From 090b0e90d20aceed65805bd0950dd45703142f37 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sun, 23 Feb 2020 23:52:48 +0100
Subject: [PATCH 01/13] FIX #13183

---
 htdocs/install/upgrade2.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php
index c5d1d7837e9a8..b5cf6e4c9ddc3 100644
--- a/htdocs/install/upgrade2.php
+++ b/htdocs/install/upgrade2.php
@@ -5024,7 +5024,7 @@ function migrate_users_socialnetworks()
                 $obj->socialnetworks = '[]';
             }
             $socialnetworks = array_merge($arraysocialnetworks, json_decode($obj->socialnetworks, true));
-            $sqlupd = 'UPDATE '.MAIN_DB_PREFIX.'user SET socialnetworks="'.$db->escape(json_encode($socialnetworks, true)).'"';
+            $sqlupd = 'UPDATE '.MAIN_DB_PREFIX."user SET socialnetworks='".$db->escape(json_encode($socialnetworks, true))."'";
             $sqlupd.= ', skype=null';
             $sqlupd.= ', twitter=null';
             $sqlupd.= ', facebook=null';

From 6366881f91e0a14cd3f9d02b5a8c3ad22448a95d Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 24 Feb 2020 00:41:25 +0100
Subject: [PATCH 02/13] FIX #13175

---
 .../bank/account_statement_document.php       |  6 +--
 htdocs/compta/bank/releve.php                 |  2 +-
 htdocs/core/photos_resize.php                 | 49 ++++++++++++-------
 .../tpl/document_actions_post_headers.tpl.php |  3 +-
 4 files changed, 36 insertions(+), 24 deletions(-)

diff --git a/htdocs/compta/bank/account_statement_document.php b/htdocs/compta/bank/account_statement_document.php
index 08447216dda5d..bdb3ac4620ed3 100644
--- a/htdocs/compta/bank/account_statement_document.php
+++ b/htdocs/compta/bank/account_statement_document.php
@@ -137,9 +137,9 @@
 		$modulepart = 'bank';
 		$permission = $user->rights->banque->modifier;
 		$permtoedit = $user->rights->banque->modifier;
-		$param = '&id='.$object->id.'&num='.$num;
-		$uri = '&num='.$num;
-		$relativepathwithnofile = $id."/statement/".$num."/";
+		$param = '&id='.$object->id.'&num='.urlencode($num);
+		$moreparam = '&num='.urlencode($num);;
+		$relativepathwithnofile = $id."/statement/".dol_sanitizeFileName($num)."/";
 		include_once DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php';
 	}
 	else {
diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php
index 9ae1d5d7d83b9..a16927bda0b1d 100644
--- a/htdocs/compta/bank/releve.php
+++ b/htdocs/compta/bank/releve.php
@@ -49,7 +49,7 @@
 $langs->loadLangs(array("banks", "categories", "companies", "bills", "trips", "donations", "loan"));
 
 $action = GETPOST('action', 'alpha');
-$id = GETPOST('account', 'int');
+$id = GETPOST('account', 'int') ? GETPOST('account', 'int') : GETPOST('id', 'int');
 $ref = GETPOST('ref', 'alpha');
 $dvid = GETPOST('dvid', 'alpha');
 $numref = GETPOST('num', 'alpha');
diff --git a/htdocs/core/photos_resize.php b/htdocs/core/photos_resize.php
index 17c7cb9e974b2..dd59b20c964d9 100644
--- a/htdocs/core/photos_resize.php
+++ b/htdocs/core/photos_resize.php
@@ -38,6 +38,10 @@
 $backtourl = GETPOST('backtourl');
 $cancel = GETPOST('cancel', 'alpha');
 
+$file = GETPOST('file', 'alpha');
+$num = GETPOST('num', 'alpha');		// Used for document on bank statement
+
+
 // Security check
 if (empty($modulepart)) accessforbidden('Bad value for modulepart');
 $accessallowed = 0;
@@ -249,19 +253,25 @@
 
 if (empty($backtourl))
 {
-    if (in_array($modulepart, array('product', 'produit', 'service', 'produit|service'))) $backtourl = DOL_URL_ROOT."/product/document.php?id=".$id.'&file='.urldecode($_POST["file"]);
-    elseif (in_array($modulepart, array('expensereport'))) $backtourl = DOL_URL_ROOT."/expensereport/document.php?id=".$id.'&file='.urldecode($_POST["file"]);
-    elseif (in_array($modulepart, array('holiday')))       $backtourl = DOL_URL_ROOT."/holiday/document.php?id=".$id.'&file='.urldecode($_POST["file"]);
-    elseif (in_array($modulepart, array('member')))        $backtourl = DOL_URL_ROOT."/adherents/document.php?id=".$id.'&file='.urldecode($_POST["file"]);
-    elseif (in_array($modulepart, array('project')))       $backtourl = DOL_URL_ROOT."/projet/document.php?id=".$id.'&file='.urldecode($_POST["file"]);
-    elseif (in_array($modulepart, array('propal')))        $backtourl = DOL_URL_ROOT."/comm/propal/document.php?id=".$id.'&file='.urldecode($_POST["file"]);
-    elseif (in_array($modulepart, array('societe')))       $backtourl = DOL_URL_ROOT."/societe/document.php?id=".$id.'&file='.urldecode($_POST["file"]);
-    elseif (in_array($modulepart, array('tax')))           $backtourl = DOL_URL_ROOT."/compta/sociales/document.php?id=".$id.'&file='.urldecode($_POST["file"]);
-    elseif (in_array($modulepart, array('ticket')))        $backtourl = DOL_URL_ROOT."/ticket/document.php?id=".$id.'&file='.urldecode($_POST["file"]);
-    elseif (in_array($modulepart, array('user')))          $backtourl = DOL_URL_ROOT."/user/document.php?id=".$id.'&file='.urldecode($_POST["file"]);
-    elseif (in_array($modulepart, array('bank')))          $backtourl = DOL_URL_ROOT."/compta/bank/document.php?id=".$id.'&file='.urldecode($_POST["file"]);
-    elseif (in_array($modulepart, array('mrp')))           $backtourl = DOL_URL_ROOT."/mrp/mo_document.php?id=".$id.'&file='.urldecode($_POST["file"]);
-    else $backtourl = DOL_URL_ROOT."/".$modulepart."/".$modulepart."_document.php?id=".$id.'&file='.urldecode($_POST["file"]);
+	$regs = array();
+
+    if (in_array($modulepart, array('product', 'produit', 'service', 'produit|service'))) $backtourl = DOL_URL_ROOT."/product/document.php?id=".$id.'&file='.urldecode($file);
+    elseif (in_array($modulepart, array('expensereport'))) $backtourl = DOL_URL_ROOT."/expensereport/document.php?id=".$id.'&file='.urldecode($file);
+    elseif (in_array($modulepart, array('holiday')))       $backtourl = DOL_URL_ROOT."/holiday/document.php?id=".$id.'&file='.urldecode($file);
+    elseif (in_array($modulepart, array('member')))        $backtourl = DOL_URL_ROOT."/adherents/document.php?id=".$id.'&file='.urldecode($file);
+    elseif (in_array($modulepart, array('project')))       $backtourl = DOL_URL_ROOT."/projet/document.php?id=".$id.'&file='.urldecode($file);
+    elseif (in_array($modulepart, array('propal')))        $backtourl = DOL_URL_ROOT."/comm/propal/document.php?id=".$id.'&file='.urldecode($file);
+    elseif (in_array($modulepart, array('societe')))       $backtourl = DOL_URL_ROOT."/societe/document.php?id=".$id.'&file='.urldecode($file);
+    elseif (in_array($modulepart, array('tax')))           $backtourl = DOL_URL_ROOT."/compta/sociales/document.php?id=".$id.'&file='.urldecode($file);
+    elseif (in_array($modulepart, array('ticket')))        $backtourl = DOL_URL_ROOT."/ticket/document.php?id=".$id.'&file='.urldecode($file);
+    elseif (in_array($modulepart, array('user')))          $backtourl = DOL_URL_ROOT."/user/document.php?id=".$id.'&file='.urldecode($file);
+    elseif (in_array($modulepart, array('bank')) && preg_match('/\/statement\/([^\/]+)\//', $file, $regs)) {
+    	$num = $regs[1];
+    	$backtourl = DOL_URL_ROOT."/compta/bank/account_statement_document.php?id=".$id.'&num='.urlencode($num).'&file='.urldecode($file);
+    }
+    elseif (in_array($modulepart, array('bank')))          $backtourl = DOL_URL_ROOT."/compta/bank/document.php?id=".$id.'&file='.urldecode($file);
+    elseif (in_array($modulepart, array('mrp')))           $backtourl = DOL_URL_ROOT."/mrp/mo_document.php?id=".$id.'&file='.urldecode($file);
+    else $backtourl = DOL_URL_ROOT."/".$modulepart."/".$modulepart."_document.php?id=".$id.'&file='.urldecode($file);
 }
 
 
@@ -283,11 +293,11 @@
 	}
 }
 
-if ($action == 'confirm_resize' && (isset($_POST["file"]) != "") && (isset($_POST["sizex"]) != "") && (isset($_POST["sizey"]) != ""))
+if ($action == 'confirm_resize' && GETPOSTISSET("file") && GETPOSTISSET("sizex") && GETPOSTISSET("sizey"))
 {
 	$fullpath = $dir."/".$original_file;
 
-	$result = dol_imageResizeOrCrop($fullpath, 0, $_POST['sizex'], $_POST['sizey']);
+	$result = dol_imageResizeOrCrop($fullpath, 0, GETPOST('sizex', 'int'), GETPOST('sizey', 'int'));
 
 	if ($result == $fullpath)
 	{
@@ -357,7 +367,7 @@
 	$fullpath = $dir."/".$original_file;
 
 	//var_dump($_POST['w'].'x'.$_POST['h'].'-'.$_POST['x'].'x'.$_POST['y']);exit;
-	$result = dol_imageResizeOrCrop($fullpath, 1, $_POST['w'], $_POST['h'], $_POST['x'], $_POST['y']);
+	$result = dol_imageResizeOrCrop($fullpath, 1, GETPOST('w', 'int'), GETPOST('h', 'int'), GETPOST('x', 'int'), GETPOST('y', 'int'));
 
 	if ($result == $fullpath)
 	{
@@ -445,7 +455,7 @@
  */
 
 print '<!-- Form to resize -->'."\n";
-print '<form name="redim_file" action="'.$_SERVER["PHP_SELF"].'?id='.$id.'" method="POST">';
+print '<form name="redim_file" action="'.$_SERVER["PHP_SELF"].'?id='.$id.($num ? '&num='.$num : '').'" method="POST">';
 print '<input type="hidden" name="token" value="'.newToken().'">';
 
 print '<fieldset id="redim_file">';
@@ -454,7 +464,7 @@
 print $langs->trans("NewLength").': <input name="sizex" type="number" class="flat maxwidth50"> px  &nbsp; '.$langs->trans("or").' &nbsp; ';
 print $langs->trans("NewHeight").': <input name="sizey" type="number" class="flat maxwidth50"> px &nbsp; <br>';
 
-print '<input type="hidden" name="file" value="'.dol_escape_htmltag(GETPOST('file')).'" />';
+print '<input type="hidden" name="file" value="'.dol_escape_htmltag($file).'" />';
 print '<input type="hidden" name="action" value="confirm_resize" />';
 print '<input type="hidden" name="product" value="'.$id.'" />';
 print '<input type="hidden" name="modulepart" value="'.dol_escape_htmltag($modulepart).'" />';
@@ -497,7 +507,8 @@
 	print '<img src="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&entity='.$object->entity.'&file='.urlencode($original_file).'" alt="" id="cropbox" width="'.$widthforcrop.'px"/>';
 	print '</div>';
 	print '</div><br>';
-	print '<form action="'.$_SERVER["PHP_SELF"].'?id='.$id.'" method="POST">';
+
+	print '<form action="'.$_SERVER["PHP_SELF"].'?id='.$id.($num ? '&num='.$num : '').'" method="POST">';
 	print '<input type="hidden" name="token" value="'.newToken().'">';
 	print '
 	      <div class="jc_coords">
diff --git a/htdocs/core/tpl/document_actions_post_headers.tpl.php b/htdocs/core/tpl/document_actions_post_headers.tpl.php
index a3de72723a47b..2a3d703d16fd9 100644
--- a/htdocs/core/tpl/document_actions_post_headers.tpl.php
+++ b/htdocs/core/tpl/document_actions_post_headers.tpl.php
@@ -23,6 +23,7 @@
 // $permissiontoadd = permission or not to add a file (can use also $permission) and permission or not to edit file name or crop file (can use also $permtoedit)
 // $modulepart  = for download
 // $param       = param to add to download links
+// $moreparam   = param to add to download link for the form_attach_new_file function
 // $upload_dir
 // $object
 // $filearray
@@ -109,7 +110,7 @@
 
 // Show upload form (document and links)
 $formfile->form_attach_new_file(
-    $_SERVER["PHP_SELF"].'?id='.$object->id.(empty($withproject)?'':'&withproject=1'),
+    $_SERVER["PHP_SELF"].'?id='.$object->id.(empty($withproject)?'':'&withproject=1').(empty($moreparam)?'':$moreparam),
     '',
     0,
     0,

From 4b4d1bcce21fbfd959eaa1760ca4947e0c1e0eae Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 24 Feb 2020 03:05:58 +0100
Subject: [PATCH 03/13] Fix disable accountancy chart that is deprecated.

---
 htdocs/accountancy/admin/account.php             | 3 +++
 htdocs/install/mysql/migration/10.0.0-11.0.0.sql | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php
index 333efefbc9dfa..d75d61e347fb7 100644
--- a/htdocs/accountancy/admin/account.php
+++ b/htdocs/accountancy/admin/account.php
@@ -278,6 +278,8 @@
 			<script type="text/javascript">
 			$(document).ready(function () {
 		    	$("#searchFormList").on("submit", function (e) {
+					//event.preventDefault();
+				    //var form = this;
 					console.log("chartofaccounts focus = "+$("#chartofaccounts").is(":focus"));
 					console.log("change_chart focus = "+$("#change_chart").is(":focus"));
 					if ($("#change_chart").is(":focus"))
@@ -285,6 +287,7 @@
 						console.log("We set valid_change_chart to 1");
 						$("#valid_change_chart").val(1);
 					}
+					//form.submit();
 					return true;
 			    });
 			});
diff --git a/htdocs/install/mysql/migration/10.0.0-11.0.0.sql b/htdocs/install/mysql/migration/10.0.0-11.0.0.sql
index 9f3d092e8461e..7ebec46845715 100644
--- a/htdocs/install/mysql/migration/10.0.0-11.0.0.sql
+++ b/htdocs/install/mysql/migration/10.0.0-11.0.0.sql
@@ -59,11 +59,14 @@ ALTER TABLE llx_emailcollector_emailcollectoraction ADD COLUMN position integer
 
 -- For v11
 
+
 ALTER TABLE llx_product_price MODIFY COLUMN tva_tx double(6,3) DEFAULT 0 NOT NULL;
 
 ALTER TABLE llx_facturedet MODIFY COLUMN situation_percent real DEFAULT 100;
 UPDATE llx_facturedet SET situation_percent = 100 WHERE situation_percent IS NULL AND fk_prev_id IS NULL;
 
+-- Set country to null for deprecated accounting system (there is now one per country)
+UPDATE llx_accounting_system SET fk_country = NULL, active = 0 WHERE pcg_version = 'SYSCOHADA';
 INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 20, 'BAS-K1-MINI', 'The Swedish mini chart of accounts', 1);
 
 ALTER TABLE llx_c_action_trigger MODIFY COLUMN elementtype varchar(64) NOT NULL;

From 3682d9143e13d50d6fb4f0b42790ce79ad45f71a Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 24 Feb 2020 04:55:09 +0100
Subject: [PATCH 04/13] Fix showing bank account on PDF

---
 htdocs/core/modules/facture/doc/pdf_crabe.modules.php  | 7 +++----
 htdocs/core/modules/facture/doc/pdf_sponge.modules.php | 7 +++----
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
index 6b6c6bb2beb7e..bfa15ebd4b11f 100644
--- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
+++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
@@ -1102,10 +1102,9 @@ protected function _tableau_info(&$pdf, $object, $posy, $outputlangs)
 			// If payment mode not forced or forced to VIR, show payment with BAN
 			if (empty($object->mode_reglement_code) || $object->mode_reglement_code == 'VIR')
 			{
-				if (!empty($object->fk_account) || !empty($object->fk_bank) || !empty($conf->global->FACTURE_RIB_NUMBER))
-				{
-					$bankid = (empty($object->fk_account) ? $conf->global->FACTURE_RIB_NUMBER : $object->fk_account);
-					if (!empty($object->fk_bank)) $bankid = $object->fk_bank; // For backward compatibility when object->fk_account is forced with object->fk_bank
+				if ($object->fk_account > 0 || $object->fk_bank > 0 || !empty($conf->global->FACTURE_RIB_NUMBER)) {
+					$bankid = ($object->fk_account <= 0 ? $conf->global->FACTURE_RIB_NUMBER : $object->fk_account);
+					if ($object->fk_bank > 0) $bankid = $object->fk_bank; // For backward compatibility when object->fk_account is forced with object->fk_bank
 					$account = new Account($this->db);
 					$account->fetch($bankid);
 
diff --git a/htdocs/core/modules/facture/doc/pdf_sponge.modules.php b/htdocs/core/modules/facture/doc/pdf_sponge.modules.php
index 0df384cdeb6f4..ecfd5818f5145 100644
--- a/htdocs/core/modules/facture/doc/pdf_sponge.modules.php
+++ b/htdocs/core/modules/facture/doc/pdf_sponge.modules.php
@@ -1178,10 +1178,9 @@ protected function drawInfoTable(&$pdf, $object, $posy, $outputlangs)
 			// If payment mode not forced or forced to VIR, show payment with BAN
 			if (empty($object->mode_reglement_code) || $object->mode_reglement_code == 'VIR')
 			{
-				if (!empty($object->fk_account) || !empty($object->fk_bank) || !empty($conf->global->FACTURE_RIB_NUMBER))
-				{
-					$bankid = (empty($object->fk_account) ? $conf->global->FACTURE_RIB_NUMBER : $object->fk_account);
-					if (!empty($object->fk_bank)) $bankid = $object->fk_bank; // For backward compatibility when object->fk_account is forced with object->fk_bank
+				if ($object->fk_account > 0 || $object->fk_bank > 0 || !empty($conf->global->FACTURE_RIB_NUMBER)) {
+					$bankid = ($object->fk_account <= 0 ? $conf->global->FACTURE_RIB_NUMBER : $object->fk_account);
+					if ($object->fk_bank > 0) $bankid = $object->fk_bank; // For backward compatibility when object->fk_account is forced with object->fk_bank
 					$account = new Account($this->db);
 					$account->fetch($bankid);
 

From 2c26ddb22b2396078ee67ba129d4f3b444b66343 Mon Sep 17 00:00:00 2001
From: florian HENRY <florian.henry@atm-consuliting.fr>
Date: Mon, 24 Feb 2020 15:11:14 +0100
Subject: [PATCH 05/13] fix missing column into import

---
 htdocs/core/modules/modSociete.class.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/htdocs/core/modules/modSociete.class.php b/htdocs/core/modules/modSociete.class.php
index 2cc525bd8aa1c..1e567c3acd6f8 100644
--- a/htdocs/core/modules/modSociete.class.php
+++ b/htdocs/core/modules/modSociete.class.php
@@ -684,7 +684,8 @@ public function __construct($db)
             'sr.domiciliation' => "BankAccountDomiciliation",
             'sr.proprio' => "BankAccountOwner",
             'sr.owner_address' => "BankAccountOwnerAddress",
-            'sr.default_rib' => 'Default'
+            'sr.default_rib' => 'Default',
+            'sr.rum' => 'RUM',
         );
 
         $this->import_convertvalue_array[$r] = array(
@@ -712,6 +713,7 @@ public function __construct($db)
             'sr.proprio' => 'name on the bank account',
             'sr.owner_address' => 'address of account holder',
             'sr.default_rib' => '1 (default account) / 0 (not default)'
+            'sr.rum' => 'RUM code'
         );
 
 		// Import Company Sales representatives

From b2b229111756876f6e9e5bdf6dbd8e8fcd7643d7 Mon Sep 17 00:00:00 2001
From: florian HENRY <florian.henry@atm-consuliting.fr>
Date: Mon, 24 Feb 2020 15:12:26 +0100
Subject: [PATCH 06/13] fix missing column into import

---
 htdocs/core/modules/modSociete.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/modules/modSociete.class.php b/htdocs/core/modules/modSociete.class.php
index 1e567c3acd6f8..0a231ca7fc17c 100644
--- a/htdocs/core/modules/modSociete.class.php
+++ b/htdocs/core/modules/modSociete.class.php
@@ -712,7 +712,7 @@ public function __construct($db)
             'sr.domiciliation' => 'bank branch address eg. "PARIS"',
             'sr.proprio' => 'name on the bank account',
             'sr.owner_address' => 'address of account holder',
-            'sr.default_rib' => '1 (default account) / 0 (not default)'
+            'sr.default_rib' => '1 (default account) / 0 (not default)',
             'sr.rum' => 'RUM code'
         );
 

From 9f8166ed37f31a78f910e1005bfe4edc3d1065ef Mon Sep 17 00:00:00 2001
From: florian HENRY <florian.henry@atm-consuliting.fr>
Date: Mon, 24 Feb 2020 15:14:01 +0100
Subject: [PATCH 07/13] fix missing column into import

---
 htdocs/core/modules/modSociete.class.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/htdocs/core/modules/modSociete.class.php b/htdocs/core/modules/modSociete.class.php
index 0a231ca7fc17c..ae093a253226f 100644
--- a/htdocs/core/modules/modSociete.class.php
+++ b/htdocs/core/modules/modSociete.class.php
@@ -686,6 +686,7 @@ public function __construct($db)
             'sr.owner_address' => "BankAccountOwnerAddress",
             'sr.default_rib' => 'Default',
             'sr.rum' => 'RUM',
+			'sr.type' => "Type ban is defaut",
         );
 
         $this->import_convertvalue_array[$r] = array(
@@ -713,7 +714,8 @@ public function __construct($db)
             'sr.proprio' => 'name on the bank account',
             'sr.owner_address' => 'address of account holder',
             'sr.default_rib' => '1 (default account) / 0 (not default)',
-            'sr.rum' => 'RUM code'
+            'sr.rum' => 'RUM code',
+			'sr.type' => 'ban',
         );
 
 		// Import Company Sales representatives

From 2118c2eede184a264d92f6e7fb6472398933121e Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 24 Feb 2020 23:04:17 +0100
Subject: [PATCH 08/13] Fix missing title line

---
 htdocs/accountancy/admin/defaultaccounts.php | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/htdocs/accountancy/admin/defaultaccounts.php b/htdocs/accountancy/admin/defaultaccounts.php
index 611aa8fc321ba..c0c3f835481dd 100644
--- a/htdocs/accountancy/admin/defaultaccounts.php
+++ b/htdocs/accountancy/admin/defaultaccounts.php
@@ -161,6 +161,7 @@
 // Define main accounts for thirdparty
 
 print '<table class="noborder centpercent">';
+print '<tr class="liste_titre"><td>'.$langs->trans("ThirdParties").' | '.$langs->trans("Users").'</td><td></td></tr>';
 
 foreach ($list_account_main as $key) {
     print '<tr class="oddeven value">';
@@ -180,15 +181,6 @@
 }
 
 
-print "</table>\n";
-
-
-print '<br>';
-
-// Define default accounts
-
-print '<table class="noborder centpercent">';
-
 foreach ($list_account as $key) {
 	$reg=array();
 	if (preg_match('/---(.*)---/', $key, $reg)) {

From 2067abdc7e2c685347f0b5871ee9fa04992d93c5 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 24 Feb 2020 23:10:04 +0100
Subject: [PATCH 09/13] Fix title of page

---
 htdocs/accountancy/admin/export.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/accountancy/admin/export.php b/htdocs/accountancy/admin/export.php
index edc73688389b1..b2262c603f991 100644
--- a/htdocs/accountancy/admin/export.php
+++ b/htdocs/accountancy/admin/export.php
@@ -134,13 +134,13 @@
 
 $form = new Form($db);
 
-$title = $langs->trans('ConfigAccountingExpert');
+$title = $langs->trans('ExportOptions');
 llxHeader('', $title);
 
 
 $linkback = '';
 // $linkback = '<a href="' . DOL_URL_ROOT . '/admin/modules.php?restore_lastsearch_values=1">' . $langs->trans("BackToModuleList") . '</a>';
-print load_fiche_titre($langs->trans('ConfigAccountingExpert'), $linkback, 'accountancy');
+print load_fiche_titre($langs->trans('ExportOptions'), $linkback, 'accountancy');
 
 
 print "\n".'<script type="text/javascript" language="javascript">'."\n";

From 5516c8ce81de9b3cffd9029d580b054024b18e9b Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 25 Feb 2020 00:51:06 +0100
Subject: [PATCH 10/13] FIX Submit of documents for supplier invoices.

---
 htdocs/api/class/api_documents.class.php | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php
index 4785ab781748e..75e27ad0e0d6d 100644
--- a/htdocs/api/class/api_documents.class.php
+++ b/htdocs/api/class/api_documents.class.php
@@ -418,8 +418,9 @@ public function get($id) {
 	/**
 	 * Upload a file.
 	 *
-	 * Test sample 1: { "filename": "mynewfile.txt", "modulepart": "facture", "ref": "FA1701-001", "subdir": "", "filecontent": "content text", "fileencoding": "", "overwriteifexists": "0" }.
-	 * Test sample 2: { "filename": "mynewfile.txt", "modulepart": "medias", "ref": "", "subdir": "image/mywebsite", "filecontent": "Y29udGVudCB0ZXh0Cg==", "fileencoding": "base64", "overwriteifexists": "0" }.
+	 * Test sample for invoice: { "filename": "mynewfile.txt", "modulepart": "invoice", "ref": "FA1701-001", "subdir": "", "filecontent": "content text", "fileencoding": "", "overwriteifexists": "0" }.
+	 * Test sample for supplier invoice: { "filename": "mynewfile.txt", "modulepart": "supplier_invoice", "ref": "FA1701-001", "subdir": "", "filecontent": "content text", "fileencoding": "", "overwriteifexists": "0" }.
+	 * Test sample for medias file: { "filename": "mynewfile.txt", "modulepart": "medias", "ref": "", "subdir": "image/mywebsite", "filecontent": "Y29udGVudCB0ZXh0Cg==", "fileencoding": "base64", "overwriteifexists": "0" }.
 	 *
 	 * @param   string  $filename           Name of file to create ('FA1705-0123.txt')
 	 * @param   string  $modulepart         Name of module or area concerned by file upload ('facture', 'project', 'project_task', ...)
@@ -476,6 +477,13 @@ public function post($filename, $modulepart, $ref = '', $subdir = '', $fileconte
 				require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
 				$object = new Facture($this->db);
 			}
+			elseif ($modulepart == 'facture_fournisseur' || $modulepart == 'supplier_invoice')
+			{
+				$modulepart = 'supplier_invoice';
+
+				require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php';
+				$object = new FactureFournisseur($this->db);
+			}
 			elseif ($modulepart == 'project')
 			{
 				require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
@@ -535,6 +543,12 @@ public function post($filename, $modulepart, $ref = '', $subdir = '', $fileconte
    				throw new RestException(404, 'The object '.$modulepart." with ref '".$ref."' was not found.");
 			}
 
+			// Special cases that need to use get_exdir to get real dir of object
+			// If future, all object should use this to define path of documents.
+			if ($modulepart == 'supplier_invoice') {
+				$tmpreldir = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier');
+			}
+
 			$relativefile = $tmpreldir.dol_sanitizeFileName($object->ref);
 
 			$tmp = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, $ref, 'write');

From 91f7a14602552e0c793d0b5c015ce1cde9d64f6f Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 25 Feb 2020 14:16:40 +0100
Subject: [PATCH 11/13] FIX API to push an expense report

---
 .../class/api_expensereports.class.php        | 33 +++++++++++-
 .../class/expensereport.class.php             | 51 +++++++++++++------
 2 files changed, 67 insertions(+), 17 deletions(-)

diff --git a/htdocs/expensereport/class/api_expensereports.class.php b/htdocs/expensereport/class/api_expensereports.class.php
index 60e5eafcb4840..7fdd731aa8835 100644
--- a/htdocs/expensereport/class/api_expensereports.class.php
+++ b/htdocs/expensereport/class/api_expensereports.class.php
@@ -33,7 +33,7 @@ class ExpenseReports extends DolibarrApi
      * @var array   $FIELDS     Mandatory fields, checked when create and update object
      */
     static $FIELDS = array(
-        'socid'
+        'fk_user_author'
     );
 
     /**
@@ -501,6 +501,11 @@ protected function _cleanObjectDatas($object)
         // phpcs:enable
         $object = parent::_cleanObjectDatas($object);
 
+        unset($object->fk_statut);
+        unset($object->statut);
+        unset($object->user);
+        unset($object->thirdparty);
+
         unset($object->cond_reglement);
         unset($object->shipping_method_id);
 
@@ -509,6 +514,32 @@ protected function _cleanObjectDatas($object)
         unset($object->barcode_type_label);
         unset($object->barcode_type_coder);
 
+        unset($object->code_paiement);
+        unset($object->code_statut);
+        unset($object->fk_c_paiement);
+        unset($object->fk_incoterms);
+        unset($object->label_incoterms);
+        unset($object->location_incoterms);
+        unset($object->mode_reglement_id);
+        unset($object->cond_reglement_id);
+
+        unset($object->name);
+        unset($object->lastname);
+        unset($object->firstname);
+        unset($object->civility_id);
+        unset($object->cond_reglement_id);
+        unset($object->contact);
+        unset($object->contact_id);
+
+        unset($object->state);
+        unset($object->state_id);
+        unset($object->state_code);
+        unset($object->country);
+        unset($object->country_id);
+        unset($object->country_code);
+
+        unset($object->note);	// We already use note_public and note_pricate
+
         return $object;
     }
 
diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php
index 05272aa2ff703..869e1b84e9032 100644
--- a/htdocs/expensereport/class/expensereport.class.php
+++ b/htdocs/expensereport/class/expensereport.class.php
@@ -58,19 +58,20 @@ class ExpenseReport extends CommonObject
 
     public $date_fin;
 
+    /**
+     * 0=draft, 2=validated (attente approb), 4=canceled, 5=approved, 6=payed, 99=denied
+     *
+     * @var int		Status
+     */
     public $status;
-    public $fk_statut; // -- 0=draft, 2=validated (attente approb), 4=canceled, 5=approved, 6=payed, 99=denied
+    public $fk_statut;
+
     public $fk_c_paiement;
     public $paid;
 
     public $user_author_infos;
     public $user_validator_infos;
 
-    public $fk_typepayment;
-	public $num_payment;
-    public $code_paiement;
-    public $code_statut;
-
     // ACTIONS
 
     // Create
@@ -285,10 +286,33 @@ public function create($user, $notrigger = 0)
             {
                 if (is_array($this->lines) && count($this->lines) > 0)
                 {
-    	            foreach ($this->lines as $i => $val)
+    	            foreach ($this->lines as $line)
     	            {
+    	            	// Test and convert into object this->lines[$i]. When coming from REST API, we may still have an array
+    	            	//if (! is_object($line)) $line=json_decode(json_encode($line), false);  // convert recursively array into object.
+    	            	if (!is_object($line)) {
+    	            		$line = (object) $line;
+    	            		$newndfline = new ExpenseReportLine($this->db);
+    	            		$newndfline->fk_expensereport = $line->fk_expensereport;
+    	            		$newndfline->fk_c_type_fees = $line->fk_c_type_fees;
+    	            		$newndfline->fk_project = $line->fk_project;
+    	            		$newndfline->vatrate = $line->vatrate;
+    	            		$newndfline->vat_src_code = $line->vat_src_code;
+    	            		$newndfline->comments = $line->comments;
+    	            		$newndfline->qty = $line->qty;
+    	            		$newndfline->value_unit = $line->value_unit;
+    	            		$newndfline->total_ht = $line->total_ht;
+    	            		$newndfline->total_ttc = $line->total_ttc;
+    	            		$newndfline->total_tva = $line->total_tva;
+    	            		$newndfline->date = $line->date;
+    	            		$newndfline->rule_warning_message = $line->rule_warning_message;
+    	            		$newndfline->fk_c_exp_tax_cat = $line->fk_c_exp_tax_cat;
+    	            		$newndfline->fk_ecm_files = $line->fk_ecm_files;
+    	            	}
+    	            	else {
+    	            		$newndfline = $line;
+    	            	}
     	                //$newndfline=new ExpenseReportLine($this->db);
-    	                $newndfline = $this->lines[$i];
     	                $newndfline->fk_expensereport = $this->id;
     	                $result = $newndfline->insert();
         	            if ($result < 0)
@@ -514,10 +538,8 @@ public function fetch($id, $ref = '')
         $sql .= " d.date_debut, d.date_fin, d.date_create, d.tms as date_modif, d.date_valid, d.date_approve,"; // DATES (datetime)
         $sql .= " d.fk_user_author, d.fk_user_modif, d.fk_user_validator,";
         $sql .= " d.fk_user_valid, d.fk_user_approve,";
-        $sql .= " d.fk_statut as status, d.fk_c_paiement, d.paid,";
-        $sql .= " dp.libelle as label_payment, dp.code as code_paiement"; // INNER JOIN paiement
+        $sql .= " d.fk_statut as status, d.fk_c_paiement, d.paid";
         $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as d";
-        $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as dp ON d.fk_c_paiement = dp.id";
         if ($ref) $sql .= " WHERE d.ref = '".$this->db->escape($ref)."'";
         else $sql .= " WHERE d.rowid = ".$id;
         //$sql.= $restrict;
@@ -566,7 +588,7 @@ public function fetch($id, $ref = '')
                 elseif ($this->fk_user_validator > 0) $user_approver->fetch($this->fk_user_validator); // For backward compatibility
                 $this->user_validator_infos = dolGetFirstLastname($user_approver->firstname, $user_approver->lastname);
 
-                $this->fk_statut                = $obj->status;
+                $this->fk_statut                = $obj->status;		// deprecated
                 $this->status                   = $obj->status;
                 $this->fk_c_paiement            = $obj->fk_c_paiement;
                 $this->paid                     = $obj->paid;
@@ -578,9 +600,6 @@ public function fetch($id, $ref = '')
                     $this->user_valid_infos = dolGetFirstLastname($user_valid->firstname, $user_valid->lastname);
                 }
 
-                $this->code_statut      = $obj->code_statut;
-                $this->code_paiement    = $obj->code_paiement;
-
                 $this->lines = array();
 
                 $result = $this->fetch_lines();
@@ -2650,7 +2669,7 @@ public function insert($notrigger = 0, $fromaddline = false)
         $sql .= " ".$this->db->escape($this->total_ht).",";
         $sql .= " ".$this->db->escape($this->total_tva).",";
         $sql .= " ".$this->db->escape($this->total_ttc).",";
-        $sql .= "'".$this->db->idate($this->date)."',";
+        $sql .= " '".$this->db->idate($this->date)."',";
 		$sql .= " '".$this->db->escape($this->rule_warning_message)."',";
 		$sql .= " ".$this->db->escape($this->fk_c_exp_tax_cat).",";
 		$sql .= " ".($this->fk_ecm_files > 0 ? $this->fk_ecm_files : 'null');

From f38661451145f1dd33ca9c7fdad08bb916ecb364 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 25 Feb 2020 14:29:41 +0100
Subject: [PATCH 12/13] Doc

---
 htdocs/expensereport/class/api_expensereports.class.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/htdocs/expensereport/class/api_expensereports.class.php b/htdocs/expensereport/class/api_expensereports.class.php
index 7fdd731aa8835..770d39ec951bd 100644
--- a/htdocs/expensereport/class/api_expensereports.class.php
+++ b/htdocs/expensereport/class/api_expensereports.class.php
@@ -384,6 +384,10 @@ public function deleteLine($id, $lineid)
      * @param array $request_data   Datas
      *
      * @return int
+     *
+     * @throws	RestException	401		Not allowed
+     * @throws  RestException	404		Expense report not found
+     * @throws	RestException	500
      */
     public function put($id, $request_data = null)
     {

From 69c2f4bd27d66af36ff28b5f5280d1ae9a5acae6 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 25 Feb 2020 14:36:05 +0100
Subject: [PATCH 13/13] FIX API upload/download doc for expensereport

---
 htdocs/api/class/api_documents.class.php | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php
index 75e27ad0e0d6d..ebfe3d7b0e035 100644
--- a/htdocs/api/class/api_documents.class.php
+++ b/htdocs/api/class/api_documents.class.php
@@ -387,6 +387,22 @@ public function getDocumentsListByElement($modulepart, $id = 0, $ref = '', $sort
 
 			$upload_dir = $conf->agenda->dir_output.'/'.dol_sanitizeFileName($object->ref);
 		}
+		elseif ($modulepart == 'expensereport')
+		{
+			require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
+
+			if (!DolibarrApiAccess::$user->rights->expensereport->read && !DolibarrApiAccess::$user->rights->expensereport->read) {
+				throw new RestException(401);
+			}
+
+			$object = new ExpenseReport($this->db);
+			$result = $object->fetch($id, $ref);
+			if (!$result) {
+				throw new RestException(404, 'Expense report not found');
+			}
+
+			$upload_dir = $conf->expensereport->dir_output.'/'.dol_sanitizeFileName($object->ref);
+		}
 		else
 		{
 			throw new RestException(500, 'Modulepart '.$modulepart.' not implemented yet.');
@@ -518,6 +534,11 @@ public function post($filename, $modulepart, $ref = '', $subdir = '', $fileconte
 				require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
 				$object = new Product($this->db);
 			}
+			elseif ($modulepart == 'expensereport')
+			{
+				require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
+				$object = new ExpenseReport($this->db);
+			}
 			// TODO Implement additional moduleparts
 			else
 			{