From 4689d42afd4172da0fa6198320c8715f9ac48de3 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 5 Nov 2020 14:10:46 +0100
Subject: [PATCH] FIX #15303

---
 htdocs/fourn/product/list.php | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/htdocs/fourn/product/list.php b/htdocs/fourn/product/list.php
index 5e83ae93923e5..3f3703166e941 100644
--- a/htdocs/fourn/product/list.php
+++ b/htdocs/fourn/product/list.php
@@ -35,10 +35,10 @@
 
 if (!$user->rights->produit->lire && !$user->rights->service->lire) accessforbidden();
 
-$sref = GETPOST('sref');
+$sref = GETPOST('sref', 'alphanohtml');
 $sRefSupplier = GETPOST('srefsupplier');
-$snom = GETPOST('snom');
-$type = GETPOST('type');
+$snom = GETPOST('snom', 'alphanohtml');
+$type = GETPOST('type', 'alphanohtml');
 $optioncss = GETPOST('optioncss', 'alpha');
 
 // Load variable for pagination
@@ -127,7 +127,7 @@
 $massactionbutton = $form->selectMassAction('', $arrayofmassactions);
 
 
-$sql = "SELECT p.rowid, p.label, p.ref, p.fk_product_type, p.entity,";
+$sql = "SELECT p.rowid, p.label, p.ref, p.fk_product_type, p.entity, p.tosell, p.tobuy, p.barcode, p.fk_barcode_type,";
 $sql .= " ppf.fk_soc, ppf.ref_fourn, ppf.price as price, ppf.quantity as qty, ppf.unitprice,";
 $sql .= " s.rowid as socid, s.nom as name";
 // Add fields to SELECT from hooks
@@ -208,12 +208,10 @@
 
 	llxHeader("", "", $texte);
 
-
-	$param = "&tobuy=".$tobuy."&sref=".$sref."&snom=".$snom."&fourn_id=".$fourn_id.(isset($type) ? "&amp;type=".$type : "").(empty($sRefSupplier) ? "" : "&amp;srefsupplier=".$sRefSupplier);
+	$param = "&sref=".$sref."&snom=".$snom."&fourn_id=".$fourn_id.(isset($type) ? "&amp;type=".$type : "").(empty($sRefSupplier) ? "" : "&amp;srefsupplier=".$sRefSupplier);
 	if ($optioncss != '') $param .= '&optioncss='.$optioncss;
 	print_barre_liste($texte, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num, $nbtotalofrecords);
 
-
 	if (!empty($catid))
 	{
 		print "<div id='ways'>";
@@ -243,13 +241,13 @@
 	// Fields title search
 	print '<tr class="liste_titre">';
 	print '<td class="liste_titre">';
-	print '<input class="flat" type="text" name="sref" value="'.$sref.'" size="12">';
+	print '<input class="flat maxwidth100" type="text" name="sref" value="'.$sref.'">';
 	print '</td>';
 	print '<td class="liste_titre">';
-	print '<input class="flat" type="text" name="srefsupplier" value="'.$sRefSupplier.'" size="12">';
+	print '<input class="flat maxwidth100" type="text" name="srefsupplier" value="'.$sRefSupplier.'">';
 	print '</td>';
 	print '<td class="liste_titre">';
-	print '<input class="flat" type="text" name="snom" value="'.$snom.'">';
+	print '<input class="flat maxwidth100" type="text" name="snom" value="'.$snom.'">';
 	print '</td>';
 	print '<td></td>';
 	print '<td></td>';
@@ -283,19 +281,22 @@
 	print_liste_field_titre('', $_SERVER["PHP_SELF"]);
 	print "</tr>\n";
 
-	$oldid = '';
-
 	while ($i < min($num, $limit))
 	{
 		$objp = $db->fetch_object($resql);
 
-		print '<tr class="oddeven">';
-
-		print '<td>';
 		$productstatic->id = $objp->rowid;
 		$productstatic->ref = $objp->ref;
 		$productstatic->type = $objp->fk_product_type;
 		$productstatic->entity = $objp->entity;
+		$productstatic->status = $objp->tosell;
+		$productstatic->status_buy = $objp->tobuy;
+		$productstatic->barcode = $objp->barcode;
+		$productstatic->barcode_type = $objp->fk_barcode_type;
+
+		print '<tr class="oddeven">';
+
+		print '<td>';
 		print $productstatic->getNomUrl(1, 'supplier');
 		print '</td>';