND s.rowid = ".$socid;
 if ($search_line)
 {
-    $sql.= " AND pl.rowid = '".$search_line."'";
+    $sql.= " AND pl.rowid = '".$db->escape($search_line)."'";
 }
 if ($search_bon)
 {
-    $sql.= " AND p.ref LIKE '%".$search_bon."%'";
+    $sql.= " AND p.ref LIKE '%".$db->escape($search_bon)."%'";
 }
 if ($search_code)
 {
-    $sql.= " AND s.code_client LIKE '%".$search_code."%'";
+    $sql.= " AND s.code_client LIKE '%".$db->escape($search_code)."%'";
 }
 if ($search_societe)
 {
-    $sql .= " AND s.nom LIKE '%".$search_societe."%'";
+    $sql .= " AND s.nom LIKE '%".$db->escape($search_societe)."%'";
 }
 $sql.=$db->order($sortfield,$sortorder);
 $sql.=$db->plimit($conf->liste_limit+1, $offset);
@@ -104,7 +104,7 @@ if ($result)
     $urladd = "&statut=".$statut;
     $urladd .= "&search_bon=".$search_bon;
 
-    print_barre_liste($langs->trans("WithdrawalsLines"), $page, "liste.php", $urladd, $sortfield, $sortorder, '', $num);
+    print_barre_liste($langs->trans("WithdrawalsLines"), $page, $_SERVER["PHP_SELF"], $urladd, $sortfield, $sortorder, '', $num);
 
     print"\n<!-- debut table -->\n";
     print '<table class="liste" width="100%">';

htdocs/compta/prelevement/rejets.php

@@ -76,7 +76,8 @@ $sql.= " AND pl.fk_prelevement_bons = p.rowid";
 $sql.= " AND pl.fk_soc = s.rowid";
 $sql.= " AND p.entity = ".$conf->entity;
 if ($socid) $sql.= " AND s.rowid = ".$socid;
-$sql .= " ORDER BY $sortfield $sortorder " . $db->plimit($conf->liste_limit+1, $offset);
+$sql.= " ".$db->order($sortfield, $sortorder);
+$sql.= " ".$db->plimit($conf->liste_limit+1, $offset);
 
 $result = $db->query($sql);
 if ($result)

htdocs/compta/recap-compta.php

@@ -30,7 +30,7 @@ $langs->load("companies");
 if (! empty($conf->facture->enabled)) $langs->load("bills");
 
 // Security check
-$socid = $_GET["socid"];
+$socid = GETPOST("socid",'int');
 if ($user->societe_id > 0)
 {
   $action = '';

htdocs/contact/info.php

@@ -31,22 +31,22 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/contact.lib.php';
 $langs->load("companies");
 
 // Security check
-$contactid = isset($_GET["id"])?$_GET["id"]:'';
+$contactid = GETPOST("id",'int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contact', $contactid, 'socpeople&societe');
 
 
 
 /*
-* 	View
-*/
+ * 	View
+ */
 
 llxHeader('',$langs->trans("ContactsAddresses"),'EN:Module_Third_Parties|FR:Module_Tiers|ES:Módulo_Empresas');
 
 
 $contact = new Contact($db);
-$contact->fetch($_GET["id"], $user);
-$contact->info($_GET["id"]);
+$contact->fetch($contactid, $user);
+$contact->info($contactid);
 
 
 $head = contact_prepare_head($contact);

htdocs/contrat/class/contrat.class.php

@@ -406,7 +406,7 @@ class Contrat extends CommonObject
 		$sql.= " FROM ".MAIN_DB_PREFIX."contrat";
 		if ($ref)
 		{
-			$sql.= " WHERE ref='".$ref."'";
+			$sql.= " WHERE ref='".$this->db->escape($ref)."'";
 			$sql.= " AND entity IN (".getEntity('contract').")";
 		}
 		else $sql.= " WHERE rowid=".$id;
@@ -2077,7 +2077,7 @@ class ContratLigne extends CommonObject
 		$sql.= " t.commentaire";
 		$sql.= " FROM ".MAIN_DB_PREFIX."contratdet as t";
 		if ($id)  $sql.= " WHERE t.rowid = ".$id;
-		if ($ref) $sql.= " WHERE t.rowid = '".$ref."'";
+		if ($ref) $sql.= " WHERE t.rowid = '".$this->db->escape($ref)."'";
 
 		dol_syslog(get_class($this)."::fetch", LOG_DEBUG);
 		$resql=$this->db->query($sql);

htdocs/contrat/info.php

@@ -29,7 +29,7 @@ require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php';
 $langs->load("contracts");
 
 // Security check
-$contratid = isset($_GET["id"])?$_GET["id"]:'';
+$contratid = GETPOST("id",'int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contrat',$contratid,'');
 
@@ -41,8 +41,8 @@ $result = restrictedArea($user, 'contrat',$contratid,'');
 llxHeader();
 
 $contrat = new Contrat($db);
-$contrat->fetch($_GET["id"]);
-$contrat->info($_GET["id"]);
+$contrat->fetch($contratid);
+$contrat->info($contratid);
 
 $head = contract_prepare_head($contrat);
 

htdocs/core/class/commonobject.class.php

@@ -1141,7 +1141,6 @@ abstract class CommonObject
         }
     }
 
-
     /**
      *  Save a new position (field rang) for details lines.
      *  You can choose to set position for lines with already a position or lines without any position defined.
@@ -2085,7 +2084,7 @@ abstract class CommonObject
         $sql.= " FROM ".MAIN_DB_PREFIX.$this->table_element;
         $sql.= " WHERE entity IN (".getEntity($this->element, 1).")";
         if (! empty($id))  $sql.= " AND rowid = ".$id;
-        if (! empty($ref)) $sql.= " AND ref = '".$ref."'";
+        if (! empty($ref)) $sql.= " AND ref = '".$this->db->escape($ref)."'";
 
         $resql = $this->db->query($sql);
         if ($resql)

htdocs/expedition/tpl/linkedobjectblock.tpl.php

@@ -1,5 +1,6 @@
 <?php
 /* Copyright (C) 2012 Regis Houssin <regis.houssin@capnetworks.com>
+ * Copyright (C) 2014 Marcos García <marcosgdf@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -21,6 +22,8 @@
 
 <?php
 
+global $user;
+
 $langs = $GLOBALS['langs'];
 $linkedObjectBlock = $GLOBALS['linkedObjectBlock'];
 
@@ -47,17 +50,23 @@ foreach($linkedObjectBlock as $object)
 	<a href="<?php echo DOL_URL_ROOT.'/expedition/fiche.php?id='.$object->id ?>"><?php echo img_object($langs->trans("ShowShipping"),"sending").' '.$object->ref; ?></a></td>
 	<td align="center"><?php echo dol_print_date($object->date_creation,'day'); ?></td>
 	<td align="center"><?php echo dol_print_date($object->date_delivery,'day'); ?></td>
-	<td align="right"><?php echo price($object->total_ht); ?></td>
+	<td align="right"><?php
+		if ($user->rights->expedition->lire) {
+			$total = $total + $object->total_ht;
+			echo price($object->total_ht);
+		} ?></td>
 	<td align="right"><?php echo $object->getLibStatut(3); ?></td>
 </tr>
 <?php
-$total = $total + $object->total_ht;
 }
 
 ?>
 <tr class="liste_total">
 	<td align="left" colspan="3"><?php echo $langs->trans('TotalHT'); ?></td>
-	<td align="right"><?php echo price($total); ?></td>
+	<td align="right"><?php
+		if ($user->rights->expedition->lire) {
+			echo price($total);
+		} ?></td>
 	<td>&nbsp;</td>
 </tr>
 </table>

htdocs/fourn/class/fournisseur.commande.class.php

@@ -137,7 +137,7 @@ class CommandeFournisseur extends CommonOrder
         $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as p ON (c.fk_mode_reglement = p.id)";
         $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_input_method as cm ON cm.rowid = c.fk_input_method";
         $sql.= " WHERE c.entity = ".$conf->entity;
-        if ($ref) $sql.= " AND c.ref='".$ref."'";
+        if ($ref) $sql.= " AND c.ref='".$this->db->escape($ref)."'";
         else $sql.= " AND c.rowid=".$id;
 
         dol_syslog(get_class($this)."::fetch", LOG_DEBUG);

htdocs/fourn/class/paiementfourn.class.php

@@ -4,6 +4,7 @@
  * Copyright (C) 2005      Marc Barilley / Ocebo  <marc@ocebo.com>
  * Copyright (C) 2005-2009 Regis Houssin          <regis.houssin@capnetworks.com>
  * Copyright (C) 2010-2011 Juanjo Menent          <jmenent@2byte.es>
+ * Copyright (C) 2014      Marcos García          <marcosgdf@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -55,6 +56,18 @@ class PaiementFourn extends Paiement
 	// fk_paiement dans llx_paiement est l'id du type de paiement (7 pour CHQ, ...)
 	// fk_paiement dans llx_paiement_facture est le rowid du paiement
 
+	/**
+	 * Label of payment type
+	 * @var string
+	 */
+	public $type_libelle;
+
+	/**
+	 * Code of Payment type
+	 * @var string
+	 */
+	public $type_code;
+
 	/**
 	 *	Constructor
 	 *
@@ -74,7 +87,7 @@ class PaiementFourn extends Paiement
 	function fetch($id)
 	{
 		$sql = 'SELECT p.rowid, p.datep as dp, p.amount, p.statut, p.fk_bank,';
-		$sql.= ' c.libelle as paiement_type,';
+		$sql.= ' c.code as paiement_code, c.libelle as paiement_type,';
 		$sql.= ' p.num_paiement, p.note, b.fk_account';
 		$sql.= ' FROM '.MAIN_DB_PREFIX.'c_paiement as c, '.MAIN_DB_PREFIX.'paiementfourn as p';
 		$sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON p.fk_bank = b.rowid ';
@@ -95,6 +108,7 @@ class PaiementFourn extends Paiement
 				$this->bank_line      = $obj->fk_bank;
 				$this->montant        = $obj->amount;
 				$this->note           = $obj->note;
+				$this->type_code      = $obj->paiement_code;
 				$this->type_libelle   = $obj->paiement_type;
 				$this->statut         = $obj->statut;
 				$error = 1;

htdocs/fourn/commande/tpl/linkedobjectblock.tpl.php

@@ -1,5 +1,6 @@
 <?php
 /* Copyright (C) 2010-2011 Regis Houssin <regis.houssin@capnetworks.com>
+ * Copyright (C) 2014      Marcos García <marcosgdf@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -21,6 +22,8 @@
 
 <?php
 
+global $user;
+
 $langs = $GLOBALS['langs'];
 $linkedObjectBlock = $GLOBALS['linkedObjectBlock'];
 
@@ -44,17 +47,23 @@ foreach($linkedObjectBlock as $object)
 <tr <?php echo $bc[$var]; ?> ><td>
 	<a href="<?php echo DOL_URL_ROOT.'/fourn/commande/fiche.php?id='.$object->id ?>"><?php echo img_object($langs->trans("ShowOrder"),"order").' '.$object->ref; ?></a></td>
 	<td align="center"><?php echo dol_print_date($object->date,'day'); ?></td>
-	<td align="right"><?php echo price($object->total_ht); ?></td>
+	<td align="right"><?php
+		if ($user->rights->fournisseur->commande->lire) {
+			$total = $total + $object->total_ht;
+			echo price($object->total_ht);
+		} ?></td>
 	<td align="right"><?php echo $object->getLibStatut(3); ?></td>
 </tr>
 <?php
-$total = $total + $object->total_ht;
 }
 
 ?>
 <tr class="liste_total">
 	<td align="left" colspan="2"><?php echo $langs->trans('TotalHT'); ?></td>
-	<td align="right"><?php echo price($total); ?></td>
+	<td align="right"><?php
+		if ($user->rights->fournisseur->commande->lire) {
+			echo price($total);
+		} ?></td>
 	<td>&nbsp;</td>
 </tr>
 </table>

htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php

@@ -1,5 +1,6 @@
 <?php
 /* Copyright (C) 2010-2011 Regis Houssin <regis.houssin@capnetworks.com>
+ * Copyright (C) 2014      Marcos García <marcosgdf@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -21,6 +22,8 @@
 
 <?php
 
+global $user;
+
 $langs = $GLOBALS['langs'];
 $linkedObjectBlock = $GLOBALS['linkedObjectBlock'];
 
@@ -45,16 +48,22 @@ foreach($linkedObjectBlock as $object)
 <tr <?php echo $bc[$var]; ?> ><td>
 	<a href="<?php echo DOL_URL_ROOT.'/fourn/facture/fiche.php?facid='.$object->id ?>"><?php echo img_object($langs->trans("ShowBill"),"bill").' '.$object->ref; ?></a></td>
 	<td align="center"><?php echo dol_print_date($object->date,'day'); ?></td>
-	<td align="right"><?php echo price($object->total_ht); ?></td>
+	<td align="right"><?php
+		if ($user->rights->fournisseur->facture->lire) {
+			$total = $total + $object->total_ht;
+			echo price($object->total_ht);
+		} ?></td>
 	<td align="right"><?php echo $object->getLibStatut(3); ?></td>
 </tr>
 <?php
-$total = $total + $object->total_ht;
 }
 ?>
 <tr class="liste_total">
 	<td align="left" colspan="2"><?php echo $langs->trans("TotalHT"); ?></td>
-	<td align="right"><?php echo price($total); ?></td>
+	<td align="right"><?php
+		if ($user->rights->fournisseur->facture->lire) {
+			echo price($total);
+		} ?></td>
 	<td>&nbsp;</td>
 </tr>
 </table>

htdocs/fourn/paiement/fiche.php

@@ -2,7 +2,7 @@
 /* Copyright (C) 2005      Rodolphe Quiedeville  <rodolphe@quiedeville.org>
  * Copyright (C) 2005      Marc Barilley / Ocebo <marc@ocebo.com>
  * Copyright (C) 2006-2010 Laurent Destailleur   <eldy@users.sourceforge.net>
- * Copyright (C) 2013		Marcos García		<marcosgdf@gmail.com>
+ * Copyright (C) 2014      Marcos García         <marcosgdf@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -178,7 +178,8 @@ if ($result > 0)
     print '</td></tr>';
 
 	// Payment mode
-	print '<tr><td valign="top" colspan="2">'.$langs->trans('PaymentMode').'</td><td colspan="3">'.$object->type_libelle.'</td></tr>';
+	$labeltype=$langs->trans("PaymentType".$object->type_code)!=("PaymentType".$object->type_code)?$langs->trans("PaymentType".$object->type_code):$object->type_libelle;
+	print '<tr><td valign="top" colspan="2">'.$langs->trans('PaymentMode').'</td><td colspan="3">'.$labeltype.'</td></tr>';
 
 	// Payment numero
     print '<tr><td valign="top" colspan="2">'.$form->editfieldkey("Numero",'num_paiement',$object->numero,$object,$object->statut == 0 && $user->rights->fournisseur->facture->creer).'</td><td colspan="3">';

htdocs/holiday/index.php

@@ -51,7 +51,7 @@ $offset = $conf->liste_limit * $page ;
 $pageprev = $page - 1;
 $pagenext = $page + 1;
 
-$id = GETPOST('id');
+$id = GETPOST('id','int');
 
 $search_ref      = GETPOST('search_ref');
 $month_create    = GETPOST('month_create');

htdocs/langs/en_US/dict.lang

@@ -290,6 +290,8 @@ CurrencySingXOF=CFA Franc BCEAO
 CurrencyXPF=CFP Francs
 CurrencySingXPF=CFP Franc
 CurrencyCentSingEUR=cent
+CurrencyCentINR=paisa
+CurrencyCentSingINR=paise
 CurrencyThousandthSingTND=thousandth
 #### Input reasons #####
 DemandReasonTypeSRC_INTE=Internet

htdocs/opensurvey/list.php

@@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
 if (!$user->rights->opensurvey->read) accessforbidden();
 
 $action=GETPOST('action');
-$id=GETPOST('id');
+$id=GETPOST('id','alpha');
 $numsondage= $id;
 $surveytitle=GETPOST('surveytitle');
 $status=GETPOST('status');

htdocs/product/class/product.class.php

@@ -6,7 +6,7 @@
  * Copyright (C) 2007-2011 Jean Heimburger      <jean@tiaris.info>
  * Copyright (C) 2010-2013 Juanjo Menent        <jmenent@2byte.es>
  * Copyright (C) 2013-2014 Cedric GROSS	        <c.gross@kreiz-it.fr>
- * Copyright (C) 2013      Marcos García        <marcosgdf@gmail.com>
+ * Copyright (C) 2013-2014 Marcos García        <marcosgdf@gmail.com>
  * Copyright (C) 2011-2014 Alexandre Spangaro   <alexandre.spangaro@gmail.com>
  * Copyright (C) 2014 	   Henry Florian 		<florian.henry@open-concept.pro>
  * Copyright (C) 2014 	   Philippe Grand 		<philippe.grand@atoo-net.com>
@@ -989,6 +989,62 @@ class Product extends CommonObject
 		}
 	}
 
+	/*
+	 * Sets an accountancy code for a product.
+	 * Also calls PRODUCT_MODIFY trigger when modified
+	 *
+	 * @param string $type It can be 'buy' or 'sell'
+	 * @param string $value Accountancy code
+	 * @return int <0 KO >0 OK
+	 */
+	public function setAccountancyCode($type, $value)
+	{
+		global $user, $langs, $conf;
+
+		$this->db->begin();
+
+		if ($type == 'buy') {
+			$field = 'accountancy_code_buy';
+		} elseif ($type == 'sell') {
+			$field = 'accountancy_code_sell';
+		} else {
+			return -1;
+		}
+
+		$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ";
+		$sql.= "$field = '".$this->db->escape($value)."'";
+		$sql.= " WHERE rowid = ".$this->id;
+
+		dol_syslog(get_class($this)."::".__FUNCTION__." sql=".$sql, LOG_DEBUG);
+		$resql = $this->db->query($sql);
+
+		if ($resql)
+		{
+			// Call triggers
+			include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
+			$interface=new Interfaces($this->db);
+			$result=$interface->run_triggers('PRODUCT_MODIFY',$this,$user,$langs,$conf);
+			if ($result < 0)
+			{
+				$this->errors=$interface->errors;
+				$this->db->rollback();
+				return -1;
+			}
+			// End call triggers
+
+			$this->$field = $value;
+
+			$this->db->commit();
+			return 1;
+		}
+		else
+		{
+			$this->error=$this->db->lasterror();
+			$this->db->rollback();
+			return -1;
+		}
+	}
+
 	/**
 	 *	Load array this->multilangs
 	 *

htdocs/product/fiche.php

@@ -6,7 +6,7 @@
  * Copyright (C) 2006      Andre Cianfarani     <acianfa@free.fr>
  * Copyright (C) 2006      Auguria SARL         <info@auguria.org>
  * Copyright (C) 2010-2014 Juanjo Menent        <jmenent@2byte.es>
- * Copyright (C) 2013      Marcos García        <marcosgdf@gmail.com>
+ * Copyright (C) 2013-2014 Marcos García        <marcosgdf@gmail.com>
  * Copyright (C) 2013      Cédric Salvador      <csalvador@gpcsolutions.fr>
  * Copyright (C) 2011-2014 Alexandre Spangaro   <alexandre.spangaro@gmail.com>
  * Copyright (C) 2014      Cédric Gross         <c.gross@kreiz-it.fr>
@@ -145,20 +145,18 @@ if (empty($reshook))
 		}
     }
 
-    if ($action == 'setaccountancy_code_buy')
-    {
-        $result = $object->setValueFrom('accountancy_code_buy', GETPOST('accountancy_code_buy'));
+    if ($action == 'setaccountancy_code_buy') {
+
+	    $result = $object->setAccountancyCode('buy', GETPOST('accountancy_code_buy'));
         if ($result < 0) setEventMessage(join(',',$object->errors), 'errors');
-        else $object->accountancy_code_buy=GETPOST('accountancy_code_buy');
         $action="";
     }
 
     if ($action == 'setaccountancy_code_sell')
     {
-        $result = $object->setValueFrom('accountancy_code_sell', GETPOST('accountancy_code_sell'));
-        if ($result < 0) setEventMessage(join(',',$object->errors), 'errors');
-        else $object->accountancy_code_sell=GETPOST('accountancy_code_sell');
-        $action="";
+	    $result = $object->setAccountancyCode('sell', GETPOST('accountancy_code_sell'));
+	    if ($result < 0) setEventMessage(join(',',$object->errors), 'errors');
+	    $action="";
     }
 
     // Add a product or service

htdocs/product/index.php

@@ -28,7 +28,7 @@ require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
 
-$type=isset($_GET["type"])?$_GET["type"]:(isset($_POST["type"])?$_POST["type"]:'');
+$type=GETPOST("type",'int');
 if ($type =='' && !$user->rights->produit->lire) $type='1';	// Force global page on service page only
 if ($type =='' && !$user->rights->service->lire) $type='0';	// Force global page on product page only
 

htdocs/product/reassort.php

@@ -243,7 +243,7 @@ if ($resql)
 	print_liste_field_titre($langs->trans("Ref"),"reassort.php", "p.ref",$param,"","",$sortfield,$sortorder);
 	print_liste_field_titre($langs->trans("Label"),"reassort.php", "p.label",$param,"","",$sortfield,$sortorder);
 	if (! empty($conf->service->enabled) && $type == 1) print_liste_field_titre($langs->trans("Duration"),"reassort.php", "p.duration",$param,"",'align="center"',$sortfield,$sortorder);
-	print_liste_field_titre($langs->trans("MininumStock"),"reassort.php", "p.seuil_stock_alerte",$param,"",'align="right"',$sortfield,$sortorder);
+	print_liste_field_titre($langs->trans("StockLimit"),"reassort.php", "p.seuil_stock_alerte",$param,"",'align="right"',$sortfield,$sortorder);
 	print_liste_field_titre($langs->trans("DesiredStock"),"reassort.php", "p.desiredstock",$param,"",'align="right"',$sortfield,$sortorder);
 	print_liste_field_titre($langs->trans("PhysicalStock"),"reassort.php", "stock_physique",$param,"",'align="right"',$sortfield,$sortorder);
 	// TODO Add info of running suppliers/customers orders

htdocs/product/stats/contrat.php

@@ -70,7 +70,7 @@ if ($id > 0 || ! empty($ref))
 {
 	$product = new Product($db);
 	$result = $product->fetch($id, $ref);
-	
+
 	$parameters=array('id'=>$id);
 	$reshook=$hookmanager->executeHooks('doActions',$parameters,$product,$action);    // Note that $action and $object may have been modified by some hooks
 	$error=$hookmanager->error; $errors=$hookmanager->errors;
@@ -83,7 +83,7 @@ if ($id > 0 || ! empty($ref))
 		$titre=$langs->trans("CardProduct".$product->type);
 		$picto=($product->type==1?'service':'product');
 		dol_fiche_head($head, 'referers', $titre, 0, $picto);
-		
+
 		$reshook=$hookmanager->executeHooks('formObjectOptions',$parameters,$product,$action);    // Note that $action and $object may have been modified by hook
 
 		print '<table class="border" width="100%">';
@@ -135,7 +135,7 @@ if ($id > 0 || ! empty($ref))
 		if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 		if ($socid) $sql.= " AND s.rowid = ".$socid;
 		$sql.= " GROUP BY c.rowid, c.date_contrat, c.statut, s.nom, s.rowid, s.code_client";
-		$sql.= " ORDER BY $sortfield $sortorder";
+		$sql.= $db->order($sortfield, $sortorder);
 		$sql.= $db->plimit($conf->liste_limit +1, $offset);
 
 		$result = $db->query($sql);

htdocs/product/stock/liste.php

@@ -31,12 +31,12 @@ $langs->load("stocks");
 // Security check
 $result=restrictedArea($user,'stock');
 
-$sref=isset($_GET["sref"])?$_GET["sref"]:$_POST["sref"];
-$snom=isset($_GET["snom"])?$_GET["snom"]:$_POST["snom"];
-$sall=isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"];
+$sref=GETPOST("sref");;
+$snom=GETPOST("snom");
+$sall=GETPOST("sall");
 
-$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
-$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
+$sortfield = GETPOST("sortfield");
+$sortorder = GETPOST("sortorder");
 if (! $sortfield) $sortfield="e.label";
 if (! $sortorder) $sortorder="ASC";
 $page = $_GET["page"];
@@ -50,13 +50,13 @@ $sql.= " FROM ".MAIN_DB_PREFIX."entrepot as e";
 $sql.= " WHERE e.entity = ".$conf->entity;
 if ($sref)
 {
-    $sql.= " AND e.label like '%".$sref."%'";
+    $sql.= " AND e.label like '%".$db->escape($sref)."%'";
 }
 if ($sall)
 {
-    $sql.= " AND (e.description like '%".$sall."%' OR e.lieu like '%".$sall."%' OR e.address like '%".$sall."%' OR e.town like '%".$sall."%')";
+    $sql.= " AND (e.description like '%".$db->escape($sall)."%' OR e.lieu like '%".$db->escape($sall)."%' OR e.address like '%".$db->escape($sall)."%' OR e.town like '%".$db->escape($sall)."%')";
 }
-$sql.= " ORDER BY $sortfield $sortorder";
+$sql.= $db->order($sortfield,$sortorder);
 $sql.= $db->plimit($limit+1, $offset);
 
 $result = $db->query($sql);

htdocs/product/stock/massstockmove.php

@@ -43,9 +43,9 @@ $result=restrictedArea($user,'produit|service');
 //checks if a product has been ordered
 
 $action = GETPOST('action','alpha');
-$id_product = GETPOST('productid', 'productid');
-$id_sw = GETPOST('id_sw', 'id_sw');
-$id_tw = GETPOST('id_tw', 'id_tw');
+$id_product = GETPOST('productid', 'int');
+$id_sw = GETPOST('id_sw', 'int');
+$id_tw = GETPOST('id_tw', 'int');
 $qty = GETPOST('qty');
 $idline = GETPOST('idline');
 

htdocs/product/stock/replenishorders.php

@@ -72,13 +72,8 @@ $sproduct = GETPOST('sproduct', 'int');
 $sortorder = GETPOST('sortorder', 'alpha');
 $sortfield = GETPOST('sortfield', 'alpha');
 
-if (!$sortorder) {
-    $sortorder = 'DESC';
-}
-
-if (!$sortfield) {
-    $sortfield = 'cf.date_creation';
-}
+if (!$sortorder) $sortorder = 'DESC';
+if (!$sortfield) $sortfield = 'cf.date_creation';
 
 $offset = $conf->liste_limit * $page ;
 
@@ -146,7 +141,7 @@ if (GETPOST('statut', 'int')) {
 }
 $sql .= ' GROUP BY cf.rowid, cf.ref, cf.date_creation, cf.fk_statut';
 $sql .= ', cf.total_ttc, cf.fk_user_author, u.login, s.rowid, s.nom';
-$sql .= ' ORDER BY ' . $sortfield . ' ' . $sortorder  . ' ';
+$sql .= $db->order($sortfield, $sortorder);
 $sql .= $db->plimit($conf->liste_limit+1, $offset);
 $resql = $db->query($sql);
 if ($resql)
@@ -317,7 +312,7 @@ if ($resql)
          '</form>';
 
     $db->free($resql);
-    
+
     dol_fiche_end();
 }
 else

htdocs/projet/class/project.class.php

@@ -296,7 +296,7 @@ class Project extends CommonObject
         }
         else if (! empty($ref))
         {
-        	$sql.= " WHERE ref='".$ref."'";
+        	$sql.= " WHERE ref='".$this->db->escape($ref)."'";
         	$sql.= " AND entity IN (".getEntity('project').")";
         }
 

htdocs/projet/class/task.class.php

@@ -205,7 +205,7 @@ class Task extends CommonObject
         $sql.= " FROM ".MAIN_DB_PREFIX."projet_task as t";
         $sql.= " WHERE ";
         if (!empty($ref)) {
-        	$sql.="t.ref = '".$ref."'";
+        	$sql.="t.ref = '".$this->db->escape($ref)."'";
         }else {
         	$sql.="t.rowid = ".$id;
         }

htdocs/projet/contact.php

@@ -93,7 +93,7 @@ if ($action == 'swapstatut' && $user->rights->projet->creer)
 {
 	if ($object->fetch($id))
 	{
-	    $result=$object->swapContactStatus(GETPOST('ligne'));
+	    $result=$object->swapContactStatus(GETPOST('ligne','int'));
 	}
 	else
 	{
@@ -105,7 +105,7 @@ if ($action == 'swapstatut' && $user->rights->projet->creer)
 if (($action == 'deleteline' || $action == 'deletecontact') && $user->rights->projet->creer)
 {
 	$object->fetch($id);
-	$result = $object->delete_contact($_GET["lineid"]);
+	$result = $object->delete_contact(GETPOST("lineid"));
 
 	if ($result >= 0)
 	{

htdocs/projet/fiche.php

@@ -63,7 +63,7 @@ $result = restrictedArea($user, 'projet', $object->id);
 // fetch optionals attributes and labels
 $extralabels=$extrafields->fetch_name_optionals_label($object->table_element);
 
-$date_start=dol_mktime(0,0,0,GETPOST('projectmonth','int'),GETPOST('projectday','int'),GETPOST('projectyear','int'));
+$date_start=dol_mktime(0,0,0,GETPOST('projectstartmonth','int'),GETPOST('projectstartday','int'),GETPOST('projectstartyear','int'));
 $date_end=dol_mktime(0,0,0,GETPOST('projectendmonth','int'),GETPOST('projectendday','int'),GETPOST('projectendyear','int'));
 
 
@@ -216,7 +216,7 @@ if (empty($reshook))
 	        $object->socid        = GETPOST('socid','int');
 	        $object->description  = GETPOST('description');	// Do not use 'alpha' here, we want field as it is
 	        $object->public       = GETPOST('public','alpha');
-	        $object->date_start   = empty($_POST["project"])?'':$date_start;
+	        $object->date_start   = empty($_POST["projectstart"])?'':$date_start;
 	        $object->date_end     = empty($_POST["projectend"])?'':$date_end;
 
 	        // Fill array 'array_options' with data from add form
@@ -446,7 +446,7 @@ if ($action == 'create' && $user->rights->projet->creer)
 
     // Date start
     print '<tr><td>'.$langs->trans("DateStart").'</td><td>';
-    print $form->select_date(($date_start?$date_start:''),'project');
+    print $form->select_date(($date_start?$date_start:''),'projectstart');
     print '</td></tr>';
 
     // Date end
@@ -578,7 +578,7 @@ else
 
         // Date start
         print '<tr><td>'.$langs->trans("DateStart").'</td><td>';
-        print $form->select_date($object->date_start?$object->date_start:-1,'project');
+        print $form->select_date($object->date_start?$object->date_start:-1,'projectstart');
         print ' &nbsp; &nbsp; <input type="checkbox" name="reportdate" value="yes" ';
         if ($comefromclone){print ' checked="checked" ';}
 		print '/> '. $langs->trans("ProjectReportDate");

htdocs/projet/tasks/index.php

@@ -43,9 +43,9 @@ $socid=0;
 if ($user->societe_id > 0) $socid = $user->societe_id;
 if (!$user->rights->projet->lire) accessforbidden();
 
-$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
-$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
-$page = isset($_GET["page"])? $_GET["page"]:$_POST["page"];
+$sortfield = GETPOST("sortfield");
+$sortorder = GETPOST("sortorder");
+$page = GETPOST("page");
 $page = is_numeric($page) ? $page : 0;
 $page = $page == -1 ? 0 : $page;
 

htdocs/societe/soc.php

@@ -181,14 +181,7 @@ if (empty($reshook))
 
         $object->forme_juridique_code  = GETPOST('forme_juridique_code', 'int');
         $object->effectif_id           = GETPOST('effectif_id', 'int');
-        if (GETPOST("private") == 1)
-        {
-            $object->typent_id         = dol_getIdFromCode($db,'TE_PRIVATE','c_typent');
-        }
-        else
-        {
-            $object->typent_id         = GETPOST('typent_id', 'int');
-        }
+        $object->typent_id             = GETPOST('typent_id');
 
         $object->client                = GETPOST('client', 'int');
         $object->fournisseur           = GETPOST('fournisseur', 'int');
@@ -1112,7 +1105,7 @@ else
 
 	        dol_fiche_head($head, 'card', $langs->trans("ThirdParty"),0,'company');
 
-	         
+
             // Load object modCodeTiers
             $module=(! empty($conf->global->SOCIETE_CODECLIENT_ADDON)?$conf->global->SOCIETE_CODECLIENT_ADDON:'mod_codeclient_leopard');
             if (substr($module, 0, 15) == 'mod_codeclient_' && substr($module, -3) == 'php')
@@ -1148,9 +1141,9 @@ else
             {
                 $prefixSupplierIsUsed = $modCodeFournisseur->verif_prefixIsUsed();
             }
-            
+
             $object->oldcopy=dol_clone($object);
-            
+
             if (GETPOST('nom'))
             {
                 // We overwrite with values if posted
@@ -1182,7 +1175,7 @@ else
                 $object->barcode				= GETPOST('barcode', 'san_alpha');
                 $object->forme_juridique_code	= GETPOST('forme_juridique_code', 'int');
                 $object->default_lang			= GETPOST('default_lang', 'san_alpha');
-                
+
                 $object->tva_assuj				= GETPOST('assujtva_value', 'int');
                 $object->tva_intra				= GETPOST('tva_intra', 'san_alpha');
                 $object->status					= GETPOST('status', 'int');
@@ -1269,7 +1262,7 @@ else
             print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
             print '<input type="hidden" name="socid" value="'.$object->id.'">';
             if ($modCodeClient->code_auto || $modCodeFournisseur->code_auto) print '<input type="hidden" name="code_auto" value="1">';
-            
+
             print '<table class="border" width="100%">';
 
             // Name