Dolibarr / dolibarr

htdocs/public/stripe/ipn.php

Spacing +20 added lines, -20 removed lines

@@ -182,12 +182,12 @@ 
 		if (!empty($user->email)) {
 			$sendto = dolGetFirstLastname($user->firstname, $user->lastname)." <".$user->email.">";
 		} else {
-			$sendto = getDolGlobalString('MAIN_INFO_SOCIETE_MAIL') . '" <' . getDolGlobalString('MAIN_INFO_SOCIETE_MAIL').'>';
+			$sendto = getDolGlobalString('MAIN_INFO_SOCIETE_MAIL').'" <'.getDolGlobalString('MAIN_INFO_SOCIETE_MAIL').'>';
 		}
 		$replyto = $sendto;
 		$sendtocc = '';
 		if (getDolGlobalString('ONLINE_PAYMENT_SENDEMAIL')) {
-			$sendtocc = getDolGlobalString('ONLINE_PAYMENT_SENDEMAIL') . '" <' . getDolGlobalString('ONLINE_PAYMENT_SENDEMAIL').'>';
+			$sendtocc = getDolGlobalString('ONLINE_PAYMENT_SENDEMAIL').'" <'.getDolGlobalString('ONLINE_PAYMENT_SENDEMAIL').'>';
 		}
 
 		$message = "A bank transfer of ".price2num($event->data->object->amount / 100)." ".$event->data->object->currency." should arrive in your account the ".dol_print_date($event->data->object->arrival_date, 'dayhour');
@@ -272,12 +272,12 @@ 
 		if (!empty($user->email)) {
 			$sendto = dolGetFirstLastname($user->firstname, $user->lastname)." <".$user->email.">";
 		} else {
-			$sendto = getDolGlobalString('MAIN_INFO_SOCIETE_MAIL') . '" <' . getDolGlobalString('MAIN_INFO_SOCIETE_MAIL').'>';
+			$sendto = getDolGlobalString('MAIN_INFO_SOCIETE_MAIL').'" <'.getDolGlobalString('MAIN_INFO_SOCIETE_MAIL').'>';
 		}
 		$replyto = $sendto;
 		$sendtocc = '';
 		if (getDolGlobalString('ONLINE_PAYMENT_SENDEMAIL')) {
-			$sendtocc = getDolGlobalString('ONLINE_PAYMENT_SENDEMAIL') . '" <' . getDolGlobalString('ONLINE_PAYMENT_SENDEMAIL').'>';
+			$sendtocc = getDolGlobalString('ONLINE_PAYMENT_SENDEMAIL').'" <'.getDolGlobalString('ONLINE_PAYMENT_SENDEMAIL').'>';
 		}
 
 		$message = "A bank transfer of ".price2num($event->data->object->amount / 100)." ".$event->data->object->currency." has been done to your account the ".dol_print_date($event->data->object->arrival_date, 'dayhour');
@@ -317,19 +317,19 @@ 
 	$db->commit();
 } elseif ($event->type == 'payment_intent.succeeded') {		// Called when making payment with PaymentIntent method ($conf->global->STRIPE_USE_NEW_CHECKOUT is on).
 	//dol_syslog("object = ".var_export($event->data, true));
-	include_once DOL_DOCUMENT_ROOT . '/compta/paiement/class/paiement.class.php';
+	include_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php';
 	global $stripearrayofkeysbyenv;
 	$error = 0;
 	$object = $event->data->object;
-	$TRANSACTIONID = $object->id;	// Example pi_123456789...
+	$TRANSACTIONID = $object->id; // Example pi_123456789...
 	$ipaddress = $object->metadata->ipaddress;
 	$now = dol_now();
 	$currencyCodeType = strtoupper($object->currency);
 	$paymentmethodstripeid = $object->payment_method;
 	$customer_id = $object->customer;
 	$invoice_id = "";
-	$paymentTypeId = "";			// payment type according to Stripe
-	$paymentTypeIdInDolibarr = "";	// payment type according to Dolibarr
+	$paymentTypeId = ""; // payment type according to Stripe
+	$paymentTypeIdInDolibarr = ""; // payment type according to Dolibarr
 	$payment_amount = 0;
 	$payment_amountInDolibarr = 0;
 
@@ -394,7 +394,7 @@ 
 		$s = new \Stripe\StripeClient($stripeacc);
 
 		$paymentmethodstripe = $s->paymentMethods->retrieve($paymentmethodstripeid);
-		$paymentTypeId =  $paymentmethodstripe->type;
+		$paymentTypeId = $paymentmethodstripe->type;
 		if ($paymentTypeId == "ban" || $paymentTypeId == "sepa_debit") {
 			$paymentTypeId = "PRE";
 		} elseif ($paymentTypeId == "card") {
@@ -418,9 +418,9 @@ 
 			$paiement->datepaye = $now;
 			$paiement->date = $now;
 			if ($currencyCodeType == $conf->currency) {
-				$paiement->amounts = [$invoice_id => $payment_amount];   // Array with all payments dispatching with invoice id
+				$paiement->amounts = [$invoice_id => $payment_amount]; // Array with all payments dispatching with invoice id
 			} else {
-				$paiement->multicurrency_amounts = [$invoice_id => $payment_amount];   // Array with all payments dispatching
+				$paiement->multicurrency_amounts = [$invoice_id => $payment_amount]; // Array with all payments dispatching
 
 				$postactionmessages[] = 'Payment was done in a different currency than currency expected of company';
 				$ispostactionok = -1;
@@ -430,8 +430,8 @@ 
 			$paiement->paiementid = $paymentTypeId;
 			$paiement->num_payment = '';
 			$paiement->note_public = '';
-			$paiement->note_private = 'StripeSepa payment ' . dol_print_date($now, 'standard') . ' using ' . $servicestatus . ($ipaddress ? ' from ip ' . $ipaddress : '') . ' - Transaction ID = ' . $TRANSACTIONID;
-			$paiement->ext_payment_id = $TRANSACTIONID.':'.$customer_id.'@'.$stripearrayofkeysbyenv[$servicestatus]['publishable_key'];		// May be we should store py_... instead of pi_... but we started with pi_... so we continue.
+			$paiement->note_private = 'StripeSepa payment '.dol_print_date($now, 'standard').' using '.$servicestatus.($ipaddress ? ' from ip '.$ipaddress : '').' - Transaction ID = '.$TRANSACTIONID;
+			$paiement->ext_payment_id = $TRANSACTIONID.':'.$customer_id.'@'.$stripearrayofkeysbyenv[$servicestatus]['publishable_key']; // May be we should store py_... instead of pi_... but we started with pi_... so we continue.
 			$paiement->ext_payment_site = $service;
 
 			$ispaymentdone = 0;
@@ -449,20 +449,20 @@ 
 			$db->begin();
 
 			if (!$error && !$ispaymentdone) {
-				dol_syslog('* Record payment for invoice id ' . $invoice_id . '. It includes closing of invoice and regenerating document');
+				dol_syslog('* Record payment for invoice id '.$invoice_id.'. It includes closing of invoice and regenerating document');
 
 				// This include closing invoices to 'paid' (and trigger including unsuspending) and regenerating document
 				$paiement_id = $paiement->create($user, 1);
 				if ($paiement_id < 0) {
-					$postactionmessages[] = $paiement->error . ($paiement->error ? ' ' : '') . join("<br>\n", $paiement->errors);
+					$postactionmessages[] = $paiement->error.($paiement->error ? ' ' : '').join("<br>\n", $paiement->errors);
 					$ispostactionok = -1;
 					$error++;
 
-					dol_syslog("Failed to create the payment for invoice id " . $invoice_id);
+					dol_syslog("Failed to create the payment for invoice id ".$invoice_id);
 				} else {
 					$postactionmessages[] = 'Payment created';
 
-					dol_syslog("The payment has been created for invoice id " . $invoice_id);
+					dol_syslog("The payment has been created for invoice id ".$invoice_id);
 				}
 			}
 
@@ -492,14 +492,14 @@ 
 						$label = '(CustomerInvoicePayment)';
 						$result = $paiement->addPaymentToBank($user, 'payment', $label, $bankaccountid, $customer_id, '');
 						if ($result < 0) {
-							$postactionmessages[] = $paiement->error . ($paiement->error ? ' ' : '') . join("<br>\n", $paiement->errors);
+							$postactionmessages[] = $paiement->error.($paiement->error ? ' ' : '').join("<br>\n", $paiement->errors);
 							$ispostactionok = -1;
 							$error++;
 						} else {
 							$postactionmessages[] = 'Bank transaction of payment created (by ipn.php file)';
 						}
 					} else {
-						$postactionmessages[] = 'Setup of bank account to use in module ' . $paymentmethod . ' was not set. No way to record the payment.';
+						$postactionmessages[] = 'Setup of bank account to use in module '.$paymentmethod.' was not set. No way to record the payment.';
 						$ispostactionok = -1;
 						$error++;
 					}
@@ -663,7 +663,7 @@ 
 			$error++;
 		}
 
-		if (! $error) {
+		if (!$error) {
 			$db->commit();
 		} else {
 			$db->rollback();

htdocs/compta/prelevement/class/bonprelevement.class.php

Spacing +37 added lines, -37 removed lines

@@ -98,8 +98,8 @@ 
 
 	const STATUS_DRAFT = 0;
 	const STATUS_TRANSFERED = 1;
-	const STATUS_CREDITED = 2;		// STATUS_CREDITED and STATUS_DEBITED is same. Difference is in ->type
-	const STATUS_DEBITED = 2;		// STATUS_CREDITED and STATUS_DEBITED is same. Difference is in ->type
+	const STATUS_CREDITED = 2; // STATUS_CREDITED and STATUS_DEBITED is same. Difference is in ->type
+	const STATUS_DEBITED = 2; // STATUS_CREDITED and STATUS_DEBITED is same. Difference is in ->type
 
 
 	/**
@@ -145,7 +145,7 @@ 
 	/**
 	 * @var array  Array with all fields and their property. Do not use it as a static var. It may be modified by constructor.
 	 */
-	public $fields=array(
+	public $fields = array(
 		'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>'1', 'position'=>10, 'notnull'=>1, 'visible'=>0,),
 		'ref' => array('type'=>'varchar(12)', 'label'=>'Ref', 'enabled'=>'1', 'position'=>15, 'notnull'=>0, 'visible'=>-1, 'csslist'=>'tdoverflowmax150', 'showoncombobox'=>'1',),
 		'datec' => array('type'=>'datetime', 'label'=>'DateCreation', 'enabled'=>'1', 'position'=>25, 'notnull'=>0, 'visible'=>-1,),
@@ -339,7 +339,7 @@ 
 			$sql .= ", '".$this->db->escape($code_guichet)."'";
 			$sql .= ", '".$this->db->escape($number)."'";
 			$sql .= ", '".$this->db->escape($number_key)."'";
-			$sql .= (!empty($sourcetype) ? ", ". ((int) $client_id) : '');
+			$sql .= (!empty($sourcetype) ? ", ".((int) $client_id) : '');
 			$sql .= ")";
 			if ($this->db->query($sql)) {
 				$line_id = $this->db->last_insert_id(MAIN_DB_PREFIX."prelevement_lignes");
@@ -563,7 +563,7 @@ 
 						} else {
 							$modeforaddpayment = 'payment';
 							$labelforaddpayment = '(CustomerInvoicePayment)';
-							$addbankurl = 'direct-debit';	// = 'directdebit'
+							$addbankurl = 'direct-debit'; // = 'directdebit'
 						}
 
 						$result = $paiement->addPaymentToBank($user, $modeforaddpayment, $labelforaddpayment, $fk_bank_account, '', '', 0, '', $addbankurl);
@@ -973,7 +973,7 @@ 
 				$sql .= " FROM ".MAIN_DB_PREFIX."salary as f";
 				$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."prelevement_demande as pd ON f.rowid = pd.fk_salary";
 				$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as s ON s.rowid = f.fk_user";
-				$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user_rib as sr ON s.rowid = sr.fk_user";	// TODO Add AND sr.default_rib = 1 here
+				$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user_rib as sr ON s.rowid = sr.fk_user"; // TODO Add AND sr.default_rib = 1 here
 			}
 			if ($sourcetype != 'salary') {
 				if ($type != 'bank-transfer') {
@@ -996,7 +996,7 @@ 
 			$sql .= " AND pd.traite = 0";
 			$sql .= " AND pd.ext_payment_id IS NULL";
 			if ($sourcetype != 'salary') {
-				$sql .= " AND sr.type = 'ban'";		// TODO Add AND sr.type = 'ban' for users too
+				$sql .= " AND sr.type = 'ban'"; // TODO Add AND sr.type = 'ban' for users too
 			}
 			if ($did > 0) {
 				$sql .= " AND pd.rowid = ".((int) $did);
@@ -1008,7 +1008,7 @@ 
 				$i = 0;
 
 				while ($i < $num) {
-					$row = $this->db->fetch_row($resql);	// TODO Replace with fetch_object()
+					$row = $this->db->fetch_row($resql); // TODO Replace with fetch_object()
 					$factures[$i] = $row; // All fields
 
 					if ($row[7] == 0) {
@@ -1086,30 +1086,30 @@ 
 								$tmpsoc->id = $fac[2];
 								$tmpsoc->name = $fac[8];
 								$invoice_url = "<a href='".DOL_URL_ROOT.'/compta/facture/card.php?facid='.$fac[0]."'>".$fac[9]."</a>";
-								$this->invoice_in_error[$fac[0]] = "Error on default bank number IBAN/BIC for invoice " . $invoice_url . " for thirdparty " . $tmpsoc->getNomUrl(0);
-								$this->thirdparty_in_error[$tmpsoc->id] = "Error on default bank number IBAN/BIC for invoice " . $invoice_url . " for thirdparty " . $tmpsoc->getNomUrl(0);
+								$this->invoice_in_error[$fac[0]] = "Error on default bank number IBAN/BIC for invoice ".$invoice_url." for thirdparty ".$tmpsoc->getNomUrl(0);
+								$this->thirdparty_in_error[$tmpsoc->id] = "Error on default bank number IBAN/BIC for invoice ".$invoice_url." for thirdparty ".$tmpsoc->getNomUrl(0);
 								$error++;
 							}
 							if ($type == 'bank-transfer' && $sourcetype != 'salary') {
 								$tmpsoc->id = $fac[2];
 								$tmpsoc->name = $fac[8];
 								$invoice_url = "<a href='".DOL_URL_ROOT.'/fourn/facture/card.php?facid='.$fac[0]."'>".$fac[9]."</a>";
-								$this->invoice_in_error[$fac[0]] = "Error on default bank number IBAN/BIC for invoice " . $invoice_url . " for thirdparty " . $tmpsoc->getNomUrl(0);
-								$this->thirdparty_in_error[$tmpsoc->id] = "Error on default bank number IBAN/BIC for invoice " . $invoice_url . " for thirdparty " . $tmpsoc->getNomUrl(0);
+								$this->invoice_in_error[$fac[0]] = "Error on default bank number IBAN/BIC for invoice ".$invoice_url." for thirdparty ".$tmpsoc->getNomUrl(0);
+								$this->thirdparty_in_error[$tmpsoc->id] = "Error on default bank number IBAN/BIC for invoice ".$invoice_url." for thirdparty ".$tmpsoc->getNomUrl(0);
 								$error++;
 							}
 							if ($type == 'bank-transfer' && $sourcetype == 'salary') {
 								$tmpuser->id = $fac[2];
 								$tmpuser->firstname = $fac[8];
 								$salary_url = "<a href='".DOL_URL_ROOT.'/salaries/card.php?id='.$fac[0]."'>".$fac[0]."</a>";
-								$this->invoice_in_error[$fac[0]] = "Error on default bank number IBAN/BIC for salary " . $salary_url . " for employee " . $tmpuser->getNomUrl(0);
-								$this->thirdparty_in_error[$tmpuser->id] = "Error on default bank number IBAN/BIC for salary " . $salary_url . " for employee " . $tmpuser->getNomUrl(0);
+								$this->invoice_in_error[$fac[0]] = "Error on default bank number IBAN/BIC for salary ".$salary_url." for employee ".$tmpuser->getNomUrl(0);
+								$this->thirdparty_in_error[$tmpuser->id] = "Error on default bank number IBAN/BIC for salary ".$salary_url." for employee ".$tmpuser->getNomUrl(0);
 								$error++;
 							}
-							dol_syslog(__METHOD__ . " Check BAN Error on default bank number IBAN/BIC reported by verif(): " . join(', ', $fac), LOG_WARNING);
+							dol_syslog(__METHOD__." Check BAN Error on default bank number IBAN/BIC reported by verif(): ".join(', ', $fac), LOG_WARNING);
 						}
 					} else {
-						dol_syslog(__METHOD__ . " Check BAN Failed to read company", LOG_WARNING);
+						dol_syslog(__METHOD__." Check BAN Failed to read company", LOG_WARNING);
 					}
 					/*
 					} else {
@@ -1162,7 +1162,7 @@ 
 				$ref = substr($year, -2).$month;
 
 				// Get next free nunber for the ref of bon prelevement
-				$sql = "SELECT substring(ref from char_length(ref) - 1)";	// To extract "YYMMXX" from "TYYMMXX"
+				$sql = "SELECT substring(ref from char_length(ref) - 1)"; // To extract "YYMMXX" from "TYYMMXX"
 				$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_bons";
 				$sql .= " WHERE ref LIKE '_".$this->db->escape($ref)."%'";
 				$sql .= " AND entity = ".((int) $conf->entity);
@@ -1356,7 +1356,7 @@ 
 
 			if (!$error) {
 				$this->db->commit();
-				return count($factures_prev);	// The error of failed lines are into $this->invoice_in_error and $this->thirdparty_in_error
+				return count($factures_prev); // The error of failed lines are into $this->invoice_in_error and $this->thirdparty_in_error
 			} else {
 				$this->db->rollback();
 				return -1;
@@ -2170,7 +2170,7 @@ 
 			$XML_CREDITOR .= '					<EndToEndId>'.(($conf->global->PRELEVEMENT_END_TO_END != "") ? $conf->global->PRELEVEMENT_END_TO_END : ('CT-'.dol_trunc($row_idfac.'-'.$row_ref, 20, 'right', 'UTF-8', 1)).'-'.$Rowing).'</EndToEndId>'.$CrLf; // ISO20022 states that EndToEndId has a MaxLength of 35 characters
 			$XML_CREDITOR .= '				</PmtId>'.$CrLf;
 			if (!empty($this->sepa_xml_pti_in_ctti)) {
-				$XML_CREDITOR .= '				<PmtTpInf>' . $CrLf;
+				$XML_CREDITOR .= '				<PmtTpInf>'.$CrLf;
 
 				// Can be 'NORM' for normal or 'HIGH' for high priority level
 				if (getDolGlobalString('PAYMENTBYBANKTRANSFER_FORCE_HIGH_PRIORITY')) {
@@ -2178,14 +2178,14 @@ 
 				} else {
 					$instrprty = 'NORM';
 				}
-				$XML_CREDITOR .= '					<InstrPrty>'.$instrprty.'</InstrPrty>' . $CrLf;
-				$XML_CREDITOR .= '					<SvcLvl>' . $CrLf;
-				$XML_CREDITOR .= '						<Cd>SEPA</Cd>' . $CrLf;
-				$XML_CREDITOR .= '					</SvcLvl>' . $CrLf;
-				$XML_CREDITOR .= '					<CtgyPurp>' . $CrLf;
-				$XML_CREDITOR .= '						<Cd>CORE</Cd>' . $CrLf;
-				$XML_CREDITOR .= '					</CtgyPurp>' . $CrLf;
-				$XML_CREDITOR .= '				</PmtTpInf>' . $CrLf;
+				$XML_CREDITOR .= '					<InstrPrty>'.$instrprty.'</InstrPrty>'.$CrLf;
+				$XML_CREDITOR .= '					<SvcLvl>'.$CrLf;
+				$XML_CREDITOR .= '						<Cd>SEPA</Cd>'.$CrLf;
+				$XML_CREDITOR .= '					</SvcLvl>'.$CrLf;
+				$XML_CREDITOR .= '					<CtgyPurp>'.$CrLf;
+				$XML_CREDITOR .= '						<Cd>CORE</Cd>'.$CrLf;
+				$XML_CREDITOR .= '					</CtgyPurp>'.$CrLf;
+				$XML_CREDITOR .= '				</PmtTpInf>'.$CrLf;
 			}
 			$XML_CREDITOR .= '				<Amt>'.$CrLf;
 			$XML_CREDITOR .= '					<InstdAmt Ccy="EUR">'.round($row_somme, 2).'</InstdAmt>'.$CrLf;
@@ -2347,7 +2347,7 @@ 
 			$this->emetteur_iban = $account->iban;
 			$this->emetteur_bic = $account->bic;
 
-			$this->emetteur_ics = ($type == 'bank-transfer' ? $account->ics_transfer : $account->ics);  // Ex: PRELEVEMENT_ICS = "FR78ZZZ123456";
+			$this->emetteur_ics = ($type == 'bank-transfer' ? $account->ics_transfer : $account->ics); // Ex: PRELEVEMENT_ICS = "FR78ZZZ123456";
 
 			$this->raison_sociale = $account->proprio;
 		}
@@ -2438,15 +2438,15 @@ 
 				$XML_SEPA_INFO .= '			<NbOfTxs>'.$nombre.'</NbOfTxs>'.$CrLf;
 				$XML_SEPA_INFO .= '			<CtrlSum>'.$total.'</CtrlSum>'.$CrLf;
 				if (!empty($this->sepa_xml_pti_in_ctti) && !empty($format)) {	// @TODO Using $format (FRST ou RCUR) in a section for a Credit Transfer looks strange.
-					$XML_SEPA_INFO .= '			<PmtTpInf>' . $CrLf;
-					$XML_SEPA_INFO .= '				<SvcLvl>' . $CrLf;
-					$XML_SEPA_INFO .= '					<Cd>SEPA</Cd>' . $CrLf;
-					$XML_SEPA_INFO .= '				</SvcLvl>' . $CrLf;
-					$XML_SEPA_INFO .= '				<LclInstrm>' . $CrLf;
-					$XML_SEPA_INFO .= '					<Cd>CORE</Cd>' . $CrLf;
-					$XML_SEPA_INFO .= '				</LclInstrm>' . $CrLf;
-					$XML_SEPA_INFO .= '				<SeqTp>' . $format . '</SeqTp>' . $CrLf;
-					$XML_SEPA_INFO .= '			</PmtTpInf>' . $CrLf;
+					$XML_SEPA_INFO .= '			<PmtTpInf>'.$CrLf;
+					$XML_SEPA_INFO .= '				<SvcLvl>'.$CrLf;
+					$XML_SEPA_INFO .= '					<Cd>SEPA</Cd>'.$CrLf;
+					$XML_SEPA_INFO .= '				</SvcLvl>'.$CrLf;
+					$XML_SEPA_INFO .= '				<LclInstrm>'.$CrLf;
+					$XML_SEPA_INFO .= '					<Cd>CORE</Cd>'.$CrLf;
+					$XML_SEPA_INFO .= '				</LclInstrm>'.$CrLf;
+					$XML_SEPA_INFO .= '				<SeqTp>'.$format.'</SeqTp>'.$CrLf;
+					$XML_SEPA_INFO .= '			</PmtTpInf>'.$CrLf;
 				}
 				$XML_SEPA_INFO .= '			<ReqdExctnDt>'.dol_print_date($dateTime_ETAD, 'dayrfc').'</ReqdExctnDt>'.$CrLf;
 				$XML_SEPA_INFO .= '			<Dbtr>'.$CrLf;

htdocs/main.inc.php

Spacing +17 added lines, -17 removed lines

@@ -98,9 +98,9 @@ 
 	//print "before decoding $val\n";
 	do {
 		$oldval = $val;
-		$val = html_entity_decode($val, ENT_QUOTES | ENT_HTML5);	// Decode ':', ''', '	', '&NewLine', ...
+		$val = html_entity_decode($val, ENT_QUOTES | ENT_HTML5); // Decode ':', ''', '	', '&NewLine', ...
 		// Sometimes we have entities without the ; at end so html_entity_decode does not work but entities is still interpreted by browser.
-		$val = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', function ($m) {
+		$val = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', function($m) {
 			// Decode 'n', ...
 			return realCharForNumericEntities($m); }, $val);
 
@@ -138,7 +138,7 @@ 
 		$inj += preg_match('/user\s*\(/i', $val); // avoid to use function user() or mysql_user() that return current database login
 		$inj += preg_match('/information_schema/i', $val); // avoid to use request that read information_schema database
 		$inj += preg_match('/<svg/i', $val); // <svg can be allowed in POST
-		$inj += preg_match('/update[^&=\w].*set.+=/i', $val);	// the [^&=\w] test is to avoid error when request is like action=update&...set... or &updatemodule=...set...
+		$inj += preg_match('/update[^&=\w].*set.+=/i', $val); // the [^&=\w] test is to avoid error when request is like action=update&...set... or &updatemodule=...set...
 		$inj += preg_match('/union.+select/i', $val);
 	}
 	if ($type == 3) {
@@ -349,7 +349,7 @@ 
 		session_set_cookie_params($sessioncookieparams);
 	}
 	session_name($sessionname);
-	session_start();	// This call the open and read of session handler
+	session_start(); // This call the open and read of session handler
 	//exit;	// this exist generates a call to write and close
 }
 
@@ -377,11 +377,11 @@ 
 	if (!$ok) {
 		if (session_id() && isset($_SESSION["dol_login"]) && $_SESSION["dol_login"] != $conf->global->MAIN_ONLY_LOGIN_ALLOWED) {
 			print 'Sorry, your application is offline.'."\n";
-			print 'You are logged with user "'.$_SESSION["dol_login"].'" and only administrator user "' . getDolGlobalString('MAIN_ONLY_LOGIN_ALLOWED').'" is allowed to connect for the moment.'."\n";
+			print 'You are logged with user "'.$_SESSION["dol_login"].'" and only administrator user "'.getDolGlobalString('MAIN_ONLY_LOGIN_ALLOWED').'" is allowed to connect for the moment.'."\n";
 			$nexturl = DOL_URL_ROOT.'/user/logout.php?token='.newToken();
 			print 'Please try later or <a href="'.$nexturl.'">click here to disconnect and change login user</a>...'."\n";
 		} else {
-			print 'Sorry, your application is offline. Only administrator user "' . getDolGlobalString('MAIN_ONLY_LOGIN_ALLOWED').'" is allowed to connect for the moment.'."\n";
+			print 'Sorry, your application is offline. Only administrator user "'.getDolGlobalString('MAIN_ONLY_LOGIN_ALLOWED').'" is allowed to connect for the moment.'."\n";
 			$nexturl = DOL_URL_ROOT.'/';
 			print 'Please try later or <a href="'.$nexturl.'">click here to change login user</a>...'."\n";
 		}
@@ -583,7 +583,7 @@ 
 					print "Access to this page this way (POST method or GET with a sensible value for 'action' parameter) is refused by CSRF protection in main.inc.php. Token not provided.\n";
 					print "If you access your server behind a proxy using url rewriting and the parameter is provided by caller, you might check that all HTTP header are propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file or MAIN_SECURITY_CSRF_WITH_TOKEN to 0";
 					if (getDolGlobalString('MAIN_SECURITY_CSRF_WITH_TOKEN')) {
-						print " instead of " . getDolGlobalString('MAIN_SECURITY_CSRF_WITH_TOKEN');
+						print " instead of ".getDolGlobalString('MAIN_SECURITY_CSRF_WITH_TOKEN');
 					}
 					print " into setup).\n";
 				}
@@ -595,7 +595,7 @@ 
 	$sessiontokenforthisurl = (empty($_SESSION['token']) ? '' : $_SESSION['token']);
 	// TODO Get the sessiontokenforthisurl into an array of session token (one array per base URL so we can use the CSRF per page and we keep ability for several tabs per url in a browser)
 	if (GETPOSTISSET('token') && GETPOST('token') != 'notrequired' && GETPOST('token', 'alpha') != $sessiontokenforthisurl) {
-			dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (invalid token), so we disable POST and some GET parameters - referer=".(empty($_SERVER['HTTP_REFERER'])?'':$_SERVER['HTTP_REFERER']).", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha'), LOG_WARNING);
+			dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (invalid token), so we disable POST and some GET parameters - referer=".(empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']).", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha'), LOG_WARNING);
 			//dol_syslog("_SESSION['token']=".$sessiontokenforthisurl, LOG_DEBUG);
 			// Do not output anything on standard output because this create problems when using the BACK button on browsers. So we just set a message into session.
 		if (!defined('NOTOKENRENEWAL')) {
@@ -611,7 +611,7 @@ 
 			unset($_GET['action']);
 			unset($_GET['confirmmassaction']);
 			unset($_GET['massaction']);
-			unset($_GET['token']);			// TODO Make a redirect if we have a token in url to remove it ?
+			unset($_GET['token']); // TODO Make a redirect if we have a token in url to remove it ?
 		if (isset($savid)) {
 			$_POST['id'] = ((int) $savid);
 		}
@@ -778,7 +778,7 @@ 
 
 		$allowedmethodtopostusername = 3;
 		if (defined('MAIN_AUTHENTICATION_POST_METHOD')) {
-			$allowedmethodtopostusername = constant('MAIN_AUTHENTICATION_POST_METHOD');	// Note a value of 2 is not compatible with some authentication methods that put username as GET parameter
+			$allowedmethodtopostusername = constant('MAIN_AUTHENTICATION_POST_METHOD'); // Note a value of 2 is not compatible with some authentication methods that put username as GET parameter
 		}
 		// TODO Remove use of $_COOKIE['login_dolibarr'] ? Replace $usertotest = with $usertotest = GETPOST("username", "alpha", $allowedmethodtopostusername);
 		$usertotest = (!empty($_COOKIE['login_dolibarr']) ? preg_replace('/[^a-zA-Z0-9_@\-\.]/', '', $_COOKIE['login_dolibarr']) : GETPOST("username", "alpha", $allowedmethodtopostusername));
@@ -901,7 +901,7 @@ 
 				if (!empty($_SERVER["HTTP_USER_AGENT"]) && $_SERVER["HTTP_USER_AGENT"] == 'securitytest') {
 					http_response_code(401); // It makes easier to understand if session was broken during security tests
 				}
-				dol_loginfunction($langs, $conf, (!empty($mysoc) ? $mysoc : ''));	// This include http headers
+				dol_loginfunction($langs, $conf, (!empty($mysoc) ? $mysoc : '')); // This include http headers
 			}
 			exit;
 		}
@@ -1246,7 +1246,7 @@ 
 } else {
 	// We may have NOLOGIN set, but NOREQUIREUSER not
 	if (!empty($user) && method_exists($user, 'loadDefaultValues') && !defined('NODEFAULTVALUES')) {
-		$user->loadDefaultValues();		// Load default values for everybody (works even if $user->id = 0
+		$user->loadDefaultValues(); // Load default values for everybody (works even if $user->id = 0
 	}
 }
 
@@ -1426,7 +1426,7 @@ 
 
 if (!empty(GETPOST('seteventmessages', 'alpha'))) {
 	$message = GETPOST('seteventmessages', 'alpha');
-	$messages  = explode(',', $message);
+	$messages = explode(',', $message);
 	foreach ($messages as $key => $msg) {
 		$tmp = explode(':', $msg);
 		setEventMessages($tmp[0], null, !empty($tmp[1]) ? $tmp[1] : 'mesgs');
@@ -1721,7 +1721,7 @@ 
 
 		if (getDolGlobalString('THEME_ELDY_TOPMENU_BACK1')) {
 			// TODO: use auto theme color switch
-			print '<meta name="theme-color" content="rgb(' . getDolGlobalString('THEME_ELDY_TOPMENU_BACK1').')">'."\n";
+			print '<meta name="theme-color" content="rgb('.getDolGlobalString('THEME_ELDY_TOPMENU_BACK1').')">'."\n";
 		}
 
 		// Auto refresh page
@@ -2038,7 +2038,7 @@ 
 			print $head."\n";
 		}
 		if (getDolGlobalString('MAIN_HTML_HEADER')) {
-			print getDolGlobalString('MAIN_HTML_HEADER') . "\n";
+			print getDolGlobalString('MAIN_HTML_HEADER')."\n";
 		}
 
 		$parameters = array();
@@ -2817,7 +2817,7 @@ 
 		$langs->load(explode('@', $item['name'])[1]);
 		$dropDownQuickAddHtml .= '
 			<a class="dropdown-item quickadd-item" href="'.DOL_URL_ROOT.$item['url'].'" title="'.$langs->trans(explode('@', $item['title'])[0]).'">
-			'. img_picto('', $item['picto'], 'style="width:18px;"') . ' ' . $langs->trans(explode('@', $item['name'])[0]) . '</a>
+			'. img_picto('', $item['picto'], 'style="width:18px;"').' '.$langs->trans(explode('@', $item['name'])[0]).'</a>
 		';
 	}
 
@@ -3665,7 +3665,7 @@ 
 		$forceping = GETPOST('forceping', 'alpha');
 		if (($_SERVER["PHP_SELF"] == DOL_URL_ROOT.'/index.php') || $forceping) {
 			//print '<!-- instance_unique_id='.$conf->file->instance_unique_id.' MAIN_FIRST_PING_OK_ID='.$conf->global->MAIN_FIRST_PING_OK_ID.' -->';
-			$hash_unique_id = dol_hash('dolibarr'.$conf->file->instance_unique_id, 'sha256');	// Note: if the global salt changes, this hash changes too so ping may be counted twice. We don't mind. It is for statistics purpose only.
+			$hash_unique_id = dol_hash('dolibarr'.$conf->file->instance_unique_id, 'sha256'); // Note: if the global salt changes, this hash changes too so ping may be counted twice. We don't mind. It is for statistics purpose only.
 
 			if (!getDolGlobalString('MAIN_FIRST_PING_OK_DATE')
 				|| (!empty($conf->file->instance_unique_id) && ($hash_unique_id != $conf->global->MAIN_FIRST_PING_OK_ID) && ($conf->global->MAIN_FIRST_PING_OK_ID != 'disabled'))

htdocs/install/step2.php

Spacing +3 added lines, -3 removed lines

@@ -38,9 +38,9 @@ 
 // Only works if you are not in safe_mode. / Ne fonctionne que si on est pas en safe_mode.
 
 $err = error_reporting();
-error_reporting(0);      // Disable all errors
+error_reporting(0); // Disable all errors
 //error_reporting(E_ALL);
-@set_time_limit(1800);   // Need 1800 on some very slow OS like Windows 7/64
+@set_time_limit(1800); // Need 1800 on some very slow OS like Windows 7/64
 error_reporting($err);
 
 $action = GETPOST('action', 'aZ09') ? GETPOST('action', 'aZ09') : (empty($argv[1]) ? '' : $argv[1]);
@@ -584,7 +584,7 @@ 
 
 $conf->file->instance_unique_id = (empty($dolibarr_main_instance_unique_id) ? (empty($dolibarr_main_cookie_cryptkey) ? '' : $dolibarr_main_cookie_cryptkey) : $dolibarr_main_instance_unique_id); // Unique id of instance
 
-$hash_unique_id = dol_hash('dolibarr'.$conf->file->instance_unique_id, 'sha256');	// Note: if the global salt changes, this hash changes too so ping may be counted twice. We don't mind. It is for statistics purpose only.
+$hash_unique_id = dol_hash('dolibarr'.$conf->file->instance_unique_id, 'sha256'); // Note: if the global salt changes, this hash changes too so ping may be counted twice. We don't mind. It is for statistics purpose only.
 
 $out  = '<input type="checkbox" name="dolibarrpingno" id="dolibarrpingno"'.((getDolGlobalString('MAIN_FIRST_PING_OK_ID') == 'disabled') ? '' : ' value="checked" checked="true"').'> ';
 $out .= '<label for="dolibarrpingno">'.$langs->trans("MakeAnonymousPing").'</label>';

htdocs/core/class/commonobject.class.php

Spacing +144 added lines, -144 removed lines

@@ -888,17 +888,17 @@ 
 				}
 				$labelextra = $langs->trans((string) $extrafields->attributes[$this->table_element]['label'][$key]);
 				if ($extrafields->attributes[$this->table_element]['type'][$key] == 'separate') {
-					$datas[$key]= '<br><b><u>'. $labelextra . '</u></b>';
+					$datas[$key] = '<br><b><u>'.$labelextra.'</u></b>';
 				} else {
-					$value = (empty($this->array_options['options_' . $key]) ? '' : $this->array_options['options_' . $key]);
-					$datas[$key]= '<br><b>'. $labelextra . ':</b> ' . $extrafields->showOutputField($key, $value, '', $this->table_element);
+					$value = (empty($this->array_options['options_'.$key]) ? '' : $this->array_options['options_'.$key]);
+					$datas[$key] = '<br><b>'.$labelextra.':</b> '.$extrafields->showOutputField($key, $value, '', $this->table_element);
 					$count++;
 				}
 			}
 			$datas['closedivextra'] = '</div>';
 		}
 
-		$hookmanager->initHooks(array($this->element . 'dao'));
+		$hookmanager->initHooks(array($this->element.'dao'));
 		$parameters = array(
 			'tooltipcontentarray' => &$datas,
 			'params' => $params,
@@ -1389,7 +1389,7 @@ 
 		if ($source == 'external' || $source == 'thirdparty') {
 			$sql .= " AND tc.source = 'external'";
 			if ($status >= 0) {
-				$sql .= " AND t.statut = ".((int) $status);	// t is llx_socpeople
+				$sql .= " AND t.statut = ".((int) $status); // t is llx_socpeople
 			}
 		}
 		$sql .= " AND tc.active = 1";
@@ -1748,8 +1748,8 @@ 
 		if ($idtofetch) {
 			$thirdparty = new Societe($this->db);
 			$result = $thirdparty->fetch($idtofetch);
-			if ($result<0) {
-				$this->errors=array_merge($this->errors, $thirdparty->errors);
+			if ($result < 0) {
+				$this->errors = array_merge($this->errors, $thirdparty->errors);
 			}
 			$this->thirdparty = $thirdparty;
 
@@ -1779,7 +1779,7 @@ 
 		}
 
 		$sql = "SELECT rowid FROM ".$this->db->prefix().$this->table_element;
-		$sql .= " WHERE ".$this->table_ref_field." LIKE '".$this->db->escape($ref)."'";	// no escapeforlike here
+		$sql .= " WHERE ".$this->table_ref_field." LIKE '".$this->db->escape($ref)."'"; // no escapeforlike here
 		$sql .= " LIMIT 1";
 
 		$query = $this->db->query($sql);
@@ -2072,9 +2072,9 @@ 
 		if ($trigkey) {
 			$oldvalue = null;
 
-			$sql = "SELECT " . $field;
-			$sql .= " FROM " . MAIN_DB_PREFIX . $table;
-			$sql .= " WHERE " . $id_field . " = " . ((int) $id);
+			$sql = "SELECT ".$field;
+			$sql .= " FROM ".MAIN_DB_PREFIX.$table;
+			$sql .= " WHERE ".$id_field." = ".((int) $id);
 
 			$resql = $this->db->query($sql);
 			if ($resql) {
@@ -2427,7 +2427,7 @@ 
 		// Triggers
 		if (!$error && !$notrigger) {
 			// Call triggers
-			$result = $this->call_trigger(strtoupper($this->element) . '_MODIFY', $user);
+			$result = $this->call_trigger(strtoupper($this->element).'_MODIFY', $user);
 			if ($result < 0) {
 				$error++;
 			} //Do also here what you must do to rollback action if trigger fail
@@ -2793,7 +2793,7 @@ 
 			$sql = 'UPDATE '.$this->db->prefix().$this->table_element;
 			$sql .= " SET ".$fieldname." = ".(($id > 0 || $id == '0') ? ((int) $id) : 'NULL');
 			if (in_array($this->table_element, array('propal', 'commande', 'societe'))) {
-				$sql .= " , deposit_percent = " . (empty($deposit_percent) ? 'NULL' : "'".$this->db->escape($deposit_percent)."'");
+				$sql .= " , deposit_percent = ".(empty($deposit_percent) ? 'NULL' : "'".$this->db->escape($deposit_percent)."'");
 			}
 			$sql .= ' WHERE rowid='.((int) $this->id);
 
@@ -3142,10 +3142,10 @@ 
 		$sql = "SELECT count(rowid) FROM ".$this->db->prefix().$this->table_element_line;
 		$sql .= " WHERE ".$this->fk_element." = ".((int) $this->id);
 		if (!$renum) {
-			$sql .= " AND " . $fieldposition . " = 0";
+			$sql .= " AND ".$fieldposition." = 0";
 		}
 		if ($renum) {
-			$sql .= " AND " . $fieldposition . " <> 0";
+			$sql .= " AND ".$fieldposition." <> 0";
 		}
 
 		dol_syslog(get_class($this)."::line_order", LOG_DEBUG);
@@ -3166,7 +3166,7 @@ 
 			if ($fk_parent_line) {
 				$sql .= ' AND fk_parent_line IS NULL';
 			}
-			$sql .= " ORDER BY " . $fieldposition . " ASC, rowid " . $rowidorder;
+			$sql .= " ORDER BY ".$fieldposition." ASC, rowid ".$rowidorder;
 
 			dol_syslog(get_class($this)."::line_order search all parent lines", LOG_DEBUG);
 			$resql = $this->db->query($sql);
@@ -3217,7 +3217,7 @@ 
 		$sql = "SELECT rowid FROM ".$this->db->prefix().$this->table_element_line;
 		$sql .= " WHERE ".$this->fk_element." = ".((int) $this->id);
 		$sql .= ' AND fk_parent_line = '.((int) $id);
-		$sql .= " ORDER BY " . $fieldposition . " ASC";
+		$sql .= " ORDER BY ".$fieldposition." ASC";
 
 		dol_syslog(get_class($this)."::getChildrenOfLine search children lines for line ".$id, LOG_DEBUG);
 		$resql = $this->db->query($sql);
@@ -3300,8 +3300,8 @@ 
 			dol_print_error($this->db);
 			return -1;
 		} else {
-			$parameters=array('rowid'=>$rowid, 'rang'=>$rang, 'fieldposition' => $fieldposition);
-			$action='';
+			$parameters = array('rowid'=>$rowid, 'rang'=>$rang, 'fieldposition' => $fieldposition);
+			$action = '';
 			$reshook = $hookmanager->executeHooks('afterRankOfLineUpdate', $parameters, $this, $action);
 			return 1;
 		}
@@ -3340,7 +3340,7 @@ 
 
 			$sql = "UPDATE ".$this->db->prefix().$this->table_element_line." SET ".$fieldposition." = ".((int) $rang);
 			$sql .= " WHERE ".$this->fk_element." = ".((int) $this->id);
-			$sql .= " AND " . $fieldposition . " = " . ((int) ($rang - 1));
+			$sql .= " AND ".$fieldposition." = ".((int) ($rang - 1));
 			if ($this->db->query($sql)) {
 				$sql = "UPDATE ".$this->db->prefix().$this->table_element_line." SET ".$fieldposition." = ".((int) ($rang - 1));
 				$sql .= ' WHERE rowid = '.((int) $rowid);
@@ -3371,7 +3371,7 @@ 
 
 			$sql = "UPDATE ".$this->db->prefix().$this->table_element_line." SET ".$fieldposition." = ".((int) $rang);
 			$sql .= " WHERE ".$this->fk_element." = ".((int) $this->id);
-			$sql .= " AND " . $fieldposition . " = " . ((int) ($rang + 1));
+			$sql .= " AND ".$fieldposition." = ".((int) ($rang + 1));
 			if ($this->db->query($sql)) {
 				$sql = "UPDATE ".$this->db->prefix().$this->table_element_line." SET ".$fieldposition." = ".((int) ($rang + 1));
 				$sql .= ' WHERE rowid = '.((int) $rowid);
@@ -3397,7 +3397,7 @@ 
 			$fieldposition = 'position';
 		}
 
-		$sql = "SELECT " . $fieldposition . " FROM ".$this->db->prefix().$this->table_element_line;
+		$sql = "SELECT ".$fieldposition." FROM ".$this->db->prefix().$this->table_element_line;
 		$sql .= " WHERE rowid = ".((int) $rowid);
 
 		dol_syslog(get_class($this)."::getRangOfLine", LOG_DEBUG);
@@ -3425,7 +3425,7 @@ 
 
 		$sql = "SELECT rowid FROM ".$this->db->prefix().$this->table_element_line;
 		$sql .= " WHERE ".$this->fk_element." = ".((int) $this->id);
-		$sql .= " AND " . $fieldposition . " = ".((int) $rang);
+		$sql .= " AND ".$fieldposition." = ".((int) $rang);
 		$resql = $this->db->query($sql);
 		if ($resql) {
 			$row = $this->db->fetch_row($resql);
@@ -3543,7 +3543,7 @@ 
 			$newsuffix = '';
 		}
 		if (in_array($this->table_element, array('actioncomm', 'adherent', 'advtargetemailing', 'cronjob', 'establishment'))) {
-			$fieldusermod =  "fk_user_mod";
+			$fieldusermod = "fk_user_mod";
 		} elseif ($this->table_element == 'ecm_files') {
 			$fieldusermod = "fk_user_m";
 		} else {
@@ -3585,7 +3585,7 @@ 
 						$trigger_name = 'EXPENSE_REPORT_MODIFY';
 						break;
 					default:
-						$trigger_name = strtoupper($this->element) . '_MODIFY';
+						$trigger_name = strtoupper($this->element).'_MODIFY';
 				}
 				$ret = $this->call_trigger($trigger_name, $user);
 				if ($ret < 0) {
@@ -3943,7 +3943,7 @@ 
 		// It's because an entry for this element may be exist in llx_element_element before this modification (version <=14.2) and ave named only with their element name in fk_source or fk_target.
 		$coremodule = array('knowledgemanagement', 'partnership', 'workstation', 'ticket', 'recruitment', 'eventorganization', 'asset');
 		// Add module part to target type if object has $module property and isn't in core modules.
-		$targettype = ((!empty($this->module) && ! in_array($this->module, $coremodule)) ? $this->module.'_' : '').$this->element;
+		$targettype = ((!empty($this->module) && !in_array($this->module, $coremodule)) ? $this->module.'_' : '').$this->element;
 
 		$parameters = array('targettype'=>$targettype);
 		// Hook for explicitly set the targettype if it must be differtent than $this->element
@@ -3957,19 +3957,19 @@ 
 		$this->db->begin();
 		$error = 0;
 
-		$sql = "INSERT INTO " . $this->db->prefix() . "element_element (";
+		$sql = "INSERT INTO ".$this->db->prefix()."element_element (";
 		$sql .= "fk_source";
 		$sql .= ", sourcetype";
 		$sql .= ", fk_target";
 		$sql .= ", targettype";
 		$sql .= ") VALUES (";
 		$sql .= ((int) $origin_id);
-		$sql .= ", '" . $this->db->escape($origin) . "'";
-		$sql .= ", " . ((int) $this->id);
-		$sql .= ", '" . $this->db->escape($targettype) . "'";
+		$sql .= ", '".$this->db->escape($origin)."'";
+		$sql .= ", ".((int) $this->id);
+		$sql .= ", '".$this->db->escape($targettype)."'";
 		$sql .= ")";
 
-		dol_syslog(get_class($this) . "::add_object_linked", LOG_DEBUG);
+		dol_syslog(get_class($this)."::add_object_linked", LOG_DEBUG);
 		if ($this->db->query($sql)) {
 			if (!$notrigger) {
 				// Call trigger
@@ -4284,20 +4284,20 @@ 
 		$this->db->begin();
 		$error = 0;
 
-		$sql = "UPDATE " . $this->db->prefix() . "element_element SET ";
+		$sql = "UPDATE ".$this->db->prefix()."element_element SET ";
 		if ($updatesource) {
-			$sql .= "fk_source = " . ((int) $sourceid);
-			$sql .= ", sourcetype = '" . $this->db->escape($sourcetype) . "'";
-			$sql .= " WHERE fk_target = " . ((int) $this->id);
-			$sql .= " AND targettype = '" . $this->db->escape($this->element) . "'";
+			$sql .= "fk_source = ".((int) $sourceid);
+			$sql .= ", sourcetype = '".$this->db->escape($sourcetype)."'";
+			$sql .= " WHERE fk_target = ".((int) $this->id);
+			$sql .= " AND targettype = '".$this->db->escape($this->element)."'";
 		} elseif ($updatetarget) {
-			$sql .= "fk_target = " . ((int) $targetid);
-			$sql .= ", targettype = '" . $this->db->escape($targettype) . "'";
-			$sql .= " WHERE fk_source = " . ((int) $this->id);
-			$sql .= " AND sourcetype = '" . $this->db->escape($this->element) . "'";
+			$sql .= "fk_target = ".((int) $targetid);
+			$sql .= ", targettype = '".$this->db->escape($targettype)."'";
+			$sql .= " WHERE fk_source = ".((int) $this->id);
+			$sql .= " AND sourcetype = '".$this->db->escape($this->element)."'";
 		}
 
-		dol_syslog(get_class($this) . "::updateObjectLinked", LOG_DEBUG);
+		dol_syslog(get_class($this)."::updateObjectLinked", LOG_DEBUG);
 		if ($this->db->query($sql)) {
 			if (!$notrigger) {
 				// Call trigger
@@ -4373,25 +4373,25 @@ 
 		}
 
 		if (!$error) {
-			$sql = "DELETE FROM " . $this->db->prefix() . "element_element";
+			$sql = "DELETE FROM ".$this->db->prefix()."element_element";
 			$sql .= " WHERE";
 			if ($rowid > 0) {
-				$sql .= " rowid = " . ((int) $rowid);
+				$sql .= " rowid = ".((int) $rowid);
 			} else {
 				if ($deletesource) {
-					$sql .= " fk_source = " . ((int) $sourceid) . " AND sourcetype = '" . $this->db->escape($sourcetype) . "'";
-					$sql .= " AND fk_target = " . ((int) $this->id) . " AND targettype = '" . $this->db->escape($this->element) . "'";
+					$sql .= " fk_source = ".((int) $sourceid)." AND sourcetype = '".$this->db->escape($sourcetype)."'";
+					$sql .= " AND fk_target = ".((int) $this->id)." AND targettype = '".$this->db->escape($this->element)."'";
 				} elseif ($deletetarget) {
-					$sql .= " fk_target = " . ((int) $targetid) . " AND targettype = '" . $this->db->escape($targettype) . "'";
-					$sql .= " AND fk_source = " . ((int) $this->id) . " AND sourcetype = '" . $this->db->escape($this->element) . "'";
+					$sql .= " fk_target = ".((int) $targetid)." AND targettype = '".$this->db->escape($targettype)."'";
+					$sql .= " AND fk_source = ".((int) $this->id)." AND sourcetype = '".$this->db->escape($this->element)."'";
 				} else {
-					$sql .= " (fk_source = " . ((int) $this->id) . " AND sourcetype = '" . $this->db->escape($this->element) . "')";
+					$sql .= " (fk_source = ".((int) $this->id)." AND sourcetype = '".$this->db->escape($this->element)."')";
 					$sql .= " OR";
-					$sql .= " (fk_target = " . ((int) $this->id) . " AND targettype = '" . $this->db->escape($this->element) . "')";
+					$sql .= " (fk_target = ".((int) $this->id)." AND targettype = '".$this->db->escape($this->element)."')";
 				}
 			}
 
-			dol_syslog(get_class($this) . "::deleteObjectLinked", LOG_DEBUG);
+			dol_syslog(get_class($this)."::deleteObjectLinked", LOG_DEBUG);
 			if (!$this->db->query($sql)) {
 				$this->error = $this->db->lasterror();
 				$this->errors[] = $this->error;
@@ -4553,14 +4553,14 @@ 
 			$sql .= ", date_validation = '".$this->db->idate(dol_now())."'";
 		}
 		$sql .= " WHERE rowid = ".((int) $elementId);
-		$sql .= " AND ".$fieldstatus." <> ".((int) $status);	// We avoid update if status already correct
+		$sql .= " AND ".$fieldstatus." <> ".((int) $status); // We avoid update if status already correct
 
 		dol_syslog(get_class($this)."::setStatut", LOG_DEBUG);
 		$resql = $this->db->query($sql);
 		if ($resql) {
 			$error = 0;
 
-			$nb_rows_affected = $this->db->affected_rows($resql);	// should be 1 or 0 if status was already correct
+			$nb_rows_affected = $this->db->affected_rows($resql); // should be 1 or 0 if status was already correct
 
 			if ($nb_rows_affected > 0) {
 				if (empty($trigkey)) {
@@ -4605,7 +4605,7 @@ 
 					if ($fieldstatus == 'tosell') {
 						$this->status = $status;
 					} elseif ($fieldstatus == 'tobuy') {
-						$this->status_buy = $status;	// @phpstan-ignore-line
+						$this->status_buy = $status; // @phpstan-ignore-line
 					} else {
 						$this->statut = $status;
 						$this->status = $status;
@@ -4714,7 +4714,7 @@ 
 			return -1;
 		}
 
-		$arraytoscan = $this->childtables;		// array('tablename'=>array('fk_element'=>'parentfield'), ...) or array('tablename'=>array('parent'=>table_parent, 'parentkey'=>'nameoffieldforparentfkkey'), ...)
+		$arraytoscan = $this->childtables; // array('tablename'=>array('fk_element'=>'parentfield'), ...) or array('tablename'=>array('parent'=>table_parent, 'parentkey'=>'nameoffieldforparentfkkey'), ...)
 		// For backward compatibility, we check if array is old format array('tablename1', 'tablename2', ...)
 		$tmparray = array_keys($this->childtables);
 		if (is_numeric($tmparray[0])) {
@@ -4727,26 +4727,26 @@ 
 			//print $id.'-'.$table.'-'.$elementname.'<br>';
 			// Check if element can be deleted
 			$sql = "SELECT COUNT(*) as nb";
-			$sql.= " FROM ".$this->db->prefix().$table." as c";
+			$sql .= " FROM ".$this->db->prefix().$table." as c";
 			if (!empty($element['parent']) && !empty($element['parentkey'])) {
-				$sql.= ", ".$this->db->prefix().$element['parent']." as p";
+				$sql .= ", ".$this->db->prefix().$element['parent']." as p";
 			}
 			if (!empty($element['fk_element'])) {
-				$sql.= " WHERE c.".$element['fk_element']." = ".((int) $id);
+				$sql .= " WHERE c.".$element['fk_element']." = ".((int) $id);
 			} else {
-				$sql.= " WHERE c.".$this->fk_element." = ".((int) $id);
+				$sql .= " WHERE c.".$this->fk_element." = ".((int) $id);
 			}
 			if (!empty($element['parent']) && !empty($element['parentkey'])) {
-				$sql.= " AND c.".$element['parentkey']." = p.rowid";
+				$sql .= " AND c.".$element['parentkey']." = p.rowid";
 			}
 			if (!empty($element['parent']) && !empty($element['parenttypefield']) && !empty($element['parenttypevalue'])) {
-				$sql.= " AND c.".$element['parenttypefield']." = '".$this->db->escape($element['parenttypevalue'])."'";
+				$sql .= " AND c.".$element['parenttypefield']." = '".$this->db->escape($element['parenttypevalue'])."'";
 			}
 			if (!empty($entity)) {
 				if (!empty($element['parent']) && !empty($element['parentkey'])) {
-					$sql.= " AND p.entity = ".((int) $entity);
+					$sql .= " AND p.entity = ".((int) $entity);
 				} else {
-					$sql.= " AND c.entity = ".((int) $entity);
+					$sql .= " AND c.entity = ".((int) $entity);
 				}
 			}
 
@@ -5776,7 +5776,7 @@ 
 			$setsharekey = false;
 			if ($this->element == 'propal' || $this->element == 'proposal') {
 				if (getDolGlobalInt("PROPOSAL_ALLOW_ONLINESIGN")) {
-					$setsharekey = true;	// feature to make online signature is not set or set to on (default)
+					$setsharekey = true; // feature to make online signature is not set or set to on (default)
 				}
 				if (getDolGlobalInt("PROPOSAL_ALLOW_EXTERNAL_DOWNLOAD")) {
 					$setsharekey = true;
@@ -5834,7 +5834,7 @@ 
 				$ecmfile->gen_or_uploaded = 'generated';
 				$ecmfile->description = ''; // indexed content
 				$ecmfile->keywords = ''; // keyword content
-				$ecmfile->src_object_type = $this->table_element;	// $this->table_name is 'myobject' or 'mymodule_myobject'.
+				$ecmfile->src_object_type = $this->table_element; // $this->table_name is 'myobject' or 'mymodule_myobject'.
 				$ecmfile->src_object_id   = $this->id;
 
 				$result = $ecmfile->create($user);
@@ -5886,7 +5886,7 @@ 
 			$maxwidthmini = $tmparraysize['maxwidthmini'];
 			$maxheightmini = $tmparraysize['maxheightmini'];
 			//$quality = $tmparraysize['quality'];
-			$quality = 50;	// For thumbs, we force quality to 50
+			$quality = 50; // For thumbs, we force quality to 50
 
 			// Create small thumbs for company (Ratio is near 16/9)
 			// Used on logon for example
@@ -5988,8 +5988,8 @@ 
 		// phpcs:enable
 		global $langs, $conf;
 
-		if (!empty(self::TRIGGER_PREFIX) && strpos($triggerName, self::TRIGGER_PREFIX . '_') !== 0) {
-			dol_print_error('', 'The trigger "' . $triggerName . '" does not start with "' . self::TRIGGER_PREFIX . '_" as required.');
+		if (!empty(self::TRIGGER_PREFIX) && strpos($triggerName, self::TRIGGER_PREFIX.'_') !== 0) {
+			dol_print_error('', 'The trigger "'.$triggerName.'" does not start with "'.self::TRIGGER_PREFIX.'_" as required.');
 			exit;
 		}
 		if (!is_object($langs)) {	// If lang was not defined, we set it. It is required by run_triggers().
@@ -6183,7 +6183,7 @@ 
 		$savDisableCompute = $conf->disable_compute;
 		$conf->disable_compute = 1;
 
-		$ret = $this->fetch($id);	/* @phpstan-ignore-line */
+		$ret = $this->fetch($id); /* @phpstan-ignore-line */
 
 		$conf->disable_compute = $savDisableCompute;
 
@@ -6287,9 +6287,9 @@ 
 						if (!empty($extrafields->attributes[$this->table_element]) && !empty($extrafields->attributes[$this->table_element]['computed'][$key])) {
 							//var_dump($conf->disable_compute);
 							if (empty($conf->disable_compute)) {
-								global $objectoffield;        // We set a global variable to $objectoffield so
-								$objectoffield = $this;        // we can use it inside computed formula
-								$this->array_options['options_' . $key] = dol_eval($extrafields->attributes[$this->table_element]['computed'][$key], 1, 0, '2');
+								global $objectoffield; // We set a global variable to $objectoffield so
+								$objectoffield = $this; // we can use it inside computed formula
+								$this->array_options['options_'.$key] = dol_eval($extrafields->attributes[$this->table_element]['computed'][$key], 1, 0, '2');
 							}
 						}
 					}
@@ -6303,7 +6303,7 @@ 
 					return 0;
 				}
 			} else {
-				$this->errors[]=$this->db->lasterror;
+				$this->errors[] = $this->db->lasterror;
 				return -1;
 			}
 		}
@@ -6470,7 +6470,7 @@ 
 										// If old value crypted in database is same than submited new value, it means we don't change it, so we don't update.
 										if ($algo == 'dolcrypt') {	// dolibarr reversible encryption
 											if (!preg_match('/^dolcrypt:/', $this->array_options[$key])) {
-												$new_array_options[$key] = dolEncrypt($this->array_options[$key]);	// warning, must be called when on the master
+												$new_array_options[$key] = dolEncrypt($this->array_options[$key]); // warning, must be called when on the master
 											} else {
 												$new_array_options[$key] = $this->array_options[$key]; // Value is kept
 											}
@@ -6481,7 +6481,7 @@ 
 										// If value has changed
 										if ($algo == 'dolcrypt') {	// dolibarr reversible encryption
 											if (!preg_match('/^dolcrypt:/', $this->array_options[$key])) {
-												$new_array_options[$key] = dolEncrypt($this->array_options[$key]);	// warning, must be called when on the master
+												$new_array_options[$key] = dolEncrypt($this->array_options[$key]); // warning, must be called when on the master
 											} else {
 												$new_array_options[$key] = $this->array_options[$key]; // Value is kept
 											}
@@ -6493,7 +6493,7 @@ 
 									//var_dump('jjj'.$algo.' '.$this->oldcopy->array_options[$key].' -> '.$this->array_options[$key]);
 									// If this->oldcopy is not defined, we can't know if we change attribute or not, so we must keep value
 									if ($algo == 'dolcrypt' && !preg_match('/^dolcrypt:/', $this->array_options[$key])) {	// dolibarr reversible encryption
-										$new_array_options[$key] = dolEncrypt($this->array_options[$key]);	// warning, must be called when on the master
+										$new_array_options[$key] = dolEncrypt($this->array_options[$key]); // warning, must be called when on the master
 									} else {
 										$new_array_options[$key] = $this->array_options[$key]; // Value is kept
 									}
@@ -6879,7 +6879,7 @@ 
 								if (isset($this->oldcopy->array_options["options_".$key]) && $this->array_options["options_".$key] == $this->oldcopy->array_options["options_".$key]) {	// If old value crypted in database is same than submited new value, it means we don't change it, so we don't update.
 									if ($algo == 'dolcrypt') {	// dolibarr reversible encryption
 										if (!preg_match('/^dolcrypt:/', $this->array_options["options_".$key])) {
-											$new_array_options["options_".$key] = dolEncrypt($this->array_options["options_".$key]);	// warning, must be called when on the master
+											$new_array_options["options_".$key] = dolEncrypt($this->array_options["options_".$key]); // warning, must be called when on the master
 										} else {
 											$new_array_options["options_".$key] = $this->array_options["options_".$key]; // Value is kept
 										}
@@ -6899,7 +6899,7 @@ 
 								}
 							} else {
 								if ($algo == 'dolcrypt' && !preg_match('/^dolcrypt:/', $this->array_options["options_".$key])) {	// dolibarr reversible encryption
-									$new_array_options["options_".$key] = dolEncrypt($this->array_options["options_".$key]);	// warning, must be called when on the master
+									$new_array_options["options_".$key] = dolEncrypt($this->array_options["options_".$key]); // warning, must be called when on the master
 								} else {
 									$new_array_options["options_".$key] = $this->array_options["options_".$key]; // Value is kept
 								}
@@ -7149,7 +7149,7 @@ 
 		// Special case that force options and type ($type can be integer, varchar, ...)
 		if (!empty($this->fields[$key]['arrayofkeyval']) && is_array($this->fields[$key]['arrayofkeyval'])) {
 			$param['options'] = $this->fields[$key]['arrayofkeyval'];
-			$type = (($this->fields[$key]['type']=='checkbox') ? $this->fields[$key]['type'] : 'select');
+			$type = (($this->fields[$key]['type'] == 'checkbox') ? $this->fields[$key]['type'] : 'select');
 		}
 
 		$label = $this->fields[$key]['label'];
@@ -7201,7 +7201,7 @@ 
 
 		// Add validation state class
 		if (!empty($validationClass)) {
-			$morecss.= $validationClass;
+			$morecss .= $validationClass;
 		}
 
 		if (in_array($type, array('date'))) {
@@ -7309,7 +7309,7 @@ 
 			if (is_array($param['options'])) {
 				$param_list = array_keys($param['options']);
 				$InfoFieldList = explode(":", $param_list[0], 5);
-				if (! empty($InfoFieldList[4])) {
+				if (!empty($InfoFieldList[4])) {
 					$pos = 0;
 					$parenthesisopen = 0;
 					while (substr($InfoFieldList[4], $pos, 1) !== '' && ($parenthesisopen || $pos == 0 || substr($InfoFieldList[4], $pos, 1) != ':')) {
@@ -7322,7 +7322,7 @@ 
 						$pos++;
 					}
 					$tmpbefore = substr($InfoFieldList[4], 0, $pos);
-					$tmpafter = substr($InfoFieldList[4], $pos+1);
+					$tmpafter = substr($InfoFieldList[4], $pos + 1);
 					//var_dump($InfoFieldList[4].' -> '.$pos); var_dump($tmpafter);
 					$InfoFieldList[4] = $tmpbefore;
 					if ($tmpafter !== '') {
@@ -7370,8 +7370,8 @@ 
 					}
 
 					$sqlwhere = '';
-					$sql = "SELECT " . $keyList;
-					$sql .= " FROM " . $this->db->prefix() . $InfoFieldList[0];
+					$sql = "SELECT ".$keyList;
+					$sql .= " FROM ".$this->db->prefix().$InfoFieldList[0];
 					if (!empty($InfoFieldList[4])) {
 						// can use SELECT request
 						if (strpos($InfoFieldList[4], '$SEL$') !== false) {
@@ -7388,18 +7388,18 @@ 
 						// We have to join on extrafield table
 						$errstr = '';
 						if (strpos($InfoFieldList[4], 'extra') !== false) {
-							$sql .= " as main, " . $this->db->prefix() . $InfoFieldList[0] . "_extrafields as extra";
-							$sqlwhere .= " WHERE extra.fk_object=main." . $InfoFieldList[2];
-							$sqlwhere .= " AND " . forgeSQLFromUniversalSearchCriteria($InfoFieldList[4], $errstr, 1);
+							$sql .= " as main, ".$this->db->prefix().$InfoFieldList[0]."_extrafields as extra";
+							$sqlwhere .= " WHERE extra.fk_object=main.".$InfoFieldList[2];
+							$sqlwhere .= " AND ".forgeSQLFromUniversalSearchCriteria($InfoFieldList[4], $errstr, 1);
 						} else {
-							$sqlwhere .= " WHERE " . forgeSQLFromUniversalSearchCriteria($InfoFieldList[4], $errstr, 1);
+							$sqlwhere .= " WHERE ".forgeSQLFromUniversalSearchCriteria($InfoFieldList[4], $errstr, 1);
 						}
 					} else {
 						$sqlwhere .= ' WHERE 1=1';
 					}
 					// Some tables may have field, some other not. For the moment we disable it.
 					if (in_array($InfoFieldList[0], array('tablewithentity'))) {
-						$sqlwhere .= " AND entity = " . ((int) $conf->entity);
+						$sqlwhere .= " AND entity = ".((int) $conf->entity);
 					}
 					$sql .= $sqlwhere;
 					//print $sql;
@@ -7411,7 +7411,7 @@ 
 						$sql .= " ORDER BY ".$this->db->sanitize(implode(', ', $fields_label));
 					}
 
-					dol_syslog(get_class($this) . '::showInputField type=sellist', LOG_DEBUG);
+					dol_syslog(get_class($this).'::showInputField type=sellist', LOG_DEBUG);
 					$resql = $this->db->query($sql);
 					if ($resql) {
 						$out .= '<option value="0">&nbsp;</option>';
@@ -7427,7 +7427,7 @@ 
 							if (count($fields_label) > 1) {
 								$notrans = true;
 								foreach ($fields_label as $field_toshow) {
-									$labeltoshow .= $obj->$field_toshow . ' ';
+									$labeltoshow .= $obj->$field_toshow.' ';
 								}
 							} else {
 								$labeltoshow = $obj->{$InfoFieldList[1]};
@@ -7438,12 +7438,12 @@ 
 								foreach ($fields_label as $field_toshow) {
 									$translabel = $langs->trans($obj->$field_toshow);
 									if ($translabel != $obj->$field_toshow) {
-										$labeltoshow = dol_trunc($translabel) . ' ';
+										$labeltoshow = dol_trunc($translabel).' ';
 									} else {
-										$labeltoshow = dol_trunc($obj->$field_toshow) . ' ';
+										$labeltoshow = dol_trunc($obj->$field_toshow).' ';
 									}
 								}
-								$out .= '<option value="' . $obj->rowid . '" selected>' . $labeltoshow . '</option>';
+								$out .= '<option value="'.$obj->rowid.'" selected>'.$labeltoshow.'</option>';
 							} else {
 								if (!$notrans) {
 									$translabel = $langs->trans($obj->{$InfoFieldList[1]});
@@ -7457,34 +7457,34 @@ 
 									$labeltoshow = '(not defined)';
 								}
 								if ($value == $obj->rowid) {
-									$out .= '<option value="' . $obj->rowid . '" selected>' . $labeltoshow . '</option>';
+									$out .= '<option value="'.$obj->rowid.'" selected>'.$labeltoshow.'</option>';
 								}
 
 								if (!empty($InfoFieldList[3]) && $parentField) {
-									$parent = $parentName . ':' . $obj->{$parentField};
+									$parent = $parentName.':'.$obj->{$parentField};
 									$isDependList = 1;
 								}
 
-								$out .= '<option value="' . $obj->rowid . '"';
+								$out .= '<option value="'.$obj->rowid.'"';
 								$out .= ($value == $obj->rowid ? ' selected' : '');
-								$out .= (!empty($parent) ? ' parent="' . $parent . '"' : '');
-								$out .= '>' . $labeltoshow . '</option>';
+								$out .= (!empty($parent) ? ' parent="'.$parent.'"' : '');
+								$out .= '>'.$labeltoshow.'</option>';
 							}
 
 							$i++;
 						}
 						$this->db->free($resql);
 					} else {
-						print 'Error in request ' . $sql . ' ' . $this->db->lasterror() . '. Check setup of extra parameters.<br>';
+						print 'Error in request '.$sql.' '.$this->db->lasterror().'. Check setup of extra parameters.<br>';
 					}
 				} else {
 					require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
 					$data = $form->select_all_categories(Categorie::$MAP_ID_TO_CODE[$InfoFieldList[5]], '', 'parent', 64, $InfoFieldList[6], 1, 1);
 					$out .= '<option value="0">&nbsp;</option>';
 					foreach ($data as $data_key => $data_value) {
-						$out .= '<option value="' . $data_key . '"';
+						$out .= '<option value="'.$data_key.'"';
 						$out .= ($value == $data_key ? ' selected' : '');
-						$out .= '>' . $data_value . '</option>';
+						$out .= '>'.$data_value.'</option>';
 					}
 				}
 			}
@@ -7549,8 +7549,8 @@ 
 					}
 
 					$sqlwhere = '';
-					$sql = "SELECT " . $keyList;
-					$sql .= ' FROM ' . $this->db->prefix() . $InfoFieldList[0];
+					$sql = "SELECT ".$keyList;
+					$sql .= ' FROM '.$this->db->prefix().$InfoFieldList[0];
 					if (!empty($InfoFieldList[4])) {
 						// can use SELECT request
 						if (strpos($InfoFieldList[4], '$SEL$') !== false) {
@@ -7566,23 +7566,23 @@ 
 
 						// We have to join on extrafield table
 						if (strpos($InfoFieldList[4], 'extra') !== false) {
-							$sql .= ' as main, ' . $this->db->prefix() . $InfoFieldList[0] . '_extrafields as extra';
-							$sqlwhere .= " WHERE extra.fk_object=main." . $InfoFieldList[2] . " AND " . $InfoFieldList[4];
+							$sql .= ' as main, '.$this->db->prefix().$InfoFieldList[0].'_extrafields as extra';
+							$sqlwhere .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[4];
 						} else {
-							$sqlwhere .= " WHERE " . $InfoFieldList[4];
+							$sqlwhere .= " WHERE ".$InfoFieldList[4];
 						}
 					} else {
 						$sqlwhere .= ' WHERE 1=1';
 					}
 					// Some tables may have field, some other not. For the moment we disable it.
 					if (in_array($InfoFieldList[0], array('tablewithentity'))) {
-						$sqlwhere .= " AND entity = " . ((int) $conf->entity);
+						$sqlwhere .= " AND entity = ".((int) $conf->entity);
 					}
 					// $sql.=preg_replace('/^ AND /','',$sqlwhere);
 					// print $sql;
 
 					$sql .= $sqlwhere;
-					dol_syslog(get_class($this) . '::showInputField type=chkbxlst', LOG_DEBUG);
+					dol_syslog(get_class($this).'::showInputField type=chkbxlst', LOG_DEBUG);
 					$resql = $this->db->query($sql);
 					if ($resql) {
 						$num = $this->db->num_rows($resql);
@@ -7600,7 +7600,7 @@ 
 							if (count($fields_label) > 1) {
 								$notrans = true;
 								foreach ($fields_label as $field_toshow) {
-									$labeltoshow .= $obj->$field_toshow . ' ';
+									$labeltoshow .= $obj->$field_toshow.' ';
 								}
 							} else {
 								$labeltoshow = $obj->{$InfoFieldList[1]};
@@ -7611,9 +7611,9 @@ 
 								foreach ($fields_label as $field_toshow) {
 									$translabel = $langs->trans($obj->$field_toshow);
 									if ($translabel != $obj->$field_toshow) {
-										$labeltoshow = dol_trunc($translabel, 18) . ' ';
+										$labeltoshow = dol_trunc($translabel, 18).' ';
 									} else {
-										$labeltoshow = dol_trunc($obj->$field_toshow, 18) . ' ';
+										$labeltoshow = dol_trunc($obj->$field_toshow, 18).' ';
 									}
 								}
 
@@ -7636,7 +7636,7 @@ 
 								}
 
 								if (!empty($InfoFieldList[3]) && $parentField) {
-									$parent = $parentName . ':' . $obj->{$parentField};
+									$parent = $parentName.':'.$obj->{$parentField};
 									$isDependList = 1;
 								}
 
@@ -7647,14 +7647,14 @@ 
 						}
 						$this->db->free($resql);
 
-						$out = $form->multiselectarray($keyprefix . $key . $keysuffix, $data, $value_arr, '', 0, $morecss, 0, '100%');
+						$out = $form->multiselectarray($keyprefix.$key.$keysuffix, $data, $value_arr, '', 0, $morecss, 0, '100%');
 					} else {
-						print 'Error in request ' . $sql . ' ' . $this->db->lasterror() . '. Check setup of extra parameters.<br>';
+						print 'Error in request '.$sql.' '.$this->db->lasterror().'. Check setup of extra parameters.<br>';
 					}
 				} else {
 					require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
 					$data = $form->select_all_categories(Categorie::$MAP_ID_TO_CODE[$InfoFieldList[5]], '', 'parent', 64, $InfoFieldList[6], 1, 1);
-					$out = $form->multiselectarray($keyprefix . $key . $keysuffix, $data, $value_arr, '', 0, $morecss, 0, '100%');
+					$out = $form->multiselectarray($keyprefix.$key.$keysuffix, $data, $value_arr, '', 0, $morecss, 0, '100%');
 				}
 			}
 		} elseif ($type == 'link') {
@@ -7740,7 +7740,7 @@ 
 			$out = '<input type="hidden" value="'.$value.'" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'"/>';
 		}
 
-		if ($isDependList==1) {
+		if ($isDependList == 1) {
 			$out .= $this->getJSListDependancies('_common');
 		}
 		/* Add comments
@@ -7791,7 +7791,7 @@ 
 			$type = 'varchar'; // convert varchar(xx) int varchar
 		}
 		if (!empty($val['arrayofkeyval']) && is_array($val['arrayofkeyval'])) {
-			$type = (($this->fields[$key]['type']=='checkbox') ? $this->fields[$key]['type'] : 'select');
+			$type = (($this->fields[$key]['type'] == 'checkbox') ? $this->fields[$key]['type'] : 'select');
 		}
 		if (preg_match('/^integer:(.*):(.*)/i', $val['type'], $reg)) {
 			$type = 'link';
@@ -7876,7 +7876,7 @@ 
 			$value = $this->getLibStatut(3);
 		} elseif ($type == 'date') {
 			if (!empty($value)) {
-				$value = dol_print_date($value, 'day');	// We suppose dates without time are always gmt (storage of course + output)
+				$value = dol_print_date($value, 'day'); // We suppose dates without time are always gmt (storage of course + output)
 			} else {
 				$value = '';
 			}
@@ -7974,9 +7974,9 @@ 
 									$translabel = $langs->trans($obj->$field_toshow);
 								}
 								if ($translabel != $field_toshow) {
-									$value .= dol_trunc($translabel, 18) . ' ';
+									$value .= dol_trunc($translabel, 18).' ';
 								} else {
-									$value .= $obj->$field_toshow . ' ';
+									$value .= $obj->$field_toshow.' ';
 								}
 							}
 						} else {
@@ -7992,7 +7992,7 @@ 
 						}
 					}
 				} else {
-					require_once DOL_DOCUMENT_ROOT . '/categories/class/categorie.class.php';
+					require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
 
 					$toprint = array();
 					$obj = $this->db->fetch_object($resql);
@@ -8000,7 +8000,7 @@ 
 					$c->fetch($obj->rowid);
 					$ways = $c->print_all_ways(); // $ways[0] = "ccc2 >> ccc2a >> ccc2a1" with html formatted text
 					foreach ($ways as $way) {
-						$toprint[] = '<li class="select2-search-choice-dolibarr noborderoncategories"' . ($c->color ? ' style="background: #' . $c->color . ';"' : ' style="background: #aaa"') . '>' . img_object('', 'category') . ' ' . $way . '</li>';
+						$toprint[] = '<li class="select2-search-choice-dolibarr noborderoncategories"'.($c->color ? ' style="background: #'.$c->color.';"' : ' style="background: #aaa"').'>'.img_object('', 'category').' '.$way.'</li>';
 					}
 					$value = '<div class="select2-container-multi-dolibarr" style="width: 90%;"><ul class="select2-choices-dolibarr">'.implode(' ', $toprint).'</ul></div>';
 				}
@@ -8016,11 +8016,11 @@ 
 				$toprint = array();
 				foreach ($value_arr as $keyval => $valueval) {
 					if (!empty($valueval)) {
-						$toprint[] = '<li class="select2-search-choice-dolibarr noborderoncategories" style="background: #bbb">' . $param['options'][$valueval] . '</li>';
+						$toprint[] = '<li class="select2-search-choice-dolibarr noborderoncategories" style="background: #bbb">'.$param['options'][$valueval].'</li>';
 					}
 				}
 				if (!empty($toprint)) {
-					$value = '<div class="select2-container-multi-dolibarr" style="width: 90%;"><ul class="select2-choices-dolibarr">' . implode(' ', $toprint) . '</ul></div>';
+					$value = '<div class="select2-container-multi-dolibarr" style="width: 90%;"><ul class="select2-choices-dolibarr">'.implode(' ', $toprint).'</ul></div>';
 				}
 			}
 		} elseif ($type == 'chkbxlst') {
@@ -8075,9 +8075,9 @@ 
 										$translabel = $langs->trans($obj->$field_toshow);
 									}
 									if ($translabel != $field_toshow) {
-										$toprint[] = '<li class="select2-search-choice-dolibarr noborderoncategories" style="background: #bbb">' . dol_trunc($translabel, 18) . '</li>';
+										$toprint[] = '<li class="select2-search-choice-dolibarr noborderoncategories" style="background: #bbb">'.dol_trunc($translabel, 18).'</li>';
 									} else {
-										$toprint[] = '<li class="select2-search-choice-dolibarr noborderoncategories" style="background: #bbb">' . $obj->$field_toshow . '</li>';
+										$toprint[] = '<li class="select2-search-choice-dolibarr noborderoncategories" style="background: #bbb">'.$obj->$field_toshow.'</li>';
 									}
 								}
 							} else {
@@ -8086,15 +8086,15 @@ 
 									$translabel = $langs->trans($obj->{$InfoFieldList[1]});
 								}
 								if ($translabel != $obj->{$InfoFieldList[1]}) {
-									$toprint[] = '<li class="select2-search-choice-dolibarr noborderoncategories" style="background: #bbb">' . dol_trunc($translabel, 18) . '</li>';
+									$toprint[] = '<li class="select2-search-choice-dolibarr noborderoncategories" style="background: #bbb">'.dol_trunc($translabel, 18).'</li>';
 								} else {
-									$toprint[] = '<li class="select2-search-choice-dolibarr noborderoncategories" style="background: #bbb">' . $obj->{$InfoFieldList[1]} . '</li>';
+									$toprint[] = '<li class="select2-search-choice-dolibarr noborderoncategories" style="background: #bbb">'.$obj->{$InfoFieldList[1]}.'</li>';
 								}
 							}
 						}
 					}
 				} else {
-					require_once DOL_DOCUMENT_ROOT . '/categories/class/categorie.class.php';
+					require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
 
 					$toprint = array();
 					while ($obj = $this->db->fetch_object($resql)) {
@@ -8103,7 +8103,7 @@ 
 							$c->fetch($obj->rowid);
 							$ways = $c->print_all_ways(); // $ways[0] = "ccc2 >> ccc2a >> ccc2a1" with html formatted text
 							foreach ($ways as $way) {
-								$toprint[] = '<li class="select2-search-choice-dolibarr noborderoncategories"' . ($c->color ? ' style="background: #' . $c->color . ';"' : ' style="background: #aaa"') . '>' . img_object('', 'category') . ' ' . $way . '</li>';
+								$toprint[] = '<li class="select2-search-choice-dolibarr noborderoncategories"'.($c->color ? ' style="background: #'.$c->color.';"' : ' style="background: #aaa"').'>'.img_object('', 'category').' '.$way.'</li>';
 							}
 						}
 					}
@@ -8250,7 +8250,7 @@ 
 		global $langs;
 
 		if (!class_exists('Validate')) {
-			require_once DOL_DOCUMENT_ROOT . '/core/class/validate.class.php';
+			require_once DOL_DOCUMENT_ROOT.'/core/class/validate.class.php';
 		}
 
 		$this->clearFieldError($fieldKey);
@@ -8482,7 +8482,7 @@ 
 				$out .= "\n";
 
 				$nbofextrafieldsshown = 0;
-				$e = 0;	// var to manage the modulo (odd/even)
+				$e = 0; // var to manage the modulo (odd/even)
 
 				$lastseparatorkeyfound = '';
 				$extrafields_collapse_num = '';
@@ -8533,7 +8533,7 @@ 
 					}
 
 					$colspan = 0;
-					if (is_array($params) && count($params) > 0 && $display_type=='card') {
+					if (is_array($params) && count($params) > 0 && $display_type == 'card') {
 						if (array_key_exists('cols', $params)) {
 							$colspan = $params['cols'];
 						} elseif (array_key_exists('colspan', $params)) {	// For backward compatibility. Use cols instead now.
@@ -8620,7 +8620,7 @@ 
 						$domData .= ' data-targetid="'.$this->id.'"';
 
 						$html_id = (empty($this->id) ? '' : 'extrarow-'.$this->element.'_'.$key.'_'.$this->id);
-						if ($display_type=='card') {
+						if ($display_type == 'card') {
 							if (getDolGlobalString('MAIN_EXTRAFIELDS_USE_TWO_COLUMS') && ($e % 2) == 0) {
 								$colspan = 0;
 							}
@@ -8731,12 +8731,12 @@ 
 								break;
 						}
 
-						$out .= ($display_type=='card' ? '</td>' : '</div>');
+						$out .= ($display_type == 'card' ? '</td>' : '</div>');
 
 						if (getDolGlobalString('MAIN_EXTRAFIELDS_USE_TWO_COLUMS') && (($e % 2) == 1)) {
-							$out .= ($display_type=='card' ? '</tr>' : '</div>');
+							$out .= ($display_type == 'card' ? '</tr>' : '</div>');
 						} else {
-							$out .= ($display_type=='card' ? '</tr>' : '</div>');
+							$out .= ($display_type == 'card' ? '</tr>' : '</div>');
 						}
 
 						$e++;
@@ -9540,7 +9540,7 @@ 
 						continue;
 					}
 				}
-				$keys_with_alias[] = $alias . '.' . $fieldname;
+				$keys_with_alias[] = $alias.'.'.$fieldname;
 			}
 			return implode(',', $keys_with_alias);
 		} else {
@@ -9660,7 +9660,7 @@ 
 		if (!$error) {
 			$sql = "INSERT INTO ".$this->db->prefix().$this->table_element;
 			$sql .= " (".implode(", ", $keys).')';
-			$sql .= " VALUES (".implode(", ", $values).")";		// $values can contains 'abc' or 123
+			$sql .= " VALUES (".implode(", ", $values).")"; // $values can contains 'abc' or 123
 
 			$res = $this->db->query($sql);
 			if (!$res) {
@@ -9945,7 +9945,7 @@ 
 
 		// Update extrafield
 		if (!$error) {
-			$result = $this->insertExtraFields();	// This delete and reinsert extrafields
+			$result = $this->insertExtraFields(); // This delete and reinsert extrafields
 			if ($result < 0) {
 				$error++;
 			}
@@ -10153,12 +10153,12 @@ 
 				$error++;
 			} else {
 				while ($obj = $this->db->fetch_object($resql)) {
-					$result = $this->fetch($obj->rowid);	// @phpstan-ignore-line
+					$result = $this->fetch($obj->rowid); // @phpstan-ignore-line
 					if ($result < 0) {
 						$error++;
 						$this->errors[] = $this->error;
 					} else {
-						$result = $this->delete($user);	// @phpstan-ignore-line
+						$result = $this->delete($user); // @phpstan-ignore-line
 						if ($result < 0) {
 							$error++;
 							$this->errors[] = $this->error;
@@ -10323,7 +10323,7 @@ 
 		);
 		foreach ($fields as $key => $value) {
 			if (array_key_exists($key, $this->fields)) {
-				$this->{$key} = $value;		// @phpstan-ignore-line
+				$this->{$key} = $value; // @phpstan-ignore-line
 			}
 		}
 
@@ -10468,7 +10468,7 @@ 
 		// Process
 		foreach ($to_del as $del) {
 			if ($c->fetch($del) > 0) {
-				$result=$c->del_type($this, $type_categ);
+				$result = $c->del_type($this, $type_categ);
 				if ($result < 0) {
 					$error++;
 					$this->error = $c->error;

htdocs/core/lib/security.lib.php

Spacing +24 added lines, -24 removed lines

@@ -100,10 +100,10 @@ 
 function dolGetRandomBytes($length)
 {
 	if (function_exists('random_bytes')) {	// Available with PHP 7 only.
-		return bin2hex(random_bytes((int) floor($length / 2)));	// the bin2hex will double the number of bytes so we take length / 2
+		return bin2hex(random_bytes((int) floor($length / 2))); // the bin2hex will double the number of bytes so we take length / 2
 	}
 
-	return bin2hex(openssl_random_pseudo_bytes((int) floor($length / 2)));		// the bin2hex will double the number of bytes so we take length / 2. May be very slow on Windows.
+	return bin2hex(openssl_random_pseudo_bytes((int) floor($length / 2))); // the bin2hex will double the number of bytes so we take length / 2. May be very slow on Windows.
 }
 
 /**
@@ -241,7 +241,7 @@ 
 
 	// Salt value
 	if (getDolGlobalString('MAIN_SECURITY_SALT') && $type != '4' && $type !== 'openldap') {
-		$chain = getDolGlobalString('MAIN_SECURITY_SALT') . $chain;
+		$chain = getDolGlobalString('MAIN_SECURITY_SALT').$chain;
 	}
 
 	if ($type == '1' || $type == 'sha1') {
@@ -281,7 +281,7 @@ 
 function dol_verifyHash($chain, $hash, $type = '0')
 {
 	if ($type == '0' && getDolGlobalString('MAIN_SECURITY_HASH_ALGO') && getDolGlobalString('MAIN_SECURITY_HASH_ALGO') == 'password_hash' && function_exists('password_verify')) {
-		if (! empty($hash[0]) && $hash[0] == '$') {
+		if (!empty($hash[0]) && $hash[0] == '$') {
 			return password_verify($chain, $hash);
 		} elseif (dol_strlen($hash) == 32) {
 			return dol_verifyHash($chain, $hash, '3'); // md5
@@ -311,31 +311,31 @@ 
 	$salt = substr(sha1(time()), 0, 8);
 
 	if ($type === 'md5') {
-		return '{MD5}' . base64_encode(hash("md5", $password, true)); //For OpenLdap with md5 (based on an unencrypted password in base)
+		return '{MD5}'.base64_encode(hash("md5", $password, true)); //For OpenLdap with md5 (based on an unencrypted password in base)
 	} elseif ($type === 'md5frommd5') {
-		return '{MD5}' . base64_encode(hex2bin($password)); // Create OpenLDAP MD5 password from Dolibarr MD5 password
+		return '{MD5}'.base64_encode(hex2bin($password)); // Create OpenLDAP MD5 password from Dolibarr MD5 password
 	} elseif ($type === 'smd5') {
-		return "{SMD5}" . base64_encode(hash("md5", $password . $salt, true) . $salt);
+		return "{SMD5}".base64_encode(hash("md5", $password.$salt, true).$salt);
 	} elseif ($type === 'sha') {
-		return '{SHA}' . base64_encode(hash("sha1", $password, true));
+		return '{SHA}'.base64_encode(hash("sha1", $password, true));
 	} elseif ($type === 'ssha') {
-		return "{SSHA}" . base64_encode(hash("sha1", $password . $salt, true) . $salt);
+		return "{SSHA}".base64_encode(hash("sha1", $password.$salt, true).$salt);
 	} elseif ($type === 'sha256') {
-		return "{SHA256}" . base64_encode(hash("sha256", $password, true));
+		return "{SHA256}".base64_encode(hash("sha256", $password, true));
 	} elseif ($type === 'ssha256') {
-		return "{SSHA256}" . base64_encode(hash("sha256", $password . $salt, true) . $salt);
+		return "{SSHA256}".base64_encode(hash("sha256", $password.$salt, true).$salt);
 	} elseif ($type === 'sha384') {
-		return "{SHA384}" . base64_encode(hash("sha384", $password, true));
+		return "{SHA384}".base64_encode(hash("sha384", $password, true));
 	} elseif ($type === 'ssha384') {
-		return "{SSHA384}" . base64_encode(hash("sha384", $password . $salt, true) . $salt);
+		return "{SSHA384}".base64_encode(hash("sha384", $password.$salt, true).$salt);
 	} elseif ($type === 'sha512') {
-		return "{SHA512}" . base64_encode(hash("sha512", $password, true));
+		return "{SHA512}".base64_encode(hash("sha512", $password, true));
 	} elseif ($type === 'ssha512') {
-		return "{SSHA512}" . base64_encode(hash("sha512", $password . $salt, true) . $salt);
+		return "{SSHA512}".base64_encode(hash("sha512", $password.$salt, true).$salt);
 	} elseif ($type === 'crypt') {
-		return '{CRYPT}' . crypt($password, $salt);
+		return '{CRYPT}'.crypt($password, $salt);
 	} elseif ($type === 'clear') {
-		return '{CLEAR}' . $password;  // Just for test, plain text password is not secured !
+		return '{CLEAR}'.$password; // Just for test, plain text password is not secured !
 	}
 	return "";
 }
@@ -369,13 +369,13 @@ 
 	if (is_object($object)) {
 		$objectid = $object->id;
 	} else {
-		$objectid = $object;		// $objectid can be X or 'X,Y,Z'
+		$objectid = $object; // $objectid can be X or 'X,Y,Z'
 	}
 	if ($objectid == "-1") {
 		$objectid = 0;
 	}
 	if ($objectid) {
-		$objectid = preg_replace('/[^0-9\.\,]/', '', $objectid);	// For the case value is coming from a non sanitized user input
+		$objectid = preg_replace('/[^0-9\.\,]/', '', $objectid); // For the case value is coming from a non sanitized user input
 	}
 
 	//dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft");
@@ -852,9 +852,9 @@ 
 	if (is_object($object)) {
 		$objectid = $object->id;
 	} else {
-		$objectid = $object;		// $objectid can be X or 'X,Y,Z'
+		$objectid = $object; // $objectid can be X or 'X,Y,Z'
 	}
-	$objectid = preg_replace('/[^0-9\.\,]/', '', $objectid);	// For the case value is coming from a non sanitized user input
+	$objectid = preg_replace('/[^0-9\.\,]/', '', $objectid); // For the case value is coming from a non sanitized user input
 
 	//dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft");
 	//print "user_id=".$user->id.", features=".join(',', $featuresarray).", objectid=".$objectid;
@@ -901,8 +901,8 @@ 
 		$checkparentsoc = array('agenda', 'contact', 'contrat'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...).
 		$checkproject = array('projet', 'project'); // Test for project object
 		$checktask = array('projet_task'); // Test for task object
-		$checkhierarchy = array('expensereport', 'holiday');	// check permission among the hierarchy of user
-		$checkuser = array('bookmark');	// check permission among the fk_user (must be myself or null)
+		$checkhierarchy = array('expensereport', 'holiday'); // check permission among the hierarchy of user
+		$checkuser = array('bookmark'); // check permission among the fk_user (must be myself or null)
 		$nocheck = array('barcode', 'stock'); // No test
 
 		//$checkdefault = 'all other not already defined'; // Test on entity + link to third party on field $dbt_keyfield. Not allowed if link is empty (Ex: invoice, orders...).
@@ -915,7 +915,7 @@ 
 
 		// To avoid an access forbidden with a numeric ref
 		if ($dbt_select != 'rowid' && $dbt_select != 'id') {
-			$objectid = "'".$objectid."'";	// Note: $objectid was already cast into int at begin of this method.
+			$objectid = "'".$objectid."'"; // Note: $objectid was already cast into int at begin of this method.
 		}
 		// Check permission for objectid on entity only
 		if (in_array($feature, $check) && $objectid > 0) {		// For $objectid = 0, no check

htdocs/core/class/doleditor.class.php

Spacing +6 added lines, -6 removed lines

@@ -156,7 +156,7 @@ 
 					define('REQUIRE_CKEDITOR', '1');
 				}
 
-				$skin = getDolGlobalString('FCKEDITOR_SKIN', 'moono-lisa');		// default with ckeditor 4.6 : moono-lisa
+				$skin = getDolGlobalString('FCKEDITOR_SKIN', 'moono-lisa'); // default with ckeditor 4.6 : moono-lisa
 
 				$pluginstodisable = 'elementspath,save,flash,div,anchor';
 				if (!getDolGlobalString('FCKEDITOR_ENABLE_SPECIALCHAR')) {
@@ -172,7 +172,7 @@ 
 					$pluginstodisable .= ',exportpdf';
 				}
 				if (getDolGlobalInt('MAIN_DISALLOW_URL_INTO_DESCRIPTIONS') == 2) {
-					$this->uselocalbrowser = 0;	// Can't use browser to navigate into files. Only links with "<img src=data:..." are allowed.
+					$this->uselocalbrowser = 0; // Can't use browser to navigate into files. Only links with "<img src=data:..." are allowed.
 				}
 				$scaytautostartup = '';
 				if (getDolGlobalString('FCKEDITOR_ENABLE_SCAYT_AUTOSTARTUP')) {
@@ -245,10 +245,10 @@ 
                                filebrowserImageWindowWidth : \'900\',
                                filebrowserImageWindowHeight : \'500\'';
 				}
-				$out .= '	})'.$morejs;	// end CKEditor.replace
+				$out .= '	})'.$morejs; // end CKEditor.replace
 				// Show the CKEditor javascript object once loaded is ready 'For debug)
 				//$out .= '; CKEDITOR.on(\'instanceReady\', function(ck) { ck.editor.removeMenuItem(\'maximize\'); ck.editor.removeMenuItem(\'Undo\'); ck.editor.removeMenuItem(\'undo\'); console.log(ck.editor); console.log(ck.editor.toolbar[0]); }); ';
-				$out .= '});'."\n";	// end document.ready
+				$out .= '});'."\n"; // end document.ready
 				$out .= '</script>'."\n";
 			}
 		}
@@ -268,8 +268,8 @@ 
 				$out .= '<script nonce="'.getNonce().'" type="text/javascript">'."\n";
 				$out .= 'jQuery(document).ready(function() {'."\n";
 				$out .= '	var aceEditor = window.ace.edit("'.$this->htmlname.'aceeditorid");
-							aceEditor.moveCursorTo('.($this->posy+1).','.$this->posx.');
-							aceEditor.gotoLine('.($this->posy+1).','.$this->posx.');
+							aceEditor.moveCursorTo('.($this->posy + 1).','.$this->posx.');
+							aceEditor.gotoLine('.($this->posy + 1).','.$this->posx.');
 	    	    		   	var StatusBar = window.ace.require("ace/ext/statusbar").StatusBar;									// Init status bar. Need lib ext-statusbar
 	        			   	var statusBar = new StatusBar(aceEditor, document.getElementById("statusBar'.$this->htmlname.'"));	// Init status bar. Need lib ext-statusbar
 

htdocs/compta/prelevement/class/rejetprelevement.class.php

Spacing +1 added lines, -1 removed lines

@@ -181,7 +181,7 @@
 
 			//var_dump($this->type);exit;
 
-			$pai->amounts[$facs[$i][0]] = price2num($amountrejected * -1);		// The payment must be negative because it is a refund
+			$pai->amounts[$facs[$i][0]] = price2num($amountrejected * -1); // The payment must be negative because it is a refund
 
 			$pai->datepaye = $date_rejet;
 			$pai->paiementid = 3; // type of payment: withdrawal

test/phpunit/SecurityTest.php

Spacing +293 added lines, -293 removed lines

@@ -24,32 +24,32 @@ 
  *		\remarks	To run this script as CLI:  phpunit filename.php
  */
 
-global $conf,$user,$langs,$db;
+global $conf, $user, $langs, $db;
 //define('TEST_DB_FORCE_TYPE','mysql');	// This is to force using mysql driver
 //require_once 'PHPUnit/Autoload.php';
 
-if (! defined('NOREQUIRESOC')) {
+if (!defined('NOREQUIRESOC')) {
 	define('NOREQUIRESOC', '1');
 }
-if (! defined('NOCSRFCHECK')) {
+if (!defined('NOCSRFCHECK')) {
 	define('NOCSRFCHECK', '1');
 }
-if (! defined('NOTOKENRENEWAL')) {
+if (!defined('NOTOKENRENEWAL')) {
 	define('NOTOKENRENEWAL', '1');
 }
-if (! defined('NOREQUIREMENU')) {
+if (!defined('NOREQUIREMENU')) {
 	define('NOREQUIREMENU', '1'); // If there is no menu to show
 }
-if (! defined('NOREQUIREHTML')) {
+if (!defined('NOREQUIREHTML')) {
 	define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
 }
-if (! defined('NOREQUIREAJAX')) {
+if (!defined('NOREQUIREAJAX')) {
 	define('NOREQUIREAJAX', '1');
 }
-if (! defined("NOLOGIN")) {
-	define("NOLOGIN", '1');       // If this page is public (can be called outside logged session)
+if (!defined("NOLOGIN")) {
+	define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
 }
-if (! defined("NOSESSION")) {
+if (!defined("NOSESSION")) {
 	define("NOSESSION", '1');
 }
 
@@ -63,7 +63,7 @@ 
 	$user->fetch(1);
 	$user->getrights();
 }
-$conf->global->MAIN_DISABLE_ALL_MAILS=1;
+$conf->global->MAIN_DISABLE_ALL_MAILS = 1;
 
 
 /**
@@ -92,11 +92,11 @@ 
 		parent::__construct($name);
 
 		//$this->sharedFixture
-		global $conf,$user,$langs,$db;
-		$this->savconf=$conf;
-		$this->savuser=$user;
-		$this->savlangs=$langs;
-		$this->savdb=$db;
+		global $conf, $user, $langs, $db;
+		$this->savconf = $conf;
+		$this->savuser = $user;
+		$this->savlangs = $langs;
+		$this->savdb = $db;
 
 		print __METHOD__." db->type=".$db->type." user->id=".$user->id;
 		//print " - db ".$db->db;
@@ -110,8 +110,8 @@ 
 	 */
 	public static function setUpBeforeClass(): void
 	{
-		global $conf,$user,$langs,$db;
-		$db->begin();	// This is to have all actions inside a transaction even if test launched without suite.
+		global $conf, $user, $langs, $db;
+		$db->begin(); // This is to have all actions inside a transaction even if test launched without suite.
 
 		print __METHOD__."\n";
 	}
@@ -123,7 +123,7 @@ 
 	 */
 	public static function tearDownAfterClass(): void
 	{
-		global $conf,$user,$langs,$db;
+		global $conf, $user, $langs, $db;
 		$db->rollback();
 
 		// Restore value to a neutral value (it was set to a test value by some tests)
@@ -139,11 +139,11 @@ 
 	 */
 	protected function setUp(): void
 	{
-		global $conf,$user,$langs,$db;
-		$conf=$this->savconf;
-		$user=$this->savuser;
-		$langs=$this->savlangs;
-		$db=$this->savdb;
+		global $conf, $user, $langs, $db;
+		$conf = $this->savconf;
+		$user = $this->savuser;
+		$langs = $this->savlangs;
+		$db = $this->savdb;
 
 		print __METHOD__."\n";
 	}
@@ -166,7 +166,7 @@ 
 	public function testSetLang()
 	{
 		global $conf;
-		$conf=$this->savconf;
+		$conf = $this->savconf;
 
 		$tmplangs = new Translate('', $conf);
 
@@ -188,7 +188,7 @@ 
 		// More on https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
 
 		// Should be OK
-		$expectedresult=0;
+		$expectedresult = 0;
 
 		/*
 		$test = '';
@@ -196,107 +196,107 @@ 
 		$this->assertGreaterThanOrEqual(0, $result, 'Error on testSqlAndScriptInject kkk');
 		*/
 
-		$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php';
-		$result=testSqlAndScriptInject($_SERVER["PHP_SELF"], 2);
+		$_SERVER["PHP_SELF"] = '/DIR WITH SPACE/htdocs/admin/index.php';
+		$result = testSqlAndScriptInject($_SERVER["PHP_SELF"], 2);
 		$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject for PHP_SELF that should be ok');
 
 		$test = 'This is a < inside string with < and > also and tag like <a> before the >';
-		$result=testSqlAndScriptInject($test, 0);
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject expected 0b');
 
 		$test = 'This is the union of all for the selection of the best';
-		$result=testSqlAndScriptInject($test, 0);
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject expected 0c');
 
-		$test='/user/perms.php?id=1&action=addrights&entity=1&rights=123&confirm=yes&token=123456789&updatedmodulename=lmscoursetracking';
-		$result=testSqlAndScriptInject($test, 1);
+		$test = '/user/perms.php?id=1&action=addrights&entity=1&rights=123&confirm=yes&token=123456789&updatedmodulename=lmscoursetracking';
+		$result = testSqlAndScriptInject($test, 1);
 		print "test=".$test." result=".$result."\n";
 		$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject with a valid url');
 
 		// Should detect attack
-		$expectedresult=1;
+		$expectedresult = 1;
 
-		$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php/<svg>';
-		$result=testSqlAndScriptInject($_SERVER["PHP_SELF"], 2);
+		$_SERVER["PHP_SELF"] = '/DIR WITH SPACE/htdocs/admin/index.php/<svg>';
+		$result = testSqlAndScriptInject($_SERVER["PHP_SELF"], 2);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject for PHP_SELF that should detect XSS');
 
 		$test = 'select @@version';
-		$result=testSqlAndScriptInject($test, 0);
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject for SQL1a. Should find an attack on POST param and did not.');
 
 		$test = 'select @@version';
-		$result=testSqlAndScriptInject($test, 1);
+		$result = testSqlAndScriptInject($test, 1);
 		$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject for SQL1b. Should find an attack on GET param and did not.');
 
 		$test = '... update ... set ... =';
-		$result=testSqlAndScriptInject($test, 1);
+		$result = testSqlAndScriptInject($test, 1);
 		$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject for SQL2a. Should find an attack on GET param and did not.');
 
 		$test = "delete\nfrom";
-		$result=testSqlAndScriptInject($test, 1);
+		$result = testSqlAndScriptInject($test, 1);
 		$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject for SQL2b. Should find an attack on GET param and did not.');
 
 		$test = 'action=update& ... set ... =';
-		$result=testSqlAndScriptInject($test, 1);
+		$result = testSqlAndScriptInject($test, 1);
 		$this->assertEquals(0, $result, 'Error on testSqlAndScriptInject for SQL2b. Should not find an attack on GET param and did.');
 
 		$test = '... union ... selection ';
-		$result=testSqlAndScriptInject($test, 1);
+		$result = testSqlAndScriptInject($test, 1);
 		$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject for SQL2c. Should find an attack on GET param and did not.');
 
 		$test = 'j&#x61;vascript:';
-		$result=testSqlAndScriptInject($test, 0);
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject for javascript1. Should find an attack and did not.');
 
 		$test = 'j&#x61vascript:';
-		$result=testSqlAndScriptInject($test, 0);
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject for javascript2. Should find an attack and did not.');
 
 		$test = 'javascript&colon&#x3B;alert(1)';
-		$result=testSqlAndScriptInject($test, 0);
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject for javascript2');
 
-		$test="<img src='1.jpg' onerror =javascript:alert('XSS')>";
-		$result=testSqlAndScriptInject($test, 0);
+		$test = "<img src='1.jpg' onerror =javascript:alert('XSS')>";
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa1');
 
-		$test="<img src='1.jpg' onerror =javascript:alert('XSS')>";
-		$result=testSqlAndScriptInject($test, 2);
+		$test = "<img src='1.jpg' onerror =javascript:alert('XSS')>";
+		$result = testSqlAndScriptInject($test, 2);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa2');
 
-		$test='<IMG SRC=# onmouseover="alert(1)">';
-		$result=testSqlAndScriptInject($test, 0);
+		$test = '<IMG SRC=# onmouseover="alert(1)">';
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa3');
-		$test='<IMG SRC onmouseover="alert(1)">';
-		$result=testSqlAndScriptInject($test, 0);
+		$test = '<IMG SRC onmouseover="alert(1)">';
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa4');
-		$test='<IMG onmouseover="alert(1)">';
-		$result=testSqlAndScriptInject($test, 0);
+		$test = '<IMG onmouseover="alert(1)">';
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa5');
-		$test='<IMG SRC=/ onerror="alert(1)">';
-		$result=testSqlAndScriptInject($test, 0);
+		$test = '<IMG SRC=/ onerror="alert(1)">';
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa6');
-		$test='<IMG SRC=" &#14;  javascript:alert(1);">';
-		$result=testSqlAndScriptInject($test, 0);
+		$test = '<IMG SRC=" &#14;  javascript:alert(1);">';
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa7');
 
-		$test='<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>';
-		$result=testSqlAndScriptInject($test, 0);
+		$test = '<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>';
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject bbb');
 
-		$test='<SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>';
-		$result=testSqlAndScriptInject($test, 0);
+		$test = '<SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>';
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject ccc');
 
-		$test='<IMG SRC="javascript:alert(\'XSS\');">';
-		$result=testSqlAndScriptInject($test, 1);
+		$test = '<IMG SRC="javascript:alert(\'XSS\');">';
+		$result = testSqlAndScriptInject($test, 1);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject ddd');
 
-		$test='<IMG """><SCRIPT>alert("XSS")</SCRIPT>">';
-		$result=testSqlAndScriptInject($test, 0);
+		$test = '<IMG """><SCRIPT>alert("XSS")</SCRIPT>">';
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject eee');
 
-		$test='<!-- Google analytics -->
+		$test = '<!-- Google analytics -->
 			<script>
 			  (function(i,s,o,g,r,a,m){i[\'GoogleAnalyticsObject\']=r;i[r]=i[r]||function(){
 			  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
@@ -307,60 +307,60 @@ 
 			  ga(\'send\', \'pageview\');
 
 			</script>';
-		$result=testSqlAndScriptInject($test, 0);
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject eee');
 
-		$test="<IMG SRC=\"jav\tascript:alert('XSS');\">";		// Is locked by some browser like chrome because the default directive no-referrer-when-downgrade is sent when requesting the SRC and then refused because of browser protection on img src load without referrer.
-		$test="<IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">";	// Same
+		$test = "<IMG SRC=\"jav\tascript:alert('XSS');\">"; // Is locked by some browser like chrome because the default directive no-referrer-when-downgrade is sent when requesting the SRC and then refused because of browser protection on img src load without referrer.
+		$test = "<IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">"; // Same
 
-		$test='<SCRIPT/XSS SRC="http://xss.rocks/xss.js"></SCRIPT>';
-		$result=testSqlAndScriptInject($test, 0);
+		$test = '<SCRIPT/XSS SRC="http://xss.rocks/xss.js"></SCRIPT>';
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject fff1');
-		$test='<SCRIPT/SRC="http://xss.rocks/xss.js"></SCRIPT>';
-		$result=testSqlAndScriptInject($test, 0);
+		$test = '<SCRIPT/SRC="http://xss.rocks/xss.js"></SCRIPT>';
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject fff2');
 
 		// This case seems to be filtered by browsers now.
-		$test='<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(1)>';
+		$test = '<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(1)>';
 		//$result=testSqlAndScriptInject($test, 0);
 		//$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject ggg');
 
-		$test='<iframe src=http://xss.rocks/scriptlet.html <';
-		$result=testSqlAndScriptInject($test, 0);
+		$test = '<iframe src=http://xss.rocks/scriptlet.html <';
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject hhh');
 
-		$test='Set.constructor`alert\x281\x29```';
-		$result=testSqlAndScriptInject($test, 0);
+		$test = 'Set.constructor`alert\x281\x29```';
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject iii');
 
-		$test="on<!-- ab\nc -->error=alert(1)";
-		$result=testSqlAndScriptInject($test, 0);
+		$test = "on<!-- ab\nc -->error=alert(1)";
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject jjj');
 
-		$test="<img src=x one<a>rror=alert(document.location)";
-		$result=testSqlAndScriptInject($test, 0);
+		$test = "<img src=x one<a>rror=alert(document.location)";
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject kkk');
 
-		$test="<a onpointerdown=alert(document.domain)>XSS</a>";
-		$result=testSqlAndScriptInject($test, 0);
+		$test = "<a onpointerdown=alert(document.domain)>XSS</a>";
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject lll');
 
-		$test='<a onscrollend=alert(1) style="display:block;overflow:auto;border:1px+dashed;width:500px;height:100px;"><br><br><br><br><br><span+id=x>test</span></a>';	// Add the char %F6 into the variable
-		$result=testSqlAndScriptInject($test, 0);
+		$test = '<a onscrollend=alert(1) style="display:block;overflow:auto;border:1px+dashed;width:500px;height:100px;"><br><br><br><br><br><span+id=x>test</span></a>'; // Add the char %F6 into the variable
+		$result = testSqlAndScriptInject($test, 0);
 		//print "test=".$test." result=".$result."\n";
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject mmm');
 
 
-		$test="Text with ' encoded with the numeric html entity converted into text entity &#39; (like when submited by CKEditor)";
-		$result=testSqlAndScriptInject($test, 0);	// result must be 0
+		$test = "Text with ' encoded with the numeric html entity converted into text entity &#39; (like when submited by CKEditor)";
+		$result = testSqlAndScriptInject($test, 0); // result must be 0
 		$this->assertEquals(0, $result, 'Error on testSqlAndScriptInject mmm, result should be 0 and is not');
 
-		$test ='<a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt:&lpar;a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;(document.cookie)&rpar;">XSS</a>';
-		$result=testSqlAndScriptInject($test, 0);
+		$test = '<a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt:&lpar;a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;(document.cookie)&rpar;">XSS</a>';
+		$result = testSqlAndScriptInject($test, 0);
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject nnn, result should be >= 1 and is not');
 
-		$test="/dolibarr/htdocs/index.php/".chr('246')."abc";	// Add the char %F6 into the variable
-		$result=testSqlAndScriptInject($test, 2);
+		$test = "/dolibarr/htdocs/index.php/".chr('246')."abc"; // Add the char %F6 into the variable
+		$result = testSqlAndScriptInject($test, 2);
 		//print "test=".$test." result=".$result."\n";
 		$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject with a non valid UTF8 char');
 	}
@@ -372,11 +372,11 @@ 
 	 */
 	public function testGETPOST()
 	{
-		global $conf,$user,$langs,$db;
-		$conf=$this->savconf;
-		$user=$this->savuser;
-		$langs=$this->savlangs;
-		$db=$this->savdb;
+		global $conf, $user, $langs, $db;
+		$conf = $this->savconf;
+		$user = $this->savuser;
+		$langs = $this->savlangs;
+		$db = $this->savdb;
 
 		// Force default mode
 		$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML = 0;
@@ -384,206 +384,206 @@ 
 		$conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = 0;
 		$conf->global->MAIN_DISALLOW_URL_INTO_DESCRIPTIONS = 0;
 
-		$_COOKIE["id"]=111;
-		$_POST["param0"]='A real string with <a href="rrr" title="aa&quot;bb">aaa</a> and " and \' and &amp; inside content';
-		$_GET["param1"]="222";
-		$_POST["param1"]="333";
-		$_GET["param2"]='a/b#e(pr)qq-rr\cc';
-		$_GET["param3"]='"&#110;a/b#e(pr)qq-rr\cc';    // Same than param2 + " and &#110;
-		$_GET["param4a"]='..&#47;../dir';
-		$_GET["param4b"]='..&#92;..\dirwindows';
-		$_GET["param5"]="a_1-b";
-		$_POST["param6"]="&quot;&gt;<svg o&#110;load='console.log(&quot;123&quot;)'&gt;";
-		$_POST["param6b"]='<<<../>../>../svg><<<../>../>../animate =alert(1)>abc';
-		$_GET["param7"]='"c:\this is a path~1\aaa&#110; &#x&#x31;&#x31;&#x30;;" abc<bad>def</bad>';
-		$_POST["param8a"]="Hacker<svg o&#110;load='console.log(&quot;123&quot;)'";	// html tag is not closed so it is not detected as html tag but is still harmfull
-		$_POST['param8b']='<img src=x onerror=alert(document.location) t=';		// this is html obfuscated by non closing tag
-		$_POST['param8c']='< with space after is ok';
-		$_POST['param8d']='<abc123 is html to clean';
-		$_POST['param8e']='<123abc is not html to clean';	// other similar case: '<2021-12-12'
-		$_POST['param8f']='abc<<svg <><<animate onbegin=alert(document.domain) a';
-		$_POST["param9"]='is_object($object) ? ($object->id < 10 ? round($object->id / 2, 2) : (2 * $user->id) * (int) substr($mysoc->zip, 1, 2)) : \'objnotdefined\'';
-		$_POST["param10"]='is_object($object) ? ($object->id < 10 ? round($object->id / 2, 2) : (2 * $user->id) * (int) substr($mysoc->zip, 1, 2)) : \'<abc>objnotdefined\'';
-		$_POST["param11"]=' Name <email@email.com> ';
-		$_POST["param12"]='<!DOCTYPE html><html>aaa</html>';
-		$_POST["param13"]='&#110; &#x6E; &gt; &lt; &quot; <a href=\"j&#x61;vascript:alert(document.domain)\">XSS</a>';
-		$_POST["param13b"]='&#110; &#x6E; &gt; &lt; &quot; <a href=\"j&#x61vascript:alert(document.domain)\">XSS</a>';
-		$_POST["param14"]="Text with ' encoded with the numeric html entity converted into text entity &#39; (like when submited by CKEditor)";
-		$_POST["param15"]="<img onerror<=alert(document.domain)> src=>0xbeefed";
+		$_COOKIE["id"] = 111;
+		$_POST["param0"] = 'A real string with <a href="rrr" title="aa&quot;bb">aaa</a> and " and \' and &amp; inside content';
+		$_GET["param1"] = "222";
+		$_POST["param1"] = "333";
+		$_GET["param2"] = 'a/b#e(pr)qq-rr\cc';
+		$_GET["param3"] = '"&#110;a/b#e(pr)qq-rr\cc'; // Same than param2 + " and &#110;
+		$_GET["param4a"] = '..&#47;../dir';
+		$_GET["param4b"] = '..&#92;..\dirwindows';
+		$_GET["param5"] = "a_1-b";
+		$_POST["param6"] = "&quot;&gt;<svg o&#110;load='console.log(&quot;123&quot;)'&gt;";
+		$_POST["param6b"] = '<<<../>../>../svg><<<../>../>../animate =alert(1)>abc';
+		$_GET["param7"] = '"c:\this is a path~1\aaa&#110; &#x&#x31;&#x31;&#x30;;" abc<bad>def</bad>';
+		$_POST["param8a"] = "Hacker<svg o&#110;load='console.log(&quot;123&quot;)'"; // html tag is not closed so it is not detected as html tag but is still harmfull
+		$_POST['param8b'] = '<img src=x onerror=alert(document.location) t='; // this is html obfuscated by non closing tag
+		$_POST['param8c'] = '< with space after is ok';
+		$_POST['param8d'] = '<abc123 is html to clean';
+		$_POST['param8e'] = '<123abc is not html to clean'; // other similar case: '<2021-12-12'
+		$_POST['param8f'] = 'abc<<svg <><<animate onbegin=alert(document.domain) a';
+		$_POST["param9"] = 'is_object($object) ? ($object->id < 10 ? round($object->id / 2, 2) : (2 * $user->id) * (int) substr($mysoc->zip, 1, 2)) : \'objnotdefined\'';
+		$_POST["param10"] = 'is_object($object) ? ($object->id < 10 ? round($object->id / 2, 2) : (2 * $user->id) * (int) substr($mysoc->zip, 1, 2)) : \'<abc>objnotdefined\'';
+		$_POST["param11"] = ' Name <email@email.com> ';
+		$_POST["param12"] = '<!DOCTYPE html><html>aaa</html>';
+		$_POST["param13"] = '&#110; &#x6E; &gt; &lt; &quot; <a href=\"j&#x61;vascript:alert(document.domain)\">XSS</a>';
+		$_POST["param13b"] = '&#110; &#x6E; &gt; &lt; &quot; <a href=\"j&#x61vascript:alert(document.domain)\">XSS</a>';
+		$_POST["param14"] = "Text with ' encoded with the numeric html entity converted into text entity &#39; (like when submited by CKEditor)";
+		$_POST["param15"] = "<img onerror<=alert(document.domain)> src=>0xbeefed";
 		//$_POST["param15b"]="<html><head><title>Example HTML</title></head><body><div><p>This is a paragraph.</div><ul><li>Item 1</li><li>Item 2</li></ol></body><html>";
-		$_POST["param16"]='<a style="z-index: 1000">abc</a>';
-		$_POST["param17"]='<span style="background-image: url(logout.php)">abc</span>';
-		$_POST["param18"]='<span style="background-image: url(...?...action=aaa)">abc</span>';
-		$_POST["param19"]='<a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt:&lpar;alert(document.cookie)&rpar;">XSS</a>';
+		$_POST["param16"] = '<a style="z-index: 1000">abc</a>';
+		$_POST["param17"] = '<span style="background-image: url(logout.php)">abc</span>';
+		$_POST["param18"] = '<span style="background-image: url(...?...action=aaa)">abc</span>';
+		$_POST["param19"] = '<a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt:&lpar;alert(document.cookie)&rpar;">XSS</a>';
 		//$_POST["param19"]='<a href="javascript:alert(document.cookie)">XSS</a>';
 
 
 
-		$result=GETPOST('id', 'int');              // Must return nothing
+		$result = GETPOST('id', 'int'); // Must return nothing
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('', $result);
 
-		$result=GETPOST("param1", 'int');
+		$result = GETPOST("param1", 'int');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals(222, $result, 'Test on param1 with no 3rd param');
 
-		$result=GETPOST("param1", 'int', 2);
+		$result = GETPOST("param1", 'int', 2);
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals(333, $result, 'Test on param1 with 3rd param = 2');
 
 		// Test with alpha
 
-		$result=GETPOST("param0", 'alpha');		// a simple format, so " completely removed
+		$result = GETPOST("param0", 'alpha'); // a simple format, so " completely removed
 		$resultexpected = 'A real string with aaa and and \' and & inside content';
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals($resultexpected, $result, 'Test on param0');
 
-		$result=GETPOST("param2", 'alpha');
+		$result = GETPOST("param2", 'alpha');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals($result, $_GET["param2"], 'Test on param2');
 
-		$result=GETPOST("param3", 'alpha');  // Must return string sanitized from char "
+		$result = GETPOST("param3", 'alpha'); // Must return string sanitized from char "
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals($result, 'na/b#e(pr)qq-rr\cc', 'Test on param3');
 
-		$result=GETPOST("param4a", 'alpha');  // Must return string sanitized from ../
+		$result = GETPOST("param4a", 'alpha'); // Must return string sanitized from ../
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals($result, 'dir');
 
-		$result=GETPOST("param4b", 'alpha');  // Must return string sanitized from ../
+		$result = GETPOST("param4b", 'alpha'); // Must return string sanitized from ../
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals($result, 'dirwindows');
 
 		// Test with aZ09
 
-		$result=GETPOST("param1", 'aZ09');
+		$result = GETPOST("param1", 'aZ09');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals($result, $_GET["param1"]);
 
-		$result=GETPOST("param2", 'aZ09');  // Must return '' as string contains car not in aZ09 definition
+		$result = GETPOST("param2", 'aZ09'); // Must return '' as string contains car not in aZ09 definition
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals($result, '');
 
-		$result=GETPOST("param3", 'aZ09');  // Must return '' as string contains car not in aZ09 definition
+		$result = GETPOST("param3", 'aZ09'); // Must return '' as string contains car not in aZ09 definition
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals($result, '');
 
-		$result=GETPOST("param4a", 'aZ09');  // Must return '' as string contains car not in aZ09 definition
+		$result = GETPOST("param4a", 'aZ09'); // Must return '' as string contains car not in aZ09 definition
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('', $result);
 
-		$result=GETPOST("param4b", 'aZ09');  // Must return '' as string contains car not in aZ09 definition
+		$result = GETPOST("param4b", 'aZ09'); // Must return '' as string contains car not in aZ09 definition
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('', $result);
 
-		$result=GETPOST("param5", 'aZ09');
+		$result = GETPOST("param5", 'aZ09');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals($_GET["param5"], $result);
 
 		// Test with nohtml
 
-		$result=GETPOST("param6", 'nohtml');
+		$result = GETPOST("param6", 'nohtml');
 		print __METHOD__." result6=".$result."\n";
 		$this->assertEquals('">', $result);
 
 		// Test with alpha = alphanohtml. We must convert the html entities like &#110; and disable all entities
 
-		$result=GETPOST("param6", 'alphanohtml');
+		$result = GETPOST("param6", 'alphanohtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('>', $result);
 
-		$result=GETPOST("param6b", 'alphanohtml');
+		$result = GETPOST("param6b", 'alphanohtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('abc', $result);
 
-		$result=GETPOST("param8a", 'alphanohtml');
+		$result = GETPOST("param8a", 'alphanohtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals("Hackersvg onload='console.log(123)'", $result);
 
-		$result=GETPOST("param8b", 'alphanohtml');
+		$result = GETPOST("param8b", 'alphanohtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('img src=x onerror=alert(document.location) t=', $result, 'Test a string with non closing html tag with alphanohtml');
 
-		$result=GETPOST("param8c", 'alphanohtml');
+		$result = GETPOST("param8c", 'alphanohtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals($_POST['param8c'], $result, 'Test a string with non closing html tag with alphanohtml');
 
-		$result=GETPOST("param8d", 'alphanohtml');
+		$result = GETPOST("param8d", 'alphanohtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('abc123 is html to clean', $result, 'Test a string with non closing html tag with alphanohtml');
 
-		$result=GETPOST("param8e", 'alphanohtml');
+		$result = GETPOST("param8e", 'alphanohtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals($_POST['param8e'], $result, 'Test a string with non closing html tag with alphanohtml');
 
-		$result=GETPOST("param8f", 'alphanohtml');
+		$result = GETPOST("param8f", 'alphanohtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('abcsvg animate onbegin=alert(document.domain) a', $result, 'Test a string with html tag open with several <');
 
-		$result=GETPOST("param9", 'alphanohtml');
+		$result = GETPOST("param9", 'alphanohtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals($_POST["param9"], $result);
 
-		$result=GETPOST("param10", 'alphanohtml');
+		$result = GETPOST("param10", 'alphanohtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals($_POST["param9"], $result, 'We should get param9 after processing param10');
 
-		$result=GETPOST("param11", 'alphanohtml');
+		$result = GETPOST("param11", 'alphanohtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals("Name", $result, 'Test an email string with alphanohtml');
 
-		$result=GETPOST("param13", 'alphanohtml');
+		$result = GETPOST("param13", 'alphanohtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('n n > <  XSS', $result, 'Test that html entities are decoded with alpha');
 
 
 		// Test with alphawithlgt
 
-		$result=GETPOST("param11", 'alphawithlgt');
+		$result = GETPOST("param11", 'alphawithlgt');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals(trim($_POST["param11"]), $result, 'Test an email string with alphawithlgt');
 
 
 		// Test with restricthtml: we must remove html open/close tag and content but not htmlentities (we can decode html entities for ascii chars like &#110;)
 
-		$result=GETPOST("param0", 'restricthtml');
+		$result = GETPOST("param0", 'restricthtml');
 		$resultexpected = 'A real string with <a href="rrr" title="aa&quot;bb">aaa</a> and " and \' and &amp; inside content';
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals($resultexpected, $result, 'Test on param0');
 
-		$result=GETPOST("param6", 'restricthtml');
+		$result = GETPOST("param6", 'restricthtml');
 		print __METHOD__." result for param6=".$result." - before=".$_POST["param6"]."\n";
 		$this->assertEquals('&quot;&gt;', $result);
 
-		$result=GETPOST("param7", 'restricthtml');
+		$result = GETPOST("param7", 'restricthtml');
 		print __METHOD__." result param7 = ".$result."\n";
 		$this->assertEquals('"c:\this is a path~1\aaan &#x;;;;" abcdef', $result);
 
-		$result=GETPOST("param8e", 'restricthtml');
+		$result = GETPOST("param8e", 'restricthtml');
 		print __METHOD__." result param8e = ".$result."\n";
 		$this->assertEquals('', $result);
 
-		$result=GETPOST("param12", 'restricthtml');
+		$result = GETPOST("param12", 'restricthtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals(trim($_POST["param12"]), $result, 'Test a string with DOCTYPE and restricthtml');
 
-		$result=GETPOST("param13", 'restricthtml');
+		$result = GETPOST("param13", 'restricthtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('n n &gt; &lt; &quot; <a href=\"alert(document.domain)\">XSS</a>', $result, 'Test 13 that HTML entities are decoded with restricthtml, but only for common alpha chars');
 
-		$result=GETPOST("param13b", 'restricthtml');
+		$result = GETPOST("param13b", 'restricthtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('n n &gt; &lt; &quot; <a href=\"alert(document.domain)\">XSS</a>', $result, 'Test 13b that HTML entities are decoded with restricthtml, but only for common alpha chars');
 
-		$result=GETPOST("param14", 'restricthtml');
+		$result = GETPOST("param14", 'restricthtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals("Text with ' encoded with the numeric html entity converted into text entity &#39; (like when submited by CKEditor)", $result, 'Test 14');
 
-		$result=GETPOST("param15", 'restricthtml');		// param15 = <img onerror<=alert(document.domain)> src=>0xbeefed that is a dangerous string
+		$result = GETPOST("param15", 'restricthtml'); // param15 = <img onerror<=alert(document.domain)> src=>0xbeefed that is a dangerous string
 		print __METHOD__." result=".$result."\n";
-		$this->assertEquals("<img onerror=alert(document.domain) src=>0xbeefed", $result, 'Test 15');	// The GETPOST return a harmull string
+		$this->assertEquals("<img onerror=alert(document.domain) src=>0xbeefed", $result, 'Test 15'); // The GETPOST return a harmull string
 
-		$result=GETPOST("param19", 'restricthtml');
+		$result = GETPOST("param19", 'restricthtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('<a href="&lpar;alert(document.cookie)&rpar;">XSS</a>', $result, 'Test 19');
 
@@ -594,22 +594,22 @@ 
 		$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY = 0;
 
 		//$_POST["param0"] = 'A real string with <a href="rrr" title="aabb">aaa</a> and " inside content';
-		$result=GETPOST("param0", 'restricthtml');
+		$result = GETPOST("param0", 'restricthtml');
 		$resultexpected = 'A real string with <a href="rrr" title=\'aa"bb\'>aaa</a> and " and \' and &amp; inside content';
 		print __METHOD__." result for param0=".$result."\n";
 		$this->assertEquals($resultexpected, $result, 'Test on param0');
 
-		$result=GETPOST("param15", 'restricthtml');		// param15 = <img onerror<=alert(document.domain)> src=>0xbeefed that is a dangerous string
+		$result = GETPOST("param15", 'restricthtml'); // param15 = <img onerror<=alert(document.domain)> src=>0xbeefed that is a dangerous string
 		print __METHOD__." result for param15=".$result."\n";
 		//$this->assertEquals('InvalidHTMLStringCantBeCleaned', $result, 'Test 15b');   // With some PHP and libxml version, we got this result when parsing invalid HTML, but ...
 		//$this->assertEquals('<img onerror> src=&gt;0xbeefed', $result, 'Test 15b');	// ... on other PHP and libxml versions, we got a HTML that has been cleaned
 
-		$result=GETPOST("param6", 'restricthtml');		// param6 = "&quot;&gt;<svg o&#110;load='console.log(&quot;123&quot;)'&gt;"
+		$result = GETPOST("param6", 'restricthtml'); // param6 = "&quot;&gt;<svg o&#110;load='console.log(&quot;123&quot;)'&gt;"
 		print __METHOD__." result for param6=".$result." - before=".$_POST["param6"]."\n";
 		//$this->assertEquals('InvalidHTMLStringCantBeCleaned', $result, 'Test 15b');   // With some PHP and libxml version, we got this result when parsing invalid HTML, but ...
 		//$this->assertEquals('"&gt;', $result);										// ... on other PHP and libxml versions, we got a HTML that has been cleaned
 
-		$result=GETPOST("param7", 'restricthtml');		// param7 = "c:\this is a path~1\aaa&#110; &#x&#x31;&#x31;&#x30;;" abc<bad>def</bad>
+		$result = GETPOST("param7", 'restricthtml'); // param7 = "c:\this is a path~1\aaa&#110; &#x&#x31;&#x31;&#x30;;" abc<bad>def</bad>
 		print __METHOD__." result param7 = ".$result."\n";
 		//$this->assertEquals('InvalidHTMLStringCantBeCleaned', $result, 'Test 15b');   // With some PHP and libxml version, we got this result when parsing invalid HTML, but ...
 		//$this->assertEquals('"c:\this is a path~1\aaan 110;" abcdef', $result);		// ... on other PHP and libxml versions, we got a HTML that has been cleaned
@@ -621,19 +621,19 @@ 
 			$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML = 0;
 			$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY = 1;
 
-			$result=GETPOST("param0", 'restricthtml');
+			$result = GETPOST("param0", 'restricthtml');
 			$resultexpected = 'A real string with <a href="rrr" title="aa&quot;bb">aaa</a> and " and \' and & inside content';
 			print __METHOD__." result for param0=".$result."\n";
 			$this->assertEquals($resultexpected, $result, 'Test on param0');
 
-			$result=GETPOST("param15", 'restricthtml');		// param15 = <img onerror<=alert(document.domain)> src=>0xbeefed that is a dangerous string
+			$result = GETPOST("param15", 'restricthtml'); // param15 = <img onerror<=alert(document.domain)> src=>0xbeefed that is a dangerous string
 			print __METHOD__." result=".$result."\n";
 
-			$result=GETPOST("param6", 'restricthtml');
+			$result = GETPOST("param6", 'restricthtml');
 			print __METHOD__." result for param6=".$result." - before=".$_POST["param6"]."\n";
 			$this->assertEquals('"&gt;', $result);
 
-			$result=GETPOST("param7", 'restricthtml');
+			$result = GETPOST("param7", 'restricthtml');
 			print __METHOD__." result param7 = ".$result."\n";
 			$this->assertEquals('"c:\this is a path~1\aaan &amp;#x110;" abcdef', $result);
 		}
@@ -645,19 +645,19 @@ 
 			$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML = 1;
 			$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY = 1;
 
-			$result=GETPOST("param0", 'restricthtml');
+			$result = GETPOST("param0", 'restricthtml');
 			$resultexpected = 'A real string with <a href="rrr" title=\'aa"bb\'>aaa</a> and " and \' and & inside content';
 			print __METHOD__." result for param0=".$result."\n";
 			$this->assertEquals($resultexpected, $result, 'Test on param0');
 
-			$result=GETPOST("param15", 'restricthtml');		// param15 = <img onerror<=alert(document.domain)> src=>0xbeefed that is a dangerous string
+			$result = GETPOST("param15", 'restricthtml'); // param15 = <img onerror<=alert(document.domain)> src=>0xbeefed that is a dangerous string
 			print __METHOD__." result=".$result."\n";
 
-			$result=GETPOST("param6", 'restricthtml');
+			$result = GETPOST("param6", 'restricthtml');
 			print __METHOD__." result for param6=".$result." - before=".$_POST["param6"]."\n";
 			$this->assertEquals('"&gt;', $result);
 
-			$result=GETPOST("param7", 'restricthtml');
+			$result = GETPOST("param7", 'restricthtml');
 			print __METHOD__." result param7 = ".$result."\n";
 			$this->assertEquals('"c:\this is a path~1\aaan 110;" abcdef', $result);
 		}
@@ -669,19 +669,19 @@ 
 		unset($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY);
 		$conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = 1;
 
-		$result=GETPOST("param15", 'restricthtml');
+		$result = GETPOST("param15", 'restricthtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('<img src="">0xbeefed', $result, 'Test 15c');
 
-		$result=GETPOST('param16', 'restricthtml');
+		$result = GETPOST('param16', 'restricthtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('<a style=" 1000">abc</a>', $result, 'Test tag a with forbidden attribute z-index');
 
-		$result=GETPOST('param17', 'restricthtml');
+		$result = GETPOST('param17', 'restricthtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('<span style="background-image: url()">abc</span>', $result, 'Test anytag with a forbidden value for attribute');
 
-		$result=GETPOST('param18', 'restricthtml');
+		$result = GETPOST('param18', 'restricthtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('<span style="background-image: url(...?...aaa)">abc</span>', $result, 'Test anytag with a forbidden value for attribute');
 
@@ -690,75 +690,75 @@ 
 
 		// Special test for GETPOST of backtopage, backtolist or backtourl parameter
 
-		$_POST["backtopage"]='//www.google.com';
-		$result=GETPOST("backtopage");
+		$_POST["backtopage"] = '//www.google.com';
+		$result = GETPOST("backtopage");
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('www.google.com', $result, 'Test for backtopage param');
 
-		$_POST["backtopage"]='https:https://www.google.com';
-		$result=GETPOST("backtopage");
+		$_POST["backtopage"] = 'https:https://www.google.com';
+		$result = GETPOST("backtopage");
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('www.google.com', $result, 'Test for backtopage param');
 
-		$_POST["backtolist"]='::HTTPS://www.google.com';
-		$result=GETPOST("backtolist");
+		$_POST["backtolist"] = '::HTTPS://www.google.com';
+		$result = GETPOST("backtolist");
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('www.google.com', $result, 'Test for backtopage param');
 
-		$_POST["backtopage"]='http:www.google.com';
-		$result=GETPOST("backtopage");
+		$_POST["backtopage"] = 'http:www.google.com';
+		$result = GETPOST("backtopage");
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('httpwww.google.com', $result, 'Test for backtopage param');
 
-		$_POST["backtopage"]='/mydir/mypage.php?aa=a%10a';
-		$result=GETPOST("backtopage");
+		$_POST["backtopage"] = '/mydir/mypage.php?aa=a%10a';
+		$result = GETPOST("backtopage");
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('/mydir/mypage.php?aa=a%10a', $result, 'Test for backtopage param');
 
-		$_POST["backtopage"]='javascripT&javascript#javascriptxjavascript3a alert(1)';
-		$result=GETPOST("backtopage");
+		$_POST["backtopage"] = 'javascripT&javascript#javascriptxjavascript3a alert(1)';
+		$result = GETPOST("backtopage");
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('x3aalert(1)', $result, 'Test for backtopage param');
 
 
 		$conf->global->MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT = 3;
-		$_POST["pagecontentwithlinks"]='<img src="aaa"><img src="bbb"><img src="/ccc"><span style="background: url(/ddd)"></span>';
-		$result=GETPOST("pagecontentwithlinks", 'restricthtml');
+		$_POST["pagecontentwithlinks"] = '<img src="aaa"><img src="bbb"><img src="/ccc"><span style="background: url(/ddd)"></span>';
+		$result = GETPOST("pagecontentwithlinks", 'restricthtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('ErrorTooManyLinksIntoHTMLString', $result, 'Test on limit on GETPOST fails');
 
 		// Test that img src="data:..." is excluded from the count of external links
 		$conf->global->MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT = 3;
-		$_POST["pagecontentwithlinks"]='<img src="data:abc"><img src="bbb"><img src="/ccc"><span style="background: url(/ddd)"></span>';
-		$result=GETPOST("pagecontentwithlinks", 'restricthtml');
+		$_POST["pagecontentwithlinks"] = '<img src="data:abc"><img src="bbb"><img src="/ccc"><span style="background: url(/ddd)"></span>';
+		$result = GETPOST("pagecontentwithlinks", 'restricthtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('<img src="data:abc"><img src="bbb"><img src="/ccc"><span style="background: url(/ddd)"></span>', $result, 'Test on limit on GETPOST fails');
 
 		$conf->global->MAIN_DISALLOW_URL_INTO_DESCRIPTIONS = 2;
 
 		// Test that no links is allowed
-		$_POST["pagecontentwithlinks"]='<img src="data:abc"><img src="bbb"><img src="/ccc"><span style="background: url(/ddd)"></span>';
-		$result=GETPOST("pagecontentwithlinks", 'restricthtml');
+		$_POST["pagecontentwithlinks"] = '<img src="data:abc"><img src="bbb"><img src="/ccc"><span style="background: url(/ddd)"></span>';
+		$result = GETPOST("pagecontentwithlinks", 'restricthtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('ErrorHTMLLinksNotAllowed', $result, 'Test on limit on MAIN_DISALLOW_URL_INTO_DESCRIPTIONS = 2 (no links allowed)');
 
 		$conf->global->MAIN_DISALLOW_URL_INTO_DESCRIPTIONS = 1;
 
 		// Test that links on wrapper or local url are allowed
-		$_POST["pagecontentwithnowrapperlinks"]='<img src="data:abc"><img src="bbb"><img src="/ccc"><span style="background: url(/ddd)"></span>';
-		$result=GETPOST("pagecontentwithnowrapperlinks", 'restricthtml');
+		$_POST["pagecontentwithnowrapperlinks"] = '<img src="data:abc"><img src="bbb"><img src="/ccc"><span style="background: url(/ddd)"></span>';
+		$result = GETPOST("pagecontentwithnowrapperlinks", 'restricthtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('<img src="data:abc"><img src="bbb"><img src="/ccc"><span style="background: url(/ddd)"></span>', $result, 'Test on MAIN_DISALLOW_URL_INTO_DESCRIPTIONS = 1 (links on data or relative links ar allowed)');
 
 		// Test that links not on wrapper and not data are disallowed
-		$_POST["pagecontentwithnowrapperlinks"]='<img src="https://aaa">';
-		$result=GETPOST("pagecontentwithnowrapperlinks", 'restricthtml');
+		$_POST["pagecontentwithnowrapperlinks"] = '<img src="https://aaa">';
+		$result = GETPOST("pagecontentwithnowrapperlinks", 'restricthtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('ErrorHTMLExternalLinksNotAllowed', $result, 'Test on MAIN_DISALLOW_URL_INTO_DESCRIPTIONS = 1 (no links to http allowed)');
 
 		// Test that links not on wrapper and not data are disallowed
-		$_POST["pagecontentwithnowrapperlinks"]='<span style="background: url(http://ddd)"></span>';
-		$result=GETPOST("pagecontentwithnowrapperlinks", 'restricthtml');
+		$_POST["pagecontentwithnowrapperlinks"] = '<span style="background: url(http://ddd)"></span>';
+		$result = GETPOST("pagecontentwithnowrapperlinks", 'restricthtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('ErrorHTMLExternalLinksNotAllowed', $result, 'Test on MAIN_DISALLOW_URL_INTO_DESCRIPTIONS = 1 (no links to http allowed)');
 
@@ -772,15 +772,15 @@ 
 	 */
 	public function testEncodeDecode()
 	{
-		$stringtotest="This is a string to test encode/decode. This is a string to test encode/decode. This is a string to test encode/decode.";
+		$stringtotest = "This is a string to test encode/decode. This is a string to test encode/decode. This is a string to test encode/decode.";
 
-		$encodedstring=dol_encode($stringtotest);
-		$decodedstring=dol_decode($encodedstring);
+		$encodedstring = dol_encode($stringtotest);
+		$decodedstring = dol_decode($encodedstring);
 		print __METHOD__." encodedstring=".$encodedstring." ".base64_encode($stringtotest)."\n";
 		$this->assertEquals($stringtotest, $decodedstring, 'Use dol_encode/decode with no parameter');
 
-		$encodedstring=dol_encode($stringtotest, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ');
-		$decodedstring=dol_decode($encodedstring, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ');
+		$encodedstring = dol_encode($stringtotest, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ');
+		$decodedstring = dol_decode($encodedstring, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ');
 		print __METHOD__." encodedstring=".$encodedstring." ".base64_encode($stringtotest)."\n";
 		$this->assertEquals($stringtotest, $decodedstring, 'Use dol_encode/decode with a key parameter');
 
@@ -799,7 +799,7 @@ 
 		$this->assertEquals('a &colon; b " c \' d &apos; e é', $decodedstring, 'Function did not sanitize correclty');
 
 		$stringtotest = 'a &colon; b &quot; c &#039; d &apos; e &eacute;';
-		$decodedstring = dol_html_entity_decode($stringtotest, ENT_QUOTES|ENT_HTML5);
+		$decodedstring = dol_html_entity_decode($stringtotest, ENT_QUOTES | ENT_HTML5);
 		$this->assertEquals('a : b " c \' d \' e é', $decodedstring, 'Function did not sanitize correclty');
 
 		return 0;
@@ -863,21 +863,21 @@ 
 	{
 		global $conf;
 
-		$genpass1=getRandomPassword(true);				// Should be a string return by dol_hash (if no option set, will be md5)
+		$genpass1 = getRandomPassword(true); // Should be a string return by dol_hash (if no option set, will be md5)
 		print __METHOD__." genpass1=".$genpass1."\n";
 		$this->assertEquals(strlen($genpass1), 32);
 
-		$genpass1=getRandomPassword(true, array('I'));	// Should be a string return by dol_hash (if no option set, will be md5)
+		$genpass1 = getRandomPassword(true, array('I')); // Should be a string return by dol_hash (if no option set, will be md5)
 		print __METHOD__." genpass1=".$genpass1."\n";
 		$this->assertEquals(strlen($genpass1), 32);
 
-		$conf->global->USER_PASSWORD_GENERATED='None';
-		$genpass2=getRandomPassword(false);				// Should return an empty string
+		$conf->global->USER_PASSWORD_GENERATED = 'None';
+		$genpass2 = getRandomPassword(false); // Should return an empty string
 		print __METHOD__." genpass2=".$genpass2."\n";
 		$this->assertEquals($genpass2, '');
 
-		$conf->global->USER_PASSWORD_GENERATED='Standard';
-		$genpass3=getRandomPassword(false);				// Should return a password of 12 chars
+		$conf->global->USER_PASSWORD_GENERATED = 'Standard';
+		$genpass3 = getRandomPassword(false); // Should return a password of 12 chars
 		print __METHOD__." genpass3=".$genpass3."\n";
 		$this->assertEquals(strlen($genpass3), 12);
 
@@ -891,16 +891,16 @@ 
 	 */
 	public function testRestrictedArea()
 	{
-		global $conf,$user,$langs,$db;
-		$conf=$this->savconf;
-		$user=$this->savuser;
-		$langs=$this->savlangs;
-		$db=$this->savdb;
+		global $conf, $user, $langs, $db;
+		$conf = $this->savconf;
+		$user = $this->savuser;
+		$langs = $this->savlangs;
+		$db = $this->savdb;
 
 		//$dummyuser=new User($db);
 		//$result=restrictedArea($dummyuser,'societe');
 
-		$result=restrictedArea($user, 'societe');
+		$result = restrictedArea($user, 'societe');
 		$this->assertEquals(1, $result);
 	}
 
@@ -918,42 +918,42 @@ 
 		$url = 'ftp://mydomain.com';
 		$tmp = getURLContent($url);
 		print __METHOD__." url=".$url."\n";
-		$this->assertGreaterThan(0, strpos($tmp['curl_error_msg'], 'not supported'));	// Test error if return does not contains 'not supported'
+		$this->assertGreaterThan(0, strpos($tmp['curl_error_msg'], 'not supported')); // Test error if return does not contains 'not supported'
 
-		$url = 'https://www.dolibarr.fr';	// This is a redirect 301 page
-		$tmp = getURLContent($url, 'GET', '', 0);	// We do NOT follow
+		$url = 'https://www.dolibarr.fr'; // This is a redirect 301 page
+		$tmp = getURLContent($url, 'GET', '', 0); // We do NOT follow
 		print __METHOD__." url=".$url."\n";
 		$this->assertEquals(301, $tmp['http_code'], 'Should GET url 301 response and stop here');
 
-		$url = 'https://www.dolibarr.fr';	// This is a redirect 301 page
-		$tmp = getURLContent($url);		// We DO follow a page with return 300 so result should be 200
+		$url = 'https://www.dolibarr.fr'; // This is a redirect 301 page
+		$tmp = getURLContent($url); // We DO follow a page with return 300 so result should be 200
 		print __METHOD__." url=".$url."\n";
 		$this->assertEquals(200, $tmp['http_code'], 'Should GET url 301 with a follow -> 200 but we get '.$tmp['http_code']);
 
 		$url = 'http://localhost';
-		$tmp = getURLContent($url, 'GET', '', 0, array(), array('http', 'https'), 0);		// Only external URL
+		$tmp = getURLContent($url, 'GET', '', 0, array(), array('http', 'https'), 0); // Only external URL
 		print __METHOD__." url=".$url."\n";
-		$this->assertEquals(400, $tmp['http_code'], 'Should GET url to '.$url.' that resolves to a local URL');	// Test we receive an error because localtest.me is not an external URL
+		$this->assertEquals(400, $tmp['http_code'], 'Should GET url to '.$url.' that resolves to a local URL'); // Test we receive an error because localtest.me is not an external URL
 
 		$url = 'http://127.0.0.1';
-		$tmp = getURLContent($url, 'GET', '', 0, array(), array('http', 'https'), 0);		// Only external URL
+		$tmp = getURLContent($url, 'GET', '', 0, array(), array('http', 'https'), 0); // Only external URL
 		print __METHOD__." url=".$url."\n";
-		$this->assertEquals(400, $tmp['http_code'], 'Should GET url to '.$url.' that is a local URL');	// Test we receive an error because 127.0.0.1 is not an external URL
+		$this->assertEquals(400, $tmp['http_code'], 'Should GET url to '.$url.' that is a local URL'); // Test we receive an error because 127.0.0.1 is not an external URL
 
 		$url = 'http://127.0.2.1';
-		$tmp = getURLContent($url, 'GET', '', 0, array(), array('http', 'https'), 0);		// Only external URL
+		$tmp = getURLContent($url, 'GET', '', 0, array(), array('http', 'https'), 0); // Only external URL
 		print __METHOD__." url=".$url."\n";
-		$this->assertEquals(400, $tmp['http_code'], 'Should GET url to '.$url.' that is a local URL');	// Test we receive an error because 127.0.2.1 is not an external URL
+		$this->assertEquals(400, $tmp['http_code'], 'Should GET url to '.$url.' that is a local URL'); // Test we receive an error because 127.0.2.1 is not an external URL
 
 		$url = 'https://169.254.0.1';
-		$tmp = getURLContent($url, 'GET', '', 0, array(), array('http', 'https'), 0);		// Only external URL
+		$tmp = getURLContent($url, 'GET', '', 0, array(), array('http', 'https'), 0); // Only external URL
 		print __METHOD__." url=".$url."\n";
-		$this->assertEquals(400, $tmp['http_code'], 'Should GET url to '.$url.' that is a local URL');	// Test we receive an error because 169.254.0.1 is not an external URL
+		$this->assertEquals(400, $tmp['http_code'], 'Should GET url to '.$url.' that is a local URL'); // Test we receive an error because 169.254.0.1 is not an external URL
 
 		$url = 'http://[::1]';
-		$tmp = getURLContent($url, 'GET', '', 0, array(), array('http', 'https'), 0);		// Only external URL
+		$tmp = getURLContent($url, 'GET', '', 0, array(), array('http', 'https'), 0); // Only external URL
 		print __METHOD__." url=".$url."\n";
-		$this->assertEquals(400, $tmp['http_code'], 'Should GET url to '.$url.' that is a local URL');	// Test we receive an error because [::1] is not an external URL
+		$this->assertEquals(400, $tmp['http_code'], 'Should GET url to '.$url.' that is a local URL'); // Test we receive an error because [::1] is not an external URL
 
 		/*$url = 'localtest.me';
 		 $tmp = getURLContent($url, 'GET', '', 0, array(), array('http', 'https'), 0);		// Only external URL
@@ -962,9 +962,9 @@ 
 		 */
 
 		$url = 'http://192.0.0.192';
-		$tmp = getURLContent($url, 'GET', '', 0, array(), array('http', 'https'), 0);		// Only external URL but on an IP in blacklist
+		$tmp = getURLContent($url, 'GET', '', 0, array(), array('http', 'https'), 0); // Only external URL but on an IP in blacklist
 		print __METHOD__." url=".$url." tmp['http_code'] = ".$tmp['http_code']."\n";
-		$this->assertEquals(400, $tmp['http_code'], 'Access should be refused and was not');	// Test we receive an error because ip is in blacklist
+		$this->assertEquals(400, $tmp['http_code'], 'Access should be refused and was not'); // Test we receive an error because ip is in blacklist
 
 		return 0;
 	}
@@ -976,22 +976,22 @@ 
 	 */
 	public function testDolSanitizeUrl()
 	{
-		global $conf,$user,$langs,$db;
-		$conf=$this->savconf;
-		$user=$this->savuser;
-		$langs=$this->savlangs;
-		$db=$this->savdb;
+		global $conf, $user, $langs, $db;
+		$conf = $this->savconf;
+		$user = $this->savuser;
+		$langs = $this->savlangs;
+		$db = $this->savdb;
 
 		$test = 'javascripT&javascript#x3a alert(1)';
-		$result=dol_sanitizeUrl($test);
+		$result = dol_sanitizeUrl($test);
 		$this->assertEquals('x3a alert(1)', $result, 'Test on dol_sanitizeUrl A');
 
 		$test = 'javajavascriptscript&cjavascriptolon;alert(1)';
-		$result=dol_sanitizeUrl($test);
+		$result = dol_sanitizeUrl($test);
 		$this->assertEquals('alert(1)', $result, 'Test on dol_sanitizeUrl B');
 
 		$test = '/javas:cript/google.com';
-		$result=dol_sanitizeUrl($test);
+		$result = dol_sanitizeUrl($test);
 		$this->assertEquals('google.com', $result, 'Test on dol_sanitizeUrl C');
 	}
 
@@ -1002,26 +1002,26 @@ 
 	 */
 	public function testDolSanitizeEmail()
 	{
-		global $conf,$user,$langs,$db;
-		$conf=$this->savconf;
-		$user=$this->savuser;
-		$langs=$this->savlangs;
-		$db=$this->savdb;
+		global $conf, $user, $langs, $db;
+		$conf = $this->savconf;
+		$user = $this->savuser;
+		$langs = $this->savlangs;
+		$db = $this->savdb;
 
 		$test = 'aaa@mycompany.com <My name>, bbb@mycompany.com <Another name>';
-		$result=dol_sanitizeEmail($test);
+		$result = dol_sanitizeEmail($test);
 		$this->assertEquals($test, $result, 'Test on dol_sanitizeEmail A');
 
 		$test = "aaa@mycompany.com <My name>,\nbbb@mycompany.com <Another name>";
-		$result=dol_sanitizeEmail($test);
+		$result = dol_sanitizeEmail($test);
 		$this->assertEquals('aaa@mycompany.com <My name>,bbb@mycompany.com <Another name>', $result, 'Test on dol_sanitizeEmail B');
 
 		$test = 'aaa@mycompany.com <My name>,\nbbb@mycompany.com <Another name>';
-		$result=dol_sanitizeEmail($test);
+		$result = dol_sanitizeEmail($test);
 		$this->assertEquals('aaa@mycompany.com <My name>,nbbb@mycompany.com <Another name>', $result, 'Test on dol_sanitizeEmail C');
 
 		$test = 'aaa@mycompany.com <My name>, "bcc:bbb"@mycompany.com <Another name>';
-		$result=dol_sanitizeEmail($test);
+		$result = dol_sanitizeEmail($test);
 		$this->assertEquals('aaa@mycompany.com <My name>, bccbbb@mycompany.com <Another name>', $result, 'Test on dol_sanitizeEmail D');
 	}
 
@@ -1032,19 +1032,19 @@ 
 	 */
 	public function testDolSanitizeFileName()
 	{
-		global $conf,$user,$langs,$db;
-		$conf=$this->savconf;
-		$user=$this->savuser;
-		$langs=$this->savlangs;
-		$db=$this->savdb;
+		global $conf, $user, $langs, $db;
+		$conf = $this->savconf;
+		$user = $this->savuser;
+		$langs = $this->savlangs;
+		$db = $this->savdb;
 
 		//$dummyuser=new User($db);
 		//$result=restrictedArea($dummyuser,'societe');
 
-		$result=dol_sanitizeFileName('bad file | evilaction');
+		$result = dol_sanitizeFileName('bad file | evilaction');
 		$this->assertEquals('bad file _ evilaction', $result);
 
-		$result=dol_sanitizeFileName('bad file -evilparam --evilparam ---evilparam ----evilparam');
+		$result = dol_sanitizeFileName('bad file -evilparam --evilparam ---evilparam ----evilparam');
 		$this->assertEquals('bad file _evilparam _evilparam _evilparam _evilparam', $result);
 	}
 
@@ -1055,17 +1055,17 @@ 
 	 */
 	public function testDolEval()
 	{
-		global $conf,$user,$langs,$db;
-		$conf=$this->savconf;
-		$user=$this->savuser;
-		$langs=$this->savlangs;
-		$db=$this->savdb;
+		global $conf, $user, $langs, $db;
+		$conf = $this->savconf;
+		$user = $this->savuser;
+		$langs = $this->savlangs;
+		$db = $this->savdb;
 
-		$result=dol_eval('1==1', 1, 0);
+		$result = dol_eval('1==1', 1, 0);
 		print "result1 = ".$result."\n";
 		$this->assertTrue($result);
 
-		$result=dol_eval('1==2', 1, 0);
+		$result = dol_eval('1==2', 1, 0);
 		print "result2 = ".$result."\n";
 		$this->assertFalse($result);
 
@@ -1073,7 +1073,7 @@ 
 		include_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php';
 
 		$s = '(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref : "Parent project not found"';
-		$result=dol_eval($s, 1, 1, '2');
+		$result = dol_eval($s, 1, 1, '2');
 		print "result3 = ".$result."\n";
 		$this->assertEquals('Parent project not found', $result);
 
@@ -1114,48 +1114,48 @@ 
 		print "result12 = ".$result."\n";
 		$this->assertStringContainsString('Bad string syntax to evaluate', $result);
 
-		$result=dol_eval("90402.38+267678+0", 1, 1, 1);
+		$result = dol_eval("90402.38+267678+0", 1, 1, 1);
 		print "result13 = ".$result."\n";
 		$this->assertEquals('358080.38', $result);
 
-		global $leftmenu;	// Used into strings to eval
+		global $leftmenu; // Used into strings to eval
 
 		$leftmenu = 'AAA';
-		$result=dol_eval('$conf->currency && preg_match(\'/^(AAA|BBB)/\',$leftmenu)', 1, 1, '1');
+		$result = dol_eval('$conf->currency && preg_match(\'/^(AAA|BBB)/\',$leftmenu)', 1, 1, '1');
 		print "result = ".$result."\n";
 		$this->assertTrue($result);
 
 		// Same with a value that does not match
 		$leftmenu = 'XXX';
-		$result=dol_eval('$conf->currency && preg_match(\'/^(AAA|BBB)/\',$leftmenu)', 1, 1, '1');
+		$result = dol_eval('$conf->currency && preg_match(\'/^(AAA|BBB)/\',$leftmenu)', 1, 1, '1');
 		print "result14 = ".$result."\n";
 		$this->assertFalse($result);
 
 		$leftmenu = 'AAA';
-		$result=dol_eval('$conf->currency && isStringVarMatching(\'leftmenu\', \'(AAA|BBB)\')', 1, 1, '1');
+		$result = dol_eval('$conf->currency && isStringVarMatching(\'leftmenu\', \'(AAA|BBB)\')', 1, 1, '1');
 		print "result15 = ".$result."\n";
 		$this->assertTrue($result);
 
 		$leftmenu = 'XXX';
-		$result=dol_eval('$conf->currency && isStringVarMatching(\'leftmenu\', \'(AAA|BBB)\')', 1, 1, '1');
+		$result = dol_eval('$conf->currency && isStringVarMatching(\'leftmenu\', \'(AAA|BBB)\')', 1, 1, '1');
 		print "result16 = ".$result."\n";
 		$this->assertFalse($result);
 
 		$string = '(isModEnabled("agenda") || isModEnabled("resource")) && getDolGlobalInt("MAIN_FEATURES_LEVEL") >= 0 && preg_match(\'/^(admintools|all|XXX)/\', $leftmenu)';
-		$result=dol_eval($string, 1, 1, '1');
+		$result = dol_eval($string, 1, 1, '1');
 		print "result17 = ".$result."\n";
 		$this->assertTrue($result);
 
-		$result=dol_eval('1 && getDolGlobalInt("doesnotexist1") && $conf->global->MAIN_FEATURES_LEVEL', 1, 0);	// Should return false and not a 'Bad string syntax to evaluate ...'
+		$result = dol_eval('1 && getDolGlobalInt("doesnotexist1") && $conf->global->MAIN_FEATURES_LEVEL', 1, 0); // Should return false and not a 'Bad string syntax to evaluate ...'
 		print "result18 = ".$result."\n";
 		$this->assertFalse($result);
 
-		$a='ab';
+		$a = 'ab';
 		$result = (string) dol_eval("(\$a.'s')", 1, 0);
 		print "result19 = ".$result."\n";
 		$this->assertStringContainsString('Bad string syntax to evaluate', $result);
 
-		$leftmenu='abs';
+		$leftmenu = 'abs';
 		$result = (string) dol_eval('$leftmenu(-5)', 1, 0);
 		print "result20 = ".$result."\n";
 		$this->assertStringContainsString('Bad string syntax to evaluate', $result);
@@ -1173,12 +1173,12 @@ 
 		global $conf;
 
 		// Set options for cleaning data
-		$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML = 0;	// disabled, does not work on HTML5 and some libxml versions
+		$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML = 0; // disabled, does not work on HTML5 and some libxml versions
 		// Enabled option MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY if possible
 		if (extension_loaded('tidy') && class_exists("tidy")) {
 			$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY = 1;
 		}
-		$conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = 0;	// disabled, does not work on HTML5 and some libxml versions
+		$conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = 0; // disabled, does not work on HTML5 and some libxml versions
 
 
 
@@ -1191,7 +1191,7 @@ 
 		//$result = dol_escape_htmltag(dol_htmlwithnojs(dol_string_onlythesehtmltags(dol_htmlentitiesbr($stringtotest), 1, 1, 1, 0)), 1, 1, 'common', 0, 1);
 		$result = dolPrintHTML($stringtotest);
 		print __METHOD__." result=".$result."\n";
-		$this->assertEquals($stringfixed, $result, 'Error');    // Expected '' because should failed because login 'auto' does not exists
+		$this->assertEquals($stringfixed, $result, 'Error'); // Expected '' because should failed because login 'auto' does not exists
 
 
 		// For a string that is already HTML (contains HTML tags) with special tags but badly formated
@@ -1240,24 +1240,24 @@ 
 	 */
 	public function testCheckLoginPassEntity()
 	{
-		$login=checkLoginPassEntity('loginbidon', 'passwordbidon', 1, array('dolibarr'));
+		$login = checkLoginPassEntity('loginbidon', 'passwordbidon', 1, array('dolibarr'));
 		print __METHOD__." login=".$login."\n";
 		$this->assertEquals($login, '');
 
-		$login=checkLoginPassEntity('admin', 'passwordbidon', 1, array('dolibarr'));
+		$login = checkLoginPassEntity('admin', 'passwordbidon', 1, array('dolibarr'));
 		print __METHOD__." login=".$login."\n";
 		$this->assertEquals($login, '');
 
-		$login=checkLoginPassEntity('admin', 'admin', 1, array('dolibarr'));            // Should works because admin/admin exists
+		$login = checkLoginPassEntity('admin', 'admin', 1, array('dolibarr')); // Should works because admin/admin exists
 		print __METHOD__." login=".$login."\n";
 		$this->assertEquals($login, 'admin', 'The test to check if pass of user "admin" is "admin" has failed');
 
-		$login=checkLoginPassEntity('admin', 'admin', 1, array('http','dolibarr'));    // Should work because of second authentication method
+		$login = checkLoginPassEntity('admin', 'admin', 1, array('http', 'dolibarr')); // Should work because of second authentication method
 		print __METHOD__." login=".$login."\n";
 		$this->assertEquals($login, 'admin');
 
-		$login=checkLoginPassEntity('admin', 'admin', 1, array('forceuser'));
+		$login = checkLoginPassEntity('admin', 'admin', 1, array('forceuser'));
 		print __METHOD__." login=".$login."\n";
-		$this->assertEquals('', $login, 'Error');    // Expected '' because should failed because login 'auto' does not exists
+		$this->assertEquals('', $login, 'Error'); // Expected '' because should failed because login 'auto' does not exists
 	}
 }