From 3e0afcd8fc30b7dc308e62845319166b5987ddb2 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Mon, 5 Sep 2011 21:37:05 +0000
Subject: [PATCH] Fix: Bad link

---
 htdocs/langs/ca_ES/companies.lang   |  5 +++
 htdocs/langs/es_ES/companies.lang   |  5 +++
 htdocs/lib/xcal.lib.php             | 65 ++++++++++++++++++-----------
 htdocs/public/paypal/newpayment.php | 38 ++++++++++++-----
 4 files changed, 79 insertions(+), 34 deletions(-)

diff --git a/htdocs/langs/ca_ES/companies.lang b/htdocs/langs/ca_ES/companies.lang
index 15ed7c233f6..f53b982db04 100644
--- a/htdocs/langs/ca_ES/companies.lang
+++ b/htdocs/langs/ca_ES/companies.lang
@@ -179,6 +179,11 @@ ProfId2PT=Núm seguretat social
 ProfId3PT=Num reg. comercial
 ProfId4PT=Conservatori
 ProfId5PT=-
+ProfId1RU=OGRN
+ProfId2RU=INN
+ProfId3RU=KPP
+ProfId4RU=OKPO
+ProfId5RU=-
 ProfId1SN=RC
 ProfId2SN=NINEA
 ProfId3SN=- 
diff --git a/htdocs/langs/es_ES/companies.lang b/htdocs/langs/es_ES/companies.lang
index 06e92f88721..b4dc31069da 100644
--- a/htdocs/langs/es_ES/companies.lang
+++ b/htdocs/langs/es_ES/companies.lang
@@ -179,6 +179,11 @@ ProfId2PT=Núm. seguridad social
 ProfId3PT=Num reg. comercial
 ProfId4PT=Conservatorio
 ProfId5PT=-
+ProfId1RU=OGRN
+ProfId2RU=INN
+ProfId3RU=KPP
+ProfId4RU=OKPO
+ProfId5RU=-
 ProfId1SN=RC
 ProfId2SN=NINEA
 ProfId3SN=-
diff --git a/htdocs/lib/xcal.lib.php b/htdocs/lib/xcal.lib.php
index 0756984c156..6801ddcff3f 100644
--- a/htdocs/lib/xcal.lib.php
+++ b/htdocs/lib/xcal.lib.php
@@ -1,5 +1,5 @@
 <?php
-/* Copyright (C) 2008 Laurent Destailleur  <eldy@users.sourceforge.net>
+/* Copyright (C) 2008-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -24,12 +24,13 @@
 /**
  *	Build a file from an array of events
  *  All input params and data must be encoded in $conf->charset_output
- *	@param		format				'vcal' or 'ical'
- *	@param		title				Title of export
- *	@param		desc				Description of export
- *	@param		events_array		Array of events ('eid','startdate','duration','enddate','title','summary','category','email','url','desc','author')
- *	@param		outputfile			Output file
- *	@return		int					<0 if ko, Nb of events in file if ok
+ *
+ *	@param		string	$format				'vcal' or 'ical'
+ *	@param		string	$title				Title of export
+ *	@param		string	$desc				Description of export
+ *	@param		array	$events_array		Array of events ('eid','startdate','duration','enddate','title','summary','category','email','url','desc','author')
+ *	@param		string	$outputfile			Output file
+ *	@return		int							<0 if ko, Nb of events in file if ok
  */
 function build_calfile($format='vcal',$title,$desc,$events_array,$outputfile)
 {
@@ -279,15 +280,16 @@ function build_calfile($format='vcal',$title,$desc,$events_array,$outputfile)
 }
 
 /**
- *	\brief		Build a file from an array of events
- *              All input data must be encoded in $conf->charset_output
- *	\param		format				'rss'
- *	\param		title				Title of export
- *	\param		desc				Description of export
- *	\param		events_array		Array of events ('uid','startdate','summary','url','desc','author','category')
- *	\param		outputfile			Output file
- *	\param		filter				Filter
- *	\return		int					<0 if ko, Nb of events in file if ok
+ *	Build a file from an array of events.
+ *  All input data must be encoded in $conf->charset_output
+ *
+ *	@param		string	$format				'rss'
+ *	@param		string	$title				Title of export
+ *	@param		string	$desc				Description of export
+ *	@param		array	$events_array		Array of events ('uid','startdate','summary','url','desc','author','category')
+ *	@param		string	$outputfile			Output file
+ *	@param		string	$filter				Filter
+ *	@return		int							<0 if ko, Nb of events in file if ok
  */
 function build_rssfile($format='rss',$title,$desc,$events_array,$outputfile,$filter='')
 {
@@ -394,11 +396,12 @@ function build_rssfile($format='rss',$title,$desc,$events_array,$outputfile,$fil
 
 
 /**
- * 	\brief		Encode for cal export
- * 	\param		format		vcal or ical
- * 	\param 		string		string to encode
- * 	\return		string		string encoded
- * 	\remarks	string must be encoded in conf->file->character_set_client
+ * 	Encode for cal export
+ * 	string must be encoded in conf->file->character_set_client
+ *
+ * 	@param		string	$format		vcal or ical
+ * 	@param 		string	$string		string to encode
+ * 	@return		string				string encoded
  */
 function format_cal($format,$string)
 {
@@ -428,8 +431,9 @@ function format_cal($format,$string)
 /**
  *	Cut string after 75 chars. Add CRLF+Space.
  *	line must be encoded in UTF-8
- *	@param		line		String to convert
- *	@return		string 		String converted
+ *
+ *	@param		string	$line	String to convert
+ *	@return		string 			String converted
  */
 function CalEncode($line)
 {
@@ -473,6 +477,13 @@ function CalEncode($line)
 }
 
 
+/**
+ *	Encode into vcal format
+ *
+ *	@param		string	$str		String to convert
+ *	@param		int		forcal		1=For cal
+ *	@return		string 				String converted
+ */
 function QPEncode($str,$forcal=0)
 {
 	$lines = preg_split("/\r\n/", $str);
@@ -503,7 +514,13 @@ function QPEncode($str,$forcal=0)
 	return trim ( $out );
 }
 
-function QPDecode( $str )
+/**
+ *	Decode vcal format
+ *
+ *	@param		string	$str		String to convert
+ *	@return		string 				String converted
+ */
+function QPDecode($str)
 {
 	$out = preg_replace('/=\r?\n/', '', $str);
 	$out = preg_replace('/=([A-F0-9]{2})/e', chr( hexdec ('\\1' ) ), $out);
diff --git a/htdocs/public/paypal/newpayment.php b/htdocs/public/paypal/newpayment.php
index c540cdd3030..065de28665d 100755
--- a/htdocs/public/paypal/newpayment.php
+++ b/htdocs/public/paypal/newpayment.php
@@ -87,7 +87,7 @@ $SOURCE=GETPOST("source",'alpha');
 $ref=$REF=GETPOST('ref','alpha');
 $TAG=GETPOST("tag",'alpha');
 $FULLTAG=GETPOST("fulltag",'alpha');		// fulltag is tag with more informations
-$SECUREKEY=GETPOST("securekey",'alpha');	// Secure key
+$SECUREKEY=GETPOST("securekey");	        // Secure key
 
 if (! empty($SOURCE))
 {
@@ -138,10 +138,35 @@ if (empty($PAYPAL_API_SIGNATURE))
     return -1;
 }
 
+// Check security token
+$valid=true;
+if (! empty($conf->global->PAYPAL_SECURITY_TOKEN))
+{
+    if (! empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE))
+    {
+	    if ($REF) $token = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . $REF);    // REF always defined if SOURCE is defined
+	    else $token = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN);
+    }
+    else
+    {
+        $token = $conf->global->PAYPAL_SECURITY_TOKEN;
+    }
+	if ($SECUREKEY != $token) $valid=false;
+
+	if (! $valid)
+	{
+    	print '<div class="error">Bad value for key.</div>';
+	    //print 'SECUREKEY='.$SECUREKEY.' token='.$token.' valid='.$valid;
+    	exit;
+	}
+}
+
+
 
 /*
  * Actions
  */
+
 if (GETPOST("action") == 'dopayment')
 {
 	$PAYPAL_API_PRICE=price2num(GETPOST("newamount"),'MT');
@@ -237,6 +262,7 @@ print '<input type="hidden" name="action" value="dopayment">'."\n";
 print '<input type="hidden" name="amount" value="'.GETPOST("amount",'int').'">'."\n";
 print '<input type="hidden" name="tag" value="'.GETPOST("tag",'alpha').'">'."\n";
 print '<input type="hidden" name="suffix" value="'.GETPOST("suffix",'alpha').'">'."\n";
+print '<input type="hidden" name="securekey" value="'.$SECUREKEY.'">'."\n";
 print "\n";
 print '<!-- Form to send a Paypal payment -->'."\n";
 print '<!-- PAYPAL_API_SANDBOX = '.$conf->global->PAYPAL_API_SANDBOX.' -->'."\n";
@@ -303,16 +329,8 @@ $found=false;
 $error=0;
 $var=false;
 
-// Check security token
-$valid=true;
-if (! empty($conf->global->PAYPAL_SECURITY_TOKEN) )
-{
-	$token = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . $SOURCE . $ref, 2);
-	if ($SECUREKEY != $token) $valid=false;
-}
-
 // Free payment
-if (! GETPOST("source"))
+if (! GETPOST("source") && $valid)
 {
 	$found=true;
 	$tag=GETPOST("tag");