--- /tmp/dsg/dolibarr/htdocs/github_19.0.3_document.php
+++ /tmp/dsg/dolibarr/htdocs/client_document.php
@@ -8 +7,0 @@
- * Copyright (C) 2022	   Ferran Marcet        <fmarcet@2byte.es>

@@ -34,2 +32,0 @@
-define('MAIN_SECURITY_FORCECSP', "default-src: 'none'");

-

@@ -38,12 +35,4 @@
-if (!defined('NOTOKENRENEWAL')) {

-	define('NOTOKENRENEWAL', '1');

-}

-if (!defined('NOREQUIREMENU')) {

-	define('NOREQUIREMENU', '1');

-}

-if (!defined('NOREQUIREHTML')) {

-	define('NOREQUIREHTML', '1');

-}

-if (!defined('NOREQUIREAJAX')) {

-	define('NOREQUIREAJAX', '1');

-}

+if (!defined('NOTOKENRENEWAL'))	define('NOTOKENRENEWAL', '1');

+if (!defined('NOREQUIREMENU'))		define('NOREQUIREMENU', '1');

+if (!defined('NOREQUIREHTML'))		define('NOREQUIREHTML', '1');

+if (!defined('NOREQUIREAJAX'))		define('NOREQUIREAJAX', '1');

@@ -52,10 +41,5 @@
-if (isset($_GET["hashp"]) && !defined("NOLOGIN")) {

-	if (!defined("NOLOGIN")) {

-		define("NOLOGIN", 1);

-	}

-	if (!defined("NOCSRFCHECK")) {

-		define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.

-	}

-	if (!defined("NOIPCHECK")) {

-		define("NOIPCHECK", 1); // Do not check IP defined into conf $dolibarr_main_restrict_ip

-	}

+if (isset($_GET["hashp"]) && !defined("NOLOGIN"))

+{

+	if (!defined("NOLOGIN"))		define("NOLOGIN", 1);

+	if (!defined("NOCSRFCHECK"))	define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.

+	if (!defined("NOIPCHECK"))		define("NOIPCHECK", 1); // Do not check IP defined into conf $dolibarr_main_restrict_ip

@@ -64,10 +48,5 @@
-if ((isset($_GET["modulepart"]) && $_GET["modulepart"] == 'medias')) {

-	if (!defined("NOLOGIN")) {

-		define("NOLOGIN", 1);

-	}

-	if (!defined("NOCSRFCHECK")) {

-		define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.

-	}

-	if (!defined("NOIPCHECK")) {

-		define("NOIPCHECK", 1); // Do not check IP defined into conf $dolibarr_main_restrict_ip

-	}

+if ((isset($_GET["modulepart"]) && $_GET["modulepart"] == 'medias'))

+{

+	if (!defined("NOLOGIN"))		define("NOLOGIN", 1);

+	if (!defined("NOCSRFCHECK"))	define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.

+	if (!defined("NOIPCHECK"))		define("NOIPCHECK", 1); // Do not check IP defined into conf $dolibarr_main_restrict_ip

@@ -100 +79 @@
-$action = GETPOST('action', 'aZ09');

+$action = GETPOST('action', 'alpha');

@@ -108,9 +87,3 @@
-if (empty($modulepart) && empty($hashp)) {

-	httponly_accessforbidden('Bad link. Bad value for parameter modulepart', 400);

-}

-if (empty($original_file) && empty($hashp)) {

-	httponly_accessforbidden('Bad link. Missing identification to find file (original_file or hashp)', 400);

-}

-if ($modulepart == 'fckeditor') {

-	$modulepart = 'medias'; // For backward compatibility

-}

+if (empty($modulepart) && empty($hashp)) accessforbidden('Bad link. Bad value for parameter modulepart', 0, 0, 1);

+if (empty($original_file) && empty($hashp)) accessforbidden('Bad link. Missing identification to find file (original_file or hashp)', 0, 0, 1);

+if ($modulepart == 'fckeditor') $modulepart = 'medias'; // For backward compatibility

@@ -119,3 +92 @@
-if ($user->socid > 0) {

-	$socid = $user->socid;

-}

+if ($user->socid > 0) $socid = $user->socid;

@@ -124,4 +95,3 @@
-if (in_array($modulepart, array('facture_paiement', 'unpaid'))) {

-	if (!$user->hasRight('societe', 'client', 'voir') || $socid) {

-		$original_file = 'private/'.$user->id.'/'.$original_file; // If user has no permission to see all, output dir is specific to user

-	}

+if (in_array($modulepart, array('facture_paiement', 'unpaid')))

+{

+	if (!$user->rights->societe->client->voir || $socid) $original_file = 'private/'.$user->id.'/'.$original_file; // If user has no permission to see all, output dir is specific to user

@@ -144,2 +114,2 @@
-$ecmfile='';

-if (!empty($hashp)) {

+if (!empty($hashp))

+{

@@ -149 +119,2 @@
-	if ($result > 0) {

+	if ($result > 0)

+	{

@@ -152 +123,2 @@
-		if (is_numeric($tmp[0])) { // If first tmp is numeric, it is subdir of company for multicompany, we take next part.

+		if (is_numeric($tmp[0])) // If first tmp is numeric, it is subdir of company for multicompany, we take next part.

+		{

@@ -157,2 +129,4 @@
-		if ($modulepart) {	// Not required, so often not defined, for link using public hashp parameter.

-			if ($moduleparttocheck == $modulepart) {

+		if ($modulepart)	// Not required, so often not defined, for link using public hashp parameter.

+		{

+			if ($moduleparttocheck == $modulepart)

+			{

@@ -162,2 +135,0 @@
-			} else {

-				httponly_accessforbidden('Bad link. File is from another module part.', 403);

@@ -165 +137,7 @@
-		} else {

+			else

+			{

+				accessforbidden('Bad link. File is from another module part.', 0, 0, 1);

+			}

+		}

+		else

+		{

@@ -169,6 +147,3 @@
-		$entity = $ecmfile->entity;

-		if ($entity != $conf->entity) {

-			$conf->entity = $entity;

-			$conf->setValues($db);

-		}

-	} else {

+	}

+	else

+	{

@@ -176 +151 @@
-		httponly_accessforbidden($langs->trans("ErrorFileNotFoundWithSharedLink"), 403, 1);

+		accessforbidden($langs->trans("ErrorFileNotFoundWithSharedLink"), 0, 0, 1);

@@ -182,9 +157,3 @@
-if (preg_match('/\.(html|htm)$/i', $original_file)) {

-	$attachment = false;

-}

-if (isset($_GET["attachment"])) {

-	$attachment = GETPOST("attachment", 'alpha') ?true:false;

-}

-if (getDolGlobalString('MAIN_DISABLE_FORCE_SAVEAS')) {

-	$attachment = false;

-}

+if (preg_match('/\.(html|htm)$/i', $original_file)) $attachment = false;

+if (isset($_GET["attachment"])) $attachment = GETPOST("attachment", 'alpha') ?true:false;

+if (!empty($conf->global->MAIN_DISABLE_FORCE_SAVEAS)) $attachment = false;

@@ -193,18 +162,11 @@
-$type = 'application/octet-stream'; // By default

-if (GETPOST('type', 'alpha')) {

-	$type = GETPOST('type', 'alpha');

-} else {

-	$type = dol_mimetype($original_file);

-}

-// Security: Force to octet-stream if file is a dangerous file. For example when it is a .noexe file

-// We do not force if file is a javascript to be able to get js from website module with <script src="

-// Note: Force whatever is $modulepart seems ok.

-if (!in_array($type, array('text/x-javascript')) && !dolIsAllowedForPreview($original_file)) {

-	$type = 'application/octet-stream';

-}

-

-// Security: Delete string ../ or ..\ into $original_file

-$original_file = preg_replace('/\.\.+/', '..', $original_file);	// Replace '... or more' with '..'

-$original_file = str_replace('../', '/', $original_file);

-$original_file = str_replace('..\\', '/', $original_file);

-

+$type = 'application/octet-stream';

+if (GETPOST('type', 'alpha')) $type = GETPOST('type', 'alpha');

+else $type = dol_mimetype($original_file);

+// Security: Force to octet-stream if file is a dangerous file

+if (preg_match('/\.noexe$/i', $original_file)) $type = 'application/octet-stream';

+

+// Security: Delete string ../ into $original_file

+$original_file = str_replace("../", "/", $original_file);

+

+// Find the subdirectory name as the reference

+$refname = basename(dirname($original_file)."/");

@@ -213,3 +175 @@
-if (empty($modulepart)) {

-	accessforbidden('Bad value for parameter modulepart');

-}

+if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');

@@ -218 +178 @@
-$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $user, '');

+$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $refname);

@@ -222,3 +182,3 @@
-//var_dump($fullpath_original_file.' '.$original_file.' '.$accessallowed);exit;

-

-if (!empty($hashp)) {

+

+if (!empty($hashp))

+{

@@ -227 +187,3 @@
-} else {

+}

+else

+{

@@ -229,2 +191,4 @@
-	if ($user->socid > 0) {

-		if ($sqlprotectagainstexternals) {

+	if ($user->socid > 0)

+	{

+		if ($sqlprotectagainstexternals)

+		{

@@ -232 +196,2 @@
-			if ($resql) {

+			if ($resql)

+			{

@@ -235 +200,2 @@
-				while ($i < $num) {

+				while ($i < $num)

+				{

@@ -237 +203,2 @@
-					if ($user->socid != $obj->fk_soc) {

+					if ($user->socid != $obj->fk_soc)

+					{

@@ -250 +217,2 @@
-if (!$accessallowed) {

+if (!$accessallowed)

+{

@@ -256 +224,2 @@
-if (preg_match('/\.\./', $fullpath_original_file) || preg_match('/[<>|]/', $fullpath_original_file)) {

+if (preg_match('/\.\./', $fullpath_original_file) || preg_match('/[<>|]/', $fullpath_original_file))

+{

@@ -258 +227 @@
-	print "ErrorFileNameInvalid: ".dol_escape_htmltag($original_file);

+	print "ErrorFileNameInvalid: ".$original_file;

@@ -273 +242,2 @@
-if (!file_exists($fullpath_original_file_osencoded)) {

+if (!file_exists($fullpath_original_file_osencoded))

+{

@@ -275 +245 @@
-	print "ErrorFileDoesNotExists: ".dol_escape_htmltag($original_file);

+	print "ErrorFileDoesNotExists: ".$original_file;

@@ -278,15 +247,0 @@
-

-// Hooks

-$hookmanager->initHooks(array('document'));

-$parameters = array('ecmfile' => $ecmfile, 'modulepart' => $modulepart, 'original_file' => $original_file,

-	'entity' => $entity, 'fullpath_original_file' => $fullpath_original_file,

-	'filename' => $filename, 'fullpath_original_file_osencoded' => $fullpath_original_file_osencoded);

-$object = new stdClass();

-$reshook = $hookmanager->executeHooks('downloadDocument', $parameters, $object, $action); // Note that $action and $object may have been

-if ($reshook < 0) {

-	$errors = $hookmanager->error.(is_array($hookmanager->errors) ? (!empty($hookmanager->error) ? ', ' : '').join(', ', $hookmanager->errors) : '');

-	dol_syslog("document.php - Errors when executing the hook 'downloadDocument' : ".$errors);

-	print "ErrorDownloadDocumentHooks: ".$errors;

-	exit;

-}

-

@@ -297,3 +252 @@
-if ($encoding) {

-	header('Content-Encoding: '.$encoding);

-}

+if ($encoding)   header('Content-Encoding: '.$encoding);

@@ -301,6 +254,2 @@
-

-if ($attachment) {

-	header('Content-Disposition: attachment; filename="'.$filename.'"');

-} else {

-	header('Content-Disposition: inline; filename="'.$filename.'"');

-}

+if ($attachment) header('Content-Disposition: attachment; filename="'.$filename.'"');

+else header('Content-Disposition: inline; filename="'.$filename.'"');

@@ -313,2 +262 @@
-// TODO Why this on document.php and not in viewimage.php ?

-if (!$attachment && getDolGlobalString('MAIN_USE_EXIF_ROTATION') && image_format_supported($fullpath_original_file_osencoded) == 1) {

+if (!$attachment && !empty($conf->global->MAIN_USE_EXIF_ROTATION) && image_format_supported($fullpath_original_file_osencoded) == 1) {

@@ -319,5 +266,0 @@
-if (is_object($db)) {

-	$db->close();

-}

-

-// Send file now

@@ -326,3 +269,4 @@
-

-	readfileLowMemory($fullpath_original_file_osencoded);

-}

+	readfile($fullpath_original_file_osencoded);

+}

+

+if (is_object($db)) $db->close();

--- /tmp/dsg/dolibarr/htdocs/github_19.0.3_filefunc.inc.php
+++ /tmp/dsg/dolibarr/htdocs/client_filefunc.inc.php
@@ -33,10 +33,4 @@
-if (!defined('DOL_APPLICATION_TITLE')) {

-	define('DOL_APPLICATION_TITLE', 'Dolibarr');

-}

-if (!defined('DOL_VERSION')) {

-	define('DOL_VERSION', '19.0.3'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c

-}

-

-if (!defined('EURO')) {

-	define('EURO', chr(128));

-}

+if (!defined('DOL_APPLICATION_TITLE')) define('DOL_APPLICATION_TITLE', 'Dolibarr');

+if (!defined('DOL_VERSION')) define('DOL_VERSION', '12.0.1'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c

+

+if (!defined('EURO')) define('EURO', chr(128));

@@ -45 +39,2 @@
-if (!defined('LOG_DEBUG')) {

+if (!defined('LOG_DEBUG'))

+{

@@ -60,3 +55,2 @@
-if (defined('DOL_INC_FOR_VERSION_ERROR')) {

-	return;

-}

+if (defined('DOL_INC_FOR_VERSION_ERROR')) return;

+

@@ -77,0 +72 @@
+

@@ -81,51 +76,32 @@
-// Disable some not used PHP stream

-$listofwrappers = stream_get_wrappers();

-// We need '.phar' for geoip2. TODO Replace phar in geoip with exploded files so we can disable phar by default.

-// phar stream does not auto unserialize content (possible code execution) since PHP 8.1

-// zip stream is necessary by excel import module

-$arrayofstreamtodisable = array('compress.zlib', 'compress.bzip2', 'ftp', 'ftps', 'glob', 'data', 'expect', 'ogg', 'rar', 'zlib');

-if (!empty($dolibarr_main_stream_to_disable) && is_array($dolibarr_main_stream_to_disable)) {

-	$arrayofstreamtodisable = $dolibarr_main_stream_to_disable;

-}

-foreach ($arrayofstreamtodisable as $streamtodisable) {

-	if (!empty($listofwrappers) && in_array($streamtodisable, $listofwrappers)) {

-		/*if (!empty($dolibarr_main_stream_do_not_disable) && is_array($dolibarr_main_stream_do_not_disable) && in_array($streamtodisable, $dolibarr_main_stream_do_not_disable)) {

-			continue;	// We do not disable this stream

-		}*/

-		stream_wrapper_unregister($streamtodisable);

-	}

-}

-

-if (!$result && !empty($_SERVER["GATEWAY_INTERFACE"])) {    // If install not done and we are in a web session

-	if (!empty($_SERVER["CONTEXT_PREFIX"])) {    // CONTEXT_PREFIX and CONTEXT_DOCUMENT_ROOT are not defined on all apache versions

-		$path = $_SERVER["CONTEXT_PREFIX"]; // example '/dolibarr/' when using an apache alias.

-		if (!preg_match('/\/$/', $path)) {

-			$path .= '/';

-		}

-	} elseif (preg_match('/index\.php/', $_SERVER['PHP_SELF'])) {

-		// When we ask index.php, we MUST BE SURE that $path is '' at the end. This is required to make install process

-		// when using apache alias like '/dolibarr/' that point to htdocs.

-		// Note: If calling page was an index.php not into htdocs (ie comm/index.php, ...), then this redirect will fails,

-		// but we don't want to change this because when URL is correct, we must be sure the redirect to install/index.php will be correct.

-		$path = '';

-	} else {

-		// If what we look is not index.php, we can try to guess location of root. May not work all the time.

-		// There is no real solution, because the only way to know the apache url relative path is to have it into conf file.

-		// If it fails to find correct $path, then only solution is to ask user to enter the correct URL to index.php or install/index.php

-		$TDir = explode('/', $_SERVER['PHP_SELF']);

-		$path = '';

-		$i = count($TDir);

-		while ($i--) {

-			if (empty($TDir[$i]) || $TDir[$i] == 'htdocs') {

-				break;

-			}

-			if ($TDir[$i] == 'dolibarr') {

-				break;

-			}

-			if (substr($TDir[$i], -4, 4) == '.php') {

-				continue;

-			}

-

-			$path .= '../';

-		}

-	}

+if (!$result && !empty($_SERVER["GATEWAY_INTERFACE"]))    // If install not done and we are in a web session

+{

+    if (!empty($_SERVER["CONTEXT_PREFIX"]))    // CONTEXT_PREFIX and CONTEXT_DOCUMENT_ROOT are not defined on all apache versions

+    {

+        $path = $_SERVER["CONTEXT_PREFIX"]; // example '/dolibarr/' when using an apache alias.

+        if (!preg_match('/\/$/', $path)) $path .= '/';

+    }

+    elseif (preg_match('/index\.php/', $_SERVER['PHP_SELF']))

+    {

+        // When we ask index.php, we MUST BE SURE that $path is '' at the end. This is required to make install process

+        // when using apache alias like '/dolibarr/' that point to htdocs.

+    	// Note: If calling page was an index.php not into htdocs (ie comm/index.php, ...), then this redirect will fails,

+    	// but we don't want to change this because when URL is correct, we must be sure the redirect to install/index.php will be correct.

+        $path = '';

+    }

+    else

+    {

+        // If what we look is not index.php, we can try to guess location of root. May not work all the time.

+    	// There is no real solution, because the only way to know the apache url relative path is to have it into conf file.

+    	// If it fails to find correct $path, then only solution is to ask user to enter the correct URL to index.php or install/index.php

+        $TDir = explode('/', $_SERVER['PHP_SELF']);

+    	$path = '';

+    	$i = count($TDir);

+    	while ($i--)

+    	{

+    		if (empty($TDir[$i]) || $TDir[$i] == 'htdocs') break;

+            if ($TDir[$i] == 'dolibarr') break;

+            if (substr($TDir[$i], -4, 4) == '.php') continue;

+

+    		$path .= '../';

+    	}

+    }

@@ -134,7 +109,0 @@
-

-	/*

-	print '<br><center>';

-	print 'The conf/conf.php file was not found or is not readable by the web server. If this is your first access, <a href="'.$path.'install/index.php">click here to start the Dolibarr installation process</a> to create it...';

-	print '</center><br>';

-	*/

-

@@ -145 +114,2 @@
-if (!empty($dolibarr_strict_mode)) {

+if (!empty($dolibarr_strict_mode))

+{

@@ -147 +117,3 @@
-} else {

+}

+else

+{

@@ -152,3 +124 @@
-if (!empty($dolibarr_main_prod)) {

-	ini_set('display_errors', 'Off');

-}

+if (!empty($dolibarr_main_prod)) ini_set('display_errors', 'Off');

@@ -157,2 +127,2 @@
-$dolibarr_main_data_root = (empty($dolibarr_main_data_root) ? '' : trim($dolibarr_main_data_root));

-$dolibarr_main_url_root = trim(preg_replace('/\/+$/', '', empty($dolibarr_main_url_root) ? '' : $dolibarr_main_url_root));

+$dolibarr_main_data_root = trim($dolibarr_main_data_root);

+$dolibarr_main_url_root = trim(preg_replace('/\/+$/', '', $dolibarr_main_url_root));

@@ -160 +130 @@
-$dolibarr_main_document_root = (empty($dolibarr_main_document_root) ? '' : trim($dolibarr_main_document_root));

+$dolibarr_main_document_root = trim($dolibarr_main_document_root);

@@ -163,6 +133,2 @@
-if (empty($dolibarr_main_db_port)) {

-	$dolibarr_main_db_port = 3306; // For compatibility with old configs, if not defined, we take 'mysql' type

-}

-if (empty($dolibarr_main_db_type)) {

-	$dolibarr_main_db_type = 'mysqli'; // For compatibility with old configs, if not defined, we take 'mysql' type

-}

+if (empty($dolibarr_main_db_port)) $dolibarr_main_db_port = 3306; // For compatibility with old configs, if not defined, we take 'mysql' type

+if (empty($dolibarr_main_db_type)) $dolibarr_main_db_type = 'mysqli'; // For compatibility with old configs, if not defined, we take 'mysql' type

@@ -171,48 +137,10 @@
-if ($dolibarr_main_db_type == 'mysql') {

-	$dolibarr_main_db_type = 'mysqli';

-}

-if (empty($dolibarr_main_db_prefix)) {

-	$dolibarr_main_db_prefix = 'llx_';

-}

-if (empty($dolibarr_main_db_character_set)) {

-	$dolibarr_main_db_character_set = ($dolibarr_main_db_type == 'mysqli' ? 'utf8' : ''); // Old installation

-}

-if (empty($dolibarr_main_db_collation)) {

-	$dolibarr_main_db_collation = ($dolibarr_main_db_type == 'mysqli' ? 'utf8_unicode_ci' : ''); // Old installation

-}

-if (empty($dolibarr_main_db_encryption)) {

-	$dolibarr_main_db_encryption = 0;

-}

-if (empty($dolibarr_main_db_cryptkey)) {

-	$dolibarr_main_db_cryptkey = '';

-}

-if (empty($dolibarr_main_limit_users)) {

-	$dolibarr_main_limit_users = 0;

-}

-if (empty($dolibarr_mailing_limit_sendbyweb)) {

-	$dolibarr_mailing_limit_sendbyweb = 0;

-}

-if (empty($dolibarr_mailing_limit_sendbycli)) {

-	$dolibarr_mailing_limit_sendbycli = 0;

-}

-if (empty($dolibarr_mailing_limit_sendbyday)) {

-	$dolibarr_mailing_limit_sendbyday = 0;

-}

-if (empty($dolibarr_strict_mode)) {

-	$dolibarr_strict_mode = 0; // For debug in php strict mode

-}

-

-define('DOL_DOCUMENT_ROOT', $dolibarr_main_document_root); // Filesystem core php (htdocs)

-

-if (!file_exists(DOL_DOCUMENT_ROOT."/core/lib/functions.lib.php")) {

-	print "Error: Dolibarr config file content seems to be not correctly defined.<br>\n";

-	print "Please run dolibarr setup by calling page <b>/install</b>.<br>\n";

-	exit(1);

-}

-

-

-// Included by default (must be before the CSRF check so wa can use the dol_syslog)

-include_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php';

-include_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php';

-//print memory_get_usage();

-

+if ($dolibarr_main_db_type == 'mysql') $dolibarr_main_db_type = 'mysqli';

+if (empty($dolibarr_main_db_prefix)) $dolibarr_main_db_prefix = 'llx_';

+if (empty($dolibarr_main_db_character_set)) $dolibarr_main_db_character_set = ($dolibarr_main_db_type == 'mysqli' ? 'utf8' : ''); // Old installation

+if (empty($dolibarr_main_db_collation)) $dolibarr_main_db_collation = ($dolibarr_main_db_type == 'mysqli' ? 'utf8_unicode_ci' : ''); // Old installation

+if (empty($dolibarr_main_db_encryption)) $dolibarr_main_db_encryption = 0;

+if (empty($dolibarr_main_db_cryptkey)) $dolibarr_main_db_cryptkey = '';

+if (empty($dolibarr_main_limit_users)) $dolibarr_main_limit_users = 0;

+if (empty($dolibarr_mailing_limit_sendbyweb)) $dolibarr_mailing_limit_sendbyweb = 0;

+if (empty($dolibarr_mailing_limit_sendbycli)) $dolibarr_mailing_limit_sendbycli = 0;

+if (empty($dolibarr_strict_mode)) $dolibarr_strict_mode = 0; // For debug in php strict mode

@@ -222 +150 @@
-// when we post forms (we allow GET and HEAD to accept direct link from a particular page).

+// when we post forms (we allow GET to allow direct link to access a particular page).

@@ -224,25 +152,26 @@
-// See also CSRF protections done into main.inc.php

-if (!defined('NOCSRFCHECK') && isset($dolibarr_nocsrfcheck) && $dolibarr_nocsrfcheck == 1) {    // If $dolibarr_nocsrfcheck is 0, there is a strict CSRF test with token in main

-	if (!empty($_SERVER['REQUEST_METHOD']) && !in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD')) && !empty($_SERVER['HTTP_HOST'])) {

-		$csrfattack = false;

-		if (empty($_SERVER['HTTP_REFERER'])) {

-			$csrfattack = true; // An evil browser was used

-		} else {

-			$tmpa = parse_url($_SERVER['HTTP_HOST']);

-			$tmpb = parse_url($_SERVER['HTTP_REFERER']);

-			if ((empty($tmpa['host']) ? $tmpa['path'] : $tmpa['host']) != (empty($tmpb['host']) ? $tmpb['path'] : $tmpb['host'])) {

-				$csrfattack = true;

-			}

-		}

-		if ($csrfattack) {

-			//print 'NOCSRFCHECK='.defined('NOCSRFCHECK').' REQUEST_METHOD='.$_SERVER['REQUEST_METHOD'].' HTTP_HOST='.$_SERVER['HTTP_HOST'].' HTTP_REFERER='.$_SERVER['HTTP_REFERER'];

-			// Note: We can't use dol_escape_htmltag here to escape output because lib functions.lib.ph is not yet loaded.

-			dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"])?'':$_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (Bad referer).", LOG_WARNING);

-			print "Access refused by CSRF protection in main.inc.php. Referer of form (".htmlentities($_SERVER['HTTP_REFERER'], ENT_COMPAT, 'UTF-8').") is outside the server that serve this page (with method = ".htmlentities($_SERVER['REQUEST_METHOD'], ENT_COMPAT, 'UTF-8').").\n";

-			print "If you access your server behind a proxy using url rewriting, you might check that all HTTP headers are propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file to remove this security check).\n";

-			die;

-		}

-	}

-	// Another test is done later on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on.

-}

-if (empty($dolibarr_main_db_host) && !defined('NOREQUIREDB')) {

+// See also option $conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN for a stronger CSRF protection.

+if (!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck))

+{

+	if (!empty($_SERVER['REQUEST_METHOD']) && !in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD')) && !empty($_SERVER['HTTP_HOST']))

+    {

+    	$csrfattack = false;

+    	if (empty($_SERVER['HTTP_REFERER'])) $csrfattack = true; // An evil browser was used

+    	else

+    	{

+    		$tmpa = parse_url($_SERVER['HTTP_HOST']);

+    		$tmpb = parse_url($_SERVER['HTTP_REFERER']);

+    		if ((empty($tmpa['host']) ? $tmpa['path'] : $tmpa['host']) != (empty($tmpb['host']) ? $tmpb['path'] : $tmpb['host'])) $csrfattack = true;

+    	}

+    	if ($csrfattack)

+    	{

+    		//print 'NOCSRFCHECK='.defined('NOCSRFCHECK').' REQUEST_METHOD='.$_SERVER['REQUEST_METHOD'].' HTTP_HOST='.$_SERVER['HTTP_HOST'].' HTTP_REFERER='.$_SERVER['HTTP_REFERER'];

+    		// Note: We can't use dol_escape_htmltag here to escape output because lib functions.lib.ph is not yet loaded.

+    		print "Access refused by CSRF protection in main.inc.php. Referer of form (".htmlentities($_SERVER['HTTP_REFERER'], ENT_COMPAT, 'UTF-8').") is outside the server that serve this page (with method = ".htmlentities($_SERVER['REQUEST_METHOD'], ENT_COMPAT, 'UTF-8').").\n";

+        	print "If you access your server behind a proxy using url rewriting, you might check that all HTTP headers are propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file to remove this security check).\n";

+    		die;

+    	}

+    }

+    // Another test is done later on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on.

+}

+if (empty($dolibarr_main_db_host))

+{

@@ -253 +182,2 @@
-if (empty($dolibarr_main_url_root) && !defined('NOREQUIREVIRTUALURL')) {

+if (empty($dolibarr_main_url_root))

+{

@@ -258,7 +188,3 @@
-

-if (empty($dolibarr_main_document_root_alt)) {

-	$dolibarr_main_document_root_alt = $dolibarr_main_document_root.'/custom';

-}

-

-if (empty($dolibarr_main_data_root)) {

-	// If directory not defined, we use the default hardcoded value

+if (empty($dolibarr_main_data_root))

+{

+	// Si repertoire documents non defini, on utilise celui par defaut

@@ -272 +198,2 @@
-// Try to autodetect DOL_MAIN_URL_ROOT and DOL_URL_ROOT when root is not directly the main domain.

+define('DOL_DOCUMENT_ROOT', $dolibarr_main_document_root); // Filesystem core php (htdocs)

+// Try to autodetect DOL_MAIN_URL_ROOT and DOL_URL_ROOT.

@@ -278 +205 @@
-	$pathroot = $_SERVER["DOCUMENT_ROOT"]; // B) Value reported by web server setup (not defined on CLI mode), to say where is root of web server instance. Ex: C:/xxx/dolibarr, C:/xxx/dolibarr/htdocs

+    $pathroot = $_SERVER["DOCUMENT_ROOT"]; // B) Value reported by web server setup (not defined on CLI mode), to say where is root of web server instance. Ex: C:/xxx/dolibarr, C:/xxx/dolibarr/htdocs

@@ -280 +207 @@
-	$pathroot = 'NOTDEFINED';

+    $pathroot = 'NOTDEFINED';

@@ -285,14 +212,14 @@
-foreach ($paths as $tmppath) {	// We check to find (B+start of C)=A

-	if (empty($tmppath)) {

-		continue;

-	}

-	$concatpath .= '/'.$tmppath;

-	//if ($tmppath) $concatpath.='/'.$tmppath;

-	//print $_SERVER["SCRIPT_NAME"].'-'.$pathroot.'-'.$concatpath.'-'.$real_dolibarr_main_document_root.'-'.realpath($pathroot.$concatpath).'<br>';

-	if ($real_dolibarr_main_document_root == @realpath($pathroot.$concatpath)) {    // @ avoid warning when safe_mode is on.

-		//print "Found relative url = ".$concatpath;

-		$tmp3 = $concatpath;

-		$found = 1;

-		break;

-	}

-	//else print "Not found yet for concatpath=".$concatpath."<br>\n";

+foreach ($paths as $tmppath)	// We check to find (B+start of C)=A

+{

+    if (empty($tmppath)) continue;

+    $concatpath .= '/'.$tmppath;

+    //if ($tmppath) $concatpath.='/'.$tmppath;

+    //print $_SERVER["SCRIPT_NAME"].'-'.$pathroot.'-'.$concatpath.'-'.$real_dolibarr_main_document_root.'-'.realpath($pathroot.$concatpath).'<br>';

+    if ($real_dolibarr_main_document_root == @realpath($pathroot.$concatpath))    // @ avoid warning when safe_mode is on.

+    {

+        //print "Found relative url = ".$concatpath;

+    	$tmp3 = $concatpath;

+        $found = 1;

+        break;

+    }

+    //else print "Not found yet for concatpath=".$concatpath."<br>\n";

@@ -301,6 +228,2 @@
-if (!$found) {

-	// There is no subdir that compose the main url root or autodetect fails (Ie: when using apache alias that point outside default DOCUMENT_ROOT).

-	$tmp = $dolibarr_main_url_root;

-} else {

-	$tmp = 'http'.(((empty($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != 'on') && (empty($_SERVER["SERVER_PORT"]) || $_SERVER["SERVER_PORT"] != 443)) ? '' : 's').'://'.$_SERVER["SERVER_NAME"].((empty($_SERVER["SERVER_PORT"]) || $_SERVER["SERVER_PORT"] == 80 || $_SERVER["SERVER_PORT"] == 443) ? '' : ':'.$_SERVER["SERVER_PORT"]).($tmp3 ? (preg_match('/^\//', $tmp3) ? '' : '/').$tmp3 : '');

-}

+if (!$found) $tmp = $dolibarr_main_url_root; // If autodetect fails (Ie: when using apache alias that point outside default DOCUMENT_ROOT).

+else $tmp = 'http'.(((empty($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != 'on') && (empty($_SERVER["SERVER_PORT"]) || $_SERVER["SERVER_PORT"] != 443)) ? '' : 's').'://'.$_SERVER["SERVER_NAME"].((empty($_SERVER["SERVER_PORT"]) || $_SERVER["SERVER_PORT"] == 80 || $_SERVER["SERVER_PORT"] == 443) ? '' : ':'.$_SERVER["SERVER_PORT"]).($tmp3 ? (preg_match('/^\//', $tmp3) ? '' : '/').$tmp3 : '');

@@ -308,3 +231 @@
-if (!empty($dolibarr_main_force_https)) {

-	$tmp = preg_replace('/^http:/i', 'https:', $tmp);

-}

+if (!empty($dolibarr_main_force_https)) $tmp = preg_replace('/^http:/i', 'https:', $tmp);

@@ -314,6 +235,3 @@
-if (empty($suburi) || $suburi === '/') {

-	$suburi = ''; // If $suburi is null or /, it is now ''

-}

-if (!defined('DOL_URL_ROOT')) {

-	define('DOL_URL_ROOT', $suburi); // URL relative root ('', '/dolibarr', ...)

-}

+if ($suburi == '/') $suburi = ''; // If $suburi is /, it is now ''

+define('DOL_URL_ROOT', $suburi); // URL relative root ('', '/dolibarr', ...)

+

@@ -331,27 +249,15 @@
-if (!defined('TCPDF_PATH')) {

-	define('TCPDF_PATH', (empty($dolibarr_lib_TCPDF_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/tecnickcom/tcpdf/' : $dolibarr_lib_TCPDF_PATH.'/');

-}

-if (!defined('TCPDI_PATH')) {

-	define('TCPDI_PATH', (empty($dolibarr_lib_TCPDI_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/tcpdi/' : $dolibarr_lib_TCPDI_PATH.'/');

-}

-if (!defined('NUSOAP_PATH')) {

-	define('NUSOAP_PATH', (!isset($dolibarr_lib_NUSOAP_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/nusoap/lib/' : (empty($dolibarr_lib_NUSOAP_PATH) ? '' : $dolibarr_lib_NUSOAP_PATH.'/'));

-}

-if (!defined('PHPEXCELNEW_PATH')) {

-	define('PHPEXCELNEW_PATH', (!isset($dolibarr_lib_PHPEXCELNEW_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/phpoffice/phpspreadsheet/src/PhpSpreadsheet/' : (empty($dolibarr_lib_PHPEXCELNEW_PATH) ? '' : $dolibarr_lib_PHPEXCELNEW_PATH.'/'));

-}

-if (!defined('ODTPHP_PATH')) {

-	define('ODTPHP_PATH', (!isset($dolibarr_lib_ODTPHP_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/odtphp/' : (empty($dolibarr_lib_ODTPHP_PATH) ? '' : $dolibarr_lib_ODTPHP_PATH.'/'));

-}

-if (!defined('ODTPHP_PATHTOPCLZIP')) {

-	define('ODTPHP_PATHTOPCLZIP', (!isset($dolibarr_lib_ODTPHP_PATHTOPCLZIP)) ?DOL_DOCUMENT_ROOT.'/includes/odtphp/zip/pclzip/' : (empty($dolibarr_lib_ODTPHP_PATHTOPCLZIP) ? '' : $dolibarr_lib_ODTPHP_PATHTOPCLZIP.'/'));

-}

-if (!defined('JS_CKEDITOR')) {

-	define('JS_CKEDITOR', (!isset($dolibarr_js_CKEDITOR)) ? '' : (empty($dolibarr_js_CKEDITOR) ? '' : $dolibarr_js_CKEDITOR.'/'));

-}

-if (!defined('JS_JQUERY')) {

-	define('JS_JQUERY', (!isset($dolibarr_js_JQUERY)) ? '' : (empty($dolibarr_js_JQUERY) ? '' : $dolibarr_js_JQUERY.'/'));

-}

-if (!defined('JS_JQUERY_UI')) {

-	define('JS_JQUERY_UI', (!isset($dolibarr_js_JQUERY_UI)) ? '' : (empty($dolibarr_js_JQUERY_UI) ? '' : $dolibarr_js_JQUERY_UI.'/'));

-}

+if (!defined('ADODB_PATH')) { define('ADODB_PATH', (!isset($dolibarr_lib_ADODB_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/adodbtime/' : (empty($dolibarr_lib_ADODB_PATH) ? '' : $dolibarr_lib_ADODB_PATH.'/')); }

+if (!defined('FPDF_PATH')) { define('FPDF_PATH', (empty($dolibarr_lib_FPDF_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/fpdf/' : $dolibarr_lib_FPDF_PATH.'/'); }	// Used only for package that can't include tcpdf

+if (!defined('TCPDF_PATH')) { define('TCPDF_PATH', (empty($dolibarr_lib_TCPDF_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/tecnickcom/tcpdf/' : $dolibarr_lib_TCPDF_PATH.'/'); }

+if (!defined('FPDI_PATH')) { define('FPDI_PATH', (empty($dolibarr_lib_FPDI_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/fpdfi/' : $dolibarr_lib_FPDI_PATH.'/'); }

+if (!defined('TCPDI_PATH')) { define('TCPDI_PATH', (empty($dolibarr_lib_TCPDI_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/tcpdi/' : $dolibarr_lib_TCPDI_PATH.'/'); }

+if (!defined('NUSOAP_PATH')) { define('NUSOAP_PATH', (!isset($dolibarr_lib_NUSOAP_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/nusoap/lib/' : (empty($dolibarr_lib_NUSOAP_PATH) ? '' : $dolibarr_lib_NUSOAP_PATH.'/')); }

+if (!defined('PHPEXCEL_PATH')) { define('PHPEXCEL_PATH', (!isset($dolibarr_lib_PHPEXCEL_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/phpoffice/phpexcel/Classes/' : (empty($dolibarr_lib_PHPEXCEL_PATH) ? '' : $dolibarr_lib_PHPEXCEL_PATH.'/')); }

+if (!defined('PHPEXCELNEW_PATH')) { define('PHPEXCELNEW_PATH', (!isset($dolibarr_lib_PHPEXCELNEW_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/phpoffice/PhpSpreadsheet/' : (empty($dolibarr_lib_PHPEXCELNEW_PATH) ? '' : $dolibarr_lib_PHPEXCELNEW_PATH.'/')); }

+if (!defined('GEOIP_PATH')) { define('GEOIP_PATH', (!isset($dolibarr_lib_GEOIP_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/geoip/' : (empty($dolibarr_lib_GEOIP_PATH) ? '' : $dolibarr_lib_GEOIP_PATH.'/')); }

+if (!defined('ODTPHP_PATH')) { define('ODTPHP_PATH', (!isset($dolibarr_lib_ODTPHP_PATH)) ?DOL_DOCUMENT_ROOT.'/includes/odtphp/' : (empty($dolibarr_lib_ODTPHP_PATH) ? '' : $dolibarr_lib_ODTPHP_PATH.'/')); }

+if (!defined('ODTPHP_PATHTOPCLZIP')) { define('ODTPHP_PATHTOPCLZIP', (!isset($dolibarr_lib_ODTPHP_PATHTOPCLZIP)) ?DOL_DOCUMENT_ROOT.'/includes/odtphp/zip/pclzip/' : (empty($dolibarr_lib_ODTPHP_PATHTOPCLZIP) ? '' : $dolibarr_lib_ODTPHP_PATHTOPCLZIP.'/')); }

+if (!defined('JS_CKEDITOR')) { define('JS_CKEDITOR', (!isset($dolibarr_js_CKEDITOR)) ? '' : (empty($dolibarr_js_CKEDITOR) ? '' : $dolibarr_js_CKEDITOR.'/')); }

+if (!defined('JS_JQUERY')) { define('JS_JQUERY', (!isset($dolibarr_js_JQUERY)) ? '' : (empty($dolibarr_js_JQUERY) ? '' : $dolibarr_js_JQUERY.'/')); }

+if (!defined('JS_JQUERY_UI')) { define('JS_JQUERY_UI', (!isset($dolibarr_js_JQUERY_UI)) ? '' : (empty($dolibarr_js_JQUERY_UI) ? '' : $dolibarr_js_JQUERY_UI.'/')); }

+if (!defined('JS_JQUERY_FLOT')) { define('JS_JQUERY_FLOT', (!isset($dolibarr_js_JQUERY_FLOT)) ? '' : (empty($dolibarr_js_JQUERY_FLOT) ? '' : $dolibarr_js_JQUERY_FLOT.'/')); }

@@ -359,6 +265,2 @@
-if (!defined('DOL_DEFAULT_TTF')) {

-	define('DOL_DEFAULT_TTF', (!isset($dolibarr_font_DOL_DEFAULT_TTF)) ?DOL_DOCUMENT_ROOT.'/includes/fonts/Aerial.ttf' : (empty($dolibarr_font_DOL_DEFAULT_TTF) ? '' : $dolibarr_font_DOL_DEFAULT_TTF));

-}

-if (!defined('DOL_DEFAULT_TTF_BOLD')) {

-	define('DOL_DEFAULT_TTF_BOLD', (!isset($dolibarr_font_DOL_DEFAULT_TTF_BOLD)) ?DOL_DOCUMENT_ROOT.'/includes/fonts/AerialBd.ttf' : (empty($dolibarr_font_DOL_DEFAULT_TTF_BOLD) ? '' : $dolibarr_font_DOL_DEFAULT_TTF_BOLD));

-}

+if (!defined('DOL_DEFAULT_TTF')) { define('DOL_DEFAULT_TTF', (!isset($dolibarr_font_DOL_DEFAULT_TTF)) ?DOL_DOCUMENT_ROOT.'/includes/fonts/Aerial.ttf' : (empty($dolibarr_font_DOL_DEFAULT_TTF) ? '' : $dolibarr_font_DOL_DEFAULT_TTF)); }

+if (!defined('DOL_DEFAULT_TTF_BOLD')) { define('DOL_DEFAULT_TTF_BOLD', (!isset($dolibarr_font_DOL_DEFAULT_TTF_BOLD)) ?DOL_DOCUMENT_ROOT.'/includes/fonts/AerialBd.ttf' : (empty($dolibarr_font_DOL_DEFAULT_TTF_BOLD) ? '' : $dolibarr_font_DOL_DEFAULT_TTF_BOLD)); }

@@ -371,3 +273,20 @@
-// If password is encoded, we decode it. Note: When page is called for install, $dolibarr_main_db_pass may not be defined yet.

-if ((!empty($dolibarr_main_db_pass) && preg_match('/crypted:/i', $dolibarr_main_db_pass)) || !empty($dolibarr_main_db_encrypted_pass)) {

-	if (!empty($dolibarr_main_db_pass) && preg_match('/crypted:/i', $dolibarr_main_db_pass)) {

+if (!defined('ADODB_DATE_VERSION')) include_once ADODB_PATH.'adodb-time.inc.php';

+

+if (!file_exists(DOL_DOCUMENT_ROOT."/core/lib/functions.lib.php"))

+{

+	print "Error: Dolibarr config file content seems to be not correctly defined.<br>\n";

+	print "Please run dolibarr setup by calling page <b>/install</b>.<br>\n";

+	exit;

+}

+

+

+// Included by default

+include_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php';

+include_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php';

+//print memory_get_usage();

+

+// If password is encoded, we decode it

+if (preg_match('/crypted:/i', $dolibarr_main_db_pass) || !empty($dolibarr_main_db_encrypted_pass))

+{

+	if (preg_match('/crypted:/i', $dolibarr_main_db_pass))

+	{

@@ -376,3 +295 @@
-		$dolibarr_main_db_encrypted_pass = $dolibarr_main_db_pass; // We need to set this so we can use it later to know the password was initially crypted

-	} else {

-		$dolibarr_main_db_pass = dol_decode($dolibarr_main_db_encrypted_pass);

+		$dolibarr_main_db_encrypted_pass = $dolibarr_main_db_pass; // We need to set this as it is used to know the password was initially crypted

@@ -380 +297,2 @@
-}

+	else $dolibarr_main_db_pass = dol_decode($dolibarr_main_db_encrypted_pass);

+}

--- /tmp/dsg/dolibarr/htdocs/github_19.0.3_index.php
+++ /tmp/dsg/dolibarr/htdocs/client_index.php
@@ -7 +6,0 @@
- * Copyright (C) 2021		Frédéric France			<frederic.france@netlogic.fr>

@@ -28,2 +27 @@
-

-define('CSRFCHECK_WITH_TOKEN', 1); // We force need to use a token to login when making a POST

+define('NOCSRFCHECK', 1); // This is main home and login page. We must be able to go on it from another web site.

@@ -35 +33 @@
-$_GET['mainmenu'] = GETPOST('mainmenu', 'aZ09') ? GETPOST('mainmenu', 'aZ09') : 'home';

+$_GET['mainmenu'] = GETPOST('mainmenu', 'aZ09') ?GETPOST('mainmenu', 'aZ09') : 'home';

@@ -45,5 +42,0 @@
-$nbmodulesnotautoenabled = count($conf->modules);

-if (in_array('fckeditor', $conf->modules)) $nbmodulesnotautoenabled--;

-if (in_array('export', $conf->modules)) $nbmodulesnotautoenabled--;

-if (in_array('import', $conf->modules)) $nbmodulesnotautoenabled--;

-

@@ -51,3 +44,4 @@
-if (!isset($conf->global->MAIN_INFO_SOCIETE_NOM) || !getDolGlobalString('MAIN_INFO_SOCIETE_NOM')) {

-	header("Location: ".DOL_URL_ROOT."/admin/index.php?mainmenu=home&leftmenu=setup&mesg=setupnotcomplete");

-	exit;

+if (!isset($conf->global->MAIN_INFO_SOCIETE_NOM) || empty($conf->global->MAIN_INFO_SOCIETE_NOM))

+{

+    header("Location: ".DOL_URL_ROOT."/admin/index.php?mainmenu=home&leftmenu=setup&mesg=setupnotcomplete");

+    exit;

@@ -55,3 +49,4 @@
-if ($nbmodulesnotautoenabled <= getDolGlobalString('MAIN_MIN_NB_ENABLED_MODULE_FOR_WARNING', 1)) {	// If only user module enabled

-	header("Location: ".DOL_URL_ROOT."/admin/index.php?mainmenu=home&leftmenu=setup&mesg=setupnotcomplete");

-	exit;

+if (count($conf->modules) <= (empty($conf->global->MAIN_MIN_NB_ENABLED_MODULE_FOR_WARNING) ? 1 : $conf->global->MAIN_MIN_NB_ENABLED_MODULE_FOR_WARNING))	// If only user module enabled

+{

+    header("Location: ".DOL_URL_ROOT."/admin/index.php?mainmenu=home&leftmenu=setup&mesg=setupnotcomplete");

+    exit;

@@ -59 +54,2 @@
-if (GETPOST('addbox')) {	// Add box (when submit is done from a form when ajax disabled)

+if (GETPOST('addbox'))	// Add box (when submit is done from a form when ajax disabled)

+{

@@ -61 +57 @@
-	$zone = GETPOST('areacode', 'int');

+	$zone = GETPOST('areacode', 'aZ09');

@@ -67,3 +63 @@
-	if ($result > 0) {

-		setEventMessages($langs->trans("BoxAdded"), null);

-	}

+	if ($result > 0) setEventMessages($langs->trans("BoxAdded"), null);

@@ -77,3 +71 @@
-if (!isset($form) || !is_object($form)) {

-	$form = new Form($db);

-}

+if (!is_object($form)) $form = new Form($db);

@@ -83,2 +75,25 @@
-if (getDolGlobalString('MAIN_APPLICATION_TITLE')) {

-	$title = $langs->trans("HomeArea").' - ' . getDolGlobalString('MAIN_APPLICATION_TITLE');

+if (!empty($conf->global->MAIN_APPLICATION_TITLE)) $title = $langs->trans("HomeArea").' - '.$conf->global->MAIN_APPLICATION_TITLE;

+

+llxHeader('', $title);

+

+

+$resultboxes = FormOther::getBoxesArea($user, "0"); // Load $resultboxes (selectboxlist + boxactivated + boxlista + boxlistb)

+

+

+print load_fiche_titre('&nbsp;', $resultboxes['selectboxlist'], '', 0, '', 'titleforhome');

+

+if (!empty($conf->global->MAIN_MOTD))

+{

+    $conf->global->MAIN_MOTD = preg_replace('/<br(\s[\sa-zA-Z_="]*)?\/?>/i', '<br>', $conf->global->MAIN_MOTD);

+    if (!empty($conf->global->MAIN_MOTD))

+    {

+        $substitutionarray = getCommonSubstitutionArray($langs);

+        complete_substitutions_array($substitutionarray, $langs);

+        $texttoshow = make_substitutions($conf->global->MAIN_MOTD, $substitutionarray, $langs);

+

+        print "\n<!-- Start of welcome text -->\n";

+        print '<table width="100%" class="notopnoleftnoright"><tr><td>';

+        print dol_htmlentitiesbr($texttoshow);

+        print '</td></tr></table><br>';

+        print "\n<!-- End of welcome text -->\n";

+    }

@@ -87,59 +102,3 @@
-llxHeader('', $title);

-

-

-$resultboxes = FormOther::getBoxesArea($user, "0"); // Load $resultboxes (selectboxlist + boxactivated + boxlista + boxlistb)

-

-

-print load_fiche_titre('&nbsp;', $resultboxes['selectboxlist'], '', 0, '', 'titleforhome');

-

-if (getDolGlobalString('MAIN_MOTD')) {

-	$conf->global->MAIN_MOTD = preg_replace('/<br(\s[\sa-zA-Z_="]*)?\/?>/i', '<br>', $conf->global->MAIN_MOTD);

-	if (getDolGlobalString('MAIN_MOTD')) {

-		$substitutionarray = getCommonSubstitutionArray($langs);

-		complete_substitutions_array($substitutionarray, $langs);

-		$texttoshow = make_substitutions(getDolGlobalString('MAIN_MOTD'), $substitutionarray, $langs);

-

-		print "\n<!-- Start of welcome text -->\n";

-		print '<table width="100%" class="notopnoleftnoright"><tr><td>';

-		print dol_htmlentitiesbr($texttoshow);

-		print '</td></tr></table><br>';

-		print "\n<!-- End of welcome text -->\n";

-	}

-}

-

-/*

- * Show security warnings

- */

-

-// Security warning if install.lock file is missing or if conf file is writable

-if (!getDolGlobalString('MAIN_REMOVE_INSTALL_WARNING')) {

-	$message = '';

-

-	// Check if install lock file is present

-	$lockfile = DOL_DATA_ROOT.'/install.lock';

-	if (!empty($lockfile) && !file_exists($lockfile) && is_dir(DOL_DOCUMENT_ROOT."/install")) {

-		$langs->load("errors");

-		//if (!empty($message)) $message.='<br>';

-		$message .= info_admin($langs->trans("WarningLockFileDoesNotExists", DOL_DATA_ROOT).' '.$langs->trans("WarningUntilDirRemoved", DOL_DOCUMENT_ROOT."/install"), 0, 0, '1', 'clearboth');

-	}

-

-	// Conf files must be in read only mode

-	if (is_writable($conffile)) {	// $conffile is defined into filefunc.inc.php

-		$langs->load("errors");

-		//$langs->load("other");

-		//if (!empty($message)) $message.='<br>';

-		$message .= info_admin($langs->transnoentities("WarningConfFileMustBeReadOnly").' '.$langs->trans("WarningUntilDirRemoved", DOL_DOCUMENT_ROOT."/install"), 0, 0, '1', 'clearboth');

-	}

-

-	$object = new stdClass();

-	$parameters = array();

-	$reshook = $hookmanager->executeHooks('infoadmin', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks

-	if ($reshook == 0) {

-		$message .= $hookmanager->resPrint;

-	}

-	if ($message) {

-		print $message.'<br>';

-		//$message.='<br>';

-		//print info_admin($langs->trans("WarningUntilDirRemoved",DOL_DOCUMENT_ROOT."/install"));

-	}

-}

+

+

+

@@ -157,0 +117,212 @@
+// Load global statistics of objects

+if (empty($user->socid) && empty($conf->global->MAIN_DISABLE_GLOBAL_BOXSTATS))

+{

+    $object = new stdClass();

+    $parameters = array();

+    $action = '';

+    $reshook = $hookmanager->executeHooks('addStatisticLine', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks

+    $boxstatFromHook = $hookmanager->resPrint;

+

+    if (empty($reshook))

+    {

+    	// Cle array returned by the method load_state_board for each line

+    	$keys = array(

+    		'users',

+    		'members',

+    		'expensereports',

+    		'holidays',

+    		'customers',

+    		'prospects',

+    		'suppliers',

+    		'contacts',

+    		'products',

+    		'services',

+    		'projects',

+    		'proposals',

+    		'orders',

+    		'invoices',

+    		'donations',

+    		'supplier_proposals',

+    		'supplier_orders',

+    		'supplier_invoices',

+    		'contracts',

+    		'interventions',

+    		'ticket'

+    	);

+

+	    // Condition to be checked for each display line dashboard

+	    $conditions = array(

+	    	'users' => $user->rights->user->user->lire,

+	    	'members' => !empty($conf->adherent->enabled) && $user->rights->adherent->lire,

+	    	'customers' => !empty($conf->societe->enabled) && $user->rights->societe->lire && empty($conf->global->SOCIETE_DISABLE_CUSTOMERS) && empty($conf->global->SOCIETE_DISABLE_CUSTOMERS_STATS),

+	    	'prospects' => !empty($conf->societe->enabled) && $user->rights->societe->lire && empty($conf->global->SOCIETE_DISABLE_PROSPECTS) && empty($conf->global->SOCIETE_DISABLE_PROSPECTS_STATS),

+	    	'suppliers' => !empty($conf->fournisseur->enabled) && $user->rights->fournisseur->lire && empty($conf->global->SOCIETE_DISABLE_SUPPLIERS_STATS),

+		    'contacts' => !empty($conf->societe->enabled) && $user->rights->societe->contact->lire,

+		    'products' => !empty($conf->product->enabled) && $user->rights->produit->lire,

+		    'services' => !empty($conf->service->enabled) && $user->rights->service->lire,

+		    'proposals' => !empty($conf->propal->enabled) && $user->rights->propale->lire,

+		    'orders' => !empty($conf->commande->enabled) && $user->rights->commande->lire,

+		    'invoices' => !empty($conf->facture->enabled) && $user->rights->facture->lire,

+	    	'donations' => !empty($conf->don->enabled) && $user->rights->don->lire,

+	    	'contracts' => !empty($conf->contrat->enabled) && $user->rights->contrat->lire,

+		    'interventions' => !empty($conf->ficheinter->enabled) && $user->rights->ficheinter->lire,

+			'supplier_orders' => !empty($conf->supplier_order->enabled) && $user->rights->fournisseur->commande->lire && empty($conf->global->SOCIETE_DISABLE_SUPPLIERS_ORDERS_STATS),

+			'supplier_invoices' => !empty($conf->supplier_invoice->enabled) && $user->rights->fournisseur->facture->lire && empty($conf->global->SOCIETE_DISABLE_SUPPLIERS_INVOICES_STATS),

+			'supplier_proposals' => !empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposal->lire && empty($conf->global->SOCIETE_DISABLE_SUPPLIERS_PROPOSAL_STATS),

+		    'projects' => !empty($conf->projet->enabled) && $user->rights->projet->lire,

+		    'expensereports' => !empty($conf->expensereport->enabled) && $user->rights->expensereport->lire,

+	        'holidays' => !empty($conf->holiday->enabled) && $user->rights->holiday->read,

+		    'ticket' => !empty($conf->ticket->enabled) && $user->rights->ticket->read

+	    );

+	    // Class file containing the method load_state_board for each line

+	    $includes = array(

+	    	'users' => DOL_DOCUMENT_ROOT."/user/class/user.class.php",

+	    	'members' => DOL_DOCUMENT_ROOT."/adherents/class/adherent.class.php",

+	    	'customers' => DOL_DOCUMENT_ROOT."/societe/class/client.class.php",

+	    	'prospects' => DOL_DOCUMENT_ROOT."/societe/class/client.class.php",

+	    	'suppliers' => DOL_DOCUMENT_ROOT."/fourn/class/fournisseur.class.php",

+	    	'contacts' => DOL_DOCUMENT_ROOT."/contact/class/contact.class.php",

+	    	'products' => DOL_DOCUMENT_ROOT."/product/class/product.class.php",

+	    	'services' => DOL_DOCUMENT_ROOT."/product/class/product.class.php",

+	    	'proposals' => DOL_DOCUMENT_ROOT."/comm/propal/class/propal.class.php",

+	    	'orders' => DOL_DOCUMENT_ROOT."/commande/class/commande.class.php",

+	    	'invoices' => DOL_DOCUMENT_ROOT."/compta/facture/class/facture.class.php",

+	    	'donations' => DOL_DOCUMENT_ROOT."/don/class/don.class.php",

+	    	'contracts' => DOL_DOCUMENT_ROOT."/contrat/class/contrat.class.php",

+	    	'interventions' => DOL_DOCUMENT_ROOT."/fichinter/class/fichinter.class.php",

+	    	'supplier_orders' => DOL_DOCUMENT_ROOT."/fourn/class/fournisseur.commande.class.php",

+	    	'supplier_invoices' => DOL_DOCUMENT_ROOT."/fourn/class/fournisseur.facture.class.php",

+	    	'supplier_proposals' => DOL_DOCUMENT_ROOT."/supplier_proposal/class/supplier_proposal.class.php",

+	    	'projects' => DOL_DOCUMENT_ROOT."/projet/class/project.class.php",

+	    	'expensereports' => DOL_DOCUMENT_ROOT."/expensereport/class/expensereport.class.php",

+	    	'holidays' => DOL_DOCUMENT_ROOT."/holiday/class/holiday.class.php",

+	    	'ticket' => DOL_DOCUMENT_ROOT."/ticket/class/ticket.class.php"

+	    );

+	    // Name class containing the method load_state_board for each line

+	    $classes = array(

+	    	'users' => 'User',

+	    	'members' => 'Adherent',

+	    	'customers' => 'Client',

+	    	'prospects' => 'Client',

+	    	'suppliers' => 'Fournisseur',

+	    	'contacts' => 'Contact',

+	    	'products' => 'Product',

+	    	'services' => 'ProductService',

+	    	'proposals' => 'Propal',

+	    	'orders' => 'Commande',

+	    	'invoices' => 'Facture',

+	    	'donations' => 'Don',

+	    	'contracts' => 'Contrat',

+	    	'interventions' => 'Fichinter',

+	    	'supplier_orders' => 'CommandeFournisseur',

+	    	'supplier_invoices' => 'FactureFournisseur',

+	    	'supplier_proposals' => 'SupplierProposal',

+	    	'projects' => 'Project',

+	    	'expensereports' => 'ExpenseReport',

+	    	'holidays' => 'Holiday',

+	    	'ticket' => 'Ticket',

+	    );

+	    // Translation keyword

+	    $titres = array(

+	    	'users' => "Users",

+	    	'members' => "Members",

+	    	'customers' => "ThirdPartyCustomersStats",

+	    	'prospects' => "ThirdPartyProspectsStats",

+	    	'suppliers' => "Suppliers",

+	    	'contacts' => "Contacts",

+	    	'products' => "Products",

+	    	'services' => "Services",

+	    	'proposals' => "CommercialProposalsShort",

+	    	'orders' => "CustomersOrders",

+	    	'invoices' => "BillsCustomers",

+	    	'donations' => "Donations",

+	    	'contracts' => "Contracts",

+	    	'interventions' => "Interventions",

+	    	'supplier_orders' => "SuppliersOrders",

+	    	'supplier_invoices' => "SuppliersInvoices",

+	    	'supplier_proposals' => "SupplierProposalShort",

+	    	'projects' => "Projects",

+	    	'expensereports' => "ExpenseReports",

+	    	'holidays' => "Holidays",

+	    	'ticket' => "Ticket",

+	    );

+	    // Dashboard Link lines

+	    $links = array(

+	    	'users' => DOL_URL_ROOT.'/user/list.php',

+	    	'members' => DOL_URL_ROOT.'/adherents/list.php?statut=1&mainmenu=members',

+	    	'customers' => DOL_URL_ROOT.'/societe/list.php?type=c&mainmenu=companies',

+	    	'prospects' => DOL_URL_ROOT.'/societe/list.php?type=p&mainmenu=companies',

+	    	'suppliers' => DOL_URL_ROOT.'/societe/list.php?type=f&mainmenu=companies',

+	    	'contacts' => DOL_URL_ROOT.'/contact/list.php?mainmenu=companies',

+	    	'products' => DOL_URL_ROOT.'/product/list.php?type=0&mainmenu=products',

+	    	'services' => DOL_URL_ROOT.'/product/list.php?type=1&mainmenu=products',

+	    	'proposals' => DOL_URL_ROOT.'/comm/propal/list.php?mainmenu=commercial&leftmenu=propals',

+	    	'orders' => DOL_URL_ROOT.'/commande/list.php?mainmenu=commercial&leftmenu=orders',

+	    	'invoices' => DOL_URL_ROOT.'/compta/facture/list.php?mainmenu=billing&leftmenu=customers_bills',

+	    	'donations' => DOL_URL_ROOT.'/don/list.php?leftmenu=donations',

+	    	'contracts' => DOL_URL_ROOT.'/contrat/list.php?mainmenu=commercial&leftmenu=contracts',

+	    	'interventions' => DOL_URL_ROOT.'/fichinter/list.php?mainmenu=commercial&leftmenu=ficheinter',

+	    	'supplier_orders' => DOL_URL_ROOT.'/fourn/commande/list.php?mainmenu=commercial&leftmenu=orders_suppliers',

+	    	'supplier_invoices' => DOL_URL_ROOT.'/fourn/facture/list.php?mainmenu=billing&leftmenu=suppliers_bills',

+	    	'supplier_proposals' => DOL_URL_ROOT.'/supplier_proposal/list.php?mainmenu=commercial&leftmenu=',

+	    	'projects' => DOL_URL_ROOT.'/projet/list.php?mainmenu=project',

+	    	'expensereports' => DOL_URL_ROOT.'/expensereport/list.php?mainmenu=hrm&leftmenu=expensereport',

+	    	'holidays' => DOL_URL_ROOT.'/holiday/list.php?mainmenu=hrm&leftmenu=holiday',

+	    	'ticket' => DOL_URL_ROOT.'/ticket/list.php?leftmenu=ticket'

+	    );

+	    // Translation lang files

+	    $langfile = array(

+	    	'customers' => "companies",

+	    	'contacts' => "companies",

+	    	'services' => "products",

+	    	'proposals' => "propal",

+	    	'invoices' => "bills",

+	    	'supplier_orders' => "orders",

+	    	'supplier_invoices' => "bills",

+	    	'supplier_proposals' => 'supplier_proposal',

+	    	'expensereports' => "trips",

+	    	'holidays' => "holiday",

+	    );

+

+

+	    // Loop and displays each line of table

+		$boardloaded = array();

+	    foreach ($keys as $val)

+	    {

+	        if ($conditions[$val])

+	        {

+                $boxstatItem = '';

+	            $class = $classes[$val];

+	            // Search in cache if load_state_board is already realized

+	            if (!isset($boardloaded[$class]) || !is_object($boardloaded[$class]))

+	            {

+	            	include_once $includes[$val]; // Loading a class cost around 1Mb

+

+	                $board = new $class($db);

+	                $board->load_state_board();

+	                $boardloaded[$class] = $board;

+	            }

+	            else

+	            {

+	                $board = $boardloaded[$class];

+	            }

+

+            	$langs->load(empty($langfile[$val]) ? $val : $langfile[$val]);

+

+	            $text = $langs->trans($titres[$val]);

+	            $boxstatItem .= '<a href="'.$links[$val].'" class="boxstatsindicator thumbstat nobold nounderline">';

+	            $boxstatItem .= '<div class="boxstats">';

+	            $boxstatItem .= '<span class="boxstatstext" title="'.dol_escape_htmltag($text).'">'.$text.'</span><br>';

+	            $boxstatItem .= '<span class="boxstatsindicator">'.img_object("", $board->picto, 'class="inline-block"').' '.($board->nb[$val] ? $board->nb[$val] : 0).'</span>';

+	            $boxstatItem .= '</div>';

+	            $boxstatItem .= '</a>';

+

+                $boxstatItems[$val] = $boxstatItem;

+	        }

+	    }

+    }

+}

+

+

+

+

@@ -159,591 +330,531 @@
-if (!getDolGlobalString('MAIN_DISABLE_GLOBAL_WORKBOARD')) {

-	$showweather = (!getDolGlobalString('MAIN_DISABLE_METEO') || getDolGlobalInt('MAIN_DISABLE_METEO') == 2) ? 1 : 0;

-

-	//Array that contains all WorkboardResponse classes to process them

-	$dashboardlines = array();

-

-	// Do not include sections without management permission

-	require_once DOL_DOCUMENT_ROOT.'/core/class/workboardresponse.class.php';

-

-	// Number of actions to do (late)

-	if (isModEnabled('agenda') && !getDolGlobalString('MAIN_DISABLE_BLOCK_AGENDA') && $user->hasRight('agenda', 'myactions', 'read')) {

-		include_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';

-		$board = new ActionComm($db);

-		$dashboardlines[$board->element] = $board->load_board($user);

-	}

-

-	// Number of project opened

-	if (isModEnabled('project') && !getDolGlobalString('MAIN_DISABLE_BLOCK_PROJECT') && $user->hasRight('projet', 'lire')) {

-		include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';

-		$board = new Project($db);

-		$dashboardlines[$board->element] = $board->load_board($user);

-	}

-

-	// Number of tasks to do (late)

-	if (isModEnabled('project') && !getDolGlobalString('MAIN_DISABLE_BLOCK_PROJECT') && !getDolGlobalString('PROJECT_HIDE_TASKS') && $user->hasRight('projet', 'lire')) {

-		include_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php';

-		$board = new Task($db);

-		$dashboardlines[$board->element] = $board->load_board($user);

-	}

-

-	// Number of commercial customer proposals open (expired)

-	if (isModEnabled('propal') && !getDolGlobalString('MAIN_DISABLE_BLOCK_CUSTOMER') && $user->hasRight('propal', 'read')) {

-		include_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';

-		$board = new Propal($db);

-		$dashboardlines[$board->element.'_opened'] = $board->load_board($user, "opened");

-		// Number of commercial proposals CLOSED signed (billed)

-		$dashboardlines[$board->element.'_signed'] = $board->load_board($user, "signed");

-	}

-

-	// Number of supplier proposals open (expired)

-	if (isModEnabled('supplier_proposal')  && !getDolGlobalString('MAIN_DISABLE_BLOCK_SUPPLIER') && $user->hasRight('supplier_proposal', 'lire')) {

-		$langs->load("supplier_proposal");

-		include_once DOL_DOCUMENT_ROOT.'/supplier_proposal/class/supplier_proposal.class.php';

-		$board = new SupplierProposal($db);

-		$dashboardlines[$board->element.'_opened'] = $board->load_board($user, "opened");

-		// Number of commercial proposals CLOSED signed (billed)

-		$dashboardlines[$board->element.'_signed'] = $board->load_board($user, "signed");

-	}

-

-	// Number of sales orders

-	if (isModEnabled('commande')  && !getDolGlobalString('MAIN_DISABLE_BLOCK_CUSTOMER') && $user->hasRight('commande', 'lire')) {

-		include_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';

-		$board = new Commande($db);

-		// Number of customer orders to be shipped (validated and in progress)

-		$dashboardlines[$board->element.'_toship'] = $board->load_board($user, 'toship');

-		// Number of customer orders to be billed (not visible by default, does not match a lot of organization).

-		if (getDolGlobalInt('ORDER_BILL_AFTER_VALIDATION')) {

-			$dashboardlines[$board->element.'_tobill'] = $board->load_board($user, 'tobill');

-		}

-		// Number of customer orders to be billed (delivered but not billed)

-		$dashboardlines[$board->element.'_shippedtobill'] = $board->load_board($user, 'shippedtobill');

-	}

-

-	// Number of suppliers orders

-	if (isModEnabled('supplier_order')  && !getDolGlobalString('MAIN_DISABLE_BLOCK_SUPPLIER') && $user->hasRight('fournisseur', 'commande', 'lire')) {

-		include_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php';

-		$board = new CommandeFournisseur($db);

-		$dashboardlines[$board->element.'_opened'] = $board->load_board($user, "opened");

-		$dashboardlines[$board->element.'_awaiting'] = $board->load_board($user, 'awaiting');

-	}

-

-	// Number of contract / services enabled (delayed)

-	if (isModEnabled('contrat')  && !getDolGlobalString('MAIN_DISABLE_BLOCK_CONTRACT') && $user->hasRight('contrat', 'lire')) {

-		include_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php';

-		$board = new Contrat($db);

-		$dashboardlines[$board->element.'_inactive'] = $board->load_board($user, "inactive");

-		// Number of active services (expired)

-		$dashboardlines[$board->element.'_active'] = $board->load_board($user, "active");

-	}

-

-	// Number of tickets open

-	if (isModEnabled('ticket')  && !getDolGlobalString('MAIN_DISABLE_BLOCK_TICKET') && $user->hasRight('ticket', 'read')) {

-		include_once DOL_DOCUMENT_ROOT.'/ticket/class/ticket.class.php';

-		$board = new Ticket($db);

-		$dashboardlines[$board->element.'_opened'] = $board->load_board($user, "opened");

-		// Number of active services (expired)

-		//$dashboardlines[$board->element.'_active'] = $board->load_board($user, "active");

-	}

-

-	// Number of invoices customers (paid)

-	if (isModEnabled('facture') && !getDolGlobalString('MAIN_DISABLE_BLOCK_CUSTOMER') && $user->hasRight('facture', 'lire')) {

-		include_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';

-		$board = new Facture($db);

-		$dashboardlines[$board->element] = $board->load_board($user);

-	}

-

-	// Number of supplier invoices (paid)

-	if (isModEnabled('supplier_invoice') && !getDolGlobalString('MAIN_DISABLE_BLOCK_SUPPLIER') && $user->hasRight('fournisseur', 'facture', 'lire')) {

-		include_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php';

-		$board = new FactureFournisseur($db);

-		$dashboardlines[$board->element] = $board->load_board($user);

-	}

-

-	// Number of transactions to conciliate

-	if (isModEnabled('banque')  && !getDolGlobalString('MAIN_DISABLE_BLOCK_BANK') && $user->hasRight('banque', 'lire') && !$user->socid) {

-		include_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';

-		$board = new Account($db);

-		$nb = $board->countAccountToReconcile(); // Get nb of account to reconciliate

-		if ($nb > 0) {

-			$dashboardlines[$board->element] = $board->load_board($user);

-		}

-	}

-

-

-	// Number of cheque to send

-	if (isModEnabled('banque')  && !getDolGlobalString('MAIN_DISABLE_BLOCK_BANK') && $user->hasRight('banque', 'lire') && !$user->socid) {

-		if (!getDolGlobalString('BANK_DISABLE_CHECK_DEPOSIT')) {

-			include_once DOL_DOCUMENT_ROOT . '/compta/paiement/cheque/class/remisecheque.class.php';

-			$board = new RemiseCheque($db);

-			$dashboardlines[$board->element] = $board->load_board($user);

-		}

-		if (isModEnabled('prelevement')) {

-			include_once DOL_DOCUMENT_ROOT.'/compta/prelevement/class/bonprelevement.class.php';

-			$board = new BonPrelevement($db);

-			$dashboardlines[$board->element . '_direct_debit'] = $board->load_board($user, 'direct_debit');

-		}

-		if (isModEnabled('paymentbybanktransfer')) {

-			include_once DOL_DOCUMENT_ROOT.'/compta/prelevement/class/bonprelevement.class.php';

-			$board = new BonPrelevement($db);

-			$dashboardlines[$board->element . '_credit_transfer'] = $board->load_board($user, 'credit_transfer');

-		}

-	}

-

-	// Number of foundation members

-	if (isModEnabled('adherent')  && !getDolGlobalString('MAIN_DISABLE_BLOCK_ADHERENT') && $user->hasRight('adherent', 'lire') && !$user->socid) {

-		include_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php';

-		$board = new Adherent($db);

-		$dashboardlines[$board->element.'_shift'] = $board->load_board($user, 'shift');

-		$dashboardlines[$board->element.'_expired'] = $board->load_board($user, 'expired');

-	}

-

-	// Number of expense reports to approve

-	if (isModEnabled('expensereport')  && !getDolGlobalString('MAIN_DISABLE_BLOCK_EXPENSEREPORT') && $user->hasRight('expensereport', 'approve')) {

-		include_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';

-		$board = new ExpenseReport($db);

-		$dashboardlines[$board->element.'_toapprove'] = $board->load_board($user, 'toapprove');

-	}

-

-	// Number of expense reports to pay

-	if (isModEnabled('expensereport')  && !getDolGlobalString('MAIN_DISABLE_BLOCK_EXPENSEREPORT') && $user->hasRight('expensereport', 'to_paid')) {

-		include_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';

-		$board = new ExpenseReport($db);

-		$dashboardlines[$board->element.'_topay'] = $board->load_board($user, 'topay');

-	}

-

-	// Number of holidays to approve

-	if (isModEnabled('holiday')  && !getDolGlobalString('MAIN_DISABLE_BLOCK_HOLIDAY') && $user->hasRight('holiday', 'approve')) {

-		include_once DOL_DOCUMENT_ROOT.'/holiday/class/holiday.class.php';

-		$board = new Holiday($db);

-		$dashboardlines[$board->element] = $board->load_board($user);

-	}

-

-	$object = new stdClass();

-	$parameters = array();

-	$action = '';

-	$reshook = $hookmanager->executeHooks(

-		'addOpenElementsDashboardLine',

-		$parameters,

-		$object,

-		$action

-	); // Note that $action and $object may have been modified by some hooks

-	if ($reshook == 0) {

-		$dashboardlines = array_merge($dashboardlines, $hookmanager->resArray);

-	}

-

-	/* Open object dashboard */

-	$dashboardgroup = array(

-		'action' =>

-			array(

-				'groupName' => 'Agenda',

-				'stats' => array('action'),

-			),

-		'project' =>

-			array(

-				'groupName' => 'Projects',

-				'globalStatsKey' => 'projects',

-				'stats' => array('project', 'project_task'),

-			),

-		'propal' =>

-			array(

-				'groupName' => 'Proposals',

-				'globalStatsKey' => 'proposals',

-				'stats' =>

-					array('propal_opened', 'propal_signed'),

-			),

-		'commande' =>

-			array(

-				'groupName' => 'Orders',

-				'globalStatsKey' => 'orders',

-				'stats' =>

-					array('commande_toship', 'commande_tobill', 'commande_shippedtobill'),

-			),

-		'facture' =>

-			array(

-				'groupName' => 'Invoices',

-				'globalStatsKey' => 'invoices',

-				'stats' =>

-					array('facture'),

-			),

-		'supplier_proposal' =>

-			array(

-				'lang' => 'supplier_proposal',

-				'groupName' => 'SupplierProposals',

-				'globalStatsKey' => 'askprice',

-				'stats' =>

-					array('supplier_proposal_opened', 'supplier_proposal_signed'),

-			),

-		'order_supplier' =>

-			array(

-				'groupName' => 'SuppliersOrders',

-				'globalStatsKey' => 'supplier_orders',

-				'stats' =>

-					array('order_supplier_opened', 'order_supplier_awaiting'),

-			),

-		'invoice_supplier' =>

-			array(

-				'groupName' => 'BillsSuppliers',

-				'globalStatsKey' => 'supplier_invoices',

-				'stats' =>

-					array('invoice_supplier'),

-			),

-		'contrat' =>

-			array(

-				'groupName' => 'Contracts',

-				'globalStatsKey' => 'Contracts',

-				'stats' =>

-				array('contrat_inactive', 'contrat_active'),

-			),

-		'ticket' =>

-			array(

-				'groupName' => 'Tickets',

-				'globalStatsKey' => 'ticket',

-				'stats' =>

-					array('ticket_opened'),

-			),

-		'bank_account' =>

-			array(

-				'groupName' => 'BankAccount',

-				'stats' =>

-					array('bank_account', 'chequereceipt', 'widthdraw_direct_debit', 'widthdraw_credit_transfer'),

-			),

-		'member' =>

-			array(

-				'groupName' => 'Members',

-				'globalStatsKey' => 'members',

-				'stats' =>

-					array('member_shift', 'member_expired'),

-			),

-		'expensereport' =>

-			array(

-				'groupName' => 'ExpenseReport',

-				'globalStatsKey' => 'expensereports',

-				'stats' =>

-					array('expensereport_toapprove', 'expensereport_topay'),

-			),

-		'holiday' =>

-			array(

-				'groupName' => 'Holidays',

-				'globalStatsKey' => 'holidays',

-				'stats' =>

-					array('holiday'),

-			),

-	);

-

-	$object = new stdClass();

-	$parameters = array(

-		'dashboardgroup' => $dashboardgroup

-	);

-	$reshook = $hookmanager->executeHooks('addOpenElementsDashboardGroup', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks

-	if ($reshook == 0) {

-		$dashboardgroup = array_merge($dashboardgroup, $hookmanager->resArray);

-	}

-

-

-	// Calculate total nb of late

-	$totallate = $totaltodo = 0;

-

-	//Remove any invalid response

-	//load_board can return an integer if failed, or WorkboardResponse if OK

-	$valid_dashboardlines = array();

-	foreach ($dashboardlines as $workboardid => $tmp) {

-		if ($tmp instanceof WorkboardResponse) {

-			$tmp->id = $workboardid; // Complete the object to add its id into its name

-			$valid_dashboardlines[$workboardid] = $tmp;

-		}

-	}

-

-	// We calculate $totallate. Must be defined before start of next loop because it is show in first fetch on next loop

-	foreach ($valid_dashboardlines as $board) {

-		if (is_numeric($board->nbtodo) && is_numeric($board->nbtodolate) && $board->nbtodolate > 0) {

-			$totaltodo += $board->nbtodo;

-			$totallate += $board->nbtodolate;

-		}

-	}

-

-	$openedDashBoardSize = 'info-box-sm'; // use sm by default

-	foreach ($dashboardgroup as $dashbordelement) {

-		if (is_array($dashbordelement['stats']) && count($dashbordelement['stats']) > 2) {

-			$openedDashBoardSize = ''; // use default info box size : big

-			break;

-		}

-	}

-

-	$totalLateNumber = $totallate;

-	$totallatePercentage = ((!empty($totaltodo)) ? round($totallate / $totaltodo * 100, 2) : 0);

-	if (getDolGlobalString('MAIN_USE_METEO_WITH_PERCENTAGE')) {

-		$totallate = $totallatePercentage;

-	}

-

-	$boxwork = '';

-	$boxwork .= '<div class="box">';

-	$boxwork .= '<table summary="'.dol_escape_htmltag($langs->trans("WorkingBoard")).'" class="noborder boxtable boxtablenobottom boxworkingboard centpercent">'."\n";

-	$boxwork .= '<tr class="liste_titre">';

-	$boxwork .= '<th class="liste_titre"><div class="inline-block valignmiddle">'.$langs->trans("DolibarrWorkBoard").'</div>';

-	if ($showweather) {

-		if ($totallate > 0) {

-			$text = $langs->transnoentitiesnoconv("WarningYouHaveAtLeastOneTaskLate").' ('.$langs->transnoentitiesnoconv(

-				"NActionsLate",

-				$totallate.(getDolGlobalString('MAIN_USE_METEO_WITH_PERCENTAGE') ? '%' : '')

-			).')';

-		} else {

-			$text = $langs->transnoentitiesnoconv("NoItemLate");

-		}

-		$text .= '. '.$langs->transnoentitiesnoconv("LateDesc");

-		//$text.=$form->textwithpicto('',$langs->trans("LateDesc"));

-		$options = 'height="24px" style="float: right"';

-		$boxwork .= showWeather($totallate, $text, $options, 'inline-block valignmiddle');

-	}

-	$boxwork .= '</th>';

-	$boxwork .= '</tr>'."\n";

-

-	// Show dashboard

-	$nbworkboardempty = 0;

-	$isIntopOpenedDashBoard = $globalStatInTopOpenedDashBoard = array();

-	if (!empty($valid_dashboardlines)) {

-		$openedDashBoard = '';

-

-		$boxwork .= '<tr class="nobottom nohover"><td class="tdboxstats nohover flexcontainer centpercent"><div style="display: flex: flex-wrap: wrap">';

-

-		foreach ($dashboardgroup as $groupKey => $groupElement) {

-			$boards = array();

-

-			// Scan $groupElement and save the one with 'stats' that must be used for the open objects dashboard

-			if (!getDolGlobalString('MAIN_DISABLE_NEW_OPENED_DASH_BOARD')) {

-				foreach ($groupElement['stats'] as $infoKey) {

-					if (!empty($valid_dashboardlines[$infoKey])) {

-						$boards[] = $valid_dashboardlines[$infoKey];

-						$isIntopOpenedDashBoard[] = $infoKey;

-					}

-				}

-			}

-

-			if (!empty($boards)) {

-				if (!empty($groupElement['lang'])) {

-					$langs->load($groupElement['lang']);

-				}

-				$groupName = $langs->trans($groupElement['groupName']);

-				$groupKeyLowerCase = strtolower($groupKey);

-

-				// global stats

-				$globalStatsKey = false;

-				if (!empty($groupElement['globalStatsKey']) && empty($groupElement['globalStats'])) { // can be filled by hook

-					$globalStatsKey = $groupElement['globalStatsKey'];

-					$groupElement['globalStats'] = array();

-				}

-

-				$openedDashBoard .= '<div class="box-flex-item"><div class="box-flex-item-with-margin">'."\n";

-				$openedDashBoard .= '	<div class="info-box '.$openedDashBoardSize.'">'."\n";

-				$openedDashBoard .= '		<span class="info-box-icon bg-infobox-'.$groupKeyLowerCase.'">'."\n";

-				$openedDashBoard .= '		<i class="fa fa-dol-'.$groupKeyLowerCase.'"></i>'."\n";

-

-				// Show the span for the total of record. TODO This seems not used.

-				if (!empty($groupElement['globalStats'])) {

-					$globalStatInTopOpenedDashBoard[] = $globalStatsKey;

-					$openedDashBoard .= '<span class="info-box-icon-text" title="'.$groupElement['globalStats']['text'].'">'.$groupElement['globalStats']['nbTotal'].'</span>';

-				}

-

-				$openedDashBoard .= '</span>'."\n";

-				$openedDashBoard .= '<div class="info-box-content">'."\n";

-

-				$openedDashBoard .= '<div class="info-box-title" title="'.strip_tags($groupName).'">'.$groupName.'</div>'."\n";

-				$openedDashBoard .= '<div class="info-box-lines">'."\n";

-

-				foreach ($boards as $board) {

-					$openedDashBoard .= '<div class="info-box-line spanoverflow nowrap">';

-

-					if (!empty($board->labelShort)) {

-						$infoName = '<div class="marginrightonly inline-block valignmiddle info-box-line-text" title="'.$board->label.'">'.$board->labelShort.'</div>';

-					} else {

-						$infoName = '<div class="marginrightonly inline-block valignmiddle info-box-line-text">'.$board->label.'</div>';

-					}

-

-					$textLateTitle = $langs->trans("NActionsLate", $board->nbtodolate);

-					$textLateTitle .= ' ('.$langs->trans("Late").' = '.$langs->trans("DateReference").' > '.$langs->trans("DateToday").' '.(ceil(empty($board->warning_delay) ? 0 : $board->warning_delay) >= 0 ? '+' : '').ceil(empty($board->warning_delay) ? 0 : $board->warning_delay).' '.$langs->trans("days").')';

-

-					if ($board->id == 'bank_account') {

-						$textLateTitle .= '<br><span class="opacitymedium">'.$langs->trans("IfYouDontReconcileDisableProperty", $langs->transnoentitiesnoconv("Conciliable")).'</span>';

-					}

-

-					$textLate = '';

-					if ($board->nbtodolate > 0) {

-						$textLate .= '<span title="'.dol_escape_htmltag($textLateTitle).'" class="classfortooltip badge badge-warning">';

-						$textLate .= '<i class="fa fa-exclamation-triangle"></i> '.$board->nbtodolate;

-						$textLate .= '</span>';

-					}

-

-					$nbtodClass = '';

-					if ($board->nbtodo > 0) {

-						$nbtodClass = 'badge badge-info';

-					} else {

-						$nbtodClass = 'opacitymedium';

-					}

-

-					// Forge the line to show into the open object box

-					$labeltoshow = $board->label.' ('.$board->nbtodo.')';

-					if ($board->total > 0) {

-						$labeltoshow .= ' - '.price($board->total, 0, $langs, 1, -1, -1, $conf->currency);

-					}

-					$openedDashBoard .= '<a href="'.$board->url.'" class="info-box-text info-box-text-a">';

-					$openedDashBoard .= $infoName;

-					$openedDashBoard .= '<div class="inline-block nowraponall">';

-					$openedDashBoard .= '<span class="classfortooltip'.($nbtodClass ? ' '.$nbtodClass : '').'" title="'.$labeltoshow.'">';

-					$openedDashBoard .= $board->nbtodo;

-					if ($board->total > 0 && getDolGlobalString('MAIN_WORKBOARD_SHOW_TOTAL_WO_TAX')) {

-						$openedDashBoard .= ' : '.price($board->total, 0, $langs, 1, -1, -1, $conf->currency);

-					}

-					$openedDashBoard .= '</span>';

-

-					if ($textLate) {

-						if ($board->url_late) {

-							$openedDashBoard .= '</div></a>';

-							$openedDashBoard .= ' <div class="inline-block"><a href="'.$board->url_late.'" class="info-box-text info-box-text-a paddingleft">';

-						} else {

-							$openedDashBoard .= ' ';

-						}

-						$openedDashBoard .= $textLate;

-					}

-					$openedDashBoard .= '</a>'."\n";

-					$openedDashBoard .= '</div>';

-					$openedDashBoard .= '</div>'."\n";

-				}

-

-				// TODO Add hook here to add more "info-box-line"

-

-				$openedDashBoard .= '		</div><!-- /.info-box-lines --></div><!-- /.info-box-content -->'."\n";

-				$openedDashBoard .= '	</div><!-- /.info-box -->'."\n";

-				$openedDashBoard .= '</div><!-- /.box-flex-item-with-margin -->'."\n";

-				$openedDashBoard .= '</div><!-- /.box-flex-item -->'."\n";

-				$openedDashBoard .= "\n";

-			}

-		}

-

-		if ($showweather && !empty($isIntopOpenedDashBoard)) {

-			$appendClass = (getDolGlobalInt('MAIN_DISABLE_METEO') == 2 ? ' hideonsmartphone' : '');

-			$weather = getWeatherStatus($totallate);

-

-			$text = '';

-			if ($totallate > 0) {

-				$text = $langs->transnoentitiesnoconv("WarningYouHaveAtLeastOneTaskLate").' ('.$langs->transnoentitiesnoconv(

-					"NActionsLate",

-					$totallate.(getDolGlobalString('MAIN_USE_METEO_WITH_PERCENTAGE') ? '%' : '')

-				).')';

-			} else {

-				$text = $langs->transnoentitiesnoconv("NoItemLate");

-			}

-			$text .= '. '.$langs->transnoentitiesnoconv("LateDesc");

-

-			$weatherDashBoard = '<div class="box-flex-item '.$appendClass.'"><div class="box-flex-item-with-margin">'."\n";

-			$weatherDashBoard .= '	<div class="info-box '.$openedDashBoardSize.' info-box-weather info-box-weather-level'.$weather->level.'">'."\n";

-			$weatherDashBoard .= '		<span class="info-box-icon">';

-			$weatherDashBoard .= img_weather('', $weather->level, '', 0, 'valignmiddle width50');

-			$weatherDashBoard .= '       </span>'."\n";

-			$weatherDashBoard .= '		<div class="info-box-content">'."\n";

-			$weatherDashBoard .= '			<div class="info-box-title">'.$langs->trans('GlobalOpenedElemView').'</div>'."\n";

-

-			if ($totallatePercentage > 0 && getDolGlobalString('MAIN_USE_METEO_WITH_PERCENTAGE')) {

-				$weatherDashBoard .= '			<span class="info-box-number">'.$langs->transnoentitiesnoconv(

-					"NActionsLate",

-					price($totallatePercentage).'%'

-				).'</span>'."\n";

-				$weatherDashBoard .= '			<span class="progress-description">'.$langs->trans(

-					'NActionsLate',

-					$totalLateNumber

-				).'</span>'."\n";

-			} else {

-				$weatherDashBoard .= '			<span class="info-box-number">'.$langs->transnoentitiesnoconv(

-					"NActionsLate",

-					$totalLateNumber

-				).'</span>'."\n";

-				if ($totallatePercentage > 0) {

-					$weatherDashBoard .= '			<span class="progress-description">'.$langs->trans(

-						'NActionsLate',

-						price($totallatePercentage).'%'

-					).'</span>'."\n";

-				}

-			}

-

-			$weatherDashBoard .= '		</div><!-- /.info-box-content -->'."\n";

-			$weatherDashBoard .= '	</div><!-- /.info-box -->'."\n";

-			$weatherDashBoard .= '</div><!-- /.box-flex-item-with-margin -->'."\n";

-			$weatherDashBoard .= '</div><!-- /.box-flex-item -->'."\n";

-			$weatherDashBoard .= "\n";

-

-			$openedDashBoard = $weatherDashBoard.$openedDashBoard;

-		}

-

-		if (!empty($isIntopOpenedDashBoard)) {

-			for ($i = 1; $i <= 10; $i++) {

-				$openedDashBoard .= '<div class="box-flex-item filler"></div>';

-			}

-		}

-

-		$nbworkboardcount = 0;

-		foreach ($valid_dashboardlines as $infoKey => $board) {

-			if (in_array($infoKey, $isIntopOpenedDashBoard)) {

-				// skip if info is present on top

-				continue;

-			}

-

-			if (empty($board->nbtodo)) {

-				$nbworkboardempty++;

-			}

-			$nbworkboardcount++;

-

-

-			$textlate = $langs->trans("NActionsLate", $board->nbtodolate);

-			$textlate .= ' ('.$langs->trans("Late").' = '.$langs->trans("DateReference").' > '.$langs->trans("DateToday").' '.(ceil($board->warning_delay) >= 0 ? '+' : '').ceil($board->warning_delay).' '.$langs->trans("days").')';

-

-

-			$boxwork .= '<div class="boxstatsindicator thumbstat150 nobold nounderline"><div class="boxstats130 boxstatsborder">';

-			$boxwork .= '<div class="boxstatscontent">';

-			$boxwork .= '<span class="boxstatstext" title="'.dol_escape_htmltag($board->label).'">'.$board->img.' <span>'.$board->label.'</span></span><br>';

-			$boxwork .= '<a class="valignmiddle dashboardlineindicator" href="'.$board->url.'"><span class="dashboardlineindicator'.(($board->nbtodo == 0) ? ' dashboardlineok' : '').'">'.$board->nbtodo.'</span></a>';

-			if ($board->total > 0 && getDolGlobalString('MAIN_WORKBOARD_SHOW_TOTAL_WO_TAX')) {

-				$boxwork .= '&nbsp;/&nbsp;<a class="valignmiddle dashboardlineindicator" href="'.$board->url.'"><span class="dashboardlineindicator'.(($board->nbtodo == 0) ? ' dashboardlineok' : '').'">'.price($board->total).'</span></a>';

-			}

-			$boxwork .= '</div>';

-			if ($board->nbtodolate > 0) {

-				$boxwork .= '<div class="dashboardlinelatecoin nowrap">';

-				$boxwork .= '<a title="'.dol_escape_htmltag($textlate).'" class="valignmiddle dashboardlineindicatorlate'.($board->nbtodolate > 0 ? ' dashboardlineko' : ' dashboardlineok').'" href="'.((!$board->url_late) ? $board->url : $board->url_late).'">';

-				//$boxwork .= img_picto($textlate, "warning_white", 'class="valigntextbottom"');

-				$boxwork .= img_picto(

-					$textlate,

-					"warning_white",

-					'class="inline-block hideonsmartphone valigntextbottom"'

-				);

-				$boxwork .= '<span class="dashboardlineindicatorlate'.($board->nbtodolate > 0 ? ' dashboardlineko' : ' dashboardlineok').'">';

-				$boxwork .= $board->nbtodolate;

-				$boxwork .= '</span>';

-				$boxwork .= '</a>';

-				$boxwork .= '</div>';

-			}

-			$boxwork .= '</div></div>';

-			$boxwork .= "\n";

-		}

-

-		$boxwork .= '<div class="boxstatsindicator thumbstat150 nobold nounderline"><div class="boxstats150empty"></div></div>';

-		$boxwork .= '<div class="boxstatsindicator thumbstat150 nobold nounderline"><div class="boxstats150empty"></div></div>';

-		$boxwork .= '<div class="boxstatsindicator thumbstat150 nobold nounderline"><div class="boxstats150empty"></div></div>';

-		$boxwork .= '<div class="boxstatsindicator thumbstat150 nobold nounderline"><div class="boxstats150empty"></div></div>';

-

-		$boxwork .= '</div>';

-		$boxwork .= '</td></tr>';

-	} else {

-		$boxwork .= '<tr class="nohover">';

-		$boxwork .= '<td class="nohover valignmiddle opacitymedium">';

-		$boxwork .= $langs->trans("NoOpenedElementToProcess");

-		$boxwork .= '</td>';

-		$boxwork .= '</tr>';

-	}

-

-	$boxwork .= '</td></tr>';

-

-	$boxwork .= '</table>'; // End table array of working board

-	$boxwork .= '</div>';

-

-	if (!empty($isIntopOpenedDashBoard)) {

-		print '<div class="fichecenter">';

-		print '<div class="opened-dash-board-wrap"><div class="box-flex-container">'.$openedDashBoard.'</div></div>';

-		print '</div>';

-	}

+

+if (empty($conf->global->MAIN_DISABLE_GLOBAL_WORKBOARD)) {

+    $showweather = (empty($conf->global->MAIN_DISABLE_METEO) || $conf->global->MAIN_DISABLE_METEO == 2) ? 1 : 0;

+

+    //Array that contains all WorkboardResponse classes to process them

+    $dashboardlines = array();

+

+    // Do not include sections without management permission

+    require_once DOL_DOCUMENT_ROOT.'/core/class/workboardresponse.class.php';

+

+    // Number of actions to do (late)

+    if (!empty($conf->agenda->enabled) && $user->rights->agenda->myactions->read) {

+        include_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';

+        $board = new ActionComm($db);

+        $dashboardlines[$board->element] = $board->load_board($user);

+    }

+

+    // Number of project opened

+    if (!empty($conf->projet->enabled) && $user->rights->projet->lire) {

+        include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';

+        $board = new Project($db);

+        $dashboardlines[$board->element] = $board->load_board($user);

+    }

+

+    // Number of tasks to do (late)

+    if (!empty($conf->projet->enabled) && empty($conf->global->PROJECT_HIDE_TASKS) && $user->rights->projet->lire) {

+        include_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php';

+        $board = new Task($db);

+        $dashboardlines[$board->element] = $board->load_board($user);

+    }

+

+    // Number of commercial proposals opened (expired)

+    if (!empty($conf->propal->enabled) && $user->rights->propale->lire) {

+        include_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';

+        $board = new Propal($db);

+        $dashboardlines[$board->element.'_opened'] = $board->load_board($user, "opened");

+        // Number of commercial proposals CLOSED signed (billed)

+        $dashboardlines[$board->element.'_signed'] = $board->load_board($user, "signed");

+    }

+

+    // Number of commercial proposals opened (expired)

+    if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposal->lire) {

+        include_once DOL_DOCUMENT_ROOT.'/supplier_proposal/class/supplier_proposal.class.php';

+        $board = new SupplierProposal($db);

+        $dashboardlines[$board->element.'_opened'] = $board->load_board($user, "opened");

+        // Number of commercial proposals CLOSED signed (billed)

+        $dashboardlines[$board->element.'_signed'] = $board->load_board($user, "signed");

+    }

+

+    // Number of customer orders a deal

+    if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {

+        include_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';

+        $board = new Commande($db);

+        $dashboardlines[$board->element] = $board->load_board($user);

+    }

+

+    // Number of suppliers orders a deal

+    if (!empty($conf->supplier_order->enabled) && $user->rights->fournisseur->commande->lire) {

+        include_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php';

+        $board = new CommandeFournisseur($db);

+        $dashboardlines[$board->element.'_opened'] = $board->load_board($user, "opened");

+        $dashboardlines[$board->element.'_awaiting'] = $board->load_board($user, 'awaiting');

+    }

+

+    // Number of contract / services enabled (delayed)

+    if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire) {

+        include_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php';

+        $board = new Contrat($db);

+        $dashboardlines[$board->element.'_inactive'] = $board->load_board($user, "inactive");

+        // Number of active services (expired)

+        $dashboardlines[$board->element.'_active'] = $board->load_board($user, "active");

+    }

+

+    // Number of tickets open

+    if (!empty($conf->ticket->enabled) && $user->rights->ticket->read) {

+    	include_once DOL_DOCUMENT_ROOT.'/ticket/class/ticket.class.php';

+    	$board = new Ticket($db);

+    	$dashboardlines[$board->element.'_opened'] = $board->load_board($user, "opened");

+    	// Number of active services (expired)

+    	//$dashboardlines[$board->element.'_active'] = $board->load_board($user, "active");

+    }

+

+    // Number of invoices customers (has paid)

+    if (!empty($conf->facture->enabled) && $user->rights->facture->lire) {

+        include_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';

+        $board = new Facture($db);

+        $dashboardlines[$board->element] = $board->load_board($user);

+    }

+

+    // Number of supplier invoices (has paid)

+    if (!empty($conf->supplier_invoice->enabled) && !empty($user->rights->fournisseur->facture->lire)) {

+        include_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php';

+        $board = new FactureFournisseur($db);

+        $dashboardlines[$board->element] = $board->load_board($user);

+    }

+

+    // Number of transactions to conciliate

+    if (!empty($conf->banque->enabled) && $user->rights->banque->lire && !$user->socid) {

+        include_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';

+        $board = new Account($db);

+        $nb = $board::countAccountToReconcile(); // Get nb of account to reconciliate

+        if ($nb > 0) {

+            $dashboardlines[$board->element] = $board->load_board($user);

+        }

+    }

+

+    // Number of cheque to send

+    if (!empty($conf->banque->enabled) && $user->rights->banque->lire && !$user->socid && empty($conf->global->BANK_DISABLE_CHECK_DEPOSIT)) {

+        include_once DOL_DOCUMENT_ROOT.'/compta/paiement/cheque/class/remisecheque.class.php';

+        $board = new RemiseCheque($db);

+        $dashboardlines[$board->element] = $board->load_board($user);

+    }

+

+    // Number of foundation members

+    if (!empty($conf->adherent->enabled) && $user->rights->adherent->lire && !$user->socid) {

+        include_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php';

+        $board = new Adherent($db);

+        $dashboardlines[$board->element.'_shift'] = $board->load_board($user, 'shift');

+        $dashboardlines[$board->element.'_expired'] = $board->load_board($user, 'expired');

+    }

+

+    // Number of expense reports to approve

+    if (!empty($conf->expensereport->enabled) && $user->rights->expensereport->approve) {

+        include_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';

+        $board = new ExpenseReport($db);

+        $dashboardlines[$board->element . '_toapprove'] = $board->load_board($user, 'toapprove');

+    }

+

+    // Number of expense reports to pay

+    if (!empty($conf->expensereport->enabled) && $user->rights->expensereport->to_paid) {

+        include_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';

+        $board = new ExpenseReport($db);

+        $dashboardlines[$board->element . '_topay'] = $board->load_board($user, 'topay');

+    }

+

+    // Number of holidays to approve

+    if (!empty($conf->holiday->enabled) && $user->rights->holiday->approve) {

+        include_once DOL_DOCUMENT_ROOT.'/holiday/class/holiday.class.php';

+        $board = new Holiday($db);

+        $dashboardlines[$board->element] = $board->load_board($user);

+    }

+

+    $object = new stdClass();

+    $parameters = array();

+    $action = '';

+    $reshook = $hookmanager->executeHooks('addOpenElementsDashboardLine', $parameters, $object,

+        $action); // Note that $action and $object may have been modified by some hooks

+    if ($reshook == 0) {

+        $dashboardlines = array_merge($dashboardlines, $hookmanager->resArray);

+    }

+

+    /* Open object dashboard */

+    $dashboardgroup = array(

+        'action' =>

+            array(

+                'groupName' => 'Agenda',

+                'stats' => array('action'),

+            ),

+        'project' =>

+            array(

+                'groupName' => 'Projects',

+                'globalStatsKey' => 'projects',

+                'stats' => array('project', 'project_task'),

+            ),

+        'propal' =>

+            array(

+                'groupName' => 'Proposals',

+                'globalStatsKey' => 'proposals',

+                'stats' =>

+                    array('propal_opened', 'propal_signed'),

+            ),

+        'commande' =>

+            array(

+                'groupName' => 'Orders',

+                'globalStatsKey' => 'orders',

+                'stats' =>

+                    array('commande'),

+            ),

+        'facture' =>

+            array(

+                'groupName' => 'Invoices',

+                'globalStatsKey' => 'invoices',

+                'stats' =>

+                    array('facture'),

+            ),

+        'supplier_proposal' =>

+            array(

+                'groupName' => 'SupplierProposals',

+                'globalStatsKey' => 'askprice',

+                'stats' =>

+                    array('supplier_proposal_opened', 'supplier_proposal_signed'),

+            ),

+        'order_supplier' =>

+            array(

+                'groupName' => 'SuppliersOrders',

+                'globalStatsKey' => 'supplier_orders',

+                'stats' =>

+                    array('order_supplier_opened', 'order_supplier_awaiting'),

+            ),

+        'invoice_supplier' =>

+            array(

+                'groupName' => 'BillsSuppliers',

+                'globalStatsKey' => 'supplier_invoices',

+                'stats' =>

+                    array('invoice_supplier'),

+            ),

+    	'contrat' =>

+	    	array(

+	    		'groupName' => 'Contracts',

+	    		'globalStatsKey' => 'Contracts',

+	    		'stats' =>

+	    		array('contrat_inactive', 'contrat_active'),

+	    	),

+    	'ticket' =>

+	    	array(

+	    		'groupName' => 'Tickets',

+	    		'globalStatsKey' => 'ticket',

+	    		'stats' =>

+	    			array('ticket_opened'),

+	    	),

+    	'bank_account' =>

+            array(

+                'groupName' => 'BankAccount',

+                'stats' =>

+                    array('bank_account', 'chequereceipt'),

+            ),

+        'member' =>

+            array(

+                'groupName' => 'Members',

+                'globalStatsKey' => 'members',

+                'stats' =>

+                    array('member_shift', 'member_expired'),

+            ),

+        'expensereport' =>

+            array(

+                'groupName' => 'ExpenseReport',

+                'globalStatsKey' => 'expensereports',

+                'stats' =>

+                    array('expensereport_toapprove', 'expensereport_topay'),

+            ),

+        'holiday' =>

+            array(

+                'groupName' => 'Holidays',

+                'globalStatsKey' => 'holidays',

+                'stats' =>

+                    array('holiday'),

+            ),

+    );

+

+    $object = new stdClass();

+    $parameters = array(

+        'dashboardgroup' => $dashboardgroup

+    );

+    $reshook = $hookmanager->executeHooks('addOpenElementsDashboardGroup', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks

+    if ($reshook == 0) {

+        $dashboardgroup = array_merge($dashboardgroup, $hookmanager->resArray);

+    }

+

+

+    // Calculate total nb of late

+    $totallate = $totaltodo = 0;

+

+    //Remove any invalid response

+    //load_board can return an integer if failed or WorkboardResponse if OK

+    $valid_dashboardlines = array();

+    foreach ($dashboardlines as $infoKey => $tmp) {

+        if ($tmp instanceof WorkboardResponse) {

+            $valid_dashboardlines[$infoKey] = $tmp;

+        }

+    }

+

+    // We calculate $totallate. Must be defined before start of next loop because it is show in first fetch on next loop

+    foreach ($valid_dashboardlines as $board) {

+        if ($board->nbtodolate > 0) {

+            $totaltodo += $board->nbtodo;

+            $totallate += $board->nbtodolate;

+        }

+    }

+

+    $openedDashBoardSize = 'info-box-sm'; // use sm by default

+    foreach ($dashboardgroup as $dashbordelement) {

+        if (is_array($dashbordelement['stats']) && count($dashbordelement['stats']) > 2) {

+            $openedDashBoardSize = ''; // use default info box size : big

+            break;

+        }

+    }

+

+    $totalLateNumber = $totallate;

+    $totallatePercentage = ((!empty($totaltodo)) ? round($totallate / $totaltodo * 100, 2) : 0);

+    if (!empty($conf->global->MAIN_USE_METEO_WITH_PERCENTAGE)) {

+        $totallate = $totallatePercentage;

+    }

+

+    $boxwork = '';

+    $boxwork .= '<div class="box">';

+    $boxwork .= '<table summary="'.dol_escape_htmltag($langs->trans("WorkingBoard")).'" class="noborder boxtable boxtablenobottom boxworkingboard" width="100%">'."\n";

+    $boxwork .= '<tr class="liste_titre">';

+    $boxwork .= '<th class="liste_titre"><div class="inline-block valignmiddle">'.$langs->trans("DolibarrWorkBoard").'</div>';

+    if ($showweather) {

+        if ($totallate > 0) {

+            $text = $langs->transnoentitiesnoconv("WarningYouHaveAtLeastOneTaskLate").' ('.$langs->transnoentitiesnoconv("NActionsLate",

+                    $totallate.(!empty($conf->global->MAIN_USE_METEO_WITH_PERCENTAGE) ? '%' : '')).')';

+        } else {

+            $text = $langs->transnoentitiesnoconv("NoItemLate");

+        }

+        $text .= '. '.$langs->transnoentitiesnoconv("LateDesc");

+        //$text.=$form->textwithpicto('',$langs->trans("LateDesc"));

+        $options = 'height="24px" style="float: right"';

+        $boxwork .= showWeather($totallate, $text, $options, 'inline-block valignmiddle');

+    }

+    $boxwork .= '</th>';

+    $boxwork .= '</tr>'."\n";

+

+    // Show dashboard

+    $nbworkboardempty = 0;

+    $isIntopOpenedDashBoard = $globalStatInTopOpenedDashBoard = array();

+    if (!empty($valid_dashboardlines)) {

+        $openedDashBoard = '';

+

+        $boxwork .= '<tr class="nobottom nohover"><td class="tdboxstats nohover flexcontainer centpercent"><div style="display: flex: flex-wrap: wrap">';

+

+        foreach ($dashboardgroup as $groupKey => $groupElement) {

+            $boards = array();

+

+            if (empty($conf->global->MAIN_DISABLE_NEW_OPENED_DASH_BOARD)) {

+                foreach ($groupElement['stats'] as $infoKey) {

+                    if (!empty($valid_dashboardlines[$infoKey])) {

+                        $boards[] = $valid_dashboardlines[$infoKey];

+                        $isIntopOpenedDashBoard[] = $infoKey;

+                    }

+                }

+            }

+

+            if (!empty($boards)) {

+                $groupName = $langs->trans($groupElement['groupName']);

+                $groupKeyLowerCase = strtolower($groupKey);

+                $nbTotalForGroup = 0;

+

+                // global stats

+                $globalStatsKey = false;

+                if (!empty($groupElement['globalStatsKey']) && empty($groupElement['globalStats'])) { // can be filled by hook

+                    $globalStatsKey = $groupElement['globalStatsKey'];

+                    $groupElement['globalStats'] = array();

+

+                    if (is_array($keys) && in_array($globalStatsKey, $keys))

+                    {

+                        // get key index of stats used in $includes, $classes, $keys, $icons, $titres, $links

+                        $keyIndex = array_search($globalStatsKey, $keys);

+

+                        $classe = $classes[$keyIndex];

+                        if (isset($boardloaded[$classe]) && is_object($boardloaded[$classe]))

+                        {

+                            $groupElement['globalStats']['total'] = $boardloaded[$classe]->nb[$globalStatsKey] ? $boardloaded[$classe]->nb[$globalStatsKey] : 0;

+                            $nbTotal = doubleval($groupElement['globalStats']['total']);

+                            if ($nbTotal >= 10000) { $nbTotal = round($nbTotal / 1000, 2).'k'; }

+                            $groupElement['globalStats']['text'] = $langs->trans('Total').' : '.$langs->trans($titres[$keyIndex]).' ('.$groupElement['globalStats']['total'].')';

+                            $groupElement['globalStats']['total'] = $nbTotal;

+                            $groupElement['globalStats']['link'] = $links[$keyIndex];

+                        }

+                    }

+                }

+

+                $openedDashBoard .= '<div class="box-flex-item"><div class="box-flex-item-with-margin">'."\n";

+                $openedDashBoard .= '	<div class="info-box '.$openedDashBoardSize.'">'."\n";

+                $openedDashBoard .= '		<span class="info-box-icon bg-infobox-'.$groupKeyLowerCase.'">'."\n";

+                $openedDashBoard .= '		<i class="fa fa-dol-'.$groupKeyLowerCase.'"></i>'."\n";

+

+                // Show the span for the total of record

+                if (!empty($groupElement['globalStats'])) {

+                    $globalStatInTopOpenedDashBoard[] = $globalStatsKey;

+                    $openedDashBoard .= '		<span class="info-box-icon-text" title="'.$groupElement['globalStats']['text'].'">'.$nbTotal.'</span>'."\n";

+                }

+

+                $openedDashBoard .= '		</span>'."\n";

+                $openedDashBoard .= '		<div class="info-box-content">'."\n";

+

+                $openedDashBoard .= '			<span class="info-box-title" title="'.strip_tags($groupName).'">'.$groupName.'</span>'."\n";

+

+                foreach ($boards as $board) {

+                    if (!empty($board->labelShort)) {

+                        $infoName = '<span title="'.$board->label.'">'.$board->labelShort.'</span>';

+                    } else {

+                        $infoName = $board->label;

+                    }

+

+                    $textLateTitle = $langs->trans("NActionsLate", $board->nbtodolate);

+                    $textLateTitle .= ' ('.$langs->trans("Late").' = '.$langs->trans("DateReference").' > '.$langs->trans("DateToday").' '.(ceil($board->warning_delay) >= 0 ? '+' : '').ceil($board->warning_delay).' '.$langs->trans("days").')';

+

+                    $textLate = '';

+                    if ($board->nbtodolate > 0) {

+                        $textLate .= ' <span title="'.dol_htmlentities($textLateTitle).'" class="classfortooltip badge badge-warning">';

+                        $textLate .= '<i class="fa fa-exclamation-triangle"></i> '.$board->nbtodolate;

+                        $textLate .= '</span>';

+                    }

+

+                    $nbtodClass = '';

+                    if ($board->nbtodo > 0) {

+                        $nbtodClass = 'badge badge-info';

+                    }

+

+                    $openedDashBoard .= '			<a href="'.$board->url.'" class="info-box-text">'.$infoName.' : <span class="'.$nbtodClass.' classfortooltip" title="'.$board->label.'" >'.$board->nbtodo.'</span>'.$textLate.'</a>'."\n";

+

+                    if ($board->total > 0 && !empty($conf->global->MAIN_WORKBOARD_SHOW_TOTAL_WO_TAX)) {

+                        $openedDashBoard .= '<a href="'.$board->url.'" class="info-box-text">'.$langs->trans('Total').' : '.price($board->total).'</a>';

+                    }

+                }

+

+                $openedDashBoard .= '		</div><!-- /.info-box-content -->'."\n";

+                $openedDashBoard .= '	</div><!-- /.info-box -->'."\n";

+                $openedDashBoard .= '</div><!-- /.box-flex-item-with-margin -->'."\n";

+                $openedDashBoard .= '</div><!-- /.box-flex-item -->'."\n";

+                $openedDashBoard .= "\n";

+            }

+        }

+

+        if ($showweather && !empty($isIntopOpenedDashBoard)) {

+            $appendClass = $conf->global->MAIN_DISABLE_METEO == 2 ? ' hideonsmartphone' : '';

+            $weather = getWeatherStatus($totallate);

+

+            $text = '';

+            if ($totallate > 0) {

+                $text = $langs->transnoentitiesnoconv("WarningYouHaveAtLeastOneTaskLate").' ('.$langs->transnoentitiesnoconv("NActionsLate",

+                        $totallate.(!empty($conf->global->MAIN_USE_METEO_WITH_PERCENTAGE) ? '%' : '')).')';

+            } else {

+                $text = $langs->transnoentitiesnoconv("NoItemLate");

+            }

+            $text .= '. '.$langs->transnoentitiesnoconv("LateDesc");

+

+            $weatherDashBoard = '<div class="box-flex-item '.$appendClass.'"><div class="box-flex-item-with-margin">'."\n";

+            $weatherDashBoard .= '	<div class="info-box '.$openedDashBoardSize.' info-box-weather info-box-weather-level'.$weather->level.'">'."\n";

+            $weatherDashBoard .= '		<span class="info-box-icon">';

+            $weatherDashBoard .= img_weather('', $weather->level, '', 0, 'valignmiddle width50');

+            $weatherDashBoard .= '       </span>'."\n";

+            $weatherDashBoard .= '		<div class="info-box-content">'."\n";

+            $weatherDashBoard .= '			<span class="info-box-title">'.$langs->trans('GlobalOpenedElemView').'</span>'."\n";

+

+            if ($totallatePercentage > 0 && !empty($conf->global->MAIN_USE_METEO_WITH_PERCENTAGE)) {

+                $weatherDashBoard .= '			<span class="info-box-number">'.$langs->transnoentitiesnoconv("NActionsLate",

+                        price($totallatePercentage).'%').'</span>'."\n";

+                $weatherDashBoard .= '			<span class="progress-description">'.$langs->trans('NActionsLate',

+                        $totalLateNumber).'</span>'."\n";

+            } else {

+                $weatherDashBoard .= '			<span class="info-box-number">'.$langs->transnoentitiesnoconv("NActionsLate",

+                        $totalLateNumber).'</span>'."\n";

+                if ($totallatePercentage > 0) {

+                    $weatherDashBoard .= '			<span class="progress-description">'.$langs->trans('NActionsLate',

+                            price($totallatePercentage).'%').'</span>'."\n";

+                }

+            }

+

+            $weatherDashBoard .= '		</div><!-- /.info-box-content -->'."\n";

+            $weatherDashBoard .= '	</div><!-- /.info-box -->'."\n";

+            $weatherDashBoard .= '</div><!-- /.box-flex-item-with-margin -->'."\n";

+            $weatherDashBoard .= '</div><!-- /.box-flex-item -->'."\n";

+            $weatherDashBoard .= "\n";

+

+            $openedDashBoard = $weatherDashBoard.$openedDashBoard;

+        }

+

+        if (!empty($isIntopOpenedDashBoard)) {

+            for ($i = 1; $i <= 10; $i++) {

+                $openedDashBoard .= '<div class="box-flex-item filler"></div>';

+            }

+        }

+

+        $nbworkboardcount = 0;

+        foreach ($valid_dashboardlines as $infoKey => $board) {

+            if (in_array($infoKey, $isIntopOpenedDashBoard)) {

+                // skip if info is present on top

+                continue;

+            }

+

+            if (empty($board->nbtodo)) {

+                $nbworkboardempty++;

+            }

+            $nbworkboardcount++;

+

+

+            $textlate = $langs->trans("NActionsLate", $board->nbtodolate);

+            $textlate .= ' ('.$langs->trans("Late").' = '.$langs->trans("DateReference").' > '.$langs->trans("DateToday").' '.(ceil($board->warning_delay) >= 0 ? '+' : '').ceil($board->warning_delay).' '.$langs->trans("days").')';

+

+

+            $boxwork .= '<div class="boxstatsindicator thumbstat150 nobold nounderline"><div class="boxstats130 boxstatsborder">';

+            $boxwork .= '<div class="boxstatscontent">';

+            $boxwork .= '<span class="boxstatstext" title="'.dol_escape_htmltag($board->label).'">'.$board->img.' '.$board->label.'</span><br>';

+            $boxwork .= '<a class="valignmiddle dashboardlineindicator" href="'.$board->url.'"><span class="dashboardlineindicator'.(($board->nbtodo == 0) ? ' dashboardlineok' : '').'">'.$board->nbtodo.'</span></a>';

+            if ($board->total > 0 && !empty($conf->global->MAIN_WORKBOARD_SHOW_TOTAL_WO_TAX)) {

+                $boxwork .= '&nbsp;/&nbsp;<a class="valignmiddle dashboardlineindicator" href="'.$board->url.'"><span class="dashboardlineindicator'.(($board->nbtodo == 0) ? ' dashboardlineok' : '').'">'.price($board->total).'</span></a>';

+            }

+            $boxwork .= '</div>';

+            if ($board->nbtodolate > 0) {

+                $boxwork .= '<div class="dashboardlinelatecoin nowrap">';

+                $boxwork .= '<a title="'.dol_escape_htmltag($textlate).'" class="valignmiddle dashboardlineindicatorlate'.($board->nbtodolate > 0 ? ' dashboardlineko' : ' dashboardlineok').'" href="'.((!$board->url_late) ? $board->url : $board->url_late).'">';

+                //$boxwork .= img_picto($textlate, "warning_white", 'class="valigntextbottom"').'';

+                $boxwork .= img_picto($textlate, "warning_white",

+                        'class="inline-block hideonsmartphone valigntextbottom"').'';

+                $boxwork .= '<span class="dashboardlineindicatorlate'.($board->nbtodolate > 0 ? ' dashboardlineko' : ' dashboardlineok').'">';

+                $boxwork .= $board->nbtodolate;

+                $boxwork .= '</span>';

+                $boxwork .= '</a>';

+                $boxwork .= '</div>';

+            }

+            $boxwork .= '</div></div>';

+            $boxwork .= "\n";

+        }

+

+        $boxwork .= '<div class="boxstatsindicator thumbstat150 nobold nounderline"><div class="boxstats150empty"></div></div>';

+        $boxwork .= '<div class="boxstatsindicator thumbstat150 nobold nounderline"><div class="boxstats150empty"></div></div>';

+        $boxwork .= '<div class="boxstatsindicator thumbstat150 nobold nounderline"><div class="boxstats150empty"></div></div>';

+        $boxwork .= '<div class="boxstatsindicator thumbstat150 nobold nounderline"><div class="boxstats150empty"></div></div>';

+

+        $boxwork .= '</div>';

+        $boxwork .= '</td></tr>';

+    } else {

+        $boxwork .= '<tr class="nohover">';

+        $boxwork .= '<td class="nohover valignmiddle opacitymedium">';

+        $boxwork .= $langs->trans("NoOpenedElementToProcess");

+        $boxwork .= '</td>';

+        $boxwork .= '</tr>';

+    }

+

+    $boxwork .= '</td></tr>';

+

+    $boxwork .= '</table>'; // End table array of working board

+    $boxwork .= '</div>';

+

+    if (!empty($isIntopOpenedDashBoard)) {

+        print '<div class="fichecenter">';

+        print '<div class="opened-dash-board-wrap"><div class="box-flex-container">'.$openedDashBoard.'</div></div>';

+        print '</div>';

+    }

@@ -759 +870 @@
- * Show widgets (boxes)

+ * Show boxes

@@ -762 +873 @@
-$boxlist = '<div class="twocolumns">';

+$boxlist .= '<div class="twocolumns">';

@@ -765 +876,2 @@
-if (!empty($nbworkboardcount)) {

+if (!empty($nbworkboardcount))

+{

@@ -772,0 +885,45 @@
+

+if (empty($user->socid) && empty($conf->global->MAIN_DISABLE_GLOBAL_BOXSTATS))

+{

+    // Remove allready present info in new dash board

+    if (!empty($conf->global->MAIN_INCLUDE_GLOBAL_STATS_IN_OPENED_DASHBOARD) && is_array($boxstatItems) && count($boxstatItems) > 0) {

+        foreach ($boxstatItems as $boxstatItemKey => $boxstatItemHtml) {

+            if (in_array($boxstatItemKey, $globalStatInTopOpenedDashBoard)) {

+                unset($boxstatItems[$boxstatItemKey]);

+            }

+        }

+    }

+

+    if (!empty($boxstatFromHook) || !empty($boxstatItems)) {

+    	$boxstat .= '<!-- Database statistics -->'."\n";

+        $boxstat .= '<div class="box">';

+        $boxstat .= '<table summary="'.dol_escape_htmltag($langs->trans("DolibarrStateBoard")).'" class="noborder boxtable boxtablenobottom nohover widgetstats" width="100%">';

+        $boxstat .= '<tr class="liste_titre box_titre">';

+        $boxstat .= '<td class="liste_titre">';

+        $boxstat .= '<div class="inline-block valignmiddle">'.$langs->trans("DolibarrStateBoard").'</div>';

+        $boxstat .= '</td>';

+        $boxstat .= '</tr>';

+        $boxstat .= '<tr class="nobottom nohover"><td class="tdboxstats nohover flexcontainer">';

+

+        $boxstat .= $boxstatFromHook;

+

+        if (is_array($boxstatItems) && count($boxstatItems) > 0)

+        {

+            $boxstat .= implode('', $boxstatItems);

+        }

+

+        $boxstat .= '<a class="boxstatsindicator thumbstat nobold nounderline"><div class="boxstatsempty"></div></a>';

+        $boxstat .= '<a class="boxstatsindicator thumbstat nobold nounderline"><div class="boxstatsempty"></div></a>';

+        $boxstat .= '<a class="boxstatsindicator thumbstat nobold nounderline"><div class="boxstatsempty"></div></a>';

+        $boxstat .= '<a class="boxstatsindicator thumbstat nobold nounderline"><div class="boxstatsempty"></div></a>';

+        $boxstat .= '<a class="boxstatsindicator thumbstat nobold nounderline"><div class="boxstatsempty"></div></a>';

+        $boxstat .= '<a class="boxstatsindicator thumbstat nobold nounderline"><div class="boxstatsempty"></div></a>';

+        $boxstat .= '<a class="boxstatsindicator thumbstat nobold nounderline"><div class="boxstatsempty"></div></a>';

+        $boxstat .= '<a class="boxstatsindicator thumbstat nobold nounderline"><div class="boxstatsempty"></div></a>';

+

+        $boxstat .= '</td></tr>';

+        $boxstat .= '</table>';

+        $boxstat .= '</div>';

+    }

+}

+

@@ -774,0 +932 @@
+$boxlist .= $boxstat;

@@ -785,0 +944,36 @@
+

+

+/*

+ * Show security warnings

+ */

+

+// Security warning repertoire install existe (si utilisateur admin)

+if ($user->admin && empty($conf->global->MAIN_REMOVE_INSTALL_WARNING))

+{

+    $message = '';

+

+    // Check if install lock file is present

+    $lockfile = DOL_DATA_ROOT.'/install.lock';

+    if (!empty($lockfile) && !file_exists($lockfile) && is_dir(DOL_DOCUMENT_ROOT."/install"))

+    {

+        $langs->load("errors");

+        //if (! empty($message)) $message.='<br>';

+        $message .= info_admin($langs->trans("WarningLockFileDoesNotExists", DOL_DATA_ROOT).' '.$langs->trans("WarningUntilDirRemoved", DOL_DOCUMENT_ROOT."/install"), 0, 0, '1', 'clearboth');

+    }

+

+    // Conf files must be in read only mode

+    if (is_writable($conffile))

+    {

+        $langs->load("errors");

+        //$langs->load("other");

+        //if (! empty($message)) $message.='<br>';

+        $message .= info_admin($langs->transnoentities("WarningConfFileMustBeReadOnly").' '.$langs->trans("WarningUntilDirRemoved", DOL_DOCUMENT_ROOT."/install"), 0, 0, '1', 'clearboth');

+    }

+

+    if ($message)

+    {

+        print $message;

+        //$message.='<br>';

+        //print info_admin($langs->trans("WarningUntilDirRemoved",DOL_DOCUMENT_ROOT."/install"));

+    }

+}

@@ -806,4 +1000,4 @@
-	global $conf;

-

-	$weather = getWeatherStatus($totallate);

-	return img_weather($text, $weather->picto, $options, 0, $morecss);

+    global $conf;

+

+    $weather = getWeatherStatus($totallate);

+    return img_weather($text, $weather->picto, $options, 0, $morecss);

@@ -818 +1012 @@
- *  @return     stdClass                Return img tag of weather

+ *  @return     string                  Return img tag of weather

@@ -830,2 +1024,3 @@
-	$used_conf = !getDolGlobalString('MAIN_USE_METEO_WITH_PERCENTAGE') ? 'MAIN_METEO_LEVEL' : 'MAIN_METEO_PERCENTAGE_LEVEL';

-

+	$used_conf = !empty($conf->global->MAIN_USE_METEO_WITH_PERCENTAGE) ? 'MAIN_METEO_PERCENTAGE_LEVEL' : 'MAIN_METEO_LEVEL';

+

+	$level0 = $offset;

@@ -833,4 +1028,7 @@
-	$level0 = $offset;

-	$level0 = getDolGlobalString($used_conf.'0', $level0);

-	$level1 = $offset + $factor;

-	$level1 = getDolGlobalString($used_conf.'1', $level1);

+	if (!empty($conf->global->{$used_conf.'0'})) {

+		$level0 = $conf->global->{$used_conf.'0'};

+	}

+	$level1 = $offset + 1 * $factor;

+	if (!empty($conf->global->{$used_conf.'1'})) {

+		$level1 = $conf->global->{$used_conf.'1'};

+	}

@@ -838 +1036,3 @@
-	$level2 = getDolGlobalString($used_conf.'2', $level2);

+	if (!empty($conf->global->{$used_conf.'2'})) {

+		$level2 = $conf->global->{$used_conf.'2'};

+	}

@@ -840 +1040,3 @@
-	$level3 = getDolGlobalString($used_conf.'3', $level3);

+	if (!empty($conf->global->{$used_conf.'3'})) {

+		$level3 = $conf->global->{$used_conf.'3'};

+	}

@@ -845 +1047,2 @@
-	} elseif ($totallate <= $level1) {

+	}

+	elseif ($totallate <= $level1) {

@@ -848 +1051,2 @@
-	} elseif ($totallate <= $level2) {

+	}

+	elseif ($totallate <= $level2) {

@@ -851 +1055,2 @@
-	} elseif ($totallate <= $level3) {

+	}

+	elseif ($totallate <= $level3) {

@@ -854 +1059,2 @@
-	} else {

+	}

+	else {

--- /tmp/dsg/dolibarr/htdocs/github_19.0.3_main.inc.php
+++ /tmp/dsg/dolibarr/htdocs/client_main.inc.php
@@ -4 +4 @@
- * Copyright (C) 2004-2021  Laurent Destailleur     <eldy@users.sourceforge.net>

+ * Copyright (C) 2004-2015  Laurent Destailleur     <eldy@users.sourceforge.net>

@@ -7 +7 @@
- * Copyright (C) 2005-2021  Regis Houssin           <regis.houssin@inodbox.com>

+ * Copyright (C) 2005-2015  Regis Houssin           <regis.houssin@inodbox.com>

@@ -15,5 +14,0 @@
- * Copyright (C) 2020       Charlene Benke          <charlie@patas-monkey.com>

- * Copyright (C) 2021       Frédéric France         <frederic.france@netlogic.fr>

- * Copyright (C) 2021       Alexandre Spangaro      <aspangaro@open-dsi.fr>

- * Copyright (C) 2023       Joachim Küter      		<git-jk@bloxera.com>

- * Copyright (C) 2023       Eric Seigne      		<eric.seigne@cap-rel.fr>

@@ -45 +40,2 @@
-if (!empty($_SERVER['MAIN_SHOW_TUNING_INFO'])) {

+if (!empty($_SERVER['MAIN_SHOW_TUNING_INFO']))

+{

@@ -55 +50,0 @@
-

@@ -57,2 +52 @@
- * Return the real char for a numeric entities.

- * WARNING: This function is required by testSqlAndScriptInject() and the GETPOST 'restricthtml'. Regex calling must be similar.

+ * Security: SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST, PHP_SELF).

@@ -60,27 +54,2 @@
- * @param	string		$matches			String of numeric entity

- * @return	string							New value

- */

-function realCharForNumericEntities($matches)

-{

-	$newstringnumentity = preg_replace('/;$/', '', $matches[1]);

-	//print  ' $newstringnumentity='.$newstringnumentity;

-

-	if (preg_match('/^x/i', $newstringnumentity)) {

-		$newstringnumentity = hexdec(preg_replace('/^x/i', '', $newstringnumentity));

-	}

-

-	// The numeric value we don't want as entities because they encode ascii char, and why using html entities on ascii except for haking ?

-	if (($newstringnumentity >= 65 && $newstringnumentity <= 90) || ($newstringnumentity >= 97 && $newstringnumentity <= 122)) {

-		return chr((int) $newstringnumentity);

-	}

-

-	return '&#'.$matches[1]; // Value will be unchanged because regex was /&#(  )/

-}

-

-/**

- * Security: WAF layer for SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST, PHP_SELF).

- * Warning: Such a protection can't be enough. It is not reliable as it will always be possible to bypass this. Good protection can

- * only be guaranted by escaping data during output.

- *

- * @param		string		$val		Brute value found into $_GET, $_POST or PHP_SELF

- * @param		string		$type		0=POST, 1=GET, 2=PHP_SELF, 3=GET without sql reserved keywords (the less tolerant test)

+ * @param		string		$val		Value

+ * @param		string		$type		1=GET, 0=POST, 2=PHP_SELF, 3=GET without sql reserved keywords (the less tolerant test)

@@ -91,22 +59,0 @@
-	// Decode string first because a lot of things are obfuscated by encoding or multiple encoding.

-	// So <svg o&#110;load='console.log(&quot;123&quot;)' become <svg onload='console.log(&quot;123&quot;)'

-	// So "&colon;&apos;" become ":'" (due to ENT_HTML5)

-	// So "&Tab;&NewLine;" become ""

-	// So "&lpar;&rpar;" become "()"

-

-	// Loop to decode until no more things to decode.

-	//print "before decoding $val\n";

-	do {

-		$oldval = $val;

-		$val = html_entity_decode($val, ENT_QUOTES | ENT_HTML5);	// Decode '&colon;', '&apos;', '&Tab;', '&NewLine', ...

-		// Sometimes we have entities without the ; at end so html_entity_decode does not work but entities is still interpreted by browser.

-		$val = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', function ($m) {

-			// Decode '&#110;', ...

-			return realCharForNumericEntities($m); }, $val);

-

-			// We clean html comments because some hacks try to obfuscate evil strings by inserting HTML comments. Example: on<!-- -->error=alert(1)

-			$val = preg_replace('/<!--[^>]*-->/', '', $val);

-			$val = preg_replace('/[\r\n\t]/', '', $val);

-	} while ($oldval != $val);

-	//print "type = ".$type." after decoding: ".$val."\n";

-

@@ -114,25 +61,9 @@
-

-	// We check string because some hacks try to obfuscate evil strings by inserting non printable chars. Example: 'java(ascci09)scr(ascii00)ipt' is processed like 'javascript' (whatever is place of evil ascii char)

-	// We should use dol_string_nounprintableascii but function is not yet loaded/available

-	// Example of valid UTF8 chars:

-	// utf8=utf8mb3:    '\x09', '\x0A', '\x0D', '\x7E'

-	// utf8=utf8mb3: 	'\xE0\xA0\x80'

-	// utf8mb4: 		'\xF0\x9D\x84\x9E'   (but this may be refused by the database insert if pagecode is utf8=utf8mb3)

-	$newval = preg_replace('/[\x00-\x08\x0B-\x0C\x0E-\x1F\x7F]/u', '', $val); // /u operator makes UTF8 valid characters being ignored so are not included into the replace

-

-	// Note that $newval may also be completely empty '' when non valid UTF8 are found.

-	if ($newval != $val) {

-		// If $val has changed after removing non valid UTF8 chars, it means we have an evil string.

-		$inj += 1;

-	}

-	//print 'type='.$type.'-val='.$val.'-newval='.$newval."-inj=".$inj."\n";

-

-	// For SQL Injection (only GET are used to scan for such injection strings)

-	if ($type == 1 || $type == 3) {

-		// Note the \s+ is replaced into \s* because some spaces may have been modified in previous loop

-		$inj += preg_match('/delete\s*from/i', $val);

-		$inj += preg_match('/create\s*table/i', $val);

-		$inj += preg_match('/insert\s*into/i', $val);

-		$inj += preg_match('/select\s*from/i', $val);

-		$inj += preg_match('/into\s*(outfile|dumpfile)/i', $val);

-		$inj += preg_match('/user\s*\(/i', $val); // avoid to use function user() or mysql_user() that return current database login

+	// For SQL Injection (only GET are used to be included into bad escaped SQL requests)

+	if ($type == 1 || $type == 3)

+	{

+		$inj += preg_match('/delete\s+from/i', $val);

+		$inj += preg_match('/create\s+table/i', $val);

+		$inj += preg_match('/insert\s+into/i', $val);

+		$inj += preg_match('/select\s+from/i', $val);

+		$inj += preg_match('/into\s+(outfile|dumpfile)/i', $val);

+		$inj += preg_match('/user\s*\(/i', $val); // avoid to use function user() that return current database login

@@ -140,2 +71,9 @@
-		$inj += preg_match('/<svg/i', $val); // <svg can be allowed in POST

-		$inj += preg_match('/update[^&=\w].*set.+=/i', $val);	// the [^&=\w] test is to avoid error when request is like action=update&...set... or &updatemodule=...set...

+	}

+	if ($type == 3)

+	{

+		$inj += preg_match('/select|update|delete|truncate|replace|group\s+by|concat|count|from|union/i', $val);

+	}

+	if ($type != 2)	// Not common key strings, so we can check them both on GET and POST

+	{

+		$inj += preg_match('/updatexml\(/i', $val);

+		$inj += preg_match('/update.+set.+=/i', $val);

@@ -143,7 +80,0 @@
-	}

-	if ($type == 3) {

-		// Note the \s+ is replaced into \s* because some spaces may have been modified in previous loop

-		$inj += preg_match('/select|update|delete|truncate|replace|group\s*by|concat|count|from|union/i', $val);

-	}

-	if ($type != 2) {	// Not common key strings, so we can check them both on GET and POST

-		$inj += preg_match('/updatexml\(/i', $val);

@@ -151,3 +82,2 @@
-		$inj += preg_match('/\s@@/', $val);

-	}

-	// For XSS Injection done by closing textarea to execute content into a textarea field

+	}

+	// For XSS Injection done by closing textarea to exucute content into a textarea field

@@ -159,0 +90,2 @@
+	$inj += preg_match('/<script/i', $val);

+	$inj += preg_match('/<iframe/i', $val);

@@ -161,4 +92,0 @@
-	$inj += preg_match('/<embed/i', $val);

-	$inj += preg_match('/<iframe/i', $val);

-	$inj += preg_match('/<object/i', $val);

-	$inj += preg_match('/<script/i', $val);

@@ -166,27 +94,11 @@
-	if (!defined('NOSTYLECHECK')) {

-		$inj += preg_match('/<style/i', $val);

-	}

-	$inj += preg_match('/base\s+href/si', $val);

-	$inj += preg_match('/=data:/si', $val);

-	// List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp and https://developer.mozilla.org/en-US/docs/Web/Events

-	$inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)[a-z]*\s*=/i', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>

-	$inj += preg_match('/on(abort|after|animation|auxclick|before|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)[a-z]*\s*=/i', $val);

-	$inj += preg_match('/on(dblclick|drop|durationchange|emptied|end|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)[a-z]*\s*=/i', $val);

-	$inj += preg_match('/on(lostpointercapture|offline|online|pagehide|pageshow)[a-z]*\s*=/i', $val);

-	$inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeked|seeking|show|stalled|start|submit|suspend)[a-z]*\s*=/i', $val);

-	$inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)[a-z]*\s*=/i', $val);

-	// More not into the previous list

-	$inj += preg_match('/on(repeat|begin|finish|beforeinput)[a-z]*\s*=/i', $val);

-

-	// We refuse html into html because some hacks try to obfuscate evil strings by inserting HTML into HTML. Example: <img on<a>error=alert(1) to bypass test on onerror

-	$tmpval = preg_replace('/<[^<]+>/', '', $val);

-	// List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp and https://developer.mozilla.org/en-US/docs/Web/Events

-	$inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)[a-z]*\s*=/i', $tmpval); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>

-	$inj += preg_match('/on(abort|after|animation|auxclick|before|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)[a-z]*\s*=/i', $tmpval);

-	$inj += preg_match('/on(dblclick|drop|durationchange|emptied|end|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)[a-z]*\s*=/i', $tmpval);

-	$inj += preg_match('/on(lostpointercapture|offline|online|pagehide|pageshow)[a-z]*\s*=/i', $tmpval);

-	$inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeked|seeking|show|stalled|start|submit|suspend)[a-z]*\s*=/i', $tmpval);

-	$inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)[a-z]*\s*=/i', $tmpval);

-	// More not into the previous list

-	$inj += preg_match('/on(repeat|begin|finish|beforeinput)[a-z]*\s*=/i', $tmpval);

-

+	if (!defined('NOSTYLECHECK')) $inj += preg_match('/<style/i', $val);

+	$inj += preg_match('/base[\s]+href/si', $val);

+	// List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp

+	$inj += preg_match('/onmouse([a-z]*)\s*=/i', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>

+	$inj += preg_match('/ondrag([a-z]*)\s*=/i', $val); //

+	$inj += preg_match('/ontouch([a-z]*)\s*=/i', $val); //

+	$inj += preg_match('/on(abort|afterprint|beforeprint|beforeunload|blur|canplay|canplaythrough|change|click|contextmenu|copy|cut)\s*=/i', $val);

+	$inj += preg_match('/on(dblclick|drop|durationchange|ended|error|focus|focusin|focusout|hashchange|input|invalid)\s*=/i', $val);

+	$inj += preg_match('/on(keydown|keypress|keyup|load|loadeddata|loadedmetadata|loadstart|offline|online|pagehide|pageshow)\s*=/i', $val);

+	$inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|resize|reset|scroll|search|seeking|select|show|stalled|start|submit|suspend)\s*=/i', $val);

+	$inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting)\s*=/i', $val);

@@ -195,2 +107,5 @@
-	$inj += preg_match('/j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t\s*:/i', $val);

-	$inj += preg_match('/vbscript\s*:/i', $val);

+	//if ($type == 1)

+	//{

+		$inj += preg_match('/javascript:/i', $val);

+		$inj += preg_match('/vbscript:/i', $val);

+	//}

@@ -198,8 +113,2 @@
-	if ($type == 1 || $type == 3) {

-		$val = str_replace('enclosure="', 'enclosure=X', $val); // We accept enclosure=" for the export/import module

-		$inj += preg_match('/"/i', $val); // We refused " in GET parameters value.

-	}

-	if ($type == 2) {

-		$inj += preg_match('/[:;"\'<>\?\(\){}\$%]/', $val); // PHP_SELF is a file system (or url path without parameters). It can contains spaces.

-	}

-

+	if ($type == 1) $inj += preg_match('/"/i', $val); // We refused " in GET parameters value

+	if ($type == 2) $inj += preg_match('/[;"]/', $val); // PHP_SELF is a file system path. It can contains spaces.

@@ -212 +121 @@
- * @param		string|array	$var		Variable name

+ * @param		string			$var		Variable name

@@ -218,3 +127,6 @@
-	if (is_array($var)) {

-		foreach ($var as $key => $value) {	// Warning, $key may also be used for attacks

-			if (analyseVarsForSqlAndScriptsInjection($key, $type) && analyseVarsForSqlAndScriptsInjection($value, $type)) {

+	if (is_array($var))

+	{

+		foreach ($var as $key => $value)	// Warning, $key may also be used for attacks

+		{

+			if (analyseVarsForSqlAndScriptsInjection($key, $type) && analyseVarsForSqlAndScriptsInjection($value, $type))

+			{

@@ -222,28 +134,4 @@
-			} else {

-				http_response_code(403);

-

-				// Get remote IP: PS: We do not use getRemoteIP(), function is not yet loaded and we need a value that can't be spoofed

-				$ip = (empty($_SERVER['REMOTE_ADDR']) ? 'unknown' : $_SERVER['REMOTE_ADDR']);

-

-				$errormessage = 'Access refused to '.htmlentities($ip, ENT_COMPAT, 'UTF-8').' by SQL or Script injection protection in main.inc.php:analyseVarsForSqlAndScriptsInjection type='.htmlentities($type, ENT_COMPAT, 'UTF-8');

-

-				$errormessage2 = 'paramkey='.htmlentities($key, ENT_COMPAT, 'UTF-8');

-				$errormessage2 .= ' paramvalue='.htmlentities($value, ENT_COMPAT, 'UTF-8');

-				$errormessage2 .= ' page='.htmlentities($_SERVER["REQUEST_URI"], ENT_COMPAT, 'UTF-8');

-

-				print $errormessage;

-				print "<br>\n";

-				print 'Try to go back, fix data of your form and resubmit it. You can contact also your technical support.';

-

-				print '<!--'."\n";

-				print $errormessage2;

-				print "\n".'-->';

-

-				// Add entry into error the PHP server error log

-				if (function_exists('error_log')) {

-					error_log($errormessage.' '.$errormessage2);

-				}

-

-				// Note: No addition into security audit table is done because we don't want to execute code in such a case.

-				// Detection of too many such requests can be done with a fail2ban rule on 403 error code or into the PHP server error log.

-

+			}

+			else

+			{

+				print 'Access refused by SQL/Script injection protection in main.inc.php (type='.htmlentities($type).' key='.htmlentities($key).' value='.htmlentities($value).' page='.htmlentities($_SERVER["REQUEST_URI"]).')';

@@ -254 +142,3 @@
-	} else {

+	}

+	else

+	{

@@ -259,4 +148,0 @@
-// To disable the WAF for GET and POST and PHP_SELF, uncomment this

-//define('NOSCANPHPSELFFORINJECTION', 1);

-//define('NOSCANGETFORINJECTION', 1);

-//define('NOSCANPOSTFORINJECTION', 1);

@@ -265,2 +151,3 @@
-if ((defined('NOREQUIREDB') || defined('NOREQUIRETRAN')) && !defined('NOREQUIREMENU')) {

-	print 'If define NOREQUIREDB or NOREQUIRETRAN are set, you must also set NOREQUIREMENU or not set them.';

+if ((defined('NOREQUIREDB') || defined('NOREQUIRETRAN')) && !defined('NOREQUIREMENU'))

+{

+	print 'If define NOREQUIREDB or NOREQUIRETRAN are set, you must also set NOREQUIREMENU or not set them';

@@ -269,4 +155,0 @@
-if (defined('NOREQUIREUSER') && !defined('NOREQUIREMENU')) {

-	print 'If define NOREQUIREUSER is set, you must also set NOREQUIREMENU or not set it.';

-	exit;

-}

@@ -275 +158,2 @@
-if (!defined('NOSCANPHPSELFFORINJECTION') && !empty($_SERVER["PHP_SELF"])) {

+if (!empty($_SERVER["PHP_SELF"]))

+{

@@ -280,5 +164,3 @@
-if (!defined('NOSCANGETFORINJECTION') && !empty($_SERVER["QUERY_STRING"])) {

-	// Note: QUERY_STRING is url encoded, but $_GET and $_POST are already decoded

-	// Because the analyseVarsForSqlAndScriptsInjection is designed for already url decoded value, we must decode QUERY_STRING

-	// Another solution is to provide $_GET as parameter with analyseVarsForSqlAndScriptsInjection($_GET, 1);

-	$morevaltochecklikeget = array(urldecode($_SERVER["QUERY_STRING"]));

+if (!defined('NOSCANGETFORINJECTION') && !empty($_SERVER["QUERY_STRING"]))

+{

+	$morevaltochecklikeget = array($_SERVER["QUERY_STRING"]);

@@ -288 +170,2 @@
-if (!defined('NOSCANPOSTFORINJECTION')) {

+if (!defined('NOSCANPOSTFORINJECTION'))

+{

@@ -293 +176,2 @@
-if (!empty($_SERVER['DOCUMENT_ROOT']) && substr($_SERVER['DOCUMENT_ROOT'], -6) !== 'htdocs') {

+if (!empty($_SERVER['DOCUMENT_ROOT']) && substr($_SERVER['DOCUMENT_ROOT'], -6) !== 'htdocs')

+{

@@ -297 +181 @@
-// Include the conf.php and functions.lib.php and security.lib.php. This defined the constants like DOL_DOCUMENT_ROOT, DOL_DATA_ROOT, DOL_URL_ROOT...

+// Include the conf.php and functions.lib.php. This defined the constants like DOL_DOCUMENT_ROOT, DOL_DATA_ROOT, DOL_URL_ROOT...

@@ -303 +187,2 @@
-if (!empty($_POST["DOL_AUTOSET_COOKIE"])) {

+if (!empty($_POST["DOL_AUTOSET_COOKIE"]))

+{

@@ -307 +192,2 @@
-	foreach ($tmplist as $tmpkey) {

+	foreach ($tmplist as $tmpkey)

+	{

@@ -310,3 +196 @@
-		if (!empty($_POST[$postkey])) {

-			$cookiearrayvalue[$tmpkey] = $_POST[$postkey];

-		}

+		if (!empty($_POST[$postkey])) $cookiearrayvalue[$tmpkey] = $_POST[$postkey];

@@ -317,113 +201,42 @@
-	if (PHP_VERSION_ID < 70300) {

-		setcookie($cookiename, empty($cookievalue) ? '' : $cookievalue, empty($cookievalue) ? 0 : (time() + (86400 * 354)), '/', null, ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true), true); // keep cookie 1 year and add tag httponly

-	} else {

-		// Only available for php >= 7.3

-		$cookieparams = array(

-			'expires' => empty($cookievalue) ? 0 : (time() + (86400 * 354)),

-			'path' => '/',

-			//'domain' => '.mywebsite.com', // the dot at the beginning allows compatibility with subdomains

-			'secure' => ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true),

-			'httponly' => true,

-			'samesite' => 'Lax'	// None || Lax  || Strict

-		);

-		setcookie($cookiename, empty($cookievalue) ? '' : $cookievalue, $cookieparams);

-	}

-	if (empty($cookievalue)) {

-		unset($_COOKIE[$cookiename]);

-	}

-}

-

-// Set the handler of session

-// if (ini_get('session.save_handler') == 'user')

-if (!empty($php_session_save_handler) && $php_session_save_handler == 'db') {

-	require_once 'core/lib/phpsessionin'.$php_session_save_handler.'.lib.php';

-}

-

-	// Init session. Name of session is specific to Dolibarr instance.

-	// Must be done after the include of filefunc.inc.php so global variables of conf file are defined (like $dolibarr_main_instance_unique_id or $dolibarr_main_force_https).

-	// Note: the function dol_getprefix() is defined into functions.lib.php but may have been defined to return a different key to manage another area to protect.

-	$prefix = dol_getprefix('');

-	$sessionname = 'DOLSESSID_'.$prefix;

-	$sessiontimeout = 'DOLSESSTIMEOUT_'.$prefix;

-if (!empty($_COOKIE[$sessiontimeout])) {

-	ini_set('session.gc_maxlifetime', $_COOKIE[$sessiontimeout]);

-}

-

-	// This create lock, released by session_write_close() or end of page.

-	// We need this lock as long as we read/write $_SESSION ['vars']. We can remove lock when finished.

-if (!defined('NOSESSION')) {

-	if (PHP_VERSION_ID < 70300) {

-		session_set_cookie_params(0, '/', null, ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true), true); // Add tag secure and httponly on session cookie (same as setting session.cookie_httponly into php.ini). Must be called before the session_start.

-	} else {

-		// Only available for php >= 7.3

-		$sessioncookieparams = array(

-			'lifetime' => 0,

-			'path' => '/',

-			//'domain' => '.mywebsite.com', // the dot at the beginning allows compatibility with subdomains

-			'secure' => ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true),

-			'httponly' => true,

-			'samesite' => 'Lax'	// None || Lax  || Strict

-		);

-		session_set_cookie_params($sessioncookieparams);

-	}

-	session_name($sessionname);

-	session_start();	// This call the open and read of session handler

-	//exit;	// this exist generates a call to write and close

-}

-

-

-	// Init the 6 global objects, this include will make the 'new Xxx()' and set properties for: $conf, $db, $langs, $user, $mysoc, $hookmanager

-	require_once 'master.inc.php';

-

-	// Uncomment this and set session.save_handler = user to use local session storing

-	// include DOL_DOCUMENT_ROOT.'/core/lib/phpsessionindb.inc.php

-

-	// If software has been locked. Only login $conf->global->MAIN_ONLY_LOGIN_ALLOWED is allowed.

-if (getDolGlobalString('MAIN_ONLY_LOGIN_ALLOWED')) {

-	$ok = 0;

-	if ((!session_id() || !isset($_SESSION["dol_login"])) && !isset($_POST["username"]) && !empty($_SERVER["GATEWAY_INTERFACE"])) {

-		$ok = 1; // We let working pages if not logged and inside a web browser (login form, to allow login by admin)

-	} elseif (isset($_POST["username"]) && $_POST["username"] == $conf->global->MAIN_ONLY_LOGIN_ALLOWED) {

-		$ok = 1; // We let working pages that is a login submission (login submit, to allow login by admin)

-	} elseif (defined('NOREQUIREDB')) {

-		$ok = 1; // We let working pages that don't need database access (xxx.css.php)

-	} elseif (defined('EVEN_IF_ONLY_LOGIN_ALLOWED')) {

-		$ok = 1; // We let working pages that ask to work even if only login enabled (logout.php)

-	} elseif (session_id() && isset($_SESSION["dol_login"]) && $_SESSION["dol_login"] == $conf->global->MAIN_ONLY_LOGIN_ALLOWED) {

-		$ok = 1; // We let working if user is allowed admin

-	}

-	if (!$ok) {

-		if (session_id() && isset($_SESSION["dol_login"]) && $_SESSION["dol_login"] != $conf->global->MAIN_ONLY_LOGIN_ALLOWED) {

-			print 'Sorry, your application is offline.'."\n";

-			print 'You are logged with user "'.$_SESSION["dol_login"].'" and only administrator user "' . getDolGlobalString('MAIN_ONLY_LOGIN_ALLOWED').'" is allowed to connect for the moment.'."\n";

-			$nexturl = DOL_URL_ROOT.'/user/logout.php?token='.newToken();

-			print 'Please try later or <a href="'.$nexturl.'">click here to disconnect and change login user</a>...'."\n";

-		} else {

-			print 'Sorry, your application is offline. Only administrator user "' . getDolGlobalString('MAIN_ONLY_LOGIN_ALLOWED').'" is allowed to connect for the moment.'."\n";

-			$nexturl = DOL_URL_ROOT.'/';

-			print 'Please try later or <a href="'.$nexturl.'">click here to change login user</a>...'."\n";

-		}

-		exit;

-	}

-}

-

-

-	// Activate end of page function

-	register_shutdown_function('dol_shutdown');

-

-	// Load debugbar

-if (isModEnabled('debugbar') && !GETPOST('dol_use_jmobile') && empty($_SESSION['dol_use_jmobile'])) {

-	global $debugbar;

-	include_once DOL_DOCUMENT_ROOT.'/debugbar/class/DebugBar.php';

-	$debugbar = new DolibarrDebugBar();

-	$renderer = $debugbar->getRenderer();

-	if (!getDolGlobalString('MAIN_HTML_HEADER')) {

-		$conf->global->MAIN_HTML_HEADER = '';

-	}

-	$conf->global->MAIN_HTML_HEADER .= $renderer->renderHead();

-

-	$debugbar['time']->startMeasure('pageaftermaster', 'Page generation (after environment init)');

-}

-

-	// Detection browser

-if (isset($_SERVER["HTTP_USER_AGENT"])) {

+	setcookie($cookiename, empty($cookievalue) ? '' : $cookievalue, empty($cookievalue) ? 0 : (time() + (86400 * 354)), '/', null, false, true); // keep cookie 1 year and add tag httponly

+	if (empty($cookievalue)) unset($_COOKIE[$cookiename]);

+}

+

+

+// Init session. Name of session is specific to Dolibarr instance.

+// Note: the function dol_getprefix may have been redefined to return a different key to manage another area to protect.

+$prefix = dol_getprefix('');

+

+$sessionname = 'DOLSESSID_'.$prefix;

+$sessiontimeout = 'DOLSESSTIMEOUT_'.$prefix;

+if (!empty($_COOKIE[$sessiontimeout])) ini_set('session.gc_maxlifetime', $_COOKIE[$sessiontimeout]);

+session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie (same as setting session.cookie_httponly into php.ini). Must be called before the session_start.

+session_name($sessionname);

+// This create lock, released when session_write_close() or end of page.

+// We need this lock as long as we read/write $_SESSION ['vars']. We can remove lock when finished.

+if (!defined('NOSESSION'))

+{

+	session_start();

+}

+

+// Init the 5 global objects, this include will make the 'new Xxx()' and set properties for: $conf, $db, $langs, $user, $mysoc

+require_once 'master.inc.php';

+

+// Activate end of page function

+register_shutdown_function('dol_shutdown');

+

+// Load debugbar

+if (!empty($conf->debugbar->enabled) && !GETPOST('dol_use_jmobile') && empty($_SESSION['dol_use_jmobile']))

+{

+    global $debugbar;

+    include_once DOL_DOCUMENT_ROOT.'/debugbar/class/DebugBar.php';

+    $debugbar = new DolibarrDebugBar();

+    $renderer = $debugbar->getRenderer();

+    $conf->global->MAIN_HTML_HEADER .= $renderer->renderHead();

+

+    $debugbar['time']->startMeasure('pageaftermaster', 'Page generation (after environment init)');

+}

+

+// Detection browser

+if (isset($_SERVER["HTTP_USER_AGENT"]))

+{

@@ -434 +246,0 @@
-	$conf->browser->ua = $tmp['browserua'];

@@ -438,13 +250,6 @@
-	if ($conf->browser->layout == 'phone') {

-		$conf->dol_no_mouse_hover = 1;

-	}

-}

-

-	// If theme is forced

-if (GETPOST('theme', 'aZ09')) {

-	$conf->theme = GETPOST('theme', 'aZ09');

-	$conf->css = "/theme/".$conf->theme."/style.css.php";

-}

-

-	// Set global MAIN_OPTIMIZEFORTEXTBROWSER (must be before login part)

-if (GETPOST('textbrowser', 'int') || (!empty($conf->browser->name) && $conf->browser->name == 'lynxlinks')) {   // If we must enable text browser

+	if ($conf->browser->layout == 'phone') $conf->dol_no_mouse_hover = 1;

+}

+

+// Set global MAIN_OPTIMIZEFORTEXTBROWSER (must be before login part)

+if (GETPOST('textbrowser', 'int') || (!empty($conf->browser->name) && $conf->browser->name == 'lynxlinks'))   // If we must enable text browser

+{

@@ -454,3 +259,4 @@
-	// Force HTTPS if required ($conf->file->main_force_https is 0/1 or 'https dolibarr root url')

-	// $_SERVER["HTTPS"] is 'on' when link is https, otherwise $_SERVER["HTTPS"] is empty or 'off'

-if (!empty($conf->file->main_force_https) && (empty($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != 'on') && !defined('NOHTTPSREDIRECT')) {

+// Force HTTPS if required ($conf->file->main_force_https is 0/1 or 'https dolibarr root url')

+// $_SERVER["HTTPS"] is 'on' when link is https, otherwise $_SERVER["HTTPS"] is empty or 'off'

+if (!empty($conf->file->main_force_https) && (empty($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != 'on'))

+{

@@ -458,3 +264,6 @@
-	if (is_numeric($conf->file->main_force_https)) {

-		if ($conf->file->main_force_https == '1' && !empty($_SERVER["SCRIPT_URI"])) {	// If SCRIPT_URI supported by server

-			if (preg_match('/^http:/i', $_SERVER["SCRIPT_URI"]) && !preg_match('/^https:/i', $_SERVER["SCRIPT_URI"])) {	// If link is http

+	if (is_numeric($conf->file->main_force_https))

+	{

+		if ($conf->file->main_force_https == '1' && !empty($_SERVER["SCRIPT_URI"]))	// If SCRIPT_URI supported by server

+		{

+			if (preg_match('/^http:/i', $_SERVER["SCRIPT_URI"]) && !preg_match('/^https:/i', $_SERVER["SCRIPT_URI"]))	// If link is http

+			{

@@ -463,2 +272,3 @@
-		} else {

-			// Check HTTPS environment variable (Apache/mod_ssl only)

+		}

+		else	// Check HTTPS environment variable (Apache/mod_ssl only)

+		{

@@ -467 +277,3 @@
-	} else {

+	}

+	else

+	{

@@ -472 +284,2 @@
-	if ($newurl) {

+	if ($newurl)

+	{

@@ -477 +290,3 @@
-	} else {

+	}

+	else

+	{

@@ -482 +297,2 @@
-if (!defined('NOLOGIN') && !defined('NOIPCHECK') && !empty($dolibarr_main_restrict_ip)) {

+if (!defined('NOLOGIN') && !defined('NOIPCHECK') && !empty($dolibarr_main_restrict_ip))

+{

@@ -485 +301,2 @@
-	foreach ($listofip as $ip) {

+	foreach ($listofip as $ip)

+	{

@@ -487 +304,2 @@
-		if ($ip == $_SERVER['REMOTE_ADDR']) {

+		if ($ip == $_SERVER['REMOTE_ADDR'])

+		{

@@ -492 +310,2 @@
-	if (!$found) {

+	if (!$found)

+	{

@@ -498,10 +317,7 @@
-	// Loading of additional presentation includes

-if (!defined('NOREQUIREHTML')) {

-	require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; // Need 660ko memory (800ko in 2.2)

-}

-if (!defined('NOREQUIREAJAX')) {

-	require_once DOL_DOCUMENT_ROOT.'/core/lib/ajax.lib.php'; // Need 22ko memory

-}

-

-	// If install or upgrade process not done or not completely finished, we call the install page.

-if (getDolGlobalString('MAIN_NOT_INSTALLED') || getDolGlobalString('MAIN_NOT_UPGRADED')) {

+// Loading of additional presentation includes

+if (!defined('NOREQUIREHTML')) require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; // Need 660ko memory (800ko in 2.2)

+require_once DOL_DOCUMENT_ROOT.'/core/lib/ajax.lib.php'; // Need 22ko memory

+

+// If install or upgrade process not done or not completely finished, we call the install page.

+if (!empty($conf->global->MAIN_NOT_INSTALLED) || !empty($conf->global->MAIN_NOT_UPGRADED))

+{

@@ -512,137 +328,58 @@
-	// If an upgrade process is required, we call the install page.

-if ((getDolGlobalString('MAIN_VERSION_LAST_UPGRADE') && ($conf->global->MAIN_VERSION_LAST_UPGRADE != DOL_VERSION))

-		|| (!getDolGlobalString('MAIN_VERSION_LAST_UPGRADE') && getDolGlobalString('MAIN_VERSION_LAST_INSTALL') && ($conf->global->MAIN_VERSION_LAST_INSTALL != DOL_VERSION))) {

-		$versiontocompare = !getDolGlobalString('MAIN_VERSION_LAST_UPGRADE') ? $conf->global->MAIN_VERSION_LAST_INSTALL : $conf->global->MAIN_VERSION_LAST_UPGRADE;

-		require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';

-		$dolibarrversionlastupgrade = preg_split('/[.-]/', $versiontocompare);

-		$dolibarrversionprogram = preg_split('/[.-]/', DOL_VERSION);

-		$rescomp = versioncompare($dolibarrversionprogram, $dolibarrversionlastupgrade);

-	if ($rescomp > 0) {   // Programs have a version higher than database.

-		if (!getDolGlobalString('MAIN_NO_UPGRADE_REDIRECT_ON_LEVEL_3_CHANGE') || $rescomp < 3) {

-			// We did not add "&& $rescomp < 3" because we want upgrade process for build upgrades

-			dol_syslog("main.inc: database version ".$versiontocompare." is lower than programs version ".DOL_VERSION.". Redirect to install/upgrade page.", LOG_WARNING);

-			header("Location: ".DOL_URL_ROOT."/install/index.php");

-			exit;

-		}

-	}

-}

-

-		// Creation of a token against CSRF vulnerabilities

-if (!defined('NOTOKENRENEWAL') && !defined('NOSESSION')) {

-	// No token renewal on .css.php, .js.php and .json.php (even if the NOTOKENRENEWAL was not provided)

-	if (!preg_match('/\.(css|js|json)\.php$/', $_SERVER["PHP_SELF"])) {

-		// Rolling token at each call ($_SESSION['token'] contains token of previous page)

-		if (isset($_SESSION['newtoken'])) {

-			$_SESSION['token'] = $_SESSION['newtoken'];

-		}

-

-		if (!isset($_SESSION['newtoken']) || getDolGlobalInt('MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL')) {

-			// Note: Using MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL is not recommended: if a user succeed in entering a data from

-			// a public page with a link that make a token regeneration, it can make use of the backoffice no more possible !

-			// Save in $_SESSION['newtoken'] what will be next token. Into forms, we will add param token = $_SESSION['newtoken']

-			$token = dol_hash(uniqid(mt_rand(), false), 'md5'); // Generates a hash of a random number. We don't need a secured hash, just a changing random value.

-			$_SESSION['newtoken'] = $token;

-			dol_syslog("NEW TOKEN generated by : ".$_SERVER['PHP_SELF'], LOG_DEBUG);

-		}

-	}

-}

-

-		//dol_syslog("CSRF info: ".defined('NOCSRFCHECK')." - ".$dolibarr_nocsrfcheck." - ".$conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN." - ".$_SERVER['REQUEST_METHOD']." - ".GETPOST('token', 'alpha'));

-

-		// Check validity of token, only if option MAIN_SECURITY_CSRF_WITH_TOKEN enabled or if constant CSRFCHECK_WITH_TOKEN is set into page

-if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt('MAIN_SECURITY_CSRF_WITH_TOKEN')) || defined('CSRFCHECK_WITH_TOKEN')) {

-	// Array of action code where CSRFCHECK with token will be forced (so token must be provided on url request)

-	$sensitiveget = false;

-	if ((GETPOSTISSET('massaction') || GETPOST('action', 'aZ09')) && getDolGlobalInt('MAIN_SECURITY_CSRF_WITH_TOKEN') >= 3) {

-		// All GET actions (except the listed exception) and mass actions are processed as sensitive.

-		if (GETPOSTISSET('massaction') || !in_array(GETPOST('action', 'aZ09'), array('create', 'createsite', 'createcard', 'edit', 'editvalidator', 'file_manager', 'presend', 'presend_addmessage', 'preview', 'specimen'))) {	// We exclude some action that are legitimate

-			$sensitiveget = true;

-		}

-	} elseif (getDolGlobalInt('MAIN_SECURITY_CSRF_WITH_TOKEN') >= 2) {

-		// Few GET actions coded with a &token into url are also processed as sensitive.

-		$arrayofactiontoforcetokencheck = array(

-			'activate',

-			'doprev', 'donext', 'dvprev', 'dvnext',

-			'freezone', 'install',

-			'reopen'

-		);

-		if (in_array(GETPOST('action', 'aZ09'), $arrayofactiontoforcetokencheck)) {

-			$sensitiveget = true;

-		}

-		// We also need a valid token for actions matching one of these values

-		if (preg_match('/^(confirm_)?(add|classify|close|confirm|copy|del|disable|enable|remove|set|unset|update|save)/', GETPOST('action', 'aZ09'))) {

-			$sensitiveget = true;

-		}

-	}

-

-	// Check a token is provided for all cases that need a mandatory token

-	// (all POST actions + all sensitive GET actions + all mass actions + all login/actions/logout on pages with CSRFCHECK_WITH_TOKEN set)

-	if (

-		(!empty($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST') ||

-		$sensitiveget ||

-		GETPOSTISSET('massaction') ||

-		((GETPOSTISSET('actionlogin') || GETPOSTISSET('action')) && defined('CSRFCHECK_WITH_TOKEN'))

-		) {

-			// If token is not provided or empty, error (we are in case it is mandatory)

-		if (!GETPOST('token', 'alpha') || GETPOST('token', 'alpha') == 'notrequired') {

-			top_httphead();

-			if (GETPOST('uploadform', 'int')) {

-				dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused. File size too large or not provided.");

-				$langs->loadLangs(array("errors", "install"));

-				print $langs->trans("ErrorFileSizeTooLarge").' ';

-				print $langs->trans("ErrorGoBackAndCorrectParameters");

-			} else {

-				http_response_code(403);

-				if (defined('CSRFCHECK_WITH_TOKEN')) {

-					dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (CSRFCHECK_WITH_TOKEN protection) in main.inc.php. Token not provided.", LOG_WARNING);

-					print "Access to a page that needs a token (constant CSRFCHECK_WITH_TOKEN is defined) is refused by CSRF protection in main.inc.php. Token not provided.\n";

-				} else {

-					dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (POST method or GET with a sensible value for 'action' parameter) in main.inc.php. Token not provided.", LOG_WARNING);

-					print "Access to this page this way (POST method or GET with a sensible value for 'action' parameter) is refused by CSRF protection in main.inc.php. Token not provided.\n";

-					print "If you access your server behind a proxy using url rewriting and the parameter is provided by caller, you might check that all HTTP header are propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file or MAIN_SECURITY_CSRF_WITH_TOKEN to 0";

-					if (getDolGlobalString('MAIN_SECURITY_CSRF_WITH_TOKEN')) {

-						print " instead of " . getDolGlobalString('MAIN_SECURITY_CSRF_WITH_TOKEN');

-					}

-					print " into setup).\n";

-				}

-			}

-			die;

-		}

-	}

-

-		$sessiontokenforthisurl = (empty($_SESSION['token']) ? '' : $_SESSION['token']);

-		// TODO Get the sessiontokenforthisurl into an array of session token (one array per base URL so we can use the CSRF per page and we keep ability for several tabs per url in a browser)

-	if (GETPOSTISSET('token') && GETPOST('token') != 'notrequired' && GETPOST('token', 'alpha') != $sessiontokenforthisurl) {

-			dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (invalid token), so we disable POST and some GET parameters - referer=".(empty($_SERVER['HTTP_REFERER'])?'':$_SERVER['HTTP_REFERER']).", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha'), LOG_WARNING);

-			//dol_syslog("_SESSION['token']=".$sessiontokenforthisurl, LOG_DEBUG);

-			// Do not output anything on standard output because this create problems when using the BACK button on browsers. So we just set a message into session.

-		if (!defined('NOTOKENRENEWAL')) {

-			// If the page is not a page that disable the token renewal, we report a warning message to explain token has epired.

-			setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings', '', 1);

-		}

-			$savid = null;

-		if (isset($_POST['id'])) {

-			$savid = ((int) $_POST['id']);

-		}

-			unset($_POST);

-			unset($_GET['confirm']);

-			unset($_GET['action']);

-			unset($_GET['confirmmassaction']);

-			unset($_GET['massaction']);

-			unset($_GET['token']);			// TODO Make a redirect if we have a token in url to remove it ?

-		if (isset($savid)) {

-			$_POST['id'] = ((int) $savid);

-		}

-			// So rest of code can know something was wrong here

-			$_GET['errorcode'] = 'InvalidToken';

-	}

-

-		// Note: There is another CSRF protection into the filefunc.inc.php

-}

-

-		// Disable modules (this must be after session_start and after conf has been loaded)

-if (GETPOSTISSET('disablemodules')) {

-	$_SESSION["disablemodules"] = GETPOST('disablemodules', 'alpha');

-}

-if (!empty($_SESSION["disablemodules"])) {

-	$modulepartkeys = array('css', 'js', 'tabs', 'triggers', 'login', 'substitutions', 'menus', 'theme', 'sms', 'tpl', 'barcode', 'models', 'societe', 'hooks', 'dir', 'syslog', 'tpllinkable', 'contactelement', 'moduleforexternal');

+// If an upgrade process is required, we call the install page.

+if ((!empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && ($conf->global->MAIN_VERSION_LAST_UPGRADE != DOL_VERSION))

+|| (empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && !empty($conf->global->MAIN_VERSION_LAST_INSTALL) && ($conf->global->MAIN_VERSION_LAST_INSTALL != DOL_VERSION)))

+{

+	$versiontocompare = empty($conf->global->MAIN_VERSION_LAST_UPGRADE) ? $conf->global->MAIN_VERSION_LAST_INSTALL : $conf->global->MAIN_VERSION_LAST_UPGRADE;

+	require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';

+	$dolibarrversionlastupgrade = preg_split('/[.-]/', $versiontocompare);

+	$dolibarrversionprogram = preg_split('/[.-]/', DOL_VERSION);

+	$rescomp = versioncompare($dolibarrversionprogram, $dolibarrversionlastupgrade);

+	if ($rescomp > 0)   // Programs have a version higher than database. We did not add "&& $rescomp < 3" because we want upgrade process for build upgrades

+	{

+		dol_syslog("main.inc: database version ".$versiontocompare." is lower than programs version ".DOL_VERSION.". Redirect to install page.", LOG_WARNING);

+		header("Location: ".DOL_URL_ROOT."/install/index.php");

+		exit;

+	}

+}

+

+// Creation of a token against CSRF vulnerabilities

+if (!defined('NOTOKENRENEWAL'))

+{

+	// Rolling token at each call ($_SESSION['token'] contains token of previous page)

+	if (isset($_SESSION['newtoken'])) $_SESSION['token'] = $_SESSION['newtoken'];

+

+	// Save in $_SESSION['newtoken'] what will be next token. Into forms, we will add param token = $_SESSION['newtoken']

+	$token = dol_hash(uniqid(mt_rand(), true)); // Generates a hash of a random number

+	$_SESSION['newtoken'] = $token;

+}

+

+//var_dump(GETPOST('token').' '.$_SESSION['token'].' - '.newToken().' '.$_SERVER['SCRIPT_FILENAME']);

+//$dolibarr_nocsrfcheck=1;

+// Check token

+//var_dump((! defined('NOCSRFCHECK')).' '.empty($dolibarr_nocsrfcheck).' '.(! empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN)).' '.$_SERVER['REQUEST_METHOD'].' '.(! GETPOSTISSET('token')));

+if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN))

+	|| defined('CSRFCHECK_WITH_TOKEN'))	// Check validity of token, only if option MAIN_SECURITY_CSRF_WITH_TOKEN enabled or if constant CSRFCHECK_WITH_TOKEN is set

+{

+	if ($_SERVER['REQUEST_METHOD'] == 'POST' && !GETPOSTISSET('token')) // Note: offender can still send request by GET

+	{

+		dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." refused by CSRFCHECK_WITH_TOKEN protection. Token not provided.");

+		print "Access by POST method refused by CSRF protection in main.inc.php. Token not provided.\n";

+		print "If you access your server behind a proxy using url rewriting, you might check that all HTTP header is propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file or MAIN_SECURITY_CSRF_WITH_TOKEN to 0 into setup).\n";

+		die;

+	}

+

+	if (GETPOSTISSET('token') && GETPOST('token', 'alpha') != $_SESSION['token'])

+	{

+		dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." refused due to invalid token, so we disable POST and some GET parameters - referer=".$_SERVER['HTTP_REFERER'].", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha').", _SESSION['token']=".$_SESSION['token'], LOG_WARNING);

+		//print 'Unset POST by CSRF protection in main.inc.php.';	// Do not output anything because this create problems when using the BACK button on browsers.

+		if ($conf->global->MAIN_FEATURES_LEVEL > 1) setEventMessages('Unset POST by CSRF protection in main.inc.php (POST for this token was already done or was done by a not allowed web page with a wrong token).'."<br>\n".'$_SERVER[REQUEST_URI] = '.$_SERVER['REQUEST_URI'].' $_SERVER[REQUEST_METHOD] = '.$_SERVER['REQUEST_METHOD'].' GETPOST(token) = '.GETPOST('token', 'alpha').' $_SESSION[token] = '.$_SESSION['token'], null, 'warnings');

+		unset($_POST);

+		unset($_GET['confirm']);

+	}

+}

+

+// Disable modules (this must be after session_start and after conf has been loaded)

+if (GETPOSTISSET('disablemodules'))  $_SESSION["disablemodules"] = GETPOST('disablemodules', 'alpha');

+if (!empty($_SESSION["disablemodules"]))

+{

+    $modulepartkeys = array('css', 'js', 'tabs', 'triggers', 'login', 'substitutions', 'menus', 'theme', 'sms', 'tpl', 'barcode', 'models', 'societe', 'hooks', 'dir', 'syslog', 'tpllinkable', 'contactelement', 'moduleforexternal');

@@ -651,5 +388,5 @@
-	foreach ($disabled_modules as $module) {

-		if ($module) {

-			if (empty($conf->$module)) {

-				$conf->$module = new stdClass(); // To avoid warnings

-			}

+	foreach ($disabled_modules as $module)

+	{

+		if ($module)

+		{

+			if (empty($conf->$module)) $conf->$module = new stdClass(); // To avoid warnings

@@ -657,4 +394,6 @@
-			foreach ($modulepartkeys as $modulepartkey) {

-				unset($conf->modules_parts[$modulepartkey][$module]);

-			}

-			if ($module == 'fournisseur') {		// Special case

+			foreach ($modulepartkeys as $modulepartkey)

+			{

+			    unset($conf->modules_parts[$modulepartkey][$module]);

+			}

+			if ($module == 'fournisseur')		// Special case

+			{

@@ -668,14 +407,13 @@
-		// Set current modulepart

-		$modulepart = explode("/", $_SERVER["PHP_SELF"]);

-if (is_array($modulepart) && count($modulepart) > 0) {

-	foreach ($conf->modules as $module) {

-		if (in_array($module, $modulepart)) {

-			$modulepart = $module;

-			break;

-		}

-	}

-}

-if (is_array($modulepart)) {

-	$modulepart = '';

-}

-

+// Set current modulepart

+$modulepart = explode("/", $_SERVER["PHP_SELF"]);

+if (is_array($modulepart) && count($modulepart) > 0)

+{

+	foreach ($conf->modules as $module)

+	{

+		if (in_array($module, $modulepart))

+		{

+			$conf->modulepart = $module;

+            break;

+		}

+	}

+}

@@ -686 +423,0 @@
-

@@ -688 +425,2 @@
-if (!defined('NOLOGIN')) {

+if (!defined('NOLOGIN'))

+{

@@ -692 +430,2 @@
-	if (defined('MAIN_AUTHENTICATION_MODE')) {

+	if (defined('MAIN_AUTHENTICATION_MODE'))

+	{

@@ -694 +433,3 @@
-	} else {

+	}

+	else

+	{

@@ -696,3 +437 @@
-		if (empty($dolibarr_main_authentication)) {

-			$dolibarr_main_authentication = 'dolibarr';

-		}

+		if (empty($dolibarr_main_authentication)) $dolibarr_main_authentication = 'http,dolibarr';

@@ -700,3 +439 @@
-		if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) {

-			$dolibarr_auto_user = 'auto';

-		}

+		if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) $dolibarr_auto_user = 'auto';

@@ -708 +445,2 @@
-	if (!count($authmode)) {

+	if (!count($authmode))

+	{

@@ -719 +457,2 @@
-	if (!isset($_SESSION["dol_login"])) {

+	if (!isset($_SESSION["dol_login"]))

+	{

@@ -736,3 +475,5 @@
-		if (!empty($dolibarr_main_demo) && $_SERVER['PHP_SELF'] == DOL_URL_ROOT.'/index.php') {  // We ask index page

-			if (empty($_SERVER['HTTP_REFERER']) || !preg_match('/public/', $_SERVER['HTTP_REFERER'])) {

-				dol_syslog("Call index page from another url than demo page (call is done from page ".(empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFER']).")");

+		if (!empty($dolibarr_main_demo) && $_SERVER['PHP_SELF'] == DOL_URL_ROOT.'/index.php')  // We ask index page

+		{

+			if (empty($_SERVER['HTTP_REFERER']) || !preg_match('/public/', $_SERVER['HTTP_REFERER']))

+			{

+				dol_syslog("Call index page from another url than demo page (call is done from page ".$_SERVER['HTTP_REFERER'].")");

@@ -751,10 +491,0 @@
-		// Hooks for security access

-		$action = '';

-		$hookmanager->initHooks(array('login'));

-		$parameters = array();

-		$reshook = $hookmanager->executeHooks('beforeLoginAuthentication', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks

-		if ($reshook < 0) {

-			$test = false;

-			$error++;

-		}

-

@@ -762 +493,2 @@
-		if ($test && GETPOST("username", "alpha", 2) && getDolGlobalString('MAIN_SECURITY_ENABLECAPTCHA') && !isset($_SESSION['dol_bypass_antispam'])) {

+		if (GETPOST("username", "alpha", 2) && !empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA) && !isset($_SESSION['dol_bypass_antispam']))

+		{

@@ -764 +496 @@
-			$ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) === strtolower(GETPOST('code', 'restricthtml'))));

+			$ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower($_POST['code'])));

@@ -767,2 +499,3 @@
-			if (!$ok) {

-				dol_syslog('Bad value for code, connexion refused', LOG_NOTICE);

+			if (!$ok)

+			{

+				dol_syslog('Bad value for code, connexion refused');

@@ -772 +505 @@
-				$_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorBadValueForCode");

+				$_SESSION["dol_loginmesg"] = $langs->trans("ErrorBadValueForCode");

@@ -776 +509 @@
-				$user->context['audit'] = 'ErrorBadValueForCode - login='.GETPOST("username", "alpha", 2);

+				$user->trigger_mesg = 'ErrorBadValueForCode - login='.GETPOST("username", "alpha", 2);

@@ -780,3 +513 @@
-				if ($result < 0) {

-					$error++;

-				}

+				if ($result < 0) $error++;

@@ -788 +519 @@
-				$parameters = array('dol_authmode'=>$authmode, 'dol_loginmesg'=>$_SESSION["dol_loginmesg"]);

+				$parameters = array('dol_authmode'=>$dol_authmode, 'dol_loginmesg'=>$_SESSION["dol_loginmesg"]);

@@ -790,3 +521 @@
-				if ($reshook < 0) {

-					$error++;

-				}

+				if ($reshook < 0) $error++;

@@ -798,6 +527,3 @@
-		$allowedmethodtopostusername = 3;

-		if (defined('MAIN_AUTHENTICATION_POST_METHOD')) {

-			$allowedmethodtopostusername = constant('MAIN_AUTHENTICATION_POST_METHOD');	// Note a value of 2 is not compatible with some authentication methods that put username as GET parameter

-		}

-		// TODO Remove use of $_COOKIE['login_dolibarr'] ? Replace $usertotest = with $usertotest = GETPOST("username", "alpha", $allowedmethodtopostusername);

-		$usertotest = (!empty($_COOKIE['login_dolibarr']) ? preg_replace('/[^a-zA-Z0-9_@\-\.]/', '', $_COOKIE['login_dolibarr']) : GETPOST("username", "alpha", $allowedmethodtopostusername));

+		$allowedmethodtopostusername = 2;

+		if (defined('MAIN_AUTHENTICATION_POST_METHOD')) $allowedmethodtopostusername = constant('MAIN_AUTHENTICATION_POST_METHOD');

+		$usertotest = (!empty($_COOKIE['login_dolibarr']) ? $_COOKIE['login_dolibarr'] : GETPOST("username", "alpha", $allowedmethodtopostusername));

@@ -807 +533 @@
-		// Define if we received the correct data to go into the test of the login with the checkLoginPassEntity().

+		// Define if we received data to test the login.

@@ -809,20 +535,6 @@
-		if (isset($_SERVER["REMOTE_USER"]) && in_array('http', $authmode)) {	// For http basic login test

-			$goontestloop = true;

-		}

-		if ($dolibarr_main_authentication == 'forceuser' && !empty($dolibarr_auto_user)) {	// For automatic login with a forced user

-			$goontestloop = true;

-		}

-		if (GETPOST("username", "alpha", $allowedmethodtopostusername)) {	// For posting the login form

-			$goontestloop = true;

-		}

-		if (GETPOST('openid_mode', 'alpha', 1)) {	// For openid_connect ?

-			$goontestloop = true;

-		}

-		if (GETPOST('beforeoauthloginredirect') || GETPOST('afteroauthloginreturn')) {	// For oauth login

-			$goontestloop = true;

-		}

-		if (!empty($_COOKIE['login_dolibarr'])) {	// TODO For ? Remove this ?

-			$goontestloop = true;

-		}

-

-		if (!is_object($langs)) { // This can occurs when calling page with NOREQUIRETRAN defined, however we need langs for error messages.

+		if (isset($_SERVER["REMOTE_USER"]) && in_array('http', $authmode)) $goontestloop = true;

+		if ($dolibarr_main_authentication == 'forceuser' && !empty($dolibarr_auto_user)) $goontestloop = true;

+		if (GETPOST("username", "alpha", $allowedmethodtopostusername) || !empty($_COOKIE['login_dolibarr']) || GETPOST('openid_mode', 'alpha', 1)) $goontestloop = true;

+

+		if (!is_object($langs)) // This can occurs when calling page with NOREQUIRETRAN defined, however we need langs for error messages.

+		{

@@ -831,4 +543,2 @@
-			$langcode = (GETPOST('lang', 'aZ09', 1) ?GETPOST('lang', 'aZ09', 1) : getDolGlobalString('MAIN_LANG_DEFAULT', 'auto'));

-			if (defined('MAIN_LANG_DEFAULT')) {

-				$langcode = constant('MAIN_LANG_DEFAULT');

-			}

+			$langcode = (GETPOST('lang', 'aZ09', 1) ?GETPOST('lang', 'aZ09', 1) : (empty($conf->global->MAIN_LANG_DEFAULT) ? 'auto' : $conf->global->MAIN_LANG_DEFAULT));

+			if (defined('MAIN_LANG_DEFAULT')) $langcode = constant('MAIN_LANG_DEFAULT');

@@ -841,22 +551,2 @@
-		if ($test && $goontestloop && (GETPOST('actionlogin', 'aZ09') == 'login' || $dolibarr_main_authentication != 'dolibarr')) {

-			// Loop on each test mode defined into $authmode

-			// $authmode is an array for example: array('0'=>'dolibarr', '1'=>'googleoauth');

-			$oauthmodetotestarray = array('google');

-			foreach ($oauthmodetotestarray as $oauthmodetotest) {

-				if (in_array($oauthmodetotest.'oauth', $authmode)) {	// This is an authmode that is currently qualified. Do we have to remove it ?

-					// If we click on the link to use OAuth authentication or if we goes after callback return, we do nothing

-					if (GETPOST('beforeoauthloginredirect') == $oauthmodetotest || GETPOST('afteroauthloginreturn')) {

-						// TODO Use: if (GETPOST('beforeoauthloginredirect') == $oauthmodetotest || GETPOST('afteroauthloginreturn') == $oauthmodetotest) {

-						continue;

-					}

-					dol_syslog("User did not click on link for OAuth or is not on the OAuth return, so we disable check using ".$oauthmodetotest);

-					foreach ($authmode as $tmpkey => $tmpval) {

-						if ($tmpval == $oauthmodetotest.'oauth') {

-							unset($authmode[$tmpkey]);

-							break;

-						}

-					}

-				}

-			}

-

-			// Check login for all qualified modes in array $authmode.

+		if ($test && $goontestloop && (GETPOST('actionlogin', 'aZ09') == 'login' || $dolibarr_main_authentication != 'dolibarr'))

+		{

@@ -864,7 +554,2 @@
-			if ($login === '--bad-login-validity--') {

-				$login = '';

-			}

-

-			$dol_authmode = '';

-

-			if ($login) {

+			if ($login)

+			{

@@ -872,2 +557,2 @@
-				$dol_tz = empty($_POST["tz"]) ? (empty($_SESSION["tz"]) ? '' : $_SESSION["tz"]) : $_POST["tz"];

-				$dol_tz_string = empty($_POST["tz_string"]) ? (empty($_SESSION["tz_string"]) ? '' : $_SESSION["tz_string"]) : $_POST["tz_string"];

+				$dol_tz = $_POST["tz"];

+				$dol_tz_string = $_POST["tz_string"];

@@ -879,3 +564,2 @@
-				$dol_dst_first = empty($_POST["dst_first"]) ? (empty($_SESSION["dst_first"]) ? '' : $_SESSION["dst_first"]) : $_POST["dst_first"];

-				$dol_dst_second = empty($_POST["dst_second"]) ? (empty($_SESSION["dst_second"]) ? '' : $_SESSION["dst_second"]) : $_POST["dst_second"];

-				if ($dol_dst_first && $dol_dst_second) {

+				if (isset($_POST["dst_first"]) && isset($_POST["dst_second"]))

+				{

@@ -884,5 +568,3 @@
-					$datefirst = dol_stringtotime($dol_dst_first);

-					$datesecond = dol_stringtotime($dol_dst_second);

-					if ($datenow >= $datefirst && $datenow < $datesecond) {

-						$dol_dst = 1;

-					}

+					$datefirst = dol_stringtotime($_POST["dst_first"]);

+					$datesecond = dol_stringtotime($_POST["dst_second"]);

+					if ($datenow >= $datefirst && $datenow < $datesecond) $dol_dst = 1;

@@ -890,7 +572,6 @@
-				$dol_screenheight = empty($_POST["screenheight"]) ? (empty($_SESSION["dol_screenheight"]) ? '' : $_SESSION["dol_screenheight"]) : $_POST["screenheight"];

-				$dol_screenwidth = empty($_POST["screenwidth"]) ? (empty($_SESSION["dol_screenwidth"]) ? '' : $_SESSION["dol_screenwidth"]) : $_POST["screenwidth"];

-				//print $datefirst.'-'.$datesecond.'-'.$datenow.'-'.$dol_tz.'-'.$dol_tzstring.'-'.$dol_dst.'-'.sdol_screenheight.'-'.sdol_screenwidth; exit;

-			}

-

-			if (!$login) {

-				dol_syslog('Bad password, connexion refused (see a previous notice message for more info)', LOG_NOTICE);

+				//print $datefirst.'-'.$datesecond.'-'.$datenow.'-'.$dol_tz.'-'.$dol_tzstring.'-'.$dol_dst; exit;

+			}

+

+			if (!$login)

+			{

+				dol_syslog('Bad password, connexion refused', LOG_DEBUG);

@@ -902,3 +583 @@
-				if (empty($_SESSION["dol_loginmesg"])) {

-					$_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorBadLoginPassword");

-				}

+				if (empty($_SESSION["dol_loginmesg"])) $_SESSION["dol_loginmesg"] = $langs->trans("ErrorBadLoginPassword");

@@ -907 +586 @@
-				$user->context['audit'] = $langs->trans("ErrorBadLoginPassword").' - login='.GETPOST("username", "alpha", 2);

+				$user->trigger_mesg = $langs->trans("ErrorBadLoginPassword").' - login='.GETPOST("username", "alpha", 2);

@@ -911,3 +590 @@
-				if ($result < 0) {

-					$error++;

-				}

+				if ($result < 0) $error++;

@@ -921,3 +598 @@
-				if ($reshook < 0) {

-					$error++;

-				}

+				if ($reshook < 0) $error++;

@@ -930 +605,2 @@
-		if (!$login || (in_array('ldap', $authmode) && empty($passwordtotest))) {	// With LDAP we refused empty password because some LDAP are "opened" for anonymous access so connexion is a success.

+		if (!$login || (in_array('ldap', $authmode) && empty($passwordtotest)))	// With LDAP we refused empty password because some LDAP are "opened" for anonymous access so connexion is a success.

+		{

@@ -932,13 +608,3 @@
-			dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." - action=".GETPOST('action', 'aZ09')." - actionlogin=".GETPOST('actionlogin', 'aZ09')." - showing the login form and exit", LOG_NOTICE);

-			if (defined('NOREDIRECTBYMAINTOLOGIN')) {

-				// When used with NOREDIRECTBYMAINTOLOGIN set, the http header must already be set when including the main.

-				// See example with selectsearchbox.php. This case is reserverd for the selectesearchbox.php so we can

-				// report a message to ask to login when search ajax component is used after a timeout.

-				//top_httphead();

-				return 'ERROR_NOT_LOGGED';

-			} else {

-				if (!empty($_SERVER["HTTP_USER_AGENT"]) && $_SERVER["HTTP_USER_AGENT"] == 'securitytest') {

-					http_response_code(401); // It makes easier to understand if session was broken during security tests

-				}

-				dol_loginfunction($langs, $conf, (!empty($mysoc) ? $mysoc : ''));	// This include http headers

-			}

+			dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." - action=".GETPOST('action', 'aZ09')." - actionlogin=".GETPOST('actionlogin', 'aZ09')." - showing the login form and exit");

+			if (defined('NOREDIRECTBYMAINTOLOGIN')) return 'ERROR_NOT_LOGGED';

+			else dol_loginfunction($langs, $conf, (!empty($mysoc) ? $mysoc : ''));

@@ -948,3 +614,4 @@
-		$resultFetchUser = $user->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1)); // value for $login was retrieved previously when checking password.

-		if ($resultFetchUser <= 0 || $user->isNotIntoValidityDateRange()) {

-			dol_syslog('User not found or not valid, connexion refused');

+		$resultFetchUser = $user->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1));

+		if ($resultFetchUser <= 0)

+		{

+			dol_syslog('User not found, connexion refused');

@@ -956 +623,2 @@
-			if ($resultFetchUser == 0) {

+			if ($resultFetchUser == 0)

+			{

@@ -960,4 +628,6 @@
-				$_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorCantLoadUserFromDolibarrDatabase", $login);

-

-				$user->context['audit'] = 'ErrorCantLoadUserFromDolibarrDatabase - login='.$login;

-			} elseif ($resultFetchUser < 0) {

+				$_SESSION["dol_loginmesg"] = $langs->trans("ErrorCantLoadUserFromDolibarrDatabase", $login);

+

+				$user->trigger_mesg = 'ErrorCantLoadUserFromDolibarrDatabase - login='.$login;

+			}

+			if ($resultFetchUser < 0)

+			{

@@ -966,8 +636 @@
-				$user->context['audit'] = $user->error;

-			} else {

-				// Load translation files required by the page

-				$langs->loadLangs(array('main', 'errors'));

-

-				$_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorLoginDateValidity");

-

-				$user->context['audit'] = $langs->trans("ErrorLoginDateValidity").' - login='.$login;

+				$user->trigger_mesg = $user->error;

@@ -978,3 +641 @@
-			if ($result < 0) {

-				$error++;

-			}

+			if ($result < 0) $error++;

@@ -989,3 +650 @@
-			if ($reshook < 0) {

-				$error++;

-			}

+			if ($reshook < 0) $error++;

@@ -994,9 +653,3 @@
-			if (GETPOST('textbrowser', 'int')) {

-				$paramsurl[] = 'textbrowser='.GETPOST('textbrowser', 'int');

-			}

-			if (GETPOST('nojs', 'int')) {

-				$paramsurl[] = 'nojs='.GETPOST('nojs', 'int');

-			}

-			if (GETPOST('lang', 'aZ09')) {

-				$paramsurl[] = 'lang='.GETPOST('lang', 'aZ09');

-			}

+			if (GETPOST('textbrowser', 'int')) $paramsurl[] = 'textbrowser='.GETPOST('textbrowser', 'int');

+			if (GETPOST('nojs', 'int'))        $paramsurl[] = 'nojs='.GETPOST('nojs', 'int');

+			if (GETPOST('lang', 'aZ09'))       $paramsurl[] = 'lang='.GETPOST('lang', 'aZ09');

@@ -1005,7 +658,4 @@
-		} else {

-			// User is loaded, we may need to change language for him according to its choice

-			if (!empty($user->conf->MAIN_LANG_DEFAULT)) {

-				$langs->setDefaultLang($user->conf->MAIN_LANG_DEFAULT);

-			}

-		}

-	} else {

+		}

+	}

+	else

+	{

@@ -1014 +664 @@
-		$entity = isset($_SESSION["dol_entity"]) ? $_SESSION["dol_entity"] : 0;

+		$entity = $_SESSION["dol_entity"];

@@ -1018,26 +668,12 @@
-

-		//var_dump(dol_print_date($user->flagdelsessionsbefore, 'dayhour', 'gmt')." ".dol_print_date($_SESSION["dol_logindate"], 'dayhour', 'gmt'));

-

-		if ($resultFetchUser <= 0

-			|| ($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"])

-			|| ($user->status != $user::STATUS_ENABLED)

-			|| ($user->isNotIntoValidityDateRange())) {

-			if ($resultFetchUser <= 0) {

-					// Account has been removed after login

-					dol_syslog("Can't load user even if session logged. _SESSION['dol_login']=".$login, LOG_WARNING);

-			} elseif ($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"]) {

-						// Session is no more valid

-							dol_syslog("The user has a date for session invalidation = ".$user->flagdelsessionsbefore." and a session date = ".$_SESSION["dol_logindate"].". We must invalidate its sessions.");

-			} elseif ($user->status != $user::STATUS_ENABLED) {

-				// User is not enabled

-				dol_syslog("The user login is disabled");

-			} else {

-				// User validity dates are no more valid

-				dol_syslog("The user login has a validity between [".$user->datestartvalidity." and ".$user->dateendvalidity."], curren date is ".dol_now());

-			}

-							session_destroy();

-							session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie

-							session_name($sessionname);

-							session_start();

-

-			if ($resultFetchUser == 0) {

+		if ($resultFetchUser <= 0)

+		{

+			// Account has been removed after login

+			dol_syslog("Can't load user even if session logged. _SESSION['dol_login']=".$login, LOG_WARNING);

+			session_destroy();

+			session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie

+			session_name($sessionname);

+			session_start();

+

+			if ($resultFetchUser == 0)

+			{

+				// Load translation files required by page

@@ -1046,4 +682,6 @@
-				$_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorCantLoadUserFromDolibarrDatabase", $login);

-

-				$user->context['audit'] = 'ErrorCantLoadUserFromDolibarrDatabase - login='.$login;

-			} elseif ($resultFetchUser < 0) {

+				$_SESSION["dol_loginmesg"] = $langs->trans("ErrorCantLoadUserFromDolibarrDatabase", $login);

+

+				$user->trigger_mesg = 'ErrorCantLoadUserFromDolibarrDatabase - login='.$login;

+			}

+			if ($resultFetchUser < 0)

+			{

@@ -1052,89 +690,9 @@
-				$user->context['audit'] = $user->error;

-			} else {

-				$langs->loadLangs(array('main', 'errors'));

-

-				$_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorSessionInvalidatedAfterPasswordChange");

-

-				$user->context['audit'] = 'ErrorUserSessionWasInvalidated - login='.$login;

-			}

-

-							// Call trigger

-							$result = $user->call_trigger('USER_LOGIN_FAILED', $user);

-			if ($result < 0) {

-				$error++;

-			}

-							// End call triggers

-

-							// Hooks on failed login

-							$action = '';

-							$hookmanager->initHooks(array('login'));

-							$parameters = array('dol_authmode' => (isset($dol_authmode) ? $dol_authmode : ''), 'dol_loginmesg' => $_SESSION["dol_loginmesg"]);

-							$reshook = $hookmanager->executeHooks('afterLoginFailed', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks

-			if ($reshook < 0) {

-				$error++;

-			}

-

-							$paramsurl = array();

-			if (GETPOST('textbrowser', 'int')) {

-				$paramsurl[] = 'textbrowser='.GETPOST('textbrowser', 'int');

-			}

-			if (GETPOST('nojs', 'int')) {

-				$paramsurl[] = 'nojs='.GETPOST('nojs', 'int');

-			}

-			if (GETPOST('lang', 'aZ09')) {

-				$paramsurl[] = 'lang='.GETPOST('lang', 'aZ09');

-			}

-

-							header('Location: '.DOL_URL_ROOT.'/index.php'.(count($paramsurl) ? '?'.implode('&', $paramsurl) : ''));

-							exit;

-		} else {

-			// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context

-			$hookmanager->initHooks(array('main'));

-

-			// Code for search criteria persistence.

-			if (!empty($_GET['save_lastsearch_values']) && !empty($_SERVER["HTTP_REFERER"])) {    // We must use $_GET here

-				$relativepathstring = preg_replace('/\?.*$/', '', $_SERVER["HTTP_REFERER"]);

-				$relativepathstring = preg_replace('/^https?:\/\/[^\/]*/', '', $relativepathstring); // Get full path except host server

-				// Clean $relativepathstring

-				if (constant('DOL_URL_ROOT')) {

-					$relativepathstring = preg_replace('/^'.preg_quote(constant('DOL_URL_ROOT'), '/').'/', '', $relativepathstring);

-				}

-				$relativepathstring = preg_replace('/^\//', '', $relativepathstring);

-				$relativepathstring = preg_replace('/^custom\//', '', $relativepathstring);

-				//var_dump($relativepathstring);

-

-				// We click on a link that leave a page we have to save search criteria, contextpage, limit and page and mode. We save them from tmp to no tmp

-				if (!empty($_SESSION['lastsearch_values_tmp_'.$relativepathstring])) {

-					$_SESSION['lastsearch_values_'.$relativepathstring] = $_SESSION['lastsearch_values_tmp_'.$relativepathstring];

-					unset($_SESSION['lastsearch_values_tmp_'.$relativepathstring]);

-				}

-				if (!empty($_SESSION['lastsearch_contextpage_tmp_'.$relativepathstring])) {

-					$_SESSION['lastsearch_contextpage_'.$relativepathstring] = $_SESSION['lastsearch_contextpage_tmp_'.$relativepathstring];

-					unset($_SESSION['lastsearch_contextpage_tmp_'.$relativepathstring]);

-				}

-				if (!empty($_SESSION['lastsearch_limit_tmp_'.$relativepathstring]) && $_SESSION['lastsearch_limit_tmp_'.$relativepathstring] != $conf->liste_limit) {

-					$_SESSION['lastsearch_limit_'.$relativepathstring] = $_SESSION['lastsearch_limit_tmp_'.$relativepathstring];

-					unset($_SESSION['lastsearch_limit_tmp_'.$relativepathstring]);

-				}

-				if (!empty($_SESSION['lastsearch_page_tmp_'.$relativepathstring]) && $_SESSION['lastsearch_page_tmp_'.$relativepathstring] > 0) {

-					$_SESSION['lastsearch_page_'.$relativepathstring] = $_SESSION['lastsearch_page_tmp_'.$relativepathstring];

-					unset($_SESSION['lastsearch_page_tmp_'.$relativepathstring]);

-				}

-				if (!empty($_SESSION['lastsearch_mode_tmp_'.$relativepathstring])) {

-					$_SESSION['lastsearch_mode_'.$relativepathstring] = $_SESSION['lastsearch_mode_tmp_'.$relativepathstring];

-					unset($_SESSION['lastsearch_mode_tmp_'.$relativepathstring]);

-				}

-			}

-			if (!empty($_GET['save_pageforbacktolist']) && !empty($_SERVER["HTTP_REFERER"])) {    // We must use $_GET here

-				if (empty($_SESSION['pageforbacktolist'])) {

-					$pageforbacktolistarray = array();

-				} else {

-					$pageforbacktolistarray = $_SESSION['pageforbacktolist'];

-				}

-				$tmparray = explode(':', $_GET['save_pageforbacktolist'], 2);

-				if (!empty($tmparray[0]) && !empty($tmparray[1])) {

-					$pageforbacktolistarray[$tmparray[0]] = $tmparray[1];

-					$_SESSION['pageforbacktolist'] = $pageforbacktolistarray;

-				}

-			}

-

+				$user->trigger_mesg = $user->error;

+			}

+

+			// Call trigger

+			$result = $user->call_trigger('USER_LOGIN_FAILED', $user);

+			if ($result < 0) $error++;

+			// End call triggers

+

+			// Hooks on failed login

@@ -1142,5 +700,56 @@
-			$parameters = array();

-			$reshook = $hookmanager->executeHooks('updateSession', $parameters, $user, $action);

-			if ($reshook < 0) {

-				setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');

-			}

+			$hookmanager->initHooks(array('login'));

+			$parameters = array('dol_authmode'=>$dol_authmode, 'dol_loginmesg'=>$_SESSION["dol_loginmesg"]);

+			$reshook = $hookmanager->executeHooks('afterLoginFailed', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks

+			if ($reshook < 0) $error++;

+

+			$paramsurl = array();

+			if (GETPOST('textbrowser', 'int')) $paramsurl[] = 'textbrowser='.GETPOST('textbrowser', 'int');

+			if (GETPOST('nojs', 'int'))        $paramsurl[] = 'nojs='.GETPOST('nojs', 'int');

+			if (GETPOST('lang', 'aZ09'))       $paramsurl[] = 'lang='.GETPOST('lang', 'aZ09');

+			header('Location: '.DOL_URL_ROOT.'/index.php'.(count($paramsurl) ? '?'.implode('&', $paramsurl) : ''));

+			exit;

+		}

+		else

+		{

+		    // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context

+		    $hookmanager->initHooks(array('main'));

+

+		    // Code for search criteria persistence.

+		    if (!empty($_GET['save_lastsearch_values']))    // We must use $_GET here

+		    {

+			    $relativepathstring = preg_replace('/\?.*$/', '', $_SERVER["HTTP_REFERER"]);

+			    $relativepathstring = preg_replace('/^https?:\/\/[^\/]*/', '', $relativepathstring); // Get full path except host server

+			    // Clean $relativepathstring

+   			    if (constant('DOL_URL_ROOT')) $relativepathstring = preg_replace('/^'.preg_quote(constant('DOL_URL_ROOT'), '/').'/', '', $relativepathstring);

+			    $relativepathstring = preg_replace('/^\//', '', $relativepathstring);

+			    $relativepathstring = preg_replace('/^custom\//', '', $relativepathstring);

+			    //var_dump($relativepathstring);

+

+			    // We click on a link that leave a page we have to save search criteria, contextpage, limit and page. We save them from tmp to no tmp

+			    if (!empty($_SESSION['lastsearch_values_tmp_'.$relativepathstring]))

+			    {

+			    	$_SESSION['lastsearch_values_'.$relativepathstring] = $_SESSION['lastsearch_values_tmp_'.$relativepathstring];

+				    unset($_SESSION['lastsearch_values_tmp_'.$relativepathstring]);

+			    }

+			    if (!empty($_SESSION['lastsearch_contextpage_tmp_'.$relativepathstring]))

+			    {

+			    	$_SESSION['lastsearch_contextpage_'.$relativepathstring] = $_SESSION['lastsearch_contextpage_tmp_'.$relativepathstring];

+			    	unset($_SESSION['lastsearch_contextpage_tmp_'.$relativepathstring]);

+			    }

+			    if (!empty($_SESSION['lastsearch_page_tmp_'.$relativepathstring]) && $_SESSION['lastsearch_page_tmp_'.$relativepathstring] > 0)

+			    {

+			    	$_SESSION['lastsearch_page_'.$relativepathstring] = $_SESSION['lastsearch_page_tmp_'.$relativepathstring];

+			    	unset($_SESSION['lastsearch_page_tmp_'.$relativepathstring]);

+			    }

+			    if (!empty($_SESSION['lastsearch_limit_tmp_'.$relativepathstring]) && $_SESSION['lastsearch_limit_tmp_'.$relativepathstring] != $conf->liste_limit)

+			    {

+			    	$_SESSION['lastsearch_limit_'.$relativepathstring] = $_SESSION['lastsearch_limit_tmp_'.$relativepathstring];

+			    	unset($_SESSION['lastsearch_limit_tmp_'.$relativepathstring]);

+			    }

+		    }

+

+		    $action = '';

+		    $reshook = $hookmanager->executeHooks('updateSession', array(), $user, $action);

+		    if ($reshook < 0) {

+			    setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');

+		    }

@@ -1152 +761,2 @@
-	if (!isset($_SESSION["dol_login"])) {

+	if (!isset($_SESSION["dol_login"]))

+	{

@@ -1158 +767,0 @@
-		$_SESSION["dol_logindate"] = dol_now('gmt');

@@ -1168 +777 @@
-		$_SESSION["dol_company"] = getDolGlobalString("MAIN_INFO_SOCIETE_NOM");

+		$_SESSION["dol_company"] = $conf->global->MAIN_INFO_SOCIETE_NOM;

@@ -1171,15 +780,5 @@
-		if (!empty($dol_hide_topmenu)) {

-			$_SESSION['dol_hide_topmenu'] = $dol_hide_topmenu;

-		}

-		if (!empty($dol_hide_leftmenu)) {

-			$_SESSION['dol_hide_leftmenu'] = $dol_hide_leftmenu;

-		}

-		if (!empty($dol_optimize_smallscreen)) {

-			$_SESSION['dol_optimize_smallscreen'] = $dol_optimize_smallscreen;

-		}

-		if (!empty($dol_no_mouse_hover)) {

-			$_SESSION['dol_no_mouse_hover'] = $dol_no_mouse_hover;

-		}

-		if (!empty($dol_use_jmobile)) {

-			$_SESSION['dol_use_jmobile'] = $dol_use_jmobile;

-		}

+		if (!empty($dol_hide_topmenu))         $_SESSION['dol_hide_topmenu'] = $dol_hide_topmenu;

+		if (!empty($dol_hide_leftmenu))        $_SESSION['dol_hide_leftmenu'] = $dol_hide_leftmenu;

+		if (!empty($dol_optimize_smallscreen)) $_SESSION['dol_optimize_smallscreen'] = $dol_optimize_smallscreen;

+		if (!empty($dol_no_mouse_hover))       $_SESSION['dol_no_mouse_hover'] = $dol_no_mouse_hover;

+		if (!empty($dol_use_jmobile))          $_SESSION['dol_use_jmobile'] = $dol_use_jmobile;

@@ -1194 +792,0 @@
-		$loginfo .= ' - authmode='.$dol_authmode.' - entity='.$conf->entity;

@@ -1197,2 +795 @@
-		$user->context['audit'] = $loginfo;

-		$user->context['authentication_method'] = $dol_authmode;

+		$user->trigger_mesg = $loginfo;

@@ -1202,3 +799 @@
-		if ($result < 0) {

-			$error++;

-		}

+		if ($result < 0) $error++;

@@ -1212,5 +807,4 @@
-		if ($reshook < 0) {

-			$error++;

-		}

-

-		if ($error) {

+		if ($reshook < 0) $error++;

+

+		if ($error)

+		{

@@ -1221 +815,3 @@
-		} else {

+		}

+		else

+		{

@@ -1226,2 +822,3 @@
-		$landingpage = (empty($user->conf->MAIN_LANDING_PAGE) ? (!getDolGlobalString('MAIN_LANDING_PAGE') ? '' : $conf->global->MAIN_LANDING_PAGE) : $user->conf->MAIN_LANDING_PAGE);

-		if (!empty($landingpage)) {    // Example: /index.php

+		$landingpage = (empty($user->conf->MAIN_LANDING_PAGE) ? (empty($conf->global->MAIN_LANDING_PAGE) ? '' : $conf->global->MAIN_LANDING_PAGE) : $user->conf->MAIN_LANDING_PAGE);

+		if (!empty($landingpage))    // Example: /index.php

+		{

@@ -1229 +826,2 @@
-			if ($_SERVER["PHP_SELF"] != $newpath) {   // not already on landing page (avoid infinite loop)

+			if ($_SERVER["PHP_SELF"] != $newpath)   // not already on landing page (avoid infinite loop)

+			{

@@ -1238 +836,2 @@
-	if ($user->admin) {

+	if ($user->admin)

+	{

@@ -1245,22 +843,0 @@
-

-		//Required if advanced permissions are used with MAIN_USE_ADVANCED_PERMS

-		if (getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) {

-			if (!$user->hasRight('user', 'user_advance')) {

-				$user->rights->user->user_advance = new stdClass(); // To avoid warnings

-			}

-			if (!$user->hasRight('user', 'self_advance')) {

-				$user->rights->user->self_advance = new stdClass(); // To avoid warnings

-			}

-			if (!$user->hasRight('user', 'group_advance')) {

-				$user->rights->user->group_advance = new stdClass(); // To avoid warnings

-			}

-

-			$user->rights->user->user_advance->readperms = 1;

-			$user->rights->user->user_advance->write = 1;

-			$user->rights->user->self_advance->readperms = 1;

-			$user->rights->user->self_advance->writeperms = 1;

-			$user->rights->user->group_advance->read = 1;

-			$user->rights->user->group_advance->readperms = 1;

-			$user->rights->user->group_advance->write = 1;

-			$user->rights->user->group_advance->delete = 1;

-		}

@@ -1270,2 +847,2 @@
-	 * Overwrite some configs globals (try to avoid this and have code to use instead $user->conf->xxx)

-	 */

+     * Overwrite some configs globals (try to avoid this and have code to use instead $user->conf->xxx)

+     */

@@ -1274,6 +851,2 @@
-	if (isset($user->conf->MAIN_SIZE_LISTE_LIMIT)) {

-		$conf->liste_limit = $user->conf->MAIN_SIZE_LISTE_LIMIT; // Can be 0

-	}

-	if (isset($user->conf->PRODUIT_LIMIT_SIZE)) {

-		$conf->product->limit_size = $user->conf->PRODUIT_LIMIT_SIZE; // Can be 0

-	}

+	if (isset($user->conf->MAIN_SIZE_LISTE_LIMIT))	$conf->liste_limit = $user->conf->MAIN_SIZE_LISTE_LIMIT; // Can be 0

+	if (isset($user->conf->PRODUIT_LIMIT_SIZE))	$conf->product->limit_size = $user->conf->PRODUIT_LIMIT_SIZE; // Can be 0

@@ -1282 +855,2 @@
-	if (!getDolGlobalString('MAIN_FORCETHEME') && !empty($user->conf->MAIN_THEME)) {

+	if (empty($conf->global->MAIN_FORCETHEME) && !empty($user->conf->MAIN_THEME))

+	{

@@ -1286,11 +860,6 @@
-} else {

-	// We may have NOLOGIN set, but NOREQUIREUSER not

-	if (!empty($user) && method_exists($user, 'loadDefaultValues') && !defined('NODEFAULTVALUES')) {

-		$user->loadDefaultValues();		// Load default values for everybody (works even if $user->id = 0

-	}

-}

-

-

-		// Case forcing style from url

-if (GETPOST('theme', 'aZ09')) {

-	$conf->theme = GETPOST('theme', 'aZ09', 1);

+}

+

+// Case forcing style from url

+if (GETPOST('theme', 'alpha'))

+{

+	$conf->theme = GETPOST('theme', 'alpha', 1);

@@ -1300,5 +869,5 @@
-		// Set javascript option

-if (GETPOST('nojs', 'int')) {  // If javascript was not disabled on URL

-	$conf->use_javascript_ajax = 0;

-} else {

-	if (!empty($user->conf->MAIN_DISABLE_JAVASCRIPT)) {

+// Set javascript option

+if (!GETPOST('nojs', 'int'))   // If javascript was not disabled on URL

+{

+	if (!empty($user->conf->MAIN_DISABLE_JAVASCRIPT))

+	{

@@ -1307,4 +876,4 @@
-}

-

-		// Set MAIN_OPTIMIZEFORTEXTBROWSER for user (must be after login part)

-if (!getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER') && !empty($user->conf->MAIN_OPTIMIZEFORTEXTBROWSER)) {

+} else $conf->use_javascript_ajax = 0;

+

+// Set MAIN_OPTIMIZEFORTEXTBROWSER for user (must be after login part)

+if (empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER) && !empty($user->conf->MAIN_OPTIMIZEFORTEXTBROWSER)) {

@@ -1314,11 +883,15 @@
-		// set MAIN_OPTIMIZEFORCOLORBLIND for user

-		$conf->global->MAIN_OPTIMIZEFORCOLORBLIND = empty($user->conf->MAIN_OPTIMIZEFORCOLORBLIND) ? '' : $user->conf->MAIN_OPTIMIZEFORCOLORBLIND;

-

-		// Set terminal output option according to conf->browser.

-if (GETPOST('dol_hide_leftmenu', 'int') || !empty($_SESSION['dol_hide_leftmenu'])) {

-	$conf->dol_hide_leftmenu = 1;

-}

-if (GETPOST('dol_hide_topmenu', 'int') || !empty($_SESSION['dol_hide_topmenu'])) {

-	$conf->dol_hide_topmenu = 1;

-}

-if (GETPOST('dol_optimize_smallscreen', 'int') || !empty($_SESSION['dol_optimize_smallscreen'])) {

+// set MAIN_OPTIMIZEFORCOLORBLIND for user

+$conf->global->MAIN_OPTIMIZEFORCOLORBLIND = $user->conf->MAIN_OPTIMIZEFORCOLORBLIND;

+

+// Set terminal output option according to conf->browser.

+if (GETPOST('dol_hide_leftmenu', 'int') || !empty($_SESSION['dol_hide_leftmenu']))               $conf->dol_hide_leftmenu = 1;

+if (GETPOST('dol_hide_topmenu', 'int') || !empty($_SESSION['dol_hide_topmenu']))                 $conf->dol_hide_topmenu = 1;

+if (GETPOST('dol_optimize_smallscreen', 'int') || !empty($_SESSION['dol_optimize_smallscreen'])) $conf->dol_optimize_smallscreen = 1;

+if (GETPOST('dol_no_mouse_hover', 'int') || !empty($_SESSION['dol_no_mouse_hover']))             $conf->dol_no_mouse_hover = 1;

+if (GETPOST('dol_use_jmobile', 'int') || !empty($_SESSION['dol_use_jmobile']))                   $conf->dol_use_jmobile = 1;

+if (!empty($conf->browser->layout) && $conf->browser->layout != 'classic') $conf->dol_no_mouse_hover = 1;

+if ((!empty($conf->browser->layout) && $conf->browser->layout == 'phone')

+	|| (!empty($_SESSION['dol_screenwidth']) && $_SESSION['dol_screenwidth'] < 400)

+	|| (!empty($_SESSION['dol_screenheight']) && $_SESSION['dol_screenheight'] < 400)

+)

+{

@@ -1327,25 +900,5 @@
-if (GETPOST('dol_no_mouse_hover', 'int') || !empty($_SESSION['dol_no_mouse_hover'])) {

-	$conf->dol_no_mouse_hover = 1;

-}

-if (GETPOST('dol_use_jmobile', 'int') || !empty($_SESSION['dol_use_jmobile'])) {

-	$conf->dol_use_jmobile = 1;

-}

-		// If not on Desktop

-if (!empty($conf->browser->layout) && $conf->browser->layout != 'classic') {

-	$conf->dol_no_mouse_hover = 1;

-}

-

-		// If on smartphone or optmized for small screen

-if ((!empty($conf->browser->layout) && $conf->browser->layout == 'phone')

-			|| (!empty($_SESSION['dol_screenwidth']) && $_SESSION['dol_screenwidth'] < 400)

-			|| (!empty($_SESSION['dol_screenheight']) && $_SESSION['dol_screenheight'] < 400

-				|| getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER'))

-			) {

-		$conf->dol_optimize_smallscreen = 1;

-

-	if (getDolGlobalInt('PRODUIT_DESC_IN_FORM') == 1) {

-			$conf->global->PRODUIT_DESC_IN_FORM_ACCORDING_TO_DEVICE = 0;

-	}

-}

-			// Replace themes bugged with jmobile with eldy

-if (!empty($conf->dol_use_jmobile) && in_array($conf->theme, array('bureau2crea', 'cameleo', 'amarok'))) {

+// If we force to use jmobile, then we reenable javascript

+if (!empty($conf->dol_use_jmobile)) $conf->use_javascript_ajax = 1;

+// Replace themes bugged with jmobile with eldy

+if (!empty($conf->dol_use_jmobile) && in_array($conf->theme, array('bureau2crea', 'cameleo', 'amarok')))

+{

@@ -1356,2 +909,4 @@
-if (!defined('NOREQUIRETRAN')) {

-	if (!GETPOST('lang', 'aZ09')) {	// If language was not forced on URL

+if (!defined('NOREQUIRETRAN'))

+{

+	if (!GETPOST('lang', 'aZ09'))	// If language was not forced on URL

+	{

@@ -1359 +914,2 @@
-		if (!empty($user->conf->MAIN_LANG_DEFAULT)) {

+		if (!empty($user->conf->MAIN_LANG_DEFAULT))

+		{

@@ -1362 +918,2 @@
-			if ($langs->getDefaultLang() != $user->conf->MAIN_LANG_DEFAULT) {

+			if ($langs->getDefaultLang() != $user->conf->MAIN_LANG_DEFAULT)

+			{

@@ -1369 +926,2 @@
-if (!defined('NOLOGIN')) {

+if (!defined('NOLOGIN'))

+{

@@ -1372,3 +930 @@
-	if (!$user->login) {

-		accessforbidden();

-	}

+	if (!$user->login) accessforbidden();

@@ -1377 +933,2 @@
-	if ($user->statut < 1) {

+	if ($user->statut < 1)

+	{

@@ -1379 +936 @@
-		$langs->loadLangs(array("errors", "other"));

+		$langs->load("other");

@@ -1381 +938,2 @@
-		accessforbidden("ErrorLoginDisabled");

+		accessforbidden($langs->trans("ErrorLoginDisabled"));

+		exit;

@@ -1388,6 +946,8 @@
-			dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"].' - action='.GETPOST('action', 'aZ09').', massaction='.GETPOST('massaction', 'aZ09').(defined('NOTOKENRENEWAL') ? ' NOTOKENRENEWAL='.constant('NOTOKENRENEWAL') : ''), LOG_NOTICE);

-			//Another call for easy debugg

-			//dol_syslog("Access to ".$_SERVER["PHP_SELF"].' '.$_SERVER["HTTP_REFERER"].' GET='.join(',',array_keys($_GET)).'->'.join(',',$_GET).' POST:'.join(',',array_keys($_POST)).'->'.join(',',$_POST));

-

-			// Load main languages files

-if (!defined('NOREQUIRETRAN')) {

+

+dol_syslog("--- Access to ".$_SERVER["PHP_SELF"].' - action='.GETPOST('action', 'aZ09').', massaction='.GETPOST('massaction', 'aZ09'));

+//Another call for easy debugg

+//dol_syslog("Access to ".$_SERVER["PHP_SELF"].' GET='.join(',',array_keys($_GET)).'->'.join(',',$_GET).' POST:'.join(',',array_keys($_POST)).'->'.join(',',$_POST));

+

+// Load main languages files

+if (!defined('NOREQUIRETRAN'))

+{

@@ -1398,13 +958,14 @@
-			// Define some constants used for style of arrays

-			$bc = array(0=>'class="impair"', 1=>'class="pair"');

-			$bcdd = array(0=>'class="drag drop oddeven"', 1=>'class="drag drop oddeven"');

-			$bcnd = array(0=>'class="nodrag nodrop nohover"', 1=>'class="nodrag nodrop nohoverpair"'); // Used for tr to add new lines

-			$bctag = array(0=>'class="impair tagtr"', 1=>'class="pair tagtr"');

-

-			// Define messages variables

-			$mesg = ''; $warning = ''; $error = 0;

-			// deprecated, see setEventMessages() and dol_htmloutput_events()

-			$mesgs = array(); $warnings = array(); $errors = array();

-

-			// Constants used to defined number of lines in textarea

-if (empty($conf->browser->firefox)) {

+// Define some constants used for style of arrays

+$bc = array(0=>'class="impair"', 1=>'class="pair"');

+$bcdd = array(0=>'class="drag drop oddeven"', 1=>'class="drag drop oddeven"');

+$bcnd = array(0=>'class="nodrag nodrop nohover"', 1=>'class="nodrag nodrop nohoverpair"'); // Used for tr to add new lines

+$bctag = array(0=>'class="impair tagtr"', 1=>'class="pair tagtr"');

+

+// Define messages variables

+$mesg = ''; $warning = ''; $error = 0;

+// deprecated, see setEventMessages() and dol_htmloutput_events()

+$mesgs = array(); $warnings = array(); $errors = array();

+

+// Constants used to defined number of lines in textarea

+if (empty($conf->browser->firefox))

+{

@@ -1420 +981,3 @@
-} else {

+}

+else

+{

@@ -1432,9 +995,12 @@
-			$heightforframes = 50;

-

-			// Init menu manager

-if (!defined('NOREQUIREMENU')) {

-	if (empty($user->socid)) {    // If internal user or not defined

-		$conf->standard_menu = (!getDolGlobalString('MAIN_MENU_STANDARD_FORCED') ? (!getDolGlobalString('MAIN_MENU_STANDARD') ? 'eldy_menu.php' : $conf->global->MAIN_MENU_STANDARD) : $conf->global->MAIN_MENU_STANDARD_FORCED);

-	} else {

-		// If external user

-		$conf->standard_menu = (!getDolGlobalString('MAIN_MENUFRONT_STANDARD_FORCED') ? (!getDolGlobalString('MAIN_MENUFRONT_STANDARD') ? 'eldy_menu.php' : $conf->global->MAIN_MENUFRONT_STANDARD) : $conf->global->MAIN_MENUFRONT_STANDARD_FORCED);

+$heightforframes = 50;

+

+// Init menu manager

+if (!defined('NOREQUIREMENU'))

+{

+	if (empty($user->socid))    // If internal user or not defined

+	{

+		$conf->standard_menu = (empty($conf->global->MAIN_MENU_STANDARD_FORCED) ? (empty($conf->global->MAIN_MENU_STANDARD) ? 'eldy_menu.php' : $conf->global->MAIN_MENU_STANDARD) : $conf->global->MAIN_MENU_STANDARD_FORCED);

+	}

+	else                        // If external user

+	{

+		$conf->standard_menu = (empty($conf->global->MAIN_MENUFRONT_STANDARD_FORCED) ? (empty($conf->global->MAIN_MENUFRONT_STANDARD) ? 'eldy_menu.php' : $conf->global->MAIN_MENUFRONT_STANDARD) : $conf->global->MAIN_MENUFRONT_STANDARD_FORCED);

@@ -1445,4 +1011,3 @@
-	if (GETPOST('menu', 'alpha')) {

-		$file_menu = GETPOST('menu', 'alpha'); // example: menu=eldy_menu.php

-	}

-	if (!class_exists('MenuManager')) {

+	if (GETPOST('menu', 'alpha')) $file_menu = GETPOST('menu', 'alpha'); // example: menu=eldy_menu.php

+	if (!class_exists('MenuManager'))

+	{

@@ -1451 +1016,2 @@
-		foreach ($dirmenus as $dirmenu) {

+		foreach ($dirmenus as $dirmenu)

+		{

@@ -1453,5 +1019,4 @@
-			if (class_exists('MenuManager')) {

-				break;

-			}

-		}

-		if (!class_exists('MenuManager')) {	// If failed to include, we try with standard eldy_menu.php

+			if (class_exists('MenuManager')) break;

+		}

+		if (!class_exists('MenuManager'))	// If failed to include, we try with standard eldy_menu.php

+		{

@@ -1467,12 +1032,6 @@
-if (!empty(GETPOST('seteventmessages', 'alpha'))) {

-	$message = GETPOST('seteventmessages', 'alpha');

-	$messages  = explode(',', $message);

-	foreach ($messages as $key => $msg) {

-		$tmp = explode(':', $msg);

-		setEventMessages($tmp[0], null, !empty($tmp[1]) ? $tmp[1] : 'mesgs');

-	}

-}

-

-			// Functions

-

-if (!function_exists("llxHeader")) {

+

+

+// Functions

+

+if (!function_exists("llxHeader"))

+{

@@ -1482,15 +1041,13 @@
-	 * @param 	string 			$head				Optionnal head lines

-	 * @param 	string 			$title				HTML title

-	 * @param	string			$help_url			Url links to help page

-	 * 		                            			Syntax is: For a wiki page: EN:EnglishPage|FR:FrenchPage|ES:SpanishPage|DE:GermanPage

-	 *                                  			For other external page: http://server/url

-	 * @param	string			$target				Target to use on links

-	 * @param 	int    			$disablejs			More content into html header

-	 * @param 	int    			$disablehead		More content into html header

-	 * @param 	array|string  	$arrayofjs			Array of complementary js files

-	 * @param 	array|string  	$arrayofcss			Array of complementary css files

-	 * @param	string			$morequerystring	Query string to add to the link "print" to get same parameters (use only if autodetect fails)

-	 * @param   string  		$morecssonbody      More CSS on body tag. For example 'classforhorizontalscrolloftabs'.

-	 * @param	string			$replacemainareaby	Replace call to main_area() by a print of this string

-	 * @param	int				$disablenofollow	Disable the "nofollow" on meta robot header

-	 * @param	int				$disablenoindex		Disable the "noindex" on meta robot header

+	 * @param 	string 	$head				Optionnal head lines

+	 * @param 	string 	$title				HTML title

+	 * @param	string	$help_url			Url links to help page

+	 * 		                            	Syntax is: For a wiki page: EN:EnglishPage|FR:FrenchPage|ES:SpanishPage

+	 *                                  	For other external page: http://server/url

+	 * @param	string	$target				Target to use on links

+	 * @param 	int    	$disablejs			More content into html header

+	 * @param 	int    	$disablehead		More content into html header

+	 * @param 	array  	$arrayofjs			Array of complementary js files

+	 * @param 	array  	$arrayofcss			Array of complementary css files

+	 * @param	string	$morequerystring	Query string to add to the link "print" to get same parameters (use only if autodetect fails)

+	 * @param   string  $morecssonbody      More CSS on body tag.

+	 * @param	string	$replacemainareaby	Replace call to main_area() by a print of this string

@@ -1499,25 +1056,3 @@
-	function llxHeader($head = '', $title = '', $help_url = '', $target = '', $disablejs = 0, $disablehead = 0, $arrayofjs = '', $arrayofcss = '', $morequerystring = '', $morecssonbody = '', $replacemainareaby = '', $disablenofollow = 0, $disablenoindex = 0)

-	{

-		global $conf, $hookmanager;

-

-		$parameters = array(

-			'head' =>& $head,

-			'title' =>& $title,

-			'help_url' =>& $help_url,

-			'target' =>& $target,

-			'disablejs' =>& $disablejs,

-			'disablehead' =>& $disablehead,

-			'arrayofjs' =>& $arrayofjs,

-			'arrayofcss' =>& $arrayofcss,

-			'morequerystring' =>& $morequerystring,

-			'morecssonbody' =>& $morecssonbody,

-			'replacemainareaby' =>& $replacemainareaby,

-			'disablenofollow' =>& $disablenofollow,

-			'disablenoindex' =>& $disablenoindex

-

-		);

-		$reshook = $hookmanager->executeHooks('llxHeader', $parameters);

-		if ($reshook > 0) {

-			print $hookmanager->resPrint;

-			return;

-		}

+	function llxHeader($head = '', $title = '', $help_url = '', $target = '', $disablejs = 0, $disablehead = 0, $arrayofjs = '', $arrayofcss = '', $morequerystring = '', $morecssonbody = '', $replacemainareaby = '')

+	{

+		global $conf;

@@ -1526 +1061 @@
-		top_htmlhead($head, $title, $disablejs, $disablehead, $arrayofjs, $arrayofcss, 0, $disablenofollow, $disablenoindex);

+		top_htmlhead($head, $title, $disablejs, $disablehead, $arrayofjs, $arrayofcss);

@@ -1530,8 +1065,7 @@
-		if ($conf->theme == 'md' && !in_array($conf->browser->layout, array('phone', 'tablet')) && !getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {

-			global $mainmenu;

-			if ($mainmenu != 'website') {

-				$tmpcsstouse = $morecssonbody; // We do not use sidebar-collpase by default to have menuhider open by default.

-			}

-		}

-

-		if (getDolGlobalString('MAIN_OPTIMIZEFORCOLORBLIND')) {

+		if ($conf->theme == 'md' && !in_array($conf->browser->layout, array('phone', 'tablet')) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER))

+		{

+		    global $mainmenu;

+		    if ($mainmenu != 'website') $tmpcsstouse = $morecssonbody; // We do not use sidebar-collpase by default to have menuhider open by default.

+		}

+

+		if (!empty($conf->global->MAIN_OPTIMIZEFORCOLORBLIND)) {

@@ -1544 +1078,2 @@
-		if ((empty($conf->dol_hide_topmenu) || GETPOST('dol_invisible_topmenu', 'int')) && !GETPOST('dol_openinpopup', 'aZ09')) {

+		if (empty($conf->dol_hide_topmenu) || GETPOST('dol_invisible_topmenu', 'int'))

+		{

@@ -1548,2 +1083,3 @@
-		if (empty($conf->dol_hide_leftmenu) && !GETPOST('dol_openinpopup', 'aZ09')) {

-			left_menu(array(), $help_url, '', '', 1, $title, 1); // $menumanager is retrieved with a global $menumanager inside this function

+		if (empty($conf->dol_hide_leftmenu))

+		{

+			left_menu('', $help_url, '', '', 1, $title, 1); // $menumanager is retreived with a global $menumanager inside this function

@@ -1553 +1089,2 @@
-		if ($replacemainareaby) {

+		if ($replacemainareaby)

+		{

@@ -1563 +1100 @@
- *  Show HTTP header. Called by top_htmlhead().

+ *  Show HTTP header

@@ -1573,5 +1110,2 @@
-	if ($contenttype == 'text/html') {

-		header("Content-Type: text/html; charset=".$conf->file->character_set_client);

-	} else {

-		header("Content-Type: ".$contenttype);

-	}

+	if ($contenttype == 'text/html') header("Content-Type: text/html; charset=".$conf->file->character_set_client);

+	else header("Content-Type: ".$contenttype);

@@ -1580,2 +1113,0 @@
-

-	// X-Content-Type-Options

@@ -1583,16 +1115,2 @@
-

-	// X-Frame-Options

-	if (!defined('XFRAMEOPTIONS_ALLOWALL')) {

-		header("X-Frame-Options: SAMEORIGIN"); // By default, frames allowed only if on same domain (stop some XSS attacks)

-	} else {

-		header("X-Frame-Options: ALLOWALL");

-	}

-

-	if (getDolGlobalString('MAIN_SECURITY_FORCE_ACCESS_CONTROL_ALLOW_ORIGIN')) {

-		$tmpurl = constant('DOL_MAIN_URL_ROOT');

-		$tmpurl = preg_replace('/^(https?:\/\/[^\/]+)\/.*$/', '\1', $tmpurl);

-		header('Access-Control-Allow-Origin: '.$tmpurl);

-		header('Vary: Origin');

-	}

-

-	// X-XSS-Protection

+	if (!defined('XFRAMEOPTIONS_ALLOWALL')) header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)

+	else header("X-Frame-Options: ALLOWALL");

@@ -1600,21 +1118,11 @@
-

-	// Content-Security-Policy-Report-Only

-	if (!defined('MAIN_SECURITY_FORCECSPRO')) {

-		// If CSP not forced from the page

-

-		// A default security policy that keep usage of js external component like ckeditor, stripe, google, working

-		// For example: to restrict to only local resources, except for css (cloudflare+google), and js (transifex + google tags) and object/iframe (youtube)

-		// default-src 'self'; style-src: https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src: https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src: *;

-		// For example, to restrict everything to itself except img that can be on other servers:

-		// default-src 'self'; img-src *;

-		// Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins:

-		// default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'

-		//

-		// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;";

-		// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';";

-		$contentsecuritypolicy = getDolGlobalString('MAIN_SECURITY_FORCECSPRO');

-

-		if (!is_object($hookmanager)) {

-			include_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php';

-			$hookmanager = new HookManager($db);

-		}

+	if (!defined('FORCECSP'))

+	{

+		//if (! isset($conf->global->MAIN_HTTP_CONTENT_SECURITY_POLICY))

+		//{

+		//	// A default security policy that keep usage of js external component like ckeditor, stripe, google, working

+		//	$contentsecuritypolicy = "font-src *; img-src *; style-src * 'unsafe-inline' 'unsafe-eval'; default-src 'self' *.stripe.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.stripe.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' *.stripe.com; connect-src 'self';";

+		//}

+		//else $contentsecuritypolicy = $conf->global->MAIN_HTTP_CONTENT_SECURITY_POLICY;

+		$contentsecuritypolicy = $conf->global->MAIN_HTTP_CONTENT_SECURITY_POLICY;

+

+		if (!is_object($hookmanager)) $hookmanager = new HookManager($db);

@@ -1623 +1131 @@
-		$parameters = array('contentsecuritypolicy'=>$contentsecuritypolicy, 'mode'=>'reportonly');

+		$parameters = array('contentsecuritypolicy'=>$contentsecuritypolicy);

@@ -1625,44 +1133,13 @@
-		if ($result > 0) {

-			$contentsecuritypolicy = $hookmanager->resPrint; // Replace CSP

-		} else {

-			$contentsecuritypolicy .= $hookmanager->resPrint; // Concat CSP

-		}

-

-		if (!empty($contentsecuritypolicy)) {

-			header("Content-Security-Policy-Report-Only: ".$contentsecuritypolicy);

-		}

-	} else {

-		header("Content-Security-Policy: ".constant('MAIN_SECURITY_FORCECSPRO'));

-	}

-

-	// Content-Security-Policy

-	if (!defined('MAIN_SECURITY_FORCECSP')) {

-		// If CSP not forced from the page

-

-		// A default security policy that keep usage of js external component like ckeditor, stripe, google, working

-		// For example: to restrict to only local resources, except for css (cloudflare+google), and js (transifex + google tags) and object/iframe (youtube)

-		// default-src 'self'; style-src: https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src: https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src: *;

-		// For example, to restrict everything to itself except img that can be on other servers:

-		// default-src 'self'; img-src *;

-		// Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins:

-		// default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'

-		//

-		// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;";

-		// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';";

-		$contentsecuritypolicy = getDolGlobalString('MAIN_SECURITY_FORCECSP');

-

-		if (!is_object($hookmanager)) {

-			include_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php';

-			$hookmanager = new HookManager($db);

-		}

-		$hookmanager->initHooks(array("main"));

-

-		$parameters = array('contentsecuritypolicy'=>$contentsecuritypolicy, 'mode'=>'active');

-		$result = $hookmanager->executeHooks('setContentSecurityPolicy', $parameters); // Note that $action and $object may have been modified by some hooks

-		if ($result > 0) {

-			$contentsecuritypolicy = $hookmanager->resPrint; // Replace CSP

-		} else {

-			$contentsecuritypolicy .= $hookmanager->resPrint; // Concat CSP

-		}

-

-		if (!empty($contentsecuritypolicy)) {

+		if ($result > 0) $contentsecuritypolicy = $hookmanager->resPrint; // Replace CSP

+		else $contentsecuritypolicy .= $hookmanager->resPrint; // Concat CSP

+

+		if (!empty($contentsecuritypolicy))

+		{

+			// For example, to restrict 'script', 'object', 'frames' or 'img' to some domains:

+			// script-src https://api.google.com https://anotherhost.com; object-src https://youtube.com; frame-src https://youtube.com; img-src: https://static.example.com

+			// For example, to restrict everything to one domain, except 'object', ...:

+			// default-src https://cdn.example.net; object-src 'none'

+			// For example, to restrict everything to itself except img that can be on other servers:

+			// default-src 'self'; img-src *;

+			// Pre-existing site that uses too much inline code to fix but wants to ensure resources are loaded only over https and disable plugins:

+			// default-src http: https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'

@@ -1671,15 +1148,7 @@
-	} else {

-		header("Content-Security-Policy: ".constant('MAIN_SECURITY_FORCECSP'));

-	}

-

-	// Referrer-Policy

-	// Say if we must provide the referrer when we jump onto another web page.

-	// Default browser are 'strict-origin-when-cross-origin' (only domain is sent on other domain switching), we want more so we use 'same-origin' so browser doesn't send any referrer at all when going into another web site domain.

-	// Note that we do not use 'strict-origin' as this breaks feature to restore filters when clicking on "back to page" link on some cases.

-	if (!defined('MAIN_SECURITY_FORCERP')) {

-		$referrerpolicy = getDolGlobalString('MAIN_SECURITY_FORCERP', "same-origin");

-

-		header("Referrer-Policy: ".$referrerpolicy);

-	}

-

-	if ($forcenocache) {

+	}

+	elseif (constant('FORCECSP'))

+	{

+		header("Content-Security-Policy: ".constant('FORCECSP'));

+	}

+	if ($forcenocache)

+	{

@@ -1688,3 +1156,0 @@
-

-	// No need to add this token in header, we use instead the one into the forms.

-	//header("anti-csrf-token: ".newToken());

@@ -1694 +1160 @@
- * Ouput html header of a page. It calls also top_httphead()

+ * Ouput html header of a page.

@@ -1703,3 +1169,2 @@
- * @param 	int    	$disableforlogin Do not load heavy js and css for login pages

- * @param   int     $disablenofollow Disable nofollow tag for meta robots

- * @param   int     $disablenoindex  Disable noindex tag for meta robots

+ * @param 	int    	$disablejmobile	 Disable jmobile (No more used)

+ * @param   int     $disablenofollow Disable no follow tag

@@ -1708 +1173 @@
-function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arrayofjs = array(), $arrayofcss = array(), $disableforlogin = 0, $disablenofollow = 0, $disablenoindex = 0)

+function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arrayofjs = '', $arrayofcss = '', $disablejmobile = 0, $disablenofollow = 0)

@@ -1714,3 +1179 @@
-	if (empty($conf->css)) {

-		$conf->css = '/theme/eldy/style.css.php'; // If not defined, eldy by default

-	}

+	if (empty($conf->css)) $conf->css = '/theme/eldy/style.css.php'; // If not defined, eldy by default

@@ -1720,2 +1183,2 @@
-	print '<html lang="'.substr($langs->defaultlang, 0, 2).'">'."\n";

-

+	if (!empty($conf->global->MAIN_USE_CACHE_MANIFEST)) print '<html lang="'.substr($langs->defaultlang, 0, 2).'" manifest="'.DOL_URL_ROOT.'/cache.manifest">'."\n";

+	else print '<html lang="'.substr($langs->defaultlang, 0, 2).'">'."\n";

@@ -1723,8 +1186,6 @@
-	if (empty($disablehead)) {

-		if (!is_object($hookmanager)) {

-			include_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php';

-			$hookmanager = new HookManager($db);

-		}

-		$hookmanager->initHooks(array("main"));

-

-		$ext = 'layout='.(empty($conf->browser->layout) ? '' : $conf->browser->layout).'&amp;version='.urlencode(DOL_VERSION);

+	if (empty($disablehead))

+	{

+	    if (!is_object($hookmanager)) $hookmanager = new HookManager($db);

+	    $hookmanager->initHooks(array("main"));

+

+	    $ext = 'layout='.$conf->browser->layout.'&amp;version='.urlencode(DOL_VERSION);

@@ -1734,3 +1195 @@
-		if (GETPOST('dol_basehref', 'alpha')) {

-			print '<base href="'.dol_escape_htmltag(GETPOST('dol_basehref', 'alpha')).'">'."\n";

-		}

+		if (GETPOST('dol_basehref', 'alpha')) print '<base href="'.dol_escape_htmltag(GETPOST('dol_basehref', 'alpha')).'">'."\n";

@@ -1740 +1199 @@
-		print '<meta name="robots" content="'.($disablenoindex ? 'index' : 'noindex').($disablenofollow ? ',follow' : ',nofollow').'">'."\n"; // Do not index

+		print '<meta name="robots" content="noindex'.($disablenofollow ? '' : ',nofollow').'">'."\n"; // Do not index

@@ -1743,5 +1202 @@
-		print '<meta name="anti-csrf-newtoken" content="'.newToken().'">'."\n";

-		print '<meta name="anti-csrf-currenttoken" content="'.currentToken().'">'."\n";

-		if (getDolGlobalInt('MAIN_FEATURES_LEVEL')) {

-			print '<meta name="MAIN_FEATURES_LEVEL" content="'.getDolGlobalInt('MAIN_FEATURES_LEVEL').'">'."\n";

-		}

+

@@ -1750,9 +1205,3 @@
-		if (!empty($mysoc->logo_squarred_mini)) {

-			$favicon = DOL_URL_ROOT.'/viewimage.php?cache=1&modulepart=mycompany&file='.urlencode('logos/thumbs/'.$mysoc->logo_squarred_mini);

-		}

-		if (getDolGlobalString('MAIN_FAVICON_URL')) {

-			$favicon = getDolGlobalString('MAIN_FAVICON_URL');

-		}

-		if (empty($conf->dol_use_jmobile)) {

-			print '<link rel="shortcut icon" type="image/x-icon" href="'.$favicon.'"/>'."\n"; // Not required into an Android webview

-		}

+		if (!empty($mysoc->logo_squarred_mini)) $favicon = DOL_URL_ROOT.'/viewimage.php?cache=1&modulepart=mycompany&file='.urlencode('logos/thumbs/'.$mysoc->logo_squarred_mini);

+		if (!empty($conf->global->MAIN_FAVICON_URL)) $favicon = $conf->global->MAIN_FAVICON_URL;

+		if (empty($conf->dol_use_jmobile)) print '<link rel="shortcut icon" type="image/x-icon" href="'.$favicon.'"/>'."\n"; // Not required into an Android webview

@@ -1764,10 +1213,10 @@
-		// Mobile appli like icon

-		$manifest = DOL_URL_ROOT.'/theme/'.$conf->theme.'/manifest.json.php';

-		if (!empty($manifest)) {

-			print '<link rel="manifest" href="'.$manifest.'" />'."\n";

-		}

-

-		if (getDolGlobalString('THEME_ELDY_TOPMENU_BACK1')) {

-			// TODO: use auto theme color switch

-			print '<meta name="theme-color" content="rgb(' . getDolGlobalString('THEME_ELDY_TOPMENU_BACK1').')">'."\n";

-		}

+        // Mobile appli like icon

+        $manifest = DOL_URL_ROOT.'/theme/'.$conf->theme.'/manifest.json.php';

+        if (!empty($manifest)) {

+            print '<link rel="manifest" href="'.$manifest.'" />'."\n";

+        }

+

+        if (!empty($conf->global->THEME_ELDY_TOPMENU_BACK1)) {

+            // TODO: use auto theme color switch

+            print '<meta name="theme-color" content="rgb('.$conf->global->THEME_ELDY_TOPMENU_BACK1.')">'."\n";

+        }

@@ -1776,3 +1225 @@
-		if (GETPOST('autorefresh', 'int') > 0) {

-			print '<meta http-equiv="refresh" content="'.GETPOST('autorefresh', 'int').'">';

-		}

+		if (GETPOST('autorefresh', 'int') > 0) print '<meta http-equiv="refresh" content="'.GETPOST('autorefresh', 'int').'">';

@@ -1782,3 +1229 @@
-		if (getDolGlobalString('MAIN_APPLICATION_TITLE')) {

-			$appli = $conf->global->MAIN_APPLICATION_TITLE;

-		}

+		if (!empty($conf->global->MAIN_APPLICATION_TITLE)) $appli = $conf->global->MAIN_APPLICATION_TITLE;

@@ -1788,7 +1233,3 @@
-		if ($title && getDolGlobalString('MAIN_HTML_TITLE') && preg_match('/noapp/', $conf->global->MAIN_HTML_TITLE)) {

-			$titletoshow = dol_htmlentities($title);

-		} elseif ($title) {

-			$titletoshow = dol_htmlentities($appli.' - '.$title);

-		} else {

-			$titletoshow = dol_htmlentities($appli);

-		}

+		if ($title && !empty($conf->global->MAIN_HTML_TITLE) && preg_match('/noapp/', $conf->global->MAIN_HTML_TITLE)) $titletoshow = dol_htmlentities($title);

+		elseif ($title) $titletoshow = dol_htmlentities($appli.' - '.$title);

+		else $titletoshow = dol_htmlentities($appli);

@@ -1798,5 +1239,2 @@
-		if ($result > 0) {

-			$titletoshow = $hookmanager->resPrint; // Replace Title to show

-		} else {

-			$titletoshow .= $hookmanager->resPrint; // Concat to Title to show

-		}

+		if ($result > 0) $titletoshow = $hookmanager->resPrint; // Replace Title to show

+		else $titletoshow .= $hookmanager->resPrint; // Concat to Title to show

@@ -1809,40 +1247,14 @@
-		if (GETPOST('version', 'int')) {

-			$ext = 'version='.GETPOST('version', 'int'); // usefull to force no cache on css/js

-		}

-		// Refresh value of MAIN_IHM_PARAMS_REV before forging the parameter line.

-		if (GETPOST('dol_resetcache')) {

-			include_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';

-			dolibarr_set_const($db, "MAIN_IHM_PARAMS_REV", getDolGlobalInt('MAIN_IHM_PARAMS_REV') + 1, 'chaine', 0, '', $conf->entity);

-		}

-

-		$themeparam = '?lang='.$langs->defaultlang.'&amp;theme='.$conf->theme.(GETPOST('optioncss', 'aZ09') ? '&amp;optioncss='.GETPOST('optioncss', 'aZ09', 1) : '').(empty($user->id) ? '' : ('&amp;userid='.$user->id)).'&amp;entity='.$conf->entity;

-

-		$themeparam .= ($ext ? '&amp;'.$ext : '').'&amp;revision='.getDolGlobalInt("MAIN_IHM_PARAMS_REV");

-		if (GETPOSTISSET('dol_hide_topmenu')) {

-			$themeparam .= '&amp;dol_hide_topmenu='.GETPOST('dol_hide_topmenu', 'int');

-		}

-		if (GETPOSTISSET('dol_hide_leftmenu')) {

-			$themeparam .= '&amp;dol_hide_leftmenu='.GETPOST('dol_hide_leftmenu', 'int');

-		}

-		if (GETPOSTISSET('dol_optimize_smallscreen')) {

-			$themeparam .= '&amp;dol_optimize_smallscreen='.GETPOST('dol_optimize_smallscreen', 'int');

-		}

-		if (GETPOSTISSET('dol_no_mouse_hover')) {

-			$themeparam .= '&amp;dol_no_mouse_hover='.GETPOST('dol_no_mouse_hover', 'int');

-		}

-		if (GETPOSTISSET('dol_use_jmobile')) {

-			$themeparam .= '&amp;dol_use_jmobile='.GETPOST('dol_use_jmobile', 'int'); $conf->dol_use_jmobile = GETPOST('dol_use_jmobile', 'int');

-		}

-		if (GETPOSTISSET('THEME_DARKMODEENABLED')) {

-			$themeparam .= '&amp;THEME_DARKMODEENABLED='.GETPOST('THEME_DARKMODEENABLED', 'int');

-		}

-		if (GETPOSTISSET('THEME_SATURATE_RATIO')) {

-			$themeparam .= '&amp;THEME_SATURATE_RATIO='.GETPOST('THEME_SATURATE_RATIO', 'int');

-		}

-

-		if (getDolGlobalString('MAIN_ENABLE_FONT_ROBOTO')) {

-			print '<link rel="preconnect" href="https://fonts.gstatic.com">'."\n";

-			print '<link href="https://fonts.googleapis.com/css2?family=Roboto:wght@200;300;400;500;600&display=swap" rel="stylesheet">'."\n";

-		}

-

-		if (!defined('DISABLE_JQUERY') && !$disablejs && $conf->use_javascript_ajax) {

+		if (GETPOST('version', 'int')) $ext = 'version='.GETPOST('version', 'int'); // usefull to force no cache on css/js

+

+		$themeparam = '?lang='.$langs->defaultlang.'&amp;theme='.$conf->theme.(GETPOST('optioncss', 'aZ09') ? '&amp;optioncss='.GETPOST('optioncss', 'aZ09', 1) : '').'&amp;userid='.$user->id.'&amp;entity='.$conf->entity;

+		$themeparam .= ($ext ? '&amp;'.$ext : '').'&amp;revision='.$conf->global->MAIN_IHM_PARAMS_REV;

+		if (!empty($_SESSION['dol_resetcache'])) $themeparam .= '&amp;dol_resetcache='.$_SESSION['dol_resetcache'];

+		if (GETPOSTISSET('dol_hide_topmenu')) { $themeparam .= '&amp;dol_hide_topmenu='.GETPOST('dol_hide_topmenu', 'int'); }

+		if (GETPOSTISSET('dol_hide_leftmenu')) { $themeparam .= '&amp;dol_hide_leftmenu='.GETPOST('dol_hide_leftmenu', 'int'); }

+		if (GETPOSTISSET('dol_optimize_smallscreen')) { $themeparam .= '&amp;dol_optimize_smallscreen='.GETPOST('dol_optimize_smallscreen', 'int'); }

+		if (GETPOSTISSET('dol_no_mouse_hover')) { $themeparam .= '&amp;dol_no_mouse_hover='.GETPOST('dol_no_mouse_hover', 'int'); }

+		if (GETPOSTISSET('dol_use_jmobile')) { $themeparam .= '&amp;dol_use_jmobile='.GETPOST('dol_use_jmobile', 'int'); $conf->dol_use_jmobile = GETPOST('dol_use_jmobile', 'int'); }

+		if (GETPOSTISSET('THEME_SATURATE_RATIO')) { $themeparam .= '&amp;THEME_SATURATE_RATIO='.GETPOST('THEME_SATURATE_RATIO', 'int'); }

+

+		if (!defined('DISABLE_JQUERY') && !$disablejs && $conf->use_javascript_ajax)

+		{

@@ -1851,13 +1263,7 @@
-			if (getDolGlobalString('MAIN_USE_JQUERY_THEME')) {

-				$jquerytheme = $conf->global->MAIN_USE_JQUERY_THEME;

-			}

-			if (constant('JS_JQUERY_UI')) {

-				print '<link rel="stylesheet" type="text/css" href="'.JS_JQUERY_UI.'css/'.$jquerytheme.'/jquery-ui.min.css'.($ext ? '?'.$ext : '').'">'."\n"; // Forced JQuery

-			} else {

-				print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/css/'.$jquerytheme.'/jquery-ui.css'.($ext ? '?'.$ext : '').'">'."\n"; // JQuery

-			}

-			if (!defined('DISABLE_JQUERY_JNOTIFY')) {

-				print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/plugins/jnotify/jquery.jnotify-alt.min.css'.($ext ? '?'.$ext : '').'">'."\n"; // JNotify

-			}

-			if (!defined('DISABLE_SELECT2') && (getDolGlobalString('MAIN_USE_JQUERY_MULTISELECT') || defined('REQUIRE_JQUERY_MULTISELECT'))) {     // jQuery plugin "mutiselect", "multiple-select", "select2"...

-				$tmpplugin = !getDolGlobalString('MAIN_USE_JQUERY_MULTISELECT') ?constant('REQUIRE_JQUERY_MULTISELECT') : $conf->global->MAIN_USE_JQUERY_MULTISELECT;

+			if (!empty($conf->global->MAIN_USE_JQUERY_THEME)) $jquerytheme = $conf->global->MAIN_USE_JQUERY_THEME;

+			if (constant('JS_JQUERY_UI')) print '<link rel="stylesheet" type="text/css" href="'.JS_JQUERY_UI.'css/'.$jquerytheme.'/jquery-ui.min.css'.($ext ? '?'.$ext : '').'">'."\n"; // Forced JQuery

+			else print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/css/'.$jquerytheme.'/jquery-ui.css'.($ext ? '?'.$ext : '').'">'."\n"; // JQuery

+			if (!defined('DISABLE_JQUERY_JNOTIFY')) print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/plugins/jnotify/jquery.jnotify-alt.min.css'.($ext ? '?'.$ext : '').'">'."\n"; // JNotify

+			if (!defined('DISABLE_SELECT2') && (!empty($conf->global->MAIN_USE_JQUERY_MULTISELECT) || defined('REQUIRE_JQUERY_MULTISELECT')))     // jQuery plugin "mutiselect", "multiple-select", "select2"...

+			{

+				$tmpplugin = empty($conf->global->MAIN_USE_JQUERY_MULTISELECT) ?constant('REQUIRE_JQUERY_MULTISELECT') : $conf->global->MAIN_USE_JQUERY_MULTISELECT;

@@ -1868 +1274,2 @@
-		if (!defined('DISABLE_FONT_AWSOME')) {

+		if (!defined('DISABLE_FONT_AWSOME'))

+		{

@@ -1870,2 +1277,2 @@
-			$fontawesome_directory = getDolGlobalString('MAIN_FONTAWESOME_DIRECTORY', '/theme/common/fontawesome-5');

-			print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.$fontawesome_directory.'/css/all.min.css'.($ext ? '?'.$ext : '').'">'."\n";

+            print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/theme/common/fontawesome-5/css/all.min.css'.($ext ? '?'.$ext : '').'">'."\n";

+            print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/theme/common/fontawesome-5/css/v4-shims.min.css'.($ext ? '?'.$ext : '').'">'."\n";

@@ -1878,3 +1285,6 @@
-		if (!empty($conf->modules_parts['theme'])) {	// This slow down

-			foreach ($conf->modules_parts['theme'] as $reldir) {

-				if (file_exists(dol_buildpath($reldir.$conf->css, 0))) {

+		if (!empty($conf->modules_parts['theme']))	// This slow down

+		{

+			foreach ($conf->modules_parts['theme'] as $reldir)

+			{

+				if (file_exists(dol_buildpath($reldir.$conf->css, 0)))

+				{

@@ -1890,3 +1300 @@
-		if (getDolGlobalString('MAIN_FIX_FLASH_ON_CHROME')) {

-			print '<!-- Includes CSS that does not exists as a workaround of flash bug of chrome -->'."\n".'<link rel="stylesheet" type="text/css" href="filethatdoesnotexiststosolvechromeflashbug">'."\n";

-		}

+		if (!empty($conf->global->MAIN_FIX_FLASH_ON_CHROME)) print '<!-- Includes CSS that does not exists as a workaround of flash bug of chrome -->'."\n".'<link rel="stylesheet" type="text/css" href="filethatdoesnotexiststosolvechromeflashbug">'."\n";

@@ -1895 +1303,2 @@
-		if (!empty($conf->modules_parts['css'])) {

+		if (!empty($conf->modules_parts['css']))

+		{

@@ -1897 +1306,2 @@
-			foreach ($arraycss as $modcss => $filescss) {

+			foreach ($arraycss as $modcss => $filescss)

+			{

@@ -1899,3 +1309,61 @@
-				foreach ($filescss as $cssfile) {

-					if (empty($cssfile)) {

-						dol_syslog("Warning: module ".$modcss." declared a css path file into its descriptor that is empty.", LOG_WARNING);

+				foreach ($filescss as $cssfile)

+				{

+					if (empty($cssfile)) dol_syslog("Warning: module ".$modcss." declared a css path file into its descriptor that is empty.", LOG_WARNING);

+					// cssfile is a relative path

+					print '<!-- Includes CSS added by module '.$modcss.' -->'."\n".'<link rel="stylesheet" type="text/css" href="'.dol_buildpath($cssfile, 1);

+					// We add params only if page is not static, because some web server setup does not return content type text/css if url has parameters, so browser cache is not used.

+					if (!preg_match('/\.css$/i', $cssfile)) print $themeparam;

+					print '">'."\n";

+				}

+			}

+		}

+		// CSS forced by page in top_htmlhead call (relative url starting with /)

+		if (is_array($arrayofcss))

+		{

+			foreach ($arrayofcss as $cssfile)

+			{

+			    if (preg_match('/^(http|\/\/)/i', $cssfile))

+			    {

+			        $urltofile = $cssfile;

+			    }

+			    else

+			    {

+			        $urltofile = dol_buildpath($cssfile, 1);

+			    }

+				print '<!-- Includes CSS added by page -->'."\n".'<link rel="stylesheet" type="text/css" title="default" href="'.$urltofile;

+				// We add params only if page is not static, because some web server setup does not return content type text/css if url has parameters and browser cache is not used.

+				if (!preg_match('/\.css$/i', $cssfile)) print $themeparam;

+				print '">'."\n";

+			}

+		}

+

+		// Output standard javascript links

+		if (!defined('DISABLE_JQUERY') && !$disablejs && !empty($conf->use_javascript_ajax))

+		{

+			// JQuery. Must be before other includes

+			print '<!-- Includes JS for JQuery -->'."\n";

+			if (defined('JS_JQUERY') && constant('JS_JQUERY')) print '<script src="'.JS_JQUERY.'jquery.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

+			else print '<script src="'.DOL_URL_ROOT.'/includes/jquery/js/jquery.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

+			/*if (! empty($conf->global->MAIN_FEATURES_LEVEL) && ! defined('JS_JQUERY_MIGRATE_DISABLED'))

+			{

+				if (defined('JS_JQUERY_MIGRATE') && constant('JS_JQUERY_MIGRATE')) print '<script src="'.JS_JQUERY_MIGRATE.'jquery-migrate.min.js'.($ext?'?'.$ext:'').'"></script>'."\n";

+				else print '<script src="'.DOL_URL_ROOT.'/includes/jquery/js/jquery-migrate.min.js'.($ext?'?'.$ext:'').'"></script>'."\n";

+			}*/

+			if (defined('JS_JQUERY_UI') && constant('JS_JQUERY_UI')) print '<script src="'.JS_JQUERY_UI.'jquery-ui.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

+			else print '<script src="'.DOL_URL_ROOT.'/includes/jquery/js/jquery-ui.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

+			if (!defined('DISABLE_JQUERY_TABLEDND')) print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/tablednd/jquery.tablednd.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

+			// jQuery jnotify

+			if (empty($conf->global->MAIN_DISABLE_JQUERY_JNOTIFY) && !defined('DISABLE_JQUERY_JNOTIFY'))

+			{

+				print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jnotify/jquery.jnotify.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

+			}

+			// Flot

+			if (empty($conf->global->MAIN_JS_GRAPH) || $conf->global->MAIN_JS_GRAPH == 'jflot')

+			{

+				if (empty($conf->global->MAIN_DISABLE_JQUERY_FLOT) && !defined('DISABLE_JQUERY_FLOT'))

+				{

+					if (constant('JS_JQUERY_FLOT'))

+					{

+						print '<script src="'.JS_JQUERY_FLOT.'jquery.flot.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

+						print '<script src="'.JS_JQUERY_FLOT.'jquery.flot.pie.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

+						print '<script src="'.JS_JQUERY_FLOT.'jquery.flot.stack.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

@@ -1903,11 +1371,16 @@
-					// cssfile is a relative path

-					$urlforcss = dol_buildpath($cssfile, 1);

-					if ($urlforcss && $urlforcss != '/') {

-						print '<!-- Includes CSS added by module '.$modcss.' -->'."\n".'<link rel="stylesheet" type="text/css" href="'.$urlforcss;

-						// We add params only if page is not static, because some web server setup does not return content type text/css if url has parameters, so browser cache is not used.

-						if (!preg_match('/\.css$/i', $cssfile)) {

-							print $themeparam;

-						}

-						print '">'."\n";

-					} else {

-						dol_syslog("Warning: module ".$modcss." declared a css path file for a file we can't find.", LOG_WARNING);

+					else

+					{

+						print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/flot/jquery.flot.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

+						print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/flot/jquery.flot.pie.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

+						print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/flot/jquery.flot.stack.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

+						/* Test for jflot 4.2 -> not better than current

+						print '<script language="javascript" type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/flot/jquery.canvaswrapper.js"></script>'."\n";

+						print '<script language="javascript" type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/flot/jquery.colorhelpers.js"></script>'."\n";

+						print '<script language="javascript" type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/flot/jquery.flot.js"></script>'."\n";

+						print '<script language="javascript" type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/flot/jquery.flot.pie.js"></script>'."\n";

+						print '<script language="javascript" type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/flot/jquery.flot.stack.js"></script>'."\n";

+						print '<script language="javascript" type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/flot/jquery.flot.saturated.js"></script>'."\n";

+						print '<script language="javascript" type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/flot/jquery.flot.browser.js"></script>'."\n";

+						print '<script language="javascript" type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/flot/jquery.flot.drawSeries.js"></script>'."\n";

+						print '<script language="javascript" type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/flot/jquery.flot.uiConstants.js"></script>'."\n";

+						*/

@@ -1917,46 +1389,0 @@
-		}

-		// CSS forced by page in top_htmlhead call (relative url starting with /)

-		if (is_array($arrayofcss)) {

-			foreach ($arrayofcss as $cssfile) {

-				if (preg_match('/^(http|\/\/)/i', $cssfile)) {

-					$urltofile = $cssfile;

-				} else {

-					$urltofile = dol_buildpath($cssfile, 1);

-				}

-				print '<!-- Includes CSS added by page -->'."\n".'<link rel="stylesheet" type="text/css" title="default" href="'.$urltofile;

-				// We add params only if page is not static, because some web server setup does not return content type text/css if url has parameters and browser cache is not used.

-				if (!preg_match('/\.css$/i', $cssfile)) {

-					print $themeparam;

-				}

-				print '">'."\n";

-			}

-		}

-

-		// Custom CSS

-		if (getDolGlobalString('MAIN_IHM_CUSTOM_CSS')) {

-			// If a custom CSS was set, we add link to the custom css php file

-			print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.'/theme/custom.css.php'.($ext ? '?'.$ext : '').'&amp;revision='.getDolGlobalInt("MAIN_IHM_PARAMS_REV").'">'."\n";

-		}

-

-		// Output standard javascript links

-		if (!defined('DISABLE_JQUERY') && !$disablejs && !empty($conf->use_javascript_ajax)) {

-			// JQuery. Must be before other includes

-			print '<!-- Includes JS for JQuery -->'."\n";

-			if (defined('JS_JQUERY') && constant('JS_JQUERY')) {

-				print '<script nonce="'.getNonce().'" src="'.JS_JQUERY.'jquery.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

-			} else {

-				print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/js/jquery.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

-			}

-			if (defined('JS_JQUERY_UI') && constant('JS_JQUERY_UI')) {

-				print '<script nonce="'.getNonce().'" src="'.JS_JQUERY_UI.'jquery-ui.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

-			} else {

-				print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/js/jquery-ui.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

-			}

-			// jQuery jnotify

-			if (!getDolGlobalString('MAIN_DISABLE_JQUERY_JNOTIFY') && !defined('DISABLE_JQUERY_JNOTIFY')) {

-				print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jnotify/jquery.jnotify.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

-			}

-			// Table drag and drop lines

-			if (empty($disableforlogin) && !defined('DISABLE_JQUERY_TABLEDND')) {

-				print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/tablednd/jquery.tablednd.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

-			}

@@ -1964,2 +1391,3 @@
-			if (empty($disableforlogin) && (!getDolGlobalString('MAIN_JS_GRAPH') || getDolGlobalString('MAIN_JS_GRAPH') == 'chart') && !defined('DISABLE_JS_GRAPH')) {

-				print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/nnnick/chartjs/dist/chart.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

+			if ($conf->global->MAIN_JS_GRAPH == 'chart')

+			{

+				print '<script src="'.DOL_URL_ROOT.'/includes/nnnick/chartjs/dist/Chart.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

@@ -1969 +1397,2 @@
-			if (getDolGlobalString('MAIN_USE_JQUERY_JEDITABLE') && !defined('DISABLE_JQUERY_JEDITABLE')) {

+			if (!empty($conf->global->MAIN_USE_JQUERY_JEDITABLE) && !defined('DISABLE_JQUERY_JEDITABLE'))

+			{

@@ -1971,3 +1400,3 @@
-				print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

-				print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ui-datepicker.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

-				print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ui-autocomplete.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

+				print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

+				print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ui-datepicker.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

+				print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ui-autocomplete.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

@@ -1979 +1408 @@
-				print 'var cancelInPlace = \''.$langs->trans("Cancel").'\';'."\n";

+				print 'var cancelInPlace = \''.$langs->trans('Cancel').'\';'."\n";

@@ -1984,117 +1413,107 @@
-				print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/core/js/editinplace.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

-				print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ckeditor.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

-			}

-			// jQuery Timepicker

-			if (getDolGlobalString('MAIN_USE_JQUERY_TIMEPICKER') || defined('REQUIRE_JQUERY_TIMEPICKER')) {

-				print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/timepicker/jquery-ui-timepicker-addon.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

-				print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/core/js/timepicker.js.php?lang='.$langs->defaultlang.($ext ? '&amp;'.$ext : '').'"></script>'."\n";

-			}

-			if (!defined('DISABLE_SELECT2') && (getDolGlobalString('MAIN_USE_JQUERY_MULTISELECT') || defined('REQUIRE_JQUERY_MULTISELECT'))) {

-				// jQuery plugin "mutiselect", "multiple-select", "select2", ...

-				$tmpplugin = !getDolGlobalString('MAIN_USE_JQUERY_MULTISELECT') ?constant('REQUIRE_JQUERY_MULTISELECT') : $conf->global->MAIN_USE_JQUERY_MULTISELECT;

-				print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/'.$tmpplugin.'/dist/js/'.$tmpplugin.'.full.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n"; // We include full because we need the support of containerCssClass

-			}

-			if (!defined('DISABLE_MULTISELECT')) {     // jQuery plugin "mutiselect" to select with checkboxes. Can be removed once we have an enhanced search tool

-				print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/multiselect/jquery.multi-select.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

-			}

-		}

-

-		if (!$disablejs && !empty($conf->use_javascript_ajax)) {

-			// CKEditor

-			if (empty($disableforlogin) && (isModEnabled('fckeditor') && (!getDolGlobalString('FCKEDITOR_EDITORNAME') || getDolGlobalString('FCKEDITOR_EDITORNAME') == 'ckeditor') && !defined('DISABLE_CKEDITOR')) || defined('FORCE_CKEDITOR')) {

-				print '<!-- Includes JS for CKEditor -->'."\n";

-				$pathckeditor = DOL_URL_ROOT.'/includes/ckeditor/ckeditor/';

-				$jsckeditor = 'ckeditor.js';

-				if (constant('JS_CKEDITOR')) {

-					// To use external ckeditor 4 js lib

-					$pathckeditor = constant('JS_CKEDITOR');

-				}

-				print '<script nonce="'.getNonce().'">';

-				print '/* enable ckeditor by main.inc.php */';

-				print 'var CKEDITOR_BASEPATH = \''.dol_escape_js($pathckeditor).'\';'."\n";

-				print 'var ckeditorConfig = \''.dol_escape_js(dol_buildpath($themesubdir.'/theme/'.$conf->theme.'/ckeditor/config.js'.($ext ? '?'.$ext : ''), 1)).'\';'."\n"; // $themesubdir='' in standard usage

-				print 'var ckeditorFilebrowserBrowseUrl = \''.DOL_URL_ROOT.'/core/filemanagerdol/browser/default/browser.php?Connector='.DOL_URL_ROOT.'/core/filemanagerdol/connectors/php/connector.php\';'."\n";

-				print 'var ckeditorFilebrowserImageBrowseUrl = \''.DOL_URL_ROOT.'/core/filemanagerdol/browser/default/browser.php?Type=Image&Connector='.DOL_URL_ROOT.'/core/filemanagerdol/connectors/php/connector.php\';'."\n";

-				print '</script>'."\n";

-				print '<script src="'.$pathckeditor.$jsckeditor.($ext ? '?'.$ext : '').'"></script>'."\n";

-				print '<script>';

-				if (GETPOST('mode', 'aZ09') == 'Full_inline') {

-					print 'CKEDITOR.disableAutoInline = false;'."\n";

-				} else {

-					print 'CKEDITOR.disableAutoInline = true;'."\n";

-				}

-				print '</script>'."\n";

-			}

-

-			// Browser notifications (if NOREQUIREMENU is on, it is mostly a page for popup, so we do not enable notif too. We hide also for public pages).

-			if (!defined('NOBROWSERNOTIF') && !defined('NOREQUIREMENU') && !defined('NOLOGIN')) {

-				$enablebrowsernotif = false;

-				if (isModEnabled('agenda') && getDolGlobalString('AGENDA_REMINDER_BROWSER')) {

-					$enablebrowsernotif = true;

-				}

-				if ($conf->browser->layout == 'phone') {

-					$enablebrowsernotif = false;

-				}

-				if ($enablebrowsernotif) {

-					print '<!-- Includes JS of Dolibarr (browser layout = '.$conf->browser->layout.')-->'."\n";

-					print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/core/js/lib_notification.js.php'.($ext ? '?'.$ext : '').'"></script>'."\n";

-				}

-			}

-

-			// Global js function

-			print '<!-- Includes JS of Dolibarr -->'."\n";

-			print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/core/js/lib_head.js.php?lang='.$langs->defaultlang.($ext ? '&amp;'.$ext : '').'"></script>'."\n";

-

-			// JS forced by modules (relative url starting with /)

-			if (!empty($conf->modules_parts['js'])) {		// $conf->modules_parts['js'] is array('module'=>array('file1','file2'))

-				$arrayjs = (array) $conf->modules_parts['js'];

-				foreach ($arrayjs as $modjs => $filesjs) {

-					$filesjs = (array) $filesjs; // To be sure filejs is an array

-					foreach ($filesjs as $jsfile) {

-						// jsfile is a relative path

-						$urlforjs = dol_buildpath($jsfile, 1);

-						if ($urlforjs && $urlforjs != '/') {

-							print '<!-- Include JS added by module '.$modjs.'-->'."\n";

-							print '<script nonce="'.getNonce().'" src="'.$urlforjs.((strpos($jsfile, '?') === false) ? '?' : '&amp;').'lang='.$langs->defaultlang.'"></script>'."\n";

-						} else {

-							dol_syslog("Warning: module ".$modjs." declared a js path file for a file we can't find.", LOG_WARNING);

-						}

-					}

-				}

-			}

-			// JS forced by page in top_htmlhead (relative url starting with /)

-			if (is_array($arrayofjs)) {

-				print '<!-- Includes JS added by page -->'."\n";

-				foreach ($arrayofjs as $jsfile) {

-					if (preg_match('/^(http|\/\/)/i', $jsfile)) {

-						print '<script nonce="'.getNonce().'" src="'.$jsfile.((strpos($jsfile, '?') === false) ? '?' : '&amp;').'lang='.$langs->defaultlang.'"></script>'."\n";

-					} else {

-						print '<script nonce="'.getNonce().'" src="'.dol_buildpath($jsfile, 1).((strpos($jsfile, '?') === false) ? '?' : '&amp;').'lang='.$langs->defaultlang.'"></script>'."\n";

-					}

-				}

-			}

-		}

-

-		//If you want to load custom javascript file from your selected theme directory

-		if (getDolGlobalString('ALLOW_THEME_JS')) {

-			$theme_js = dol_buildpath('/theme/'.$conf->theme.'/'.$conf->theme.'.js', 0);

-			if (file_exists($theme_js)) {

-				print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/'.$conf->theme.'.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

-			}

-		}

-

-		if (!empty($head)) {

-			print $head."\n";

-		}

-		if (getDolGlobalString('MAIN_HTML_HEADER')) {

-			print getDolGlobalString('MAIN_HTML_HEADER') . "\n";

-		}

-

-		$parameters = array();

-		$result = $hookmanager->executeHooks('addHtmlHeader', $parameters); // Note that $action and $object may have been modified by some hooks

-		print $hookmanager->resPrint; // Replace Title to show

-

-		print "</head>\n\n";

-	}

-

-	$conf->headerdone = 1; // To tell header was output

+				print '<script src="'.DOL_URL_ROOT.'/core/js/editinplace.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

+				print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ckeditor.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

+			}

+            // jQuery Timepicker

+            if (!empty($conf->global->MAIN_USE_JQUERY_TIMEPICKER) || defined('REQUIRE_JQUERY_TIMEPICKER'))

+            {

+            	print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/timepicker/jquery-ui-timepicker-addon.js'.($ext ? '?'.$ext : '').'"></script>'."\n";

+            	print '<script src="'.DOL_URL_ROOT.'/core/js/timepicker.js.php?lang='.$langs->defaultlang.($ext ? '&amp;'.$ext : '').'"></script>'."\n";

+            }

+            if (!defined('DISABLE_SELECT2') && (!empty($conf->global->MAIN_USE_JQUERY_MULTISELECT) || defined('REQUIRE_JQUERY_MULTISELECT')))     // jQuery plugin "mutiselect", "multiple-select", "select2", ...

+            {

+            	$tmpplugin = empty($conf->global->MAIN_USE_JQUERY_MULTISELECT) ?constant('REQUIRE_JQUERY_MULTISELECT') : $conf->global->MAIN_USE_JQUERY_MULTISELECT;

+            	print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/'.$tmpplugin.'/dist/js/'.$tmpplugin.'.full.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n"; // We include full because we need the support of containerCssClass

+            }

+		}

+

+        if (!$disablejs && !empty($conf->use_javascript_ajax))

+        {

+            // CKEditor

+        	if ((!empty($conf->fckeditor->enabled) && (empty($conf->global->FCKEDITOR_EDITORNAME) || $conf->global->FCKEDITOR_EDITORNAME == 'ckeditor') && !defined('DISABLE_CKEDITOR')) || defined('FORCE_CKEDITOR'))

+            {

+                print '<!-- Includes JS for CKEditor -->'."\n";

+                $pathckeditor = DOL_URL_ROOT.'/includes/ckeditor/ckeditor/';

+                $jsckeditor = 'ckeditor.js';

+                if (constant('JS_CKEDITOR'))	// To use external ckeditor 4 js lib

+                {

+                	$pathckeditor = constant('JS_CKEDITOR');

+                }

+                print '<script><!-- enable ckeditor by main.inc.php -->';

+                print 'var CKEDITOR_BASEPATH = \''.$pathckeditor.'\';'."\n";

+                print 'var ckeditorConfig = \''.dol_buildpath($themesubdir.'/theme/'.$conf->theme.'/ckeditor/config.js'.($ext ? '?'.$ext : ''), 1).'\';'."\n"; // $themesubdir='' in standard usage

+                print 'var ckeditorFilebrowserBrowseUrl = \''.DOL_URL_ROOT.'/core/filemanagerdol/browser/default/browser.php?Connector='.DOL_URL_ROOT.'/core/filemanagerdol/connectors/php/connector.php\';'."\n";

+                print 'var ckeditorFilebrowserImageBrowseUrl = \''.DOL_URL_ROOT.'/core/filemanagerdol/browser/default/browser.php?Type=Image&Connector='.DOL_URL_ROOT.'/core/filemanagerdol/connectors/php/connector.php\';'."\n";

+                print '</script>'."\n";

+                print '<script src="'.$pathckeditor.$jsckeditor.($ext ? '?'.$ext : '').'"></script>'."\n";

+                print '<script>';

+                if (GETPOST('mode', 'aZ09') == 'Full_inline')

+                {

+                	print 'CKEDITOR.disableAutoInline = false;'."\n";

+                }

+                else

+                {

+                	print 'CKEDITOR.disableAutoInline = true;'."\n";

+                }

+                print '</script>'."\n";

+            }

+

+            // Browser notifications

+            if (!defined('DISABLE_BROWSER_NOTIF'))

+            {

+                $enablebrowsernotif = false;

+                if (!empty($conf->agenda->enabled) && !empty($conf->global->AGENDA_REMINDER_BROWSER)) $enablebrowsernotif = true;

+                if ($conf->browser->layout == 'phone') $enablebrowsernotif = false;

+                if ($enablebrowsernotif)

+                {

+                    print '<!-- Includes JS of Dolibarr (browser layout = '.$conf->browser->layout.')-->'."\n";

+                    print '<script src="'.DOL_URL_ROOT.'/core/js/lib_notification.js.php'.($ext ? '?'.$ext : '').'"></script>'."\n";

+                }

+            }

+

+            // Global js function

+            print '<!-- Includes JS of Dolibarr -->'."\n";

+            print '<script src="'.DOL_URL_ROOT.'/core/js/lib_head.js.php?lang='.$langs->defaultlang.($ext ? '&'.$ext : '').'"></script>'."\n";

+

+            // JS forced by modules (relative url starting with /)

+            if (!empty($conf->modules_parts['js']))		// $conf->modules_parts['js'] is array('module'=>array('file1','file2'))

+        	{

+        		$arrayjs = (array) $conf->modules_parts['js'];

+	            foreach ($arrayjs as $modjs => $filesjs)

+	            {

+        			$filesjs = (array) $filesjs; // To be sure filejs is an array

+		            foreach ($filesjs as $jsfile)

+		            {

+	    	    		// jsfile is a relative path

+	        	    	print '<!-- Include JS added by module '.$modjs.'-->'."\n".'<script src="'.dol_buildpath($jsfile, 1).'"></script>'."\n";

+		            }

+	            }

+        	}

+            // JS forced by page in top_htmlhead (relative url starting with /)

+            if (is_array($arrayofjs))

+            {

+                print '<!-- Includes JS added by page -->'."\n";

+                foreach ($arrayofjs as $jsfile)

+                {

+                    if (preg_match('/^(http|\/\/)/i', $jsfile))

+                    {

+                        print '<script src="'.$jsfile.'"></script>'."\n";

+                    }

+                    else

+                    {

+                        print '<script src="'.dol_buildpath($jsfile, 1).'"></script>'."\n";

+                    }

+                }

+            }

+        }

+

+        if (!empty($head)) print $head."\n";

+        if (!empty($conf->global->MAIN_HTML_HEADER)) print $conf->global->MAIN_HTML_HEADER."\n";

+

+        $parameters = array();

+        $result = $hookmanager->executeHooks('addHtmlHeader', $parameters); // Note that $action and $object may have been modified by some hooks

+        print $hookmanager->resPrint; // Replace Title to show

+

+        print "</head>\n\n";

+    }

+

+    $conf->headerdone = 1; // To tell header was output

@@ -2107,11 +1526,11 @@
- *  @param      string			$head    			Lines in the HEAD

- *  @param      string			$title   			Title of web page

- *  @param      string			$target  			Target to use in menu links (Example: '' or '_top')

- *	@param		int				$disablejs			Do not output links to js (Ex: qd fonction utilisee par sous formulaire Ajax)

- *	@param		int				$disablehead		Do not output head section

- *	@param		array			$arrayofjs			Array of js files to add in header

- *	@param		array			$arrayofcss			Array of css files to add in header

- *  @param		string			$morequerystring	Query string to add to the link "print" to get same parameters (use only if autodetect fails)

- *  @param      string			$helppagename    	Name of wiki page for help ('' by default).

- * 				     		    		            Syntax is: For a wiki page: EN:EnglishPage|FR:FrenchPage|ES:SpanishPage|DE:GermanPage

- * 						                		    For other external page: http://server/url

+ *  @param      string	$head    			Lines in the HEAD

+ *  @param      string	$title   			Title of web page

+ *  @param      string	$target  			Target to use in menu links (Example: '' or '_top')

+ *	@param		int		$disablejs			Do not output links to js (Ex: qd fonction utilisee par sous formulaire Ajax)

+ *	@param		int		$disablehead		Do not output head section

+ *	@param		array	$arrayofjs			Array of js files to add in header

+ *	@param		array	$arrayofcss			Array of css files to add in header

+ *  @param		string	$morequerystring	Query string to add to the link "print" to get same parameters (use only if autodetect fails)

+ *  @param      string	$helppagename    	Name of wiki page for help ('' by default).

+ * 				     		                Syntax is: For a wiki page: EN:EnglishPage|FR:FrenchPage|ES:SpanishPage

+ * 						                    For other external page: http://server/url

@@ -2120,3 +1539,3 @@
-function top_menu($head, $title = '', $target = '', $disablejs = 0, $disablehead = 0, $arrayofjs = array(), $arrayofcss = array(), $morequerystring = '', $helppagename = '')

-{

-	global $user, $conf, $langs, $db, $form;

+function top_menu($head, $title = '', $target = '', $disablejs = 0, $disablehead = 0, $arrayofjs = '', $arrayofcss = '', $morequerystring = '', $helppagename = '')

+{

+	global $user, $conf, $langs, $db;

@@ -2127,2 +1546,3 @@
-

-	// Instantiate hooks for external modules

+	$bookmarks = '';

+

+	// Instantiate hooks of thirdparty module

@@ -2134,3 +1554,3 @@
-	if (empty($conf->headerdone)) {

-		$disablenofollow = 0;

-		top_htmlhead($head, $title, $disablejs, $disablehead, $arrayofjs, $arrayofcss, 0, $disablenofollow);

+	if (empty($conf->headerdone))

+	{

+		top_htmlhead($head, $title, $disablejs, $disablehead, $arrayofjs, $arrayofcss);

@@ -2141,8 +1561,4 @@
-	 * Top menu

-	 */

-	if ((empty($conf->dol_hide_topmenu) || GETPOST('dol_invisible_topmenu', 'int')) && (!defined('NOREQUIREMENU') || !constant('NOREQUIREMENU'))) {

-		if (!isset($form) || !is_object($form)) {

-			include_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php';

-			$form = new Form($db);

-		}

-

+     * Top menu

+     */

+	if ((empty($conf->dol_hide_topmenu) || GETPOST('dol_invisible_topmenu', 'int')) && (!defined('NOREQUIREMENU') || !constant('NOREQUIREMENU')))

+	{

@@ -2151 +1567 @@
-		print '<header id="id-top" class="side-nav-vert'.(GETPOST('dol_invisible_topmenu', 'int') ? ' hidden' : '').'">'; // dol_invisible_topmenu differs from dol_hide_topmenu: dol_invisible_topmenu means we output menu but we make it invisible.

+		print '<div class="side-nav-vert'.(GETPOST('dol_invisible_topmenu', 'int') ? ' hidden' : '').'"><div id="id-top">'; // dol_invisible_topmenu differs from dol_hide_topmenu: dol_invisible_topmenu means we output menu but we make it invisible.

@@ -2154 +1570 @@
-		print '<div id="tmenu_tooltip'.(!getDolGlobalString('MAIN_MENU_INVERT') ? '' : 'invert').'" class="tmenu">'."\n";

+		print '<div id="tmenu_tooltip'.(empty($conf->global->MAIN_MENU_INVERT) ? '' : 'invert').'" class="tmenu">'."\n";

@@ -2156 +1572 @@
-		$menumanager->showmenu('top', array('searchform'=>$searchform)); // This contains a \n

+		$menumanager->showmenu('top', array('searchform'=>$searchform, 'bookmarks'=>$bookmarks)); // This contains a \n

@@ -2161 +1577,2 @@
-		if (getDolGlobalString('MAIN_APPLICATION_TITLE')) {

+		if (!empty($conf->global->MAIN_APPLICATION_TITLE))

+		{

@@ -2163,14 +1580,9 @@
-			if (preg_match('/\d\.\d/', $appli)) {

-				if (!preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) {

-					$appli .= " (".DOL_VERSION.")"; // If new title contains a version that is different than core

-				}

-			} else {

-				$appli .= " ".DOL_VERSION;

-			}

-		} else {

-			$appli .= " ".DOL_VERSION;

-		}

-

-		if (getDolGlobalInt('MAIN_FEATURES_LEVEL')) {

-			$appli .= "<br>".$langs->trans("LevelOfFeature").': '.getDolGlobalInt('MAIN_FEATURES_LEVEL');

-		}

+			if (preg_match('/\d\.\d/', $appli))

+			{

+				if (!preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) $appli .= " (".DOL_VERSION.")"; // If new title contains a version that is different than core

+			}

+			else $appli .= " ".DOL_VERSION;

+		}

+		else $appli .= " ".DOL_VERSION;

+

+		if (!empty($conf->global->MAIN_FEATURES_LEVEL)) $appli .= "<br>".$langs->trans("LevelOfFeature").': '.$conf->global->MAIN_FEATURES_LEVEL;

@@ -2179,2 +1591,2 @@
-		$logouthtmltext = '';

-		if (!getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {

+		if (empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER))

+		{

@@ -2182,9 +1594,2 @@
-			$stringforfirstkey = $langs->trans("KeyboardShortcut");

-			if ($conf->browser->name == 'chrome') {

-				$stringforfirstkey .= ' ALT +';

-			} elseif ($conf->browser->name == 'firefox') {

-				$stringforfirstkey .= ' ALT + SHIFT +';

-			} else {

-				$stringforfirstkey .= ' CTL +';

-			}

-			if ($_SESSION["dol_authmode"] != 'forceuser' && $_SESSION["dol_authmode"] != 'http') {

+			if ($_SESSION["dol_authmode"] != 'forceuser' && $_SESSION["dol_authmode"] != 'http')

+			{

@@ -2192,2 +1597,3 @@
-				$logouttext .= '<a accesskey="l" href="'.DOL_URL_ROOT.'/user/logout.php?token='.newToken().'">';

-				$logouttext .= img_picto($langs->trans('Logout').' ('.$stringforfirstkey.' l)', 'sign-out', '', false, 0, 0, '', 'atoplogin valignmiddle');

+

+				$logouttext .= '<a accesskey="l" href="'.DOL_URL_ROOT.'/user/logout.php">';

+				$logouttext .= img_picto($langs->trans('Logout'), 'sign-out', '', false, 0, 0, '', 'atoplogin');

@@ -2195 +1601,3 @@
-			} else {

+			}

+			else

+			{

@@ -2197 +1605 @@
-				$logouttext .= img_picto($langs->trans('Logout').' ('.$stringforfirstkey.' l)', 'sign-out', '', false, 0, 0, '', 'atoplogin valignmiddle opacitymedium');

+				$logouttext .= img_picto($langs->trans('Logout'), 'sign-out', '', false, 0, 0, '', 'atoplogin opacitymedium');

@@ -2208,2 +1616,3 @@
-		if (is_numeric($result)) {

-			if ($result == 0) {

+		if (is_numeric($result))

+		{

+			if ($result == 0)

@@ -2211 +1620 @@
-			} else {

+			else

@@ -2213,2 +1622,3 @@
-			}

-		} else {

+		}

+		else

+		{

@@ -2219 +1629,2 @@
-		if (isModEnabled('modulebuilder')) {

+		if (!empty($conf->modulebuilder->enabled))

+		{

@@ -2224,5 +1635,6 @@
-			$toprightmenu .= $form->textwithtooltip('', $langs->trans("ModuleBuilder"), 2, 1, $text, 'login_block_elem', 2);

-		}

-

-		// Link to print main content area (optioncss=print)

-		if (!getDolGlobalString('MAIN_PRINT_DISABLELINK') && !getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {

+			$toprightmenu .= @Form::textwithtooltip('', $langs->trans("ModuleBuilder"), 2, 1, $text, 'login_block_elem', 2);

+		}

+

+		// Link to print main content area

+		if (empty($conf->global->MAIN_PRINT_DISABLELINK) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER) && $conf->browser->layout != 'phone')

+		{

@@ -2231,17 +1643,4 @@
-			if (isset($_POST) && is_array($_POST)) {

-				foreach ($_POST as $key => $value) {

-					$key = preg_replace('/[^a-z0-9_\.\-\[\]]/i', '', $key);

-					if (in_array($key, array('action', 'massaction', 'password'))) {

-						continue;

-					}

-					if (!is_array($value)) {

-						if ($value !== '') {

-							$qs .= '&'.urlencode($key).'='.urlencode($value);

-						}

-					} else {

-						foreach ($value as $value2) {

-							if (($value2 !== '') && (!is_array($value2))) {

-								$qs .= '&'.urlencode($key).'[]='.urlencode($value2);

-							}

-						}

-					}

+			if (is_array($_POST))

+			{

+				foreach ($_POST as $key=>$value) {

+					if ($key !== 'action' && $key !== 'password' && !is_array($value)) $qs .= '&'.$key.'='.urlencode($value);

@@ -2251 +1650 @@
-			$text = '<a href="'.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.$qs.($qs ? '&' : '').'optioncss=print" target="_blank" rel="noopener noreferrer">';

+			$text = '<a href="'.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.$qs.($qs ? '&' : '').'optioncss=print" target="_blank">';

@@ -2255 +1654 @@
-			$toprightmenu .= $form->textwithtooltip('', $langs->trans("PrintContentArea"), 2, 1, $text, 'login_block_elem', 2);

+			$toprightmenu .= @Form::textwithtooltip('', $langs->trans("PrintContentArea"), 2, 1, $text, 'login_block_elem', 2);

@@ -2259 +1658,2 @@
-		if (!getDolGlobalString('MAIN_HELP_DISABLELINK') && !getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {

+		if (empty($conf->global->MAIN_HELP_DISABLELINK) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER))

+		{

@@ -2265,7 +1665,2 @@
-			$helppresent = '';

-

-			if (empty($helppagename)) {

-				$helppagename = 'EN:User_documentation|FR:Documentation_utilisateur|ES:Documentación_usuarios|DE:Benutzerdokumentation';

-			} else {

-				$helppresent = 'helppresent';

-			}

+

+			if (empty($helppagename)) $helppagename = 'EN:User_documentation|FR:Documentation_utilisateur|ES:Documentación_usuarios';

@@ -2280 +1675,2 @@
-			if ($helpbaseurl && $helppage) {

+			if ($helpbaseurl && $helppage)

+			{

@@ -2282,15 +1678,5 @@
-				$title = $langs->trans($mode == 'wiki' ? 'GoToWikiHelpPage' : 'GoToHelpPage').', ';

-				if ($mode == 'wiki') {

-					$title .= '<br>'.img_picto('', 'globe', 'class="pictofixedwidth"').$langs->trans("PageWiki").' '.dol_escape_htmltag('"'.strtr($helppage, '_', ' ').'"');

-					if ($helppresent) {

-						$title .= ' <span class="opacitymedium">('.$langs->trans("DedicatedPageAvailable").')</span>';

-					} else {

-						$title .= ' <span class="opacitymedium">('.$langs->trans("HomePage").')</span>';

-					}

-				}

-				$text .= '<a class="help" target="_blank" rel="noopener noreferrer" href="';

-				if ($mode == 'wiki') {

-					$text .= sprintf($helpbaseurl, urlencode(html_entity_decode($helppage)));

-				} else {

-					$text .= sprintf($helpbaseurl, $helppage);

-				}

+				$title = $langs->trans($mode == 'wiki' ? 'GoToWikiHelpPage' : 'GoToHelpPage');

+				if ($mode == 'wiki') $title .= ' - '.$langs->trans("PageWiki").' &quot;'.dol_escape_htmltag(strtr($helppage, '_', ' ')).'&quot;'."";

+				$text .= '<a class="help" target="_blank" rel="noopener" href="';

+				if ($mode == 'wiki') $text .= sprintf($helpbaseurl, urlencode(html_entity_decode($helppage)));

+				else $text .= sprintf($helpbaseurl, $helppage);

@@ -2298,2 +1684 @@
-				$text .= '<span class="fa fa-question-circle atoplogin valignmiddle'.($helppresent ? ' '.$helppresent : '').'"></span>';

-				$text .= '<span class="fa fa-long-arrow-alt-up helppresentcircle'.($helppresent ? '' : ' unvisible').'"></span>';

+				$text .= '<span class="fa fa-question-circle atoplogin valignmiddle"></span>';

@@ -2301 +1686 @@
-				$toprightmenu .= $form->textwithtooltip('', $title, 2, 1, $text, 'login_block_elem', 2);

+				$toprightmenu .= @Form::textwithtooltip('', $title, 2, 1, $text, 'login_block_elem', 2);

@@ -2305 +1690 @@
-			if (getDolGlobalString('MAIN_SHOWDATABASENAMEINHELPPAGESLINK')) {

+			if (!empty($conf->global->MAIN_SHOWDATABASENAMEINHELPPAGESLINK)) {

@@ -2311,4 +1696,3 @@
-		if (!getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {

-			$text = '<span class="aversion"><span class="hideonsmartphone small">'.DOL_VERSION.'</span></span>';

-			$toprightmenu .= $form->textwithtooltip('', $appli, 2, 1, $text, 'login_block_elem', 2);

-		}

+		$text = '<span href="#" class="aversion"><span class="hideonsmartphone small">'.DOL_VERSION.'</span></span>';

+		$toprightmenu .= @Form::textwithtooltip('', $appli, 2, 1, $text, 'login_block_elem', 2);

+

@@ -2317 +1701 @@
-		$toprightmenu .= $form->textwithtooltip('', $logouthtmltext, 2, 1, $logouttext, 'login_block_elem logout-btn', 2);

+		$toprightmenu .= @Form::textwithtooltip('', $logouthtmltext, 2, 1, $logouttext, 'login_block_elem logout-btn', 2);

@@ -2327,3 +1711,3 @@
-		$toprightmenu .= '<div class="inline-block login_block_elem login_block_elem_name nowrap centpercent" style="padding: 0px;">';

-

-		if (getDolGlobalString('MAIN_USE_TOP_MENU_SEARCH_DROPDOWN')) {

+		$toprightmenu .= '<div class="inline-block nowrap"><div class="inline-block login_block_elem login_block_elem_name" style="padding: 0px;">';

+

+		if (!empty($conf->global->MAIN_USE_TOP_MENU_SEARCH_DROPDOWN)) {

@@ -2334,5 +1717,0 @@
-		if (getDolGlobalString('MAIN_USE_TOP_MENU_QUICKADD_DROPDOWN')) {

-			// Add search dropdown

-			$toprightmenu .= top_menu_quickadd();

-		}

-

@@ -2345 +1724 @@
-		$toprightmenu .= '</div>';

+		$toprightmenu .= '</div></div>';

@@ -2354,2 +1733 @@
-		print '</header>';

-		//print '<header class="header2">&nbsp;</header>';

+		print '</div></div>';

@@ -2361,3 +1739 @@
-	if (empty($conf->dol_hide_leftmenu) && empty($conf->dol_use_jmobile)) {

-		print '<!-- Begin div id-container --><div id="id-container" class="id-container">';

-	}

+	if (empty($conf->dol_hide_leftmenu) && empty($conf->dol_use_jmobile)) print '<!-- Begin div id-container --><div id="id-container" class="id-container'.($morecss ? ' '.$morecss : '').'">';

@@ -2371 +1747 @@
- * @param	string		$urllogout			URL for logout (Will use DOL_URL_ROOT.'/user/logout.php?token=...' if empty)

+ * @param	string		$urllogout			URL for logout

@@ -2376,157 +1752,97 @@
-	global $langs, $conf, $db, $hookmanager, $user, $mysoc;

-	global $dolibarr_main_authentication, $dolibarr_main_demo;

-	global $menumanager;

-

-	$langs->load('companies');

-

-	$userImage = $userDropDownImage = '';

-	if (!empty($user->photo)) {

-		$userImage          = Form::showphoto('userphoto', $user, 0, 0, 0, 'photouserphoto userphoto', 'small', 0, 1);

-		$userDropDownImage  = Form::showphoto('userphoto', $user, 0, 0, 0, 'dropdown-user-image', 'small', 0, 1);

-	} else {

-		$nophoto = '/public/theme/common/user_anonymous.png';

-		if ($user->gender == 'man') {

-			$nophoto = '/public/theme/common/user_man.png';

-		}

-		if ($user->gender == 'woman') {

-			$nophoto = '/public/theme/common/user_woman.png';

-		}

-

-		$userImage = '<img class="photo photouserphoto userphoto" alt="No photo" src="'.DOL_URL_ROOT.$nophoto.'">';

-		$userDropDownImage = '<img class="photo dropdown-user-image" alt="No photo" src="'.DOL_URL_ROOT.$nophoto.'">';

-	}

-

-	$dropdownBody = '';

-	$dropdownBody .= '<span id="topmenulogincompanyinfo-btn"><i class="fa fa-caret-right"></i> '.$langs->trans("ShowCompanyInfos").'</span>';

-	$dropdownBody .= '<div id="topmenulogincompanyinfo" >';

-

-	$dropdownBody .= '<br><b>'.$langs->trans("Company").'</b>: <span>'.dol_escape_htmltag($mysoc->name).'</span>';

-	if ($langs->transcountry("ProfId1", $mysoc->country_code) != '-') {

-		$dropdownBody .= '<br><b>'.$langs->transcountry("ProfId1", $mysoc->country_code).'</b>: <span>'.dol_print_profids(getDolGlobalString("MAIN_INFO_SIREN"), 1).'</span>';

-	}

-	if ($langs->transcountry("ProfId2", $mysoc->country_code) != '-') {

-		$dropdownBody .= '<br><b>'.$langs->transcountry("ProfId2", $mysoc->country_code).'</b>: <span>'.dol_print_profids(getDolGlobalString("MAIN_INFO_SIRET"), 2).'</span>';

-	}

-	if ($langs->transcountry("ProfId3", $mysoc->country_code) != '-') {

-		$dropdownBody .= '<br><b>'.$langs->transcountry("ProfId3", $mysoc->country_code).'</b>: <span>'.dol_print_profids(getDolGlobalString("MAIN_INFO_APE"), 3).'</span>';

-	}

-	if ($langs->transcountry("ProfId4", $mysoc->country_code) != '-') {

-		$dropdownBody .= '<br><b>'.$langs->transcountry("ProfId4", $mysoc->country_code).'</b>: <span>'.dol_print_profids(getDolGlobalString("MAIN_INFO_RCS"), 4).'</span>';

-	}

-	if ($langs->transcountry("ProfId5", $mysoc->country_code) != '-') {

-		$dropdownBody .= '<br><b>'.$langs->transcountry("ProfId5", $mysoc->country_code).'</b>: <span>'.dol_print_profids(getDolGlobalString("MAIN_INFO_PROFID5"), 5).'</span>';

-	}

-	if ($langs->transcountry("ProfId6", $mysoc->country_code) != '-') {

-		$dropdownBody .= '<br><b>'.$langs->transcountry("ProfId6", $mysoc->country_code).'</b>: <span>'.dol_print_profids(getDolGlobalString("MAIN_INFO_PROFID6"), 6).'</span>';

-	}

-	$dropdownBody .= '<br><b>'.$langs->trans("VATIntraShort").'</b>: <span>'.dol_print_profids(getDolGlobalString("MAIN_INFO_TVAINTRA"), 'VAT').'</span>';

-	$dropdownBody .= '<br><b>'.$langs->trans("Country").'</b>: <span>'.($mysoc->country_code ? $langs->trans("Country".$mysoc->country_code) : '').'</span>';

-	if (isModEnabled('multicurrency')) {

-		$dropdownBody .= '<br><b>'.$langs->trans("Currency").'</b>: <span>'.$conf->currency.'</span>';

-	}

-	$dropdownBody .= '</div>';

-

-	$dropdownBody .= '<br>';

-	$dropdownBody .= '<span id="topmenuloginmoreinfo-btn"><i class="fa fa-caret-right"></i> '.$langs->trans("ShowMoreInfos").'</span>';

-	$dropdownBody .= '<div id="topmenuloginmoreinfo" >';

-

-	// login infos

-	if (!empty($user->admin)) {

-		$dropdownBody .= '<br><b>'.$langs->trans("Administrator").'</b>: '.yn($user->admin);

-	}

-	if (!empty($user->socid)) {	// Add thirdparty for external users

-		$thirdpartystatic = new Societe($db);

-		$thirdpartystatic->fetch($user->socid);

-		$companylink = ' '.$thirdpartystatic->getNomUrl(2); // picto only of company

-		$company = ' ('.$langs->trans("Company").': '.$thirdpartystatic->name.')';

-	}

-	$type = ($user->socid ? $langs->trans("External").$company : $langs->trans("Internal"));

-	$dropdownBody .= '<br><b>'.$langs->trans("Type").':</b> '.$type;

-	$dropdownBody .= '<br><b>'.$langs->trans("Status").'</b>: '.$user->getLibStatut(0);

-	$dropdownBody .= '<br>';

-

-	$dropdownBody .= '<br><u>'.$langs->trans("Session").'</u>';

-	$dropdownBody .= '<br><b>'.$langs->trans("IPAddress").'</b>: '.dol_escape_htmltag($_SERVER["REMOTE_ADDR"]);

-	if (getDolGlobalString('MAIN_MODULE_MULTICOMPANY')) {

-		$dropdownBody .= '<br><b>'.$langs->trans("ConnectedOnMultiCompany").':</b> '.$conf->entity.' (user entity '.$user->entity.')';

-	}

-	$dropdownBody .= '<br><b>'.$langs->trans("AuthenticationMode").':</b> '.$_SESSION["dol_authmode"].(empty($dolibarr_main_demo) ? '' : ' (demo)');

-	$dropdownBody .= '<br><b>'.$langs->trans("ConnectedSince").':</b> '.dol_print_date($user->datelastlogin, "dayhour", 'tzuser');

-	$dropdownBody .= '<br><b>'.$langs->trans("PreviousConnexion").':</b> '.dol_print_date($user->datepreviouslogin, "dayhour", 'tzuser');

-	$dropdownBody .= '<br><b>'.$langs->trans("CurrentTheme").':</b> '.$conf->theme;

-	$dropdownBody .= '<br><b>'.$langs->trans("CurrentMenuManager").':</b> '.(isset($menumanager) ? $menumanager->name : 'unknown');

-	$langFlag = picto_from_langcode($langs->getDefaultLang());

-	$dropdownBody .= '<br><b>'.$langs->trans("CurrentUserLanguage").':</b> '.($langFlag ? $langFlag.' ' : '').$langs->getDefaultLang();

-

-	$tz = (int) $_SESSION['dol_tz'] + (int) $_SESSION['dol_dst'];

-	$dropdownBody .= '<br><b>'.$langs->trans("ClientTZ").':</b> '.($tz ? ($tz >= 0 ? '+' : '').$tz : '');

-	$dropdownBody .= ' ('.$_SESSION['dol_tz_string'].')';

-	//$dropdownBody .= ' &nbsp; &nbsp; &nbsp; '.$langs->trans("DaylingSavingTime").': ';

-	//if ($_SESSION['dol_dst'] > 0) $dropdownBody .= yn(1);

-	//else $dropdownBody .= yn(0);

-

-	$dropdownBody .= '<br><b>'.$langs->trans("Browser").':</b> '.$conf->browser->name.($conf->browser->version ? ' '.$conf->browser->version : '').' <small class="opacitymedium">('.dol_escape_htmltag($_SERVER['HTTP_USER_AGENT']).')</small>';

-	$dropdownBody .= '<br><b>'.$langs->trans("Layout").':</b> '.$conf->browser->layout;

-	$dropdownBody .= '<br><b>'.$langs->trans("Screen").':</b> '.$_SESSION['dol_screenwidth'].' x '.$_SESSION['dol_screenheight'];

-	if ($conf->browser->layout == 'phone') {

-		$dropdownBody .= '<br><b>'.$langs->trans("Phone").':</b> '.$langs->trans("Yes");

-	}

-	if (!empty($_SESSION["disablemodules"])) {

-		$dropdownBody .= '<br><b>'.$langs->trans("DisabledModules").':</b> <br>'.join(', ', explode(',', $_SESSION["disablemodules"]));

-	}

-	$dropdownBody .= '</div>';

-

-	// Execute hook

-	$parameters = array('user'=>$user, 'langs' => $langs);

-	$result = $hookmanager->executeHooks('printTopRightMenuLoginDropdownBody', $parameters); // Note that $action and $object may have been modified by some hooks

-	if (is_numeric($result)) {

-		if ($result == 0) {

-			$dropdownBody .= $hookmanager->resPrint; // add

-		} else {

-			$dropdownBody = $hookmanager->resPrint; // replace

-		}

-	}

-

-	if (empty($urllogout)) {

-		$urllogout = DOL_URL_ROOT.'/user/logout.php?token='.newToken();

-	}

-

-	// accesskey is for Windows or Linux:  ALT + key for chrome, ALT + SHIFT + KEY for firefox

-	// accesskey is for Mac:               CTRL + key for all browsers

-	$stringforfirstkey = $langs->trans("KeyboardShortcut");

-	if ($conf->browser->name == 'chrome') {

-		$stringforfirstkey .= ' ALT +';

-	} elseif ($conf->browser->name == 'firefox') {

-		$stringforfirstkey .= ' ALT + SHIFT +';

-	} else {

-		$stringforfirstkey .= ' CTL +';

-	}

-

-	// Defined the links for bottom of card

-	$profilLink = '<a accesskey="u" href="'.DOL_URL_ROOT.'/user/card.php?id='.$user->id.'" class="button-top-menu-dropdown" title="'.dol_escape_htmltag($langs->trans("YourUserFile").' ('.$stringforfirstkey.' u)').'"><i class="fa fa-user"></i>  '.$langs->trans("Card").'</a>';

-	$urltovirtualcard = '/user/virtualcard.php?id='.((int) $user->id);

-	$virtuelcardLink = dolButtonToOpenUrlInDialogPopup('publicvirtualcardmenu', $langs->transnoentitiesnoconv("PublicVirtualCardUrl").(is_object($user) ? ' - '.$user->getFullName($langs) : '').' ('.$stringforfirstkey.' v)', img_picto($langs->trans("PublicVirtualCardUrl").' ('.$stringforfirstkey.' v)', 'card', ''), $urltovirtualcard, '', 'button-top-menu-dropdown marginleftonly nohover', "closeTopMenuLoginDropdown()", '', 'v');

-	$logoutLink = '<a accesskey="l" href="'.$urllogout.'" class="button-top-menu-dropdown" title="'.dol_escape_htmltag($langs->trans("Logout").' ('.$stringforfirstkey.' l)').'"><i class="fa fa-sign-out-alt padingright"></i><span class="hideonsmartphone">'.$langs->trans("Logout").'</span></a>';

-

-	$profilName = $user->getFullName($langs).' ('.$user->login.')';

-	if (!empty($user->admin)) {

-		$profilName = '<i class="far fa-star classfortooltip" title="'.$langs->trans("Administrator").'" ></i> '.$profilName;

-	}

-

-	// Define version to show

-	$appli = constant('DOL_APPLICATION_TITLE');

-	if (getDolGlobalString('MAIN_APPLICATION_TITLE')) {

-		$appli = $conf->global->MAIN_APPLICATION_TITLE;

-		if (preg_match('/\d\.\d/', $appli)) {

-			if (!preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) {

-				$appli .= " (".DOL_VERSION.")"; // If new title contains a version that is different than core

-			}

-		} else {

-			$appli .= " ".DOL_VERSION;

-		}

-	} else {

-		$appli .= " ".DOL_VERSION;

-	}

-

-	if (!getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {

-		$btnUser = '<!-- div for user link -->

+    global $langs, $conf, $db, $hookmanager, $user;

+    global $dolibarr_main_authentication, $dolibarr_main_demo;

+    global $menumanager;

+

+    $userImage = $userDropDownImage = '';

+    if (!empty($user->photo))

+    {

+        $userImage          = Form::showphoto('userphoto', $user, 0, 0, 0, 'photouserphoto userphoto', 'small', 0, 1);

+        $userDropDownImage  = Form::showphoto('userphoto', $user, 0, 0, 0, 'dropdown-user-image', 'small', 0, 1);

+    }

+    else {

+        $nophoto = '/public/theme/common/user_anonymous.png';

+        if ($user->gender == 'man') $nophoto = '/public/theme/common/user_man.png';

+        if ($user->gender == 'woman') $nophoto = '/public/theme/common/user_woman.png';

+

+        $userImage = '<img class="photo photouserphoto userphoto" alt="No photo" src="'.DOL_URL_ROOT.$nophoto.'">';

+        $userDropDownImage = '<img class="photo dropdown-user-image" alt="No photo" src="'.DOL_URL_ROOT.$nophoto.'">';

+    }

+

+    $dropdownBody = '';

+    $dropdownBody .= '<span id="topmenuloginmoreinfo-btn"><i class="fa fa-caret-right"></i> '.$langs->trans("ShowMoreInfos").'</span>';

+    $dropdownBody .= '<div id="topmenuloginmoreinfo" >';

+

+    // login infos

+    if (!empty($user->admin)) {

+        $dropdownBody .= '<br><b>'.$langs->trans("Administrator").'</b>: '.yn($user->admin);

+    }

+    if (!empty($user->socid))	// Add thirdparty for external users

+    {

+        $thirdpartystatic = new Societe($db);

+        $thirdpartystatic->fetch($user->socid);

+        $companylink = ' '.$thirdpartystatic->getNomUrl(2); // picto only of company

+        $company = ' ('.$langs->trans("Company").': '.$thirdpartystatic->name.')';

+    }

+    $type = ($user->socid ? $langs->trans("External").$company : $langs->trans("Internal"));

+    $dropdownBody .= '<br><b>'.$langs->trans("Type").':</b> '.$type;

+    $dropdownBody .= '<br><b>'.$langs->trans("Status").'</b>: '.$user->getLibStatut(0);

+    $dropdownBody .= '<br>';

+

+    $dropdownBody .= '<br><u>'.$langs->trans("Session").'</u>';

+    $dropdownBody .= '<br><b>'.$langs->trans("IPAddress").'</b>: '.dol_escape_htmltag($_SERVER["REMOTE_ADDR"]);

+    if (!empty($conf->global->MAIN_MODULE_MULTICOMPANY)) $dropdownBody .= '<br><b>'.$langs->trans("ConnectedOnMultiCompany").':</b> '.$conf->entity.' (user entity '.$user->entity.')';

+    $dropdownBody .= '<br><b>'.$langs->trans("AuthenticationMode").':</b> '.$_SESSION["dol_authmode"].(empty($dolibarr_main_demo) ? '' : ' (demo)');

+    $dropdownBody .= '<br><b>'.$langs->trans("ConnectedSince").':</b> '.dol_print_date($user->datelastlogin, "dayhour", 'tzuser');

+    $dropdownBody .= '<br><b>'.$langs->trans("PreviousConnexion").':</b> '.dol_print_date($user->datepreviouslogin, "dayhour", 'tzuser');

+    $dropdownBody .= '<br><b>'.$langs->trans("CurrentTheme").':</b> '.$conf->theme;

+    $dropdownBody .= '<br><b>'.$langs->trans("CurrentMenuManager").':</b> '.$menumanager->name;

+    $langFlag = picto_from_langcode($langs->getDefaultLang());

+    $dropdownBody .= '<br><b>'.$langs->trans("CurrentUserLanguage").':</b> '.($langFlag ? $langFlag.' ' : '').$langs->getDefaultLang();

+    $dropdownBody .= '<br><b>'.$langs->trans("Browser").':</b> '.$conf->browser->name.($conf->browser->version ? ' '.$conf->browser->version : '').' ('.dol_escape_htmltag($_SERVER['HTTP_USER_AGENT']).')';

+    $dropdownBody .= '<br><b>'.$langs->trans("Layout").':</b> '.$conf->browser->layout;

+    $dropdownBody .= '<br><b>'.$langs->trans("Screen").':</b> '.$_SESSION['dol_screenwidth'].' x '.$_SESSION['dol_screenheight'];

+    if ($conf->browser->layout == 'phone') $dropdownBody .= '<br><b>'.$langs->trans("Phone").':</b> '.$langs->trans("Yes");

+    if (!empty($_SESSION["disablemodules"])) $dropdownBody .= '<br><b>'.$langs->trans("DisabledModules").':</b> <br>'.join(', ', explode(',', $_SESSION["disablemodules"]));

+    $dropdownBody .= '</div>';

+

+    // Execute hook

+    $parameters = array('user'=>$user, 'langs' => $langs);

+    $result = $hookmanager->executeHooks('printTopRightMenuLoginDropdownBody', $parameters); // Note that $action and $object may have been modified by some hooks

+    if (is_numeric($result))

+    {

+        if ($result == 0) {

+            $dropdownBody .= $hookmanager->resPrint; // add

+        }

+        else {

+            $dropdownBody = $hookmanager->resPrint; // replace

+        }

+    }

+

+    if (empty($urllogout)) {

+    	$urllogout = DOL_URL_ROOT.'/user/logout.php';

+    }

+    $logoutLink = '<a accesskey="l" href="'.$urllogout.'" class="button-top-menu-dropdown" ><i class="fa fa-sign-out-alt"></i> '.$langs->trans("Logout").'</a>';

+    $profilLink = '<a accesskey="l" href="'.DOL_URL_ROOT.'/user/card.php?id='.$user->id.'" class="button-top-menu-dropdown" ><i class="fa fa-user"></i>  '.$langs->trans("Card").'</a>';

+

+

+    $profilName = $user->getFullName($langs).' ('.$user->login.')';

+

+    if (!empty($user->admin)) {

+        $profilName = '<i class="far fa-star classfortooltip" title="'.$langs->trans("Administrator").'" ></i> '.$profilName;

+    }

+

+    // Define version to show

+    $appli = constant('DOL_APPLICATION_TITLE');

+    if (!empty($conf->global->MAIN_APPLICATION_TITLE))

+    {

+    	$appli = $conf->global->MAIN_APPLICATION_TITLE;

+    	if (preg_match('/\d\.\d/', $appli))

+    	{

+    		if (!preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) $appli .= " (".DOL_VERSION.")"; // If new title contains a version that is different than core

+    	}

+    	else $appli .= " ".DOL_VERSION;

+    }

+    else $appli .= " ".DOL_VERSION;

+

+    if (empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) {

+	    $btnUser = '<!-- div for user link -->

@@ -2534,2 +1850,3 @@
-	        <a href="'.DOL_URL_ROOT.'/user/card.php?id='.$user->id.'" class="dropdown-toggle login-dropdown-a valignmiddle" data-toggle="dropdown">

-	            '.$userImage.(empty($user->photo) ? '<!-- no photo so show also the login --><span class="hidden-xs maxwidth200 atoploginusername hideonsmartphone paddingleft valignmiddle small">'.dol_trunc($user->firstname ? $user->firstname : $user->login, 10).'</span>' : '').'

+	        <a href="'.DOL_URL_ROOT.'/user/card.php?id='.$user->id.'" class="dropdown-toggle login-dropdown-a" data-toggle="dropdown">

+	            '.$userImage.'

+	            <span class="hidden-xs maxwidth200 atoploginusername hideonsmartphone paddingleft">'.dol_trunc($user->firstname ? $user->firstname : $user->login, 10).'</span>

@@ -2543,7 +1859,0 @@
-		if ($user->datelastlogin) {

-			$title = $langs->trans("ConnectedSince").' : '.dol_print_date($user->datelastlogin, "dayhour", 'tzuser');

-			if ($user->datepreviouslogin) {

-				$title .= '<br>'.$langs->trans("PreviousConnexion").' : '.dol_print_date($user->datepreviouslogin, "dayhour", 'tzuser');

-			}

-		}

-		$btnUser .= '<small class="classfortooltip" title="'.dol_escape_htmltag($title).'" ><i class="fa fa-user-clock"></i> '.dol_print_date($user->datelastlogin, "dayhour", 'tzuser').'</small><br>';

@@ -2551,5 +1861,3 @@
-			$btnUser .= '<small class="classfortooltip" title="'.dol_escape_htmltag($title).'" ><i class="fa fa-user-clock opacitymedium"></i> '.dol_print_date($user->datepreviouslogin, "dayhour", 'tzuser').'</small><br>';

-		}

-

-		//$btnUser .= '<small class="classfortooltip"><i class="fa fa-cog"></i> '.$langs->trans("Version").' '.$appli.'</small>';

-		$btnUser .= '

+			$btnUser .= '<small class="classfortooltip" title="'.$langs->trans("PreviousConnexion").'" ><i class="fa fa-user-clock"></i> '.dol_print_date($user->datepreviouslogin, "dayhour", 'tzuser').'</small><br>';

+		}

+		$btnUser .= '<small class="classfortooltip"><i class="fa fa-cog"></i> '.$langs->trans("Version").' '.$appli.'</small>

@@ -2559 +1867 @@
-	            <!-- Menu Body user-->

+	            <!-- Menu Body -->

@@ -2567,3 +1874,0 @@
-	                <div class="pull-left">

-	                    '.$virtuelcardLink.'

-	                </div>

@@ -2573 +1878 @@
-	                <div class="clearboth"></div>

+	                <div style="clear:both;"></div>

@@ -2578,6 +1883,7 @@
-	} else {

-		$btnUser = '<!-- div for user link text browser -->

-	    <div id="topmenu-login-dropdown" class="userimg atoplogin dropdown user user-menu inline-block">

-	    	<a href="'.DOL_URL_ROOT.'/user/card.php?id='.$user->id.'" class="valignmiddle">

-	    	'.$userImage.(empty($user->photo) ? '<span class="hidden-xs maxwidth200 atoploginusername hideonsmartphone paddingleft small">'.dol_trunc($user->firstname ? $user->firstname : $user->login, 10).'</span>' : '').'

-	    	</a>

+    } else {

+    	$btnUser = '<!-- div for user link -->

+	    <div id="topmenu-login-dropdown" class="userimg atoplogin dropdown user user-menu  inline-block">

+	    	<a href="'.DOL_URL_ROOT.'/user/card.php?id='.$user->id.'">

+	    	'.$userImage.'

+	    		<span class="hidden-xs maxwidth200 atoploginusername hideonsmartphone">'.dol_trunc($user->firstname ? $user->firstname : $user->login, 10).'</span>

+	    		</a>

@@ -2585,4 +1891,5 @@
-	}

-

-	if (!defined('JS_JQUERY_DISABLE_DROPDOWN') && !empty($conf->use_javascript_ajax)) {    // This may be set by some pages that use different jquery version to avoid errors

-		$btnUser .= '

+    }

+

+    if (!defined('JS_JQUERY_DISABLE_DROPDOWN') && !empty($conf->use_javascript_ajax))    // This may be set by some pages that use different jquery version to avoid errors

+    {

+        $btnUser .= '

@@ -2591,8 +1898,2 @@
-		function closeTopMenuLoginDropdown() {

-			//console.log("close login dropdown");	// This is call at each click on page, so we disable the log

-			// Hide the menus.

-            jQuery("#topmenu-login-dropdown").removeClass("open");

-		}

-        jQuery(document).ready(function() {

-            jQuery(document).on("click", function(event) {

-				// console.log("Click somewhere on screen");

+        $( document ).ready(function() {

+            $(document).on("click", function(event) {

@@ -2600 +1901,3 @@
-					closeTopMenuLoginDropdown();

+					//console.log("close login dropdown");

+					// Hide the menus.

+                    $("#topmenu-login-dropdown").removeClass("open");

@@ -2603,7 +1906,6 @@
-		';

-

-

-		//if ($conf->theme != 'md') {

-			$btnUser .= '

-	            jQuery("#topmenu-login-dropdown .dropdown-toggle").on("click", function(event) {

-					console.log("Click on #topmenu-login-dropdown .dropdown-toggle");

+			';

+

+        if ($conf->theme != 'md') {

+	        $btnUser .= '

+	            $("#topmenu-login-dropdown .dropdown-toggle").on("click", function(event) {

+					console.log("toggle login dropdown");

@@ -2611 +1913 @@
-	                jQuery("#topmenu-login-dropdown").toggleClass("open");

+	                $("#topmenu-login-dropdown").toggleClass("open");

@@ -2614,8 +1916,2 @@
-	            jQuery("#topmenulogincompanyinfo-btn").on("click", function() {

-					console.log("Clik on #topmenulogincompanyinfo-btn");

-	                jQuery("#topmenulogincompanyinfo").slideToggle();

-	            });

-

-	            jQuery("#topmenuloginmoreinfo-btn").on("click", function() {

-					console.log("Clik on #topmenuloginmoreinfo-btn");

-	                jQuery("#topmenuloginmoreinfo").slideToggle();

+	            $("#topmenuloginmoreinfo-btn").on("click", function() {

+	                $("#topmenuloginmoreinfo").slideToggle();

@@ -2623,3 +1919,3 @@
-		//}

-

-		$btnUser .= '

+        }

+

+        $btnUser .= '

@@ -2629,258 +1925,5 @@
-	}

-

-	return $btnUser;

-}

-

-/**

- * Build the tooltip on top menu quick add

- *

- * @return  string                  HTML content

- */

-function top_menu_quickadd()

-{

-	global $conf, $langs;

-

-	$html = '';

-

-	// accesskey is for Windows or Linux:  ALT + key for chrome, ALT + SHIFT + KEY for firefox

-	// accesskey is for Mac:               CTRL + key for all browsers

-	$stringforfirstkey = $langs->trans("KeyboardShortcut");

-	if ($conf->browser->os === 'macintosh') {

-		$stringforfirstkey .= ' CTL +';

-	} else {

-		if ($conf->browser->name == 'chrome') {

-			$stringforfirstkey .= ' ALT +';

-		} elseif ($conf->browser->name == 'firefox') {

-			$stringforfirstkey .= ' ALT + SHIFT +';

-		} else {

-			$stringforfirstkey .= ' CTL +';

-		}

-	}

-

-	$html .= '<!-- div for quick add link -->

-    <div id="topmenu-quickadd-dropdown" class="atoplogin dropdown inline-block">

-        <a accesskey="a" class="dropdown-toggle login-dropdown-a nofocusvisible" data-toggle="dropdown" href="#" title="'.$langs->trans('QuickAdd').' ('.$stringforfirstkey.' a)"><i class="fa fa-plus-circle"></i></a>

-        <div class="dropdown-menu">'.printDropdownQuickadd().'</div>

-    </div>';

-	if (!defined('JS_JQUERY_DISABLE_DROPDOWN') && !empty($conf->use_javascript_ajax)) {    // This may be set by some pages that use different jquery version to avoid errors

-		$html .= '

-        <!-- Code to show/hide the user drop-down for the quick add -->

-        <script>

-        jQuery(document).ready(function() {

-            jQuery(document).on("click", function(event) {

-                if (!$(event.target).closest("#topmenu-quickadd-dropdown").length) {

-                    // Hide the menus.

-                    $("#topmenu-quickadd-dropdown").removeClass("open");

-                }

-            });

-            $("#topmenu-quickadd-dropdown .dropdown-toggle").on("click", function(event) {

-				console.log("Click on #topmenu-quickadd-dropdown .dropdown-toggle");

-                openQuickAddDropDown(event);

-            });

-

-            // Key map shortcut

-            $(document).keydown(function(event){

-				var ostype = \''.dol_escape_js($conf->browser->os).'\';

-				if (ostype === "macintosh") {

-					if ( event.which === 65 && event.ctrlKey ) {

-						console.log(\'control + a : trigger open quick add dropdown\');

-						openQuickAddDropDown(event);

-					}

-				} else {

-					if ( event.which === 65 && event.ctrlKey && event.shiftKey ) {

-						console.log(\'control + shift + a : trigger open quick add dropdown\');

-						openQuickAddDropDown(event);

-					}

-				}

-            });

-

-            var openQuickAddDropDown = function(event) {

-                event.preventDefault();

-                $("#topmenu-quickadd-dropdown").toggleClass("open");

-                //$("#top-quickadd-search-input").focus();

-            }

-        });

-        </script>

-        ';

-	}

-	return $html;

-}

-

-/**

- * Generate list of quickadd items

- *

- * @return string HTML output

- */

-function printDropdownQuickadd()

-{

-	global $conf, $user, $langs, $hookmanager;

-

-	$items = array(

-		'items' => array(

-			array(

-				"url" => "/adherents/card.php?action=create&amp;mainmenu=members",

-				"title" => "MenuNewMember@members",

-				"name" => "Adherent@members",

-				"picto" => "object_member",

-				"activation" => isModEnabled('adherent') && $user->hasRight("adherent", "write"), // vs hooking

-				"position" => 5,

-			),

-			array(

-				"url" => "/societe/card.php?action=create&amp;mainmenu=companies",

-				"title" => "MenuNewThirdParty@companies",

-				"name" => "ThirdParty@companies",

-				"picto" => "object_company",

-				"activation" => isModEnabled("societe") && $user->hasRight("societe", "write"), // vs hooking

-				"position" => 10,

-			),

-			array(

-				"url" => "/contact/card.php?action=create&amp;mainmenu=companies",

-				"title" => "NewContactAddress@companies",

-				"name" => "Contact@companies",

-				"picto" => "object_contact",

-				"activation" => isModEnabled("societe") && $user->hasRight("societe", "contact", "write"), // vs hooking

-				"position" => 20,

-			),

-			array(

-				"url" => "/comm/propal/card.php?action=create&amp;mainmenu=commercial",

-				"title" => "NewPropal@propal",

-				"name" => "Proposal@propal",

-				"picto" => "object_propal",

-				"activation" => isModEnabled("propal") && $user->hasRight("propal", "write"), // vs hooking

-				"position" => 30,

-			),

-

-			array(

-				"url" => "/commande/card.php?action=create&amp;mainmenu=commercial",

-				"title" => "NewOrder@orders",

-				"name" => "Order@orders",

-				"picto" => "object_order",

-				"activation" => isModEnabled('commande') && $user->hasRight("commande", "write"), // vs hooking

-				"position" => 40,

-			),

-			array(

-				"url" => "/compta/facture/card.php?action=create&amp;mainmenu=billing",

-				"title" => "NewBill@bills",

-				"name" => "Bill@bills",

-				"picto" => "object_bill",

-				"activation" => isModEnabled('facture') && $user->hasRight("facture", "write"), // vs hooking

-				"position" => 50,

-			),

-			array(

-				"url" => "/contrat/card.php?action=create&amp;mainmenu=commercial",

-				"title" => "NewContractSubscription@contracts",

-				"name" => "Contract@contracts",

-				"picto" => "object_contract",

-				"activation" => isModEnabled('contrat') && $user->hasRight("contrat", "write"), // vs hooking

-				"position" => 60,

-			),

-			array(

-				"url" => "/supplier_proposal/card.php?action=create&amp;mainmenu=commercial",

-				"title" => "SupplierProposalNew@supplier_proposal",

-				"name" => "SupplierProposal@supplier_proposal",

-				"picto" => "supplier_proposal",

-				"activation" => isModEnabled('supplier_proposal') && $user->hasRight("supplier_invoice", "write"), // vs hooking

-				"position" => 70,

-			),

-			array(

-				"url" => "/fourn/commande/card.php?action=create&amp;mainmenu=commercial",

-				"title" => "NewSupplierOrderShort@orders",

-				"name" => "SupplierOrder@orders",

-				"picto" => "supplier_order",

-				"activation" => (isModEnabled("fournisseur") && !getDolGlobalString('MAIN_USE_NEW_SUPPLIERMOD') && $user->hasRight("fournisseur", "commande", "write")) || (isModEnabled("supplier_order") && $user->hasRight("supplier_invoice", "write")), // vs hooking

-				"position" => 80,

-			),

-			array(

-				"url" => "/fourn/facture/card.php?action=create&amp;mainmenu=billing",

-				"title" => "NewBill@bills",

-				"name" => "SupplierBill@bills",

-				"picto" => "supplier_invoice",

-				"activation" => (isModEnabled("fournisseur") && !getDolGlobalString('MAIN_USE_NEW_SUPPLIERMOD') && $user->hasRight("fournisseur", "facture", "write")) || (isModEnabled("supplier_invoice") && $user->hasRight("supplier_invoice", "write")), // vs hooking

-				"position" => 90,

-			),

-			array(

-				"url" => "/ticket/card.php?action=create&amp;mainmenu=ticket",

-				"title" => "NewTicket@ticket",

-				"name" => "Ticket@ticket",

-				"picto" => "ticket",

-				"activation" => isModEnabled('ticket') && $user->hasRight("ticket", "write"), // vs hooking

-				"position" => 100,

-			),

-			array(

-				"url" => "/fichinter/card.php?action=create&mainmenu=commercial",

-				"title" => "NewIntervention@interventions",

-				"name" => "Intervention@interventions",

-				"picto" => "intervention",

-				"activation" => isModEnabled('ficheinter') && $user->hasRight("ficheinter", "creer"), // vs hooking

-				"position" => 110,

-			),

-			array(

-				"url" => "/product/card.php?action=create&amp;type=0&amp;mainmenu=products",

-				"title" => "NewProduct@products",

-				"name" => "Product@products",

-				"picto" => "object_product",

-				"activation" => isModEnabled("product") && $user->hasRight("produit", "write"), // vs hooking

-				"position" => 400,

-			),

-			array(

-				"url" => "/product/card.php?action=create&amp;type=1&amp;mainmenu=products",

-				"title" => "NewService@products",

-				"name" => "Service@products",

-				"picto" => "object_service",

-				"activation" => isModEnabled("service") && $user->hasRight("service", "write"), // vs hooking

-				"position" => 410,

-			),

-			array(

-				"url" => "/user/card.php?action=create&amp;type=1&amp;mainmenu=home",

-				"title" => "AddUser@users",

-				"name" => "User@users",

-				"picto" => "user",

-				"activation" => $user->hasRight("user", "user", "write"), // vs hooking

-				"position" => 500,

-			),

-		),

-	);

-

-	$dropDownQuickAddHtml = '';

-

-	// Define $dropDownQuickAddHtml

-	$dropDownQuickAddHtml .= '<div class="quickadd-body dropdown-body">';

-	$dropDownQuickAddHtml .= '<div class="dropdown-quickadd-list">';

-

-	// Allow the $items of the menu to be manipulated by modules

-	$parameters = array();

-	$hook_items = $items;

-	$reshook = $hookmanager->executeHooks('menuDropdownQuickaddItems', $parameters, $hook_items); // Note that $action and $object may have been modified by some hooks

-	if (is_numeric($reshook) && !empty($hookmanager->resArray) && is_array($hookmanager->resArray)) {

-		if ($reshook == 0) {

-			$items['items'] = array_merge($items['items'], $hookmanager->resArray); // add

-		} else {

-			$items = $hookmanager->resArray; // replace

-		}

-

-		// Sort menu items by 'position' value

-		$position = array();

-		foreach ($items['items'] as $key => $row) {

-			$position[$key] = $row['position'];

-		}

-		$array1_sort_order = SORT_ASC;

-		array_multisort($position, $array1_sort_order, $items['items']);

-	}

-

-	foreach ($items['items'] as $item) {

-		if (!$item['activation']) {

-			continue;

-		}

-		$langs->load(explode('@', $item['title'])[1]);

-		$langs->load(explode('@', $item['name'])[1]);

-		$dropDownQuickAddHtml .= '

-			<a class="dropdown-item quickadd-item" href="'.DOL_URL_ROOT.$item['url'].'" title="'.$langs->trans(explode('@', $item['title'])[0]).'">

-			'. img_picto('', $item['picto'], 'style="width:18px;"') . ' ' . $langs->trans(explode('@', $item['name'])[0]) . '</a>

-		';

-	}

-

-	$dropDownQuickAddHtml .= '</div>';

-	$dropDownQuickAddHtml .= '</div>';

-

-	return $dropDownQuickAddHtml;

-}

+    }

+

+    return $btnUser;

+}

+

@@ -2895 +1938 @@
-	global $langs, $conf, $db, $user;

+    global $langs, $conf, $db, $user;

@@ -2899,30 +1942,14 @@
-	// Define $bookmarks

-	if (!isModEnabled('bookmark') || !$user->hasRight('bookmark', 'lire')) {

-		return $html;

-	}

-

-	// accesskey is for Windows or Linux:  ALT + key for chrome, ALT + SHIFT + KEY for firefox

-	// accesskey is for Mac:               CTRL + key for all browsers

-	$stringforfirstkey = $langs->trans("KeyboardShortcut");

-	if ($conf->browser->os === 'macintosh') {

-		$stringforfirstkey .= ' CTL +';

-	} else {

-		if ($conf->browser->name == 'chrome') {

-			$stringforfirstkey .= ' ALT +';

-		} elseif ($conf->browser->name == 'firefox') {

-			$stringforfirstkey .= ' ALT + SHIFT +';

-		} else {

-			$stringforfirstkey .= ' CTL +';

-		}

-	}

-

-	if (!defined('JS_JQUERY_DISABLE_DROPDOWN') && !empty($conf->use_javascript_ajax)) {	    // This may be set by some pages that use different jquery version to avoid errors

-		include_once DOL_DOCUMENT_ROOT.'/bookmarks/bookmarks.lib.php';

-		$langs->load("bookmarks");

-

-		if (getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {

-			$html .= '<div id="topmenu-bookmark-dropdown" class="dropdown inline-block">';

-			$html .= printDropdownBookmarksList();

-			$html .= '</div>';

-		} else {

-			$html .= '<!-- div for bookmark link -->

+    // Define $bookmarks

+	if (empty($conf->bookmark->enabled) || empty($user->rights->bookmark->lire)) return $html;

+

+	if (!defined('JS_JQUERY_DISABLE_DROPDOWN') && !empty($conf->use_javascript_ajax))	    // This may be set by some pages that use different jquery version to avoid errors

+    {

+        include_once DOL_DOCUMENT_ROOT.'/bookmarks/bookmarks.lib.php';

+        $langs->load("bookmarks");

+

+        if (!empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) {

+        	$html .= '<div id="topmenu-bookmark-dropdown" class="dropdown inline-block">';

+        	$html .= printDropdownBookmarksList();

+        	$html .= '</div>';

+        } else {

+	        $html .= '<!-- div for bookmark link -->

@@ -2930 +1957,3 @@
-	            <a accesskey="b" class="dropdown-toggle login-dropdown-a nofocusvisible" data-toggle="dropdown" href="#" title="'.$langs->trans('Bookmarks').' ('.$stringforfirstkey.' b)"><i class="fa fa-star"></i></a>

+	            <a class="dropdown-toggle login-dropdown-a" data-toggle="dropdown" href="#" title="'.$langs->trans('Bookmarks').' ('.$langs->trans('BookmarksMenuShortCut').')">

+	                <i class="fa fa-star" ></i>

+	            </a>

@@ -2936 +1965 @@
-			$html .= '

+	        $html .= '

@@ -2939,2 +1968,2 @@
-	        jQuery(document).ready(function() {

-	            jQuery(document).on("click", function(event) {

+	        $( document ).ready(function() {

+	            $(document).on("click", function(event) {

@@ -2948,3 +1977,3 @@
-	            jQuery("#topmenu-bookmark-dropdown .dropdown-toggle").on("click", function(event) {

-					console.log("Click on #topmenu-bookmark-dropdown .dropdown-toggle");

-					openBookMarkDropDown(event);

+	            $("#topmenu-bookmark-dropdown .dropdown-toggle").on("click", function(event) {

+					console.log("toggle bookmark dropdown");

+					openBookMarkDropDown();

@@ -2954,13 +1983,5 @@
-	            jQuery(document).keydown(function(event) {

-					var ostype = \''.dol_escape_js($conf->browser->os).'\';

-					if (ostype === "macintosh") {

-						if ( event.which === 66 && event.ctrlKey ) {

-							console.log("Click on control + b : trigger open bookmark dropdown");

-							openBookMarkDropDown(event);

-						}

-					} else {

-						if ( event.which === 66 && event.ctrlKey && event.shiftKey ) {

-							console.log("Click on control + shift + b : trigger open bookmark dropdown");

-							openBookMarkDropDown(event);

-						}

-					}

+	            $(document).keydown(function(e){

+	                  if( e.which === 77 && e.ctrlKey && e.shiftKey ){

+	                     console.log(\'control + shift + m : trigger open bookmark dropdown\');

+	                     openBookMarkDropDown();

+	                  }

@@ -2969 +1990,2 @@
-	            var openBookMarkDropDown = function(event) {

+

+	            var openBookMarkDropDown = function() {

@@ -2971,2 +1993,2 @@
-	                jQuery("#topmenu-bookmark-dropdown").toggleClass("open");

-	                jQuery("#top-bookmark-search-input").focus();

+	                $("#topmenu-bookmark-dropdown").toggleClass("open");

+	                $("#top-bookmark-search-input").focus();

@@ -2978,3 +2000,3 @@
-		}

-	}

-	return $html;

+        }

+    }

+    return $html;

@@ -2990 +2012 @@
-	global $langs, $conf, $db, $user, $hookmanager;

+    global $langs, $conf, $db, $user, $hookmanager;

@@ -2994,33 +2016,24 @@
-	$usedbyinclude = 1;

-	$arrayresult = array();

-	include DOL_DOCUMENT_ROOT.'/core/ajax/selectsearchbox.php'; // This sets $arrayresult

-

-	// accesskey is for Windows or Linux:  ALT + key for chrome, ALT + SHIFT + KEY for firefox

-	// accesskey is for Mac:               CTRL + key for all browsers

-	$stringforfirstkey = $langs->trans("KeyboardShortcut");

-	if ($conf->browser->name == 'chrome') {

-		$stringforfirstkey .= ' ALT +';

-	} elseif ($conf->browser->name == 'firefox') {

-		$stringforfirstkey .= ' ALT + SHIFT +';

-	} else {

-		$stringforfirstkey .= ' CTL +';

-	}

-

-	$searchInput = '<input type="search" name="search_all"'.($stringforfirstkey ? ' title="'.dol_escape_htmltag($stringforfirstkey.' s').'"' : '').' id="top-global-search-input" class="dropdown-search-input search_component_input" placeholder="'.$langs->trans('Search').'" autocomplete="off">';

-

-	$defaultAction = '';

-	$buttonList = '<div class="dropdown-global-search-button-list" >';

-	// Menu with all searchable items

-	foreach ($arrayresult as $keyItem => $item) {

-		if (empty($defaultAction)) {

-			$defaultAction = $item['url'];

-		}

-		$buttonList .= '<button class="dropdown-item global-search-item tdoverflowmax300" data-target="'.dol_escape_htmltag($item['url']).'" >';

-		$buttonList .= $item['text'];

-		$buttonList .= '</button>';

-	}

-	$buttonList .= '</div>';

-

-	$dropDownHtml = '<form role="search" id="top-menu-action-search" name="actionsearch" method="GET" action="'.$defaultAction.'">';

-

-	$dropDownHtml .= '

+    $usedbyinclude = 1;

+    $arrayresult = null;

+    include DOL_DOCUMENT_ROOT.'/core/ajax/selectsearchbox.php'; // This set $arrayresult

+

+    $defaultAction = '';

+    $buttonList = '<div class="dropdown-global-search-button-list" >';

+    // Menu with all searchable items

+    foreach ($arrayresult as $keyItem => $item)

+    {

+        if (empty($defaultAction)) {

+            $defaultAction = $item['url'];

+        }

+        $buttonList .= '<button class="dropdown-item global-search-item" data-target="'.dol_escape_htmltag($item['url']).'" >';

+        $buttonList .= $item['text'];

+        $buttonList .= '</button>';

+    }

+    $buttonList .= '</div>';

+

+

+    $searchInput = '<input name="sall" id="top-global-search-input" class="dropdown-search-input" placeholder="'.$langs->trans('Search').'" autocomplete="off" >';

+

+    $dropDownHtml = '<form id="top-menu-action-search" name="actionsearch" method="GET" action="'.$defaultAction.'" >';

+

+    $dropDownHtml .= '

@@ -3033,2 +2046,2 @@
-	$dropDownHtml .= '

-        <!-- Menu Body search -->

+    $dropDownHtml .= '

+        <!-- Menu Body -->

@@ -3040,14 +2053,4 @@
-	$dropDownHtml .= '</form>';

-

-	// accesskey is for Windows or Linux:  ALT + key for chrome, ALT + SHIFT + KEY for firefox

-	// accesskey is for Mac:               CTRL + key for all browsers

-	$stringforfirstkey = $langs->trans("KeyboardShortcut");

-	if ($conf->browser->name == 'chrome') {

-		$stringforfirstkey .= ' ALT +';

-	} elseif ($conf->browser->name == 'firefox') {

-		$stringforfirstkey .= ' ALT + SHIFT +';

-	} else {

-		$stringforfirstkey .= ' CTL +';

-	}

-

-	$html .= '<!-- div for Global Search -->

+    $dropDownHtml .= '</form>';

+

+

+    $html .= '<!-- div for Global Search -->

@@ -3055,2 +2058,2 @@
-        <a accesskey="s" class="dropdown-toggle login-dropdown-a nofocusvisible" data-toggle="dropdown" href="#" title="'.$langs->trans('Search').' ('.$stringforfirstkey.' s)">

-            <i class="fa fa-search" aria-hidden="true" ></i>

+        <a class="dropdown-toggle login-dropdown-a" data-toggle="dropdown" href="#" title="'.$langs->trans('Search').' ('.$langs->trans('SearchMenuShortCut').')">

+            <i class="fa fa-search" ></i>

@@ -3058 +2061 @@
-        <div class="dropdown-menu dropdown-search">

+        <div class="dropdown-search">

@@ -3063 +2066 @@
-	$html .= '

+    $html .= '

@@ -3066 +2069 @@
-    jQuery(document).ready(function() {

+    $( document ).ready(function() {

@@ -3069,2 +2072,2 @@
-        jQuery("#top-global-search-input").keydown(function (e) {

-            if (e.keyCode == 13 || e.keyCode == 40) {

+        $("#top-global-search-input").keydown(function (e) {

+            if (e.keyCode == 13) {

@@ -3074,4 +2076,0 @@
-					 if (e.keyCode == 13){

-						 inputs[inputs.index(this) + 1].trigger("click");

-					 }

-

@@ -3084,18 +2083,5 @@
-        // arrow key nav

-        jQuery(document).keydown(function(e) {

-			// Get the focused element:

-			var $focused = $(":focus");

-			if($focused.length && $focused.hasClass("global-search-item")){

-

-           		// UP - move to the previous line

-				if (e.keyCode == 38) {

-				    e.preventDefault();

-					$focused.prev().focus();

-				}

-

-				// DOWN - move to the next line

-				if (e.keyCode == 40) {

-				    e.preventDefault();

-					$focused.next().focus();

-				}

-			}

+

+        // submit form action

+        $(".dropdown-global-search-button-list .global-search-item").on("click", function(event) {

+            $("#top-menu-action-search").attr("action", $(this).data("target"));

+            $("#top-menu-action-search").submit();

@@ -3104,7 +2089,0 @@
-

-        // submit form action

-        jQuery(".dropdown-global-search-button-list .global-search-item").on("click", function(event) {

-            jQuery("#top-menu-action-search").attr("action", $(this).data("target"));

-            jQuery("#top-menu-action-search").submit();

-        });

-

@@ -3112 +2091 @@
-        jQuery(document).on("click", function(event) {

+        $(document).on("click", function(event) {

@@ -3116 +2095 @@
-                jQuery("#topmenu-global-search-dropdown").removeClass("open");

+                $("#topmenu-global-search-dropdown").removeClass("open");

@@ -3121,2 +2100,2 @@
-        jQuery("#topmenu-global-search-dropdown .dropdown-toggle").on("click", function(event) {

-			console.log("click on toggle #topmenu-global-search-dropdown .dropdown-toggle");

+        $("#topmenu-global-search-dropdown .dropdown-toggle").on("click", function(event) {

+			console.log("toggle search dropdown");

@@ -3127,2 +2106,2 @@
-        jQuery(document).keydown(function(e){

-              if ( e.which === 70 && e.ctrlKey && e.shiftKey ) {

+        $(document).keydown(function(e){

+              if( e.which === 70 && e.ctrlKey && e.shiftKey ){

@@ -3132,4 +2110,0 @@
-              if ( e.which === 70 && e.alKey ) {

-                 console.log(\'alt + f : trigger open global-search dropdown\');

-                 openGlobalSearchDropDown();

-              }

@@ -3137,0 +2113 @@
+

@@ -3139,2 +2115,3 @@
-            jQuery("#topmenu-global-search-dropdown").toggleClass("open");

-            jQuery("#top-global-search-input").focus();

+            event.preventDefault();

+            $("#topmenu-global-search-dropdown").toggleClass("open");

+            $("#top-global-search-input").focus();

@@ -3147 +2124 @@
-	return $html;

+    return $html;

@@ -3155 +2132 @@
- * 				     		                   	Syntax is: For a wiki page: EN:EnglishPage|FR:FrenchPage|ES:SpanishPage|DE:GermanPage

+ * 				     		                   	Syntax is: For a wiki page: EN:EnglishPage|FR:FrenchPage|ES:SpanishPage

@@ -3161 +2138 @@
- *  @param  int  	$acceptdelayedhtml          1 if caller request to have html delayed content not returned but saved into global $delayedhtmlcontent (so caller can show it at end of page to avoid flash FOUC effect)

+ *  @param  string  $acceptdelayedhtml          1 if caller request to have html delayed content not returned but saved into global $delayedhtmlcontent (so caller can show it at end of page to avoid flash FOUC effect)

@@ -3164 +2141 @@
-function left_menu($menu_array_before, $helppagename = '', $notused = '', $menu_array_after = array(), $leftmenuwithoutmainarea = 0, $title = '', $acceptdelayedhtml = 0)

+function left_menu($menu_array_before, $helppagename = '', $notused = '', $menu_array_after = '', $leftmenuwithoutmainarea = 0, $title = '', $acceptdelayedhtml = 0)

@@ -3170,8 +2147,8 @@
-

-	if (!empty($menu_array_before)) {

-		dol_syslog("Deprecated parameter menu_array_before was used when calling main::left_menu function. Menu entries of module should now be defined into module descriptor and not provided when calling left_menu.", LOG_WARNING);

-	}

-

-	if (empty($conf->dol_hide_leftmenu) && (!defined('NOREQUIREMENU') || !constant('NOREQUIREMENU'))) {

-		// Instantiate hooks for external modules

-		$hookmanager->initHooks(array('leftblock'));

+	$bookmarks = '';

+

+	if (!empty($menu_array_before)) dol_syslog("Deprecated parameter menu_array_before was used when calling main::left_menu function. Menu entries of module should now be defined into module descriptor and not provided when calling left_menu.", LOG_WARNING);

+

+	if (empty($conf->dol_hide_leftmenu) && (!defined('NOREQUIREMENU') || !constant('NOREQUIREMENU')))

+	{

+		// Instantiate hooks of thirdparty module

+		$hookmanager->initHooks(array('searchform', 'leftblock'));

@@ -3179,0 +2157,3 @@
+

+		if ($conf->browser->layout == 'phone') $conf->global->MAIN_USE_OLD_SEARCH_FORM = 1; // Select into select2 is awfull on smartphone. TODO Is this still true with select2 v4 ?

+

@@ -3182,3 +2162 @@
-		if (!is_object($form)) {

-			$form = new Form($db);

-		}

+		if (!is_object($form)) $form = new Form($db);

@@ -3186,47 +2164,29 @@
-		if (!getDolGlobalString('MAIN_USE_TOP_MENU_SEARCH_DROPDOWN')) {

-			// Select into select2 is awfull on smartphone. TODO Is this still true with select2 v4 ?

-			if ($conf->browser->layout == 'phone') {

-				$conf->global->MAIN_USE_OLD_SEARCH_FORM = 1;

-			}

-

-			$usedbyinclude = 1;

-			$arrayresult = array();

-			include DOL_DOCUMENT_ROOT.'/core/ajax/selectsearchbox.php'; // This make initHooks('searchform') then set $arrayresult

-

-			if ($conf->use_javascript_ajax && !getDolGlobalString('MAIN_USE_OLD_SEARCH_FORM')) {

-				// accesskey is for Windows or Linux:  ALT + key for chrome, ALT + SHIFT + KEY for firefox

-				// accesskey is for Mac:               CTRL + key for all browsers

-				$stringforfirstkey = $langs->trans("KeyboardShortcut");

-				if ($conf->browser->name == 'chrome') {

-					$stringforfirstkey .= ' ALT +';

-				} elseif ($conf->browser->name == 'firefox') {

-					$stringforfirstkey .= ' ALT + SHIFT +';

-				} else {

-					$stringforfirstkey .= ' CTL +';

-				}

-

-				$searchform .= $form->selectArrayFilter('searchselectcombo', $arrayresult, $selected, 'accesskey="s"', 1, 0, (!getDolGlobalString('MAIN_SEARCHBOX_CONTENT_LOADED_BEFORE_KEY') ? 1 : 0), 'vmenusearchselectcombo', 1, $langs->trans("Search"), 1, $stringforfirstkey.' s');

-			} else {

-				if (is_array($arrayresult)) {

-					foreach ($arrayresult as $key => $val) {

-						$searchform .= printSearchForm($val['url'], $val['url'], $val['label'], 'maxwidth125', 'search_all', (empty($val['shortcut']) ? '' : $val['shortcut']), 'searchleft'.$key, $val['img']);

-					}

-				}

-			}

-

-			// Execute hook printSearchForm

-			$parameters = array('searchform' => $searchform);

-			$reshook = $hookmanager->executeHooks('printSearchForm', $parameters); // Note that $action and $object may have been modified by some hooks

-			if (empty($reshook)) {

-				$searchform .= $hookmanager->resPrint;

-			} else {

-				$searchform = $hookmanager->resPrint;

-			}

-

-			// Force special value for $searchform for text browsers or very old search form

-			if (getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER') || empty($conf->use_javascript_ajax)) {

-				$urltosearch = DOL_URL_ROOT.'/core/search_page.php?showtitlebefore=1';

-				$searchform = '<div class="blockvmenuimpair blockvmenusearchphone"><div id="divsearchforms1"><a href="'.$urltosearch.'" accesskey="s" alt="'.dol_escape_htmltag($langs->trans("ShowSearchFields")).'">'.$langs->trans("Search").'...</a></div></div>';

-			} elseif ($conf->use_javascript_ajax && getDolGlobalString('MAIN_USE_OLD_SEARCH_FORM')) {

-				$searchform = '<div class="blockvmenuimpair blockvmenusearchphone"><div id="divsearchforms1"><a href="#" alt="'.dol_escape_htmltag($langs->trans("ShowSearchFields")).'">'.$langs->trans("Search").'...</a></div><div id="divsearchforms2" style="display: none">'.$searchform.'</div>';

-				$searchform .= '<script>

+        if (empty($conf->global->MAIN_USE_TOP_MENU_SEARCH_DROPDOWN)) {

+            $usedbyinclude = 1;

+            $arrayresult = null;

+            include DOL_DOCUMENT_ROOT.'/core/ajax/selectsearchbox.php'; // This set $arrayresult

+

+            if ($conf->use_javascript_ajax && empty($conf->global->MAIN_USE_OLD_SEARCH_FORM)) {

+                $searchform .= $form->selectArrayFilter('searchselectcombo', $arrayresult, $selected, '', 1, 0, (empty($conf->global->MAIN_SEARCHBOX_CONTENT_LOADED_BEFORE_KEY) ? 1 : 0), 'vmenusearchselectcombo', 1, $langs->trans("Search"), 1);

+            } else {

+                if (is_array($arrayresult)) {

+                    foreach ($arrayresult as $key => $val) {

+                        $searchform .= printSearchForm($val['url'], $val['url'], $val['label'], 'maxwidth125', 'sall', $val['shortcut'], 'searchleft'.$key, $val['img']);

+                    }

+                }

+            }

+

+            // Execute hook printSearchForm

+            $parameters = array('searchform' => $searchform);

+            $reshook = $hookmanager->executeHooks('printSearchForm', $parameters); // Note that $action and $object may have been modified by some hooks

+            if (empty($reshook)) {

+                $searchform .= $hookmanager->resPrint;

+            } else $searchform = $hookmanager->resPrint;

+

+            // Force special value for $searchform

+            if (!empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER) || empty($conf->use_javascript_ajax)) {

+                $urltosearch = DOL_URL_ROOT.'/core/search_page.php?showtitlebefore=1';

+                $searchform = '<div class="blockvmenuimpair blockvmenusearchphone"><div id="divsearchforms1"><a href="'.$urltosearch.'" accesskey="s" alt="'.dol_escape_htmltag($langs->trans("ShowSearchFields")).'">'.$langs->trans("Search").'...</a></div></div>';

+            } elseif ($conf->use_javascript_ajax && !empty($conf->global->MAIN_USE_OLD_SEARCH_FORM)) {

+                $searchform = '<div class="blockvmenuimpair blockvmenusearchphone"><div id="divsearchforms1"><a href="#" alt="'.dol_escape_htmltag($langs->trans("ShowSearchFields")).'">'.$langs->trans("Search").'...</a></div><div id="divsearchforms2" style="display: none">'.$searchform.'</div>';

+                $searchform .= '<script>

@@ -3239,21 +2199,3 @@
-				$searchform .= '</div>';

-			}

-

-			// Key map shortcut

-			$searchform .= '<script>

-				jQuery(document).keydown(function(e){

-					if( e.which === 70 && e.ctrlKey && e.shiftKey ){

-						console.log(\'control + shift + f : trigger open global-search dropdown\');

-		                openGlobalSearchDropDown();

-		            }

-		            if( (e.which === 83 || e.which === 115) && e.altKey ){

-		                console.log(\'alt + s : trigger open global-search dropdown\');

-		                openGlobalSearchDropDown();

-		            }

-		        });

-

-		        var openGlobalSearchDropDown = function() {

-		            jQuery("#searchselectcombo").select2(\'open\');

-		        }

-			</script>';

-		}

+                $searchform .= '</div>';

+            }

+        }

@@ -3264 +2206 @@
-		print '<div class="vmenu"'.(!getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER') ? '' : ' title="Left menu"').'>'."\n\n";

+		print '<div class="vmenu"'.(empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER) ? '' : ' title="Left menu"').'>'."\n\n";

@@ -3269 +2211 @@
-		$menumanager->showmenu('left', array('searchform'=>$searchform)); // output menu_array and menu found in database

+		$menumanager->showmenu('left', array('searchform'=>$searchform, 'bookmarks'=>$bookmarks)); // output menu_array and menu found in database

@@ -3277 +2219,2 @@
-		if (getDolGlobalString('MAIN_SHOW_VERSION')) {    // Version is already on help picto and on login page.

+		if (!empty($conf->global->MAIN_SHOW_VERSION))    // Version is already on help picto and on login page.

+		{

@@ -3280,15 +2223,5 @@
-			if (preg_match('/fr/i', $langs->defaultlang)) {

-				$doliurl = 'https://www.dolibarr.fr';

-			}

-			if (preg_match('/es/i', $langs->defaultlang)) {

-				$doliurl = 'https://www.dolibarr.es';

-			}

-			if (preg_match('/de/i', $langs->defaultlang)) {

-				$doliurl = 'https://www.dolibarr.de';

-			}

-			if (preg_match('/it/i', $langs->defaultlang)) {

-				$doliurl = 'https://www.dolibarr.it';

-			}

-			if (preg_match('/gr/i', $langs->defaultlang)) {

-				$doliurl = 'https://www.dolibarr.gr';

-			}

+			if (preg_match('/fr/i', $langs->defaultlang)) $doliurl = 'https://www.dolibarr.fr';

+			if (preg_match('/es/i', $langs->defaultlang)) $doliurl = 'https://www.dolibarr.es';

+			if (preg_match('/de/i', $langs->defaultlang)) $doliurl = 'https://www.dolibarr.de';

+			if (preg_match('/it/i', $langs->defaultlang)) $doliurl = 'https://www.dolibarr.it';

+			if (preg_match('/gr/i', $langs->defaultlang)) $doliurl = 'https://www.dolibarr.gr';

@@ -3297 +2230,2 @@
-			if (getDolGlobalString('MAIN_APPLICATION_TITLE')) {

+			if (!empty($conf->global->MAIN_APPLICATION_TITLE))

+			{

@@ -3299,6 +2233,3 @@
-				if (preg_match('/\d\.\d/', $appli)) {

-					if (!preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) {

-						$appli .= " (".DOL_VERSION.")"; // If new title contains a version that is different than core

-					}

-				} else {

-					$appli .= " ".DOL_VERSION;

+				if (preg_match('/\d\.\d/', $appli))

+				{

+					if (!preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) $appli .= " (".DOL_VERSION.")"; // If new title contains a version that is different than core

@@ -3306,3 +2237,3 @@
-			} else {

-				$appli .= " ".DOL_VERSION;

-			}

+				else $appli .= " ".DOL_VERSION;

+			}

+			else $appli .= " ".DOL_VERSION;

@@ -3310,5 +2241,2 @@
-			if ($doliurl) {

-				print '<a class="help" target="_blank" rel="noopener noreferrer" href="'.$doliurl.'">';

-			} else {

-				print '<span class="help">';

-			}

+			if ($doliurl) print '<a class="help" target="_blank" rel="noopener" href="'.$doliurl.'">';

+			else print '<span class="help">';

@@ -3316,5 +2244,2 @@
-			if ($doliurl) {

-				print '</a>';

-			} else {

-				print '</span>';

-			}

+			if ($doliurl) print '</a>';

+			else print '</span>';

@@ -3325 +2250,2 @@
-		if (getDolGlobalString('MAIN_BUGTRACK_ENABLELINK')) {

+		if (!empty($conf->global->MAIN_BUGTRACK_ENABLELINK))

+		{

@@ -3328,40 +2254,32 @@
-			if (getDolGlobalString('MAIN_BUGTRACK_ENABLELINK') == 'github') {

-				$bugbaseurl = 'https://github.com/Dolibarr/dolibarr/issues/new?labels=Bug';

-				$bugbaseurl .= '&title=';

-				$bugbaseurl .= urlencode("Bug: ");

-				$bugbaseurl .= '&body=';

-				$bugbaseurl .= urlencode("# Instructions\n");

-				$bugbaseurl .= urlencode("*This is a template to help you report good issues. You may use [Github Markdown](https://help.github.com/articles/getting-started-with-writing-and-formatting-on-github/) syntax to format your issue report.*\n");

-				$bugbaseurl .= urlencode("*Please:*\n");

-				$bugbaseurl .= urlencode("- *replace the bracket enclosed texts with meaningful information*\n");

-				$bugbaseurl .= urlencode("- *remove any unused sub-section*\n");

-				$bugbaseurl .= urlencode("\n");

-				$bugbaseurl .= urlencode("\n");

-				$bugbaseurl .= urlencode("# Bug\n");

-				$bugbaseurl .= urlencode("[*Short description*]\n");

-				$bugbaseurl .= urlencode("\n");

-				$bugbaseurl .= urlencode("## Environment\n");

-				$bugbaseurl .= urlencode("- **Version**: ".DOL_VERSION."\n");

-				$bugbaseurl .= urlencode("- **OS**: ".php_uname('s')."\n");

-				$bugbaseurl .= urlencode("- **Web server**: ".$_SERVER["SERVER_SOFTWARE"]."\n");

-				$bugbaseurl .= urlencode("- **PHP**: ".php_sapi_name().' '.phpversion()."\n");

-				$bugbaseurl .= urlencode("- **Database**: ".$db::LABEL.' '.$db->getVersion()."\n");

-				$bugbaseurl .= urlencode("- **URL(s)**: ".$_SERVER["REQUEST_URI"]."\n");

-				$bugbaseurl .= urlencode("\n");

-				$bugbaseurl .= urlencode("## Expected and actual behavior\n");

-				$bugbaseurl .= urlencode("[*Verbose description*]\n");

-				$bugbaseurl .= urlencode("\n");

-				$bugbaseurl .= urlencode("## Steps to reproduce the behavior\n");

-				$bugbaseurl .= urlencode("[*Verbose description*]\n");

-				$bugbaseurl .= urlencode("\n");

-				$bugbaseurl .= urlencode("## [Attached files](https://help.github.com/articles/issue-attachments) (Screenshots, screencasts, dolibarr.log, debugging informations…)\n");

-				$bugbaseurl .= urlencode("[*Files*]\n");

-				$bugbaseurl .= urlencode("\n");

-

-				$bugbaseurl .= urlencode("\n");

-				$bugbaseurl .= urlencode("## Report\n");

-			} elseif (getDolGlobalString('MAIN_BUGTRACK_ENABLELINK')) {

-				$bugbaseurl = $conf->global->MAIN_BUGTRACK_ENABLELINK;

-			} else {

-				$bugbaseurl = "";

-			}

+            $bugbaseurl = 'https://github.com/Dolibarr/dolibarr/issues/new?labels=Bug';

+			$bugbaseurl .= '&title=';

+			$bugbaseurl .= urlencode("Bug: ");

+            $bugbaseurl .= '&body=';

+            $bugbaseurl .= urlencode("# Instructions\n");

+            $bugbaseurl .= urlencode("*This is a template to help you report good issues. You may use [Github Markdown](https://help.github.com/articles/getting-started-with-writing-and-formatting-on-github/) syntax to format your issue report.*\n");

+            $bugbaseurl .= urlencode("*Please:*\n");

+            $bugbaseurl .= urlencode("- *replace the bracket enclosed texts with meaningful information*\n");

+            $bugbaseurl .= urlencode("- *remove any unused sub-section*\n");

+            $bugbaseurl .= urlencode("\n");

+            $bugbaseurl .= urlencode("\n");

+            $bugbaseurl .= urlencode("# Bug\n");

+            $bugbaseurl .= urlencode("[*Short description*]\n");

+            $bugbaseurl .= urlencode("\n");

+            $bugbaseurl .= urlencode("## Environment\n");

+            $bugbaseurl .= urlencode("- **Version**: ".DOL_VERSION."\n");

+            $bugbaseurl .= urlencode("- **OS**: ".php_uname('s')."\n");

+            $bugbaseurl .= urlencode("- **Web server**: ".$_SERVER["SERVER_SOFTWARE"]."\n");

+            $bugbaseurl .= urlencode("- **PHP**: ".php_sapi_name().' '.phpversion()."\n");

+            $bugbaseurl .= urlencode("- **Database**: ".$db::LABEL.' '.$db->getVersion()."\n");

+            $bugbaseurl .= urlencode("- **URL(s)**: ".$_SERVER["REQUEST_URI"]."\n");

+            $bugbaseurl .= urlencode("\n");

+            $bugbaseurl .= urlencode("## Expected and actual behavior\n");

+            $bugbaseurl .= urlencode("[*Verbose description*]\n");

+            $bugbaseurl .= urlencode("\n");

+            $bugbaseurl .= urlencode("## Steps to reproduce the behavior\n");

+            $bugbaseurl .= urlencode("[*Verbose description*]\n");

+            $bugbaseurl .= urlencode("\n");

+            $bugbaseurl .= urlencode("## [Attached files](https://help.github.com/articles/issue-attachments) (Screenshots, screencasts, dolibarr.log, debugging informations…)\n");

+            $bugbaseurl .= urlencode("[*Files*]\n");

+            $bugbaseurl .= urlencode("\n");

+

@@ -3370 +2288 @@
-			$parameters = array('bugbaseurl' => $bugbaseurl);

+			$parameters = array('bugbaseurl'=>$bugbaseurl);

@@ -3372 +2290,2 @@
-			if (empty($reshook)) {

+			if (empty($reshook))

+			{

@@ -3374,4 +2293,5 @@
-			} else {

-				$bugbaseurl = $hookmanager->resPrint;

-			}

-

+			}

+			else $bugbaseurl = $hookmanager->resPrint;

+

+			$bugbaseurl .= urlencode("\n");

+			$bugbaseurl .= urlencode("## Report\n");

@@ -3379 +2299 @@
-			print '<a class="help" target="_blank" rel="noopener noreferrer" href="'.$bugbaseurl.'"><i class="fas fa-bug"></i> '.$langs->trans("FindBug").'</a>';

+			print '<a class="help" target="_blank" rel="noopener" href="'.$bugbaseurl.'">'.$langs->trans("FindBug").'</a>';

@@ -3402,3 +2322 @@
-	if (empty($leftmenuwithoutmainarea)) {

-		main_area($title);

-	}

+	if (empty($leftmenuwithoutmainarea)) main_area($title);

@@ -3416,5 +2334,3 @@
-	global $conf, $langs, $hookmanager;

-

-	if (empty($conf->dol_hide_leftmenu) && !GETPOST('dol_openinpopup')) {

-		print '<div id="id-right">';

-	}

+	global $conf, $langs;

+

+	if (empty($conf->dol_hide_leftmenu)) print '<div id="id-right">';

@@ -3426,40 +2342,30 @@
-	$hookmanager->initHooks(array('main'));

-	$parameters = array();

-	$reshook = $hookmanager->executeHooks('printMainArea', $parameters); // Note that $action and $object may have been modified by some hooks

-	print $hookmanager->resPrint;

-

-	if (getDolGlobalString('MAIN_ONLY_LOGIN_ALLOWED')) {

-		print info_admin($langs->trans("WarningYouAreInMaintenanceMode", $conf->global->MAIN_ONLY_LOGIN_ALLOWED), 0, 0, 1, 'warning maintenancemode');

-	}

-

-	// Permit to add user company information on each printed document by setting SHOW_SOCINFO_ON_PRINT

-	if (getDolGlobalString('SHOW_SOCINFO_ON_PRINT') && GETPOST('optioncss', 'aZ09') == 'print' && empty(GETPOST('disable_show_socinfo_on_print', 'aZ09'))) {

-		$parameters = array();

-		$reshook = $hookmanager->executeHooks('showSocinfoOnPrint', $parameters);

-		if (empty($reshook)) {

-			print '<!-- Begin show mysoc info header -->'."\n";

-			print '<div id="mysoc-info-header">'."\n";

-			print '<table class="centpercent div-table-responsive">'."\n";

-			print '<tbody>';

-			print '<tr><td rowspan="0" class="width20p">';

-			if ($conf->global->MAIN_SHOW_LOGO && !getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER') && getDolGlobalString('MAIN_INFO_SOCIETE_LOGO')) {

-				print '<img id="mysoc-info-header-logo" style="max-width:100%" alt="" src="'.DOL_URL_ROOT.'/viewimage.php?cache=1&modulepart=mycompany&file='.urlencode('logos/'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_LOGO'))).'">';

-			}

-			print '</td><td  rowspan="0" class="width50p"></td></tr>'."\n";

-			print '<tr><td class="titre bold">'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_NOM')).'</td></tr>'."\n";

-			print '<tr><td>'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_ADDRESS')).'<br>'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_ZIP')).' '.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_TOWN')).'</td></tr>'."\n";

-			if (getDolGlobalString('MAIN_INFO_SOCIETE_TEL')) {

-				print '<tr><td style="padding-left: 1em" class="small">'.$langs->trans("Phone").' : '.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_TEL')).'</td></tr>';

-			}

-			if (getDolGlobalString('MAIN_INFO_SOCIETE_MAIL')) {

-				print '<tr><td style="padding-left: 1em" class="small">'.$langs->trans("Email").' : '.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_MAIL')).'</td></tr>';

-			}

-			if (getDolGlobalString('MAIN_INFO_SOCIETE_WEB')) {

-				print '<tr><td style="padding-left: 1em" class="small">'.$langs->trans("Web").' : '.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SOCIETE_WEB')).'</td></tr>';

-			}

-			print '</tbody>';

-			print '</table>'."\n";

-			print '</div>'."\n";

-			print '<!-- End show mysoc info header -->'."\n";

-		}

-	}

+	if (!empty($conf->global->MAIN_ONLY_LOGIN_ALLOWED)) print info_admin($langs->trans("WarningYouAreInMaintenanceMode", $conf->global->MAIN_ONLY_LOGIN_ALLOWED));

+

+    // Permit to add user company information on each printed document by set SHOW_SOCINFO_ON_PRINT

+    if (!empty($conf->global->SHOW_SOCINFO_ON_PRINT) && GETPOST('optioncss', 'aZ09') == 'print' && empty(GETPOST('disable_show_socinfo_on_print', 'az09')))

+    {

+        global $hookmanager;

+        $hookmanager->initHooks(array('showsocinfoonprint'));

+        $parameters = array();

+        $reshook = $hookmanager->executeHooks('showSocinfoOnPrint', $parameters);

+        if (empty($reshook))

+        {

+            print '<!-- Begin show mysoc info header -->'."\n";

+            print '<div id="mysoc-info-header">'."\n";

+            print '<table class="centpercent div-table-responsive">'."\n";

+            print '<tbody>';

+            print '<tr><td rowspan="0" class="width20p">';

+            if ($conf->global->MAIN_SHOW_LOGO && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER) && !empty($conf->global->MAIN_INFO_SOCIETE_LOGO))

+                print '<img id="mysoc-info-header-logo" style="max-width:100%" alt="" src="'.DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode('logos/'.dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_LOGO)).'">';

+            print '</td><td  rowspan="0" class="width50p"></td></tr>'."\n";

+            print '<tr><td class="titre bold">'.dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_NOM).'</td></tr>'."\n";

+            print '<tr><td>'.dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_ADDRESS).'<br>'.dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_ZIP).' '.dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_TOWN).'</td></tr>'."\n";

+            if (!empty($conf->global->MAIN_INFO_SOCIETE_TEL)) print '<tr><td style="padding-left: 1em" class="small">'.$langs->trans("Phone").' : '.dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_TEL).'</td></tr>';

+            if (!empty($conf->global->MAIN_INFO_SOCIETE_MAIL)) print '<tr><td style="padding-left: 1em" class="small">'.$langs->trans("Email").' : '.dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_MAIL).'</td></tr>';

+            if (!empty($conf->global->MAIN_INFO_SOCIETE_WEB)) print '<tr><td style="padding-left: 1em" class="small">'.$langs->trans("Web").' : '.dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_WEB).'</td></tr>';

+            print '</tbody>';

+            print '</table>'."\n";

+            print '</div>'."\n";

+            print '<!-- End show mysoc info header -->'."\n";

+        }

+    }

@@ -3472 +2378 @@
- *  @param	string		$helppagename		Page name ('EN:xxx,ES:eee,FR:fff,DE:ddd...' or 'http://localpage')

+ *  @param	string		$helppagename		Page name ('EN:xxx,ES:eee,FR:fff...' or 'http://localpage')

@@ -3482 +2388,2 @@
-	if (preg_match('/^http/i', $helppagename)) {

+	if (preg_match('/^http/i', $helppagename))

+	{

@@ -3487 +2394,3 @@
-	} else {

+	}

+	else

+	{

@@ -3490 +2399,2 @@
-		if (preg_match('/^es/i', $langs->defaultlang)) {

+		if (preg_match('/^es/i', $langs->defaultlang))

+		{

@@ -3492,5 +2402,4 @@
-			if (preg_match('/ES:([^|]+)/i', $helppagename, $reg)) {

-				$helppage = $reg[1];

-			}

-		}

-		if (preg_match('/^fr/i', $langs->defaultlang)) {

+			if (preg_match('/ES:([^|]+)/i', $helppagename, $reg)) $helppage = $reg[1];

+		}

+		if (preg_match('/^fr/i', $langs->defaultlang))

+		{

@@ -3498,5 +2407,4 @@
-			if (preg_match('/FR:([^|]+)/i', $helppagename, $reg)) {

-				$helppage = $reg[1];

-			}

-		}

-		if (preg_match('/^de/i', $langs->defaultlang)) {

+			if (preg_match('/FR:([^|]+)/i', $helppagename, $reg)) $helppage = $reg[1];

+		}

+		if (empty($helppage))	// If help page not already found

+		{

@@ -3504,9 +2412 @@
-			if (preg_match('/DE:([^|]+)/i', $helppagename, $reg)) {

-				$helppage = $reg[1];

-			}

-		}

-		if (empty($helppage)) {	// If help page not already found

-			$helpbaseurl = 'http://wiki.dolibarr.org/index.php/%s';

-			if (preg_match('/EN:([^|]+)/i', $helppagename, $reg)) {

-				$helppage = $reg[1];

-			}

+			if (preg_match('/EN:([^|]+)/i', $helppagename, $reg)) $helppage = $reg[1];

@@ -3532,2 +2432,2 @@
- *  @param	int		$showtitlebefore	Show title before input text instead of into placeholder. This can be set when output is dedicated for text browsers.

- *  @param	int		$autofocus			Set autofocus on field

+ *  @param	string	$showtitlebefore	Show title before input text instead of into placeholder. This can be set when output is dedicated for text browsers.

+ *  @param	string	$autofocus			Set autofocus on field

@@ -3538 +2438 @@
-	global $langs, $user;

+	global $conf, $langs, $user;

@@ -3542,0 +2443 @@
+	$ret .= '<input type="hidden" name="mode" value="search">';

@@ -3544,3 +2445 @@
-	if ($showtitlebefore) {

-		$ret .= '<div class="tagtd left">'.$title.'</div> ';

-	}

+	if ($showtitlebefore) $ret .= '<div class="tagtd left">'.$title.'</div> ';

@@ -3564 +2463,2 @@
-if (!function_exists("llxFooter")) {

+if (!function_exists("llxFooter"))

+{

@@ -3577 +2477 @@
-		global $conf, $db, $langs, $user, $mysoc, $object, $hookmanager, $action;

+		global $conf, $db, $langs, $user, $mysoc, $object;

@@ -3579,17 +2479,3 @@
-		global $contextpage, $page, $limit, $mode;

-		global $dolibarr_distrib;

-

-		$ext = 'layout='.urlencode($conf->browser->layout).'&version='.urlencode(DOL_VERSION);

-

-		// Hook to add more things on all pages within fiche DIV

-		$llxfooter = '';

-		$parameters = array();

-		$reshook = $hookmanager->executeHooks('llxFooter', $parameters, $object, $action); // Note that $action and $object may have been modified by hook

-		if (empty($reshook)) {

-			$llxfooter .= $hookmanager->resPrint;

-		} elseif ($reshook > 0) {

-			$llxfooter = $hookmanager->resPrint;

-		}

-		if ($llxfooter) {

-			print $llxfooter;

-		}

+		global $contextpage, $page, $limit;

+

+		$ext = 'layout='.$conf->browser->layout.'&version='.urlencode(DOL_VERSION);

@@ -3602 +2488,2 @@
-		if (is_object($user) && !empty($user->lastsearch_values_tmp) && is_array($user->lastsearch_values_tmp)) {

+		if (is_object($user) && !empty($user->lastsearch_values_tmp) && is_array($user->lastsearch_values_tmp))

+		{

@@ -3604 +2491,2 @@
-			foreach ($user->lastsearch_values_tmp as $key => $val) {

+			foreach ($user->lastsearch_values_tmp as $key => $val)

+			{

@@ -3606,7 +2494,4 @@
-				if (count($val) && empty($_POST['button_removefilter']) && empty($_POST['button_removefilter_x'])) {

-					if (empty($val['sortfield'])) {

-						unset($val['sortfield']);

-					}

-					if (empty($val['sortorder'])) {

-						unset($val['sortorder']);

-					}

+				if (count($val) && empty($_POST['button_removefilter']))	// If there is search criteria to save and we did not click on 'Clear filter' button

+				{

+					if (empty($val['sortfield'])) unset($val['sortfield']);

+					if (empty($val['sortorder'])) unset($val['sortorder']);

@@ -3623,3 +2508 @@
-		if (constant('DOL_URL_ROOT')) {

-			$relativepathstring = preg_replace('/^'.preg_quote(constant('DOL_URL_ROOT'), '/').'/', '', $relativepathstring);

-		}

+		if (constant('DOL_URL_ROOT')) $relativepathstring = preg_replace('/^'.preg_quote(constant('DOL_URL_ROOT'), '/').'/', '', $relativepathstring);

@@ -3628 +2511,2 @@
-		if (preg_match('/list\.php$/', $relativepathstring)) {

+		if (preg_match('/list\.php$/', $relativepathstring))

+		{

@@ -3632,14 +2516,4 @@
-			unset($_SESSION['lastsearch_mode_tmp_'.$relativepathstring]);

-

-			if (!empty($contextpage)) {

-				$_SESSION['lastsearch_contextpage_tmp_'.$relativepathstring] = $contextpage;

-			}

-			if (!empty($page) && $page > 0) {

-				$_SESSION['lastsearch_page_tmp_'.$relativepathstring] = $page;

-			}

-			if (!empty($limit) && $limit != $conf->liste_limit) {

-				$_SESSION['lastsearch_limit_tmp_'.$relativepathstring] = $limit;

-			}

-			if (!empty($mode)) {

-				$_SESSION['lastsearch_mode_tmp_'.$relativepathstring] = $mode;

-			}

+

+			if (!empty($contextpage))                     $_SESSION['lastsearch_contextpage_tmp_'.$relativepathstring] = $contextpage;

+			if (!empty($page) && $page > 0)               $_SESSION['lastsearch_page_tmp_'.$relativepathstring] = $page;

+			if (!empty($limit) && $limit != $conf->limit) $_SESSION['lastsearch_limit_tmp_'.$relativepathstring] = $limit;

@@ -3650 +2523,0 @@
-			unset($_SESSION['lastsearch_mode_'.$relativepathstring]);

@@ -3654 +2527,2 @@
-		if (getDolGlobalString('MAIN_CORE_ERROR')) {

+		if (!empty($conf->global->MAIN_CORE_ERROR))

+		{

@@ -3656 +2530,2 @@
-			if ($conf->use_javascript_ajax) {

+			if ($conf->use_javascript_ajax)

+			{

@@ -3659,2 +2534,4 @@
-			} else {

-				// html version

+			}

+			// html version

+			else

+			{

@@ -3672,7 +2549,3 @@
-		if (empty($conf->dol_hide_leftmenu) && !GETPOST('dol_openinpopup')) {

-			print '</div> <!-- End div id-right -->'."\n"; // End div id-right

-		}

-

-		if (empty($conf->dol_hide_leftmenu) && empty($conf->dol_use_jmobile)) {

-			print '</div> <!-- End div id-container -->'."\n"; // End div container

-		}

+		if (empty($conf->dol_hide_leftmenu)) print '</div> <!-- End div id-right -->'."\n"; // End div id-right

+

+		if (empty($conf->dol_hide_leftmenu) && empty($conf->dol_use_jmobile)) print '</div> <!-- End div id-container -->'."\n"; // End div container

@@ -3681,3 +2554 @@
-		if ($comment) {

-			print '<!-- '.$comment.' -->'."\n";

-		}

+		if ($comment) print '<!-- '.$comment.' -->'."\n";

@@ -3687,5 +2558,4 @@
-		if (!empty($delayedhtmlcontent)) {

-			print $delayedhtmlcontent;

-		}

-

-		if (!empty($conf->use_javascript_ajax)) {

+		if (!empty($delayedhtmlcontent)) print $delayedhtmlcontent;

+

+		if (!empty($conf->use_javascript_ajax))

+		{

@@ -3697,2 +2567,4 @@
-		if (isModEnabled('blockedlog') && is_object($object) && !empty($object->id) && $object->id > 0) {

-			if (in_array($object->element, array('facture')) && $object->statut > 0) {       // Restrict for the moment to element 'facture'

+		if (!empty($conf->blockedlog->enabled) && is_object($object) && $object->id > 0 && $object->statut > 0)

+		{

+			if (in_array($object->element, array('facture')))       // Restrict for the moment to element 'facture'

+			{

@@ -3701,24 +2573,22 @@
-				<script>

-				jQuery(document).ready(function () {

-					$('a.documentpreview').click(function() {

-						$.post('<?php echo DOL_URL_ROOT."/blockedlog/ajax/block-add.php" ?>'

-								, {

-									id:<?php echo $object->id; ?>

-									, element:'<?php echo $object->element ?>'

-									, action:'DOC_PREVIEW'

-									, token: '<?php echo currentToken(); ?>'

-								}

-						);

-					});

-					$('a.documentdownload').click(function() {

-						$.post('<?php echo DOL_URL_ROOT."/blockedlog/ajax/block-add.php" ?>'

-								, {

-									id:<?php echo $object->id; ?>

-									, element:'<?php echo $object->element ?>'

-									, action:'DOC_DOWNLOAD'

-									, token: '<?php echo currentToken(); ?>'

-								}

-						);

-					});

-				});

-				</script>

+    			<script>

+    			jQuery(document).ready(function () {

+    				$('a.documentpreview').click(function() {

+    					$.post('<?php echo DOL_URL_ROOT."/blockedlog/ajax/block-add.php" ?>'

+    							, {

+    								id:<?php echo $object->id; ?>

+    								, element:'<?php echo $object->element ?>'

+    								, action:'DOC_PREVIEW'

+    							}

+    					);

+    				});

+    				$('a.documentdownload').click(function() {

+    					$.post('<?php echo DOL_URL_ROOT."/blockedlog/ajax/block-add.php" ?>'

+    							, {

+    								id:<?php echo $object->id; ?>

+    								, element:'<?php echo $object->element ?>'

+    								, action:'DOC_DOWNLOAD'

+    							}

+    					);

+    				});

+    			});

+    			</script>

@@ -3727 +2597 @@
-		}

+	   	}

@@ -3730 +2600 @@
-		print "\n<!-- A div to allow dialog popup by jQuery('#dialogforpopup').dialog() -->\n";

+		print "\n<!-- A div to allow dialog popup -->\n";

@@ -3736 +2606,2 @@
-		if (($_SERVER["PHP_SELF"] == DOL_URL_ROOT.'/index.php') || $forceping) {

+		if (($_SERVER["PHP_SELF"] == DOL_URL_ROOT.'/index.php') || $forceping)

+		{

@@ -3738,5 +2609,5 @@
-			$hash_unique_id = dol_hash('dolibarr'.$conf->file->instance_unique_id, 'sha256');	// Note: if the global salt changes, this hash changes too so ping may be counted twice. We don't mind. It is for statistics purpose only.

-

-			if (!getDolGlobalString('MAIN_FIRST_PING_OK_DATE')

-				|| (!empty($conf->file->instance_unique_id) && ($hash_unique_id != $conf->global->MAIN_FIRST_PING_OK_ID) && (getDolGlobalString('MAIN_FIRST_PING_OK_ID') != 'disabled'))

-			|| $forceping) {

+			$hash_unique_id = md5('dolibarr'.$conf->file->instance_unique_id);

+			if (empty($conf->global->MAIN_FIRST_PING_OK_DATE)

+				|| (!empty($conf->file->instance_unique_id) && ($hash_unique_id != $conf->global->MAIN_FIRST_PING_OK_ID) && ($conf->global->MAIN_FIRST_PING_OK_ID != 'disabled'))

+			|| $forceping)

+			{

@@ -3746 +2617,3 @@
-				} elseif (empty($_COOKIE['DOLINSTALLNOPING_'.$hash_unique_id]) || $forceping) {	// Cookie is set when we uncheck the checkbox in the installation wizard.

+				}

+				elseif (empty($_COOKIE['DOLINSTALLNOPING_'.$hash_unique_id]) || $forceping)	// Cookie is set when we uncheck the checkbox in the installation wizard.

+				{

@@ -3748,2 +2621,2 @@
-					// Disable ping if MAIN_LAST_PING_KO_DATE is set and is recent (this month)

-					if (getDolGlobalString('MAIN_LAST_PING_KO_DATE') && substr($conf->global->MAIN_LAST_PING_KO_DATE, 0, 6) == dol_print_date(dol_now(), '%Y%m') && !$forceping) {

+					// Disable ping if MAIN_LAST_PING_KO_DATE is set and is recent

+					if (!empty($conf->global->MAIN_LAST_PING_KO_DATE) && substr($conf->global->MAIN_LAST_PING_KO_DATE, 0, 6) == dol_print_date(dol_now(), '%Y%m') && !$forceping) {

@@ -3754 +2627 @@
-						print "\n".'<!-- Includes JS for Ping of Dolibarr forceping='.$forceping.' MAIN_FIRST_PING_OK_DATE='.getDolGlobalString("MAIN_FIRST_PING_OK_DATE").' MAIN_FIRST_PING_OK_ID='.getDolGlobalString("MAIN_FIRST_PING_OK_ID").' MAIN_LAST_PING_KO_DATE='.getDolGlobalString("MAIN_LAST_PING_KO_DATE").' -->'."\n";

+						print "\n".'<!-- Includes JS for Ping of Dolibarr forceping='.$forceping.' MAIN_FIRST_PING_OK_DATE='.$conf->global->MAIN_FIRST_PING_OK_DATE.' MAIN_FIRST_PING_OK_ID='.$conf->global->MAIN_FIRST_PING_OK_ID.' MAIN_LAST_PING_KO_DATE='.$conf->global->MAIN_LAST_PING_KO_DATE.' -->'."\n";

@@ -3756 +2629 @@
-						$url_for_ping = (!getDolGlobalString('MAIN_URL_FOR_PING') ? "https://ping.dolibarr.org/" : $conf->global->MAIN_URL_FOR_PING);

+						$url_for_ping = (empty($conf->global->MAIN_URL_FOR_PING) ? "https://ping.dolibarr.org/" : $conf->global->MAIN_URL_FOR_PING);

@@ -3759,6 +2632,2 @@
-						if ($_SERVER["SERVER_ADMIN"] == 'doliwamp@localhost') {

-							$distrib = 'doliwamp';

-						}

-						if (!empty($dolibarr_distrib)) {

-							$distrib = $dolibarr_distrib;

-						}

+						if ($_SERVER["SERVER_ADMIN"] == 'doliwamp@localhost') $distrib = 'doliwamp';

+						if (!empty($dolibarr_distrib)) $distrib = $dolibarr_distrib;

@@ -3766,45 +2635,42 @@
-							<script>

-							jQuery(document).ready(function (tmp) {

-								console.log("Try Ping with hash_unique_id is dol_hash('dolibarr'+instance_unique_id, 'sha256')");

-								$.ajax({

-									  method: "POST",

-									  url: "<?php echo $url_for_ping ?>",

-									  timeout: 500,     // timeout milliseconds

-									  cache: false,

-									  data: {

-										  hash_algo: 'dol_hash-sha256',

-										  hash_unique_id: '<?php echo dol_escape_js($hash_unique_id); ?>',

-										  action: 'dolibarrping',

-										  version: '<?php echo (float) DOL_VERSION; ?>',

-										  entity: '<?php echo (int) $conf->entity; ?>',

-										  dbtype: '<?php echo dol_escape_js($db->type); ?>',

-										  country_code: '<?php echo $mysoc->country_code ? dol_escape_js($mysoc->country_code) : 'unknown'; ?>',

-										  php_version: '<?php echo dol_escape_js(phpversion()); ?>',

-										  os_version: '<?php echo dol_escape_js(version_os('smr')); ?>',

-										  db_version: '<?php echo dol_escape_js(version_db()); ?>',

-										  distrib: '<?php echo $distrib ? dol_escape_js($distrib) : 'unknown'; ?>',

-										  token: 'notrequired'

-									  },

-									  success: function (data, status, xhr) {   // success callback function (data contains body of response)

-											console.log("Ping ok");

-											$.ajax({

-												method: 'GET',

-												url: '<?php echo DOL_URL_ROOT.'/core/ajax/pingresult.php'; ?>',

-												timeout: 500,     // timeout milliseconds

-												cache: false,

-												data: { hash_algo: 'dol_hash-sha256', hash_unique_id: '<?php echo dol_escape_js($hash_unique_id); ?>', action: 'firstpingok', token: '<?php echo currentToken(); ?>' },	// for update

-											  });

-									  },

-									  error: function (data,status,xhr) {   // error callback function

-											console.log("Ping ko: " + data);

-											$.ajax({

-												  method: 'GET',

-												  url: '<?php echo DOL_URL_ROOT.'/core/ajax/pingresult.php'; ?>',

-												  timeout: 500,     // timeout milliseconds

-												  cache: false,

-												  data: { hash_algo: 'dol_hash-sha256', hash_unique_id: '<?php echo dol_escape_js($hash_unique_id); ?>', action: 'firstpingko', token: '<?php echo currentToken(); ?>' },

-												});

-									  }

-								});

-							});

-							</script>

+			    			<script>

+			    			jQuery(document).ready(function (tmp) {

+			    				$.ajax({

+			    					  method: "POST",

+			    					  url: "<?php echo $url_for_ping ?>",

+			    					  timeout: 500,     // timeout milliseconds

+			    					  cache: false,

+			    					  data: {

+				    					  hash_algo: "md5",

+				    					  hash_unique_id: "<?php echo dol_escape_js($hash_unique_id); ?>",

+				    					  action: "dolibarrping",

+				    					  version: "<?php echo (float) DOL_VERSION; ?>",

+				    					  entity: "<?php echo (int) $conf->entity; ?>",

+				    					  dbtype: "<?php echo dol_escape_js($db->type); ?>",

+				    					  country_code: "<?php echo dol_escape_js($mysoc->country_code); ?>",

+				    					  php_version: "<?php echo phpversion(); ?>",

+				    					  os_version: "<?php echo version_os('smr'); ?>",

+				    					  distrib: "<?php echo $distrib ? $distrib : 'unknown'; ?>"

+				    				  },

+			    					  success: function (data, status, xhr) {   // success callback function (data contains body of response)

+			      					    	console.log("Ping ok");

+			        	    				$.ajax({

+			      	    					  method: "GET",

+			      	    					  url: "<?php echo DOL_URL_ROOT.'/core/ajax/pingresult.php'; ?>",

+			      	    					  timeout: 500,     // timeout milliseconds

+			      	    					  cache: false,

+			      	        				  data: { hash_algo: "md5", hash_unique_id: "<?php echo dol_escape_js($hash_unique_id); ?>", action: "firstpingok" },	// to update

+			    					  		});

+			    					  },

+			    					  error: function (data,status,xhr) {   // error callback function

+			        					    console.log("Ping ko: " + data);

+			        	    				$.ajax({

+			        	    					  method: "GET",

+			        	    					  url: "<?php echo DOL_URL_ROOT.'/core/ajax/pingresult.php'; ?>",

+			        	    					  timeout: 500,     // timeout milliseconds

+			        	    					  cache: false,

+			        	        				  data: { hash_algo: "md5", hash_unique_id: "<?php echo dol_escape_js($hash_unique_id); ?>", action: "firstpingko" },

+			      					  		});

+			    					  }

+			    				});

+			    			});

+			    			</script>

@@ -3813 +2679,3 @@
-				} else {

+				}

+				else

+				{

@@ -3817,2 +2685,2 @@
-					dolibarr_set_const($db, 'MAIN_FIRST_PING_OK_DATE', dol_print_date($now, 'dayhourlog', 'gmt'), 'chaine', 0, '', $conf->entity);

-					dolibarr_set_const($db, 'MAIN_FIRST_PING_OK_ID', 'disabled', 'chaine', 0, '', $conf->entity);

+					dolibarr_set_const($db, 'MAIN_FIRST_PING_OK_DATE', dol_print_date($now, 'dayhourlog', 'gmt'));

+					dolibarr_set_const($db, 'MAIN_FIRST_PING_OK_ID', 'disabled');

@@ -3821,6 +2688,0 @@
-		}

-

-		$parameters = array();

-		$reshook = $hookmanager->executeHooks('beforeBodyClose', $parameters); // Note that $action and $object may have been modified by some hooks

-		if ($reshook > 0) {

-			print $hookmanager->resPrint;

@@ -3831,2 +2693,2 @@
-	}

-}

+    }

+}

--- /tmp/dsg/dolibarr/htdocs/github_19.0.3_master.inc.php
+++ /tmp/dsg/dolibarr/htdocs/client_master.inc.php
@@ -35,3 +35,8 @@
-// Include the conf.php and functions.lib.php and security.lib.php. This defined the constants like DOL_DOCUMENT_ROOT, DOL_DATA_ROOT, DOL_URL_ROOT...

-// This file may have been already required by main.inc.php. But may not by scripts. So, here the require_once must be kept.

-require_once 'filefunc.inc.php';

+require_once 'filefunc.inc.php'; // May have been already require by main.inc.php. But may not by scripts.

+

+

+

+/*

+ * Create $conf object

+ */

+

@@ -39,18 +43,0 @@
-require_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php';

-

-

-if (!function_exists('is_countable')) {

-	/**

-	 * function is_countable (to remove when php version supported will be >= 7.3)

-	 * @param mixed $c data to check if countable

-	 * @return bool

-	 */

-	function is_countable($c)

-	{

-		return is_array($c) || $c instanceof Countable;

-	}

-}

-

-/*

- * Create $conf object

- */

@@ -61,6 +48,6 @@
-$conf->db->host = empty($dolibarr_main_db_host) ? '' : $dolibarr_main_db_host;

-$conf->db->port = empty($dolibarr_main_db_port) ? '' : $dolibarr_main_db_port;

-$conf->db->name = empty($dolibarr_main_db_name) ? '' : $dolibarr_main_db_name;

-$conf->db->user = empty($dolibarr_main_db_user) ? '' : $dolibarr_main_db_user;

-$conf->db->pass = empty($dolibarr_main_db_pass) ? '' : $dolibarr_main_db_pass;

-$conf->db->type = $dolibarr_main_db_type;

+$conf->db->host							= $dolibarr_main_db_host;

+$conf->db->port							= $dolibarr_main_db_port;

+$conf->db->name							= $dolibarr_main_db_name;

+$conf->db->user							= $dolibarr_main_db_user;

+$conf->db->pass							= empty($dolibarr_main_db_pass)?'':$dolibarr_main_db_pass;

+$conf->db->type							= $dolibarr_main_db_type;

@@ -72,3 +59 @@
-if (defined('TEST_DB_FORCE_TYPE')) {

-	$conf->db->type = constant('TEST_DB_FORCE_TYPE'); // Force db type (for test purpose, by PHP unit for example)

-}

+if (defined('TEST_DB_FORCE_TYPE')) $conf->db->type = constant('TEST_DB_FORCE_TYPE'); // Force db type (for test purpose, by PHP unit for example)

@@ -78,4 +63,3 @@
-$conf->file->mailing_limit_sendbyweb = empty($dolibarr_mailing_limit_sendbyweb) ? 0 : $dolibarr_mailing_limit_sendbyweb;

-$conf->file->mailing_limit_sendbycli = empty($dolibarr_mailing_limit_sendbycli) ? 0 : $dolibarr_mailing_limit_sendbycli;

-$conf->file->mailing_limit_sendbyday = empty($dolibarr_mailing_limit_sendbyday) ? 0 : $dolibarr_mailing_limit_sendbyday;

-$conf->file->main_authentication = empty($dolibarr_main_authentication) ? 'dolibarr' : $dolibarr_main_authentication; // Identification mode

+$conf->file->mailing_limit_sendbyweb	= $dolibarr_mailing_limit_sendbyweb;

+$conf->file->mailing_limit_sendbycli	= $dolibarr_mailing_limit_sendbycli;

+$conf->file->main_authentication = empty($dolibarr_main_authentication) ? '' : $dolibarr_main_authentication; // Identification mode

@@ -83 +67 @@
-$conf->file->strict_mode = empty($dolibarr_strict_mode) ? '' : $dolibarr_strict_mode; // Force php strict mode (for debug)

+$conf->file->strict_mode 				= empty($dolibarr_strict_mode) ? '' : $dolibarr_strict_mode; // Force php strict mode (for debug)

@@ -85 +68,0 @@
-$conf->file->dol_main_url_root = $dolibarr_main_url_root;	// Define url inside the config file

@@ -87,2 +70,3 @@
-$conf->file->dol_url_root = array('main' => (string) DOL_URL_ROOT); // Define array of url root path ('' or '/dolibarr')

-if (!empty($dolibarr_main_document_root_alt)) {

+$conf->file->dol_url_root				= array('main' => (string) DOL_URL_ROOT); // Define array of url root path ('' or '/dolibarr')

+if (!empty($dolibarr_main_document_root_alt))

+{

@@ -92,3 +76 @@
-	foreach ($values as $value) {

-		$conf->file->dol_document_root['alt'.($i++)] = (string) $value;

-	}

+	foreach ($values as $value) $conf->file->dol_document_root['alt'.($i++)] = (string) $value;

@@ -97,2 +79,4 @@
-	foreach ($values as $value) {

-		if (preg_match('/^http(s)?:/', $value)) {

+	foreach ($values as $value)

+	{

+		if (preg_match('/^http(s)?:/', $value))

+		{

@@ -118,9 +102,3 @@
-if (!defined('NOREQUIREUSER')) {

-	require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; // Need 500ko memory

-}

-if (!defined('NOREQUIRETRAN')) {

-	require_once DOL_DOCUMENT_ROOT.'/core/class/translate.class.php';

-}

-if (!defined('NOREQUIRESOC')) {

-	require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';

-}

+if (!defined('NOREQUIREUSER')) require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; // Need 500ko memory

+if (!defined('NOREQUIRETRAN')) require_once DOL_DOCUMENT_ROOT.'/core/class/translate.class.php';

+if (!defined('NOREQUIRESOC'))  require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';

@@ -132 +110,2 @@
-if (!defined('NOREQUIRETRAN')) {

+if (!defined('NOREQUIRETRAN'))

+{

@@ -139,5 +118,6 @@
-$db = null;

-if (!defined('NOREQUIREDB')) {

-	$db = getDoliDBInstance($conf->db->type, $conf->db->host, $conf->db->user, $conf->db->pass, $conf->db->name, (int) $conf->db->port);

-

-	if ($db->error) {

+if (!defined('NOREQUIREDB'))

+{

+    $db = getDoliDBInstance($conf->db->type, $conf->db->host, $conf->db->user, $conf->db->pass, $conf->db->name, $conf->db->port);

+

+	if ($db->error)

+	{

@@ -145 +125,2 @@
-		if (!defined('USEDOLIBARREDITOR') && !defined('USEDOLIBARRSERVER') && !empty($_SERVER['SCRIPT_FILENAME']) && (strpos($_SERVER['SCRIPT_FILENAME'], DOL_DATA_ROOT.'/website') === 0)) {

+		if (!defined('USEDOLIBARREDITOR') && !defined('USEDOLIBARRSERVER') && !empty($_SERVER['SCRIPT_FILENAME']) && (strpos($_SERVER['SCRIPT_FILENAME'], DOL_DATA_ROOT.'/website') === 0))

+		{

@@ -147,3 +128 @@
-			if (substr($sapi_type, 0, 3) != 'cgi') {

-				http_response_code(503); // To tel search engine this is a temporary error

-			}

+			if (substr($sapi_type, 0, 3) != 'cgi') http_response_code(503); // To tel search engine this is a temporary error

@@ -151 +130,2 @@
-			if (is_object($langs)) {

+			if (is_object($langs))

+			{

@@ -155 +135,3 @@
-			} else {

+			}

+			else

+			{

@@ -167 +149 @@
-//unset($dolibarr_main_db_pass); 	// We comment this because this constant is used in some other pages

+//unset($dolibarr_main_db_pass); 	// We comment this because this constant is used in a lot of pages

@@ -169 +150,0 @@
-

@@ -179,6 +159,0 @@
- * Create the global $hookmanager object

- */

-$hookmanager = new HookManager($db);

-

-

-/*

@@ -185,0 +161 @@
+ * After this, all parameters conf->global->CONSTANTS are loaded

@@ -189,2 +165,2 @@
-if (session_id() && !empty($_SESSION["dol_entity"])) {

-	// Entity inside an opened session

+if (session_id() && !empty($_SESSION["dol_entity"]))			// Entity inside an opened session

+{

@@ -192,2 +168,3 @@
-} elseif (!empty($_ENV["dol_entity"])) {

-	// Entity inside a CLI script

+}

+elseif (!empty($_ENV["dol_entity"]))							// Entity inside a CLI script

+{

@@ -195,7 +172,10 @@
-} elseif (GETPOSTISSET("loginfunction") && (GETPOST("entity", 'int') || GETPOST("switchentity", 'int'))) {

-	// Just after a login page

-	$conf->entity = (GETPOSTISSET("entity") ? GETPOST("entity", 'int') : GETPOST("switchentity", 'int'));

-} elseif (defined('DOLENTITY') && is_numeric(constant('DOLENTITY'))) {

-	// For public page with MultiCompany module

-	$conf->entity = constant('DOLENTITY');

-}

+}

+elseif (GETPOSTISSET("loginfunction") && GETPOST("entity", 'int'))	// Just after a login page

+{

+	$conf->entity = GETPOST("entity", 'int');

+}

+elseif (defined('DOLENTITY') && is_numeric(DOLENTITY))			// For public page with MultiCompany module

+{

+	$conf->entity = DOLENTITY;

+}

+

@@ -203,6 +183,55 @@
-if (!is_numeric($conf->entity)) {

-	$conf->entity = 1;

-}

-// Here we read database (llx_const table) and define $conf->global->XXX var.

-//print "We work with data into entity instance number '".$conf->entity."'";

-$conf->setValues($db);

+if (!is_numeric($conf->entity)) $conf->entity = 1;

+

+if (!defined('NOREQUIREDB'))

+{

+	//print "Will work with data into entity instance number '".$conf->entity."'";

+

+	// Here we read database (llx_const table) and define $conf->global->XXX var.

+	$conf->setValues($db);

+}

+

+// Overwrite database value

+if (!empty($conf->file->mailing_limit_sendbyweb))

+{

+	$conf->global->MAILING_LIMIT_SENDBYWEB = $conf->file->mailing_limit_sendbyweb;

+}

+if (empty($conf->global->MAILING_LIMIT_SENDBYWEB))

+{

+    $conf->global->MAILING_LIMIT_SENDBYWEB = 25;

+}

+if (!empty($conf->file->mailing_limit_sendbycli))

+{

+    $conf->global->MAILING_LIMIT_SENDBYCLI = $conf->file->mailing_limit_sendbycli;

+}

+if (empty($conf->global->MAILING_LIMIT_SENDBYCLI))

+{

+    $conf->global->MAILING_LIMIT_SENDBYCLI = 0;

+}

+

+// If software has been locked. Only login $conf->global->MAIN_ONLY_LOGIN_ALLOWED is allowed.

+if (!empty($conf->global->MAIN_ONLY_LOGIN_ALLOWED))

+{

+	$ok = 0;

+	if ((!session_id() || !isset($_SESSION["dol_login"])) && !isset($_POST["username"]) && !empty($_SERVER["GATEWAY_INTERFACE"])) $ok = 1; // We let working pages if not logged and inside a web browser (login form, to allow login by admin)

+	elseif (isset($_POST["username"]) && $_POST["username"] == $conf->global->MAIN_ONLY_LOGIN_ALLOWED) $ok = 1; // We let working pages that is a login submission (login submit, to allow login by admin)

+	elseif (defined('NOREQUIREDB'))   $ok = 1; // We let working pages that don't need database access (xxx.css.php)

+	elseif (defined('EVEN_IF_ONLY_LOGIN_ALLOWED')) $ok = 1; // We let working pages that ask to work even if only login enabled (logout.php)

+	elseif (session_id() && isset($_SESSION["dol_login"]) && $_SESSION["dol_login"] == $conf->global->MAIN_ONLY_LOGIN_ALLOWED) $ok = 1; // We let working if user is allowed admin

+	if (!$ok)

+	{

+		if (session_id() && isset($_SESSION["dol_login"]) && $_SESSION["dol_login"] != $conf->global->MAIN_ONLY_LOGIN_ALLOWED)

+		{

+			print 'Sorry, your application is offline.'."\n";

+			print 'You are logged with user "'.$_SESSION["dol_login"].'" and only administrator user "'.$conf->global->MAIN_ONLY_LOGIN_ALLOWED.'" is allowed to connect for the moment.'."\n";

+			$nexturl = DOL_URL_ROOT.'/user/logout.php';

+			print 'Please try later or <a href="'.$nexturl.'">click here to disconnect and change login user</a>...'."\n";

+		}

+		else

+		{

+			print 'Sorry, your application is offline. Only administrator user "'.$conf->global->MAIN_ONLY_LOGIN_ALLOWED.'" is allowed to connect for the moment.'."\n";

+			$nexturl = DOL_URL_ROOT.'/';

+			print 'Please try later or <a href="'.$nexturl.'">click here to change login user</a>...'."\n";

+		}

+		exit;

+	}

+}

@@ -211 +240,2 @@
-if (!defined('NOREQUIREDB') && !defined('NOREQUIRESOC')) {

+if (!defined('NOREQUIREDB') && !defined('NOREQUIRESOC'))

+{

@@ -217,38 +247,2 @@
-	// We set some specific default values according to country

-

-	if ($mysoc->country_code == 'DE' && !isset($conf->global->MAIN_INVERT_SENDER_RECIPIENT)) {

-		// For DE, we need to invert our address with customer address

-		$conf->global->MAIN_INVERT_SENDER_RECIPIENT = 1;

-	}

-	if ($mysoc->country_code == 'FR' && !isset($conf->global->INVOICE_CATEGORY_OF_OPERATION)) {

-		// For FR, default value of option to show category of operations is on by default. Decret n°2099-1299 2022-10-07

-		$conf->global->INVOICE_CATEGORY_OF_OPERATION = 1;

-	}

-	if ($mysoc->country_code == 'FR' && !isset($conf->global->INVOICE_DISABLE_REPLACEMENT)) {

-		// For FR, the replacement invoice type is not allowed.

-		// From an accounting point of view, this creates holes in the numbering of the invoice.

-		// This is very problematic during a fiscal control.

-		$conf->global->INVOICE_DISABLE_REPLACEMENT = 1;

-	}

-	if ($mysoc->country_code == 'GR' && !isset($conf->global->INVOICE_DISABLE_REPLACEMENT)) {

-		// The replacement invoice type is not allowed in Greece.

-		$conf->global->INVOICE_DISABLE_REPLACEMENT = 1;

-	}

-	if ($mysoc->country_code == 'GR' && !isset($conf->global->INVOICE_DISABLE_DEPOSIT)) {

-		// The deposit invoice type is not allowed in Greece.

-		$conf->global->INVOICE_DISABLE_DEPOSIT = 1;

-	}

-	if ($mysoc->country_code == 'GR' && !isset($conf->global->INVOICE_CREDIT_NOTE_STANDALONE)) {

-		// Standalone credit note is compulsory in Greece.

-		$conf->global->INVOICE_CREDIT_NOTE_STANDALONE = 1;

-	}

-	if ($mysoc->country_code == 'GR' && !isset($conf->global->INVOICE_SUBTYPE_ENABLED)) {

-		// Invoice subtype is a requirement for Greece.

-		$conf->global->INVOICE_SUBTYPE_ENABLED = 1;

-	}

-

-	if (($mysoc->localtax1_assuj || $mysoc->localtax2_assuj) && !isset($conf->global->MAIN_NO_INPUT_PRICE_WITH_TAX)) {

-		// For countries using the 2nd or 3rd tax, we disable input/edit of lines using the price including tax (because 2nb and 3rd tax not yet taken into account).

-		// Work In Progress to support all taxes into unit price entry when MAIN_UNIT_PRICE_WITH_TAX_IS_FOR_ALL_TAXES is set.

-		$conf->global->MAIN_NO_INPUT_PRICE_WITH_TAX = 1;

-	}

+	// For some countries, we need to invert our address with customer address

+	if ($mysoc->country_code == 'DE' && !isset($conf->global->MAIN_INVERT_SENDER_RECIPIENT)) $conf->global->MAIN_INVERT_SENDER_RECIPIENT = 1;

@@ -259,13 +253,15 @@
-if (!defined('NOREQUIRETRAN')) {

-	$langcode = (GETPOST('lang', 'aZ09') ? GETPOST('lang', 'aZ09', 1) : getDolGlobalString('MAIN_LANG_DEFAULT', 'auto'));

-	if (defined('MAIN_LANG_DEFAULT')) {	// So a page can force the language whatever is setup and parameters in URL

-		$langcode = constant('MAIN_LANG_DEFAULT');

-	}

-	$langs->setDefaultLang($langcode);

-}

-

-

-

-if (!defined('MAIN_LABEL_MENTION_NPR')) {

-	define('MAIN_LABEL_MENTION_NPR', 'NPR');

-}

+if (!defined('NOREQUIRETRAN'))

+{

+    $langcode = (GETPOST('lang', 'aZ09') ?GETPOST('lang', 'aZ09', 1) : (empty($conf->global->MAIN_LANG_DEFAULT) ? 'auto' : $conf->global->MAIN_LANG_DEFAULT));

+    if (defined('MAIN_LANG_DEFAULT')) $langcode = constant('MAIN_LANG_DEFAULT');

+    $langs->setDefaultLang($langcode);

+}

+

+

+// Create the global $hookmanager object

+include_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php';

+$hookmanager = new HookManager($db);

+

+

+if (!defined('MAIN_LABEL_MENTION_NPR')) define('MAIN_LABEL_MENTION_NPR', 'NPR');

+//if (! defined('PCLZIP_TEMPORARY_DIR')) define('PCLZIP_TEMPORARY_DIR', $conf->user->dir_temp);

--- /tmp/dsg/dolibarr/htdocs/github_19.0.3_viewimage.php
+++ /tmp/dsg/dolibarr/htdocs/client_viewimage.php
@@ -29,2 +28,0 @@
-define('MAIN_SECURITY_FORCECSP', "default-src: 'none'");

-

@@ -33,21 +31,7 @@
-if (!defined('NOREQUIRESOC')) {

-	define('NOREQUIRESOC', '1');

-}

-if (!defined('NOREQUIRETRAN')) {

-	define('NOREQUIRETRAN', '1');

-}

-if (!defined('NOCSRFCHECK')) {

-	define('NOCSRFCHECK', '1');

-}

-if (!defined('NOTOKENRENEWAL')) {

-	define('NOTOKENRENEWAL', '1');

-}

-if (!defined('NOREQUIREMENU')) {

-	define('NOREQUIREMENU', '1');

-}

-if (!defined('NOREQUIREHTML')) {

-	define('NOREQUIREHTML', '1');

-}

-if (!defined('NOREQUIREAJAX')) {

-	define('NOREQUIREAJAX', '1');

-}

+if (!defined('NOREQUIRESOC'))		define('NOREQUIRESOC', '1');

+if (!defined('NOREQUIRETRAN'))		define('NOREQUIRETRAN', '1');

+if (!defined('NOCSRFCHECK'))		define('NOCSRFCHECK', '1');

+if (!defined('NOTOKENRENEWAL'))	define('NOTOKENRENEWAL', '1');

+if (!defined('NOREQUIREMENU'))		define('NOREQUIREMENU', '1');

+if (!defined('NOREQUIREHTML'))		define('NOREQUIREHTML', '1');

+if (!defined('NOREQUIREAJAX'))		define('NOREQUIREAJAX', '1');

@@ -57,24 +41,5 @@
-$needlogin = 1;

-if (isset($_GET["modulepart"])) {

-	// Some value of modulepart can be used to get resources that are public so no login are required.

-

-	// For logo of company

-	if ($_GET["modulepart"] == 'mycompany' && preg_match('/^\/?logos\//', $_GET['file'])) {

-		$needlogin = 0;

-	}

-	// For barcode live generation

-	if ($_GET["modulepart"] == 'barcode') {

-		$needlogin = 0;

-	}

-	// Medias files

-	if ($_GET["modulepart"] == 'medias') {

-		$needlogin = 0;

-	}

-	// User photo when user has made its profile public (for virtual credi card)

-	if ($_GET["modulepart"] == 'userphotopublic') {

-		$needlogin = 0;

-	}

-	// Used by TakePOS Auto Order

-	if ($_GET["modulepart"] == 'product' && isset($_GET["publictakepos"])) {

-		$needlogin = 0;

-	}

+if (isset($_GET["modulepart"]) && $_GET["modulepart"] == 'mycompany' && preg_match('/^\/?logos\//', $_GET['file']))

+{

+	if (!defined("NOLOGIN"))		define("NOLOGIN", 1);

+	if (!defined("NOCSRFCHECK"))	define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.

+	if (!defined("NOIPCHECK"))		define("NOIPCHECK", 1); // Do not check IP defined into conf $dolibarr_main_restrict_ip

@@ -83,14 +48,12 @@
-if (isset($_GET["hashp"])) {

-	$needlogin = 0;

-}

-// If nologin required

-if (!$needlogin) {

-	if (!defined("NOLOGIN")) {

-		define("NOLOGIN", 1);

-	}

-	if (!defined("NOCSRFCHECK")) {

-		define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.

-	}

-	if (!defined("NOIPCHECK")) {

-		define("NOIPCHECK", 1); // Do not check IP defined into conf $dolibarr_main_restrict_ip

-	}

+if (isset($_GET["hashp"]) && !defined("NOLOGIN"))

+{

+	if (!defined("NOLOGIN"))		define("NOLOGIN", 1);

+	if (!defined("NOCSRFCHECK"))	define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.

+	if (!defined("NOIPCHECK"))		define("NOIPCHECK", 1); // Do not check IP defined into conf $dolibarr_main_restrict_ip

+}

+// Some value of modulepart can be used to get resources that are public so no login are required.

+if ((isset($_GET["modulepart"]) && $_GET["modulepart"] == 'medias'))

+{

+	if (!defined("NOLOGIN"))		define("NOLOGIN", 1);

+	if (!defined("NOCSRFCHECK"))	define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.

+	if (!defined("NOIPCHECK"))		define("NOIPCHECK", 1); // Do not check IP defined into conf $dolibarr_main_restrict_ip

@@ -101,3 +64 @@
-if (is_numeric($entity)) {

-	define("DOLENTITY", $entity);

-}

+if (is_numeric($entity)) define("DOLENTITY", $entity);

@@ -127,4 +88,4 @@
-$action = GETPOST('action', 'aZ09');

-$original_file = GETPOST('file', 'alphanohtml'); 	// Do not use urldecode here ($_GET are already decoded by PHP).

-$hashp = GETPOST('hashp', 'aZ09', 1);				// Must be read only by GET

-$modulepart = GETPOST('modulepart', 'alpha', 1);	// Must be read only by GET

+$action = GETPOST('action', 'alpha');

+$original_file = GETPOST('file', 'alphanohtml'); // Do not use urldecode here ($_GET are already decoded by PHP).

+$hashp = GETPOST('hashp', 'aZ09');

+$modulepart = GETPOST('modulepart', 'alpha');

@@ -132 +93 @@
-$entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : $conf->entity);

+$entity = GETPOST('entity', 'int') ?GETPOST('entity', 'int') : $conf->entity;

@@ -135,9 +96,4 @@
-if (empty($modulepart) && empty($hashp)) {

-	httponly_accessforbidden('Bad link. Bad value for parameter modulepart', 400);

-}

-if (empty($original_file) && empty($hashp) && $modulepart != 'barcode') {

-	httponly_accessforbidden('Bad link. Missing identification to find file (param file or hashp)', 400);

-}

-if ($modulepart == 'fckeditor') {

-	$modulepart = 'medias'; // For backward compatibility

-}

+if (empty($modulepart) && empty($hashp)) accessforbidden('Bad link. Bad value for parameter modulepart', 0, 0, 1);

+if (empty($original_file) && empty($hashp) && $modulepart != 'barcode') accessforbidden('Bad link. Missing identification to find file (param file or hashp)', 0, 0, 1);

+if ($modulepart == 'fckeditor') $modulepart = 'medias'; // For backward compatibility

+

@@ -158,12 +114,11 @@
-if (GETPOST("cache", 'alpha')) {

-	// Important: Following code is to avoid page request by browser and PHP CPU at each Dolibarr page access.

-	// Add param cache=abcdef

-	if (empty($dolibarr_nocache)) {

-		header('Cache-Control: max-age=3600, public, must-revalidate');

-		header('Pragma: cache'); // This is to avoid to have Pragma: no-cache set by proxy or web server

-		header('Expires: '.gmdate('D, d M Y H:i:s', time() + 3600).' GMT');	// This is to avoid to have Expires set by proxy or web server

-		//header('Expires: '.strtotime('+1 hour');

-	} else {

-		header('Cache-Control: no-cache');

-	}

-	//print $dolibarr_nocache; exit;

+if (GETPOST("cache", 'alpha'))

+{

+    // Important: Following code is to avoid page request by browser and PHP CPU at

+    // each Dolibarr page access.

+    if (empty($dolibarr_nocache))

+    {

+        header('Cache-Control: max-age=3600, public, must-revalidate');

+        header('Pragma: cache'); // This is to avoid having Pragma: no-cache

+    }

+    else header('Cache-Control: no-cache');

+    //print $dolibarr_nocache; exit;

@@ -173 +128,2 @@
-if (!empty($hashp)) {

+if (!empty($hashp))

+{

@@ -177 +133,2 @@
-	if ($result > 0) {

+	if ($result > 0)

+	{

@@ -180 +137,2 @@
-		if (is_numeric($tmp[0])) { // If first tmp is numeric, it is subdir of company for multicompany, we take next part.

+		if (is_numeric($tmp[0])) // If first tmp is numeric, it is subdir of company for multicompany, we take next part.

+		{

@@ -185,2 +143,4 @@
-		if ($modulepart) {	// Not required, so often not defined, for link using public hashp parameter.

-			if ($moduleparttocheck == $modulepart) {

+		if ($modulepart)	// Not required, so often not defined, for link using public hashp parameter.

+		{

+			if ($moduleparttocheck == $modulepart)

+			{

@@ -190,2 +149,0 @@
-			} else {

-				httponly_accessforbidden('Bad link. File is from another module part.', 403);

@@ -193 +151,7 @@
-		} else {

+			else

+			{

+				accessforbidden('Bad link. File is from another module part.', 0, 0, 1);

+			}

+		}

+		else

+		{

@@ -197 +161,3 @@
-	} else {

+	}

+	else

+	{

@@ -199 +165 @@
-		httponly_accessforbidden($langs->trans("ErrorFileNotFoundWithSharedLink"), 403, 1);

+		accessforbidden($langs->trans("ErrorFileNotFoundWithSharedLink"), 0, 0, 1);

@@ -205,5 +171,2 @@
-if (GETPOST('type', 'alpha')) {

-	$type = GETPOST('type', 'alpha');

-} else {

-	$type = dol_mimetype($original_file);

-}

+if (GETPOST('type', 'alpha')) $type = GETPOST('type', 'alpha');

+else $type = dol_mimetype($original_file);

@@ -212,3 +175 @@
-if (preg_match('/html/i', $type)) {

-	httponly_accessforbidden('Error: Using the image wrapper to output a file with a mime type HTML is not possible.');

-}

+if (preg_match('/html/i', $type)) accessforbidden('Error: Using the image wrapper to output a file with a mime type HTML is not possible.', 0, 0, 1);

@@ -216,8 +177,4 @@
-if (preg_match('/\.noexe$/i', $original_file)) {

-	httponly_accessforbidden('Error: Using the image wrapper to output a file ending with .noexe is not allowed.');

-}

-

-// Security: Delete string ../ or ..\ into $original_file

-$original_file = preg_replace('/\.\.+/', '..', $original_file);	// Replace '... or more' with '..'

-$original_file = str_replace('../', '/', $original_file);

-$original_file = str_replace('..\\', '/', $original_file);

+if (preg_match('/\.noexe$/i', $original_file)) accessforbidden('Error: Using the image wrapper to output a file ending with .noexe is not allowed.', 0, 0, 1);

+

+// Security: Delete string ../ into $original_file

+$original_file = str_replace("../", "/", $original_file);

@@ -227,9 +183,0 @@
-if ($refname == 'thumbs') {

-	// If we get the thumbs directory, we must go one step higher. For example original_file='10/thumbs/myfile_small.jpg' -> refname='10'

-	$refname = basename(dirname(dirname($original_file))."/");

-}

-

-// Check that file is allowed for view with viewimage.php

-if (!empty($original_file) && !dolIsAllowedForPreview($original_file)) {

-	httponly_accessforbidden('This file is not qualified for preview', 403);

-}

@@ -238,12 +186,3 @@
-if (empty($modulepart)) {

-	httponly_accessforbidden('Bad value for parameter modulepart', 400);

-}

-

-// When logged in a different entity, medias cannot be accessed because $conf->$module->multidir_output

-// is not set on the requested entity, but they are public documents, so reset entity

-if ($modulepart === 'medias' && $entity != $conf->entity) {

-	$conf->entity = $entity;

-	$conf->setValues($db);

-}

-

-$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $user, $refname);

+if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart', 0, 0, 1);

+

+$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $refname);

@@ -254 +193,2 @@
-if (!empty($hashp)) {

+if (!empty($hashp))

+{

@@ -257,5 +197,3 @@
-} elseif (GETPOSTINT("publictakepos")) {

-	if (getDolGlobalString('TAKEPOS_AUTO_ORDER') && in_array($modulepart, array('product', 'category'))) {

-		$accessallowed = 1; // When TakePOS Public Auto Order is enabled, we accept to see all images of product and categories

-	}

-} else {

+}

+else

+{

@@ -263,2 +201,4 @@
-	if ($user->socid > 0) {

-		if ($sqlprotectagainstexternals) {

+	if ($user->socid > 0)

+	{

+		if ($sqlprotectagainstexternals)

+		{

@@ -266 +206,2 @@
-			if ($resql) {

+			if ($resql)

+			{

@@ -269 +210,2 @@
-				while ($i < $num) {

+				while ($i < $num)

+				{

@@ -271 +213,2 @@
-					if ($user->socid != $obj->fk_soc) {

+					if ($user->socid != $obj->fk_soc)

+					{

@@ -284 +227,2 @@
-if (!$accessallowed) {

+if (!$accessallowed)

+{

@@ -290 +234,2 @@
-if (preg_match('/\.\./', $fullpath_original_file) || preg_match('/[<>|]/', $fullpath_original_file)) {

+if (preg_match('/\.\./', $fullpath_original_file) || preg_match('/[<>|]/', $fullpath_original_file))

+{

@@ -292 +237 @@
-	print "ErrorFileNameInvalid: ".dol_escape_htmltag($original_file);

+	print "ErrorFileNameInvalid: ".$original_file;

@@ -298,75 +243,74 @@
-if ($modulepart == 'barcode') {

-	$generator = GETPOST("generator", "aZ09");

-	$encoding = GETPOST("encoding", "aZ09");

-	$readable = GETPOST("readable", 'aZ09') ? GETPOST("readable", "aZ09") : "Y";

-	if (in_array($encoding, array('EAN8', 'EAN13'))) {

-		$code = GETPOST("code", 'alphanohtml');

-	} else {

-		$code = GETPOST("code", 'restricthtml'); // This can be rich content (qrcode, datamatrix, ...)

-	}

-

-	if (empty($generator) || empty($encoding)) {

-		print 'Error: Parameter "generator" or "encoding" not defined';

-		exit;

-	}

-

-	$dirbarcode = array_merge(array("/core/modules/barcode/doc/"), $conf->modules_parts['barcode']);

-

-	$result = 0;

-

-	foreach ($dirbarcode as $reldir) {

-		$dir = dol_buildpath($reldir, 0);

-		$newdir = dol_osencode($dir);

-

-		// Check if directory exists (we do not use dol_is_dir to avoid loading files.lib.php)

-		if (!is_dir($newdir)) {

-			continue;

-		}

-

-		$result = @include_once $newdir.$generator.'.modules.php';

-		if ($result) {

-			break;

-		}

-	}

-

-	// Load barcode class

-	$classname = "mod".ucfirst($generator);

-	$module = new $classname($db);

-	if ($module->encodingIsSupported($encoding)) {

-		$result = $module->buildBarCode($code, $encoding, $readable);

-	}

-} else {

-	// Open and return file

-	clearstatcache();

-

-	$filename = basename($fullpath_original_file);

-

-	// Output files on browser

-	dol_syslog("viewimage.php return file $fullpath_original_file filename=$filename content-type=$type");

-

-	// This test is to avoid error images when image is not available (for example thumbs).

-	if (!dol_is_file($fullpath_original_file) && empty($_GET["noalt"])) {

-		$fullpath_original_file = DOL_DOCUMENT_ROOT.'/public/theme/common/nophoto.png';

-		/*$error='Error: File '.$_GET["file"].' does not exists or filesystems permissions are not allowed';

-		print $error;

-		exit;*/

-	}

-

-	// Permissions are ok and file found, so we return it

-	if ($type) {

-		top_httphead($type);

-		header('Content-Disposition: inline; filename="'.basename($fullpath_original_file).'"');

-	} else {

-		top_httphead('image/png');

-		header('Content-Disposition: inline; filename="'.basename($fullpath_original_file).'"');

-	}

-

-	$fullpath_original_file_osencoded = dol_osencode($fullpath_original_file);

-

-	readfile($fullpath_original_file_osencoded);

-}

-

-

-if (is_object($db)) {

-	$db->close();

-}

+if ($modulepart == 'barcode')

+{

+    $generator = GETPOST("generator", "alpha");

+    $code = GETPOST("code", 'none'); // This can be rich content (qrcode, datamatrix, ...)

+    $encoding = GETPOST("encoding", "alpha");

+    $readable = GETPOST("readable", 'alpha') ?GETPOST("readable", "alpha") : "Y";

+

+    if (empty($generator) || empty($encoding))

+    {

+        print 'Error: Parameter "generator" or "encoding" not defined';

+        exit;

+    }

+

+    $dirbarcode = array_merge(array("/core/modules/barcode/doc/"), $conf->modules_parts['barcode']);

+

+    $result = 0;

+

+    foreach ($dirbarcode as $reldir)

+    {

+        $dir = dol_buildpath($reldir, 0);

+        $newdir = dol_osencode($dir);

+

+        // Check if directory exists (we do not use dol_is_dir to avoid loading files.lib.php)

+        if (!is_dir($newdir)) continue;

+

+        $result = @include_once $newdir.$generator.'.modules.php';

+        if ($result) break;

+    }

+

+    // Load barcode class

+    $classname = "mod".ucfirst($generator);

+    $module = new $classname($db);

+    if ($module->encodingIsSupported($encoding))

+    {

+        $result = $module->buildBarCode($code, $encoding, $readable);

+    }

+}

+else					// Open and return file

+{

+    clearstatcache();

+

+    $filename = basename($fullpath_original_file);

+

+    // Output files on browser

+    dol_syslog("viewimage.php return file $fullpath_original_file filename=$filename content-type=$type");

+

+    // This test is to avoid error images when image is not available (for example thumbs).

+    if (!dol_is_file($fullpath_original_file) && empty($_GET["noalt"]))

+    {

+        $fullpath_original_file = DOL_DOCUMENT_ROOT.'/public/theme/common/nophoto.png';

+        /*$error='Error: File '.$_GET["file"].' does not exists or filesystems permissions are not allowed';

+        print $error;

+        exit;*/

+    }

+

+    // Permissions are ok and file found, so we return it

+    if ($type)

+    {

+        top_httphead($type);

+        header('Content-Disposition: inline; filename="'.basename($fullpath_original_file).'"');

+    }

+    else

+    {

+        top_httphead('image/png');

+        header('Content-Disposition: inline; filename="'.basename($fullpath_original_file).'"');

+    }

+

+    $fullpath_original_file_osencoded = dol_osencode($fullpath_original_file);

+

+    readfile($fullpath_original_file_osencoded);

+}

+

+

+if (is_object($db)) $db->close();