From b092b6861aaca24d242e9470c4e4113ff203b92c Mon Sep 17 00:00:00 2001
From: phf <phf@atm-consulting.fr>
Date: Thu, 11 May 2017 12:48:47 +0200
Subject: [PATCH 01/15] Fix feature INVOICE_CREDIT_NOTE_STANDALONE doesn't work

---
 htdocs/compta/facture.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php
index 8a80fa4bf96a4..4e7f7fe1c3290 100644
--- a/htdocs/compta/facture.php
+++ b/htdocs/compta/facture.php
@@ -2349,7 +2349,8 @@
 		else
 		{
 			print '<div class="tagtr listofinvoicetype"><div class="tagtd listofinvoicetype">';
-			$tmp='<input type="radio" name="type" id="radio_creditnote" value="0" disabled> ';
+			if (empty($conf->global->INVOICE_CREDIT_NOTE_STANDALONE)) $tmp='<input type="radio" name="type" id="radio_creditnote" value="0" disabled> ';
+			else $tmp='<input type="radio" name="type" id="radio_creditnote" value="2" > ';
 			$text = $tmp.$langs->trans("InvoiceAvoir") . ' ';
 			$text.= '('.$langs->trans("YouMustCreateInvoiceFromThird").') ';
 			$desc = $form->textwithpicto($text, $langs->transnoentities("InvoiceAvoirDesc"), 1, 'help', '', 0, 3);

From f10b77f1909a9ff3c105ad450fe005237a345754 Mon Sep 17 00:00:00 2001
From: phf <phf@atm-consulting.fr>
Date: Mon, 15 May 2017 15:05:42 +0200
Subject: [PATCH 02/15] Fix html id 'tablelines' exist twice

---
 htdocs/compta/facture.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php
index aad8b77811f42..c871594f16a85 100644
--- a/htdocs/compta/facture.php
+++ b/htdocs/compta/facture.php
@@ -3811,7 +3811,7 @@
 			print '<input type="hidden" name="action" value="updatealllines" />';
 			print '<input type="hidden" name="id" value="' . $object->id . '" />';
 			
-			print '<table id="tablelines" class="noborder noshadow" width="100%">';
+			print '<table id="tablelines_all_progress" class="noborder noshadow" width="100%">';
 			print '<tr class="liste_titre nodrag nodrop">';
 			
 			if (!empty($conf->global->MAIN_VIEW_LINE_NUMBER)) {

From 3da7b9543df6bd94712ea493195172c3faba1da5 Mon Sep 17 00:00:00 2001
From: phf <phf@atm-consulting.fr>
Date: Mon, 15 May 2017 15:10:15 +0200
Subject: [PATCH 03/15] Fix double quote

---
 htdocs/compta/facture.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php
index c871594f16a85..6637d1332f215 100644
--- a/htdocs/compta/facture.php
+++ b/htdocs/compta/facture.php
@@ -3806,7 +3806,7 @@
 		if ($object->situation_cycle_ref && $object->statut == 0) {
 			print '<div class="div-table-responsive">';
 			
-			print '<form name="updatealllines" id="updatealllines" action="' . $_SERVER['PHP_SELF'] . '?id=' . $object->id . '"#updatealllines" method="POST">';
+			print '<form name="updatealllines" id="updatealllines" action="' . $_SERVER['PHP_SELF'] . '?id=' . $object->id . '#updatealllines" method="POST">';
 			print '<input type="hidden" name="token" value="' . $_SESSION['newtoken'] . '" />';
 			print '<input type="hidden" name="action" value="updatealllines" />';
 			print '<input type="hidden" name="id" value="' . $object->id . '" />';

From c9738aa7ea0fa41af59963cc27144bdec4f1c866 Mon Sep 17 00:00:00 2001
From: arnaud <arnaud.saint-patrice@atm-consulting.fr>
Date: Tue, 16 May 2017 11:34:00 +0200
Subject: [PATCH 04/15] FIX doactions hook missing in invoice model page

---
 htdocs/compta/facture/fiche-rec.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/htdocs/compta/facture/fiche-rec.php b/htdocs/compta/facture/fiche-rec.php
index 289ac8d704aee..a6b238ba3c79e 100644
--- a/htdocs/compta/facture/fiche-rec.php
+++ b/htdocs/compta/facture/fiche-rec.php
@@ -124,6 +124,10 @@
  * Actions
  */
 
+$parameters = array('socid' => $socid);
+$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
+if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
+
 // Set note
 include DOL_DOCUMENT_ROOT.'/core/actions_setnotes.inc.php';	// Must be include, not include_once
 

From 3890c67210a2e7c07e31382343daa03c268b4db0 Mon Sep 17 00:00:00 2001
From: florian HENRY <florian.henry@atm-consulting.fr>
Date: Tue, 16 May 2017 19:08:59 +0200
Subject: [PATCH 05/15] fix event thirdparty agenda do not show good owner

---
 htdocs/core/lib/company.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php
index 4e52f2d8f011c..96d43ee4e5fae 100644
--- a/htdocs/core/lib/company.lib.php
+++ b/htdocs/core/lib/company.lib.php
@@ -1001,7 +1001,7 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon='', $noprint=
         if (get_class($filterobj) == 'Societe')  $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as sp ON a.fk_contact = sp.rowid";
         if (get_class($filterobj) == 'Adherent') $sql.= ", ".MAIN_DB_PREFIX."adherent as m";
         if (get_class($filterobj) == 'CommandeFournisseur') $sql.= ", ".MAIN_DB_PREFIX."commande_fournisseur as o";
-        $sql.= " WHERE u.rowid = a.fk_user_author";
+        $sql.= " WHERE u.rowid = a.fk_user_action";
         $sql.= " AND a.entity IN (".getEntity('agenda', 1).")";
         if (get_class($filterobj) == 'Societe'  && $filterobj->id) $sql.= " AND a.fk_soc = ".$filterobj->id;
         if (get_class($filterobj) == 'Project' && $filterobj->id) $sql.= " AND a.fk_project = ".$filterobj->id;

From 1a98886aa3012008920a72000c5aaf087afb73f9 Mon Sep 17 00:00:00 2001
From: Sergio Sanchis Climent <sergiosanchis@hotmail.com>
Date: Wed, 17 May 2017 00:42:29 +0200
Subject: [PATCH 06/15] FIX: #6813

---
 htdocs/admin/supplier_proposal.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/admin/supplier_proposal.php b/htdocs/admin/supplier_proposal.php
index 069c90ead8a24..6752566a70f49 100644
--- a/htdocs/admin/supplier_proposal.php
+++ b/htdocs/admin/supplier_proposal.php
@@ -274,7 +274,7 @@
 
 			while (($file = readdir($handle))!==false)
 			{
-				if (substr($file, 0, 21) == 'mod_supplier_proposal_' && substr($file, dol_strlen($file)-3, 3) == 'php')
+				if (substr($file, 0, 22) == 'mod_supplier_proposal_' && substr($file, dol_strlen($file)-3, 3) == 'php')
 				{
 					$file = substr($file, 0, dol_strlen($file)-4);
 

From 82cac745e32efcd5cb18a5d5e82077b12406e382 Mon Sep 17 00:00:00 2001
From: florian HENRY <florian.henry@atm-consulting.fr>
Date: Thu, 18 May 2017 14:18:59 +0200
Subject: [PATCH 07/15] FIX 6863

---
 htdocs/core/class/html.form.class.php | 90 +++++++++++++--------------
 1 file changed, 44 insertions(+), 46 deletions(-)

diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 29ac151152add..204bcfacfb91f 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -80,7 +80,7 @@ public function __construct($db)
      * @param	string	$typeofdata		Type of data ('string' by default, 'email', 'amount:99', 'numeric:99', 'text' or 'textarea:rows:cols', 'datepicker' ('day' do not work, don't know why), 'ckeditor:dolibarr_zzz:width:height:savemethod:1:rows:cols', 'select;xxx[:class]'...)
      * @param	string	$moreparam		More param to add on a href URL.
      * @param   int     $fieldrequired  1 if we want to show field as mandatory using the "fieldrequired" CSS.
-     * @param   int     $notabletag     1=Do not output table tags but output a ':', 2=Do not output table tags and no ':', 3=Do not output table tags but output a ' ' 
+     * @param   int     $notabletag     1=Do not output table tags but output a ':', 2=Do not output table tags and no ':', 3=Do not output table tags but output a ' '
      * @return	string					HTML edit field
      */
     function editfieldkey($text, $htmlname, $preselected, $object, $perm, $typeofdata='string', $moreparam='', $fieldrequired=0, $notabletag=0)
@@ -512,7 +512,7 @@ function textwithpicto($text, $htmltext, $direction = 1, $type = 'help', $extrac
      *
      * @param	string	$selected		Value auto selected when at least one record is selected. Not a preselected value. Use '0' by default.
      * @param	int		$arrayofaction	array('code'=>'label', ...). The code is the key stored into the GETPOST('massaction') when submitting action.
-     * @param   int     $alwaysvisible  1=select button always visible 
+     * @param   int     $alwaysvisible  1=select button always visible
      * @return	string					Select list
      */
     function selectMassAction($selected, $arrayofaction, $alwaysvisible=0)
@@ -556,16 +556,16 @@ function initCheckForSelect()
     	  				jQuery(".massaction").hide();
     	            }
         		}
-    
+
         	jQuery(document).ready(function () {
         		initCheckForSelect();
         		jQuery(".checkforselect").click(function() {
         			initCheckForSelect();
     	  		});
     	  		jQuery(".massactionselect").change(function() {
-        			var massaction = $( this ).val();  
+        			var massaction = $( this ).val();
         			var urlform = $( this ).closest("form").attr("action").replace("#show_files","");
-        			if (massaction == "builddoc") 
+        			if (massaction == "builddoc")
                     {
                         urlform = urlform + "#show_files";
     	            }
@@ -586,7 +586,7 @@ function initCheckForSelect()
     		</script>
         	';
     	}
-    	
+
     	return $ret;
     }
 
@@ -1013,7 +1013,7 @@ function select_thirdparty_list($selected='',$htmlname='socid',$filter='',$showe
     {
         global $conf,$user,$langs;
 
-        $out=''; 
+        $out='';
         $num=0;
         $outarray=array();
 
@@ -1055,8 +1055,6 @@ function select_thirdparty_list($selected='',$htmlname='socid',$filter='',$showe
         $resql=$this->db->query($sql);
         if ($resql)
         {
-			$events = null;
-			
            	if ($conf->use_javascript_ajax && ! $forcecombo)
             {
 				include_once DOL_DOCUMENT_ROOT . '/core/lib/ajax.lib.php';
@@ -1420,7 +1418,7 @@ function select_dolusers($selected='', $htmlname='userid', $show_empty=0, $exclu
 		    // Build list includeUsers to have only hierarchy and current user
 		    $includeUsers = implode(",",$user->getAllChildIds(1));
 		}
-		
+
         $out='';
 
         // On recherche les utilisateurs
@@ -1637,7 +1635,7 @@ function select_dolusers_forevent($action='', $htmlname='userid', $show_empty=0,
 			$i++;
 		}
 		if ($nbassignetouser) $out.='</div>';
-		
+
 		//$out.='</form>';
         return $out;
     }
@@ -1663,7 +1661,7 @@ function select_dolusers_forevent($action='', $htmlname='userid', $show_empty=0,
      *  @param      int         $hidepriceinlabel       1=Hide prices in label
      *  @param      string      $warehouseStatus        warehouse status filter, following comma separated filter options can be used
      *										            'warehouseopen' = select products from open warehouses,
-	 *										            'warehouseclosed' = select products from closed warehouses, 
+	 *										            'warehouseclosed' = select products from closed warehouses,
 	 *										            'warehouseinternal' = select products from warehouses for internal correct/transfer only
      *  @return		void
      */
@@ -1730,7 +1728,7 @@ function select_produits($selected='', $htmlname='productid', $filtertype='', $l
      *  @param      int     $hidepriceinlabel   1=Hide prices in label
      *  @param      string  $warehouseStatus    warehouse status filter, following comma separated filter options can be used
      *										    'warehouseopen' = select products from open warehouses,
-	 *										    'warehouseclosed' = select products from closed warehouses, 
+	 *										    'warehouseclosed' = select products from closed warehouses,
 	 *										    'warehouseinternal' = select products from warehouses for internal correct/transfer only
      *  @return     array    				    Array of keys for json
      */
@@ -1745,19 +1743,19 @@ function select_produits_list($selected='',$htmlname='productid',$filtertype='',
         if (! empty($warehouseStatus))
         {
             require_once DOL_DOCUMENT_ROOT.'/product/stock/class/entrepot.class.php';
-            if (preg_match('/warehouseclosed/', $warehouseStatus)) 
+            if (preg_match('/warehouseclosed/', $warehouseStatus))
             {
                 $warehouseStatusArray[] = Entrepot::STATUS_CLOSED;
             }
-            if (preg_match('/warehouseopen/', $warehouseStatus)) 
+            if (preg_match('/warehouseopen/', $warehouseStatus))
             {
                 $warehouseStatusArray[] = Entrepot::STATUS_OPEN_ALL;
             }
-            if (preg_match('/warehouseinternal/', $warehouseStatus)) 
+            if (preg_match('/warehouseinternal/', $warehouseStatus))
             {
                 $warehouseStatusArray[] = Entrepot::STATUS_OPEN_INTERNAL;
             }
-        }		
+        }
 
         $selectFields = " p.rowid, p.label, p.ref, p.description, p.barcode, p.fk_product_type, p.price, p.price_ttc, p.price_base_type, p.tva_tx, p.duration, p.fk_price_expression";
         (count($warehouseStatusArray)) ? $selectFieldsGrouped = ", sum(ps.reel) as stock" : $selectFieldsGrouped = ", p.stock";
@@ -1796,7 +1794,7 @@ function select_produits_list($selected='',$htmlname='productid',$filtertype='',
             $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps on ps.fk_product = p.rowid";
             $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."entrepot as e on ps.fk_entrepot = e.rowid";
         }
-        
+
         //Price by customer
         if (! empty($conf->global->PRODUIT_CUSTOMER_PRICES) && !empty($socid)) {
         	$sql.=" LEFT JOIN  ".MAIN_DB_PREFIX."product_customer_price as pcp ON pcp.fk_soc=".$socid." AND pcp.fk_product=p.rowid";
@@ -1863,7 +1861,7 @@ function select_produits_list($selected='',$htmlname='productid',$filtertype='',
             $num = $this->db->num_rows($result);
 
             $events=null;
-            
+
             if ($conf->use_javascript_ajax && ! $forcecombo)
             {
 				include_once DOL_DOCUMENT_ROOT . '/core/lib/ajax.lib.php';
@@ -1871,9 +1869,9 @@ function select_produits_list($selected='',$htmlname='productid',$filtertype='',
             	$out.= $comboenhancement;
             	$nodatarole=($comboenhancement?' data-role="none"':'');
             }
-            
+
             $out.='<select class="flat'.($morecss?' '.$morecss:'').'" name="'.$htmlname.'" id="'.$htmlname.'"'.$nodatarole.'>';
-            
+
             $textifempty='';
             // Do not use textifempty = ' ' or '&nbsp;' here, or search on key will search on ' key'.
             //if (! empty($conf->use_javascript_ajax) || $forcecombo) $textifempty='';
@@ -2898,7 +2896,7 @@ function select_conditions_paiements($selected=0, $htmlname='condid', $filtertyp
 
         // Set default value if not already set by caller
         if (empty($selected) && ! empty($conf->global->MAIN_DEFAULT_PAYMENT_TERM_ID)) $selected = $conf->global->MAIN_DEFAULT_PAYMENT_TERM_ID;
-        
+
         print '<select class="flat" name="'.$htmlname.'">';
         if ($addempty) print '<option value="0">&nbsp;</option>';
         foreach($this->cache_conditions_paiements as $id => $arrayconditions)
@@ -3409,7 +3407,7 @@ function formconfirm($page, $title, $question, $action, $formquestion='', $selec
         // Clean parameters
         $newselectedchoice=empty($selectedchoice)?"no":$selectedchoice;
         if ($conf->browser->layout == 'phone') $width='95%';
-        
+
         if (is_array($formquestion) && ! empty($formquestion))
         {
         	// First add hidden fields and value
@@ -3675,7 +3673,7 @@ function form_project($page, $socid, $selected='', $htmlname='projectid', $disca
         require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php';
 
         $out='';
-        
+
         $formproject=new FormProjets($this->db);
 
         $langs->load("project");
@@ -3703,8 +3701,8 @@ function form_project($page, $socid, $selected='', $htmlname='projectid', $disca
                 $out.="&nbsp;";
             }
         }
-        
-        if (empty($nooutput)) 
+
+        if (empty($nooutput))
         {
             print $out;
             return '';
@@ -4049,7 +4047,7 @@ function form_remise_dispo($page, $selected, $htmlname, $socid, $amount, $filter
                 }
                 print '</div>';
             }
-            if ($more) 
+            if ($more)
             {
                 print '<div class="inline-block">';
                 print $more;
@@ -4259,7 +4257,7 @@ function selectMultiCurrency($selected='', $htmlname='multicurrency_code', $usee
 		// Make select dynamic
 		include_once DOL_DOCUMENT_ROOT . '/core/lib/ajax.lib.php';
 		$out.= ajax_combobox($htmlname);
-		
+
         return $out;
     }
 
@@ -4454,13 +4452,13 @@ function load_tva($htmlname='tauxtva', $selectedrate='', $societe_vendeuse='', $
         		$key.= $rate['nprtva'] ? '*': '';
         		if ($mode > 0 && $rate['code']) $key.=' ('.$rate['code'].')';
         		if ($mode < 0) $key = $rate['rowid'];
-        		
+
         		$return.= '<option value="'.$key.'"';
         		if (! $selectedfound)
         		{
             		if ($defaultcode) // If defaultcode is defined, we used it in priority to select combo option instead of using rate+npr flag
             		{
-                        if ($defaultcode == $rate['code']) 
+                        if ($defaultcode == $rate['code'])
                         {
                             $return.= ' selected';
                             $selectedfound=true;
@@ -4884,7 +4882,7 @@ function select_duration($prefix, $iSecond='', $disabled=0, $typehour='select',
      *  @param	string			$morecss		Add more class to css styles
      *  @param	int				$addjscombo		    Add js combo
      *  @param  string          $moreparamonempty   Add more param on the empty option line. Not used if show_empty not set.
-     *  @param  int             $disablebademail    Check if an email is found into value and if not disable and colorize entry. 
+     *  @param  int             $disablebademail    Check if an email is found into value and if not disable and colorize entry.
      * 	@return	string							    HTML select string.
      *  @see multiselectarray
      */
@@ -4906,7 +4904,7 @@ static function selectarray($htmlname, $array, $id='', $show_empty=0, $key_in_la
         {
         	$minLengthToAutocomplete=0;
         	$tmpplugin=empty($conf->global->MAIN_USE_JQUERY_MULTISELECT)?(constant('REQUIRE_JQUERY_MULTISELECT')?constant('REQUIRE_JQUERY_MULTISELECT'):'select2'):$conf->global->MAIN_USE_JQUERY_MULTISELECT;
-        	
+
         	// Enhance with select2
         	$nodatarole='';
         	if ($conf->use_javascript_ajax)
@@ -4933,7 +4931,7 @@ static function selectarray($htmlname, $array, $id='', $show_empty=0, $key_in_la
         	// Translate
         	if ($translate)
         	{
-	        	foreach($array as $key => $value) 
+	        	foreach($array as $key => $value)
 	        	{
 	        	    $array[$key]=$langs->trans($value);
 	        	}
@@ -5452,7 +5450,7 @@ function showLinkToObjectBlock($object, $restrictlinksto=array(), $excludelinkst
 
 		$linktoelem='';
 		$linktoelemlist='';
-		
+
 		if (! is_object($object->thirdparty)) $object->fetch_thirdparty();
 
 		$possiblelinks=array();
@@ -5460,7 +5458,7 @@ function showLinkToObjectBlock($object, $restrictlinksto=array(), $excludelinkst
 		{
     		$listofidcompanytoscan=$object->thirdparty->id;
     		if (($object->thirdparty->parent > 0) && ! empty($conf->global->THIRDPARTY_INCLUDE_PARENT_IN_LINKTO)) $listofidcompanytoscan.=','.$object->thirdparty->parent;
-    		
+
     		$possiblelinks=array(
     		    'propal'=>array('enabled'=>$conf->propal->enabled, 'perms'=>1, 'label'=>'LinkToProposal', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_client, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('propal',1).')'),
     		    'order'=>array('enabled'=>$conf->commande->enabled, 'perms'=>1, 'label'=>'LinkToOrder', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_client, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('commande',1).')'),
@@ -5472,9 +5470,9 @@ function showLinkToObjectBlock($object, $restrictlinksto=array(), $excludelinkst
     		    'invoice_supplier'=>array('enabled'=>$conf->fournisseur->facture->enabled , 'perms'=>1, 'label'=>'LinkToSupplierInvoice', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_supplier, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture_fourn as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('facture_fourn',1).')')
     		);
 		}
-		
+
 		global $action;
-		
+
 		// Can complet the possiblelink array
 		$hookmanager->initHooks(array('commonobject'));
 		$parameters=array();
@@ -5499,7 +5497,7 @@ function showLinkToObjectBlock($object, $restrictlinksto=array(), $excludelinkst
 			$num = 0;
 
 			if (empty($possiblelink['enabled'])) continue;
-			
+
 			if (! empty($possiblelink['perms']) && (empty($restrictlinksto) || in_array($key, $restrictlinksto)) && (empty($excludelinksto) || ! in_array($key, $excludelinksto)))
 			{
 				print '<div id="'.$key.'list"'.(empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)?' style="display:none"':'').'>';
@@ -5711,7 +5709,7 @@ function showrefnav($object,$paramid,$morehtml='',$shownav=1,$fieldid='rowid',$f
 
         //print "paramid=$paramid,morehtml=$morehtml,shownav=$shownav,$fieldid,$fieldref,$morehtmlref,$moreparam";
         $object->load_previous_next_ref((isset($object->next_prev_filter)?$object->next_prev_filter:''),$fieldid,$nodbprefix);
-        
+
         $navurl = $_SERVER["PHP_SELF"];
         // Special case for project/task page
         if ($paramid == 'project_ref')
@@ -5753,10 +5751,10 @@ function showrefnav($object,$paramid,$morehtml='',$shownav=1,$fieldid='rowid',$f
 		    if ($conf->browser->layout == 'phone') $ret.='<div class="floatleft">'.$morehtmlleft.'</div>';    // class="center" to have photo in middle
 		    else $ret.='<div class="inline-block floatleft">'.$morehtmlleft.'</div>';
 		}
-		
+
 		//if ($conf->browser->layout == 'phone') $ret.='<div class="clearboth"></div>';
 		$ret.='<div class="inline-block floatleft valignmiddle refid'.(($shownav && ($previous_ref || $next_ref))?' refidpadding':'').'">';
-		
+
 		// For thirdparty, contact, user, member, the ref is the id, so we show something else
 		if ($object->element == 'societe')
 		{
@@ -5768,17 +5766,17 @@ function showrefnav($object,$paramid,$morehtml='',$shownav=1,$fieldid='rowid',$f
 		}
 		else if (in_array($object->element, array('action', 'agenda')))
 		{
-		    $ret.=$object->ref.'<br>'.$object->label;    
+		    $ret.=$object->ref.'<br>'.$object->label;
 		}
 		else if ($fieldref != 'none') $ret.=dol_htmlentities($object->$fieldref);
-		
-		
+
+
 		if ($morehtmlref)
 		{
 		    $ret.=' '.$morehtmlref;
 		}
-		$ret.='</div>';		
-		
+		$ret.='</div>';
+
 		$ret.='</div><!-- End banner content -->';
 
         return $ret;

From 035cae656f185961e9b8600429b27bc6fa70a8c3 Mon Sep 17 00:00:00 2001
From: Inovea Conseil <inoveaconseil@users.noreply.github.com>
Date: Fri, 19 May 2017 22:14:34 +0200
Subject: [PATCH 08/15] Fix bug in insert method

Missing the last comma in the insert method
---
 dev/skeletons/build_class_from_table.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dev/skeletons/build_class_from_table.php b/dev/skeletons/build_class_from_table.php
index 62ad118875963..537975365eff1 100755
--- a/dev/skeletons/build_class_from_table.php
+++ b/dev/skeletons/build_class_from_table.php
@@ -251,7 +251,7 @@
 $i=0;
 foreach($property as $key => $prop)
 {
-	$i++;
+	
 	$addfield=1;
 	if ($prop['field'] == 'tms') $addfield=0;	// This is a field of type timestamp edited automatically
 	if ($prop['extra'] == 'auto_increment') $addfield=0;
@@ -263,6 +263,7 @@
 		$varprop.="';";
 		$varprop.="\n";
 	}
+	$i++;
 }
 $targetcontent=preg_replace('/\$sql \.= \' field1,\';/', $varprop, $targetcontent);
 $targetcontent=preg_replace('/\$sql \.= \' field2\';/', '', $targetcontent);

From 2a9c6d9387e0c63ffd064558b45edd63cf9c8480 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 20 May 2017 21:11:31 +0200
Subject: [PATCH 09/15] Complete ignore file

---
 htdocs/.gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/htdocs/.gitignore b/htdocs/.gitignore
index 608ef55d1066e..5e2113ec179cc 100644
--- a/htdocs/.gitignore
+++ b/htdocs/.gitignore
@@ -4,6 +4,7 @@
 /dolimed*
 /ecommerce*
 /extensions*
+/forceproject*
 /google*
 /lead
 /multicompany*

From 8781a19e0e10d18317d81f6580bb04b8d87a9a2f Mon Sep 17 00:00:00 2001
From: arnaud <arnaud.saint-patrice@atm-consulting.fr>
Date: Tue, 23 May 2017 12:22:53 +0200
Subject: [PATCH 10/15] FIX pagination on resources

---
 htdocs/resource/list.php | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/htdocs/resource/list.php b/htdocs/resource/list.php
index 2c97b68f7ed1b..6e171eef93411 100644
--- a/htdocs/resource/list.php
+++ b/htdocs/resource/list.php
@@ -91,15 +91,11 @@
 if (empty($sortfield)) $sortfield="t.rowid";
 if (empty($arch)) $arch = 0;
 
-$page           = GETPOST('page','int');
-if ($page == -1) {
-	$page = 0 ;
-}
+$limit = GETPOST("limit")?GETPOST("limit","int"):$conf->liste_limit;
+$page = GETPOST("page");
 $page = is_numeric($page) ? $page : 0;
 $page = $page == -1 ? 0 : $page;
-if (! $sortfield) $sortfield="p.ref";
-if (! $sortorder) $sortorder="ASC";
-$offset = $conf->liste_limit * $page ;
+$offset = $limit * $page ;
 $pageprev = $page - 1;
 $pagenext = $page + 1;
 

From a3d8da0a73f5c1c3ec2248b1bac9dc9a17e51c43 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@capnetworks.com>
Date: Wed, 24 May 2017 11:27:27 +0200
Subject: [PATCH 11/15] Fix: wrong SPECIMEN value

---
 htdocs/user/class/usergroup.class.php | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/htdocs/user/class/usergroup.class.php b/htdocs/user/class/usergroup.class.php
index 81c5e9864442a..319b48dfffa1d 100644
--- a/htdocs/user/class/usergroup.class.php
+++ b/htdocs/user/class/usergroup.class.php
@@ -335,16 +335,16 @@ function addrights($rid,$allmodule='',$allperms='')
 				$error++;
 				dol_print_error($this->db);
 			}
-			
+
 			if (! $error)
 			{
 			    $this->context = array('audit'=>$langs->trans("PermissionsAdd"));
-			
+
 			    // Call trigger
 			    $result=$this->call_trigger('GROUP_MODIFY',$user);
 			    if ($result < 0) { $error++; }
 			    // End call triggers
-			}			
+			}
 		}
 
 		if ($error) {
@@ -444,11 +444,11 @@ function delrights($rid,$allmodule='',$allperms='')
 				$error++;
 				dol_print_error($this->db);
 			}
-			
+
 			if (! $error)
 			{
 		        $this->context = array('audit'=>$langs->trans("PermissionsDelete"));
-		        
+
 			    // Call trigger
 			    $result=$this->call_trigger('GROUP_MODIFY',$user);
 			    if ($result < 0) { $error++; }
@@ -805,7 +805,7 @@ function _load_ldap_info()
 				$muser=new User($this->db);
 				$muser->fetch($val->id);
 				$info2 = $muser->_load_ldap_info();
-                                $valueofldapfield[] = $muser->_load_ldap_dn($info2);
+				$valueofldapfield[] = $muser->_load_ldap_dn($info2);
 			}
 			$info[$conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS] = (!empty($valueofldapfield)?$valueofldapfield:'');
 		}
@@ -833,7 +833,11 @@ function initAsSpecimen()
 		$this->note='This is a note';
 		$this->datec=time();
 		$this->datem=time();
-		$this->members=array($user->id);	// Members of this group is just me
+
+		// Members of this group is just me
+		$this->members=array(
+				$user->id => $user
+		);
 	}
 }
 

From 6eeb82ec70cd07d16d9b9711aff7ac45d1998015 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 24 May 2017 13:45:26 +0200
Subject: [PATCH 12/15] FIX dialog window with md theme must not be hidden by
 left menu part.

---
 htdocs/core/class/html.form.class.php | 2 +-
 htdocs/theme/eldy/style.css.php       | 4 ++--
 htdocs/theme/md/style.css.php         | 8 ++++----
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 29ac151152add..f2249d673b8d1 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -968,7 +968,7 @@ function select_company($selected='', $htmlname='socid', $filter='', $showempty=
     		$out.=  ajax_autocompleter($selected, $htmlname, DOL_URL_ROOT.'/societe/ajax/company.php', $urloption, $conf->global->COMPANY_USE_SEARCH_TO_SELECT, 0, $ajaxoptions);
 			$out.='<style type="text/css">
 					.ui-autocomplete {
-						z-index: 150;
+						z-index: 250;
 					}
 				</style>';
     		if (empty($hidelabel)) print $langs->trans("RefOrLabel").' : ';
diff --git a/htdocs/theme/eldy/style.css.php b/htdocs/theme/eldy/style.css.php
index c9562e80bad70..dd91fc17d28e2 100644
--- a/htdocs/theme/eldy/style.css.php
+++ b/htdocs/theme/eldy/style.css.php
@@ -866,7 +866,7 @@
 }
 .side-nav {
 	position: absolute;
-    z-index: 200;
+    z-index: 90;
     display: none;
 }
 div.blockvmenulogo
@@ -4222,7 +4222,7 @@
 /* ============================================================================== */
 
 ul.ulselectedfields {
-    z-index: 100;			/* To have the select box appears on first plan even when near buttons are decorated by jmobile */
+    z-index: 95;			/* To have the select box appears on first plan even when near buttons are decorated by jmobile */
 }
 dl.dropdown {
     margin:0px;
diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php
index 0d6d0fad7afcf..05b127250cbc3 100644
--- a/htdocs/theme/md/style.css.php
+++ b/htdocs/theme/md/style.css.php
@@ -832,7 +832,7 @@
 	position: fixed;
 	top: 50px;
 <?php } ?>
-	z-index: 200;
+	z-index: 90;
 	-webkit-transform: translateZ(0);
 	-moz-transform: translateZ(0);
 	-ms-transform: translateZ(0);
@@ -889,7 +889,7 @@
 
 	position: auto;
 	top: auto;
-	z-index: 200;
+	z-index: 90;
 }
 div.login_block {
 	/* position: initial !important;*/
@@ -899,7 +899,7 @@
 	padding-left: 0 ! important;
 }
 #id-left {
-	z-index: 201;
+	z-index: 91;
 	background: #FFF;
 	border-right: 1px solid rgba(0,0,0,0.3);
 <?php if ((GETPOST('testmenuhider') || ! empty($conf->global->MAIN_TESTMENUHIDER)) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { ?>
@@ -4116,7 +4116,7 @@
 /* ============================================================================== */
 
 ul.ulselectedfields {
-    z-index: 100;			/* To have the select box appears on first plan even when near buttons are decorated by jmobile */
+    z-index: 90;			/* To have the select box appears on first plan even when near buttons are decorated by jmobile */
 }
 dl.dropdown {
     margin:0px;

From d03d179fa31baa67c32709e5f2d3eadc3906e309 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sun, 28 May 2017 23:43:24 +0200
Subject: [PATCH 13/15] FIX Fullname when member is a moral entity with no
 name.

---
 htdocs/core/class/commonobject.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php
index 868ec97d34977..529bb20a89b78 100644
--- a/htdocs/core/class/commonobject.class.php
+++ b/htdocs/core/class/commonobject.class.php
@@ -397,8 +397,8 @@ function getFullName($langs,$option=0,$nameorder=-1,$maxlen=0)
         //print "lastname=".$this->lastname." name=".$this->name." nom=".$this->nom."<br>\n";
         $lastname=$this->lastname;
         $firstname=$this->firstname;
-        if (empty($lastname))  $lastname=(isset($this->lastname)?$this->lastname:(isset($this->name)?$this->name:(isset($this->nom)?$this->nom:'')));
-
+        if (empty($lastname))  $lastname=(isset($this->lastname)?$this->lastname:(isset($this->name)?$this->name:(isset($this->nom)?$this->nom:(isset($this->societe)?$this->societe:(isset($this->company)?$this->company:'')))));
+        
         $ret='';
         if ($option && $this->civility_id)
         {

From 70636cc59ffa1ffbc0ce3dba315d7d9b837aad04 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 29 May 2017 09:57:05 +0200
Subject: [PATCH 14/15] FIX SQL injection on user/index.php parameter
 search_statut.

---
 htdocs/core/lib/functions.lib.php |  3 +++
 htdocs/user/index.php             | 16 ++++++++--------
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 2db8ecdb111ca..c678e0bc7dff4 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -286,6 +286,9 @@ function GETPOST($paramname,$check='',$method=0,$filter=NULL,$options=NULL)
 	        case 'int':
 	            if (! is_numeric($out)) { $out=''; }
 	            break;
+	        case 'intcomma':
+	            if (preg_match('/[^0-9,]+/i',$out)) $out='';
+	            break;
 	        case 'alpha':
 	            $out=trim($out);
 	            // '"' is dangerous because param in url can close the href= or src= and add javascript functions.
diff --git a/htdocs/user/index.php b/htdocs/user/index.php
index 9e7c78f97999f..35a05ad4be169 100644
--- a/htdocs/user/index.php
+++ b/htdocs/user/index.php
@@ -119,9 +119,9 @@
 $search_employee=GETPOST('search_employee','alpha');
 $search_accountancy_code=GETPOST('search_accountancy_code','alpha');
 $search_email=GETPOST('search_email','alpha');
-$search_statut=GETPOST('search_statut','alpha');
+$search_statut=GETPOST('search_statut','intcomma');
 $search_thirdparty=GETPOST('search_thirdparty','alpha');
-$search_supervisor=GETPOST('search_supervisor','alpha');
+$search_supervisor=GETPOST('search_supervisor','intcomma');
 $search_previousconn=GETPOST('search_previousconn','alpha');
 $optioncss = GETPOST('optioncss','alpha');
 
@@ -148,7 +148,7 @@
     include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php';
 
     // Purge search criteria
-    if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter.x") ||GETPOST("button_removefilter")) // All test are required to be compatible with all browsers
+    if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter.x") ||GETPOST("button_removefilter")) // All tests are required to be compatible with all browsers
     {
     	$search_user="";
     	$search_login="";
@@ -203,8 +203,8 @@
 }
 if ($socid > 0) $sql.= " AND u.fk_soc = ".$socid;
 //if ($search_user != '')       $sql.=natural_search(array('u.login', 'u.lastname', 'u.firstname'), $search_user);
-if ($search_supervisor > 0)   $sql.= " AND u.fk_user = ".$search_supervisor;
-if ($search_thirdparty != '') $sql.=natural_search(array('s.nom'), $search_thirdparty);
+if ($search_supervisor > 0)   $sql.= " AND u.fk_user = ".$db->escape($search_supervisor);
+if ($search_thirdparty != '') $sql.= natural_search(array('s.nom'), $search_thirdparty);
 if ($search_login != '')      $sql.= natural_search("u.login", $search_login);
 if ($search_lastname != '')   $sql.= natural_search("u.lastname", $search_lastname);
 if ($search_firstname != '')  $sql.= natural_search("u.firstname", $search_firstname);
@@ -213,9 +213,9 @@
 	$sql .= ' AND u.employee = '.(int) $search_employee;
 }
 if ($search_accountancy_code != '')  $sql.= natural_search("u.accountancy_code", $search_accountancy_code);
-if ($search_email != '')  $sql.= natural_search("u.email", $search_email);
-if ($search_statut != '' && $search_statut >= 0) $sql.= " AND (u.statut=".$search_statut.")";
-if ($sall)                    $sql.= natural_search(array_keys($fieldstosearchall), $sall);
+if ($search_email != '')             $sql.= natural_search("u.email", $search_email);
+if ($search_statut != '' && $search_statut >= 0) $sql.= " AND u.statut IN (".$db->escape($search_statut).")";
+if ($sall)                           $sql.= natural_search(array_keys($fieldstosearchall), $sall);
 // Add where from extra fields
 foreach ($search_array_options as $key => $val)
 {

From aa0a369f06c28a635e23b276c1015c9d0bcb5e94 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 29 May 2017 10:15:10 +0200
Subject: [PATCH 15/15] Fix typo

---
 htdocs/user/class/usergroup.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/user/class/usergroup.class.php b/htdocs/user/class/usergroup.class.php
index 81c5e9864442a..41cbdc44964ef 100644
--- a/htdocs/user/class/usergroup.class.php
+++ b/htdocs/user/class/usergroup.class.php
@@ -68,7 +68,7 @@ function __construct($db)
 
 
 	/**
-	 *	Charge un objet group avec toutes ces caracteristiques (excpet ->members array)
+	 *	Charge un objet group avec toutes ces caracteristiques (except ->members array)
 	 *
 	 *	@param      int		$id			id du groupe a charger
 	 *	@param      string	$groupname	name du groupe a charger