--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_19.0.3_ajaxdirpreview.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_ajaxdirpreview.php
@@ -30,42 +30,29 @@
-if (!defined('NOTOKENRENEWAL')) {

-	define('NOTOKENRENEWAL', 1); // Disables token renewal

-}

-if (!defined('NOREQUIREMENU')) {

-	define('NOREQUIREMENU', '1');

-}

-if (!defined('NOREQUIREHTML')) {

-	define('NOREQUIREHTML', '1');

-}

-if (!defined('NOREQUIREAJAX')) {

-	define('NOREQUIREAJAX', '1');

-}

-

-if (!isset($mode) || $mode != 'noajax') {    // For ajax call

-	require_once '../../main.inc.php';

-	require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';

-	require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';

-	require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';

-

-	$action = GETPOST('action', 'aZ09');

-	$file = urldecode(GETPOST('file', 'alpha'));

-	$section = GETPOST("section", 'alpha');

-	$module = GETPOST("module", 'alpha');

-	$urlsource = GETPOST("urlsource", 'alpha');

-	$search_doc_ref = GETPOST('search_doc_ref', 'alpha');

-

-	$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;

-	$sortfield = GETPOST("sortfield", 'aZ09comma');

-	$sortorder = GETPOST("sortorder", 'aZ09comma');

-	$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');

-	if (empty($page) || $page == -1) {

-		$page = 0;

-	}     // If $page is not defined, or '' or -1

-	$offset = $limit * $page;

-	$pageprev = $page - 1;

-	$pagenext = $page + 1;

-	if (!$sortorder) {

-		$sortorder = "ASC";

-	}

-	if (!$sortfield) {

-		$sortfield = "name";

-	}

+if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', 1); // Disables token renewal

+if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1');

+if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1');

+if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1');

+

+if (!isset($mode) || $mode != 'noajax')    // For ajax call

+{

+    require_once '../../main.inc.php';

+    require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';

+    require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';

+    require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';

+

+    $action = GETPOST('action', 'aZ09');

+    $file = urldecode(GETPOST('file', 'alpha'));

+    $section = GETPOST("section", 'alpha');

+    $module = GETPOST("module", 'alpha');

+    $urlsource = GETPOST("urlsource", 'alpha');

+    $search_doc_ref = GETPOST('search_doc_ref', 'alpha');

+

+    $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;

+    $sortfield = GETPOST("sortfield", 'alpha');

+    $sortorder = GETPOST("sortorder", 'alpha');

+    $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');

+    if (empty($page) || $page == -1) { $page = 0; }     // If $page is not defined, or '' or -1

+    $offset = $limit * $page;

+    $pageprev = $page - 1;

+    $pagenext = $page + 1;

+    if (!$sortorder) $sortorder = "ASC";

+    if (!$sortfield) $sortfield = "name";

@@ -79,5 +66,6 @@
-		$result = $ecmdir->fetch($section);

-		if (!($result > 0)) {

-			//dol_print_error($db,$ecmdir->error);

-			//exit;

-		}

+	    $result = $ecmdir->fetch($section);

+	    if (!$result > 0)

+	    {

+	        //dol_print_error($db,$ecmdir->error);

+	        //exit;

+	    }

@@ -85,2 +73,2 @@
-} else {

-	// For no ajax call

+} else // For no ajax call

+{

@@ -90,10 +78,14 @@
-	$relativepath = '';

-	if ($section > 0) {

-		$result = $ecmdir->fetch($section);

-		if (!($result > 0)) {

-			dol_print_error($db, $ecmdir->error);

-			exit;

-		}

-

-		$relativepath = $ecmdir->getRelativePath(); // Example   'mydir/'

-	} elseif (GETPOST('section_dir')) {

+    $relativepath = '';

+    if ($section > 0)

+    {

+        $result = $ecmdir->fetch($section);

+        if (!$result > 0)

+        {

+            dol_print_error($db, $ecmdir->error);

+            exit;

+        }

+

+        $relativepath = $ecmdir->getRelativePath(); // Example   'mydir/'

+    }

+	elseif (GETPOST('section_dir'))

+	{

@@ -107,8 +99,4 @@
-if (empty($url)) {	// autoset $url but it is better to have it defined before into filemanager.tpl.php (not possible when in auto tree)

-	if (!empty($module) && $module == 'medias' && !GETPOST('website')) {

-		$url = DOL_URL_ROOT.'/ecm/index_medias.php';

-	} elseif (GETPOSTISSET('website')) {

-		$url = DOL_URL_ROOT.'/website/index.php';

-	} else {

-		$url = DOL_URL_ROOT.'/ecm/index.php';

-	}

+if (empty($url))

+{

+	if (GETPOSTISSET('website')) $url = DOL_URL_ROOT.'/website/index.php';

+	else $url = DOL_URL_ROOT.'/ecm/index.php';

@@ -120,4 +107,0 @@
-if (empty($modulepart)) {

-	$modulepart = $module;

-}

-

@@ -125,3 +109,5 @@
-if ($user->socid > 0) {

-	$socid = $user->socid;

-}

+if ($user->socid > 0) $socid = $user->socid;

+

+//print 'xxx'.$upload_dir;

+

+// Security:

@@ -129,6 +115,8 @@
-if (preg_match('/\.\./', $upload_dir) || preg_match('/[<>|]/', $upload_dir)) {

-	dol_syslog("Refused to deliver file ".$upload_dir);

-	// Do no show plain path in shown error message

-	dol_print_error(0, $langs->trans("ErrorFileNameInvalid", $upload_dir));

-	exit;

-}

+if (preg_match('/\.\./', $upload_dir) || preg_match('/[<>|]/', $upload_dir))

+{

+    dol_syslog("Refused to deliver file ".$upload_dir);

+    // Do no show plain path in shown error message

+    dol_print_error(0, $langs->trans("ErrorFileNameInvalid", $upload_dir));

+    exit;

+}

+

@@ -136,5 +124,6 @@
-if ($modulepart == 'ecm') {

-	if (!$user->hasRight('ecm', 'read')) {

-		accessforbidden();

-	}

-} elseif ($modulepart == 'medias' || $modulepart == 'website') {

+if ($modulepart == 'ecm')

+{

+	if (!$user->rights->ecm->read) accessforbidden();

+}

+if ($modulepart == 'medias')

+{

@@ -142,2 +130,0 @@
-} else {

-	accessforbidden();

@@ -159 +146,2 @@
-if (!isset($mode) || $mode != 'noajax') {

+if (!isset($mode) || $mode != 'noajax')

+{

@@ -161,4 +149,4 @@
-	header('Cache-Control: Public, must-revalidate');

-	header('Pragma: public');

-

-	top_httphead();

+    header('Cache-Control: Public, must-revalidate');

+    header('Pragma: public');

+

+    top_httphead();

@@ -170,8 +158,9 @@
-if (!dol_is_dir($upload_dir)) {

-	//dol_mkdir($upload_dir);

-	/*$langs->load("install");

-	dol_print_error(0,$langs->trans("ErrorDirDoesNotExists",$upload_dir));

-	exit;*/

-}

-

-print '<!-- ajaxdirpreview type='.$type.' module='.$module.' modulepart='.$modulepart.'-->'."\n";

+if (!dol_is_dir($upload_dir))

+{

+    //dol_mkdir($upload_dir);

+    /*$langs->load("install");

+    dol_print_error(0,$langs->trans("ErrorDirDoesNotExists",$upload_dir));

+    exit;*/

+}

+

+print '<!-- ajaxdirpreview type='.$type.' -->'."\n";

@@ -181,6 +170,2 @@
-if (!empty($websitekey)) {

-	$param .= '&website='.urlencode($websitekey);

-}

-if (!empty($pageid)) {

-	$param .= '&pageid='.urlencode($pageid);

-}

+if (!empty($websitekey)) $param .= '&website='.urlencode($websitekey);

+if (!empty($pageid))     $param .= '&pageid='.urlencode($pageid);

@@ -190,115 +175,70 @@
-if ($type == 'directory') {

-	$formfile = new FormFile($db);

-

-	$maxlengthname = 40;

-	$excludefiles = array('^SPECIMEN\.pdf$', '^\.', '(\.meta|_preview.*\.png)$', '^temp$', '^payments$', '^CVS$', '^thumbs$');

-	$sorting = (strtolower($sortorder) == 'desc' ? SORT_DESC : SORT_ASC);

-

-	// Right area. If module is defined here, we are in automatic ecm.

-	$automodules = array(

-		'company',

-		'invoice',

-		'invoice_supplier',

-		'propal',

-		'supplier_proposal',

-		'order',

-		'order_supplier',

-		'contract',

-		'product',

-		'tax',

-		'tax-vat',

-		'salaries',

-		'project',

-		'project_task',

-		'fichinter',

-		'user',

-		'expensereport',

-		'holiday',

-		'recruitment-recruitmentcandidature',

-		'banque',

-		'chequereceipt',

-		'mrp-mo'

-	);

-

-	$parameters = array('modulepart'=>$module);

-	$reshook = $hookmanager->executeHooks('addSectionECMAuto', $parameters);

-	if ($reshook > 0 && is_array($hookmanager->resArray) && count($hookmanager->resArray) > 0) {

-		$automodules[] = $hookmanager->resArray['module'];

-	}

-

-	// TODO change for multicompany sharing

-	if ($module == 'company') {

-		$upload_dir = $conf->societe->dir_output;

-		$excludefiles[] = '^contact$'; // The subdir 'contact' contains files of contacts.

-	} elseif ($module == 'invoice') {

-		$upload_dir = $conf->facture->dir_output;

-	} elseif ($module == 'invoice_supplier') {

-		$upload_dir = $conf->fournisseur->facture->dir_output;

-	} elseif ($module == 'propal') {

-		$upload_dir = $conf->propal->dir_output;

-	} elseif ($module == 'supplier_proposal') {

-		$upload_dir = $conf->supplier_proposal->dir_output;

-	} elseif ($module == 'order') {

-		$upload_dir = $conf->commande->dir_output;

-	} elseif ($module == 'order_supplier') {

-		$upload_dir = $conf->fournisseur->commande->dir_output;

-	} elseif ($module == 'contract') {

-		$upload_dir = $conf->contrat->dir_output;

-	} elseif ($module == 'product') {

-		$upload_dir = $conf->product->dir_output;

-	} elseif ($module == 'tax') {

-		$upload_dir = $conf->tax->dir_output;

-		$excludefiles[] = '^vat$'; // The subdir 'vat' contains files of vats.

-	} elseif ($module == 'tax-vat') {

-		$upload_dir = $conf->tax->dir_output.'/vat';

-	} elseif ($module == 'salaries') {

-		$upload_dir = $conf->salaries->dir_output;

-	} elseif ($module == 'project') {

-		$upload_dir = $conf->project->dir_output;

-	} elseif ($module == 'project_task') {

-		$upload_dir = $conf->project->dir_output;

-	} elseif ($module == 'fichinter') {

-		$upload_dir = $conf->ficheinter->dir_output;

-	} elseif ($module == 'user') {

-		$upload_dir = $conf->user->dir_output;

-	} elseif ($module == 'expensereport') {

-		$upload_dir = $conf->expensereport->dir_output;

-	} elseif ($module == 'holiday') {

-		$upload_dir = $conf->holiday->dir_output;

-	} elseif ($module == 'recruitment-recruitmentcandidature') {

-		$upload_dir = $conf->recruitment->dir_output.'/recruitmentcandidature';

-	} elseif ($module == 'banque') {

-		$upload_dir = $conf->bank->dir_output;

-	} elseif ($module == 'chequereceipt') {

-		$upload_dir = $conf->bank->dir_output.'/checkdeposits';

-	} elseif ($module == 'mrp-mo') {

-		$upload_dir = $conf->mrp->dir_output;

-	} else {

-		$parameters = array('modulepart'=>$module);

-		$reshook = $hookmanager->executeHooks('addSectionECMAuto', $parameters);

-		if ($reshook > 0 && is_array($hookmanager->resArray) && count($hookmanager->resArray) > 0) {

-			$upload_dir = $hookmanager->resArray['directory'];

-		}

-	}

-

-	// Automatic list

-	if (in_array($module, $automodules)) {

-		$param .= '&module='.$module;

-		if (isset($search_doc_ref) && $search_doc_ref != '') {

-			$param .= '&search_doc_ref='.urlencode($search_doc_ref);

-		}

-

-		$textifempty = ($section ? $langs->trans("NoFileFound") : ($showonrightsize == 'featurenotyetavailable' ? $langs->trans("FeatureNotYetAvailable") : $langs->trans("NoFileFound")));

-

-		$filter = preg_quote($search_doc_ref, '/');

-		$filearray = dol_dir_list($upload_dir, "files", 1, $filter, $excludefiles, $sortfield, $sorting, 1);

-

-		$perm = $user->rights->ecm->upload;

-

-		$formfile->list_of_autoecmfiles($upload_dir, $filearray, $module, $param, 1, '', $perm, 1, $textifempty, $maxlengthname, $url, 1);

-	} else {

-		// Manual list

-		if ($module == 'medias') {

-			/*

-			   $_POST is array like

-			  'token' => string '062380e11b7dcd009d07318b57b71750' (length=32)

+if ($type == 'directory')

+{

+    $formfile = new FormFile($db);

+

+    $maxlengthname = 40;

+    $excludefiles = array('^SPECIMEN\.pdf$', '^\.', '(\.meta|_preview.*\.png)$', '^temp$', '^payments$', '^CVS$', '^thumbs$');

+    $sorting = (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC);

+

+    // Right area. If module is defined here, we are in automatic ecm.

+    $automodules = array('company', 'invoice', 'invoice_supplier', 'propal', 'supplier_proposal', 'order', 'order_supplier', 'contract', 'product', 'tax', 'project', 'fichinter', 'user', 'expensereport', 'holiday', 'banque');

+

+    // TODO change for multicompany sharing

+    // Auto area for suppliers invoices

+    if ($module == 'company') $upload_dir = $conf->societe->dir_output;

+    // Auto area for suppliers invoices

+    elseif ($module == 'invoice') $upload_dir = $conf->facture->dir_output;

+    // Auto area for suppliers invoices

+    elseif ($module == 'invoice_supplier') $upload_dir = $conf->fournisseur->facture->dir_output;

+    // Auto area for customers proposal

+    elseif ($module == 'propal') $upload_dir = $conf->propal->dir_output;

+    // Auto area for suppliers proposal

+    elseif ($module == 'supplier_proposal') $upload_dir = $conf->supplier_proposal->dir_output;

+    // Auto area for customers orders

+    elseif ($module == 'order') $upload_dir = $conf->commande->dir_output;

+    // Auto area for suppliers orders

+    elseif ($module == 'order_supplier') $upload_dir = $conf->fournisseur->commande->dir_output;

+    // Auto area for suppliers invoices

+    elseif ($module == 'contract') $upload_dir = $conf->contrat->dir_output;

+    // Auto area for products

+    elseif ($module == 'product') $upload_dir = $conf->product->dir_output;

+    // Auto area for suppliers invoices

+    elseif ($module == 'tax') $upload_dir = $conf->tax->dir_output;

+    // Auto area for projects

+    elseif ($module == 'project') $upload_dir = $conf->projet->dir_output;

+    // Auto area for interventions

+    elseif ($module == 'fichinter') $upload_dir = $conf->ficheinter->dir_output;

+    // Auto area for users

+    elseif ($module == 'user') $upload_dir = $conf->user->dir_output;

+    // Auto area for expense report

+    elseif ($module == 'expensereport') $upload_dir = $conf->expensereport->dir_output;

+	// Auto area for holiday

+    elseif ($module == 'holiday') $upload_dir = $conf->holiday->dir_output;

+    // Auto area for holiday

+    elseif ($module == 'banque') $upload_dir = $conf->bank->dir_output;

+

+    // Automatic list

+    if (in_array($module, $automodules))

+    {

+        $param .= '&module='.$module;

+        if (isset($search_doc_ref) && $search_doc_ref != '') $param .= '&search_doc_ref='.urlencode($search_doc_ref);

+

+        $textifempty = ($section ? $langs->trans("NoFileFound") : ($showonrightsize == 'featurenotyetavailable' ? $langs->trans("FeatureNotYetAvailable") : $langs->trans("NoFileFound")));

+

+        if ($module == 'company') $excludefiles[] = '^contact$'; // The subdir 'contact' contains files of contacts with no id of thirdparty.

+

+        $filter = preg_quote($search_doc_ref, '/');

+        $filearray = dol_dir_list($upload_dir, "files", 1, $filter, $excludefiles, $sortfield, $sorting, 1);

+

+        $perm = $user->rights->ecm->upload;

+

+        $formfile->list_of_autoecmfiles($upload_dir, $filearray, $module, $param, 1, '', $perm, 1, $textifempty, $maxlengthname, $url, 1);

+    }

+    // Manual list

+    else

+    {

+    	if ($module == 'medias')

+    	{

+    		/*

+    		   $_POST is array like

+    		  'token' => string '062380e11b7dcd009d07318b57b71750' (length=32)

@@ -312,81 +252,86 @@
-			 */

-			$relativepath = GETPOST('file', 'alpha') ? GETPOST('file', 'alpha') : GETPOST('section_dir', 'alpha');

-			if ($relativepath && $relativepath != '/') {

-				$relativepath .= '/';

-			}

-			$upload_dir = $dolibarr_main_data_root.'/'.$module.'/'.$relativepath;

-			if (GETPOSTISSET('website') || GETPOSTISSET('file_manager')) {

-				$param .= '&file_manager=1';

-				if (!preg_match('/website=/', $param) && GETPOST('website', 'alpha')) {

-					$param .= '&website='.urlencode(GETPOST('website', 'alpha'));

-				}

-				if (!preg_match('/pageid=/', $param)) {

-					$param .= '&pageid='.urlencode(GETPOST('pageid', 'int'));

-				}

-				//if (!preg_match('/backtopage=/',$param)) $param.='&backtopage='.urlencode($_SERVER["PHP_SELF"].'?file_manager=1&website='.$websitekey.'&pageid='.$pageid);

-			}

-		} else {

-			$relativepath = $ecmdir->getRelativePath();

-			$upload_dir = $conf->ecm->dir_output.'/'.$relativepath;

-		}

-

-		// If $section defined with value 0

-		if (($section === '0' || empty($section)) && ($module != 'medias')) {

-			$filearray = array();

-		} else {

-			$filearray = dol_dir_list($upload_dir, "files", 0, '', array('^\.', '(\.meta|_preview.*\.png)$', '^temp$', '^CVS$'), $sortfield, $sorting, 1);

-		}

-

-		if ($section) {

-			$param .= '&section='.$section;

-			if (isset($search_doc_ref) && $search_doc_ref != '') {

-				$param .= '&search_doc_ref='.urlencode($search_doc_ref);

-			}

-

-			$textifempty = $langs->trans('NoFileFound');

-		} elseif ($section === '0') {

-			if ($module == 'ecm') {

-				$textifempty = '<br><div class="center"><span class="warning">'.$langs->trans("DirNotSynchronizedSyncFirst").'</span></div><br>';

-			} else {

-				$textifempty = $langs->trans('NoFileFound');

-			}

-		} else {

-			$textifempty = ($showonrightsize == 'featurenotyetavailable' ? $langs->trans("FeatureNotYetAvailable") : $langs->trans("ECMSelectASection"));

-		}

-

-		if ($module == 'medias') {

-			$useinecm = 6;

-			$modulepart = 'medias';

-			$perm = ($user->hasRight("website", "write") || $user->hasRight("emailing", "creer"));

-			$title = 'none';

-		} elseif ($module == 'ecm') { // DMS/ECM -> manual structure

-			if ($user->hasRight("ecm", "read")) {

-				// Buttons: Preview

-				$useinecm = 2;

-			}

-

-			if ($user->hasRight("ecm", "upload")) {

-				// Buttons: Preview + Delete

-				$useinecm = 4;

-			}

-

-			if ($user->hasRight("ecm", "setup")) {

-				// Buttons: Preview + Delete + Edit

-				$useinecm = 5;

-			}

-

-			$perm = $user->hasRight("ecm", "upload");

-			$modulepart = 'ecm';

-			$title = ''; // Use default

-		} else {

-			$useinecm = 5;

-			$modulepart = 'ecm';

-			$perm = $user->hasRight("ecm", "upload");

-			$title = ''; // Use default

-		}

-

-		// When we show list of files for ECM files, $filearray contains file list, and directory is defined with modulepart + section into $param

-		// When we show list of files for a directory, $filearray ciontains file list, and directory is defined with modulepart + $relativepath

-		//var_dump("section=".$section." title=".$title." modulepart=".$modulepart." useinecm=".$useinecm." perm=".$perm." relativepath=".$relativepath." param=".$param." url=".$url);

-		$formfile->list_of_documents($filearray, '', $modulepart, $param, 1, $relativepath, $perm, $useinecm, $textifempty, $maxlengthname, $title, $url, 0, $perm, '', $sortfield, $sortorder);

-	}

+    		 */

+    		$relativepath = GETPOST('file', 'alpha') ?GETPOST('file', 'alpha') : GETPOST('section_dir', 'alpha');

+    		if ($relativepath && $relativepath != '/') $relativepath .= '/';

+    		$upload_dir = $dolibarr_main_data_root.'/'.$module.'/'.$relativepath;

+    		if (GETPOSTISSET('website') || GETPOSTISSET('file_manager'))

+	    	{

+	    		$param .= '&file_manager=1';

+	    		if (!preg_match('/website=/', $param)) $param .= '&website='.urlencode(GETPOST('website', 'alpha'));

+	    		if (!preg_match('/pageid=/', $param)) $param .= '&pageid='.urlencode(GETPOST('pageid', 'int'));

+	    		//if (!preg_match('/backtopage=/',$param)) $param.='&backtopage='.urlencode($_SERVER["PHP_SELF"].'?file_manager=1&website='.$websitekey.'&pageid='.$pageid);

+	    	}

+    	}

+    	else

+    	{

+        	$relativepath = $ecmdir->getRelativePath();

+        	$upload_dir = $conf->ecm->dir_output.'/'.$relativepath;

+    	}

+

+        // If $section defined with value 0

+		if (($section === '0' || empty($section)) && ($module != 'medias'))

+        {

+            $filearray = array();

+        }

+        else

+        {

+        	$filearray = dol_dir_list($upload_dir, "files", 0, '', array('^\.', '(\.meta|_preview.*\.png)$', '^temp$', '^CVS$'), $sortfield, $sorting, 1);

+        }

+

+        if ($section)

+        {

+            $param .= '&section='.$section;

+        	if (isset($search_doc_ref) && $search_doc_ref != '') $param .= '&search_doc_ref='.$search_doc_ref;

+

+            $textifempty = $langs->trans('NoFileFound');

+        }

+        elseif ($section === '0')

+        {

+        	if ($module == 'ecm') $textifempty = '<br><div class="center"><font class="warning">'.$langs->trans("DirNotSynchronizedSyncFirst").'</font></div><br>';

+        	else $textifempty = $langs->trans('NoFileFound');

+        }

+        else $textifempty = ($showonrightsize == 'featurenotyetavailable' ? $langs->trans("FeatureNotYetAvailable") : $langs->trans("ECMSelectASection"));

+

+        if ($module == 'medias')

+        {

+            $useinecm = 6;

+            $modulepart = 'medias';

+            $perm = ($user->rights->website->write || $user->rights->emailing->creer);

+            $title = 'none';

+        }

+        elseif ($module == 'ecm') // DMS/ECM -> manual structure

+        {

+            if ($user->rights->ecm->read)

+            {

+                // Buttons: Preview

+                $useinecm = 2;

+            }

+

+            if ($user->rights->ecm->upload)

+            {

+                // Buttons: Preview + Delete

+                $useinecm = 4;

+            }

+

+            if ($user->rights->ecm->setup)

+            {

+                // Buttons: Preview + Delete + Edit

+                $useinecm = 5;

+            }

+

+            $perm = $user->rights->ecm->upload;

+            $modulepart = 'ecm';

+            $title = ''; // Use default

+        }

+        else

+        {

+            $useinecm = 5;

+            $modulepart = 'ecm';

+            $perm = $user->rights->ecm->upload;

+            $title = ''; // Use default

+        }

+

+        // When we show list of files for ECM files, $filearray contains file list, and directory is defined with modulepart + section into $param

+        // When we show list of files for a directory, $filearray ciontains file list, and directory is defined with modulepart + $relativepath

+        //var_dump("section=".$section." title=".$title." modulepart=".$modulepart." useinecm=".$useinecm." perm=".$perm." relativepath=".$relativepath." param=".$param." url=".$url);

+        $formfile->list_of_documents($filearray, '', $modulepart, $param, 1, $relativepath, $perm, $useinecm, $textifempty, $maxlengthname, $title, $url, 0, $perm);

+    }

@@ -399,9 +344,3 @@
-if (!empty($conf->dol_use_jmobile)) {

-	$useajax = 0;

-}

-if (empty($conf->use_javascript_ajax)) {

-	$useajax = 0;

-}

-if (getDolGlobalString('MAIN_ECM_DISABLE_JS')) {

-	$useajax = 0;

-}

+if (!empty($conf->dol_use_jmobile)) $useajax = 0;

+if (empty($conf->use_javascript_ajax)) $useajax = 0;

+if (!empty($conf->global->MAIN_ECM_DISABLE_JS)) $useajax = 0;

@@ -411 +350,2 @@
-if ($useajax || $action == 'deletefile') {

+if ($useajax || $action == 'delete')

+{

@@ -413,7 +353,3 @@
-	if ($action == 'deletefile') {

-		$urlfile = GETPOST('urlfile', 'alpha');

-	}

-

-	if (empty($section_dir)) {

-		$section_dir = GETPOST("file", "alpha");

-	}

+	if ($action == 'delete') $urlfile = GETPOST('urlfile', 'alpha');

+

+	if (empty($section_dir)) $section_dir = GETPOST("file", "alpha");

@@ -431,9 +367,3 @@
-	if (!empty($action) && $action == 'file_manager') {

-		$formquestion['file_manager'] = array('type'=>'hidden', 'value'=>1, 'name'=>'file_manager');

-	}

-	if (!empty($websitekey)) {

-		$formquestion['website'] = array('type'=>'hidden', 'value'=>$websitekey, 'name'=>'website');

-	}

-	if (!empty($pageid) && $pageid > 0) {

-		$formquestion['pageid'] = array('type'=>'hidden', 'value'=>$pageid, 'name'=>'pageid');

-	}

+	if (!empty($action) && $action == 'file_manager')	$formquestion['file_manager'] = array('type'=>'hidden', 'value'=>1, 'name'=>'file_manager');

+	if (!empty($websitekey))							$formquestion['website'] = array('type'=>'hidden', 'value'=>$websitekey, 'name'=>'website');

+	if (!empty($pageid) && $pageid > 0)				$formquestion['pageid'] = array('type'=>'hidden', 'value'=>$pageid, 'name'=>'pageid');

@@ -444,3 +374,3 @@
-if ($useajax) {

-	print '<!-- ajaxdirpreview.php: js to manage preview of doc -->'."\n";

-	print '<script nonce="'.getNonce().'" type="text/javascript">';

+if ($useajax)

+{

+	print '<script type="text/javascript">';

@@ -451 +381,2 @@
-	if ($conf->browser->layout != 'phone') {

+	if ($conf->browser->layout != 'phone')

+	{

@@ -478,3 +409 @@
-if ((!isset($mode) || $mode != 'noajax') && is_object($db)) {

-	$db->close();

-}

+if ((!isset($mode) || $mode != 'noajax') && is_object($db)) $db->close();

--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_19.0.3_ajaxdirtree.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_ajaxdirtree.php
@@ -29,14 +29,7 @@
-if (!defined('NOTOKENRENEWAL')) {

-	define('NOTOKENRENEWAL', 1); // Disables token renewal

-}

-if (!defined('NOREQUIREMENU')) {

-	define('NOREQUIREMENU', '1');

-}

-if (!defined('NOREQUIREHTML')) {

-	define('NOREQUIREHTML', '1');

-}

-if (!defined('NOREQUIREAJAX')) {

-	define('NOREQUIREAJAX', '1');

-}

-

-if (!isset($mode) || $mode != 'noajax') {    // For ajax call

+if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', 1); // Disables token renewal

+if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1');

+if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1');

+if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1');

+

+if (!isset($mode) || $mode != 'noajax')    // For ajax call

+{

@@ -49,0 +43,2 @@
+	//if (GETPOST('preopened')) { $_GET['dir'] = $_POST['dir'] = '/bbb/'; }

+

@@ -56,5 +51,5 @@
-	if ($selecteddir != '/') {

-		$selecteddir = preg_replace('/\/$/', '', $selecteddir); // We removed last '/' except if it is '/'

-	}

-} else {

-	// For no ajax call

+	if ($selecteddir != '/') $selecteddir = preg_replace('/\/$/', '', $selecteddir); // We removed last '/' except if it is '/'

+}

+else    // For no ajax call

+{

+	//if (GETPOST('preopened')) { $_GET['dir'] = $_POST['dir'] = GETPOST('preopened'); }

@@ -68,10 +63,3 @@
-	if ($selecteddir != '/') {

-		$selecteddir = preg_replace('/\/$/', '', $selecteddir); // We removed last '/' except if it is '/'

-	}

-	if (empty($url)) {

-		$url = DOL_URL_ROOT.'/ecm/index.php';

-	}

-}

-

-$websitekey = GETPOST('websitekey', 'alpha');

-$pageid = GETPOST('pageid', 'int');

+	if ($selecteddir != '/') $selecteddir = preg_replace('/\/$/', '', $selecteddir); // We removed last '/' except if it is '/'

+	if (empty($url)) $url = DOL_URL_ROOT.'/ecm/index.php';

+}

@@ -84 +72,2 @@
-if ($modulepart == 'ecm') {

+if ($modulepart == 'ecm')

+{

@@ -87 +76,3 @@
-} elseif ($modulepart == 'medias' || $modulepart == 'website') {

+}

+elseif ($modulepart == 'medias')

+{

@@ -95,17 +86,15 @@
-if (preg_match('/\.\./', $fullpathselecteddir) || preg_match('/[<>|]/', $fullpathselecteddir)) {

-	dol_syslog("Refused to deliver file ".$original_file);

-	// Do no show plain path in shown error message

-	dol_print_error(0, $langs->trans("ErrorFileNameInvalid", GETPOST("file")));

-	exit;

-}

-

-if (empty($modulepart)) {

-	$modulepart = $module;

-}

-

-// Security check

-if ($modulepart == 'ecm') {

-	if (!$user->hasRight('ecm', 'read')) {

-		accessforbidden();

-	}

-} elseif ($modulepart == 'medias' || $modulepart == 'website') {

+if (preg_match('/\.\./', $fullpathselecteddir) || preg_match('/[<>|]/', $fullpathselecteddir))

+{

+    dol_syslog("Refused to deliver file ".$original_file);

+    // Do no show plain path in shown error message

+    dol_print_error(0, $langs->trans("ErrorFileNameInvalid", GETPOST("file")));

+    exit;

+}

+

+// Check permissions

+if ($modulepart == 'ecm')

+{

+	if (!$user->rights->ecm->read) accessforbidden();

+}

+elseif ($modulepart == 'medias')

+{

@@ -113,9 +102 @@
-} else {

-	accessforbidden();

-}

-

-/*

- * Actions

- */

-

-// None

+}

@@ -128 +109,2 @@
-if (!isset($mode) || $mode != 'noajax') {	// if ajax mode

+if (!isset($mode) || $mode != 'noajax')	// if ajax mode

+{

@@ -137,4 +119,2 @@
-// Load full manual tree of ECM module from database. We will use it to define nbofsubdir and nboffilesinsubdir

-if (empty($sqltree)) {

-	$sqltree = $ecmdirstatic->get_full_arbo(0);

-}

+// Load full tree of ECM module from database. We will use it to define nbofsubdir and nboffilesinsubdir

+if (empty($sqltree)) $sqltree = $ecmdirstatic->get_full_arbo(0);

@@ -144,8 +124,11 @@
-foreach ($sqltree as $keycursor => $val) {

-	//print $val['fullrelativename']." == ".$selecteddir;

-	if ($val['fullrelativename'] == $selecteddir) {

-		$current_ecmdir_id = $keycursor;

-	}

-}

-

-if (!empty($conf->use_javascript_ajax) && !getDolGlobalString('MAIN_ECM_DISABLE_JS')) {

+foreach ($sqltree as $keycursor => $val)

+{

+    //print $val['fullrelativename']." == ".$selecteddir;

+    if ($val['fullrelativename'] == $selecteddir)

+    {

+        $current_ecmdir_id = $keycursor;

+    }

+}

+

+if (!empty($conf->use_javascript_ajax) && empty($conf->global->MAIN_ECM_DISABLE_JS))

+{

@@ -158 +141 @@
-	print '<script nonce="'.getNonce().'" type="text/javascript">

+	print '<script type="text/javascript">

@@ -172 +155 @@
-	//print '<script nonce="'.getNonce().'" type="text/javascript">';

+	//print '<script language="javascript">';

@@ -178 +161,2 @@
-if (empty($conf->use_javascript_ajax) || getDolGlobalString('MAIN_ECM_DISABLE_JS')) {

+if (empty($conf->use_javascript_ajax) || !empty($conf->global->MAIN_ECM_DISABLE_JS))

+{

@@ -181,4 +165,2 @@
-	// Load full manual tree from database. We will use it to define nbofsubdir and nboffilesinsubdir

-	if (empty($sqltree)) {

-		$sqltree = $ecmdirstatic->get_full_arbo(0); // Slow

-	}

+	// Load full tree from database. We will use it to define nbofsubdir and nboffilesinsubdir

+	if (empty($sqltree)) $sqltree = $ecmdirstatic->get_full_arbo(0); // Slow

@@ -192 +174,2 @@
-	foreach ($sqltree as $key => $val) {

+	foreach ($sqltree as $key => $val)

+	{

@@ -194 +177,2 @@
-		if ($val['id'] == $section) {

+		if ($val['id'] == $section)

+		{

@@ -203,5 +187,4 @@
-	if (isset($_SESSION['dol_ecmexpandedsectionarray'])) {

-		$expandedsectionarray = explode(',', $_SESSION['dol_ecmexpandedsectionarray']);

-	}

-

-	if ($section && GETPOST('sectionexpand') == 'true') {

+	if (isset($_SESSION['dol_ecmexpandedsectionarray'])) $expandedsectionarray = explode(',', $_SESSION['dol_ecmexpandedsectionarray']);

+

+	if ($section && GETPOST('sectionexpand') == 'true')

+	{

@@ -210,2 +193,4 @@
-		foreach ($pathtosection as $idcursor) {

-			if ($idcursor && !in_array($idcursor, $expandedsectionarray)) {	// Not already in array

+		foreach ($pathtosection as $idcursor)

+		{

+			if ($idcursor && !in_array($idcursor, $expandedsectionarray))	// Not already in array

+			{

@@ -217 +202,2 @@
-	if ($section && GETPOST('sectionexpand') == 'false') {

+	if ($section && GETPOST('sectionexpand') == 'false')

+	{

@@ -221 +207,2 @@
-		foreach ($oldexpandedsectionarray as $sectioncursor) {

+		foreach ($oldexpandedsectionarray as $sectioncursor)

+		{

@@ -231 +218,2 @@
-	foreach ($sqltree as $key => $val) {

+	foreach ($sqltree as $key => $val)

+	{

@@ -236 +224,2 @@
-		if (preg_match('/refresh/i', $action)) {

+		if (preg_match('/refresh/i', $action))

+		{

@@ -250,19 +239,12 @@
-		if (in_array($val['id_mere'], $expandedsectionarray)) {

-			$showline = 4;

-		} elseif ($val['id'] != $section && $val['id_mere'] == $ecmdirstatic->motherof[$section]) {

-			// If directory is brother of selected directory, we show line

-			$showline = 3;

-		} elseif (preg_match('/'.$val['fullpath'].'_/i', $fullpathselected.'_')) {

-			// If directory is parent of selected directory or is selected directory, we show line

-			$showline = 2;

-		} elseif ($val['level'] < 2) {

-			// If we are level one we show line

-			$showline = 1;

-		}

-

-		if ($showline) {

-			if (in_array($val['id'], $expandedsectionarray)) {

-				$option = 'indexexpanded';

-			} else {

-				$option = 'indexnotexpanded';

-			}

+		if (in_array($val['id_mere'], $expandedsectionarray)) $showline = 4;

+		// If directory is brother of selected directory, we show line

+		elseif ($val['id'] != $section && $val['id_mere'] == $ecmdirstatic->motherof[$section]) $showline = 3;

+		// If directory is parent of selected directory or is selected directory, we show line

+		elseif (preg_match('/'.$val['fullpath'].'_/i', $fullpathselected.'_')) $showline = 2;

+		// If we are level one we show line

+		elseif ($val['level'] < 2) $showline = 1;

+

+		if ($showline)

+		{

+			if (in_array($val['id'], $expandedsectionarray)) $option = 'indexexpanded';

+			else $option = 'indexnotexpanded';

@@ -275 +257,2 @@
-			while ($cpt < $sqltree[$key]['level']) {

+			while ($cpt < $sqltree[$key]['level'])

+			{

@@ -290,4 +273 @@
-			print '<table class="nobordernopadding"><tr>';

-

-			print '<!-- nb of docs -->';

-			print '<td>';

+			print '<table class="nobordernopadding"><tr><td>';

@@ -296,2 +275,0 @@
-

-			print '<!-- nb in subdir -->';

@@ -299,3 +277 @@
-			if ($nbofsubdir && $nboffilesinsubdir) {

-				print '<span style="color: #AAAAAA">+'.$nboffilesinsubdir.'</span> ';

-			}

+			if ($nbofsubdir && $nboffilesinsubdir) print '<font color="#AAAAAA">+'.$nboffilesinsubdir.'</font> ';

@@ -305 +280,0 @@
-			print '<!-- info -->';

@@ -309 +283,0 @@
-			$userstatic->statut = $val['statut_c'];

@@ -316,5 +290,2 @@
-			if ($nbofsubdir) {

-				$htmltooltip .= '<b>'.$langs->trans("ECMNbOfFilesInSubDir").'</b>: '.$nboffilesinsubdir;

-			} else {

-				$htmltooltip .= '<b>'.$langs->trans("ECMNbOfSubDir").'</b>: '.$nbofsubdir.'<br>';

-			}

+			if ($nbofsubdir) $htmltooltip .= '<b>'.$langs->trans("ECMNbOfFilesInSubDir").'</b>: '.$nboffilesinsubdir;

+			else $htmltooltip .= '<b>'.$langs->trans("ECMNbOfSubDir").'</b>: '.$nbofsubdir.'<br>';

@@ -336 +307,2 @@
-	if ($nbofentries == 0) {

+	if ($nbofentries == 0)

+	{

@@ -349,3 +321 @@
-if ((!isset($mode) || $mode != 'noajax') && is_object($db)) {

-	$db->close();

-}

+if ((!isset($mode) || $mode != 'noajax') && is_object($db)) $db->close();

@@ -377 +347,2 @@
-	if (file_exists($fullpathselecteddir)) {

+	if (file_exists($fullpathselecteddir))

+	{

@@ -380 +351,2 @@
-		if (!empty($files)) {

+		if (!empty($files))

+		{

@@ -382 +354,2 @@
-			if (count($files) > 2) {    /* The 2 accounts for . and .. */

+			if (count($files) > 2)    /* The 2 accounts for . and .. */

+			{

@@ -386,4 +359,3 @@
-				foreach ($files as $file) {    // $file can be '.', '..', or 'My dir' or 'My file'

-					if ($file == 'temp') {

-						continue;

-					}

+				foreach ($files as $file)    // $file can be '.', '..', or 'My dir' or 'My file'

+				{

+					if ($file == 'temp') continue;

@@ -397 +369,2 @@
-					foreach ($sqltree as $key => $tmpval) {

+					foreach ($sqltree as $key => $tmpval)

+					{

@@ -399 +372,2 @@
-						if ($tmpval['fullrelativename'] == (($selecteddir != '/' ? $selecteddir.'/' : '').$file)) {		// We found equivalent record into database

+						if ($tmpval['fullrelativename'] == (($selecteddir != '/' ? $selecteddir.'/' : '').$file))		// We found equivalent record into database

+						{

@@ -404 +378,2 @@
-							if (isset($val['cachenbofdoc']) && $val['cachenbofdoc'] < 0) {	// Cache is not up to date, so we update it for this directory t

+							if (isset($val['cachenbofdoc']) && $val['cachenbofdoc'] < 0)	// Cache is not up to date, so we update it for this directory t

+							{

@@ -420,2 +395,4 @@
-					if ($file != '.' && $file != '..' && ((!empty($val['fullrelativename']) && $val['id'] >= 0) || dol_is_dir($fullpathselecteddir.(preg_match('/\/$/', $fullpathselecteddir) ? '' : '/').$file))) {

-						if (empty($val['fullrelativename'])) {	// If we did not find entry into database, but found a directory (dol_is_dir was ok at previous test)

+					if ($file != '.' && $file != '..' && ((!empty($val['fullrelativename']) && $val['id'] >= 0) || dol_is_dir($fullpathselecteddir.(preg_match('/\/$/', $fullpathselecteddir) ? '' : '/').$file)))

+					{

+						if (empty($val['fullrelativename']))	// If we did not find entry into database, but found a directory (dol_is_dir was ok at previous test)

+						{

@@ -430,7 +407,4 @@
-						if (preg_match('/^'.preg_quote($val['fullrelativename'].'/', '/').'/', $preopened)) {

-							$collapsedorexpanded = 'expanded';

-						}

-						print '<li class="directory '.$collapsedorexpanded.' lidirecm">'; // collapsed is opposite if expanded

-

-						//print '<div class="divfmdirlia inline-block">';	// Disabled, this break the javascrip component

-						print '<a class="fmdirlia jqft ecmjqft" href="';

+						if (preg_match('/^'.preg_quote($val['fullrelativename'].'/', '/').'/', $preopened)) $collapsedorexpanded = 'expanded';

+						print '<li class="directory '.$collapsedorexpanded.'">'; // collapsed is opposite if expanded

+

+						print "<a class=\"fmdirlia jqft ecmjqft\" href=\"";

@@ -442,2 +416 @@
-						print '</a>';

-						//print '</div>';

+						print "</a>";

@@ -454 +426,0 @@
-						print '<!-- nb of docs -->';

@@ -458,2 +429,0 @@
-

-						print '<!-- nb of subdirs -->';

@@ -461,3 +431 @@
-						if ($nbofsubdir > 0 && $nboffilesinsubdir > 0) {

-							print '<span class="opacitymedium">+'.$nboffilesinsubdir.'</span> ';

-						}

+						if ($nbofsubdir > 0 && $nboffilesinsubdir > 0) print '<font class="opacitymedium">+'.$nboffilesinsubdir.'</font> ';

@@ -467 +434,0 @@
-						print '<!-- edit link -->';

@@ -478,2 +445,2 @@
-						if ($modulepart == 'ecm') {

-							print '<!-- info -->';

+						if ($modulepart == 'ecm')

+						{

@@ -483 +449,0 @@
-							$userstatic->statut = isset($val['statut_c']) ? $val['statut_c'] : 0;

@@ -487 +453 @@
-							$htmltooltip .= '<b>'.$langs->trans("ECMCreationDate").'</b>: '.(isset($val['date_c']) ? dol_print_date($val['date_c'], "dayhour") : $langs->trans("NeedRefresh")).'<br>';

+							$htmltooltip .= '<b>'.$langs->trans("ECMCreationDate").'</b>: '.(isset($val['date_c']) ?dol_print_date($val['date_c'], "dayhour") : $langs->trans("NeedRefresh")).'<br>';

@@ -490,5 +456,2 @@
-							if ($nboffilesinsubdir > 0) {

-								$htmltooltip .= '<b>'.$langs->trans("ECMNbOfFilesInSubDir").'</b>: '.$nboffilesinsubdir;

-							} else {

-								$htmltooltip .= '<b>'.$langs->trans("ECMNbOfSubDir").'</b>: '.($nbofsubdir >= 0 ? $nbofsubdir : $langs->trans("NeedRefresh")).'<br>';

-							}

+							if ($nboffilesinsubdir > 0) $htmltooltip .= '<b>'.$langs->trans("ECMNbOfFilesInSubDir").'</b>: '.$nboffilesinsubdir;

+							else $htmltooltip .= '<b>'.$langs->trans("ECMNbOfSubDir").'</b>: '.($nbofsubdir >= 0 ? $nbofsubdir : $langs->trans("NeedRefresh")).'<br>';

@@ -503 +466,2 @@
-						if (preg_match('/^'.preg_quote($val['fullrelativename'].'/', '/').'/', $preopened)) {

+						if (preg_match('/^'.preg_quote($val['fullrelativename'].'/', '/').'/', $preopened))

+						{

@@ -507 +471,2 @@
-							if ($modulepart == 'ecm') {

+							if ($modulepart == 'ecm')

+							{

@@ -509 +474,3 @@
-							} elseif ($modulepart == 'medias') {

+							}

+							elseif ($modulepart == 'medias')

+							{

@@ -513,3 +480 @@
-							if ($newfullpathselecteddir) {

-								treeOutputForAbsoluteDir($sqltree, $newselecteddir, $newfullpathselecteddir, $modulepart, $websitekey, $pageid, $preopened, $fullpathpreopened, $depth + 1);

-							}

+							if ($newfullpathselecteddir) treeOutputForAbsoluteDir($sqltree, $newselecteddir, $newfullpathselecteddir, $modulepart, $websitekey, $pageid, $preopened, $fullpathpreopened, $depth + 1);

@@ -524,5 +489,4 @@
-		} else {

-			print "PermissionDenied";

-		}

-	}

-}

+		}

+		else print "PermissionDenied";

+	}

+}

--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_19.0.3_box.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_box.php
@@ -21 +21 @@
- *       \brief      File to return Ajax response on a Box move or close

+ *       \brief      File to return Ajax response on Box move or close

@@ -24,15 +24,5 @@
-if (!defined('NOTOKENRENEWAL')) {

-	define('NOTOKENRENEWAL', '1'); // Disables token renewal

-}

-if (!defined('NOREQUIREMENU')) {

-	define('NOREQUIREMENU', '1');

-}

-if (!defined('NOREQUIREHTML')) {

-	define('NOREQUIREHTML', '1');

-}

-if (!defined('NOREQUIREAJAX')) {

-	define('NOREQUIREAJAX', '1');

-}

-if (!defined('NOREQUIRESOC')) {

-	define('NOREQUIRESOC', '1');

-}

+if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Disables token renewal

+if (!defined('NOREQUIREMENU'))  define('NOREQUIREMENU', '1');

+if (!defined('NOREQUIREHTML'))  define('NOREQUIREHTML', '1');

+if (!defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX', '1');

+if (!defined('NOREQUIRESOC'))   define('NOREQUIRESOC', '1');

@@ -40 +29,0 @@
-// Load Dolibarr environment

@@ -45,0 +35 @@
+$userid = GETPOST('userid');

@@ -48,5 +37,0 @@
-

-// Security check

-if ($userid != $user->id) {

-	httponly_accessforbidden('Bad userid parameter. Must match logged user.');

-}

@@ -58,0 +44,5 @@
+// Ajout directives pour resoudre bug IE

+//header('Cache-Control: Public, must-revalidate');

+//header('Pragma: public');

+

+//top_htmlhead("", "", 1);  // Replaced with top_httphead. An ajax page does not need html header.

@@ -64 +54,2 @@
-if ($boxid > 0 && $zone != '' && $userid > 0) {

+if ($boxid > 0 && $zone != '' && $userid > 0)

+{

@@ -69,5 +60,2 @@
-	if ($nbboxonleft > $nbboxonright) {

-		$boxorder = preg_replace('/B:/', 'B:'.$boxid.',', $boxorder); // Insert id of new box into list

-	} else {

-		$boxorder = preg_replace('/^A:/', 'A:'.$boxid.',', $boxorder); // Insert id of new box into list

-	}

+	if ($nbboxonleft > $nbboxonright) $boxorder = preg_replace('/B:/', 'B:'.$boxid.',', $boxorder); // Insert id of new box into list

+    else $boxorder = preg_replace('/^A:/', 'A:'.$boxid.',', $boxorder); // Insert id of new box into list

@@ -77 +65,2 @@
-if ($boxorder && $zone != '' && $userid > 0) {

+if ($boxorder && $zone != '' && $userid > 0)

+{

@@ -82,5 +71,7 @@
-	if ($result > 0) {

-		$langs->load("boxes");

-		if (!GETPOST('closing')) {

-			setEventMessages($langs->trans("BoxAdded"), null);

-		}

+	if ($result > 0)

+	{

+	    $langs->load("boxes");

+	    if (!GETPOST('closing'))

+	    {

+	        setEventMessages($langs->trans("BoxAdded"), null);

+	    }

--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_19.0.3_check_notifications.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_check_notifications.php
@@ -4,2 +4 @@
- * Copyright (C) 2019      Frédéric France      <frederic.france@netlogic.fr>

- * Copyright (C) 2023      Laurent Destailleur  <eldy@users.sourceforge.net>

+ * Copyright (C) 2019       Frédéric France         <frederic.france@netlogic.fr>

@@ -21,18 +20,6 @@
-if (!defined('NOTOKENRENEWAL')) {

-	define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on)

-}

-if (!defined('NOREQUIREMENU')) {

-	define('NOREQUIREMENU', '1');

-}

-if (!defined('NOREQUIREHTML')) {

-	define('NOREQUIREHTML', '1');

-}

-if (!defined('NOREQUIREAJAX')) {

-	define('NOREQUIREAJAX', '1');

-}

-if (!defined('NOREQUIRESOC')) {

-	define('NOREQUIRESOC', '1');

-}

-if (!defined('NOREQUIRETRAN')) {

-	define('NOREQUIRETRAN', '1');

-}

+if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1');

+if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Disables token renewal

+if (!defined('NOREQUIREMENU'))  define('NOREQUIREMENU', '1');

+if (!defined('NOREQUIREHTML'))  define('NOREQUIREHTML', '1');

+if (!defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX', '1');

+if (!defined('NOREQUIRESOC'))   define('NOREQUIRESOC', '1');

@@ -40 +26,0 @@
-// Load Dolibarr environment

@@ -42,41 +27,0 @@
-

-//$time = (int) GETPOST('time', 'int'); // Use the time parameter that is always increased by time_update, even if call is late

-$time = dol_now();

-$action = GETPOST('action', 'aZ09');

-$listofreminderids = GETPOST('listofreminderids', 'aZ09');

-

-// Security check

-// No permission check at top, but action later are all done with a test on $user->id.

-

-

-/*

- * Actions

- */

-

-if ($action == 'stopreminder') {

-	dol_syslog("Clear notification for listofreminderids=".$listofreminderids);

-	$listofreminderid = GETPOST('listofreminderids', 'intcomma');

-

-	// Set the reminder as done

-	$sql = 'UPDATE '.MAIN_DB_PREFIX.'actioncomm_reminder SET status = 1';

-	$sql .= ' WHERE status = 0 AND rowid IN ('.$db->sanitize($db->escape($listofreminderid)).')';

-	$sql .= ' AND fk_user = '.((int) $user->id).' AND entity = '.((int) $conf->entity);

-	$resql = $db->query($sql);

-	if (!$resql) {

-		dol_print_error($db);

-	}

-	//}

-

-	include_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';

-

-	// Clean database

-	$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'actioncomm_reminder';

-	$sql .= " WHERE dateremind < '".$db->idate(dol_time_plus_duree(dol_now(), -1, 'm'))."'";

-	$sql .= " AND fk_user = ".((int) $user->id).' AND entity = '.((int) $conf->entity);

-	$resql = $db->query($sql);

-	if (!$resql) {

-		dol_print_error($db);

-	}

-

-	exit;

-}

@@ -89 +34 @@
-top_httphead('application/json');

+top_httphead('text/html'); // TODO Use a json mime type

@@ -91,0 +37,4 @@
+

+$time = (int) GETPOST('time', 'int'); // Use the time parameter that is always increased by time_update, even if call is late

+//$time=dol_now();

+

@@ -97,17 +46 @@
-// TODO Remove use of $_SESSION['auto_check_events_not_before']. Seems not used.

-if (empty($_SESSION['auto_check_events_not_before']) || $time >= $_SESSION['auto_check_events_not_before'] || GETPOST('forcechecknow', 'int')) {

-	/*$time_update = (int) $conf->global->MAIN_BROWSER_NOTIFICATION_FREQUENCY; // Always defined

-	if (!empty($_SESSION['auto_check_events_not_before']))

-	{

-		// We start scan from the not before so if two tabs were opend at differents seconds and we close one (so the js timer),

-		// then we are not losing periods

-		$starttime = $_SESSION['auto_check_events_not_before'];

-		// Protection to avoid too long sessions

-		if ($starttime < ($time - (int) $conf->global->MAIN_SESSION_TIMEOUT))

-		{

-			dol_syslog("We ask to check browser notification on a too large period. We fix this with current date.");

-			$starttime = $time;

-		}

-	} else {

-		$starttime = $time;

-	}

+//dol_syslog('time='.$time.' $_SESSION[auto_ck_events_not_before]='.$_SESSION['auto_check_events_not_before']);

@@ -115,2 +48,20 @@
-	$_SESSION['auto_check_events_not_before'] = $time + $time_update;

-	*/

+// TODO Try to make a solution with only a javascript timer that is easier. Difficulty is to avoid notification twice when several tabs are opened.

+if ($time >= $_SESSION['auto_check_events_not_before'])

+{

+    $time_update = (int) $conf->global->MAIN_BROWSER_NOTIFICATION_FREQUENCY; // Always defined

+    if (!empty($_SESSION['auto_check_events_not_before']))

+    {

+        // We start scan from the not before so if two tabs were opend at differents seconds and we close one (so the js timer),

+        // then we are not losing periods

+        $starttime = $_SESSION['auto_check_events_not_before'];

+        // Protection to avoid too long sessions

+        if ($starttime < ($time - (int) $conf->global->MAIN_SESSION_TIMEOUT))

+        {

+            dol_syslog("We ask to check browser notification on a too large period. We fix this with current date.");

+            $starttime = $time;

+        }

+    }

+    else

+    {

+        $starttime = $time;

+    }

@@ -118,3 +69 @@
-	// Force save of the session change we did.

-	// WARNING: Any change in sessions after that will not be saved !

-	session_write_close();

+    $_SESSION['auto_check_events_not_before'] = $time + $time_update;

@@ -122 +71,5 @@
-	require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';

+    // Force save of session change we did.

+    // WARNING: Any change in sessions after that will not be saved !

+    session_write_close();

+

+    require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';

@@ -125,2 +78 @@
-	//dol_syslog('$_SESSION[auto_check_events_not_before]='.(empty($_SESSION['auto_check_events_not_before']) ? '' : $_SESSION['auto_check_events_not_before']));

-	dol_syslog('dolnotif_nb_test_for_page='.GETPOST('dolnotif_nb_test_for_page'));

+    dol_syslog('NEW $_SESSION[auto_check_events_not_before]='.$_SESSION['auto_check_events_not_before']);

@@ -128,8 +80,10 @@
-	$sql = 'SELECT a.id as id_agenda, a.code, a.datep, a.label, a.location, ar.rowid as id_reminder, ar.dateremind, ar.fk_user as id_user_reminder';

-	$sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm as a';

-	$sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.((int) $user->id);

-	$sql .= " AND ar.typeremind = 'browser' AND ar.dateremind < '".$db->idate(dol_now())."'";

-	$sql .= " AND ar.status = 0";

-	$sql .= " AND ar.entity = ".((int) $conf->entity);	// No sharing of entity for alerts

-	$sql .= $db->order('datep', 'ASC');

-	$sql .= $db->plimit(10); // Avoid too many notification at once

+    $sql = 'SELECT id';

+    $sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm a, '.MAIN_DB_PREFIX.'actioncomm_resources ar';

+    $sql .= ' WHERE a.id = ar.fk_actioncomm';

+    // TODO Try to make a solution with only a javascript timer that is easier. Difficulty is to avoid notification twice when several tabs are opened.

+    // This need to extend period to be sure to not miss and save in session what we notified to avoid duplicate (save is not done yet).

+    $sql .= " AND datep BETWEEN '".$db->idate($starttime)."' AND '".$db->idate($time + $time_update - 1)."'";

+    $sql .= ' AND a.code <> "AC_OTH_AUTO"';

+    $sql .= ' AND ar.element_type = "user"';

+    $sql .= ' AND ar.fk_element = '.$user->id;

+    $sql .= ' LIMIT 10'; // Avoid too many notification at once

@@ -137,16 +91,3 @@
-	$resql = $db->query($sql);

-	if ($resql) {

-		while ($obj = $db->fetch_object($resql)) {

-			// Message must be formated and translated to be used with javascript directly

-			$event = array();

-			$event['type'] = 'agenda';

-			$event['id_reminder'] = $obj->id_reminder;

-			$event['id_agenda'] = $obj->id_agenda;

-			$event['id_user'] = $obj->id_user_reminder;

-			$event['code'] = $obj->code;

-			$event['label'] = $obj->label;

-			$event['location'] = $obj->location;

-			$event['reminder_date_formated_tzserver'] = dol_print_date($db->jdate($obj->dateremind), 'standard', 'tzserver');

-			$event['event_date_start_formated_tzserver'] = dol_print_date($db->jdate($obj->datep), 'standard', 'tzserver');

-			$event['reminder_date_formated'] = dol_print_date($db->jdate($obj->dateremind), 'standard', 'tzuser');

-			$event['event_date_start_formated'] = dol_print_date($db->jdate($obj->datep), 'standard', 'tzuser');

+    $resql = $db->query($sql);

+    if ($resql) {

+        $actionmod = new ActionComm($db);

@@ -154,5 +95,22 @@
-			$eventfound[$obj->id_agenda] = $event;

-		}

-	} else {

-		dol_syslog("Error sql = ".$db->lasterror(), LOG_ERR);

-	}

+        while ($obj = $db->fetch_object($resql))

+        {

+            // Load translation files required by the page

+            $langs->loadLangs(array('agenda', 'commercial'));

+

+            $actionmod->fetch($obj->id);

+

+            // Message must be formated and translated to be used with javascript directly

+            $event = array();

+            $event['type'] = 'agenda';

+            $event['id'] = $actionmod->id;

+            $event['tipo'] = $langs->transnoentities('Action'.$actionmod->code);

+            $event['titulo'] = $actionmod->label;

+            $event['location'] = $langs->transnoentities('Location').': '.$actionmod->location;

+

+            $eventfound[] = $event;

+        }

+    }

+    else

+    {

+        dol_syslog("Error sql = ".$db->lasterror(), LOG_ERR);

+    }

@@ -161 +119 @@
-print json_encode(array('pastreminders'=>$eventfound, 'nextreminder'=>''));

+print json_encode($eventfound);

--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_19.0.3_constantonoff.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_constantonoff.php
@@ -2,2 +2 @@
-/* Copyright (C) 2011-2015 Regis Houssin <regis.houssin@inodbox.com>

- * Copyright (C) 2021      Laurent Destailleur <eldy@users.sourceforge.net>

+/* Copyright (C) 2011-2015 Regis Houssin  <regis.houssin@inodbox.com>

@@ -24,21 +23,6 @@
-if (!defined('NOTOKENRENEWAL')) {

-	define('NOTOKENRENEWAL', '1'); // Disables token renewal

-}

-if (!defined('NOREQUIREMENU')) {

-	define('NOREQUIREMENU', '1');

-}

-if (!defined('NOREQUIREHTML')) {

-	define('NOREQUIREHTML', '1');

-}

-if (!defined('NOREQUIREAJAX')) {

-	define('NOREQUIREAJAX', '1');

-}

-if (!defined('NOREQUIRESOC')) {

-	define('NOREQUIRESOC', '1');

-}

-if (!defined('NOREQUIRETRAN')) {

-	define('NOREQUIRETRAN', '1');

-}

-if (!defined('CSRFCHECK_WITH_TOKEN')) {

-	define('CSRFCHECK_WITH_TOKEN', '1'); // Token is required even in GET mode

-}

+if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Disables token renewal

+if (!defined('NOREQUIREMENU'))  define('NOREQUIREMENU', '1');

+if (!defined('NOREQUIREHTML'))  define('NOREQUIREHTML', '1');

+if (!defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX', '1');

+if (!defined('NOREQUIRESOC'))   define('NOREQUIRESOC', '1');

+if (!defined('NOREQUIRETRAN'))  define('NOREQUIRETRAN', '1');

@@ -46 +29,0 @@
-// Load Dolibarr environment

@@ -50 +33 @@
-$action = GETPOST('action', 'aZ09'); // set or del

+$action = GETPOST('action', 'alpha');

@@ -52,8 +34,0 @@
-$entity = GETPOST('entity', 'int');

-$value = (GETPOST('value', 'aZ09') != '' ? GETPOST('value', 'aZ09') : 1);

-

-// Security check

-if (empty($user->admin)) {

-	httponly_accessforbidden('This ajax component can be called by admin user only');

-}

-

@@ -64,0 +40,5 @@
+// Ajout directives pour resoudre bug IE

+//header('Cache-Control: Public, must-revalidate');

+//header('Pragma: public');

+

+//top_htmlhead("", "", 1);  // Replaced with top_httphead. An ajax page does not need html header.

@@ -69,6 +49,16 @@
-// Registering the new value of constant

-if (!empty($action) && !empty($name)) {

-	if ($action == 'set') {

-		dolibarr_set_const($db, $name, $value, 'chaine', 0, '', $entity);

-	} elseif ($action == 'del') {

-		dolibarr_del_const($db, $name, $entity);

+// Registering the location of boxes

+if (!empty($action) && !empty($name))

+{

+	$entity = GETPOST('entity', 'int');

+	$value = (GETPOST('value') ?GETPOST('value') : 1);

+

+	if ($user->admin)

+	{

+		if ($action == 'set')

+		{

+			dolibarr_set_const($db, $name, $value, 'chaine', 0, '', $entity);

+		}

+		elseif ($action == 'del')

+		{

+			dolibarr_del_const($db, $name, $entity);

+		}

@@ -76,2 +65,0 @@
-} else {

-	http_response_code(403);

--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_19.0.3_contacts.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_contacts.php
@@ -3 +3 @@
- * Copyright (C) 2020 Laurent Destailleur <eldy@users.sourceforge.net>

+ * Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>

@@ -24,9 +24,3 @@
-if (!defined('NOTOKENRENEWAL')) {

-	define('NOTOKENRENEWAL', '1'); // Disables token renewal

-}

-if (!defined('NOREQUIREMENU')) {

-	define('NOREQUIREMENU', '1');

-}

-if (!defined('NOREQUIREAJAX')) {

-	define('NOREQUIREAJAX', '1');

-}

+if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Disables token renewal

+if (!defined('NOREQUIREMENU'))  define('NOREQUIREMENU', '1');

+if (!defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX', '1');

@@ -34 +27,0 @@
-// Load Dolibarr environment

@@ -37,2 +30,2 @@
-$id = GETPOST('id', 'int'); // id of thirdparty

-$action = GETPOST('action', 'aZ09');

+$id = GETPOST('id', 'int');

+$action = GETPOST('action', 'alpha');

@@ -41,4 +33,0 @@
-

-// Security check

-$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);

-

@@ -55 +44,2 @@
-if (!empty($id) && !empty($action) && !empty($htmlname)) {

+if (!empty($id) && !empty($action) && !empty($htmlname))

+{

@@ -59,3 +49 @@
-	if (empty($showempty)) {

-		$showempty = 0;

-	}

+	if (empty($showempty)) $showempty = 0;

--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_19.0.3_extraparams.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_extraparams.php
@@ -20,2 +20 @@
- *	\brief      File to make Ajax action on setting extra parameters of elements.

- *				Called bu bloc_showhide.tpl.php, itself called when MAIN_DISABLE_CONTACTS_TAB or MAIN_DISABLE_NOTES_TAB are set

+ *	\brief      File to make Ajax action on setting extra parameters of elements

@@ -24,15 +23,5 @@
-if (!defined('NOTOKENRENEWAL')) {

-	define('NOTOKENRENEWAL', '1'); // Disables token renewal

-}

-if (!defined('NOREQUIREMENU')) {

-	define('NOREQUIREMENU', '1');

-}

-if (!defined('NOREQUIREHTML')) {

-	define('NOREQUIREHTML', '1');

-}

-if (!defined('NOREQUIREAJAX')) {

-	define('NOREQUIREAJAX', '1');

-}

-if (!defined('NOREQUIRESOC')) {

-	define('NOREQUIRESOC', '1');

-}

+if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Disables token renewal

+if (!defined('NOREQUIREMENU'))  define('NOREQUIREMENU', '1');

+if (!defined('NOREQUIREHTML'))  define('NOREQUIREHTML', '1');

+if (!defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX', '1');

+if (!defined('NOREQUIRESOC'))   define('NOREQUIRESOC', '1');

@@ -43 +32 @@
-$element = GETPOST('element', 'aZ09arobase');

+$element = GETPOST('element', 'alpha');

@@ -46,19 +34,0 @@
-

-// Load object according to $id and $element

-$object = fetchObjectByElement($id, $element);

-

-$module = $object->module;

-$element = $object->element;

-$usesublevelpermission = ($module != $element ? $element : '');

-if ($usesublevelpermission && !$user->hasRight($module, $element)) {	// There is no permission on object defined, we will check permission on module directly

-	$usesublevelpermission = '';

-}

-

-//print $object->id.' - '.$object->module.' - '.$object->element.' - '.$object->table_element.' - '.$usesublevelpermission."\n";

-

-// Security check

-$result = restrictedArea($user, $object->module, $object, $object->table_element, $usesublevelpermission, 'fk_soc', 'rowid', 0, 1);	// Call with mode return

-if (!$result) {

-	httponly_accessforbidden('Not allowed by restrictArea');

-}

-

@@ -74 +44,2 @@
-if (!empty($id) && !empty($element) && !empty($htmlelement) && !empty($type)) {

+if (!empty($id) && !empty($element) && !empty($htmlelement) && !empty($type))

+{

@@ -80,3 +51 @@
-	if (is_object($object)) {

-		$params[$htmlelement] = array($type => $value);

-		$object->extraparams = array_merge($object->extraparams, $params);

+	$classpath = $subelement = $element;

@@ -84,2 +53,23 @@
-		$result = $object->setExtraParameters();

-	}

+	// For compatibility

+	if ($element == 'order' || $element == 'commande') { $classpath = $subelement = 'commande'; }

+	elseif ($element == 'propal') { $classpath = 'comm/propal'; $subelement = 'propal'; }

+	elseif ($element == 'facture') { $classpath = 'compta/facture'; $subelement = 'facture'; }

+	elseif ($element == 'contract') { $classpath = $subelement = 'contrat'; }

+	elseif ($element == 'shipping') { $classpath = $subelement = 'expedition'; }

+	elseif ($element == 'deplacement') { $classpath = 'compta/deplacement'; $subelement = 'deplacement'; }

+	elseif ($element == 'order_supplier') { $classpath = 'fourn'; $subelement = 'fournisseur.commande'; }

+	elseif ($element == 'invoice_supplier') { $classpath = 'fourn'; $subelement = 'fournisseur.facture'; }

+

+	dol_include_once('/'.$classpath.'/class/'.$subelement.'.class.php');

+

+	if ($element == 'order_supplier') { $classname = 'CommandeFournisseur'; }

+	elseif ($element == 'invoice_supplier') { $classname = 'FactureFournisseur'; }

+	else $classname = ucfirst($subelement);

+

+	$object = new $classname($db);

+	$object->fetch($id);

+

+	$params[$htmlelement] = array($type => $value);

+	$object->extraparams = array_merge($object->extraparams, $params);

+

+	$result = $object->setExtraParameters();

--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_19.0.3_loadinplace.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_loadinplace.php
@@ -20 +20 @@
- *       \brief      File to load field value. used only when option "Edit In Place" is set (MAIN_USE_JQUERY_JEDITABLE).

+ *       \brief      File to load field value

@@ -23,12 +23,4 @@
-if (!defined('NOTOKENRENEWAL')) {

-	define('NOTOKENRENEWAL', '1'); // Disables token renewal

-}

-if (!defined('NOREQUIREMENU')) {

-	define('NOREQUIREMENU', '1');

-}

-if (!defined('NOREQUIREAJAX')) {

-	define('NOREQUIREAJAX', '1');

-}

-if (!defined('NOREQUIRESOC')) {

-	define('NOREQUIRESOC', '1');

-}

+if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Disables token renewal

+if (!defined('NOREQUIREMENU'))  define('NOREQUIREMENU', '1');

+if (!defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX', '1');

+if (!defined('NOREQUIRESOC'))   define('NOREQUIRESOC', '1');

@@ -36 +27,0 @@
-// Load Dolibarr environment

@@ -44,24 +34,0 @@
-$id = $fk_element;

-

-// Load object according to $id and $element

-$object = fetchObjectByElement($id, $element);

-

-$module = $object->module;

-$element = $object->element;

-$usesublevelpermission = ($module != $element ? $element : '');

-if ($usesublevelpermission && !$user->hasRight($module, $element)) {	// There is no permission on object defined, we will check permission on module directly

-	$usesublevelpermission = '';

-}

-

-//print $object->id.' - '.$object->module.' - '.$object->element.' - '.$object->table_element.' - '.$usesublevelpermission."\n";

-

-// Security check

-$result = restrictedArea($user, $object->module, $object, $object->table_element, $usesublevelpermission, 'fk_soc', 'rowid', 0, 1);	// Call with mode return

-if (!$result) {

-	httponly_accessforbidden('Not allowed by restrictArea');

-}

-

-if (!getDolGlobalString('MAIN_USE_JQUERY_JEDITABLE')) {

-	httponly_accessforbidden('Can be used only when option MAIN_USE_JQUERY_JEDITABLE is set');

-}

-

@@ -78 +45,2 @@
-if (!empty($field) && !empty($element) && !empty($table_element) && !empty($fk_element)) {

+if (!empty($field) && !empty($element) && !empty($table_element) && !empty($fk_element))

+{

@@ -84 +52,2 @@
-	if ($element != 'order_supplier' && $element != 'invoice_supplier' && preg_match('/^([^_]+)_([^_]+)/i', $element, $regs)) {

+	if ($element != 'order_supplier' && $element != 'invoice_supplier' && preg_match('/^([^_]+)_([^_]+)/i', $element, $regs))

+	{

@@ -89,9 +58,5 @@
-	if ($element == 'propal') {

-		$element = 'propale';

-	} elseif ($element == 'fichinter') {

-		$element = 'ficheinter';

-	} elseif ($element == 'product') {

-		$element = 'produit';

-	} elseif ($element == 'member') {

-		$element = 'adherent';

-	} elseif ($element == 'order_supplier') {

+	if ($element == 'propal') $element = 'propale';

+	elseif ($element == 'fichinter') $element = 'ficheinter';

+	elseif ($element == 'product') $element = 'produit';

+	elseif ($element == 'member') $element = 'adherent';

+	elseif ($element == 'order_supplier') {

@@ -100 +65,2 @@
-	} elseif ($element == 'invoice_supplier') {

+	}

+	elseif ($element == 'invoice_supplier') {

@@ -105,5 +71,7 @@
-	if ($user->hasRight($element, 'lire') || $user->hasRight($element, 'read')

-	|| (isset($subelement) && ($user->hasRight($element, $subelement, 'lire') || $user->hasRight($element, $subelement, 'read')))

-	|| ($element == 'payment' && $user->hasRight('facture', 'lire'))

-	|| ($element == 'payment_supplier' && $user->hasRight('fournisseur', 'facture', 'lire'))) {

-		if ($type == 'select') {

+	if ($user->rights->$element->lire || $user->rights->$element->read

+	|| (isset($subelement) && ($user->rights->$element->$subelement->lire || $user->rights->$element->$subelement->read))

+	|| ($element == 'payment' && $user->rights->facture->lire)

+	|| ($element == 'payment_supplier' && $user->rights->fournisseur->facture->lire))

+	{

+		if ($type == 'select')

+		{

@@ -114 +82,2 @@
-			if (method_exists($form, $methodname)) {

+			if (method_exists($form, $methodname))

+			{

@@ -116,4 +85,4 @@
-				if ($ret > 0) {

-					echo json_encode($form->$cachename);

-				}

-			} elseif (!empty($ext_element)) {

+				if ($ret > 0) echo json_encode($form->$cachename);

+			}

+			elseif (!empty($ext_element))

+			{

@@ -121,2 +90,2 @@
-				$regs = array();

-				if (preg_match('/^([^_]+)_([^_]+)/i', $ext_element, $regs)) {

+				if (preg_match('/^([^_]+)_([^_]+)/i', $ext_element, $regs))

+				{

@@ -131,3 +100 @@
-				if ($ret > 0) {

-					echo json_encode($object->$cachename);

-				}

+				if ($ret > 0) echo json_encode($object->$cachename);

@@ -135 +102,3 @@
-		} else {

+		}

+		else

+		{

@@ -140 +109,3 @@
-	} else {

+	}

+	else

+	{

--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_19.0.3_objectonoff.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_objectonoff.php
@@ -2,2 +2 @@
-/* Copyright (C) 2015-2023 Laurent Destailleur  <eldy@users.sourceforge.net>

- *

+/*

@@ -20,2 +19,2 @@
- *       \brief      File to set status for an object. Called when ajax_object_onoff() is used.

- *       			 This Ajax service is oftenly called when option MAIN_DIRECT_STATUS_UPDATE is set.

+ *       \brief      File to set status for an object

+ *       			 This Ajax service is called when option MAIN_DIRECT_STATUS_UPDATE is set.

@@ -24,15 +23,6 @@
-if (!defined('NOTOKENRENEWAL')) {

-	define('NOTOKENRENEWAL', '1'); // Disables token renewal

-}

-if (!defined('NOREQUIREMENU')) {

-	define('NOREQUIREMENU', '1');

-}

-if (!defined('NOREQUIREHTML')) {

-	define('NOREQUIREHTML', '1');

-}

-if (!defined('NOREQUIREAJAX')) {

-	define('NOREQUIREAJAX', '1');

-}

-if (!defined('NOREQUIRESOC')) {

-	define('NOREQUIRESOC', '1');

-}

+if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Disables token renewal

+if (!defined('NOREQUIREMENU'))  define('NOREQUIREMENU', '1');

+if (!defined('NOREQUIREHTML'))  define('NOREQUIREHTML', '1');

+if (!defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX', '1');

+if (!defined('NOREQUIRESOC'))   define('NOREQUIRESOC', '1');

+if (!defined('NOREQUIRETRAN'))  define('NOREQUIRETRAN', '1');

@@ -40 +29,0 @@
-// Load Dolibarr environment

@@ -44,2 +33,5 @@
-$action = GETPOST('action', 'aZ09');

-$backtopage = GETPOST('backtopage');

+$action = GETPOST('action', 'alpha');

+$id = GETPOST('id', 'int');

+$value = GETPOST('value', 'int');

+$field = GETPOST('field', 'alpha');

+$element = GETPOST('element', 'alpha');

@@ -47,22 +39 @@
-$id = GETPOST('id', 'int');

-$element = GETPOST('element', 'alpha');	// 'myobject' (myobject=mymodule) or 'myobject@mymodule' or 'myobject_mysubobject' (myobject=mymodule)

-$field = GETPOST('field', 'alpha');

-$value = GETPOST('value', 'int');

-$format = 'int';

-

-// Load object according to $id and $element

-$object = fetchObjectByElement($id, $element);

-if (!is_object($object)) {

-	httponly_accessforbidden("Bad value for combination of parameters element/field: Object not found.");	// This includes the exit.

-}

-

-$object->fields[$field] = array('type' => $format, 'enabled' => 1);

-

-$module = $object->module;

-$element = $object->element;

-$usesublevelpermission = ($module != $element ? $element : '');

-if ($usesublevelpermission && !$user->hasRight($module, $element)) {	// There is no permission on object defined, we will check permission on module directly

-	$usesublevelpermission = '';

-}

-

-//print $object->id.' - '.$object->module.' - '.$object->element.' - '.$object->table_element.' - '.$usesublevelpermission."\n";

+$object = new GenericObject($db);

@@ -73,3 +43,0 @@
-	if (!empty($object->socid) && $socid != $object->socid) {

-		httponly_accessforbidden("Access on object not allowed for this external user.");	// This includes the exit.

-	}

@@ -78,8 +46,2 @@
-// We check permission.

-// Check is done on $user->rights->element->create or $user->rights->element->subelement->create (because $action = 'set')

-if (preg_match('/statu[st]$/', $field) || ($field == 'evenunsubscribe' && $object->table_element == 'mailing')) {

-	restrictedArea($user, $object->module, $object, $object->table_element, $usesublevelpermission);

-} elseif ($element == 'product' && in_array($field, array('tosell', 'tobuy', 'tobatch'))) {	// Special case for products

-	restrictedArea($user, 'produit|service', $object, 'product&product', '', '', 'rowid');

-} else {

-	httponly_accessforbidden("Bad value for combination of parameters element/field: Field not supported.");	// This includes the exit.

+if (empty($conf->global->MAIN_DIRECT_STATUS_UPDATE)) {

+	accessforbidden('Calling this file is allowed only when MAIN_DIRECT_STATUS_UPDATE is set');

@@ -96,0 +59,11 @@
+if (in_array($field, array('status'))) {

+	$result = restrictedArea($user, $element, $id);

+}

+elseif ($element == 'product' && in_array($field, array('tosell', 'tobuy', 'tobatch'))) {	// Special case for products

+	$result = restrictedArea($user, 'produit|service', $id, 'product&product', '', '', 'rowid');

+}

+else {

+	accessforbidden("Bad value for combination of parameters element/field.", 0, 0, 1);

+	exit;

+}

+

@@ -99 +72 @@
-	$triggerkey = strtoupper(($module != $element ? $module.'_' : '').$element).'_UPDATE';

+	$triggerkey = strtoupper($element).'_UPDATE';

@@ -102,4 +75 @@
-		$triggerkey = 'COMPANY_MODIFY';

-	}

-	if ($triggerkey == 'PRODUCT_UPDATE') {

-		$triggerkey = 'PRODUCT_MODIFY';

+		$triggerkey = 'COMPANY_UPDATE';

@@ -108 +78,2 @@
-	$result = $object->setValueFrom($field, $value, $object->table_element, $id, $format, '', $user, $triggerkey);

+	$tablename = $element;

+	if ($tablename == 'websitepage') $tablename = 'website_page';

@@ -110,5 +81 @@
-	if ($result < 0) {

-		print $object->error;

-		http_response_code(500);

-		exit;

-	}

+	$format = 'int';

@@ -116,4 +83 @@
-	if ($backtopage) {

-		header('Location: '.$backtopage);

-		exit;

-	}

+	$object->setValueFrom($field, $value, $tablename, $id, $format, '', $user, $triggerkey);

--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_19.0.3_pingresult.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_pingresult.php
@@ -2 +2 @@
-/* Copyright (C) 2019-2023		Laurent Destailleur	<eldy@users.sourceforge.net>

+/* Copyright (C) 2019		Laurent Destailleur	<eldy@users.sourceforge.net>

@@ -19,4 +19,2 @@
- *       \file		htdocs/core/ajax/pingresult.php

- *       \brief		Page called after a ping was done in js to the official dolibarr ping service.

- *					This ajax URL is called with parameter 'firstpingok' or 'firstpingko' depending on the result of the ping.

- *					You can use &forceping=1 in parameters to force the ping if the ping was already sent.

+ *       \file       htdocs/core/ajax/pingresult.php

+ *       \brief      File to save result of an anonymous ping into database (1 ping is done per installation)

@@ -25,18 +23,6 @@
-if (!defined('NOTOKENRENEWAL')) {

-	define('NOTOKENRENEWAL', '1'); // Disables token renewal

-}

-if (!defined('NOREQUIREMENU')) {

-	define('NOREQUIREMENU', '1');

-}

-if (!defined('NOREQUIREHTML')) {

-	define('NOREQUIREHTML', '1');

-}

-if (!defined('NOREQUIREAJAX')) {

-	define('NOREQUIREAJAX', '1');

-}

-if (!defined('NOREQUIRESOC')) {

-	define('NOREQUIRESOC', '1');

-}

-if (!defined('NOREQUIRETRAN')) {

-	define('NOREQUIRETRAN', '1');

-}

+if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Disables token renewal

+if (!defined('NOREQUIREMENU'))  define('NOREQUIREMENU', '1');

+if (!defined('NOREQUIREHTML'))  define('NOREQUIREHTML', '1');

+if (!defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX', '1');

+if (!defined('NOREQUIRESOC'))   define('NOREQUIRESOC', '1');

+if (!defined('NOREQUIRETRAN'))  define('NOREQUIRETRAN', '1');

@@ -44 +29,0 @@
-// Load Dolibarr environment

@@ -48 +33 @@
-$action = GETPOST('action', 'aZ09');

+$action = GETPOST('action', 'alpha');

@@ -54 +39,2 @@
-// None. Beeing connected is enough.

+if (!empty($user->socid))

+	$socid = $user->socid;

@@ -55,0 +42 @@
+$now = dol_now();

@@ -62,2 +48,0 @@
-$now = dol_now();

-

@@ -69 +54,2 @@
-if ($action == 'firstpingok') {

+if ($action == 'firstpingok')

+{

@@ -72,2 +58,2 @@
-	dolibarr_set_const($db, 'MAIN_FIRST_PING_OK_DATE', dol_print_date($now, 'dayhourlog', 'gmt'), 'chaine', 0, '', $conf->entity);

-	dolibarr_set_const($db, 'MAIN_FIRST_PING_OK_ID', $hash_unique_id, 'chaine', 0, '', $conf->entity);

+	dolibarr_set_const($db, 'MAIN_FIRST_PING_OK_DATE', dol_print_date($now, 'dayhourlog', 'gmt'));

+	dolibarr_set_const($db, 'MAIN_FIRST_PING_OK_ID', $hash_unique_id);

@@ -76,2 +62,4 @@
-} elseif ($action == 'firstpingko') {

-	// If ko

+}

+// If ko

+elseif ($action == 'firstpingko')

+{

@@ -79 +67 @@
-	dolibarr_set_const($db, 'MAIN_LAST_PING_KO_DATE', dol_print_date($now, 'dayhourlog', 'gmt'), 'chaine', 0, '', $conf->entity); // erase last value

+	dolibarr_set_const($db, 'MAIN_LAST_PING_KO_DATE', dol_print_date($now, 'dayhourlog'), 'gmt'); // erase last value

@@ -81 +69,2 @@
-} else {

+}

+else {

--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_19.0.3_price.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_price.php
@@ -23,12 +23,4 @@
-if (!defined('NOTOKENRENEWAL')) {

-	define('NOTOKENRENEWAL', '1'); // Disables token renewal

-}

-if (!defined('NOREQUIREMENU')) {

-	define('NOREQUIREMENU', '1');

-}

-if (!defined('NOREQUIREAJAX')) {

-	define('NOREQUIREAJAX', '1');

-}

-if (!defined('NOREQUIRESOC')) {

-	define('NOREQUIRESOC', '1');

-}

+if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Disables token renewal

+if (!defined('NOREQUIREMENU'))  define('NOREQUIREMENU', '1');

+if (!defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX', '1');

+if (!defined('NOREQUIRESOC'))   define('NOREQUIRESOC', '1');

@@ -36 +27,0 @@
-// Load Dolibarr environment

@@ -42,4 +32,0 @@
-

-// Security check

-// None. This is a formatting only component.

-

@@ -56 +43,2 @@
-if (!empty($output) && isset($amount) && isset($tva_tx)) {

+if (!empty($output) && isset($amount) && isset($tva_tx))

+{

@@ -60 +48,2 @@
-	if (is_numeric($amount) && $amount != '') {

+	if (is_numeric($amount) && $amount != '')

+	{

@@ -65 +54,2 @@
-		} elseif ($output == 'price_ht') {

+		}

+		elseif ($output == 'price_ht') {

--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_19.0.3_row.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_row.php
@@ -2 +2 @@
-/* Copyright (C) 2010-2021 Regis Houssin       <regis.houssin@inodbox.com>

+/* Copyright (C) 2010-2015 Regis Houssin       <regis.houssin@inodbox.com>

@@ -30,18 +30,6 @@
-if (!defined('NOTOKENRENEWAL')) {

-	define('NOTOKENRENEWAL', '1'); // Disable token renewal

-}

-if (!defined('NOREQUIREMENU')) {

-	define('NOREQUIREMENU', '1');

-}

-if (!defined('NOREQUIREHTML')) {

-	define('NOREQUIREHTML', '1');

-}

-if (!defined('NOREQUIREAJAX')) {

-	define('NOREQUIREAJAX', '1');

-}

-if (!defined('NOREQUIRESOC')) {

-	define('NOREQUIRESOC', '1');

-}

-if (!defined('NOREQUIRETRAN')) {

-	define('NOREQUIRETRAN', '1');

-}

+if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Disable token renewal

+if (!defined('NOREQUIREMENU'))  define('NOREQUIREMENU', '1');

+if (!defined('NOREQUIREHTML'))  define('NOREQUIREHTML', '1');

+if (!defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX', '1');

+if (!defined('NOREQUIRESOC'))   define('NOREQUIRESOC', '1');

+if (!defined('NOREQUIRETRAN'))  define('NOREQUIRETRAN', '1');

@@ -49 +36,0 @@
-// Load Dolibarr environment

@@ -52,5 +38,0 @@
-

-$hookmanager->initHooks(array('rowinterface'));

-

-// Security check

-// This is done later into view.

@@ -68,6 +50,7 @@
-if (GETPOST('roworder', 'alpha', 3) && GETPOST('table_element_line', 'aZ09', 3)

-	&& GETPOST('fk_element', 'aZ09', 3) && GETPOST('element_id', 'int', 3)) {

-	$roworder = GETPOST('roworder', 'alpha', 3);

-	$table_element_line = GETPOST('table_element_line', 'aZ09', 3);

-	$fk_element = GETPOST('fk_element', 'aZ09', 3);

-	$element_id = GETPOST('element_id', 'int', 3);

+if ((!empty($_POST['roworder'])) && (!empty($_POST['table_element_line']))

+	&& (!empty($_POST['fk_element'])) && (!empty($_POST['element_id'])))

+{

+	$roworder = GETPOST('roworder', 'alpha', 2);

+	$table_element_line = GETPOST('table_element_line', 'alpha', 2);

+	$fk_element = GETPOST('fk_element', 'alpha', 2);

+	$element_id = GETPOST('element_id', 'int', 2);

@@ -77,51 +60,5 @@
-	// Make test on permission

-	$perm = 0;

-	if ($table_element_line == 'propaldet' && $user->hasRight('propal', 'creer')) {

-		$perm = 1;

-	} elseif ($table_element_line == 'commandedet' && $user->hasRight('commande', 'creer')) {

-		$perm = 1;

-	} elseif ($table_element_line == 'facturedet' && $user->hasRight('facture', 'creer')) {

-		$perm = 1;

-	} elseif ($table_element_line == 'facturedet_rec' && $user->hasRight('facture', 'creer')) {

-		$perm = 1;

-	} elseif ($table_element_line == 'emailcollector_emailcollectoraction' && $user->admin) {

-		$perm = 1;

-	} elseif ($table_element_line == 'bom_bomline' && $user->hasRight('bom', 'write')) {

-		$perm = 1;

-	} elseif ($table_element_line == 'mrp_production' && $user->hasRight('mrp', 'write')) {

-		$perm = 1;

-	} elseif ($table_element_line == 'supplier_proposaldet' && $user->hasRight('supplier_proposal', 'creer')) {

-		$perm = 1;

-	} elseif ($table_element_line == 'commande_fournisseurdet' && $user->hasRight('fournisseur', 'commande', 'creer')) {

-		$perm = 1;

-	} elseif ($table_element_line == 'facture_fourn_det' && $user->hasRight('fournisseur', 'facture', 'creer')) {

-		$perm = 1;

-	} elseif ($table_element_line == 'facture_fourn_det_rec' && $user->hasRight('fournisseur', 'facture', 'creer')) {

-		$perm = 1;

-	} elseif ($table_element_line == 'product_attribute_value' && $fk_element == 'fk_product_attribute' && ($user->hasRight('produit', 'lire') || $user->hasRight('service', 'lire'))) {

-		$perm = 1;

-	} elseif ($table_element_line == 'ecm_files') {		// Used when of page "documents.php"

-		if ($user->hasRight('ecm', 'creer')) {

-			$perm = 1;

-		} elseif ($fk_element == 'fk_product' && ($user->hasRight('produit', 'creer') || $user->hasRight('service', 'creer'))) {

-			$perm = 1;

-		} elseif ($fk_element == 'fk_ticket' && $user->hasRight('ticket', 'write')) {

-			$perm = 1;

-		} elseif ($fk_element == 'fk_holiday' && $user->hasRight('holiday', 'write')) {

-			$perm = 1;

-		} elseif ($fk_element == 'fk_soc' && $user->hasRight('societe', 'creer')) {

-			$perm = 1;

-		}

-	} elseif ($table_element_line == 'product_association' && $fk_element == 'fk_product' && ($user->hasRight('produit', 'creer') || $user->hasRight('service', 'creer'))) {

-		$perm = 1;

-	} elseif ($table_element_line == 'projet_task' && $fk_element == 'fk_projet' && $user->hasRight('projet', 'creer')) {

-		$perm = 1;

-	} elseif ($table_element_line == 'contratdet' && $fk_element == 'fk_contrat' && $user->hasRight('contrat', 'creer')) {

-		$perm = 1;

-	} else {

-		$tmparray = explode('_', $table_element_line);

-		$tmpmodule = $tmparray[0];

-		$tmpobject = preg_replace('/line$/', '', $tmparray[1]);

-		if (!empty($tmpmodule) && !empty($tmpobject) && !empty($conf->$tmpmodule->enabled) && $user->hasRight($tmpobject, 'write')) {

-			$perm = 1;

-		}

+	$rowordertab = explode(',', $roworder);

+	$newrowordertab = array();

+	foreach ($rowordertab as $value)

+	{

+		if (!empty($value)) $newrowordertab[] = $value;

@@ -129 +66 @@
-	$parameters = array('roworder'=> &$roworder, 'table_element_line' => &$table_element_line, 'fk_element' => &$fk_element, 'element_id' => &$element_id, 'perm' => &$perm);

+

@@ -134,21 +70,0 @@
-	$reshook = $hookmanager->executeHooks('checkRowPerms', $parameters, $row, $action);

-	if ($reshook > 0) {

-		$perm = $hookmanager->resArray['perm'];

-	}

-	if (! $perm) {

-		// We should not be here. If we are not allowed to reorder rows, feature should not be visible on script.

-		// If we are here, it is a hack attempt, so we report a warning.

-		print 'Bad permission to modify position of lines for object in table '.$table_element_line;

-		dol_syslog('Bad permission to modify position of lines for object in table='.$table_element_line.', fk_element='.$fk_element, LOG_WARNING);

-		accessforbidden('Bad permission to modify position of lines for object in table '.$table_element_line);

-	}

-

-	$rowordertab = explode(',', $roworder);

-	$newrowordertab = array();

-	foreach ($rowordertab as $value) {

-		if (!empty($value)) {

-			$newrowordertab[] = $value;

-		}

-	}

-

-

@@ -160 +76,2 @@
-	if (in_array($fk_element, array('fk_facture', 'fk_propal', 'fk_commande','fk_contrat'))) {

+	if (in_array($fk_element, array('fk_facture', 'fk_propal', 'fk_commande')))

+	{

@@ -163,2 +79,0 @@
-} else {

-	print 'Bad parameters for row.php';

--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_19.0.3_saveinplace.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_saveinplace.php
@@ -20 +20 @@
- *       \brief      File to load field value. used only when option "Edit In Place" is set (MAIN_USE_JQUERY_JEDITABLE).

+ *       \brief      File to save field value

@@ -23,14 +23,5 @@
-if (!defined('NOTOKENRENEWAL')) {

-	define('NOTOKENRENEWAL', '1'); // Disables token renewal

-}

-if (!defined('NOREQUIREMENU')) {

-	define('NOREQUIREMENU', '1');

-}

-if (!defined('NOREQUIREAJAX')) {

-	define('NOREQUIREAJAX', '1');

-}

-if (!defined('NOREQUIRESOC')) {

-	define('NOREQUIRESOC', '1');

-}

-

-// Load Dolibarr environment

+if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Disables token renewal

+if (!defined('NOREQUIREMENU'))  define('NOREQUIREMENU', '1');

+if (!defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX', '1');

+if (!defined('NOREQUIRESOC'))   define('NOREQUIRESOC', '1');

+

@@ -44 +34,0 @@
-$id = $fk_element;

@@ -58,22 +47,0 @@
-// Load object according to $id and $element

-$object = fetchObjectByElement($id, $element);

-

-$module = $object->module;

-$element = $object->element;

-$usesublevelpermission = ($module != $element ? $element : '');

-if ($usesublevelpermission && !$user->hasRight($module, $element)) {	// There is no permission on object defined, we will check permission on module directly

-	$usesublevelpermission = '';

-}

-

-//print $object->id.' - '.$object->module.' - '.$object->element.' - '.$object->table_element.' - '.$usesublevelpermission."\n";

-

-// Security check

-$result = restrictedArea($user, $object->module, $object, $object->table_element, $usesublevelpermission, 'fk_soc', 'rowid', 0, 1);	// Call with mode return

-if (!$result) {

-	httponly_accessforbidden('Not allowed by restrictArea');

-}

-

-if (!getDolGlobalString('MAIN_USE_JQUERY_JEDITABLE')) {

-	httponly_accessforbidden('Can be used only when option MAIN_USE_JQUERY_JEDITABLE is set');

-}

-

@@ -91 +59,2 @@
-if (!empty($field) && !empty($element) && !empty($table_element) && !empty($fk_element)) {

+if (!empty($field) && !empty($element) && !empty($table_element) && !empty($fk_element))

+{

@@ -93 +62 @@
-	$field = substr($field, 8); // remove prefix val_

+	$field				= substr($field, 8); // remove prefix val_

@@ -95,3 +64,3 @@
-	$value = ($type == 'ckeditor' ? GETPOST('value', '', 2) : GETPOST('value', 'alpha', 2));

-	$loadmethod = GETPOST('loadmethod', 'alpha', 2);

-	$savemethod = GETPOST('savemethod', 'alpha', 2);

+	$value				= ($type == 'ckeditor' ? GETPOST('value', '', 2) : GETPOST('value', 'alpha', 2));

+	$loadmethod			= GETPOST('loadmethod', 'alpha', 2);

+	$savemethod			= GETPOST('savemethod', 'alpha', 2);

@@ -99 +68 @@
-	$newelement = $element;

+	$newelement			= $element;

@@ -106 +75,2 @@
-	if ($element != 'order_supplier' && $element != 'invoice_supplier' && preg_match('/^([^_]+)_([^_]+)/i', $element, $regs)) {

+	if ($element != 'order_supplier' && $element != 'invoice_supplier' && preg_match('/^([^_]+)_([^_]+)/i', $element, $regs))

+	{

@@ -111,9 +81,5 @@
-	if ($element == 'propal') {

-		$newelement = 'propale';

-	} elseif ($element == 'fichinter') {

-		$newelement = 'ficheinter';

-	} elseif ($element == 'product') {

-		$newelement = 'produit';

-	} elseif ($element == 'member') {

-		$newelement = 'adherent';

-	} elseif ($element == 'order_supplier') {

+	if ($element == 'propal') $newelement = 'propale';

+	elseif ($element == 'fichinter') $newelement = 'ficheinter';

+	elseif ($element == 'product') $newelement = 'produit';

+	elseif ($element == 'member') $newelement = 'adherent';

+	elseif ($element == 'order_supplier') {

@@ -122 +88,2 @@
-	} elseif ($element == 'invoice_supplier') {

+	}

+	elseif ($element == 'invoice_supplier') {

@@ -125,3 +92,2 @@
-	} else {

-		$newelement = $element;

-	}

+	}

+	else $newelement = $element;

@@ -130 +95,0 @@
-

@@ -134 +99,2 @@
-	if ($feature == 'expedition' || $feature == 'shipping') {

+	if ($feature == 'expedition' || $feature == 'shipping')

+	{

@@ -138,10 +104,3 @@
-	if ($feature == 'shipping') {

-		$feature = 'commande';

-	}

-	if ($feature == 'payment') {

-		$feature = 'facture';

-	}

-	if ($feature == 'payment_supplier') {

-		$feature = 'fournisseur';

-		$feature2 = 'facture';

-	}

+	if ($feature == 'shipping') $feature = 'commande';

+	if ($feature == 'payment') { $feature = 'facture'; }

+	if ($feature == 'payment_supplier') { $feature = 'fournisseur'; $feature2 = 'facture'; }

@@ -153,2 +112,2 @@
-	if (!empty($user->rights->$newelement->creer) || !empty($user->rights->$newelement->create) || !empty($user->rights->$newelement->write)

-		|| (isset($subelement) && (!empty($user->rights->$newelement->$subelement->creer) || !empty($user->rights->$newelement->$subelement->write)))

+	if (! empty($user->rights->$newelement->creer) || ! empty($user->rights->$newelement->create) || ! empty($user->rights->$newelement->write)

+		|| (isset($subelement) && (! empty($user->rights->$newelement->$subelement->creer) || ! empty($user->rights->$newelement->$subelement->write)))

@@ -159 +118,2 @@
-	if ($check_access) {

+	if ($check_access)

+	{

@@ -163 +123,2 @@
-		if ($type == 'numeric') {

+		if ($type == 'numeric')

+		{

@@ -167 +128,2 @@
-			if (!is_numeric($newvalue)) {

+			if (!is_numeric($newvalue))

+			{

@@ -171 +133,3 @@
-		} elseif ($type == 'datepicker') {

+		}

+		elseif ($type == 'datepicker')

+		{

@@ -175 +139,3 @@
-		} elseif ($type == 'select') {

+		}

+		elseif ($type == 'select')

+		{

@@ -181 +147,2 @@
-			if (method_exists($form, $loadmethodname)) {

+			if (method_exists($form, $loadmethodname))

+			{

@@ -183 +150,2 @@
-				if ($ret > 0) {

+				if ($ret > 0)

+				{

@@ -187 +155,2 @@
-					if (!empty($form->$loadviewname)) {

+					if (!empty($form->$loadviewname))

+					{

@@ -191 +160,3 @@
-				} else {

+				}

+				else

+				{

@@ -195 +166,3 @@
-			} else {

+			}

+			else

+			{

@@ -197 +170,2 @@
-				if (preg_match('/^([^_]+)_([^_]+)/i', $ext_element, $regs)) {

+				if (preg_match('/^([^_]+)_([^_]+)/i', $ext_element, $regs))

+				{

@@ -206 +180,2 @@
-				if ($ret > 0) {

+				if ($ret > 0)

+				{

@@ -210 +185,2 @@
-					if (!empty($object->$loadviewname)) {

+					if (!empty($object->$loadviewname))

+					{

@@ -214 +190,3 @@
-				} else {

+				}

+				else

+				{

@@ -221,4 +199,3 @@
-		if (!$error) {

-			if ((isset($object) && !is_object($object)) || empty($savemethod)) {

-				$object = new GenericObject($db);

-			}

+		if (!$error)

+		{

+			if ((isset($object) && !is_object($object)) || empty($savemethod)) $object = new GenericObject($db);

@@ -234,6 +211,4 @@
-			if ($ret > 0) {

-				if ($type == 'numeric') {

-					$value = price($newvalue);

-				} elseif ($type == 'textarea') {

-					$value = dol_nl2br($newvalue);

-				}

+			if ($ret > 0)

+			{

+				if ($type == 'numeric') $value = price($newvalue);

+				elseif ($type == 'textarea') $value = dol_nl2br($newvalue);

@@ -243 +218,3 @@
-			} else {

+			}

+			else

+			{

@@ -249 +226,3 @@
-	} else {

+	}

+	else

+	{

--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_19.0.3_selectobject.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_selectobject.php
@@ -23,15 +23,6 @@
-if (!defined('NOTOKENRENEWAL')) {

-	define('NOTOKENRENEWAL', 1); // Disables token renewal

-}

-if (!defined('NOREQUIREMENU')) {

-	define('NOREQUIREMENU', '1');

-}

-if (!defined('NOREQUIREHTML')) {

-	define('NOREQUIREHTML', '1');

-}

-if (!defined('NOREQUIREAJAX')) {

-	define('NOREQUIREAJAX', '1');

-}

-if (!defined('NOREQUIRESOC')) {

-	define('NOREQUIRESOC', '1');

-}

+if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', 1); // Disables token renewal

+if (!defined('NOREQUIREMENU'))  define('NOREQUIREMENU', '1');

+if (!defined('NOREQUIREHTML'))  define('NOREQUIREHTML', '1');

+if (!defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX', '1');

+if (!defined('NOREQUIRESOC'))   define('NOREQUIRESOC', '1');

+if (!defined('NOCSRFCHECK'))    define('NOCSRFCHECK', '1');

@@ -39 +29,0 @@
-// Load Dolibarr environment

@@ -41,2 +30,0 @@
-require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php';

-require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php';

@@ -44,3 +32 @@
-$extrafields = new ExtraFields($db);

-

-$objectdesc = GETPOST('objectdesc', 'alphanohtml', 0, null, null, 1);

+$objectdesc = GETPOST('objectdesc', 'alpha');

@@ -47,0 +34 @@
+$sqlfilter = GETPOST('sqlfilter', 'alpha');

@@ -49,96 +36,2 @@
-$id = GETPOSTINT('id');

-$objectfield = GETPOST('objectfield', 'alpha');	// 'MyObject:field' or 'MyModule_MyObject:field' or 'MyObject:option_field' or 'MyModule_MyObject:option_field'

-

-if (empty($htmlname)) {

-	httponly_accessforbidden('Bad value for param htmlname');

-}

-

-if (!empty($objectfield)) {

-	// Recommended method to call selectobject.

-	// $objectfield is Object:Field that contains the definition (in table $fields or extrafield). Example: 'Societe:t.ddd' or 'Societe:options_xxx'

-

-	$tmparray = explode(':', $objectfield);

-	$objectdesc = '';

-

-	// Load object according to $id and $element

-	$objectforfieldstmp = fetchObjectByElement(0, strtolower($tmparray[0]));

-

-	$reg = array();

-	if (preg_match('/^options_(.*)$/', $tmparray[1], $reg)) {

-		// For a property in extrafields

-		$key = $reg[1];

-		// fetch optionals attributes and labels

-		$extrafields->fetch_name_optionals_label($objectforfieldstmp->table_element);

-

-		if (!empty($extrafields->attributes[$objectforfieldstmp->table_element]['type'][$key]) && $extrafields->attributes[$objectforfieldstmp->table_element]['type'][$key] == 'link') {

-			if (!empty($extrafields->attributes[$objectforfieldstmp->table_element]['param'][$key]['options'])) {

-				$tmpextrafields = array_keys($extrafields->attributes[$objectforfieldstmp->table_element]['param'][$key]['options']);

-				$objectdesc = $tmpextrafields[0];

-			}

-		}

-	} else {

-		// For a property in ->fields

-		$objectdesc = $objectforfieldstmp->fields[$tmparray[1]]['type'];

-		$objectdesc = preg_replace('/^integer[^:]*:/', '', $objectdesc);

-	}

-}

-

-if ($objectdesc) {

-	// Example of value for $objectdesc:

-	// Bom:bom/class/bom.class.php:0:t.status=1

-	// Bom:bom/class/bom.class.php:0:t.status=1:ref

-	// Bom:bom/class/bom.class.php:0:(t.status:=:1) OR (t.field2:=:2):ref

-	$InfoFieldList = explode(":", $objectdesc, 4);

-	$vartmp = (empty($InfoFieldList[3]) ? '' : $InfoFieldList[3]);

-	$reg = array();

-	if (preg_match('/^.*:(\w*)$/', $vartmp, $reg)) {

-		$InfoFieldList[4] = $reg[1];    // take the sort field

-	}

-	$InfoFieldList[3] = preg_replace('/:\w*$/', '', $vartmp);    // take the filter field

-

-	$classname = $InfoFieldList[0];

-	$classpath = $InfoFieldList[1];

-	//$addcreatebuttonornot = empty($InfoFieldList[2]) ? 0 : $InfoFieldList[2];

-	$filter = empty($InfoFieldList[3]) ? '' : $InfoFieldList[3];

-	$sortfield = empty($InfoFieldList[4]) ? '' : $InfoFieldList[4];

-

-	// Load object according to $id and $element

-	$objecttmp = fetchObjectByElement(0, strtolower($InfoFieldList[0]));

-

-	// Fallback to another solution to get $objecttmp

-	if (empty($objecttmp) && !empty($classpath)) {

-		dol_include_once($classpath);

-

-		if ($classname && class_exists($classname)) {

-			$objecttmp = new $classname($db);

-		}

-	}

-}

-

-// Make some replacement

-$sharedentities = getEntity(strtolower($objecttmp->element));

-

-$filter = str_replace(

-	array('__ENTITY__', '__SHARED_ENTITIES__', '__USER_ID__', '$ID$'),

-	array($conf->entity, $sharedentities, $user->id, $id),

-	$filter

-);

-

-/*

-$module = $object->module;

-$element = $object->element;

-$usesublevelpermission = ($module != $element ? $element : '');

-if ($usesublevelpermission && !isset($user->rights->$module->$element)) {	// There is no permission on object defined, we will check permission on module directly

-	$usesublevelpermission = '';

-}

-*/

-

-// When used from jQuery, the search term is added as GET param "term".

-$searchkey = (($id && GETPOST($id, 'alpha')) ? GETPOST($id, 'alpha') : (($htmlname && GETPOST($htmlname, 'alpha')) ? GETPOST($htmlname, 'alpha') : ''));

-

-// Add a security test to avoid to get content of all tables

-if (!empty($objecttmp->module)) {

-	restrictedArea($user, $objecttmp->module, $id, $objecttmp->table_element, $objecttmp->element);

-} else {

-	restrictedArea($user, $objecttmp->element, $id);

-}

+$action = GETPOST('action', 'alpha');

+$id = GETPOST('id', 'int');

@@ -150,0 +44,7 @@
+//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";

+

+dol_syslog(join(',', $_GET));

+//print_r($_GET);

+

+

+require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php';

@@ -153 +53 @@
-top_httphead($outjson ? 'application/json' : 'text/html');

+//$langs->load("companies");

@@ -155,2 +55 @@
-//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";

-//print_r($_GET);

+top_httphead();

@@ -158 +57,26 @@
-$arrayresult = $form->selectForFormsList($objecttmp, $htmlname, '', 0, $searchkey, '', '', '', 0, 1, 0, '', $filter);

+if (empty($htmlname)) return;

+

+

+$InfoFieldList = explode(":", $objectdesc);

+$classname = $InfoFieldList[0];

+$classpath = $InfoFieldList[1];

+if (!empty($classpath))

+{

+	dol_include_once($classpath);

+	if ($classname && class_exists($classname))

+	{

+		$objecttmp = new $classname($db);

+	}

+}

+if (!is_object($objecttmp))

+{

+	dol_syslog('Error bad param objectdesc', LOG_WARNING);

+	print 'Error bad param objectdesc';

+}

+

+// When used from jQuery, the search term is added as GET param "term".

+$searchkey = (($id && GETPOST($id, 'alpha')) ?GETPOST($id, 'alpha') : (($htmlname && GETPOST($htmlname, 'alpha')) ?GETPOST($htmlname, 'alpha') : ''));

+

+// TODO Add a security test to avoid to get content of all tables

+

+$arrayresult = $form->selectForFormsList($objecttmp, $htmlname, '', 0, $searchkey, '', '', '', 0, 1);

@@ -162,3 +86 @@
-if ($outjson) {

-	print json_encode($arrayresult);

-}

+if ($outjson) print json_encode($arrayresult);

--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_19.0.3_selectsearchbox.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_selectsearchbox.php
@@ -2 +2 @@
-/* Copyright (C) 2015-2023 Laurent Destailleur  <eldy@users.sourceforge.net>

+/* Copyright (C) 2015-2018 Laurent Destailleur  <eldy@users.sourceforge.net>

@@ -21 +21 @@
- *      \brief      This script returns json array of possible searches or just set the array if called by an include

+ *      \brief      This script returns content of possible search

@@ -22,0 +23 @@
+

@@ -26,17 +27,7 @@
-if (!isset($usedbyinclude) || empty($usedbyinclude)) {

-	if (!defined('NOTOKENRENEWAL')) {

-		define('NOTOKENRENEWAL', 1); // Disables token renewal

-	}

-	if (!defined('NOREQUIREMENU')) {

-		define('NOREQUIREMENU', '1');

-	}

-	if (!defined('NOREQUIREHTML')) {

-		define('NOREQUIREHTML', '1');

-	}

-	if (!defined('NOREQUIREAJAX')) {

-		define('NOREQUIREAJAX', '1');

-	}

-	if (!defined('NOREDIRECTBYMAINTOLOGIN')) {

-		// Disable redirect to main login because the selectsearch must not ask a login

-		define('NOREDIRECTBYMAINTOLOGIN', '1');

-	}

+if (!isset($usedbyinclude) || empty($usedbyinclude))

+{

+    if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', 1); // Disables token renewal

+    if (!defined('NOREQUIREMENU'))  define('NOREQUIREMENU', '1');

+    if (!defined('NOREQUIREHTML'))  define('NOREQUIREHTML', '1');

+    if (!defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX', '1');

+    if (!defined('NOREDIRECTBYMAINTOLOGIN')) define('NOREDIRECTBYMAINTOLOGIN', '1');

@@ -44,16 +35,9 @@
-	$res = @include '../../main.inc.php';

-

-	// Security check

-	// None. Beeing connected is enough.

-

-	top_httphead('application/json');

-

-	if ($res == 'ERROR_NOT_LOGGED') {

-		$langs->load("other");

-		$arrayresult['jumptologin'] = array('img'=>'object_generic', 'label'=>$langs->trans("JumpToLogin"), 'text'=>'<span class="fa fa-sign-in"></span> '.$langs->trans("JumpToLogin"), 'url'=>DOL_URL_ROOT.'/index.php');

-		print json_encode($arrayresult);

-		if (is_object($db)) {

-			$db->close();

-		}

-		exit;

-	}

+    $res = @include '../../main.inc.php';

+    if ($res == 'ERROR_NOT_LOGGED')

+    {

+    	$langs->load("other");

+    	$arrayresult['jumptologin'] = array('img'=>'object_generic', 'label'=>$langs->trans("JumpToLogin"), 'text'=>'<span class="fa fa-sign-in"></span> '.$langs->trans("JumpToLogin"), 'url'=>DOL_URL_ROOT.'/index.php');

+    	print json_encode($arrayresult);

+    	if (is_object($db)) $db->close();

+    	exit;

+    }

@@ -63,0 +48 @@
+//global $hookmanager;

@@ -66 +51 @@
-$search_boxvalue = GETPOST('q', 'restricthtml');

+$search_boxvalue = GETPOST('q', 'none');

@@ -72,2 +57,3 @@
-if (isModEnabled('adherent') && !getDolGlobalString('MAIN_SEARCHFORM_ADHERENT_DISABLED') && $user->hasRight('adherent', 'lire')) {

-	$arrayresult['searchintomember'] = array('position'=>8, 'shortcut'=>'M', 'img'=>'object_member', 'label'=>$langs->trans("SearchIntoMembers", $search_boxvalue), 'text'=>img_picto('', 'object_member', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoMembers", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/adherents/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

+if (!empty($conf->adherent->enabled) && empty($conf->global->MAIN_SEARCHFORM_ADHERENT_DISABLED) && $user->rights->adherent->lire)

+{

+	$arrayresult['searchintomember'] = array('position'=>8, 'shortcut'=>'M', 'img'=>'object_member', 'label'=>$langs->trans("SearchIntoMembers", $search_boxvalue), 'text'=>img_picto('', 'object_member').' '.$langs->trans("SearchIntoMembers", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/adherents/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : ''));

@@ -76,2 +62,3 @@
-if (((isModEnabled('societe') && (!getDolGlobalString('SOCIETE_DISABLE_PROSPECTS') || !getDolGlobalString('SOCIETE_DISABLE_CUSTOMERS'))) || isModEnabled('supplier_order') || isModEnabled('supplier_invoice') || isModEnabled('supplier_proposal')) && !getDolGlobalString('MAIN_SEARCHFORM_SOCIETE_DISABLED') && $user->hasRight('societe', 'lire')) {

-	$arrayresult['searchintothirdparty'] = array('position'=>10, 'shortcut'=>'T', 'img'=>'object_company', 'label'=>$langs->trans("SearchIntoThirdparties", $search_boxvalue), 'text'=>img_picto('', 'object_company', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoThirdparties", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/societe/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

+if (((!empty($conf->societe->enabled) && (empty($conf->global->SOCIETE_DISABLE_PROSPECTS) || empty($conf->global->SOCIETE_DISABLE_CUSTOMERS))) || !empty($conf->fournisseur->enabled)) && empty($conf->global->MAIN_SEARCHFORM_SOCIETE_DISABLED) && $user->rights->societe->lire)

+{

+	$arrayresult['searchintothirdparty'] = array('position'=>10, 'shortcut'=>'T', 'img'=>'object_company', 'label'=>$langs->trans("SearchIntoThirdparties", $search_boxvalue), 'text'=>img_picto('', 'object_company').' '.$langs->trans("SearchIntoThirdparties", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/societe/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : ''));

@@ -80,2 +67,3 @@
-if (isModEnabled('societe') && !getDolGlobalString('MAIN_SEARCHFORM_CONTACT_DISABLED') && $user->hasRight('societe', 'lire')) {

-	$arrayresult['searchintocontact'] = array('position'=>15, 'shortcut'=>'A', 'img'=>'object_contact', 'label'=>$langs->trans("SearchIntoContacts", $search_boxvalue), 'text'=>img_picto('', 'object_contact', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoContacts", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/contact/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

+if (!empty($conf->societe->enabled) && empty($conf->global->MAIN_SEARCHFORM_CONTACT_DISABLED) && $user->rights->societe->lire)

+{

+	$arrayresult['searchintocontact'] = array('position'=>15, 'shortcut'=>'A', 'img'=>'object_contact', 'label'=>$langs->trans("SearchIntoContacts", $search_boxvalue), 'text'=>img_picto('', 'object_contact').' '.$langs->trans("SearchIntoContacts", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/contact/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : ''));

@@ -84,6 +72,4 @@
-if (((isModEnabled('product') && $user->hasRight('product', 'read')) || (isModEnabled('service') && $user->hasRight('service', 'read'))) && !getDolGlobalString('MAIN_SEARCHFORM_PRODUITSERVICE_DISABLED')) {

-	$arrayresult['searchintoproduct'] = array('position'=>30, 'shortcut'=>'P', 'img'=>'object_product', 'label'=>$langs->trans("SearchIntoProductsOrServices", $search_boxvalue), 'text'=>img_picto('', 'object_product', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoProductsOrServices", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/product/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

-	// search on lot/serial numbers

-	if (isModEnabled('productbatch')) {

-		$arrayresult['searchintobatch'] = array('position'=>32, 'shortcut'=>'B', 'img'=>'object_lot', 'label'=>$langs->trans("SearchIntoBatch", $search_boxvalue), 'text'=>img_picto('', 'object_lot', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoBatch", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/product/stock/productlot_list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

-	}

+if (((!empty($conf->product->enabled) && $user->rights->produit->lire) || (!empty($conf->service->enabled) && $user->rights->service->lire))

+&& empty($conf->global->MAIN_SEARCHFORM_PRODUITSERVICE_DISABLED))

+{

+	$arrayresult['searchintoproduct'] = array('position'=>30, 'shortcut'=>'P', 'img'=>'object_product', 'label'=>$langs->trans("SearchIntoProductsOrServices", $search_boxvalue), 'text'=>img_picto('', 'object_product').' '.$langs->trans("SearchIntoProductsOrServices", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/product/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : ''));

@@ -92,8 +78,3 @@
-if (isModEnabled('mrp') && $user->hasRight('mrp', 'read') && !getDolGlobalString('MAIN_SEARCHFORM_MRP_DISABLED')) {

-	$arrayresult['searchintomo'] = array('position'=>35, 'shortcut'=>'', 'img'=>'object_mrp', 'label'=>$langs->trans("SearchIntoMO", $search_boxvalue), 'text'=>img_picto('', 'object_mrp', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoMO", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/mrp/mo_list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

-}

-if (isModEnabled('project') && !getDolGlobalString('MAIN_SEARCHFORM_PROJECT_DISABLED') && $user->hasRight('projet', 'lire')) {

-	$arrayresult['searchintoprojects'] = array('position'=>40, 'shortcut'=>'Q', 'img'=>'object_project', 'label'=>$langs->trans("SearchIntoProjects", $search_boxvalue), 'text'=>img_picto('', 'object_project', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoProjects", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/projet/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

-}

-if (isModEnabled('project') && !getDolGlobalString('MAIN_SEARCHFORM_TASK_DISABLED') && !getDolGlobalString('PROJECT_HIDE_TASKS') && $user->hasRight('projet', 'lire')) {

-	$arrayresult['searchintotasks'] = array('position'=>45, 'img'=>'object_projecttask', 'label'=>$langs->trans("SearchIntoTasks", $search_boxvalue), 'text'=>img_picto('', 'object_projecttask', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoTasks", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/projet/tasks/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

+if (!empty($conf->mrp->enabled) && $user->rights->mrp->read && empty($conf->global->MAIN_SEARCHFORM_MRP_DISABLED))

+{

+	$arrayresult['searchintomo'] = array('position'=>35, 'shortcut'=>'', 'img'=>'object_mrp', 'label'=>$langs->trans("SearchIntoMO", $search_boxvalue), 'text'=>img_picto('', 'object_mrp').' '.$langs->trans("SearchIntoMO", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/mrp/mo_list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

@@ -102,2 +83,3 @@
-if (isModEnabled('propal') && !getDolGlobalString('MAIN_SEARCHFORM_CUSTOMER_PROPAL_DISABLED') && $user->hasRight('propal', 'lire')) {

-	$arrayresult['searchintopropal'] = array('position'=>60, 'img'=>'object_propal', 'label'=>$langs->trans("SearchIntoCustomerProposals", $search_boxvalue), 'text'=>img_picto('', 'object_propal', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoCustomerProposals", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/comm/propal/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

+if (!empty($conf->projet->enabled) && empty($conf->global->MAIN_SEARCHFORM_PROJECT_DISABLED) && $user->rights->projet->lire)

+{

+	$arrayresult['searchintoprojects'] = array('position'=>40, 'shortcut'=>'Q', 'img'=>'object_projectpub', 'label'=>$langs->trans("SearchIntoProjects", $search_boxvalue), 'text'=>img_picto('', 'object_project').' '.$langs->trans("SearchIntoProjects", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/projet/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

@@ -105,8 +87,3 @@
-if (isModEnabled('commande') && !getDolGlobalString('MAIN_SEARCHFORM_CUSTOMER_ORDER_DISABLED') && $user->hasRight('commande', 'lire')) {

-	$arrayresult['searchintoorder'] = array('position'=>70, 'img'=>'object_order', 'label'=>$langs->trans("SearchIntoCustomerOrders", $search_boxvalue), 'text'=>img_picto('', 'object_order', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoCustomerOrders", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/commande/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

-}

-if (isModEnabled('expedition') && !getDolGlobalString('MAIN_SEARCHFORM_CUSTOMER_SHIPMENT_DISABLED') && $user->hasRight('expedition', 'lire')) {

-	$arrayresult['searchintoshipment'] = array('position'=>80, 'img'=>'object_shipment', 'label'=>$langs->trans("SearchIntoCustomerShipments", $search_boxvalue), 'text'=>img_picto('', 'object_shipment', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoCustomerShipments", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/expedition/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

-}

-if (isModEnabled('facture') && !getDolGlobalString('MAIN_SEARCHFORM_CUSTOMER_INVOICE_DISABLED') && $user->hasRight('facture', 'lire')) {

-	$arrayresult['searchintoinvoice'] = array('position'=>90, 'img'=>'object_bill', 'label'=>$langs->trans("SearchIntoCustomerInvoices", $search_boxvalue), 'text'=>img_picto('', 'object_bill', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoCustomerInvoices", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/compta/facture/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

+if (!empty($conf->projet->enabled) && empty($conf->global->MAIN_SEARCHFORM_TASK_DISABLED) && $user->rights->projet->lire)

+{

+	$arrayresult['searchintotasks'] = array('position'=>45, 'img'=>'object_projecttask', 'label'=>$langs->trans("SearchIntoTasks", $search_boxvalue), 'text'=>img_picto('', 'object_projecttask').' '.$langs->trans("SearchIntoTasks", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/projet/tasks/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

@@ -115,2 +92,3 @@
-if (isModEnabled('supplier_proposal') && !getDolGlobalString('MAIN_SEARCHFORM_SUPPLIER_PROPAL_DISABLED') && $user->hasRight('supplier_proposal', 'lire')) {

-	$arrayresult['searchintosupplierpropal'] = array('position'=>100, 'img'=>'object_supplier_proposal', 'label'=>$langs->trans("SearchIntoSupplierProposals", $search_boxvalue), 'text'=>img_picto('', 'object_supplier_proposal', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoSupplierProposals", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/supplier_proposal/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

+if (!empty($conf->propal->enabled) && empty($conf->global->MAIN_SEARCHFORM_CUSTOMER_PROPAL_DISABLED) && $user->rights->propal->lire)

+{

+	$arrayresult['searchintopropal'] = array('position'=>60, 'img'=>'object_propal', 'label'=>$langs->trans("SearchIntoCustomerProposals", $search_boxvalue), 'text'=>img_picto('', 'object_propal').' '.$langs->trans("SearchIntoCustomerProposals", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/comm/propal/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : ''));

@@ -118,2 +96,3 @@
-if (((isModEnabled('fournisseur') && !getDolGlobalString('MAIN_USE_NEW_SUPPLIERMOD') && $user->hasRight('fournisseur', 'commande', 'lire')) || (isModEnabled('supplier_order') &&  $user->hasRight('supplier_order', 'lire'))) && !getDolGlobalString('MAIN_SEARCHFORM_SUPPLIER_ORDER_DISABLED')) {

-	$arrayresult['searchintosupplierorder'] = array('position'=>110, 'img'=>'object_supplier_order', 'label'=>$langs->trans("SearchIntoSupplierOrders", $search_boxvalue), 'text'=>img_picto('', 'object_supplier_order', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoSupplierOrders", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/fourn/commande/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

+if (!empty($conf->commande->enabled) && empty($conf->global->MAIN_SEARCHFORM_CUSTOMER_ORDER_DISABLED) && $user->rights->commande->lire)

+{

+	$arrayresult['searchintoorder'] = array('position'=>70, 'img'=>'object_order', 'label'=>$langs->trans("SearchIntoCustomerOrders", $search_boxvalue), 'text'=>img_picto('', 'object_order').' '.$langs->trans("SearchIntoCustomerOrders", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/commande/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : ''));

@@ -121,2 +100,7 @@
-if (((isModEnabled('fournisseur') && !getDolGlobalString('MAIN_USE_NEW_SUPPLIERMOD') && $user->hasRight('fournisseur', 'facture', 'lire')) || (isModEnabled('supplier_invoice') && $user->hasRight('supplier_invoice', 'lire'))) && !getDolGlobalString('MAIN_SEARCHFORM_SUPPLIER_INVOICE_DISABLED')) {

-	$arrayresult['searchintosupplierinvoice'] = array('position'=>120, 'img'=>'object_supplier_invoice', 'label'=>$langs->trans("SearchIntoSupplierInvoices", $search_boxvalue), 'text'=>img_picto('', 'object_supplier_invoice', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoSupplierInvoices", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/fourn/facture/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

+if (!empty($conf->expedition->enabled) && empty($conf->global->MAIN_SEARCHFORM_CUSTOMER_SHIPMENT_DISABLED) && $user->rights->expedition->lire)

+{

+	$arrayresult['searchintoshipment'] = array('position'=>80, 'img'=>'object_shipment', 'label'=>$langs->trans("SearchIntoCustomerShipments", $search_boxvalue), 'text'=>img_picto('', 'object_shipment').' '.$langs->trans("SearchIntoCustomerShipments", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/expedition/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : ''));

+}

+if (!empty($conf->facture->enabled) && empty($conf->global->MAIN_SEARCHFORM_CUSTOMER_INVOICE_DISABLED) && $user->rights->facture->lire)

+{

+	$arrayresult['searchintoinvoice'] = array('position'=>90, 'img'=>'object_bill', 'label'=>$langs->trans("SearchIntoCustomerInvoices", $search_boxvalue), 'text'=>img_picto('', 'object_bill').' '.$langs->trans("SearchIntoCustomerInvoices", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/compta/facture/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : ''));

@@ -125,8 +109,11 @@
-// Customer payments

-if (isModEnabled('facture') && !getDolGlobalString('MAIN_SEARCHFORM_CUSTOMER_INVOICE_DISABLED') && $user->hasRight('facture', 'lire')) {

-	$arrayresult['searchintocustomerpayments'] = array(

-		'position'=>170,

-		'img'=>'object_payment',

-		'label'=>$langs->trans("SearchIntoCustomerPayments", $search_boxvalue),

-		'text'=>img_picto('', 'object_payment', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoCustomerPayments", $search_boxvalue),

-		'url'=>DOL_URL_ROOT.'/compta/paiement/list.php?leftmenu=customers_bills_payment'.($search_boxvalue ? '&search_all='.urlencode($search_boxvalue) : ''));

+if (!empty($conf->supplier_proposal->enabled) && empty($conf->global->MAIN_SEARCHFORM_SUPPLIER_PROPAL_DISABLED) && $user->rights->supplier_proposal->lire)

+{

+	$arrayresult['searchintosupplierpropal'] = array('position'=>100, 'img'=>'object_propal', 'label'=>$langs->trans("SearchIntoSupplierProposals", $search_boxvalue), 'text'=>img_picto('', 'object_supplier_proposal').' '.$langs->trans("SearchIntoSupplierProposals", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/supplier_proposal/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : ''));

+}

+if ((! empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_SEARCHFORM_SUPPLIER_ORDER_DISABLED) || ! empty($conf->supplier_order->enabled)) && $user->rights->fournisseur->commande->lire)

+{

+	$arrayresult['searchintosupplierorder'] = array('position'=>110, 'img'=>'object_order', 'label'=>$langs->trans("SearchIntoSupplierOrders", $search_boxvalue), 'text'=>img_picto('', 'object_supplier_order').' '.$langs->trans("SearchIntoSupplierOrders", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/fourn/commande/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

+}

+if ((! empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_SEARCHFORM_SUPPLIER_INVOICE_DISABLED) || ! empty($conf->supplier_invoice->enabled)) && $user->rights->fournisseur->facture->lire)

+{

+	$arrayresult['searchintosupplierinvoice'] = array('position'=>120, 'img'=>'object_bill', 'label'=>$langs->trans("SearchIntoSupplierInvoices", $search_boxvalue), 'text'=>img_picto('', 'object_supplier_invoice').' '.$langs->trans("SearchIntoSupplierInvoices", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/fourn/facture/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : ''));

@@ -135,8 +122,3 @@
-// Vendor payments

-if (((isModEnabled('fournisseur') && !getDolGlobalString('MAIN_USE_NEW_SUPPLIERMOD') && $user->hasRight('fournisseur', 'facture', 'lire')) || (isModEnabled('supplier_invoice') && $user->hasRight('supplier_invoice', 'lire'))) && !getDolGlobalString('MAIN_SEARCHFORM_SUPPLIER_INVOICE_DISABLED')) {

-	$arrayresult['searchintovendorpayments'] = array(

-		'position'=>175,

-		'img'=>'object_payment',

-		'label'=>$langs->trans("SearchIntoVendorPayments", $search_boxvalue),

-		'text'=>img_picto('', 'object_payment', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoVendorPayments", $search_boxvalue),

-		'url'=>DOL_URL_ROOT.'/fourn/paiement/list.php?leftmenu=suppliers_bills_payment'.($search_boxvalue ? '&search_all='.urlencode($search_boxvalue) : ''));

+if (!empty($conf->contrat->enabled) && empty($conf->global->MAIN_SEARCHFORM_CONTRACT_DISABLED) && $user->rights->contrat->lire)

+{

+	$arrayresult['searchintocontract'] = array('position'=>130, 'img'=>'object_contract', 'label'=>$langs->trans("SearchIntoContracts", $search_boxvalue), 'text'=>img_picto('', 'object_contract').' '.$langs->trans("SearchIntoContracts", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/contrat/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : ''));

@@ -144,9 +126,3 @@
-

-// Miscellaneous payments

-if (isModEnabled('banque') && !getDolGlobalString('MAIN_SEARCHFORM_MISC_PAYMENTS_DISABLED') && $user->hasRight('banque', 'lire')) {

-	$arrayresult['searchintomiscpayments'] = array(

-		'position'=>180,

-		'img'=>'object_payment',

-		'label'=>$langs->trans("SearchIntoMiscPayments", $search_boxvalue),

-		'text'=>img_picto('', 'object_payment', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoMiscPayments", $search_boxvalue),

-		'url'=>DOL_URL_ROOT.'/compta/bank/various_payment/list.php?leftmenu=tax_various'.($search_boxvalue ? '&search_all='.urlencode($search_boxvalue) : ''));

+if (!empty($conf->ficheinter->enabled) && empty($conf->global->MAIN_SEARCHFORM_FICHINTER_DISABLED) && $user->rights->ficheinter->lire)

+{

+	$arrayresult['searchintointervention'] = array('position'=>140, 'img'=>'object_intervention', 'label'=>$langs->trans("SearchIntoInterventions", $search_boxvalue), 'text'=>img_picto('', 'object_intervention').' '.$langs->trans("SearchIntoInterventions", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/fichinter/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : ''));

@@ -154,12 +130,3 @@
-

-if (isModEnabled('contrat') && !getDolGlobalString('MAIN_SEARCHFORM_CONTRACT_DISABLED') && $user->hasRight('contrat', 'lire')) {

-	$arrayresult['searchintocontract'] = array('position'=>130, 'img'=>'object_contract', 'label'=>$langs->trans("SearchIntoContracts", $search_boxvalue), 'text'=>img_picto('', 'object_contract', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoContracts", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/contrat/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

-}

-if (isModEnabled('ficheinter') && !getDolGlobalString('MAIN_SEARCHFORM_FICHINTER_DISABLED') && $user->hasRight('ficheinter', 'lire')) {

-	$arrayresult['searchintointervention'] = array('position'=>140, 'img'=>'object_intervention', 'label'=>$langs->trans("SearchIntoInterventions", $search_boxvalue), 'text'=>img_picto('', 'object_intervention', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoInterventions", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/fichinter/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

-}

-if (isModEnabled('knowledgemanagement') && !getDolGlobalString('MAIN_SEARCHFORM_KNOWLEDGEMANAGEMENT_DISABLED') && $user->hasRight('knowledgemanagement', 'knowledgerecord', 'read')) {

-	$arrayresult['searchintoknowledgemanagement'] = array('position'=>145, 'img'=>'object_knowledgemanagement', 'label'=>$langs->trans("SearchIntoKM", $search_boxvalue), 'text'=>img_picto('', 'object_knowledgemanagement', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoKM", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/knowledgemanagement/knowledgerecord_list.php?mainmenu=ticket'.($search_boxvalue ? '&search_all='.urlencode($search_boxvalue) : ''));

-}

-if (isModEnabled('ticket') && !getDolGlobalString('MAIN_SEARCHFORM_TICKET_DISABLED') && $user->hasRight('ticket', 'read')) {

-	$arrayresult['searchintotickets'] = array('position'=>146, 'img'=>'object_ticket', 'label'=>$langs->trans("SearchIntoTickets", $search_boxvalue), 'text'=>img_picto('', 'object_ticket', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoTickets", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/ticket/list.php?mainmenu=ticket'.($search_boxvalue ? '&search_all='.urlencode($search_boxvalue) : ''));

+if (!empty($conf->ticket->enabled) && empty($conf->global->MAIN_SEARCHFORM_TICKET_DISABLED) && $user->rights->ticket->read)

+{

+	$arrayresult['searchintotickets'] = array('position'=>145, 'img'=>'object_ticket', 'label'=>$langs->trans("SearchIntoTickets", $search_boxvalue), 'text'=>img_picto('', 'object_ticket').' '.$langs->trans("SearchIntoTickets", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/ticket/list.php?mainmenu=ticket'.($search_boxvalue ? '&sall='.urlencode($search_boxvalue) : ''));

@@ -169,2 +136,3 @@
-if (isModEnabled('user') && !getDolGlobalString('MAIN_SEARCHFORM_USER_DISABLED') && $user->hasRight('user', 'user', 'lire')) {

-	$arrayresult['searchintouser'] = array('position'=>200, 'shortcut'=>'U', 'img'=>'object_user', 'label'=>$langs->trans("SearchIntoUsers", $search_boxvalue), 'text'=>img_picto('', 'object_user', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoUsers", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/user/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));

+if (!empty($conf->user->enabled) && empty($conf->global->MAIN_SEARCHFORM_USER_DISABLED) && $user->rights->user->user->lire)

+{

+	$arrayresult['searchintouser'] = array('position'=>200, 'shortcut'=>'U', 'img'=>'object_user', 'label'=>$langs->trans("SearchIntoUsers", $search_boxvalue), 'text'=>img_picto('', 'object_user').' '.$langs->trans("SearchIntoUsers", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/user/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : ''));

@@ -172,2 +140,3 @@
-if (isModEnabled('expensereport') && !getDolGlobalString('MAIN_SEARCHFORM_EXPENSEREPORT_DISABLED') && $user->hasRight('expensereport', 'lire')) {

-	$arrayresult['searchintoexpensereport'] = array('position'=>210, 'img'=>'object_trip', 'label'=>$langs->trans("SearchIntoExpenseReports", $search_boxvalue), 'text'=>img_picto('', 'object_trip', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoExpenseReports", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/expensereport/list.php?mainmenu=hrm'.($search_boxvalue ? '&search_all='.urlencode($search_boxvalue) : ''));

+if (!empty($conf->expensereport->enabled) && empty($conf->global->MAIN_SEARCHFORM_EXPENSEREPORT_DISABLED) && $user->rights->expensereport->lire)

+{

+	$arrayresult['searchintoexpensereport'] = array('position'=>210, 'img'=>'object_trip', 'label'=>$langs->trans("SearchIntoExpenseReports", $search_boxvalue), 'text'=>img_picto('', 'object_trip').' '.$langs->trans("SearchIntoExpenseReports", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/expensereport/list.php?mainmenu=hrm'.($search_boxvalue ? '&sall='.urlencode($search_boxvalue) : ''));

@@ -175,2 +144,3 @@
-if (isModEnabled('holiday') && !getDolGlobalString('MAIN_SEARCHFORM_HOLIDAY_DISABLED') && $user->hasRight('holiday', 'read')) {

-	$arrayresult['searchintoleaves'] = array('position'=>220, 'img'=>'object_holiday', 'label'=>$langs->trans("SearchIntoLeaves", $search_boxvalue), 'text'=>img_picto('', 'object_holiday', 'class="pictofixedwidth"').' '.$langs->trans("SearchIntoLeaves", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/holiday/list.php?mainmenu=hrm'.($search_boxvalue ? '&search_all='.urlencode($search_boxvalue) : ''));

+if (!empty($conf->holiday->enabled) && empty($conf->global->MAIN_SEARCHFORM_HOLIDAY_DISABLED) && $user->rights->holiday->read)

+{

+	$arrayresult['searchintoleaves'] = array('position'=>220, 'img'=>'object_holiday', 'label'=>$langs->trans("SearchIntoLeaves", $search_boxvalue), 'text'=>img_picto('', 'object_holiday').' '.$langs->trans("SearchIntoLeaves", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/holiday/list.php?mainmenu=hrm'.($search_boxvalue ? '&sall='.urlencode($search_boxvalue) : ''));

@@ -182 +152,2 @@
-if (empty($reshook)) {

+if (empty($reshook))

+{

@@ -184,2 +154,0 @@
-} else {

-	$arrayresult = $hookmanager->resArray;

@@ -186,0 +156 @@
+else $arrayresult = $hookmanager->resArray;

@@ -188,6 +158,4 @@
-// This pushes a search entry to the top

-if (getDolGlobalString('DEFAULT_SEARCH_INTO_MODULE')) {

-	$key = 'searchinto' . getDolGlobalString('DEFAULT_SEARCH_INTO_MODULE');

-	if (array_key_exists($key, $arrayresult)) {

-		$arrayresult[$key]['position'] = -1000;

-	}

+// This allow to keep a search entry to the top

+if (!empty($conf->global->DEFAULT_SEARCH_INTO_MODULE)) {

+    $key = 'searchinto'.$conf->global->DEFAULT_SEARCH_INTO_MODULE;

+    if (array_key_exists($key, $arrayresult)) $arrayresult[$key]['position'] = -10;

@@ -200,5 +168,4 @@
-if (!isset($usedbyinclude) || empty($usedbyinclude)) {

-	print json_encode($arrayresult);

-	if (is_object($db)) {

-		$db->close();

-	}

+if (!isset($usedbyinclude) || empty($usedbyinclude))

+{

+    print json_encode($arrayresult);

+    if (is_object($db)) $db->close();

--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_19.0.3_vatrates.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_vatrates.php
@@ -20 +20 @@
- *       \brief      File to load vat rates combobox according to thirdparty ID. Values are returned in JSON format.

+ *       \brief      File to load vat rates combobox

@@ -23,9 +23,3 @@
-if (!defined('NOTOKENRENEWAL')) {

-	define('NOTOKENRENEWAL', '1'); // Disables token renewal

-}

-if (!defined('NOREQUIREMENU')) {

-	define('NOREQUIREMENU', '1');

-}

-if (!defined('NOREQUIREAJAX')) {

-	define('NOREQUIREAJAX', '1');

-}

+if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Disables token renewal

+if (!defined('NOREQUIREMENU'))  define('NOREQUIREMENU', '1');

+if (!defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX', '1');

@@ -33 +26,0 @@
-// Load Dolibarr environment

@@ -37 +30 @@
-$action = GETPOST('action', 'aZ09');	// 'getSellerVATRates' or 'getBuyerVATRates'

+$action = GETPOST('action', 'alpha');

@@ -39,6 +32,2 @@
-$selected	= (GETPOST('selected') ? GETPOST('selected') : '-1');

-$productid = (GETPOST('productid', 'int') ? GETPOST('productid', 'int') : 0);

-

-// Security check

-$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);

-

+$selected	= (GETPOST('selected') ?GETPOST('selected') : '-1');

+$productid = (GETPOST('productid', 'int') ?GETPOST('productid', 'int') : 0);

@@ -50 +39 @@
-top_httphead('application/json');

+top_httphead();

@@ -55 +44,2 @@
-if (!empty($id) && !empty($action) && !empty($htmlname)) {

+if (!empty($id) && !empty($action) && !empty($htmlname))

+{

@@ -61 +51,2 @@
-	if ($action == 'getSellerVATRates') {

+	if ($action == 'getSellerVATRates')

+	{

@@ -64 +55,3 @@
-	} else {

+	}

+	else

+	{

@@ -69,0 +63 @@
+

--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_19.0.3_ziptown.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_ziptown.php
@@ -2,2 +2,2 @@
-/* Copyright (C) 2010      Regis Houssin       <regis.houssin@inodbox.com>

- * Copyright (C) 2011-2023 Laurent Destailleur <eldy@users.sourceforge.net>

+/* Copyright (C) 2010     Regis Houssin       <regis.houssin@inodbox.com>

+ * Copyright (C) 2011-204 Laurent Destailleur <eldy@users.sourceforge.net>

@@ -25,15 +25,6 @@
-if (!defined('NOTOKENRENEWAL')) {

-	define('NOTOKENRENEWAL', 1); // Disables token renewal

-}

-if (!defined('NOREQUIREMENU')) {

-	define('NOREQUIREMENU', '1');

-}

-if (!defined('NOREQUIREHTML')) {

-	define('NOREQUIREHTML', '1');

-}

-if (!defined('NOREQUIREAJAX')) {

-	define('NOREQUIREAJAX', '1');

-}

-if (!defined('NOREQUIRESOC')) {

-	define('NOREQUIRESOC', '1');

-}

+if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', 1); // Disables token renewal

+if (!defined('NOREQUIREMENU'))  define('NOREQUIREMENU', '1');

+if (!defined('NOREQUIREHTML'))  define('NOREQUIREHTML', '1');

+if (!defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX', '1');

+if (!defined('NOREQUIRESOC'))   define('NOREQUIRESOC', '1');

+if (!defined('NOCSRFCHECK'))    define('NOCSRFCHECK', '1');

@@ -41 +31,0 @@
-// Load Dolibarr environment

@@ -45,5 +34,0 @@
-// Security check

-if (!getDolGlobalString('MAIN_USE_ZIPTOWN_DICTIONNARY')) {

-	// If MAIN_USE_ZIPTOWN_DICTIONNARY is set, we make a search into public data (official list of zip/town). If not we search into company data, so we must check we have read permission.

-	$result = restrictedArea($user, 'societe', 0, '&societe', '', 'fk_soc', 'rowid', 0);

-}

@@ -55,0 +41,7 @@
+// Ajout directives pour resoudre bug IE

+//header('Cache-Control: Public, must-revalidate');

+//header('Pragma: public');

+

+//top_htmlhead("", "", 1);  // Replaced with top_httphead. An ajax page does not need html header.

+top_httphead();

+

@@ -58 +50 @@
-dol_syslog('ziptown call with MAIN_USE_ZIPTOWN_DICTIONNARY='.getDolGlobalString('MAIN_USE_ZIPTOWN_DICTIONNARY'));

+dol_syslog("GET is ".join(',', $_GET).', MAIN_USE_ZIPTOWN_DICTIONNARY='.(empty($conf->global->MAIN_USE_ZIPTOWN_DICTIONNARY) ? '' : $conf->global->MAIN_USE_ZIPTOWN_DICTIONNARY));

@@ -62,3 +54,2 @@
-if (GETPOST('zipcode') || GETPOST('town')) {

-	top_httphead('application/json');

-

+if (!empty($_GET['zipcode']) || !empty($_GET['town']))

+{

@@ -69,2 +60,2 @@
-	$zipcode = GETPOST('zipcode');

-	$town = GETPOST('town');

+	$zipcode = $_GET['zipcode'] ? $_GET['zipcode'] : '';

+	$town = $_GET['town'] ? $_GET['town'] : '';

@@ -72 +63,2 @@
-	if (getDolGlobalString('MAIN_USE_ZIPTOWN_DICTIONNARY')) {   // Use zip-town table

+	if (!empty($conf->global->MAIN_USE_ZIPTOWN_DICTIONNARY))   // Use zip-town table

+	{

@@ -82,6 +74,2 @@
-		if ($zipcode) {

-			$sql .= " AND z.zip LIKE '".$db->escape($db->escapeforlike($zipcode))."%'";

-		}

-		if ($town) {

-			$sql .= " AND z.town LIKE '%".$db->escape($db->escapeforlike($town))."%'";

-		}

+		if ($zipcode) $sql .= " AND z.zip LIKE '".$db->escape($zipcode)."%'";

+		if ($town)    $sql .= " AND z.town LIKE '%".$db->escape($town)."%'";

@@ -90 +78,3 @@
-	} else { // Use table of third parties

+	}

+	else                                               // Use table of third parties

+	{

@@ -98,6 +88,2 @@
-		if ($zipcode) {

-			$sql .= " s.zip LIKE '".$db->escape($db->escapeforlike($zipcode))."%'";

-		}

-		if ($town) {

-			$sql .= " s.town LIKE '%".$db->escape($db->escapeforlike($town))."%'";

-		}

+		if ($zipcode) $sql .= " s.zip LIKE '".$db->escape($zipcode)."%'";

+		if ($town)    $sql .= " s.town LIKE '%".$db->escape($town)."%'";

@@ -111,2 +97,4 @@
-	if ($resql) {

-		while ($row = $db->fetch_array($resql)) {

+	if ($resql)

+	{

+		while ($row = $db->fetch_array($resql))

+		{

@@ -122 +110,2 @@
-			if ($zipcode) {

+			if ($zipcode)

+			{

@@ -126 +115,2 @@
-			if ($town) {

+			if ($town)

+			{

@@ -141,5 +131,3 @@
-} elseif (GETPOSTISSET('country_codeid')) {

-	top_httphead('text/html');

-

-	$formcompany = new FormCompany($db);

-	print $formcompany->select_state(GETPOST('selected', 'int', 1), GETPOST('country_codeid', 'int', 1), GETPOST('htmlname', 'alpha', 1), GETPOST('morecss', 'alpha', 1));

+}

+else

+{