// CHANGELOG

git-svn-id: http://dev.prestashop.com/svn/v1/branches/1.5.x@17359 b9a71923-0436-4b27-9f14-aed3839534dd

admin-dev/ajax.php

@@ -79,8 +79,6 @@ if (Tools::isSubmit('getAvailableFields') AND Tools::isSubmit('entity'))
 	$jsonArray = array();
 	$import = new AdminImportController();
 
-	$languages = Language::getLanguages(false);
-	$defaultLanguage = (int)(Configuration::get('PS_LANG_DEFAULT'));
 	$fields = $import->getAvailableFields(true);
 	foreach ($fields AS $field)
 		$jsonArray[] = '{"field":"'.addslashes($field).'"}';

admin-dev/functions.php

@@ -251,14 +251,14 @@ function checkingTab($tab)
 	{
 		if (isset(AdminTab::$tabParenting[$tab]))
 			Tools::redirectAdmin('?tab='.AdminTab::$tabParenting[$tab].'&token='.Tools::getAdminTokenLite(AdminTab::$tabParenting[$tab]));
-		echo sprintf(Tools::displayError('Tab %s cannot be found.'),$tab);
+		echo sprintf(Tools::displayError('Page %s cannot be found.'),$tab);
 		return false;
 	}
 
 	// Class file is included in Dispatcher::dispatch() function
 	if (!class_exists($tab, false) OR !$row['id_tab'])
 	{
-		echo sprintf(Tools::displayError('Tab file %s cannot be found.'),$tab);
+		echo sprintf(Tools::displayError('The class %s cannot be found.'),$tab);
 		return false;
 	}
 	$adminObj = new $tab;

admin-dev/header.inc.php

@@ -344,7 +344,7 @@ echo '
 if (Shop::isFeatureActive())
 {
    echo '<div class="multishop_toolbar">
-        <span class="text_multishop">'.translate('Multishop configuration for').'</span>'.
+        <span class="text_multishop">'.translate('Multistore configuration for').'</span>'.
 		Helper::renderShopList();
     echo '</div>';
 }

admin-dev/init.php

@@ -123,7 +123,7 @@ try
 						Shop::setContext(Shop::CONTEXT_SHOP, $shop_id);
 					}
 				}
-				else if ($context->employee->hasAuthOnShop($split[1]))
+				elseif ($context->employee->hasAuthOnShop($split[1]))
 				{
 					$shop_id = $split[1];
 					Shop::setContext(Shop::CONTEXT_SHOP, $shop_id);

admin-dev/themes/default/css/modules.css

@@ -245,5 +245,5 @@ form#product, form#access_form{   background-color:#ebedf4; border:1px solid #cc
 #moduleContainer .moduleFavDesc { font-family:Georgia; font-style:italic; color:#666;}
 
 /*FOOTER*/
-#footer {height:40px; font-size:12px;clear:both;font-size:0.9em;color:#666666}
+#footer {height:40px;padding-top:5px;font-size:12px;clear:both;font-size:0.9em;color:#666666}
 #footer .footer_link, #footer .footer_link:hover {color:#D41958;}

admin-dev/themes/default/template/controllers/access/helpers/form/form.tpl

@@ -204,7 +204,7 @@
 				<table class="table float" cellspacing="0" style="margin-right:50px" id="table_{$profile.id_profile}">
 					<tr>
 						<th class="center">
-							{l s='Tabs'}
+							{l s='Menus'}
 						</th>
 						<th class="center">
 							<input type="checkbox" name="1" id="viewall"
@@ -254,7 +254,7 @@
 					</tr>
 					{if !count($tabs)}
 						<tr>
-							<td colspan="6">{l s='No tab'}</td>
+							<td colspan="6">{l s='No menu'}</td>
 						</tr>
 					{else}
 						{foreach $tabs AS $tab}

admin-dev/themes/default/template/controllers/attribute_generator/content.tpl

@@ -37,11 +37,9 @@
 			if (!isNaN(element_price) && element_price > 0)
 			{
 				if (element_has_tax)
-					other_element_price = parseFloat(element_price / ((product_tax / 100) + 1));
+					other_element_price = parseFloat(element_price / ((product_tax / 100) + 1)).toFixed(6);
 				else
-					other_element_price = ps_round(parseFloat(element_price * ((product_tax / 100) + 1)), 2);
-
-				other_element_price = other_element_price.toFixed(2);
+					other_element_price = ps_round(parseFloat(element_price * ((product_tax / 100) + 1)), 2).toFixed(2);
 			}
 
 			$('#related_to_'+element.attr('name')).val(other_element_price);

admin-dev/themes/default/template/controllers/backup/download/view.tpl

@@ -54,7 +54,7 @@
 	<div class="warn width2" style="float: left;">
 		<p>{l s='How to restore a database Backup in 10 easy steps:'}</p>
 		<ol style="font-size: 11px; font-weight: normal; line-height: 20px;">
-			<li>{l s='Set "Enable Shop" to "No" in the Preferences > Maintenance tab.'}</li>
+			<li>{l s='Set "Enable Shop" to "No" in the "Maintenance" page under the "Preferences" menu.'}</li>
 			<li>{l s='Download the Backup from the list below or from your FTP server (in the folder "admin/backups").'}</li>
 			<li>{l s='Check the Backup integrity: look for errors, incomplete file, etc. Be sure to verify all your data.'}</li>
 			<li>{l s='Ask your hosting provider for "phpMyAdmin" access to your database'}</li>

admin-dev/themes/default/template/controllers/backup/helpers/list/list_header.tpl

@@ -62,7 +62,7 @@
 	<div class="warn width2" style="float: left;">
 		<p>{l s='How to restore a database Backup in 10 easy steps:'}</p>
 		<ol style="font-size: 11px; font-weight: normal; line-height: 20px;">
-			<li>{l s='Set "Enable Shop" to "No" in the Preferences > Maintenance tab.'}</li>
+			<li>{l s='Set "Enable Shop" to "No" in the "Maintenance" page under the "Preferences" menu.'}</li>
 			<li>{l s='Download the Backup from the list below or from your FTP server (in the folder "admin/backups").'}</li>
 			<li>{l s='Check the Backup integrity: look for errors, incomplete file, etc. Be sure to verify all your data.'}</li>
 			<li>{l s='Ask your hosting provider for "phpMyAdmin" access to your database'}</li>

admin-dev/themes/default/template/controllers/cart_rules/conditions.tpl

@@ -4,7 +4,7 @@
 	<input type="text" id="customerFilter" name="customerFilter" value="{$customerFilter|escape:'htmlall':'UTF-8'}" style="width:400px" />
 	<p class="preference_description">{l s='Optional, the cart rule will be available for everyone if you leave this field blank.'}</p>
 </div>
-<label>{l s='Validity'}</label>
+<label>{l s='Valid'}</label>
 <div class="margin-form">
 	<strong>{l s='from'}</strong>
 	<input type="text" class="datepicker" name="date_from"

admin-dev/themes/default/template/controllers/cart_rules/form.tpl

@@ -54,6 +54,6 @@
 			name: '{$language.name|escape:'quotes'}'
 		};
 	{/foreach}
-	displayFlags(languages, {$defaultLanguage});
+	displayFlags(languages, {$id_lang_default});
 </script>
 <script type="text/javascript" src="themes/default/template/controllers/cart_rules/form.js"></script>

admin-dev/themes/default/template/controllers/cart_rules/informations.tpl

@@ -5,8 +5,8 @@
 			<div class="margin-form">
 				<div class="translatable">
 				{foreach from=$languages item=language}
-					<div class="lang_{$language.id_lang|intval}" style="display:{if $language.id_lang == $defaultLanguage}block{else}none{/if};float:left">
-						<input type="text" id="name_{$language.id_lang|intval}" name="name_{$language.id_lang|intval}" value="{$currentTab->getFieldValue($currentObject, 'name', $language.id_lang|intval)}" style="width:400px" />
+					<div class="lang_{$language.id_lang|intval}" style="display:{if $language.id_lang == $id_lang_default}block{else}none{/if};float:left">
+						<input type="text" id="name_{$language.id_lang|intval}" name="name_{$language.id_lang|intval}" value="{$currentTab->getFieldValue($currentObject, 'name', $language.id_lang|intval)|escape:html:'UTF-8'}" style="width:400px" />
 						<sup>*</sup>
 					</div>
 				{/foreach}

admin-dev/themes/default/template/controllers/carts/helpers/view/view.tpl

@@ -36,7 +36,7 @@
 		<h2><img src="../img/admin/vcard.png" />{l s='Customer information'}</h2>
 		<span style="font-size: 14px;">
 		{if $customer->id}
-			<a href="{$link->getAdminLink('AdminCustomers')}&id_customer={$customer->id}&viewcustomer">{$customer->firstname} {$customer->lastname}</a></span>
+			<a href="{$link->getAdminLink('AdminCustomers')|escape:'htmlall':'UTF-8'}&id_customer={$customer->id}&viewcustomer">{$customer->firstname} {$customer->lastname}</a></span>
 			{l s='#'}{$customer->id}<br />
 			<a style="text-decoration: underline; color:#268CCD;" href="mailto:{$customer->email}">{$customer->email}</a>	<br /><br />
 			{l s='Account registration date:'} {dateFormat date=$customer->date_add}<br />
@@ -51,12 +51,12 @@
 		<h2><img src="../img/admin/cart.gif" /> {l s='Order information'}</h2>
 		<span>
 		{if $order->id}
-			<a href="{$link->getAdminLink('AdminOrders')}&id_order={$order->id}&vieworder"> {l s='Order #%d' sprintf=$order->id|string_format:"%06d"}</a></span>
+			<a href="{$link->getAdminLink('AdminOrders')|escape:'htmlall':'UTF-8'}&id_order={$order->id}&vieworder"> {l s='Order #%d' sprintf=$order->id|string_format:"%06d"}</a></span>
 			<br /><br />
 			{l s='Made on:'} {dateFormat date=$order->date_add}<br /><br /><br /><br />
 		{else}
 			{l s='No order created from this cart'}</span>
-			<p><a class="button" href="{$link->getAdminLink('AdminOrders')}&id_cart={$cart->id}&addorder">{l s='Create an order with from cart'}</a></p>
+			{if $customer->id}<p><a class="button" href="{$link->getAdminLink('AdminOrders')|escape:'htmlall':'UTF-8'}&id_cart={$cart->id}&addorder">{l s='Create an order with from cart'}</a></p>{/if}
 		{/if}
 	</div>
 	<br style="clear:both;" />
@@ -77,12 +77,12 @@
 		</tr>
 		<tbody>
 		{foreach from=$products item='product'}
-			{if isset($customized_datas[$product.id_product][$product.id_product_attribute])}
+			{if isset($customized_datas[$product.id_product][$product.id_product_attribute][$product.id_address_delivery])}
 				<tr>
 					<td align="center">{$product.image}</td>
-					<td><a href="{$link->getAdminLink('AdminProducts')}&id_product={$product.id_product}&updateproduct">
+					<td><a href="{$link->getAdminLink('AdminProducts')|escape:'htmlall':'UTF-8'}&id_product={$product.id_product}&updateproduct">
 								<span class="productName">{$product.name}</span>{if isset($product.attributes)}<br />{$product.attributes}{/if}<br />
-							{if $product.reference}$this->l('Ref:') {$product.reference}{/if}
+							{if $product.reference}{l s='Ref:'} {$product.reference}{/if}
 							{if $product.reference && $product.supplier_reference} / {$product.supplier_reference}{/if}
 						</a>
 					</td>
@@ -91,7 +91,7 @@
 					<td align="center" class="productQuantity">{$product.qty_in_stock}</td>
 					<td align="right">{displayWtPriceWithCurrency price=$product.total_customization_wt currency=$currency}</td>
 				</tr>
-				{foreach from=$customized_datas[$product.id_product][$product.id_product_attribute] item='customization'}
+				{foreach from=$customized_datas[$product.id_product][$product.id_product_attribute][$product.id_address_delivery] item='customization'}
 				<tr>
 					<td colspan="2">
 					{foreach from=$customization.datas key='type' item='datas'}
@@ -125,7 +125,7 @@
 				<tr>
 					<td align="center">{$product.image}</td>
 					<td>
-						<a href="{$link->getAdminLink('AdminProducts')}&id_product={$product.id_product}&updateproduct">
+						<a href="{$link->getAdminLink('AdminProducts')|escape:'htmlall':'UTF-8'}&id_product={$product.id_product}&updateproduct">
 						<span class="productName">{$product.name}</span>{if isset($product.attributes)}<br />{$product.attributes}{/if}<br />
 						{if $product.reference}{l s='Ref:'} {$product.reference}{/if}
 						{if $product.reference && $product.supplier_reference} / {$product.supplier_reference}{/if}
@@ -175,7 +175,7 @@
 		</tr>
 		{foreach from=$discounts item='discount'}
 			<tr>
-				<td><a href="{$link->getAdminLink('AdminDiscounts')}&id_discount={$discount.id_discount}&updatediscount">{$discount.name}</a></td>
+				<td><a href="{$link->getAdminLink('AdminDiscounts')|escape:'htmlall':'UTF-8'}&id_discount={$discount.id_discount}&updatediscount">{$discount.name}</a></td>
 				<td align="center">- {displayWtPriceWithCurrency price=$discount.value_real currency=$currency}</td>
 			</tr>
 		{/foreach}

admin-dev/themes/default/template/controllers/customer_threads/helpers/view/view.tpl

@@ -45,7 +45,7 @@
 				<select name="id_employee_forward" style="vertical-align: middle;">
 					<option value="-1">{l s='-- Choose --'}</option>
 					{foreach $employees as $employee}
-						<option value="{$employee.id_employee}"> {$employee.firstname|substr:0:1}. {$employee.lastname}</option>
+						<option value="{$employee.id_employee}"> {Tools::substr($employee.firstname, 0, 1)}. {$employee.lastname}</option>
 					{/foreach}
 					<option value="0">{l s='Someone else'}</option>
 				</select>
@@ -147,6 +147,7 @@
 
 	
 	<script type="text/javascript">
+		var timer;
 		$(document).ready(function(){
 			$('select[name=id_employee_forward]').change(function(){
 				if ($(this).val() >= 0)
@@ -164,7 +165,27 @@
 					$(this).val('');
 				}
 			});
+			timer = setInterval("markAsRead()", 3000);
 		});
+		
+		
+		function markAsRead()
+		{
+			$.ajax({
+				type: 'POST',
+				url: 'ajax-tab.php',
+				async: true,
+				dataType: 'json',
+				data: {
+					controller: 'AdminCustomerThreads',
+					action: 'markAsRead',
+					token : '{$token}',
+					id_thread: {$id_customer_thread}
+				}
+			});
+			clearInterval(timer);
+			timer = null;
+   		}
 	</script>
 
 {/block}

admin-dev/themes/default/template/controllers/customers/helpers/view/view.tpl

@@ -30,7 +30,7 @@
 	<script type="text/javascript">
 		function saveCustomerNote()
 		{
-			$('#note_feedback').html('<img src="../img/loader.gif" />').show();
+			$('#note_feedback').html('<img src="../img/loader.gif" alt="" />').show();
 			var noteContent = $('#noteContent').val();
 	
 			$.ajax({

admin-dev/themes/default/template/controllers/home/content.tpl

@@ -45,7 +45,6 @@
 		<p>{l s='If you don\'t know how to do this, please contact your hosting provider!'}</p><br />
 	{/if}
 
-{* Screencast deprecated, but I keep the code in case it is updated later
 {if $employee->bo_show_screencast}
 <div id="adminpresentation" style="display:block">
 <h2>{l s='Video'}</h2>
@@ -97,7 +96,6 @@ $(document).ready(function() {
 });
 </script>
 {/if}
-*}
 
 <h2>{l s='Quick links'}</h2>
 		<ul class="F_list clearfix">

admin-dev/themes/default/template/controllers/information/helpers/view/view.tpl

@@ -77,23 +77,24 @@
 	<br />
 	<fieldset>
 		<legend><img src="../img/t/AdminInformation.gif" alt="" /> {l s='Information about your configuration'}</legend>
-		<h3>{l s='Server information'}</h3>
-		<p>
-			<b>{l s='Prestashop version'}:</b> {$version.ps|escape:'htmlall':'UTF-8'}
-		</p>
-	
+		<h3>{l s='Server information'}</h3>	
 		{if count($uname)}
 		<p>
 			<b>{l s='Server information'}:</b> {$uname|escape:'htmlall':'UTF-8'}
 		</p>
 		{/if}
-	
 		<p>
 			<b>{l s='Server software version'}:</b> {$version.server|escape:'htmlall':'UTF-8'}
 		</p>
 		<p>
 			<b>{l s='PHP version'}:</b> {$version.php|escape:'htmlall':'UTF-8'}
 		</p>
+		<p>
+			<b>{l s='Memory limit'}:</b> {$version.memory_limit|escape:'htmlall':'UTF-8'}
+		</p>
+		<p>
+			<b>{l s='Max execution time'}:</b> {$version.max_execution_time|escape:'htmlall':'UTF-8'}
+		</p>
 		{if $apache_instaweb}
 		<p style="color:red;font-weight:700">{l s='PageSpeed module for Apache installed (mod_instaweb)'}</p>
 		{/if}
@@ -112,6 +113,9 @@
 	
 		<hr />
 		<h3>{l s='Store information'}</h3>
+		<p>
+			<b>{l s='Prestashop version'}:</b> {$shop.ps|escape:'htmlall':'UTF-8'}
+		</p>
 		<p>
 			<b>{l s='Shop URL'}:</b> {$shop.url|escape:'htmlall':'UTF-8'}
 		</p>

admin-dev/themes/default/template/controllers/login/content.tpl

@@ -65,7 +65,7 @@
 				<input type="submit" name="submitLogin" value="{l s='Log in'}" class="button fl margin-right-5" />
 
 				<p class="fl no-margin hide ajax-loader">
-					<img src="../img/loader.gif">
+					<img src="../img/loader.gif" alt="" />
 				</p>
 
 				<p class="fr no-margin">
@@ -89,7 +89,7 @@
 				<input type="submit" name="submit" value="{l s='Send'}" class="button fl margin-right-5" />
 
 				<p class="fl no-margin hide ajax-loader">
-					<img src="../img/loader.gif">
+					<img src="../img/loader.gif" alt=""  />
 				</p>
 
 				<p class="fr no-margin">

admin-dev/themes/default/template/controllers/modules/js.tpl

@@ -130,7 +130,7 @@
 						},
  						beforeSend: function(xhr)
 						{
-							$('#moduleContainer').html('<img src="../img/loader.gif" border="0">');
+							$('#moduleContainer').html('<img src="../img/loader.gif" alt="" border="0" />');
 						},
 						success : function(data)
 						{
@@ -195,7 +195,7 @@
 						},
  						beforeSend: function(xhr)
 						{
-							$('#addons_loading').html('<img src="../img/loader.gif" border="0">');
+							$('#addons_loading').html('<img src="../img/loader.gif" alt="" border="0" />');
 						},
 						success : function(data)
 						{
@@ -236,7 +236,7 @@
 						},
  						beforeSend: function(xhr)
 						{
-							$('#addons_loading').html('<img src="../img/loader.gif" border="0">');
+							$('#addons_loading').html('<img src="../img/loader.gif" alt="" border="0" />');
 						},
 						success : function(data)
 						{

admin-dev/themes/default/template/controllers/orders/_documents.tpl

@@ -60,12 +60,12 @@
 		<td class="document_number">
 			{if get_class($document) eq 'OrderInvoice'}
 				{if isset($document->is_delivery)}
-					<a target="_blank" href="{$link->getAdminLink('AdminPdf')}&submitAction=generateDeliverySlipPDF&id_order_invoice={$document->id}">
+					<a target="_blank" href="{$link->getAdminLink('AdminPdf')|escape:'htmlall':'UTF-8'}&submitAction=generateDeliverySlipPDF&id_order_invoice={$document->id}">
 			   	{else}
-					<a target="_blank" href="{$link->getAdminLink('AdminPdf')}&submitAction=generateInvoicePDF&id_order_invoice={$document->id}">
+					<a target="_blank" href="{$link->getAdminLink('AdminPdf')|escape:'htmlall':'UTF-8'}&submitAction=generateInvoicePDF&id_order_invoice={$document->id}">
 			   {/if}
 			{elseif get_class($document) eq 'OrderSlip'}
-				<a target="_blank" href="{$link->getAdminLink('AdminPdf')}&submitAction=generateOrderSlipPDF&id_order_slip={$document->id}">
+				<a target="_blank" href="{$link->getAdminLink('AdminPdf')|escape:'htmlall':'UTF-8'}&submitAction=generateOrderSlipPDF&id_order_slip={$document->id}">
 			{/if}
 			{if get_class($document) eq 'OrderInvoice'}
 				{if isset($document->is_delivery)}
@@ -92,6 +92,8 @@
 					</span>
 				{/if}
 			{/if}
+		{elseif get_class($document) eq 'OrderSlip'}
+			{displayPrice price=$document->amount currency=$currency->id}
 		{/if}
 		</td>
 		<td class="right document_action">

admin-dev/themes/default/template/controllers/orders/_print_pdf_icon.tpl

@@ -27,7 +27,7 @@
 {* Generate HTML code for printing Invoice Icon with link *}
 <span style="width:20px; margin-right:5px;">
 {if ($order_state->invoice || $order->invoice_number)}
-	<a target="_blank" href="{$link->getAdminLink('AdminPdf')}&submitAction=generateInvoicePDF&id_order={$order->id}"><img src="../img/admin/tab-invoice.gif" alt="invoice" /></a>
+	<a target="_blank" href="{$link->getAdminLink('AdminPdf')|escape:'htmlall':'UTF-8'}&submitAction=generateInvoicePDF&id_order={$order->id}"><img src="../img/admin/tab-invoice.gif" alt="invoice" /></a>
 {else}
 	-
 {/if}
@@ -36,7 +36,7 @@
 {* Generate HTML code for printing Delivery Icon with link *}
 <span style="width:20px;">
 {if ($order_state->delivery || $order->delivery_number)}
-	<a target="_blank" href="{$link->getAdminLink('AdminPdf')}&submitAction=generateDeliverySlipPDF&id_order={$order->id}"><img src="../img/admin/delivery.gif" alt="delivery" /></a>
+	<a target="_blank" href="{$link->getAdminLink('AdminPdf')|escape:'htmlall':'UTF-8'}&submitAction=generateDeliverySlipPDF&id_order={$order->id}"><img src="../img/admin/delivery.gif" alt="delivery" /></a>
 {else}
 	-
 {/if}

admin-dev/themes/default/template/controllers/orders/_shipping.tpl

@@ -58,7 +58,7 @@
 		<td>
 			<span id="shipping_number_show">{if $line.url && $line.tracking_number}<a href="{$line.url|replace:'@':$line.tracking_number}">{$line.tracking_number}</a>{else}{$line.tracking_number}{/if}</span>
 			{if $line.can_edit}
-				<form style="display: inline;" method="post" action="{$link->getAdminLink('AdminOrders')}&vieworder&id_order={$order->id|escape:'htmlall':'UTF-8'}">
+				<form style="display: inline;" method="post" action="{$link->getAdminLink('AdminOrders')|escape:'htmlall':'UTF-8'}&vieworder&id_order={$order->id|escape:'htmlall':'UTF-8'}">
 					<span class="shipping_number_edit" style="display:none;">
 						<input type="hidden" name="id_order_carrier" value="{$line.id_order_carrier|htmlentities}" />
 						<input type="text" name="tracking_number" value="{$line.tracking_number|htmlentities}" />

admin-dev/themes/default/template/controllers/orders/form.tpl

@@ -24,7 +24,7 @@
 *  International Registered Trademark & Property of PrestaShop SA
 *}
 <script type="text/javascript">
-	var id_cart = '';
+	var id_cart = {$cart->id|intval};
 	var id_customer = '';
 	var changed_shipping_price = false;
 	var shipping_price_selected_carrier = '';
@@ -132,8 +132,8 @@
 				add_cart_rule(data.id_cart_rule);
 			});
 		{if $cart->id}
-			setupCustomer('{$cart->id_customer}');
-			useCart('{$cart->id}');
+			setupCustomer({$cart->id_customer|intval});
+			useCart('{$cart->id|intval}');
 		{/if}
 
 		$('.delete_product').live('click', function(e) {
@@ -474,7 +474,8 @@
 				token: "{getAdminToken tab='AdminCarts'}",
 				tab: "AdminCarts",
 				action: "searchCarts",
-				id_customer: id_customer
+				id_customer: id_customer,
+				id_cart: id_cart
 			},
 			success : function(res)
 			{
@@ -552,7 +553,10 @@
 
 				if(res.found)
 				{
-					$('#products_err').hide();
+					if (!customization_errors)
+						$('#products_err').hide();
+					else
+						customization_errors = false;
 					$('#products_found').show();
 					products_found += '<label>{l s='Product:'}</label><select id="id_product" onclick="display_product_attributes();display_product_customizations();">';
 					attributes_html += '<label>{l s='Combination:'}</label>';
@@ -950,14 +954,14 @@
 	<div class="margin-form">
 		<input type="text" id="customer" value="" />
 		<p>{l s='Search a customer by tapping the first letters of his name'}</p>
-		<a class="fancybox button" href="{$link->getAdminLink('AdminCustomers')}&addcustomer&liteDisplaying=1&submitFormAjax=1#">
+		<a class="fancybox button" href="{$link->getAdminLink('AdminCustomers')|escape:'htmlall':'UTF-8'}&addcustomer&liteDisplaying=1&submitFormAjax=1#">
 			<img src="../img/admin/add.gif" title="new"/><span>{l s='Add new customer'}</span>
 		</a>
 	</div>
 	<div id="customers">
 	</div>
 </fieldset><br />
-<form action="{$link->getAdminLink('AdminOrders')}&submitAdd{$table}=1" method="post" autocomplete="off">
+<form action="{$link->getAdminLink('AdminOrders')|escape:'htmlall':'UTF-8'}&submitAdd{$table}=1" method="post" autocomplete="off">
 <fieldset id="products_part" style="display:none;"><legend><img src="../img/t/AdminCatalog.gif" />{l s='Cart'}</legend>
 	<div>
 		<label>{l s='Search a product:'} </label>
@@ -1099,7 +1103,7 @@
 	<p>
 		<label>{l s='Search a voucher:'} </label>
 		<input type="text" id="voucher" value="" />
-		<a class="fancybox button" href="{$link->getAdminLink('AdminCartRules')}&addcart_rule&liteDisplaying=1&submitFormAjax=1#"><img src="../img/admin/add.gif" title="new"/>{l s='Add new voucher'}</a>
+		<a class="fancybox button" href="{$link->getAdminLink('AdminCartRules')|escape:'htmlall':'UTF-8'}&addcart_rule&liteDisplaying=1&submitFormAjax=1#"><img src="../img/admin/add.gif" title="new"/>{l s='Add new voucher'}</a>
 	</p>
 	<div class="margin-form">
 		<table cellspacing="0" cellpadding="0" class="table" id="voucher_list">
@@ -1135,36 +1139,35 @@
 		<div id="address_invoice_detail">
 		</div>
 	</div>
-<a class="fancybox button" id="new_address" href="{$link->getAdminLink('AdminAddresses')}&addaddress&id_customer=42&liteDisplaying=1&submitFormAjax=1#"><img src="../img/admin/add.gif" title="new"/>{l s='Add new address'}</a>
+<a class="fancybox button" id="new_address" href="{$link->getAdminLink('AdminAddresses')|escape:'htmlall':'UTF-8'}&addaddress&id_customer=42&liteDisplaying=1&submitFormAjax=1#"><img src="../img/admin/add.gif" title="new"/>{l s='Add new address'}</a>
 </fieldset>
 <br />
 <fieldset id="carriers_part" style="display:none;">
 	<legend><img src="../img/t/AdminCarriers.gif" />{l s='Shipping'}</legend>
 	<div id="carriers_err" style="display:none;" class="warn"></div>
-		<div id="carrier_form">
-			<div>
-				<p>
-					<label>{l s='Delivery option:'} </label>
-					<select name="delivery_option" id="delivery_option">
-					</select>
-				</p>
-				<p>
-					<label for="shipping_price">{l s='Shipping price:'}</label> <span id="shipping_price"  name="shipping_price"></span>&nbsp;<span class="currency_sign"></span>&nbsp;
-				</p>
-				<p>
-					<label for="free_shipping">{l s='Free shipping:'}</label>
-					<input type="checkbox" id="free_shipping" name="free_shipping" value="1" />
-				</p>
-			</div>
-			<div id="float:left;">
-				{if $recyclable_pack}
-					<p><input type="checkbox" name="carrier_recycled_package" value="1" id="carrier_recycled_package" />  <label for="carrier_recycled_package">{l s='Recycled package'}</label></p>
-				{/if}
-				{if $gift_wrapping}
-					<p><input type="checkbox" name="order_gift" id="order_gift" value="1" /> <label for="order_gift">{l s='Gift'}</label></p>
-					<p><label for="gift_message">{l s='Gift message:'}</label><textarea id="gift_message" cols="40" rows="4"></textarea></p>
-				{/if}
-			</div>
+	<div id="carrier_form">
+		<div>
+			<p>
+				<label>{l s='Delivery option:'} </label>
+				<select name="delivery_option" id="delivery_option">
+				</select>
+			</p>
+			<p>
+				<label for="shipping_price">{l s='Shipping price:'}</label> <span id="shipping_price"  name="shipping_price"></span>&nbsp;<span class="currency_sign"></span>&nbsp;
+			</p>
+			<p>
+				<label for="free_shipping">{l s='Free shipping:'}</label>
+				<input type="checkbox" id="free_shipping" name="free_shipping" value="1" />
+			</p>
+		</div>
+		<div id="float:left;">
+			{if $recyclable_pack}
+				<p><input type="checkbox" name="carrier_recycled_package" value="1" id="carrier_recycled_package" />  <label for="carrier_recycled_package">{l s='Recycled package'}</label></p>
+			{/if}
+			{if $gift_wrapping}
+				<p><input type="checkbox" name="order_gift" id="order_gift" value="1" /> <label for="order_gift">{l s='Gift'}</label></p>
+				<p><label for="gift_message">{l s='Gift message:'}</label><textarea id="gift_message" cols="40" rows="4"></textarea></p>
+			{/if}
 		</div>
 	</div>
 </fieldset>

admin-dev/themes/default/template/controllers/orders/form_customization_feedback.tpl

@@ -33,20 +33,19 @@
 </head>
 <body>
 	<script type="text/javascript">
-	{if $customization_errors|count}
-		customization_errors = true;
-		var id_selected_product = parent.$('#id_product option:selected').val();
-		if (parent.searchProducts())
-		{
-			parent.$('#products_err', window.parent.document).html('{$customization_errors}');
-			parent.$('#id_product option[value="'+id_selected_product+'"]').attr('selected', true);
-			parent.$('#id_product').change();
-		}
-		
+	{if $customization_errors}
+		parent.customization_errors = true;
 	{else}
+		parent.customization_errors = false;
 		parent.$('#products_err', window.parent.document).hide();
-		customization_errors = false;
 	{/if}
+	var id_selected_product = parent.$('#id_product option:selected').val();
+	if (parent.searchProducts())
+	{
+		parent.$('#products_err', window.parent.document).html('{$customization_errors}');
+		parent.$('#id_product option[value="'+id_selected_product+'"]').attr('selected', true);
+		parent.$('#id_product').change();
+	}
 	</script>
 	</body>
 </html>

admin-dev/themes/default/template/controllers/orders/helpers/view/view.tpl

@@ -64,7 +64,7 @@
 <div class="bloc-command">
 	<div class="button-command">
 			{if (count($invoices_collection))}
-				<a class="button" href="{$link->getAdminLink('AdminPdf')}&submitAction=generateInvoicePDF&id_order={$order->id}" target="_blank">
+				<a class="button" href="{$link->getAdminLink('AdminPdf')|escape:'htmlall':'UTF-8'}&submitAction=generateInvoicePDF&id_order={$order->id}" target="_blank">
 					<img src="../img/admin/charged_ok.gif" alt="{l s='View invoice'}" /> {l s='View invoice'}
 				</a>
 			{else}
@@ -72,7 +72,7 @@
 			{/if}
 			 |
 			{if (($currentState && $currentState->delivery) || $order->delivery_number)}
-				<a class="button"  href="{$link->getAdminLink('AdminPdf')}&submitAction=generateDeliverySlipPDF&id_order={$order->id}" target="_blank">
+				<a class="button"  href="{$link->getAdminLink('AdminPdf')|escape:'htmlall':'UTF-8'}&submitAction=generateDeliverySlipPDF&id_order={$order->id}" target="_blank">
 					<img src="../img/admin/delivery.gif" alt="{l s='View delivery slip'}" /> {l s='View delivery slip'}
 				</a>
 			{else}
@@ -90,6 +90,10 @@
 				<dt>{l s='Messages:'}</dt>
 				<dd>{sizeof($messages)}</dd>
 			|</dl>
+			<dl>
+				<dt><a href="{$link->getAdminLink('AdminCustomerThreads')|escape:'htmlall':'UTF-8'}">{l s='New Customer Messages:'}</a></dt>
+				<dd><a href="{$link->getAdminLink('AdminCustomerThreads')|escape:'htmlall':'UTF-8'}">{sizeof($customer_thread_message)}</a></dd>
+			|</dl>
 			<dl>
 				<dt>{l s='Products:'}</dt>
 				<dd id="product_number">{sizeof($products)}</dd>
@@ -198,8 +202,8 @@
 		<div style="width: 49%; float:right;">
 			<div class="button-command-prev-next">
 				<b>{l s='Orders'}</b> :
-				{if $previousOrder}<a class="button" href="{$link->getAdminLink('AdminOrders')}&vieworder&id_order={$previousOrder}">{l s='< Prev'}</a>{/if}
-				{if $nextOrder}<a class="button" href="{$link->getAdminLink('AdminOrders')}&vieworder&id_order={$nextOrder}">{l s='Next >'}</a>{/if}
+				{if $previousOrder}<a class="button" href="{$link->getAdminLink('AdminOrders')|escape:'htmlall':'UTF-8'}&vieworder&id_order={$previousOrder}">{l s='< Prev'}</a>{/if}
+				{if $nextOrder}<a class="button" href="{$link->getAdminLink('AdminOrders')|escape:'htmlall':'UTF-8'}&vieworder&id_order={$nextOrder}">{l s='Next >'}</a>{/if}
 			</div>
 			<div class="clear"></div>
 			
@@ -389,7 +393,7 @@
 								<td>
 									<input type="text" name="payment_transaction_id" value="" />
 								</td>
-								<td {if count($not_paid_invoices_collection) <= 0}colspan="2"{/if}>
+								<td>
 									<input type="text" name="payment_amount" size="5" value="" />
 									<select name="payment_currency">
 									{foreach from=$currencies item=current_currency}
@@ -397,10 +401,10 @@
 									{/foreach}
 									</select>
 								</td>
-								{if count($not_paid_invoices_collection) > 0}
+								{if count($invoices_collection) > 0}
 								<td>
 									<select name="payment_invoice" id="payment_invoice">
-									{foreach from=$not_paid_invoices_collection item=invoice}
+									{foreach from=$invoices_collection item=invoice}
 										<option value="{$invoice->id}" selected="selected">{$invoice->getInvoiceNumberFormatted($current_id_lang)}</option>
 									{/foreach}
 									</select>
@@ -473,7 +477,7 @@
 								<td>
 									<span id="shipping_number_show">{if isset($line.url) && isset($line.tracking_number)}<a href="{$line.url|replace:'@':$line.tracking_number}">{$line.tracking_number}</a>{elseif isset($line.tracking_number)}{$line.tracking_number}{/if}</span>
 									{if $line.can_edit}
-									<form style="display: inline;" method="post" action="{$link->getAdminLink('AdminOrders')}&vieworder&id_order={$order->id}&id_order_invoice={if $line.id_order_invoice}{$line.id_order_invoice|escape:'htmlall':'UTF-8'}{else}0{/if}&id_carrier={if $line.id_carrier}{$line.id_carrier|escape:'htmlall':'UTF-8'}{else}0{/if}">
+									<form style="display: inline;" method="post" action="{$link->getAdminLink('AdminOrders')|escape:'htmlall':'UTF-8'}&vieworder&id_order={$order->id}&id_order_invoice={if $line.id_order_invoice}{$line.id_order_invoice|escape:'htmlall':'UTF-8'}{else}0{/if}&id_carrier={if $line.id_carrier}{$line.id_carrier|escape:'htmlall':'UTF-8'}{else}0{/if}">
 										<span class="shipping_number_edit" style="display:none;">
 											<input type="text" name="tracking_number" value="{$line.tracking_number|htmlentities}" />
 											<input type="submit" class="button" name="submitShippingNumber" value="{l s='Update'}" />
@@ -510,7 +514,7 @@
 					<legend><img src="../img/admin/delivery.gif" alt="{l s='Shipping address'}" />{l s='Shipping address'}</legend>
 
 					{if $can_edit}
-					<form method="post" action="{$link->getAdminLink('AdminOrders')}&vieworder&id_order={$order->id}">
+					<form method="post" action="{$link->getAdminLink('AdminOrders')|escape:'htmlall':'UTF-8'}&vieworder&id_order={$order->id}">
 						<div style="margin-bottom:5px;">
 							<p>
 								<select name="id_address">
@@ -540,7 +544,7 @@
 				<legend><img src="../img/admin/invoice.gif" alt="{l s='Invoice address'}" />{l s='Invoice address'}</legend>
 
 				{if $can_edit}
-				<form method="post" action="{$link->getAdminLink('AdminOrders')}&vieworder&id_order={$order->id}">
+				<form method="post" action="{$link->getAdminLink('AdminOrders')|escape:'htmlall':'UTF-8'}&vieworder&id_order={$order->id}">
 					<div style="margin-bottom:5px;">
 						<p>
 							<select name="id_address">
@@ -658,7 +662,7 @@
 						<tr id="total_shipping">
 							<td><b>{l s='Shipping'}</b></td>
 							<td class="amount" align="right">{displayPrice price=$order->total_shipping_tax_incl currency=$currency->id}</td>
-							<td class="partial_refund_fields current-edit" style="display:none;"><input type="text" size="3" name="partialRefundShippingCost" /> &euro;</td>
+							<td class="partial_refund_fields current-edit" style="display:none;"><input type="text" size="3" name="partialRefundShippingCost" value="0" /> &euro;</td>
 						</tr>
 						<tr style="font-size: 20px" id="total_order">
 							<td style="font-size: 20px">{l s='Total'}</td>
@@ -745,7 +749,7 @@
 			<div id="message_m" style="display: {if Tools::getValue('message')}none{else}block{/if}; overflow: auto; width: 400px;">
 				<a href="#" onclick="$('#message').slideToggle();$('#message_m').slideToggle();return false"><b>{l s='Click here'}</b> {l s='to add a comment or send a message to the customer'}</a>
 			</div>
-			<a href="{$link->getAdminLink('AdminCustomerThreads')}"><b>{l s='Click here'}</b> {l s='to see all messages'}</a><br>
+			<a href="{$link->getAdminLink('AdminCustomerThreads')|escape:'htmlall':'UTF-8'}"><b>{l s='Click here'}</b> {l s='to see all messages'}</a><br>
 			<div id="message" style="display: {if Tools::getValue('message')}block{else}none{/if}">
 						<select name="order_message" id="order_message" onchange="orderOverwriteMessage(this, '{l s='Do you want to overwrite your existing message?'}')">
 							<option value="0" selected="selected">-- {l s='Choose a standard message'} --</option>

admin-dev/themes/default/template/controllers/outstanding/_print_pdf_icon.tpl

@@ -26,5 +26,5 @@
 
 {* Generate HTML code for printing Invoice Icon with link *}
 <span style="width:20px; margin-right:5px;">
-	<a href="{$link->getAdminLink('AdminPdf')}&submitAction=generateInvoicePDF&id_order_invoice={$id_invoice}"><img src="../img/admin/tab-invoice.gif" alt="invoice" /></a>
+	<a href="{$link->getAdminLink('AdminPdf')|escape:'htmlall':'UTF-8'}&submitAction=generateInvoicePDF&id_order_invoice={$id_invoice}"><img src="../img/admin/tab-invoice.gif" alt="invoice" /></a>
 </span>

admin-dev/themes/default/template/controllers/products/associations.tpl

@@ -51,7 +51,7 @@
 		<tr>
 			<td></td>
 			<td class="col-right">
-					<a class="button bt-icon confirm_leave" href="{$link->getAdminLink('AdminCategories')}&addcategory">
+					<a class="button bt-icon confirm_leave" href="{$link->getAdminLink('AdminCategories')|escape:'htmlall':'UTF-8'}&addcategory">
 						<img src="../img/admin/add.gif" alt="{l s='Create new category'}" title="{l s='Create new category'}" />
 						<span>{l s='Create new category'}</span>
 					</a>
@@ -110,7 +110,7 @@
 				{/if}
 				<option disabled="disabled">----------</option>
 			</select>&nbsp;&nbsp;&nbsp;
-			<a class="button bt-icon confirm_leave" style="margin-bottom:0" href="{$link->getAdminLink('AdminManufacturers')}&addmanufacturer">
+			<a class="button bt-icon confirm_leave" style="margin-bottom:0" href="{$link->getAdminLink('AdminManufacturers')|escape:'htmlall':'UTF-8'}&addmanufacturer">
 				<img src="../img/admin/add.gif" alt="{l s='Create new manufacturer'}" title="{l s='Create new manufacturer'}" />
 				<span>{l s='Create new manufacturer'}</span>
 			</a>

admin-dev/themes/default/template/controllers/products/features.tpl

@@ -72,7 +72,7 @@
 		{else}
 			<input type="hidden" name="feature_{$available_feature.id_feature}_value" value="0" />
 				<span>{l s='N/A'} -
-				<a href="{$link->getAdminLink('AdminFeatures')}&amp;addfeature_value&id_feature={$available_feature.id_feature}"
+				<a href="{$link->getAdminLink('AdminFeatures')|escape:'htmlall':'UTF-8'}&amp;addfeature_value&id_feature={$available_feature.id_feature}"
 				 class="confirm_leave button"><img src="../img/admin/add.gif" alt="values_first" title="{l s='Add pre-defined values first'}" />&nbsp;{l s='Add pre-defined values first'}</a>
 			</span>
 		{/if}
@@ -94,7 +94,7 @@
 	</table>
 	<div class="separation"></div>
 	<div>
-		<a href="{$link->getAdminLink('AdminFeatures')}&amp;addfeature" class="confirm_leave button">
+		<a href="{$link->getAdminLink('AdminFeatures')|escape:'htmlall':'UTF-8'}&amp;addfeature" class="confirm_leave button">
 			<img src="../img/admin/add.gif" alt="new_features" title="{l s='Add a new feature'}" />&nbsp;{l s='Add a new feature'}
 		</a>
 	</div>

admin-dev/themes/default/template/controllers/products/helpers/form/form.tpl

@@ -83,7 +83,7 @@
 	<script type="text/javascript">
 		var token = '{$token}';
 		var id_product = {if isset($product->id)}{$product->id}{else}0{/if};
-		var defaultLanguage = {$defaultLanguage};
+		var id_lang_default = {$id_lang_default};
 		var product_type_pack = {Product::PTYPE_PACK};
 		var product_type_virtual = {Product::PTYPE_VIRTUAL};
 		var product_type_simple = {Product::PTYPE_SIMPLE};
@@ -237,7 +237,7 @@
 
 	<form id="product_form" action="{$form_action}" method="post" enctype="multipart/form-data" name="product" style="display:none;">
 		<input type="hidden" name="id_product" value="{$id_product}" />
-		<input type="hidden" id="is_virtual" name="is_virtual" value="{$product->is_virtual}" />
+		<input type="hidden" id="is_virtual" name="is_virtual" value="{$product->is_virtual|escape:html:'UTF-8'}" />
 		<div class="tab-pane" id="tabPane1">
 		{if !$product->active && $product->isAssociatedToShop()}
 			<div class="warn draft" >

admin-dev/themes/default/template/controllers/products/informations.tpl

@@ -136,7 +136,7 @@
 		<tr>
 			<td class="col-left"><label>{$bullet_common_field} {l s='UPC:'}</label></td>
 			<td style="padding-bottom:5px;">
-				<input size="55" maxlength="12" type="text" name="upc" value="{$product->upc}" style="width: 130px; margin-right: 5px;" /> <span class="small">{l s='(US, Canada)'}</span>
+				<input size="55" maxlength="12" type="text" name="upc" value="{$product->upc|escape:html:'UTF-8'}" style="width: 130px; margin-right: 5px;" /> <span class="small">{l s='(US, Canada)'}</span>
 			</td>
 		</tr>
 	</table>

admin-dev/themes/default/template/controllers/products/prices.tpl

@@ -25,10 +25,10 @@
 *}
 
 <script type="text/javascript">
-
+var Customer = new Object();
 var product_url = '{$link->getAdminLink('AdminProducts', true)}';
 $(document).ready(function () {
-	var Customer = {
+	Customer = {
 		"hiddenField": jQuery('#id_customer'),
 		"field": jQuery('#customer'),
 		"container": jQuery('#customers'),
@@ -166,12 +166,12 @@ $(document).ready(function () {
 						</option>
 					{/foreach}
 				</select>
-				<a class="button" href="{$link->getAdminLink('AdminTaxRulesGroup')}&addtax_rules_group&id_product={$product->id}" class="confirm_leave">
+				<a class="button" href="{$link->getAdminLink('AdminTaxRulesGroup')|escape:'htmlall':'UTF-8'}&addtax_rules_group&id_product={$product->id}" class="confirm_leave">
 				<img src="../img/admin/add.gif" alt="{l s='Create'}" title="{l s='Create'}" /> {l s='Create'}
 				</a>
 			</span>
 			{if $tax_exclude_taxe_option}
-				<span style="margin-left:10px; color:red;">{l s='Taxes are currently disabled'}</span> (<b><a href="{$link->getAdminLink('AdminTaxes')}">{l s='Tax options'}</a></b>)
+				<span style="margin-left:10px; color:red;">{l s='Taxes are currently disabled'}</span> (<b><a href="{$link->getAdminLink('AdminTaxes')|escape:'htmlall':'UTF-8'}">{l s='Tax options'}</a></b>)
 				<input type="hidden" value="{$product->getIdTaxRulesGroup()}" name="id_tax_rules_group" />
 			{/if}
 		</td>

admin-dev/themes/default/template/controllers/products/shipping.tpl

@@ -72,12 +72,21 @@
 			<label>{l s='Carriers:'}</label>
 		</td>
 		<td class="padding-bottom:5px;">
-			<select name="carriers[]" multiple="multiple" size="4" style="height:100px;width:200px;">
+			<select name="carriers[]" id="carriers_restriction" multiple="multiple" size="4" style="height:100px;width:200px;">
 				{foreach $carrier_list as $carrier}
 					<option value="{$carrier.id_reference}" {if isset($carrier.selected) && $carrier.selected}selected="selected"{/if}>{$carrier.name}</option>
 				{/foreach}
 			</select>
+			<br>
+			<button class="button" onclick="unselectAllCarriers(); return false;">{l s='Unselect all'}</button>
 			<p class="preference_description">{l s='If no carrier selected, all carriers could be used to ship this product.'}</p>
 		</td>
 	</tr>
 </table>
+<script>
+	function unselectAllCarriers()
+	{
+		$('#carriers_restriction option').each(function () { $(this).removeAttr('selected')});
+		return false;
+	}
+</script>

admin-dev/themes/default/template/controllers/products/suppliers.tpl

@@ -36,7 +36,7 @@
 		<p>{l s='When using the advanced stock management (see Preferences/Products), the values you fill here (prices, references) will be used in the supply orders.'}</p>
 	</div>
 	<p>{l s='Please choose the suppliers associated with this product, and the default one.'}</p>
-	<a class="button bt-icon confirm_leave" href="{$link->getAdminLink('AdminSuppliers')}&addsupplier">
+	<a class="button bt-icon confirm_leave" href="{$link->getAdminLink('AdminSuppliers')|escape:'htmlall':'UTF-8'}&addsupplier">
 		<img src="../img/admin/add.gif" alt="{l s='Create new supplier'}" title="{l s='Create new supplier'}" /><span>{l s='Create new supplier'}</span>
 	</a>
 	<table cellpadding="5" style="width:100%">

admin-dev/themes/default/template/controllers/products/warehouses.tpl

@@ -35,7 +35,7 @@
 	</div>
 	<p>{l s='Please choose the warehouses associated with this product, and the default one.'}</p>
 
-	<a class="button bt-icon confirm_leave" href="{$link->getAdminLink('AdminWarehouses')}&addwarehouse">
+	<a class="button bt-icon confirm_leave" href="{$link->getAdminLink('AdminWarehouses')|escape:'htmlall':'UTF-8'}&addwarehouse">
 		<img src="../img/admin/add.gif" alt="{l s='Create new warehouse'}" title="{l s='Create new warehouse'}" /><span>{l s='Create new warehouse'}</span>
 	</a>
 

admin-dev/themes/default/template/controllers/shop/helpers/list/list_content.tpl

@@ -31,7 +31,7 @@
 		{if isset($tr.$key)}
 			<a href="{$tr.$key}" onmouseover="$(this).css('text-decoration', 'underline')" onmouseout="$(this).css('text-decoration', 'none')" target="_blank">{$tr.$key}</a>
 		{else}
-			<a href="{$link->getAdminLink('AdminShopUrl')}&id_shop={$tr.$identifier}&addshop_url" class="multishop_warning">{l s='Click here to set an URL for this shop'}</a>
+			<a href="{$link->getAdminLink('AdminShopUrl')|escape:'htmlall':'UTF-8'}&id_shop={$tr.$identifier}&addshop_url" class="multishop_warning">{l s='Click here to set an URL for this shop'}</a>
 		{/if}
 	{else}
 		{$smarty.block.parent}

admin-dev/themes/default/template/controllers/specific_price_rule/helpers/form/form.tpl

@@ -146,17 +146,27 @@ function toggle_condition_group(id_condition_group)
 }
 function add_condition(id_condition_group, type, value)
 {
+	var id_condition = id_condition_group+'_'+type+'_'+value;
+	if (typeof conditions[id_condition] != 'undefined')
+		return false;
 	var condition = new Array();
 	condition.type = type;
 	condition.value = value;
 	condition.id_condition_group = id_condition_group;
-	conditions.push(condition);
+	conditions[id_condition] = condition;
+	return id_condition;
+}
+function delete_condition(condition)
+{
+	delete conditions[condition];
+	$('#'+condition).remove();
+	return false;
 }
 function new_condition_group()
 {
 	last_condition_group++;
 	var html = '<div class="condition_group" id="condition_group_'+last_condition_group+'"><h3>{l s='Condition group'} '+last_condition_group+'</h3>';
-		html += '<table cellspacing="0" cellpadding="0" class="table width3"><thead><tr><th width="196px" height="39">{l s='Type'}</th><th width="300px">{l s='Value'}</th></tr></thead><tbody></tbody></table>';
+		html += '<table cellspacing="0" cellpadding="0" class="table width3"><thead><tr><th width="196px" height="39">{l s='Type'}</th><th width="300px">{l s='Value'}</th><th></th></tr></thead><tbody></tbody></table>';
 		html += '</div><div class="condition_separator">{l s='OR'}</div><div class="separation"></div>';
 	$('#condition_group_list').append(html);
 	toggle_condition_group(last_condition_group);
@@ -170,9 +180,8 @@ $(document).ready(function() {
 	});
 	$('#specific_price_rule_form').live('submit', function(e) {
 		var html = '';
-		$.each(conditions, function() {
-			html += '<input type="hidden" name="condition_group_'+this.id_condition_group+'[]" value="'+this.type+'_'+this.value+'" />';
-		});
+		for (i in conditions)
+			html += '<input type="hidden" name="condition_group_'+conditions[i].id_condition_group+'[]" value="'+conditions[i].type+'_'+conditions[i].value+'" />';
 		$('#conditions').append(html);
 	});
 	$('#id_feature').change(function() {
@@ -184,32 +193,42 @@ $(document).ready(function() {
 		$('#id_attribute_'+$(this).val()).show();
 	});
 	$('#add_condition_category').click(function() {
-		add_condition(current_id_condition_group, 'category', $('#id_category option:selected').val());
-		var html = '<tr><td>{l s='Category'}</td><td>'+$('#id_category option:selected').html()+'</td></tr>';
+		var id_condition = add_condition(current_id_condition_group, 'category', $('#id_category option:selected').val());
+		if (!id_condition)
+			return false;
+		var html = '<tr id="'+id_condition+'"><td>{l s='Category'}</td><td>'+$('#id_category option:selected').html()+'</td><td><a href="#" onclick="delete_condition(\''+id_condition+'\');"><img src="../img/admin/delete.gif" /></a></td></tr>';
 		$('#condition_group_'+current_id_condition_group+' table tbody').append(html);
 		return false;
 	});
 	$('#add_condition_manufacturer').click(function() {
-		add_condition(current_id_condition_group, 'manufacturer', $('#id_manufacturer option:selected').val());
-		var html = '<tr><td>{l s='Manufacturer'}</td><td>'+$('#id_manufacturer option:selected').html()+'</td></tr>';
+		var id_condition = add_condition(current_id_condition_group, 'manufacturer', $('#id_manufacturer option:selected').val());
+		if (!id_condition)
+			return false;
+		var html = '<tr id="'+id_condition+'"><td>{l s='Manufacturer'}</td><td>'+$('#id_manufacturer option:selected').html()+'</td><td><a href="#" onclick="delete_condition(\''+id_condition+'\');"><img src="../img/admin/delete.gif" /></a></td></tr>';
 		$('#condition_group_'+current_id_condition_group+' table tbody').append(html);
 		return false;
 	});
 	$('#add_condition_supplier').click(function() {
-		add_condition(current_id_condition_group, 'supplier', $('#id_supplier option:selected').val());
-		var html = '<tr><td>{l s='Supplier'}</td><td>'+$('#id_supplier option:selected').html()+'</td></tr>';
+		var id_condition = add_condition(current_id_condition_group, 'supplier', $('#id_supplier option:selected').val());
+		if (!id_condition)
+			return false;
+		var html = '<tr id="'+id_condition+'"><td>{l s='Supplier'}</td><td>'+$('#id_supplier option:selected').html()+'</td><td><a href="#" onclick="delete_condition(\''+id_condition+'\');"><img src="../img/admin/delete.gif" /></a></td></tr>';
 		$('#condition_group_'+current_id_condition_group+' table tbody').append(html);
 		return false;
 	});
 	$('#add_condition_attribute').click(function() {
-		add_condition(current_id_condition_group, 'attribute', $('#id_attribute_'+$('#id_attribute_group option:selected').val()+' option:selected').val());
-		var html = '<tr><td>{l s='Attribute'}</td><td>'+$('#id_attribute_group option:selected').html()+': '+$('#id_attribute_'+$('#id_attribute_group option:selected').val()+' option:selected').html()+'</td></tr>';
+		var id_condition = add_condition(current_id_condition_group, 'attribute', $('#id_attribute_'+$('#id_attribute_group option:selected').val()+' option:selected').val());
+		if (!id_condition)
+			return false;
+		var html = '<tr id="'+id_condition+'"><td>{l s='Attribute'}</td><td>'+$('#id_attribute_group option:selected').html()+': '+$('#id_attribute_'+$('#id_attribute_group option:selected').val()+' option:selected').html()+'</td><td><a href="#" onclick="delete_condition(\''+id_condition+'\');"><img src="../img/admin/delete.gif" /></a></td></tr>';
 		$('#condition_group_'+current_id_condition_group+' table tbody').append(html);
 		return false;
 	});
 	$('#add_condition_feature').click(function() {
-		add_condition(current_id_condition_group, 'feature', $('#id_feature_'+$('#id_feature option:selected').val()+' option:selected').val());
-		var html = '<tr><td>{l s='Feature'}</td><td>'+$('#id_feature option:selected').html()+': '+$('#id_feature_'+$('#id_feature option:selected').val()+' option:selected').html()+'</td></tr>';
+		var id_condition = add_condition(current_id_condition_group, 'feature', $('#id_feature_'+$('#id_feature option:selected').val()+' option:selected').val());
+		if (!id_condition)
+			return false;
+		var html = '<tr id="'+id_condition+'"><td>{l s='Feature'}</td><td>'+$('#id_feature option:selected').html()+': '+$('#id_feature_'+$('#id_feature option:selected').val()+' option:selected').html()+'</td><td><a href="#" onclick="delete_condition(\''+id_condition+'\');"><img src="../img/admin/delete.gif" /></a></td></tr>';
 		$('#condition_group_'+current_id_condition_group+' table tbody').append(html);
 		return false;
 	});

admin-dev/themes/default/template/controllers/supply_orders_change_state/helpers/form/form.tpl

@@ -68,7 +68,7 @@ $(document).ready(function() {
 	<img src="../img/admin/pdf.gif" alt="{l s='Supply Order State'}">
 	{l s='Print the supply order form'}
 </legend>
-<a href="{$link->getAdminLink('AdminPdf')}&submitAction=generateSupplyOrderFormPDF&id_supply_order={$supply_order->id}" target="_blank" title="Export as PDF">{l s='Click here to download the supply order form'}.</a>
+<a href="{$link->getAdminLink('AdminPdf')|escape:'htmlall':'UTF-8'}&submitAction=generateSupplyOrderFormPDF&id_supply_order={$supply_order->id}" target="_blank" title="Export as PDF">{l s='Click here to download the supply order form'}.</a>
 </fieldset>
 {/if}
 

admin-dev/themes/default/template/controllers/tags/helpers/form/form.tpl

@@ -47,7 +47,7 @@
 			<td>
 				<select multiple id="select_right" name="products[]">
 					{foreach from=$field.products item='product'}
-					<option value="{$product.id_product}">{$product.name}</option>
+					<option selected="selected" value="{$product.id_product}">{$product.name}</option>
 					{/foreach}
 				</select>
 				<span class="hint" name="help_box">{l s='Double-click to move to other column'}<span class="hint-pointer">&nbsp;</span></span>
@@ -78,7 +78,7 @@
 	});
 	$('#tag_form').submit(function()
 	{
-		$('#select_left option').each(function(i){
+		$('#select_right option').each(function(i){
 			$(this).attr("selected", "selected");
 		});
 	});

admin-dev/themes/default/template/controllers/translations/helpers/view/main.tpl

@@ -68,7 +68,8 @@
 			</select>
 			<select name="theme" style="float:left; margin-right:10px;">
 				{foreach $themes as $theme}
-					<option value="{$theme->directory}">{$theme->name} &nbsp;</option>
+
+					<option value="{$theme->directory}" {if $id_theme_current == $theme->id}selected=selected{/if}>{$theme->name} &nbsp;</option>
 				{/foreach}
 			</select>
 			{foreach $languages as $language}
@@ -152,7 +153,7 @@
 			&nbsp;&nbsp;&nbsp;
 			<select name="theme" style="margin-top:10px;">
 				{foreach $themes as $theme}
-					<option value="{$theme->directory}">{$theme->name}</option>
+					<option value="{$theme->directory}" {if $id_theme_current == $theme->id}selected=selected{/if}>{$theme->name}</option>
 				{/foreach}
 			</select>&nbsp;&nbsp;
 			<input type="submit" class="button" name="submitExport" value="{l s='Export'}" />
@@ -176,7 +177,7 @@
 					&nbsp;&nbsp;&nbsp;
 					<select name="fromTheme">
 						{foreach $themes as $theme}
-							<option value="{$theme->directory}">{$theme->name}</option>
+							<option value="{$theme->directory}" {if $id_theme_current == $theme->id}selected=selected{/if}>{$theme->name}</option>
 						{/foreach}
 					</select> <span style="font-style: bold; color: red;">*</span>
 				</p>
@@ -190,7 +191,7 @@
 					&nbsp;&nbsp;&nbsp;
 					<select name="toTheme">
 						{foreach $themes as $theme}
-							<option value="{$theme->directory}">{$theme->name}</option>
+							<option value="{$theme->directory}" {if $id_theme_current == $theme->id}selected=selected{/if}>{$theme->name}</option>
 						{/foreach}
 					</select>
 				</p>

admin-dev/themes/default/template/controllers/translations/helpers/view/translation_errors.tpl

@@ -28,7 +28,7 @@
 
 {block name="override_tpl"}
 
-	{if $post_limit_exceeded}
+	{if !empty($limit_warning)}
 	<div class="warn">
 		{if $limit_warning['error_type'] == 'suhosin'}
 			{l s='Warning, your hosting provider is using the suhosin patch for PHP, which limits the maximum number of fields to post in a form:'}

admin-dev/themes/default/template/controllers/translations/helpers/view/translation_form.tpl

@@ -28,7 +28,7 @@
 
 {block name="override_tpl"}
 
-	{if $post_limit_exceeded}
+	{if !empty($limit_warning)}
 	<div class="warn">
 		{if $limit_warning['error_type'] == 'suhosin'}
 			{l s='Warning, your hosting provider is using the suhosin patch for PHP, which limits the maximum number of fields to post in a form:'}
@@ -37,7 +37,7 @@
 			<b>{$limit_warning['request.max_vars']}</b> {l s='for suhosin.request.max_vars.'}<br/>
 			{l s='Please ask your hosting provider to increase the suhosin post and request a limit of'}
 		{else}
-			{l s='Warning, your PHP configuration limits the maximum number of fields to post in a form:'}<br/>
+			{l s='Warning, your PHP configuration limits the maximum number of fields to post in a form:'}
 			<b>{$limit_warning['max_input_vars']}</b> {l s='for max_input_vars.'}<br/>
 			{l s='Please ask your hosting provider to increase the this limit to'}
 		{/if}

admin-dev/themes/default/template/controllers/translations/helpers/view/translation_mails.tpl

@@ -30,7 +30,7 @@
 
 	{$tinyMCE}
 
-	{if $post_limit_exceeded}
+	{if !empty($limit_warning)}
 	<div class="warn">
 		{if $limit_warning['error_type'] == 'suhosin'}
 			{l s='Warning, your hosting provider is using the suhosin patch for PHP, which limits the maximum number of fields to post in a form:'}

admin-dev/themes/default/template/controllers/translations/helpers/view/translation_modules.tpl

@@ -28,7 +28,7 @@
 
 {block name="override_tpl"}
 
-	{if $post_limit_exceeded}
+	{if !empty($limit_warning)}
 	<div class="warn">
 		{if $limit_warning['error_type'] == 'suhosin'}
 			{l s='Warning, your hosting provider is using the suhosin patch for PHP, which limits the maximum number of fields to post in a form:'}

admin-dev/themes/default/template/footer.tpl

@@ -24,7 +24,9 @@
 *  International Registered Trademark & Property of PrestaShop SA
 *}
 
+					<div style="clear:both;height:0;line-height:0">&nbsp;</div>
 					</div>
+					<div style="clear:both;height:0;line-height:0">&nbsp;</div>
 				</div>
 		{if $display_footer}
 				{hook h="displayBackOfficeFooter"}

admin-dev/themes/default/template/header.tpl

@@ -81,19 +81,19 @@
 {/if}
 
 	<link rel="shortcut icon" href="{$img_dir}favicon.ico" />
-{if $display_header}
-	{hook h="displayBackOfficeHeader"}
+{if isset($displayBackOfficeHeader)}
+	{$displayBackOfficeHeader}
 {/if}
 	<!--[if IE]>
 	<link type="text/css" rel="stylesheet" href="{$base_url}css/admin-ie.css" />
 	<![endif]-->
+	{if isset($brightness)}
 	<style type="text/css">
-		div#header_infos, div#header_infos a#header_shopname, div#header_infos a#header_logout, div#header_infos a#header_foaccess {
-		color:{$brightness}
-		}
+		div#header_infos, div#header_infos a#header_shopname, div#header_infos a#header_logout, div#header_infos a#header_foaccess {ldelim}color:{$brightness}{rdelim}
 	</style>
+	{/if}
 </head>
-<body style="{if $bo_color}background:{$bo_color};{/if}{if $bo_width > 0}text-align:center;{/if}">
+<body style="{if isset($bo_color) && $bo_color}background:{$bo_color};{/if}{if isset($bo_width) && $bo_width > 0}text-align:center;{/if}">
 {if $display_header}
 <div id="ajax_running"><img src="../img/admin/ajax-loader-yellow.gif" alt="" /> {l s='Loading...'}</div>
 
@@ -102,7 +102,7 @@
 {* begin  HEADER *}
 	<div id="header">
 		<div id="header_infos">
-			<a id="header_shopname" href="{$link->getAdminLink('AdminHome')}"><span>{$shop_name}</span></a><div id="notifs_icon_wrapper">
+			<a id="header_shopname" href="{$link->getAdminLink('AdminHome')|escape:'htmlall':'UTF-8'}"><span>{$shop_name}</span></a><div id="notifs_icon_wrapper">
 			{if {$show_new_orders} == 1}
 				<div id="orders_notif" class="notifs">
 						<span id="orders_notif_number_wrapper" class="number_wrapper">
@@ -112,7 +112,7 @@
 						<h3>{l s='Last orders'}</h3>
 						<p class="no_notifs">{l s='No new orders has been placed on your shop'}</p>
 						<ul id="list_orders_notif"></ul>
-						<p><a href="index.php?controller=AdminOrders&token={getAdminToken tab='AdminOrders'}">{l s='Show all orders'}</a></p>
+						<p><a href="index.php?controller=AdminOrders&amp;token={getAdminToken tab='AdminOrders'}">{l s='Show all orders'}</a></p>
 					</div>
 				</div>
 			{/if}
@@ -125,7 +125,7 @@
 						<h3>{l s='Last customers'}</h3>
 						<p class="no_notifs">{l s='No new customers registered on your shop'}</p>
 						<ul id="list_customers_notif"></ul>
-						<p><a href="index.php?controller=AdminCustomers&token={getAdminToken tab='AdminCustomers'}">{l s='Show all customers'}</a></p>
+						<p><a href="index.php?controller=AdminCustomers&amp;token={getAdminToken tab='AdminCustomers'}">{l s='Show all customers'}</a></p>
 					</div>
 				</div>
 			{/if}
@@ -138,81 +138,89 @@
 						<h3>{l s='Last messages'}</h3>
 						<p class="no_notifs">{l s='No new messages posted on your shop'}</p>
 						<ul id="list_customer_messages_notif"></ul>
-						<p><a href="index.php?tab=AdminCustomerThreads&token={getAdminToken tab='AdminCustomerThreads'}">{l s='Show all messages'}</a></p>
+						<p><a href="index.php?tab=AdminCustomerThreads&amp;token={getAdminToken tab='AdminCustomerThreads'}">{l s='Show all messages'}</a></p>
 					</div>
 				</div>
 			{/if}
 		</div>
-				<span id="employee_links">
-				<span class="employee_name">{$first_name}&nbsp;{$last_name}</span>
-						<span class="separator"></span>
-						<a class="employee" href="index.php?controller=AdminEmployees&id_employee={$employee->id}&updateemployee&token={getAdminToken tab='AdminEmployees'}"  alt="" /> {l s='My preferences'}</a>
-					<span class="separator"></span><a href="index.php?logout" id="header_logout">
-					<span>{l s='logout'}</span>
-				</a>
-					{if {$base_url}}
-						<span class="separator"></span> <a href="{$base_url}" id="header_foaccess" target="_blank" title="{l s='View my shop'}"><span>{l s='View my shop'}</span></a>
-					{/if}
-			</span>
-			<div id="header_search">
-				<form method="post" action="index.php?controller=AdminSearch&token={getAdminToken tab='AdminSearch'}">
-					<input type="text" name="bo_query" id="bo_query" value="{$bo_query}" />
-					<select name="bo_search_type" id="bo_search_type" class="chosen no-search">
-						<option value="0">{l s='everywhere'}</option>
-						<option value="1" {if {$search_type} == 1} selected="selected" {/if}>{l s='catalog'}</option>
-						<optgroup label="{l s='customers'}:">
-							<option value="2" {if {$search_type} == 2} selected="selected" {/if}>{l s='by name'}</option>
-							<option value="6" {if {$search_type} == 6} selected="selected" {/if}>{l s='by ip address'}</option>
-						</optgroup>
-						<option value="3" {if {$search_type} == 3} selected="selected" {/if}>{l s='orders'}</option>
-						<option value="4" {if {$search_type} == 4} selected="selected" {/if}>{l s='invoices'}</option>
-						<option value="5" {if {$search_type} == 5} selected="selected" {/if}>{l s='carts'}</option>
-					</select>
-					<input type="submit" id="bo_search_submit" class="button" value="{l s='Search'}"/>
-				</form>
-			</div>
-
-			{if count($quick_access) > 0}
-			<div id="header_quick">
-				<script type="text/javascript">
-					function quickSelect(elt)
-					{
-						var eltVal = $(elt).val();
-						if (eltVal == "0") return false;
-						else if (eltVal.substr(eltVal.length - 6) == '_blank') window.open(eltVal.substr(0, eltVal.length - 6), '_blank');
-						else location.href = eltVal;
-					}
-				</script>
-				<select onchange="quickSelect(this);" id="quick_select" class="chosen no-search">
-					<option value="0">{l s='Quick Access'}</option>
-					{foreach $quick_access as $quick}
-						<option value="{$quick.link}{if $quick.new_window}_blank{/if}">&raquo; {$quick.name}</option>
-					{/foreach}
-				</select>
-			</div>
+		<div id="employee_links">
+			<span class="employee_name">{$first_name}&nbsp;{$last_name}</span>
+			<span class="separator">&nbsp;</span>
+			<a class="employee" href="index.php?controller=AdminEmployees&amp;id_employee={$employee->id}&amp;updateemployee&amp;token={getAdminToken tab='AdminEmployees'}" alt="">{l s='My preferences'}</a>
+			<span class="separator">&nbsp;</span>
+			<a href="index.php?logout" id="header_logout">{l s='logout'}</a>
+			{if {$base_url}}
+				<span class="separator">&nbsp;</span>
+				<a href="{$base_url}" id="header_foaccess" target="_blank" title="{l s='View my shop'}">{l s='View my shop'}</a>
 			{/if}
-
-			{hook h="displayBackOfficeTop"}
 		</div>
-		<ul id="menu">
-			{if !$tab}
-				<div class="mainsubtablist" style="display:none">
-				</div>
-			{/if}
-			{foreach $tabs AS $t}
+		<div id="header_search">
+			<form method="post" action="index.php?controller=AdminSearch&amp;token={getAdminToken tab='AdminSearch'}">
+				<input type="text" name="bo_query" id="bo_query" value="{$bo_query}" />
+				<select name="bo_search_type" id="bo_search_type" class="chosen no-search">
+					<option value="0">{l s='everywhere'}</option>
+					<option value="1" {if {$search_type} == 1} selected="selected" {/if}>{l s='catalog'}</option>
+					<optgroup label="{l s='customers'}:">
+						<option value="2" {if {$search_type} == 2} selected="selected" {/if}>{l s='by name'}</option>
+						<option value="6" {if {$search_type} == 6} selected="selected" {/if}>{l s='by ip address'}</option>
+					</optgroup>
+					<option value="3" {if {$search_type} == 3} selected="selected" {/if}>{l s='orders'}</option>
+					<option value="4" {if {$search_type} == 4} selected="selected" {/if}>{l s='invoices'}</option>
+					<option value="5" {if {$search_type} == 5} selected="selected" {/if}>{l s='carts'}</option>
+				</select>
+				<input type="submit" id="bo_search_submit" class="button" value="{l s='Search'}"/>
+			</form>
+		</div>
+
+		{if count($quick_access) > 0}
+		<div id="header_quick">
+			<script type="text/javascript">
+				function quickSelect(elt)
+				{
+					var eltVal = $(elt).val();
+					if (eltVal == "0")
+						return false;
+					else if (eltVal.substr(eltVal.length - 6) == '_blank')
+						window.open(eltVal.substr(0, eltVal.length - 6), '_blank');
+					else
+						location.href = eltVal;
+				}
+			</script>
+			<select onchange="quickSelect(this);" id="quick_select" class="chosen no-search">
+				<option value="0">{l s='Quick Access'}</option>
+				{foreach $quick_access as $quick}
+					<option value="{$quick.link|escape:'htmlall':'UTF-8'}{if $quick.new_window}_blank{/if}">&raquo; {$quick.name}</option>
+				{/foreach}
+			</select>
+		</div>
+		{/if}
+		{if isset($displayBackOfficeTop)}
+			{$displayBackOfficeTop}
+		{/if}
+	</div> {* end header *}
+
+	<ul id="menu">
+		{if !$tab}
+			<div class="mainsubtablist" style="display:none">
+			</div>
+		{/if}
+		{foreach $tabs AS $t}
+			{if $t.active}
 				<li class="submenu_size maintab {if $t.current}active{/if}" id="maintab{$t.id_tab}">
-			<span class="title">
-				<img src="{$t.img}" alt="" />{if $t.name eq ''}{$t.class_name}{else}{$t.name}{/if}
-			</span>
+					<span class="title">
+						<img src="{$t.img}" alt="" />{if $t.name eq ''}{$t.class_name}{else}{$t.name}{/if}
+					</span>
 					<ul class="submenu">
 						{foreach from=$t.sub_tabs item=t2}
-							<li><a href="{$t2.href}">{if $t2.name eq ''}{$t2.class_name}{else}{$t2.name}{/if}</a></li>
+							{if $t2.active}
+								<li><a href="{$t2.href|escape:'htmlall':'UTF-8'}">{if $t2.name eq ''}{$t2.class_name}{else}{$t2.name|escape:'htmlall':'UTF-8'}{/if}</a></li>
+							{/if}
 						{/foreach}
 					</ul>
 				</li>
-			{/foreach}
-		</ul>
-	</div> {* end header *}
+			{/if}
+		{/foreach}
+	</ul>
 {/if}
 	<div id="main">
 		<div id="content">
@@ -224,7 +232,7 @@
 
 		{if $display_header && $is_multishop && $shop_list && ($multishop_context & Shop::CONTEXT_GROUP || $multishop_context & Shop::CONTEXT_SHOP)}
 			<div class="multishop_toolbar">
-				<span class="text_multishop">{l s='Multishop configuration for'}</span>
+				<span class="text_multishop">{l s='Multistore configuration for'}</span>
 				{$shop_list}
 			</div>
 		{/if}

admin-dev/themes/default/template/helpers/list/list_content.tpl

@@ -60,7 +60,7 @@
 			{block name="td_content"}
 				{if isset($params.prefix)}{$params.prefix}{/if}
 				{if isset($params.color) && isset($tr[$params.color])}
-					<span class="color_field" style="background-color: {$tr.color}">
+					<span class="color_field" style="background-color:{$tr.color};color:{if Tools::getBrightness($tr.color) < 128}white{else}#383838{/if}">
 				{/if}
 
 				{if isset($params.active)}

admin-dev/themes/default/template/toolbar.tpl

@@ -39,6 +39,7 @@
 			</ul>
 
 			<script language="javascript" type="text/javascript">
+			//<![CDATA[
 				var submited = false
 				$(function() {
 					//get reference on save link
@@ -108,6 +109,7 @@
 						{/block}
 					}
 				});
+			//]]>
 			</script>
 		{/block}
 		<div class="pageTitle">
@@ -118,7 +120,7 @@
 							{* Use strip_tags because if the string already has been through htmlentities using escape will break it *}
 							<span class="breadcrumb item-{$key} ">{$item|strip_tags}
 								{if !$smarty.foreach.title.last}
-									<img alt="&gt;" style="margin-right:5px" src="../img/admin/separator_breadcrum.png">
+									<img alt="&gt;" style="margin-right:5px" src="../img/admin/separator_breadcrumb.png" />
 								{/if}
 							</span>
 						{/foreach}

classes/AddressFormat.php

@@ -45,7 +45,7 @@ class AddressFormatCore extends ObjectModel
 		'table' => 'address_format',
 		'primary' => 'id_country',
 		'fields' => array(
-			'format' => 	array('type' => self::TYPE_STRING, 'validate' => 'isGenericName', 'required' => true),
+			'format' => 	array('type' => self::TYPE_HTML, 'validate' => 'isGenericName', 'required' => true),
 			'id_country' => array('type' => self::TYPE_INT),
 		),
 	);

classes/AdminTab.php

@@ -459,12 +459,12 @@ abstract class AdminTabCore
 		foreach ($rules['required'] as $field)
 			if (($value = Tools::getValue($field)) == false && (string)$value != '0')
 				if (!Tools::getValue($this->identifier) || ($field != 'passwd' && $field != 'no-picture'))
-					$this->_errors[] = $this->l('the field').' <b>'.call_user_func(array($className, 'displayFieldName'), $field, $className).'</b> '.$this->l('is required');
+					$this->_errors[] = sprintf(Tools::displayError('The field %s is required.'), call_user_func(array($className, 'displayFieldName'), $field, $className));
 
 		/* Checking for multilingual required fields */
 		foreach ($rules['requiredLang'] as $fieldLang)
 			if (($empty = Tools::getValue($fieldLang.'_'.$defaultLanguage->id)) === false || $empty !== '0' && empty($empty))
-				$this->_errors[] = $this->l('the field').' <b>'.call_user_func(array($className, 'displayFieldName'), $fieldLang, $className).'</b> '.$this->l('is required at least in').' '.$defaultLanguage->name;
+				$this->_errors[] = sprintf(Tools::displayError('The field %1$s is required at least in %2$s.'), call_user_func(array($className, 'displayFieldName'), $fieldLang, $className), $defaultLanguage->name);
 
 		/* Checking for maximum fields sizes */
 		foreach ($rules['size'] as $field => $maxLength)
@@ -474,11 +474,9 @@ abstract class AdminTabCore
 		/* Checking for maximum multilingual fields size */
 		foreach ($rules['sizeLang'] as $fieldLang => $maxLength)
 			foreach ($languages as $language)
-			{
 				if (Tools::getValue($fieldLang.'_'.$language['id_lang']) !== false && Tools::strlen(Tools::getValue($fieldLang.'_'.$language['id_lang'])) > $maxLength)
 					$this->_errors[] = sprintf(Tools::displayError('field %1$s is too long. (%2$d chars max, html chars including)'), call_user_func(array($className, 'displayFieldName'), $fieldLang, $className), $maxLength);
-					$this->_errors[] = $this->l('the field').' <b>'.call_user_func(array($className, 'displayFieldName'), $fieldLang, $className).' ('.$language['name'].')</b> '.$this->l('is too long').' ('.$maxLength.' '.$this->l('chars max, html chars including').')';
-			}
+
 		/* Overload this method for custom checking */
 		$this->_childValidation();
 
@@ -486,15 +484,15 @@ abstract class AdminTabCore
 		foreach ($rules['validate'] AS $field => $function)
 			if (($value = Tools::getValue($field)) !== false AND !empty($value) AND ($field != 'passwd'))
 				if (!Validate::$function($value))
-					$this->_errors[] = $this->l('the field').' <b>'.call_user_func(array($className, 'displayFieldName'), $field, $className).'</b> '.$this->l('is invalid');
+					$this->_errors[] = sprintf(Tools::displayError('The field %1$s (%2$s) is invalid.'), call_user_func(array($className, 'displayFieldName'), $field, $className));
 
 		/* Checking for passwd_old validity */
 		if (($value = Tools::getValue('passwd')) != false)
 		{
 			if ($className == 'Employee' && !Validate::isPasswdAdmin($value))
-				$this->_errors[] = $this->l('the field').' <b>'.call_user_func(array($className, 'displayFieldName'), 'passwd', $className).'</b> '.$this->l('is invalid');
+				$this->_errors[] = sprintf(Tools::displayError('The field %1$s (%2$s) is invalid.'), call_user_func(array($className, 'displayFieldName'), 'passwd', $className));
 			elseif ($className == 'Customer' && !Validate::isPasswd($value))
-				$this->_errors[] = $this->l('the field').' <b>'.call_user_func(array($className, 'displayFieldName'), 'passwd', $className).'</b> '.$this->l('is invalid');
+				$this->_errors[] = sprintf(Tools::displayError('The field %1$s (%2$s) is invalid.'), call_user_func(array($className, 'displayFieldName'), 'passwd', $className));
 		}
 
 		/* Checking for multilingual fields validity */
@@ -502,7 +500,7 @@ abstract class AdminTabCore
 			foreach ($languages as $language)
 				if (($value = Tools::getValue($fieldLang.'_'.$language['id_lang'])) !== false && !empty($value))
 					if (!Validate::$function($value))
-						$this->_errors[] = $this->l('the field').' <b>'.call_user_func(array($className, 'displayFieldName'), $fieldLang, $className).' ('.$language['name'].')</b> '.$this->l('is invalid');
+						$this->_errors[] = sprintf(Tools::displayError('The field %1$s (%2$s) is invalid.'), call_user_func(array($className, 'displayFieldName'), $fieldLang, $className), $language['name']);
 	}
 
 	/**

classes/Attribute.php

@@ -50,7 +50,7 @@ class AttributeCore extends ObjectModel
 
 			// Lang fields
 			'name' => 				array('type' => self::TYPE_STRING, 'lang' => true, 'validate' => 'isGenericName', 'required' => true, 'size' => 64),
-		),
+		)
 	);
 
 
@@ -75,13 +75,15 @@ class AttributeCore extends ObjectModel
 	{
 		if (!$this->hasMultishopEntries())
 		{
-			$combinations = new Collection('Combination');
-			$combinations->where($this->def['primary'], '=', $this->id);
-			foreach ($combinations as $combination)
+			$result = Db::getInstance()->executeS('SELECT id_product_attribute FROM '._DB_PREFIX_.'product_attribute_combination WHERE id_attribute = '.(int)$this->id);
+			foreach ($result as $row)
+			{
+				$combination = new Combination($row['id_product_attribute']);
 				$combination->delete();
+			}
 		
-		// Delete associated restrictions on cart rules
-		CartRule::cleanProductRuleIntegrity('attributes', $this->id);
+			// Delete associated restrictions on cart rules
+			CartRule::cleanProductRuleIntegrity('attributes', $this->id);
 
 			/* Reinitializing position */
 			$this->cleanPositions((int)$this->id_attribute_group);

classes/Autoload.php

@@ -93,32 +93,24 @@ class Autoload
 			// If requested class does not exist, load associated core class
 			if (isset($this->index[$classname]) && !$this->index[$classname])
 			{
-				require_once($this->root_dir.$this->index[$classname.'Core']);
-				if (file_exists($this->root_dir.'override/'.$this->index[$classname.'Core']))
-				{
-		 			$this->generateIndex();
-		 			require_once($this->root_dir.$this->index[$classname]);
-				}
-				else
-				{
-					// Since the classname does not exists (we only have a classCore class), we have to emulate the declaration of this class
-					$class_infos = new ReflectionClass($classname.'Core');
-					eval(($class_infos->isAbstract() ? 'abstract ' : '').'class '.$classname.' extends '.$classname.'Core {}');
-				}
+				require($this->root_dir.$this->index[$classname.'Core']);
+
+				// Since the classname does not exists (we only have a classCore class), we have to emulate the declaration of this class
+				$class_infos = new ReflectionClass($classname.'Core');
+				eval(($class_infos->isAbstract() ? 'abstract ' : '').'class '.$classname.' extends '.$classname.'Core {}');
 			}
 			else
 			{
 				// request a non Core Class load the associated Core class if exists
 				if (isset($this->index[$classname.'Core']))
 					require_once($this->root_dir.$this->index[$classname.'Core']);
-
 				if (isset($this->index[$classname]))
 					require_once($this->root_dir.$this->index[$classname]);
 			}
 		}
 		// Call directly ProductCore, ShopCore class
 		else
-			require_once($this->root_dir.$this->index[$classname]);
+			require($this->root_dir.$this->index[$classname]);
 	}
 
 	/**
@@ -185,7 +177,7 @@ class Autoload
 					$classes = array_merge($classes, $this->getClassesFromDir($path.$file.'/'));
 				else if (substr($file, -4) == '.php')
 				{
-			 		$content = file_get_contents($this->root_dir.$path.$file);
+					$content = file_get_contents($this->root_dir.$path.$file);
 			 		$pattern = '#\W((abstract\s+)?class|interface)\s+(?P<classname>'.basename($file, '.php').'(Core)?)'
 			 					.'(\s+extends\s+[a-z][a-z0-9_]*)?(\s+implements\s+[a-z][a-z0-9_]*(\s*,\s*[a-z][a-z0-9_]*)*)?\s*\{#i';
 			 		if (preg_match($pattern, $content, $m))

classes/Carrier.php

@@ -594,7 +594,7 @@ class CarrierCore extends ObjectModel
 
 	public static function checkCarrierZone($id_carrier, $id_zone)
 	{
-		return Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS('
+		return Db::getInstance(_PS_USE_SQL_SLAVE_)->getValue('
 			SELECT c.`id_carrier`
 			FROM `'._DB_PREFIX_.'carrier` c
 			LEFT JOIN `'._DB_PREFIX_.'carrier_zone` cz ON (cz.`id_carrier` = c.`id_carrier`)
@@ -847,6 +847,8 @@ class CarrierCore extends ObjectModel
 												(SELECT '.(int)$this->id.', `id_tax_rules_group`, `id_shop`
 													FROM `'._DB_PREFIX_.'carrier_tax_rules_group_shop`
 													WHERE `id_carrier`='.(int)$old_id.')');
+		// Update warehouse_carriers
+		Db::getInstance()->execute('UPDATE '._DB_PREFIX_.'warehouse_carrier SET id_carrier='.(int)$this->id.' WHERE id_carrier='.(int)$old_id);
 	}
 
 	/**
@@ -1154,18 +1156,22 @@ class CarrierCore extends ObjectModel
 		$query->select('id_carrier');
 		$query->from('product_carrier', 'pc');
 		$query->innerJoin('carrier', 'c', 'c.id_reference = pc.id_carrier_reference AND c.deleted = 0');
-		$query->where('id_product = '.(int)$product->id);
-		$query->where('id_shop = '.(int)$id_shop);
+		$query->where('pc.id_product = '.(int)$product->id);
+		$query->where('pc.id_shop = '.(int)$id_shop);
+
 		$carriers = Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS($query);
-		
+
 		if (!empty($carriers))
 		{
+			//the product is linked with carriers
 			$carrier_list = array();
-			foreach ($carriers as $carrier)
+			foreach ($carriers as $carrier) //check if the linked carriers are available in current zone
 				if (Carrier::checkCarrierZone($carrier['id_carrier'], $id_zone))
 					$carrier_list[] = $carrier['id_carrier'];
 			if (!empty($carrier_list))
 				return $carrier_list;
+			else
+				return array();//no linked carrier are available for this zone
 		}
 
 		$carrier_list = array();

classes/Cart.php

@@ -172,7 +172,9 @@ class CartCore extends ObjectModel
 	{
 		if (!$this->id_lang)
 			$this->id_lang = Configuration::get('PS_LANG_DEFAULT');
-
+		if (!$this->id_shop)
+			$this->id_shop = Context::getContext()->shop->id;
+		
 		$return = parent::add($autodate);
 		Hook::exec('actionCartSave');
 
@@ -1228,14 +1230,14 @@ class CartCore extends ObjectModel
 		return true;
 	}
 
-	public static function getTotalCart($id_cart, $use_tax_display = false)
+	public static function getTotalCart($id_cart, $use_tax_display = false, $type = CART::BOTH)
 	{
 		$cart = new Cart($id_cart);
 		if (!Validate::isLoadedObject($cart))
 			die(Tools::displayError());
 
 		$with_taxes = $use_tax_display ? $cart->_taxCalculationMethod != PS_TAX_EXC : true;
-		return Tools::displayPrice($cart->getOrderTotal($with_taxes), Currency::getCurrencyInstance((int)$cart->id_currency), false);
+		return Tools::displayPrice($cart->getOrderTotal($with_taxes, $type), Currency::getCurrencyInstance((int)$cart->id_currency), false);
 	}
 
 
@@ -2300,7 +2302,7 @@ class CartCore extends ObjectModel
 		}
 		
 		$cache[(int)$dontAutoSeletectOptions] = $delivery_option;
-		
+
 		return $delivery_option;
 	}
 
@@ -2842,9 +2844,8 @@ class CartCore extends ObjectModel
 	{
 		$sql = 'SELECT c.`id_cart`
 				FROM '._DB_PREFIX_.'cart c
-				LEFT JOIN '._DB_PREFIX_.'orders o ON (c.`id_cart` = o.`id_cart`)
-				WHERE c.`id_customer` = '.(int)$id_customer.'
-					AND o.`id_cart` IS NULL
+				WHERE c.`id_cart` NOT IN (SELECT o.`id_cart` FROM '._DB_PREFIX_.'orders o)
+				AND c.`id_customer` = '.(int)$id_customer.'
 					'.Shop::addSqlRestriction(Shop::SHARE_ORDER, 'c').'
 				ORDER BY c.`date_upd` DESC';
 
@@ -2991,14 +2992,14 @@ class CartCore extends ObjectModel
 		return $result;
 	}
 
-	public static function getCustomerCarts($id_customer)
+	public static function getCustomerCarts($id_customer, $with_order = true)
 	{
-		$result = Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS('
-			SELECT *
-			FROM '._DB_PREFIX_.'cart c
-			WHERE c.`id_customer` = '.(int)$id_customer.'
-			ORDER BY c.`date_add` DESC');
-		return $result;
+		return Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS('
+		SELECT *
+		FROM '._DB_PREFIX_.'cart c
+		WHERE c.`id_customer` = '.(int)$id_customer.'
+		'.(!$with_order ? 'AND id_cart NOT IN (SELECT id_cart FROM '._DB_PREFIX_.'orders o WHERE o.`id_customer` = '.(int)$id_customer.')' : '').'
+		ORDER BY c.`date_add` DESC');
 	}
 
 	public static function replaceZeroByShopName($echo, $tr)
@@ -3332,7 +3333,8 @@ class CartCore extends ObjectModel
 				WHERE `id_cart` = '.(int)$this->id.'
 					AND `id_shop` = '.(int)$this->id_shop.'
 			)
-			WHERE `id_cart` = '.(int)$this->id.' AND `id_shop` = '.(int)$this->id_shop;
+			WHERE `id_cart` = '.(int)$this->id.'
+			'.(Configuration::get('PS_ALLOW_MULTISHIPPING') ? ' AND `id_shop` = '.(int)$this->id_shop : '');
 
 		Db::getInstance()->execute($sql);
 

classes/Category.php

@@ -47,6 +47,9 @@ class CategoryCore extends ObjectModel
 	/** @var integer Parent category ID */
 	public $id_parent;
 
+	/** @var integer default Category id */
+	public $id_category_default;
+
 	/** @var integer Parents number */
 	public $level_depth;
 
@@ -95,6 +98,7 @@ class CategoryCore extends ObjectModel
 			'level_depth' => 		array('type' => self::TYPE_INT, 'validate' => 'isUnsignedInt'),
 			'active' => 			array('type' => self::TYPE_BOOL, 'validate' => 'isBool', 'required' => true),
 			'id_parent' => 			array('type' => self::TYPE_INT, 'validate' => 'isUnsignedInt'),
+			'id_shop_default' => 	array('type' => self::TYPE_INT, 'validate' => 'isUnsignedId'),
 			'is_root_category' => 	array('type' => self::TYPE_BOOL, 'validate' => 'isBool'),
 			'position' => 			array('type' => self::TYPE_INT),
 			'date_add' => 			array('type' => self::TYPE_DATE, 'validate' => 'isDate'),
@@ -298,6 +302,12 @@ class CategoryCore extends ObjectModel
 		}
 	}
 
+	public function deleteLite()
+	{
+		// Directly call the parent of delete, in order to avoid recursion
+		return parent::delete();
+	}
+
 	public function delete()
 	{
 		if ((int)$this->id === 0 || (int)$this->id === 1)
@@ -309,7 +319,7 @@ class CategoryCore extends ObjectModel
 		$all_cat[] = $this;
 		foreach ($all_cat as $cat)
 		{
-			parent::delete();
+			$cat->deleteLite();
 			if (!$this->hasMultishopEntries())
 			{
 				$cat->deleteImage();
@@ -365,7 +375,7 @@ class CategoryCore extends ObjectModel
 
 		$parent_category = new Category($this->id_parent);
 		if (!Validate::isLoadedObject($parent_category))
-			die('parent category does not exist');
+			throw new PrestaShopException('Parent category does not exist');
 		return $parent_category->level_depth + 1;
 	}
 
@@ -451,11 +461,12 @@ class CategoryCore extends ObjectModel
 		$result = Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS('
 			SELECT *
 			FROM `'._DB_PREFIX_.'category` c
+			'.Shop::addSqlAssociation('category', 'c').'
 			LEFT JOIN `'._DB_PREFIX_.'category_lang` cl ON c.`id_category` = cl.`id_category`'.Shop::addSqlRestrictionOnLang('cl').'
 			WHERE 1 '.$sql_filter.' '.($id_lang ? 'AND `id_lang` = '.(int)$id_lang : '').'
 			'.($active ? 'AND `active` = 1' : '').'
 			'.(!$id_lang ? 'GROUP BY c.id_category' : '').'
-			'.($sql_sort != '' ? $sql_sort : 'ORDER BY c.`level_depth` ASC, c.`position` ASC').'
+			'.($sql_sort != '' ? $sql_sort : 'ORDER BY c.`level_depth` ASC, category_shop.`position` ASC').'
 			'.($sql_limit != '' ? $sql_limit : '')
 		);
 
@@ -562,14 +573,14 @@ class CategoryCore extends ObjectModel
 			$order_way = 'ASC';
 		if ($order_by == 'id_product' || $order_by == 'date_add' || $order_by == 'date_upd')
 			$order_by_prefix = 'p';
-		else if ($order_by == 'name')
+		elseif ($order_by == 'name')
 			$order_by_prefix = 'pl';
-		else if ($order_by == 'manufacturer')
+		elseif ($order_by == 'manufacturer')
 		{
 			$order_by_prefix = 'm';
 			$order_by = 'name';
 		}
-		else if ($order_by == 'position')
+		elseif ($order_by == 'position')
 			$order_by_prefix = 'cp';
 
 		if ($order_by == 'price')
@@ -594,7 +605,7 @@ class CategoryCore extends ObjectModel
 			return (int)Db::getInstance(_PS_USE_SQL_SLAVE_)->getValue($sql);
 		}
 
-		$sql = 'SELECT p.*, product_shop.*, stock.out_of_stock, IFNULL(stock.quantity, 0) as quantity, pa.`id_product_attribute`, pl.`description`, pl.`description_short`, pl.`available_now`,
+		$sql = 'SELECT p.*, product_shop.*, stock.out_of_stock, IFNULL(stock.quantity, 0) as quantity, product_attribute_shop.`id_product_attribute`, pl.`description`, pl.`description_short`, pl.`available_now`,
 					pl.`available_later`, pl.`link_rewrite`, pl.`meta_description`, pl.`meta_keywords`, pl.`meta_title`, pl.`name`, i.`id_image`,
 					il.`legend`, m.`name` AS manufacturer_name, tl.`name` AS tax_name, t.`rate`, cl.`name` AS category_default,
 					DATEDIFF(product_shop.`date_add`, DATE_SUB(NOW(),
@@ -604,11 +615,11 @@ class CategoryCore extends ObjectModel
 				FROM `'._DB_PREFIX_.'category_product` cp
 				LEFT JOIN `'._DB_PREFIX_.'product` p
 					ON p.`id_product` = cp.`id_product`
+				'.Shop::addSqlAssociation('product', 'p').'
 				LEFT JOIN `'._DB_PREFIX_.'product_attribute` pa
 				ON (p.`id_product` = pa.`id_product`)
-				'.Shop::addSqlAssociation('product_attribute', 'pa', false).'
-				'.Shop::addSqlAssociation('product', 'p').'
-				'.Product::sqlStock('p', 'pa', false, $context->shop).'
+				'.Shop::addSqlAssociation('product_attribute', 'pa', false, 'product_attribute_shop.`default_on` = 1').'
+				'.Product::sqlStock('p', 'product_attribute_shop', false, $context->shop).'
 				LEFT JOIN `'._DB_PREFIX_.'category_lang` cl
 					ON (product_shop.`id_category_default` = cl.`id_category`
 					AND cl.`id_lang` = '.(int)$id_lang.Shop::addSqlRestrictionOnLang('cl').')
@@ -633,14 +644,14 @@ class CategoryCore extends ObjectModel
 					AND tl.`id_lang` = '.(int)$id_lang.')
 				LEFT JOIN `'._DB_PREFIX_.'manufacturer` m
 					ON m.`id_manufacturer` = p.`id_manufacturer`
-				WHERE product_shop.`id_shop` = '.(int)Context::getContext()->shop->id.'
-					AND (product_attribute_shop.default_on = 1 OR product_attribute_shop.default_on IS NULL)
+				WHERE product_shop.`id_shop` = '.(int)$context->shop->id.'
+				AND ((product_attribute_shop.id_product_attribute IS NOT NULL OR pa.id_product_attribute IS NULL) 
+					OR (product_attribute_shop.id_product_attribute IS NULL AND pa.default_on=1))
 					AND cp.`id_category` = '.(int)$this->id
 					.($active ? ' AND product_shop.`active` = 1' : '')
 					.($front ? ' AND product_shop.`visibility` IN ("both", "catalog")' : '')
 					.($id_supplier ? ' AND p.id_supplier = '.(int)$id_supplier : '');
 
-		$sql .= ' GROUP BY p.`id_product`';
 		if ($random === true)
 		{
 			$sql .= ' ORDER BY RAND()';
@@ -763,7 +774,7 @@ class CategoryCore extends ObjectModel
 			AND c3.`id_category`  IN ('.implode(',', array_map('intval', $selected_cat)).')
 					)' : '0').' AS nbSelectedSubCat
 				FROM `'._DB_PREFIX_.'category` c
-				LEFT JOIN `'._DB_PREFIX_.'category_lang` cl ON c.`id_category` = cl.`id_category`'.Shop::addSqlRestrictionOnLang('cl');
+				LEFT JOIN `'._DB_PREFIX_.'category_lang` cl ON (c.`id_category` = cl.`id_category` '.Shop::addSqlRestrictionOnLang('cl', $id_shop).')';
 		if (Shop::getContext() == Shop::CONTEXT_SHOP && $use_shop_context)
 			$sql .= ' LEFT JOIN `'._DB_PREFIX_.'category_shop` cs ON (c.`id_category` = cs.`id_category` AND cs.`id_shop` = '.(int)$id_shop.')';
 		$sql .= ' WHERE `id_lang` = '.(int)$id_lang;
@@ -1177,12 +1188,12 @@ class CategoryCore extends ObjectModel
 	 */
 	public static function getLastPosition($id_category_parent, $id_shop)
 	{
-		return (Db::getInstance()->getValue('
-		SELECT MAX(cs.`position`)+1
+		return (int)(Db::getInstance()->getValue('
+		SELECT MAX(cs.`position`)
 		FROM `'._DB_PREFIX_.'category` c
 		LEFT JOIN `'._DB_PREFIX_.'category_shop` cs
 			ON (c.`id_category` = cs.`id_category` AND cs.`id_shop` = '.(int)$id_shop.')
-		WHERE c.`id_parent` = '.(int)$id_category_parent));
+		WHERE c.`id_parent` = '.(int)$id_category_parent) + 1);
 	}
 
 	public static function getUrlRewriteInformations($id_category)
@@ -1229,6 +1240,17 @@ class CategoryCore extends ObjectModel
 			return false;
 		return ($this->nleft >= $interval['nleft'] && $this->nright <= $interval['nright']);
 	}
+	
+	public static function inShopStatic($id_category, Shop $shop = null)
+	{
+		if (!$shop || !is_object($shop))
+			$shop = Context::getContext()->shop;
+
+		if (!$interval = Category::getInterval($shop->getCategory()))
+			return false;
+		$row = Db::getInstance(_PS_USE_SQL_SLAVE_)->getRow('SELECT nleft, nright FROM `'._DB_PREFIX_.'category` WHERE id_category = '.(int)$id_category);
+		return ($row['nleft'] >= $interval['nleft'] && $row['nright'] <= $interval['nright']);
+	}
 
 	public function getChildrenWs()
 	{

classes/Chart.php

@@ -166,7 +166,7 @@ class Curve
 	{
 		$this->type = '';
 		if ($type == 'bars')
-			$this->type = 'bars:{show:true}';
+			$this->type = 'bars:{show:true,lineWidth:10}';
 		if ($type == 'steps')
 			$this->type = 'lines:{show:true,steps:true}';
 	}

classes/ConfigurationTest.php

@@ -159,27 +159,36 @@ class ConfigurationTestCore
 		return false;
 	}
 
-	public static function test_dir($relative_dir, $recursive = false)
+	public static function test_dir($relative_dir, $recursive = false, &$full_report = null)
 	{
-		$dir = _PS_ROOT_DIR_.DIRECTORY_SEPARATOR.ltrim($relative_dir, '/');
+		$dir = rtrim(_PS_ROOT_DIR_, '\\/').DIRECTORY_SEPARATOR.trim($relative_dir, '\\/');
 		if (!file_exists($dir) || !$dh = opendir($dir))
+		{
+			$full_report = sprintf('Directory %s does not exists or is not writable', $dir); // sprintf for future translation
 			return false;
-		$dummy = rtrim($dir, '/').'/'.uniqid();
-		if (@file_put_contents($dummy, 'test'))
+		}
+		$dummy = rtrim($dir, '\\/').DIRECTORY_SEPARATOR.uniqid();
+		if (false && @file_put_contents($dummy, 'test'))
 		{
 			@unlink($dummy);
 			if (!$recursive)
+			{
+				closedir($dh);
 				return true;
+			}
 		}
-		else if (!is_writable($dir))
-			return false;
-		if ($recursive)
+		elseif (!is_writable($dir))
 		{
+			$full_report = sprintf('Directory %s is not writable', $dir); // sprintf for future translation
+			return false;
+		}
+		
+		if ($recursive)
 			while (($file = readdir($dh)) !== false)
 				if (is_dir($dir.DIRECTORY_SEPARATOR.$file) && $file != '.' && $file != '..' && $file != '.svn')
-					if (!ConfigurationTest::test_dir($relative_dir.DIRECTORY_SEPARATOR.$file, true))
+					if (!ConfigurationTest::test_dir($relative_dir.DIRECTORY_SEPARATOR.$file, $recursive, $full_report))
 						return false;
-		}
+
 		closedir($dh);
 		return true;
 	}

classes/Context.php

@@ -95,6 +95,55 @@ class ContextCore
 	 */
 	public $smarty;
 
+	/**
+	 * @ var Mobile Detect
+	 */
+	public $mobile_detect;
+
+	/**
+	 * @var boolean|string mobile device of the customer
+	 */
+	protected $mobile_device;
+
+	public function getMobileDevice()
+	{
+		if (is_null($this->mobile_device))
+		{
+			$this->mobile_device = false;
+			if ($this->checkMobileContext())
+			{
+				require_once(_PS_TOOL_DIR_.'mobile_Detect/Mobile_Detect.php');
+				$this->mobile_detect = new Mobile_Detect();
+				switch ((int)Configuration::get('PS_ALLOW_MOBILE_DEVICE'))
+				{
+					case 1: // Only for mobile device
+						if ($this->mobile_detect->isMobile() && !$this->mobile_detect->isTablet())
+							$this->mobile_device = true;
+						break;
+					case 2: // Only for touchpads
+						if ($this->mobile_detect->isTablet() && !$this->mobile_detect->is_mobile())
+							$this->mobile_device = true;
+						break;
+					case 3: // For touchpad or mobile devices
+						if ($this->mobile_detect->isMobile() || $this->mobile_detect->isTablet())
+							$this->mobile_device = true;
+						break;
+				}
+			}
+		}
+
+		return $this->mobile_device;
+	}
+
+	protected function checkMobileContext()
+	{
+		return isset($_SERVER['HTTP_USER_AGENT'])
+			&& isset(Context::getContext()->cookie)
+			&& (bool)Configuration::get('PS_ALLOW_MOBILE_DEVICE')
+			&& @filemtime(_PS_THEME_MOBILE_DIR_)
+			&& !Context::getContext()->cookie->no_mobile;
+	}
+
 	/**
 	 * Get a singleton context
 	 *

classes/Country.php

@@ -110,51 +110,42 @@ class CountryCore extends ObjectModel
 	}
 
 	/**
-	 * Return available countries
+	 * @brief Return available countries
 	 *
 	 * @param integer $id_lang Language ID
 	 * @param boolean $active return only active coutries
-	 * @return array Countries and corresponding zones
+	 * @param boolean $contain_states return only country with states
+	 * @param boolean $list_states Include the states list with the returned list
+	 *
+	 * @return Array Countries and corresponding zones
 	 */
-	public static function getCountries($id_lang, $active = false, $contain_states = null)
+	public static function getCountries($id_lang, $active = false, $contain_states = false, $list_states = true)
 	{
-		if (!Validate::isBool($active))
-			die(Tools::displayError());
-
-		$states = Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS('
-		SELECT s.*
-		FROM `'._DB_PREFIX_.'state` s
-		ORDER BY s.`name` ASC');
-
-		$sql = 'SELECT cl.*,c.*, cl.`name` AS country, z.`name` AS zone
-				FROM `'._DB_PREFIX_.'country` c
-				'.Shop::addSqlAssociation('country', 'c').'
-				LEFT JOIN `'._DB_PREFIX_.'country_lang` cl ON (c.`id_country` = cl.`id_country` AND cl.`id_lang` = '.(int)$id_lang.')
-				LEFT JOIN `'._DB_PREFIX_.'zone` z ON z.`id_zone` = c.`id_zone`
-				WHERE 1'
-					.($active ? ' AND c.active = 1' : '')
-					.(!is_null($contain_states) ? ' AND c.`contains_states` = '.(int)$contain_states : '').'
-		ORDER BY cl.name ASC';
-		$result = Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS($sql);
 		$countries = array();
-		foreach ($result as &$country)
+		foreach (Db::getInstance(_PS_USE_SQL_SLAVE_)->ExecuteS('SELECT cl.*,c.*, cl.`name` country, z.`name` zone
+				FROM `'._DB_PREFIX_.'country` c '.Shop::addSqlAssociation('country', 'c').'
+				LEFT JOIN `'._DB_PREFIX_.'country_lang` cl ON (c.`id_country` = cl.`id_country` AND cl.`id_lang` = '.(int)$id_lang.')
+				LEFT JOIN `'._DB_PREFIX_.'zone` z ON (z.`id_zone` = c.`id_zone`)
+				WHERE 1'.($active ? ' AND c.active = 1' : '').($contain_states ? ' AND c.`contains_states` = '.(int)$contain_states : '').'
+				ORDER BY cl.name ASC') as $country)
 			$countries[$country['id_country']] = $country;
-		foreach ($states as &$state)
-			if (isset($countries[$state['id_country']])) /* Does not keep the state if its country has been disabled and not selected */
-				$countries[$state['id_country']]['states'][] = $state;
+
+		if ($list_states)
+			foreach (Db::getInstance(_PS_USE_SQL_SLAVE_)->ExecuteS('SELECT * FROM `'._DB_PREFIX_.'state` ORDER BY `name` ASC') as $state)
+				if (isset($countries[$state['id_country']])) /* Does not keep the state if its country has been disabled and not selected */
+					$countries[$state['id_country']]['states'][] = $state;
 
 		return $countries;
 	}
 
 	public static function getCountriesByIdShop($id_shop, $id_lang)
 	{
-		$sql = 'SELECT *
-				FROM `'._DB_PREFIX_.'country` c
-				LEFT JOIN `'._DB_PREFIX_.'country_shop` cs ON (cs.`id_country`= c.`id_country`)
-				LEFT JOIN `'._DB_PREFIX_.'country_lang` cl ON (c.`id_country` = cl.`id_country` AND cl.`id_lang` = '.(int)$id_lang.')
-				WHERE `id_shop` = '.(int)$id_shop;
-
-		return Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS($sql);
+		return Db::getInstance(_PS_USE_SQL_SLAVE_)->ExecuteS('
+		SELECT *
+		FROM `'._DB_PREFIX_.'country` c
+		LEFT JOIN `'._DB_PREFIX_.'country_shop` cs ON (cs.`id_country`= c.`id_country`)
+		LEFT JOIN `'._DB_PREFIX_.'country_lang` cl ON (c.`id_country` = cl.`id_country` AND cl.`id_lang` = '.(int)$id_lang.')
+		WHERE `id_shop` = '.(int)$id_shop);
 	}
 
 	/**

classes/Currency.php

@@ -105,7 +105,6 @@ class CurrencyCore extends ObjectModel
 		// price sign before or after the price number
 		$this->prefix =	$this->format % 2 != 0 ? $this->sign.' ' : '';
 		$this->suffix =	$this->format % 2 == 0 ? ' '.$this->sign : '';
-
 	}
 	/**
 	 * Overriding check if currency with the same iso code already exists.
@@ -181,12 +180,15 @@ class CurrencyCore extends ObjectModel
 			'left' => $this->sign.' ',
 			'right' => ' '.$this->sign
 		);
+
 		$formats = array(
 			1 => array('left' => &$formated_strings['left'], 'right' => ''),
 			2 => array('left' => '', 'right' => &$formated_strings['right']),
 			3 => array('left' => &$formated_strings['left'], 'right' => ''),
 			4 => array('left' => '', 'right' => &$formated_strings['right']),
+			5 => array('left' => '', 'right' => &$formated_strings['right'])
 		);
+
 		return ($formats[$this->format][$side]);
 	}
 

classes/Customer.php

@@ -224,6 +224,17 @@ class CustomerCore extends ObjectModel
 			$this->newsletter_date_add = date('Y-m-d H:i:s');
 		if (Context::getContext()->controller->controller_type == 'admin')
 			$this->updateGroup($this->groupBox);
+			
+		if ($this->deleted)
+		{
+			$addresses = $this->getAddresses((int)Configuration::get('PS_LANG_DEFAULT'));
+			foreach ($addresses as $address)
+			{
+				$obj = new Address((int)$address['id_address']);
+				$obj->delete();
+			}
+		}
+
 	 	return parent::update(true);
 	}
 
@@ -737,9 +748,9 @@ class CustomerCore extends ObjectModel
 		$this->logged = 0;
 	}
 
-	public function getLastCart()
+	public function getLastCart($with_order = true)
 	{
-		$carts = Cart::getCustomerCarts((int)$this->id);
+		$carts = Cart::getCustomerCarts((int)$this->id, $with_order);
 		if (!count($carts))
 			return false;
 		$cart = array_shift($carts);

classes/CustomerMessage.php

@@ -36,6 +36,7 @@ class CustomerMessageCore extends ObjectModel
 	public $user_agent;
 	public $private;
 	public $date_add;
+	public $read;
 
 	/**
 	 * @see ObjectModel::$definition
@@ -52,6 +53,7 @@ class CustomerMessageCore extends ObjectModel
 			'user_agent' => 		array('type' => self::TYPE_STRING),
 			'private' => 			array('type' => self::TYPE_INT),
 			'date_add' => 			array('type' => self::TYPE_DATE, 'validate' => 'isDate'),
+			'read' => 				array('type' => self::TYPE_BOOL, 'validate' => 'isBool')
 		),
 	);
 

classes/CustomerThread.php

@@ -72,15 +72,17 @@ class CustomerThreadCore extends ObjectModel
 		return (parent::delete());
 	}
 
-	public static function getCustomerMessages($id_customer)
+	public static function getCustomerMessages($id_customer, $read = null)
 	{
-		return Db::getInstance()->executeS('
-			SELECT *
+		$sql = 'SELECT *
 			FROM '._DB_PREFIX_.'customer_thread ct
 			LEFT JOIN '._DB_PREFIX_.'customer_message cm
 				ON ct.id_customer_thread = cm.id_customer_thread
-			WHERE id_customer = '.(int)$id_customer
-		);
+			WHERE id_customer = '.(int)$id_customer;
+		if (!is_null($read))
+			$sql .= ' AND cm.`read` = '.(int)$read;
+
+		return Db::getInstance()->executeS($sql);
 	}
 
 	public static function getIdCustomerThreadByEmailAndIdOrder($email, $id_order)

classes/Dispatcher.php

@@ -250,7 +250,7 @@ class DispatcherCore
 		{
 			// Dispatch front office controller
 			case self::FC_FRONT :
-				$controllers = Dispatcher::getControllers(_PS_FRONT_CONTROLLER_DIR_, _PS_OVERRIDE_DIR_.'controllers/front/');
+				$controllers = Dispatcher::getControllers(array(_PS_FRONT_CONTROLLER_DIR_, _PS_OVERRIDE_DIR_.'controllers/front/'));
 
 				$controllers['index'] = 'IndexController';
 				if (isset($controllers['auth']))
@@ -734,9 +734,9 @@ class DispatcherCore
 		{
 			if ($controller_filename[0] != '.')
 			{
-				if (is_dir($dir.$controller_filename))
+				if (!strpos($controller_filename, '.php') && is_dir($dir.$controller_filename))
 					$controllers += Dispatcher::getControllersInDirectory($dir.$controller_filename.DIRECTORY_SEPARATOR);
-				else if ($controller_filename != 'index.php')
+				elseif ($controller_filename != 'index.php')
 				{
 					$key = str_replace(array('controller.php', '.php'), '', strtolower($controller_filename));
 					$controllers[$key] = basename($controller_filename, '.php');

classes/Group.php

@@ -251,26 +251,22 @@ class GroupCore extends ObjectModel
 	 * @param $modules
 	 * @param array $shops
 	 * @return bool
-	 * @internal param \id_group $integer
-	 * @internal param \modules $array
-	 * @internal param \authorized $integer
 	 */
 	public static function addModulesRestrictions($id_group, $modules, $shops = array(1))
 	{
-		if (!is_array($modules) && !empty($modules))
+		if (!is_array($modules) || !count($modules) || !is_array($shops) || !count($shops))
 			return false;
-		else
-		{
-			//delete all record for this group
-			Db::getInstance()->execute('DELETE FROM `'._DB_PREFIX_.'module_group` WHERE `id_group` = '.(int)$id_group);
-			$sql = 'INSERT INTO `'._DB_PREFIX_.'module_group` (`id_module`, `id_shop`, `id_group`) VALUES ';
-			foreach ($modules as $mod)
-				foreach ($shops as $s)
-					$sql .= '("'.(int)$mod.'", "'.(int)$s.'", "'.(int)$id_group.'"),';
-			// removing last comma to avoid SQL error
-			$sql = substr($sql, 0, strlen($sql) - 1);
-			return (bool)Db::getInstance()->execute($sql);
-		}
+
+		// Delete all record for this group
+		Db::getInstance()->execute('DELETE FROM `'._DB_PREFIX_.'module_group` WHERE `id_group` = '.(int)$id_group);
+		
+		$sql = 'INSERT INTO `'._DB_PREFIX_.'module_group` (`id_module`, `id_shop`, `id_group`) VALUES ';
+		foreach ($modules as $module)
+			foreach ($shops as $shop)
+				$sql .= '("'.(int)$module.'", "'.(int)$shop.'", "'.(int)$id_group.'"),';
+		$sql = rtrim($sql, ',');
+		
+		return (bool)Db::getInstance()->execute($sql);
 	}
 
 	/**
@@ -281,14 +277,15 @@ class GroupCore extends ObjectModel
 	 */
 	public static function addRestrictionsForModule($id_module, $shops = array(1))
 	{
-		$groups = Group::getGroups(Context::getContext()->language->id);
-		$sql = 'INSERT INTO `'._DB_PREFIX_.'module_group` (`id_module`, `id_shop`, `id_group`) VALUES ';
-		foreach ($groups as $g)
-			foreach ($shops as $s)
-				$sql .= '("'.(int)$id_module.'", "'.(int)$s.'", "'.(int)$g['id_group'].'"),';
-		// removing last comma to avoid SQL error
-		$sql = substr($sql, 0, strlen($sql) - 1);
-		Db::getInstance()->execute($sql);
+		if (!is_array($shops) || !count($shops))
+			return false;
+		
+		$res = true;
+		foreach ($shops as $shop)
+			$res &= Db::getInstance()->execute('
+			INSERT INTO `'._DB_PREFIX_.'module_group` (`id_module`, `id_shop`, `id_group`)
+			(SELECT '.(int)$id_module.', '.(int)$shop.', id_group FROM `'._DB_PREFIX_.'group`)');
+		return $res;
 	}
 
 	/**

classes/Hook.php

@@ -180,14 +180,12 @@ class HookCore extends ObjectModel
 		$cache_id = 'hook_module_list';
 		if (!Cache::isStored($cache_id))
 		{
-			$sql = 'SELECT h.id_hook, h.name as h_name, title, description, h.position, live_edit, hm.position as hm_position, m.id_module, m.name, active
-					FROM `'._DB_PREFIX_.'hook` h
-					INNER JOIN `'._DB_PREFIX_.'hook_module` hm ON (h.id_hook = hm.id_hook)
-					INNER JOIN `'._DB_PREFIX_.'module` as m    ON (m.id_module = hm.id_module)
-					WHERE hm.id_shop IN('.implode(', ', Shop::getContextListShopID()).')
-					GROUP BY hm.id_hook, hm.id_module
-					ORDER BY hm.position';
-			$results = Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS($sql);
+			$results = Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS('
+			SELECT h.id_hook, h.name as h_name, title, description, h.position, live_edit, hm.position as hm_position, m.id_module, m.name, active
+			FROM `'._DB_PREFIX_.'hook` h
+			INNER JOIN `'._DB_PREFIX_.'hook_module` hm ON (h.id_hook = hm.id_hook AND hm.id_shop = '.(int)Context::getContext()->shop->id.')
+			INNER JOIN `'._DB_PREFIX_.'module` as m ON (m.id_module = hm.id_module)
+			ORDER BY hm.position');
 			$list = array();
 			foreach ($results as $result)
 			{
@@ -244,29 +242,49 @@ class HookCore extends ObjectModel
 	{
 		$context = Context::getContext();
 		$cache_id = 'hook_module_exec_list'.((isset($context->customer)) ? '_'.$context->customer->id : '');
-		if (!Cache::isStored($cache_id))
+		if (!Cache::isStored($cache_id) || $hook_name == 'displayPayment')
 		{
-			// Get shops and groups list
-			$shop_list = Shop::getContextListShopID();
-			if (isset($context->customer) && $context->customer->isLogged())
-				$groups = $context->customer->getGroups();
-
+			$frontend = true;
+			$groups = array();
+			if (isset($context->employee))
+			{
+				$shop_list = array((int)$context->shop->id);
+				$frontend = false;
+			}
+			else
+			{
+				// Get shops and groups list
+				$shop_list = Shop::getContextListShopID();
+				if (isset($context->customer) && $context->customer->isLogged())
+					$groups = $context->customer->getGroups();
+				elseif (isset($context->customer) && $context->customer->isLogged(true))
+					$groups = array((int)Configuration::get('PS_GUEST_GROUP'));
+				else
+					$groups = array((int)Configuration::get('PS_UNIDENTIFIED_GROUP'));
+			}
+			
 			// SQL Request
 			$sql = new DbQuery();
 			$sql->select('h.`name` as hook, m.`id_module`, h.`id_hook`, m.`name` as module, h.`live_edit`');
 			$sql->from('module', 'm');
 			$sql->innerJoin('hook_module', 'hm', 'hm.`id_module` = m.`id_module`');
 			$sql->innerJoin('hook', 'h', 'hm.`id_hook` = h.`id_hook`');
-			$sql->where('(SELECT COUNT(*) FROM '._DB_PREFIX_.'module_shop ms WHERE ms.id_module = m.id_module AND ms.id_shop IN('.implode(', ', $shop_list).')) = '.count($shop_list));
-			$sql->where('hm.id_shop IN('.implode(', ', $shop_list).')');
+			$sql->where('(SELECT COUNT(*) FROM '._DB_PREFIX_.'module_shop ms WHERE ms.id_module = m.id_module AND ms.id_shop IN ('.implode(', ', $shop_list).')) = '.count($shop_list));
+			if ($hook_name != 'displayPayment')
+				$sql->where('h.name != "displayPayment"');
+			// For payment modules, we check that they are available in the contextual country
+			elseif ($frontend && Validate::isLoadedObject($context->country))
+				$sql->where('(h.name = "displayPayment" AND (SELECT id_country FROM '._DB_PREFIX_.'module_country mc WHERE mc.id_module = m.id_module AND id_country = '.(int)$context->country->id.' LIMIT 1) = '.(int)$context->country->id.')');
+			if (Validate::isLoadedObject($context->shop))
+				$sql->where('hm.id_shop = '.(int)$context->shop->id);
 
-			if (isset($context->customer) && $context->customer->isLogged())
+			if ($frontend)
 			{
 				$sql->leftJoin('module_group', 'mg', 'mg.`id_module` = m.`id_module`');
-				$sql->where('mg.`id_group` IN('.implode(', ', $groups).')');
+				$sql->where('mg.`id_group` IN ('.implode(', ', $groups).')');
+				$sql->groupBy('hm.id_hook, hm.id_module');
 			}
 
-			$sql->groupBy('hm.id_hook, hm.id_module');
 			$sql->orderBy('hm.`position`');
 
 			// Store results per hook name
@@ -297,11 +315,12 @@ class HookCore extends ObjectModel
 						'live_edit' => $row['live_edit'],
 					);
 				}
-
-			Cache::store($cache_id, $list);
-
-			// @todo remove this in 1.6, we keep it in 1.5 for retrocompatibility
-			self::$_hook_modules_cache_exec = $list;
+			if ($hook_name != 'displayPayment')
+			{
+				Cache::store($cache_id, $list);
+				// @todo remove this in 1.6, we keep it in 1.5 for retrocompatibility
+				self::$_hook_modules_cache_exec = $list;
+			}
 		}
 		else
 			$list = Cache::retrieve($cache_id);

classes/ImageManager.php

@@ -237,7 +237,7 @@ class ImageManagerCore
 		// Filter on file extension
 		$authorized_extensions = array('gif', 'jpg', 'jpeg', 'jpe', 'png');
 		$name_explode = explode('.', $filename);
-		if (count($name_explode))
+		if (count($name_explode) >= 2)
 		{
 			$current_extension = strtolower($name_explode[count($name_explode) - 1]);
 			if (!in_array($current_extension, $authorized_extensions))

classes/Language.php

@@ -104,12 +104,12 @@ class LanguageCore extends ObjectModel
 	}
 
 	/**
-	 * Generate traslations files
+	 * Generate translations files
 	 *
 	 */
 	protected function _generateFiles($newIso = null)
 	{
-		$iso_code = $newIso?$newIso:$this->iso_code;
+		$iso_code = $newIso ? $newIso : $this->iso_code;
 
 		if (!file_exists(_PS_TRANSLATIONS_DIR_.$iso_code))
 			mkdir(_PS_TRANSLATIONS_DIR_.$iso_code);
@@ -130,7 +130,6 @@ class LanguageCore extends ObjectModel
 
 			@chmod($path_file, 0777);
 		}
-
 	}
 
 	/**

classes/Link.php

@@ -124,6 +124,9 @@ class LinkCore
 
 		if ($dispatcher->hasKeyword('product_rule', $id_lang, 'tags'))
 			$params['tags'] = Tools::str2url($product->getTags($id_lang));
+		
+		if ($dispatcher->hasKeyword('product_rule', $id_lang, 'reference'))
+			$params['reference'] = Tools::str2url($product->reference);
 
 		if ($dispatcher->hasKeyword('product_rule', $id_lang, 'categories'))
 		{
@@ -318,7 +321,7 @@ class LinkCore
 
 		// If the module has its own route ... just use it !
 		if (Dispatcher::getInstance()->hasRoute('module-'.$module.'-'.$controller, $id_lang))
-			return $this->getPageLink('module-'.$module.'-'.$controller, $params);
+			return $this->getPageLink('module-'.$module.'-'.$controller, $ssl, $id_lang, $params);
 		else
 			return $url.Dispatcher::getInstance()->createUrl('module', $id_lang, $params, $this->allow);
 	}
@@ -441,7 +444,20 @@ class LinkCore
 		$controller = Dispatcher::getInstance()->getController();
 		if (!empty(Context::getContext()->controller->php_self))
 			$controller = Context::getContext()->controller->php_self;
-		
+
+		if ($controller == 'product' && isset($params['id_product']))
+			return $this->getProductLink((int)$params['id_product'], null, null, null, (int)$id_lang);
+		elseif ($controller == 'category' && isset($params['id_category']))
+			return $this->getCategoryLink((int)$params['id_category'], null, (int)$id_lang);
+		elseif ($controller == 'supplier' && isset($params['id_supplier']))
+			return $this->getSupplierLink((int)$params['id_supplier'], null, (int)$id_lang);
+		elseif ($controller == 'manufacturer' && isset($params['id_manufacturer']))
+			return $this->getManufacturerLink((int)$params['id_manufacturer'], null, (int)$id_lang);
+		elseif ($controller == 'cms' && isset($params['id_cms']))
+			return $this->getCMSLink((int)$params['id_cms'], null, false, (int)$id_lang);
+		elseif ($controller == 'cms' && isset($params['id_cms_category']))
+			return $this->getCMSCategoryLink((int)$params['id_cms_category'], null, (int)$id_lang);
+
 		return $this->getPageLink($controller, false, $id_lang, $params);
 	}
 

classes/LocalizationPack.php

@@ -61,7 +61,8 @@ class LocalizationPackCore
 			{
 				if (!$id_lang = (int)Language::getIdByIso($this->iso_code_lang))
 					$id_lang = 1;
-				Configuration::updateValue('PS_LANG_DEFAULT', $id_lang);
+				if (!$install_mode)
+					Configuration::updateValue('PS_LANG_DEFAULT', $id_lang);
 			}
 
 			if ($install_mode && $res && isset($this->iso_currency))
@@ -306,9 +307,9 @@ class LocalizationPackCore
 					$errstr = '';
 					if (@fsockopen('api.prestashop.com', 80, $errno, $errstr, 10))
 					{
-						if ($lang_pack = Tools::jsonDecode(Tools::file_get_contents('http://api.prestashop.com/download/lang_packs/get_language_pack.php?version='._PS_VERSION_.'&iso_lang='.$attributes['iso_code'])))
+						if ($lang_pack = Tools::jsonDecode(Tools::file_get_contents('http://www.prestashop.com/download/lang_packs/get_language_pack.php?version='._PS_VERSION_.'&iso_lang='.$attributes['iso_code'])))
 						{
-							if ($content = Tools::file_get_contents('http://api.prestashop.com/download/lang_packs/gzip/'.$lang_pack->version.'/'.$attributes['iso_code'].'.gzip'))
+							if ($content = Tools::file_get_contents('http://translations.prestashop.com/download/lang_packs/gzip/'.$lang_pack->version.'/'.$attributes['iso_code'].'.gzip'))
 							{
 								$file = _PS_TRANSLATIONS_DIR_.$attributes['iso_code'].'.gzip';
 								if (file_put_contents($file, $content))

classes/Mail.php

@@ -325,11 +325,11 @@ class MailCore
 
 		if (!is_array($_LANGMAIL))
 			return (str_replace('"', '"', $string));
-		if (array_key_exists($key, $_LANGMAIL))
+		if (array_key_exists($key, $_LANGMAIL) && !empty($_LANGMAIL[$key]))
 			$str = $_LANGMAIL[$key];
 		else
 			$str = $string;
 
-		return str_replace('"', '"', addslashes($str));
+		return str_replace('"', '"', stripslashes($str));
 	}
 }

classes/Manufacturer.php

@@ -103,8 +103,6 @@ class ManufacturerCore extends ObjectModel
 	{
 		parent::__construct($id, $id_lang);
 
-		/* Get the manufacturer's id_address */
-		$this->id_address = $this->getManufacturerAddress();
 		$this->link_rewrite = $this->getLink();
 		$this->image_dir = _PS_MANU_IMG_DIR_;
 	}
@@ -149,16 +147,7 @@ class ManufacturerCore extends ObjectModel
 		if (!(int)$this->id)
 			return false;
 
-		$result = Db::GetInstance(_PS_USE_SQL_SLAVE_)->getRow('
-			SELECT `id_address`
-			FROM '._DB_PREFIX_.'address
-			WHERE `id_manufacturer` = '.(int)$this->id
-		);
-
-		if (!$result)
-			return false;
-
-		return $result['id_address'];
+		return Db::getInstance(_PS_USE_SQL_SLAVE_)->getValue('SELECT `id_address` FROM '._DB_PREFIX_.'address WHERE `id_manufacturer` = '.(int)$this->id);
 	}
 
 	/**

classes/Media.php

@@ -218,7 +218,7 @@ class MediaCore
 			$file_uri = $js_uri;
 		// check if js files exists
 
-		if (!preg_match('/^http(s?):\/\//i', $file_uri) && !file_exists($file_uri))
+		if (!preg_match('/^http(s?):\/\//i', $file_uri) && !@filemtime($file_uri))
 			return false;
 
 		// adding file to the big array...;
@@ -240,7 +240,7 @@ class MediaCore
 		$url_data = parse_url($css_uri);
 		$file_uri = _PS_ROOT_DIR_.Tools::str_replace_once(__PS_BASE_URI__, DIRECTORY_SEPARATOR, $url_data['path']);
 		// check if css files exists
-		if (!file_exists($file_uri))
+		if (!@filemtime($file_uri))
 			return false;
 
 		// adding file to the big array...
@@ -275,7 +275,7 @@ class MediaCore
 		// check if js files exists, if not try to load query from ajax.googleapis.com
 
 		$return = array();
-		if (file_exists($file_uri))
+		if (@filemtime($file_uri))
 			$return[] = Media::getJSPath($file);
 		else
 			$return[] = Media::getJSPath(Tools::getCurrentUrlProtocolPrefix().'ajax.googleapis.com/ajax/libs/jquery/'.$version.'/jquery'.($minifier ? '.min.js' : '.js'));
@@ -314,7 +314,7 @@ class MediaCore
 				$ui_path['css'] = array_merge($ui_path['css'], $comp_css);
 		}
 
-		if (file_exists($file_uri))
+		if (@filemtime($file_uri))
 		{
 			if (!empty($ui_tmp))
 			{
@@ -351,9 +351,9 @@ class MediaCore
 		$file = 'jquery.'.$name.'.js';
 		$url_data = parse_url($folder);
 		$file_uri = _PS_ROOT_DIR_.Tools::str_replace_once(__PS_BASE_URI__, DIRECTORY_SEPARATOR, $url_data['path']);
-		if (file_exists($file_uri.$file))
+		if (@filemtime($file_uri.$file))
 			$plugin_path['js'] = Media::getJSPath($folder.$file);
-		else if (file_exists($file_uri.$name.'/'.$file))
+		elseif (@filemtime($file_uri.$name.'/'.$file))
 			$plugin_path['js'] = Media::getJSPath($folder.$name.'/'.$file);
 		else
 			return false;
@@ -373,9 +373,9 @@ class MediaCore
 		$file = 'jquery.'.$name.'.css';
 		$url_data = parse_url($folder);
 		$file_uri = _PS_ROOT_DIR_.Tools::str_replace_once(__PS_BASE_URI__, DIRECTORY_SEPARATOR, $url_data['path']);
-		if (file_exists($file_uri.$file))
+		if (@filemtime($file_uri.$file))
 			return Media::getCSSPath($folder.$file);
-		else if (file_exists($file_uri.$name.'/'.$file))
+		elseif (@filemtime($file_uri.$name.'/'.$file))
 			return Media::getCSSPath($folder.$name.'/'.$file);
 		else
 			return false;

classes/Meta.php

@@ -127,7 +127,7 @@ class MetaCore extends ObjectModel
 		$sql = 'SELECT *
 				FROM '._DB_PREFIX_.'meta m
 				LEFT JOIN '._DB_PREFIX_.'meta_lang ml on (m.id_meta = ml.id_meta)
-				WHERE m.page = \''.pSQL($page).'\'
+				WHERE (m.page = \''.pSQL($page).'\' OR m.page=\''.str_replace('-', '', strtolower($page)).'\')
 					AND ml.id_lang = '.(int)$id_lang
 					.Shop::addSqlRestrictionOnLang('ml');
 		return Db::getInstance(_PS_USE_SQL_SLAVE_)->getRow($sql);
@@ -184,21 +184,19 @@ class MetaCore extends ObjectModel
 	public static function getMetaTags($id_lang, $page_name, $title = '')
 	{
 		global $maintenance;
-
-		$page_name = str_replace('-', '', strtolower($page_name));
 		if (!(isset($maintenance) && (!in_array(Tools::getRemoteAddr(), explode(',', Configuration::get('PS_MAINTENANCE_IP'))))))
 		{
-			if ($id_product = Tools::getValue('id_product'))
+			if ($page_name == 'product' && ($id_product = Tools::getValue('id_product')))
 				return Meta::getProductMetas($id_product, $id_lang, $page_name);
-			else if ($id_category = Tools::getValue('id_category'))
+			elseif ($page_name == 'category' && ($id_category = Tools::getValue('id_category')))
 				return Meta::getCategoryMetas($id_category, $id_lang, $page_name, $title);
-			else if ($id_manufacturer = Tools::getValue('id_manufacturer'))
+			elseif ($page_name == 'manufacturer' && ($id_manufacturer = Tools::getValue('id_manufacturer')))
 				return Meta::getManufacturerMetas($id_manufacturer, $id_lang, $page_name);
-			else if ($id_supplier = Tools::getValue('id_supplier'))
+			elseif ($page_name == 'supplier' && ($id_supplier = Tools::getValue('id_supplier')))
 				return Meta::getSupplierMetas($id_supplier, $id_lang, $page_name);
-			else if ($id_cms = Tools::getValue('id_cms'))
+			elseif ($page_name == 'cms' && ($id_cms = Tools::getValue('id_cms')))
 				return Meta::getCmsMetas($id_cms, $id_lang, $page_name);
-			else if ($id_cms_category = Tools::getValue('id_cms_category'))
+			elseif ($page_name == 'cms' && ($id_cms_category = Tools::getValue('id_cms_category')))
 				return Meta::getCmsCategoryMetas($id_cms_category, $id_lang, $page_name);
 		}
 

classes/ObjectModel.php

@@ -270,7 +270,7 @@ abstract class ObjectModelCore
 			$fields = array_merge($fields, $this->getFieldsShop());
 
 		// Ensure that we get something to insert
-		if (!$fields)
+		if (!$fields && isset($this->id) && Validate::isUnsignedId($this->id))
 			$fields[$this->def['primary']] = $this->id;
 		return $fields;
 	}
@@ -286,7 +286,7 @@ abstract class ObjectModelCore
 	public function getFieldsShop()
 	{
 		$fields = $this->formatFields(self::FORMAT_SHOP);
-		if (!$fields)
+		if (!$fields && isset($this->id) && Validate::isUnsignedId($this->id))
 			$fields[$this->def['primary']] = $this->id;
 		return $fields;
 	}
@@ -449,7 +449,19 @@ abstract class ObjectModelCore
 		if ($autodate && property_exists($this, 'date_upd'))
 			$this->date_upd = date('Y-m-d H:i:s');
 
+			
+		if (Shop::isTableAssociated($this->def['table']))
+		{
+			$id_shop_list = Shop::getContextListShopID();
+			if (count($this->id_shop_list) > 0)
+				$id_shop_list = $this->id_shop_list;
+		}
+		
 		// Database insertion
+		if (isset($this->id))
+			unset($this->id);
+		if (Shop::checkIdShopDefault($this->def['table']))
+			$this->id_shop_default = min($id_shop_list);
 		if (!$result = ObjectModel::$db->insert($this->def['table'], $this->getFields(), $null_values))
 			return false;
 
@@ -459,10 +471,6 @@ abstract class ObjectModelCore
 		// Database insertion for multishop fields related to the object
 		if (Shop::isTableAssociated($this->def['table']))
 		{
-			$id_shop_list = Shop::getContextListShopID();
-			if (count($this->id_shop_list) > 0)
-				$id_shop_list = $this->id_shop_list;	
-				
 			$fields = $this->getFieldsShop();
 			$fields[$this->def['primary']] = (int)$this->id;
 
@@ -532,7 +540,13 @@ abstract class ObjectModelCore
 		// Automatically fill dates
 		if (array_key_exists('date_upd', $this))
 			$this->date_upd = date('Y-m-d H:i:s');
+			
+		$id_shop_list = Shop::getContextListShopID();
+		if (count($this->id_shop_list) > 0)
+			$id_shop_list = $this->id_shop_list;
 
+		if (Shop::checkIdShopDefault($this->def['table']))
+			$this->id_shop_default = min($id_shop_list);
 		// Database update
 		if (!$result = ObjectModel::$db->update($this->def['table'], $this->getFields(), '`'.pSQL($this->def['primary']).'` = '.(int)$this->id, 0, $null_values))
 			return false;
@@ -553,9 +567,6 @@ abstract class ObjectModelCore
 			else
 				$all_fields = $fields;
 
-			$id_shop_list = Shop::getContextListShopID();
-			if (count($this->id_shop_list) > 0)
-				$id_shop_list = $this->id_shop_list;
 
 			foreach ($id_shop_list as $id_shop)
 			{
@@ -612,7 +623,7 @@ abstract class ObjectModelCore
 						if (Db::getInstance()->getValue('SELECT COUNT(*) FROM '.pSQL(_DB_PREFIX_.$this->def['table']).'_lang WHERE '.$where))
 							$result &= ObjectModel::$db->update($this->def['table'].'_lang', $field, $where);
 						else
-							$result &= ObjectModel::$db->insert($this->def['table'].'_lang', $field, 'INSERT');
+							$result &= ObjectModel::$db->insert($this->def['table'].'_lang', $field, $null_values);
 					}
 				}
 			}
@@ -1015,18 +1026,29 @@ abstract class ObjectModelCore
 	public function getWebserviceObjectList($sql_join, $sql_filter, $sql_sort, $sql_limit)
 	{
 		$assoc = Shop::getAssoTable($this->def['table']);
+		$class_name = WebserviceRequest::$ws_current_classname;
+		$vars = get_class_vars($class_name);
 		if ($assoc !== false)
 		{
-			$multi_shop_join = ' LEFT JOIN `'._DB_PREFIX_.bqSQL($this->def['table']).'_'.bqSQL($assoc['type']).'`
-									AS multi_shop_'.bqSQL($this->def['table']).'
-									ON (main.'.bqSQL($this->def['primary']).' = multi_shop_'.bqSQL($this->def['table']).'.'.bqSQL($this->def['primary']).')';
-			$class_name = WebserviceRequest::$ws_current_classname;
-			$vars = get_class_vars($class_name);
-			foreach ($vars['shopIDs'] as $id_shop)
-				$or[] = ' multi_shop_'.bqSQL($this->def['table']).'.id_shop = '.(int)$id_shop.' ';
-			$multi_shop_filter = ' AND ('.implode('OR', $or).') ';
-			$sql_filter = $multi_shop_filter.' '.$sql_filter;
-			$sql_join = $multi_shop_join.' '.$sql_join;
+			if ($assoc['type'] !== 'fk_shop')
+			{
+				$multi_shop_join = ' LEFT JOIN `'._DB_PREFIX_.bqSQL($this->def['table']).'_'.bqSQL($assoc['type']).'`
+										AS `multi_shop_'.bqSQL($this->def['table']).'`
+										ON (main.`'.bqSQL($this->def['primary']).'` = `multi_shop_'.bqSQL($this->def['table']).'`.`'.bqSQL($this->def['primary']).'`)';
+				$sql_filter = 'AND id_shop = '.Context::getContext()->shop->id.' '.$sql_filter;
+				$sql_join = $multi_shop_join.' '.$sql_join;
+			}
+			else
+			{
+				$vars = get_class_vars($class_name);
+				foreach ($vars['shopIDs'] as $id_shop)
+					$or[] = ' main.id_shop = '.(int)$id_shop.' ';
+				
+				$prepend = '';
+				if (count($or))
+					$prepend = 'AND ('.implode('OR', $or).')';
+				$sql_filter = $prepend.' '.$sql_filter;
+			}
 		}
 		$query = '
 		SELECT DISTINCT main.`'.bqSQL($this->def['primary']).'` FROM `'._DB_PREFIX_.bqSQL($this->def['table']).'` AS main
@@ -1034,10 +1056,31 @@ abstract class ObjectModelCore
 		WHERE 1 '.$sql_filter.'
 		'.($sql_sort != '' ? $sql_sort : '').'
 		'.($sql_limit != '' ? $sql_limit : '');
-
 		return Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS($query);
 	}
 
+	public function validateFieldsRequiredDatabase($htmlentities = true)
+	{
+		$errors = array();
+		$required_fields = (isset(self::$fieldsRequiredDatabase[get_class($this)])) ? self::$fieldsRequiredDatabase[get_class($this)] : array();
+
+		foreach ($this->def['fields'] as $field => $data)
+		{
+			if (!in_array($field, $required_fields))
+				continue;
+
+			if (!method_exists('Validate', $data['validate']))
+				throw new PrestaShopException('Validation function not found. '.$data['validate']);
+
+			$value = Tools::getValue($field);
+
+			if (empty($value))
+				$errors[] = sprintf(Tools::displayError('The field %s is required.'), self::displayFieldName($field, get_class($this), $htmlentities));
+		}
+
+		return $errors;
+	}
+
 	public function getFieldsRequiredDatabase($all = false)
 	{
 		return Db::getInstance()->executeS('
@@ -1165,9 +1208,8 @@ abstract class ObjectModelCore
 	public function hasMultishopEntries()
 	{
 		if (!Shop::isTableAssociated($this->def['table']) || !Shop::isFeatureActive())
-			return false;
-		//check if there is more than one entries in associated shop table 
-		return (bool)(Db::getInstance()->getValue('SELECT COUNT(*) FROM `'._DB_PREFIX_.$this->def['table'].'_shop` WHERE `'.$this->def['primary'].'` = '.(int)$this->id) > 1);
+			return false; 
+		return (bool)Db::getInstance()->getValue('SELECT COUNT(*) FROM `'._DB_PREFIX_.$this->def['table'].'_shop` WHERE `'.$this->def['primary'].'` = '.(int)$this->id);
 	}
 
 	public function isMultishop()
@@ -1275,8 +1317,11 @@ abstract class ObjectModelCore
 	 * @param bool $has_active_column true if the table has an active column
 	 * @return bool
 	 */
-	public static function isCurrentlyUsed($table, $has_active_column = false)
+	public static function isCurrentlyUsed($table = null, $has_active_column = false)
 	{
+		if ($table === null)
+			$table = self::$definition['table'];
+
 		$query = new DbQuery();
 		$query->select('`id_'.pSQL($table).'`');
 		$query->from($table);

classes/Pack.php

@@ -126,7 +126,7 @@ class PackCore extends Product
 		if (!Pack::isFeatureActive())
 			return array();
 
-		$sql = 'SELECT p.*, product_shop.*, pl.*, i.`id_image`, il.`legend`, t.`rate`, cl.`name` AS category_default, a.quantity AS pack_quantity, product_shop.`id_category_default`
+		$sql = 'SELECT p.*, product_shop.*, pl.*, i.`id_image`, il.`legend`, t.`rate`, cl.`name` AS category_default, a.quantity AS pack_quantity, product_shop.`id_category_default`, a.id_product_pack
 				FROM `'._DB_PREFIX_.'pack` a
 				LEFT JOIN `'._DB_PREFIX_.'product` p ON p.id_product = a.id_product_item
 				LEFT JOIN `'._DB_PREFIX_.'product_lang` pl

classes/Product.php

@@ -51,6 +51,9 @@ class ProductCore extends ObjectModel
 	/** @var integer default Category id */
 	public $id_category_default;
 
+	/** @var integer default Shop id */
+	public $id_shop_default;
+
 	/** @var string Manufacturer name */
 	public $manufacturer_name;
 
@@ -237,6 +240,7 @@ class ProductCore extends ObjectModel
 		'multilang_shop' => true,
 		'fields' => array(
 			// Classic fields
+			'id_shop_default' => 			array('type' => self::TYPE_INT, 'validate' => 'isUnsignedId'),
 			'id_manufacturer' => 			array('type' => self::TYPE_INT, 'validate' => 'isUnsignedId'),
 			'id_supplier' => 				array('type' => self::TYPE_INT, 'validate' => 'isUnsignedId'),
 			'reference' => 					array('type' => self::TYPE_STRING, 'validate' => 'isReference', 'size' => 32),
@@ -346,6 +350,10 @@ class ProductCore extends ObjectModel
 				'getter' => 'getWsManufacturerName',
 				'setter' => false
 			),
+			'quantity' => array(
+				'getter' => false,
+				'setter' => false
+			),
 		),
 		'associations' => array(
 			'categories' => array(
@@ -646,7 +654,7 @@ class ProductCore extends ObjectModel
 		StockAvailable::removeProductFromStockAvailable($this->id);
 
 		$result = parent::delete();
-
+		$result &= ($this->deleteProductAttributes() && $this->deleteImages() && $this->deleteSceneProducts());
 		// If there are still entries in product_shop, don't remove completly the product
 		if ($this->hasMultishopEntries())
 			return true;
@@ -655,8 +663,6 @@ class ProductCore extends ObjectModel
 		if (!$result ||
 			!GroupReduction::deleteProductReduction($this->id) ||
 			!$this->deleteCategories(true) ||
-			!$this->deleteImages() ||
-			!$this->deleteProductAttributes() ||
 			!$this->deleteProductFeatures() ||
 			!$this->deleteTags() ||
 			!$this->deleteCartProducts() ||
@@ -666,7 +672,6 @@ class ProductCore extends ObjectModel
 			!SpecificPrice::deleteByProductId((int)$this->id) ||
 			!$this->deletePack() ||
 			!$this->deleteProductSale() ||
-			!$this->deleteSceneProducts() ||
 			!$this->deleteSearchIndexes() ||
 			!$this->deleteAccessories() ||
 			!$this->deleteFromAccessories() ||
@@ -681,12 +686,18 @@ class ProductCore extends ObjectModel
 	public function deleteSelection($products)
 	{
 		$return = 1;
-		if (is_array($products) && count($products))
+		if (is_array($products) && ($count = count($products)))
+		{
+			// Deleting products can be quite long on a cheap server. Let's say 1.5 seconds by product (I've seen it!).
+			if (intval(ini_get('max_execution_time')) < round($count * 1.5))
+				ini_set('max_execution_time', round($count * 1.5));
+			
 			foreach ($products as $id_product)
 			{
 				$product = new Product((int)$id_product);
 				$return &= $product->delete();
 			}
+		}
 		return $return;
 	}
 
@@ -765,9 +776,9 @@ class ProductCore extends ObjectModel
 		$result = Db::getInstance()->executeS('
 			SELECT c.`id_category`
 			FROM `'._DB_PREFIX_.'category_product` cp
-			LEFT JOIN `'._DB_PREFIX_.'category` c
-				ON (c.`id_category` = cp.`id_category`)
-			WHERE cp.`id_category` NOT IN('.implode(',', array_map('intval', $categories)).')
+			LEFT JOIN `'._DB_PREFIX_.'category` c ON (c.`id_category` = cp.`id_category`)
+			'.Shop::addSqlAssociation('category', 'c', true).'
+			WHERE cp.`id_category` NOT IN ('.implode(',', array_map('intval', $categories)).')
 			AND cp.id_product = '.$this->id
 		);
 
@@ -980,7 +991,7 @@ class ProductCore extends ObjectModel
 		return count($result) > 0;
 	}
 
-	public function productAttributeExists($attributes_list, $current_product_attribute = false, Context $context = null)
+	public function productAttributeExists($attributes_list, $current_product_attribute = false, Context $context = null, $all_shops = false, $return_id = false)
 	{
 		if (!Combination::isFeatureActive())
 			return false;
@@ -991,18 +1002,17 @@ class ProductCore extends ObjectModel
 			FROM `'._DB_PREFIX_.'product_attribute` pa
 			JOIN `'._DB_PREFIX_.'product_attribute_shop` pas ON (pas.id_product_attribute = pa.id_product_attribute)
 			LEFT JOIN `'._DB_PREFIX_.'product_attribute_combination` pac ON (pac.`id_product_attribute` = pa.`id_product_attribute`)
-			WHERE pas.id_shop ='.(int)$context->shop->id.' AND pa.`id_product` = '.(int)$this->id
+			WHERE 1 '.(!$all_shops ? ' AND pas.id_shop ='.(int)$context->shop->id : '').' AND pa.`id_product` = '.(int)$this->id.
+			($all_shops ? ' GROUP BY pac.id_attribute, pac.id_product_attribute ' : '')
 		);
 
 		/* If something's wrong */
 		if (!$result || empty($result))
 			return false;
-
 		/* Product attributes simulation */
 		$product_attributes = array();
 		foreach ($result as $product_attribute)
 			$product_attributes[$product_attribute['id_product_attribute']][] = $product_attribute['id_attribute'];
-
 		/* Checking product's attribute existence */
 		foreach ($product_attributes as $key => $product_attribute)
 			if (count($product_attribute) == count($attributes_list))
@@ -1012,7 +1022,11 @@ class ProductCore extends ObjectModel
 					if (!in_array($product_attribute[$i], $attributes_list) || $key == $current_product_attribute)
 						$diff = true;
 				if (!$diff)
+				{
+					if ($return_id)
+						return $key;
 					return true;
+				}
 			}
 
 		return false;
@@ -1048,7 +1062,43 @@ class ProductCore extends ObjectModel
 		$this->addSupplierReference($id_supplier, $id_product_attribute);
 		return $id_product_attribute;
 	}
+	
+	public function generateMultipleCombinations($combinations, $attributes)
+	{
+		$attributes_list = array();
+		$res = true;	
 
+		foreach ($combinations as $key => $combination)
+		{
+			$id_combination = (int)$this->productAttributeExists($attributes[$key], false, null, true, true);
+			$obj = new Combination($id_combination);
+			
+			if ($id_combination)
+			{
+				$obj->minimal_quantity = 1;
+				$obj->available_date = '0000-00-00';
+			}
+
+			foreach ($combination as $field => $value)
+				$obj->$field = $value;
+
+			$obj->save();
+		
+			if (!$id_combination)
+			{
+				$attribute_list = array();
+				foreach ($attributes[$key] as $id_attribute)
+					$attribute_list[] = array(
+						'id_product_attribute' => (int)$obj->id,
+						'id_attribute' => (int)$id_attribute
+					);
+				$res &= Db::getInstance()->insert('product_attribute_combination', $attribute_list);
+			}
+		}
+
+		return $res;
+	}
+	
 	/**
 	* @param integer $quantity DEPRECATED
 	* @param string $supplier_reference DEPRECATED
@@ -1078,6 +1128,7 @@ class ProductCore extends ObjectModel
 
 	public function addProductAttributeMultiple($attributes, $set_default = true)
 	{
+		Tools::displayAsDeprecated();
 		$return = array();
 		$default_value = 1;
 		foreach ($attributes as &$attribute)
@@ -1339,8 +1390,6 @@ class ProductCore extends ObjectModel
 			WHERE `id_product` = '.(int)$this->id.'
 		), \'0\')
 		WHERE `id_product` = '.(int)$this->id);
-
-
 	}
 	/**
 	* Delete product attributes
@@ -1503,6 +1552,7 @@ class ProductCore extends ObjectModel
 
 	public function addAttributeCombinationMultiple($id_attributes, $combinations)
 	{
+		Tools::displayAsDeprecated();
 		$attributes_list = array();
 		foreach ($id_attributes as $nb => $id_product_attribute)
 			if (isset($combinations[$nb]))
@@ -1515,6 +1565,7 @@ class ProductCore extends ObjectModel
 		return Db::getInstance()->insert('product_attribute_combination', $attributes_list);
 	}
 
+
 	/**
 	* Delete a product attributes combination
 	*
@@ -1583,23 +1634,33 @@ class ProductCore extends ObjectModel
 	{
 		if (!Combination::isFeatureActive())
 			return array();
+		$add_shop = '';
 
-		$sql = 'SELECT pa.*, product_attribute_shop.*, GROUP_CONCAT(agl.`name`, \''.pSQL($attribute_value_separator).'\',
-					al.`name` ORDER BY agl.`id_attribute_group` SEPARATOR \''.pSQL($attribute_separator).'\') as attribute_designation
+		$combinations = Db::getInstance()->executeS('SELECT pa.*, product_attribute_shop.*
 				FROM `'._DB_PREFIX_.'product_attribute` pa
 				'.Shop::addSqlAssociation('product_attribute', 'pa').'
-				LEFT JOIN `'._DB_PREFIX_.'product_attribute_combination` pac ON pac.`id_product_attribute` = pa.`id_product_attribute`
+				WHERE pa.`id_product` = '.(int)$this->id.'
+				GROUP BY pa.`id_product_attribute`');
+		
+		$product_attributes = array();
+		foreach ($combinations as $combination)
+			$product_attributes[] = (int)$combination['id_product_attribute'];
+		
+		$lang = Db::getInstance()->executeS('SELECT pac.id_product_attribute, GROUP_CONCAT(agl.`name`, \''.pSQL($attribute_value_separator).'\',al.`name` ORDER BY agl.`id_attribute_group` SEPARATOR \''.pSQL($attribute_separator).'\') as attribute_designation
+				FROM `'._DB_PREFIX_.'product_attribute_combination` pac 
 				LEFT JOIN `'._DB_PREFIX_.'attribute` a ON a.`id_attribute` = pac.`id_attribute`
 				LEFT JOIN `'._DB_PREFIX_.'attribute_group` ag ON ag.`id_attribute_group` = a.`id_attribute_group`
 				LEFT JOIN `'._DB_PREFIX_.'attribute_lang` al ON (a.`id_attribute` = al.`id_attribute` AND al.`id_lang` = '.(int)$id_lang.')
 				LEFT JOIN `'._DB_PREFIX_.'attribute_group_lang` agl ON (ag.`id_attribute_group` = agl.`id_attribute_group` AND agl.`id_lang` = '.(int)$id_lang.')
-				WHERE pa.`id_product` = '.(int)$this->id.'
-				GROUP BY pa.`id_product_attribute`';
-
-		$res = Db::getInstance()->executeS($sql);
-
+				WHERE pac.id_product_attribute IN ('.implode(',', $product_attributes).')
+				GROUP BY pac.id_product_attribute');
+		
+		foreach ($lang as $k => $row)
+			$combinations[$k]['attribute_designation'] = $row['attribute_designation'];
+			
+		
 		//Get quantity of each variations
-		foreach ($res as $key => $row)
+		foreach ($combinations as $key => $row)
 		{
 			$cache_key = $row['id_product'].'_'.$row['id_product_attribute'].'_quantity';
 
@@ -1609,10 +1670,10 @@ class ProductCore extends ObjectModel
 					StockAvailable::getQuantityAvailableByProduct($row['id_product'], $row['id_product_attribute'])
 				);
 
-			$res[$key]['quantity'] = Cache::retrieve($cache_key);
+			$combinations[$key]['quantity'] = Cache::retrieve($cache_key);
 		}
 
-		return $res;
+		return $combinations;
 	}
 
 	/**
@@ -1846,7 +1907,6 @@ class ProductCore extends ObjectModel
 		);
 		$sql->leftJoin('tax', 't', 't.`id_tax` = tr.`id_tax`');
 		$sql->leftJoin('manufacturer', 'm', 'm.`id_manufacturer` = p.`id_manufacturer`');
-		$sql->join(Product::sqlStock('p', 0));
 
 		$sql->where('product_shop.`active` = 1');
 		if ($front)
@@ -1875,9 +1935,10 @@ class ProductCore extends ObjectModel
 		{
 			$sql->select('pa.id_product_attribute');
 			$sql->leftOuterJoin('product_attribute', 'pa', 'p.`id_product` = pa.`id_product`');
-			$sql->join(Shop::addSqlAssociation('product_attribute', 'pa', false));
-			$sql->where('(product_attribute_shop.default_on = 1 OR product_attribute_shop.default_on IS NULL)');
+			$sql->join(Shop::addSqlAssociation('product_attribute', 'pa', false, 'product_attribute_shop.default_on = 1'));
+			$sql->where('(pa.id_product_attribute IS NULL OR product_attribute_shop.id_product_attribute IS NOT NULL)');
 		}
+		$sql->join(Product::sqlStock('p', Combination::isFeatureActive() ? 'product_attribute_shop' : 0));
 
 		$result = Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS($sql);
 
@@ -1949,7 +2010,7 @@ class ProductCore extends ObjectModel
 					FROM `'._DB_PREFIX_.'product` p
 					'.Shop::addSqlAssociation('product', 'p').'
 					LEFT JOIN  `'._DB_PREFIX_.'product_attribute` pa ON (p.id_product = pa.id_product)
-					'.Shop::addSqlAssociation('product_attribute', 'pa', false).'
+					'.Shop::addSqlAssociation('product_attribute', 'pa', false, 'product_attribute_shop.default_on = 1').'
 					WHERE product_shop.`active` = 1
 						'.(($ids_product) ? $ids_product : '').'
 						AND p.`id_product` IN (
@@ -1958,7 +2019,6 @@ class ProductCore extends ObjectModel
 							LEFT JOIN `'._DB_PREFIX_.'category_product` cp ON (cp.`id_category` = cg.`id_category`)
 							WHERE cg.`id_group` '.$sql_groups.'
 						)
-						AND ((pa.`default_on` = 1 AND pa.`id_product_attribute` != 0) OR (pa.`id_product_attribute` IS NULL))
 					GROUP BY p.id_product
 					ORDER BY RAND()';
 
@@ -2138,8 +2198,9 @@ class ProductCore extends ObjectModel
 		$ret = array();
 		$row = Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS('
 			SELECT cp.`id_category`, cl.`name`, cl.`link_rewrite` FROM `'._DB_PREFIX_.'category_product` cp
+			LEFT JOIN `'._DB_PREFIX_.'category` c ON (c.id_category = cp.id_category)
 			LEFT JOIN `'._DB_PREFIX_.'category_lang` cl ON (cp.`id_category` = cl.`id_category`'.Shop::addSqlRestrictionOnLang('cl').')
-			'.Shop::addSqlAssociation('category', 'cp').'
+			'.Shop::addSqlAssociation('category', 'c').'
 			WHERE cp.`id_product` = '.(int)$id_product.'
 				AND cl.`id_lang` = '.(int)$id_lang
 		);
@@ -2189,14 +2250,13 @@ class ProductCore extends ObjectModel
 				'id_shop' => (int)$this->id_shop
 			);
 		}
-
 		Db::getInstance()->execute(
 			'DELETE FROM `'._DB_PREFIX_.'product_carrier`
 			WHERE id_product = '.(int)$this->id.'
 			AND id_shop = '.(int)$this->id_shop
 		);
-
-		Db::getInstance()->insert('product_carrier', $data);
+		if (count($data))
+			Db::getInstance()->insert('product_carrier', $data);
 	}
 
 	/**
@@ -2342,8 +2402,7 @@ class ProductCore extends ObjectModel
 			&& Configuration::get('VATNUMBER_MANAGEMENT'))
 			$usetax = false;
 
-		$id_customer = 0;
-		if (Validate::isLoadedObject($context->customer))
+		if (is_null($id_customer) && Validate::isLoadedObject($context->customer))
 			$id_customer = $context->customer->id;
 
 		return Product::priceCalculation(
@@ -2405,7 +2464,7 @@ class ProductCore extends ObjectModel
 		$cache_id = $id_product.'-'.$id_shop.'-'.$id_currency.'-'.$id_country.'-'.$id_state.'-'.$zipcode.'-'.$id_group.
 			'-'.$quantity.'-'.(int)$id_product_attribute.'-'.($use_tax?'1':'0').'-'.$decimals.'-'.($only_reduc?'1':'0').
 			'-'.($use_reduc?'1':'0').'-'.$with_ecotax.'-'.$id_customer;
-
+	
 		// reference parameter is filled before any returns
 		$specific_price = SpecificPrice::getSpecificPrice(
 			(int)$id_product,
@@ -2428,41 +2487,33 @@ class ProductCore extends ObjectModel
 		if (!isset(self::$_pricesLevel2[$cache_id_2]))
 		{
 			$sql = new DbQuery();
-			$sql->select('product_shop.`price`, product_shop.`ecotax`, NULL id_product_attribute');
+			$sql->select('product_shop.`price`, product_shop.`ecotax`');
 			$sql->from('product', 'p');
 			$sql->join(Shop::addSqlAssociation('product', 'p'));
 			$sql->where('p.`id_product` = '.(int)$id_product);
-			$default_on = false;
 			if (Combination::isFeatureActive())
 			{
-				$default_on = true;
-				$sql->select('pa.id_product_attribute, product_attribute_shop.`price` AS attribute_price, 	(SELECT product_attribute_shop.price
-																												FROM `'._DB_PREFIX_.'product_attribute` pa
-																												'.Shop::addSqlAssociation('product_attribute', 'pa').'
-																												WHERE pa.id_product = '.(int)$id_product.'
-																												AND product_attribute_shop.default_on = 1
-																												GROUP BY pa.id_product_attribute
-																												LIMIT 1) as default_on');
-				$sql->leftJoin('product_attribute', 'pa', 'pa.`id_product` = '.(int)$id_product);
-				$sql->join(Shop::addSqlAssociation('product_attribute', 'pa', false));
+				$sql->select('product_attribute_shop.id_product_attribute, product_attribute_shop.`price` AS attribute_price, product_attribute_shop.default_on');
+				$sql->leftJoin('product_attribute', 'pa', 'pa.`id_product` = p.`id_product`');
+				$sql->join(Shop::addSqlAssociation('product_attribute', 'pa', false, 'product_attribute_shop.id_shop ='.(int)$id_shop));
 			}
+			else
+				$sql->select('0 as id_product_attribute');
+
 			$res = Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS($sql);
-			
-			if ($res)
+			foreach ($res as $row)
 			{
-				foreach ($res as $row)
-					self::$_pricesLevel2[$cache_id_2][(int)$row['id_product_attribute']] = array(
-																											'price' => $row['price'], 
-																											'ecotax' => $row['ecotax'],
-																											'attribute_price' => (isset($row['attribute_price']) ? $row['attribute_price'] : null)
-																											);
-				if ($default_on)
-					self::$_pricesLevel2[$cache_id_2][0] = array('price' => $row['price'], 
-																				'ecotax' => $row['ecotax'],
-																				'attribute_price' => $row['attribute_price']);
+				$array_tmp = array(
+					'price' => $row['price'], 
+					'ecotax' => $row['ecotax'],
+					'attribute_price' => (isset($row['attribute_price']) ? $row['attribute_price'] : null)
+				);
+				self::$_pricesLevel2[$cache_id_2][(int)$row['id_product_attribute']] = $array_tmp;
+				
+				if (isset($row['default_on']) && $row['default_on'] == 1)
+					self::$_pricesLevel2[$cache_id_2][0] = $array_tmp;
 			}
 		}
-
 		if (!isset(self::$_pricesLevel2[$cache_id_2][(int)$id_product_attribute]))
 			return;
 
@@ -2472,7 +2523,6 @@ class ProductCore extends ObjectModel
 			$price = (float)$result['price'];
 		else
 			$price = (float)$specific_price['price'];
-
 		// convert only if the specific price is in the default currency (id_currency = 0)
 		if (!$specific_price || !($specific_price['price'] >= 0 && $specific_price['id_currency']))
 			$price = Tools::convertPrice($price, $id_currency);
@@ -2626,6 +2676,22 @@ class ProductCore extends ObjectModel
 		return (isset($row['id_product_attribute']) && $row['id_product_attribute']) ? (int)$row['id_product_attribute'] : 0;
 	}
 
+	public function getDefaultIdProductAttribute()
+	{
+		if (!Combination::isFeatureActive())
+			return 0;
+
+		$row = Db::getInstance(_PS_USE_SQL_SLAVE_)->getRow('
+			SELECT pa.`id_product_attribute`
+			FROM `'._DB_PREFIX_.'product_attribute` pa
+			'.Shop::addSqlAssociation('product_attribute', 'pa').'
+			WHERE pa.`id_product` = '.(int)$this->id.'
+			AND product_attribute_shop.default_on = 1'
+		);
+
+		return (isset($row['id_product_attribute']) && $row['id_product_attribute']) ? (int)$row['id_product_attribute'] : 0;
+	}
+
 	public function getPriceWithoutReduct($notax = false, $id_product_attribute = false)
 	{
 		return Product::getPriceStatic((int)$this->id, !$notax, $id_product_attribute, 6, null, false, false);
@@ -2712,10 +2778,10 @@ class ProductCore extends ObjectModel
 		{
 			if (!Combination::isFeatureActive())
 				$sql .= ' AND stock.id_product_attribute = 0';
-			else if (is_numeric($product_attribute))
+			elseif (is_numeric($product_attribute))
 				$sql .= ' AND stock.id_product_attribute = '.$product_attribute;
-			else if (is_string($product_attribute))
-				$sql .= ' AND stock.id_product_attribute = IFNULL('.pSQL($product_attribute).'.id_product_attribute, 0)';
+			elseif (is_string($product_attribute))
+				$sql .= ' AND stock.id_product_attribute = IFNULL(`'.bqSQL($product_attribute).'`.id_product_attribute, 0)';
 		}
 
 		$sql .= StockAvailable::addSqlShopRestriction(null, $id_shop, 'stock').' )';
@@ -2941,7 +3007,8 @@ class ProductCore extends ObjectModel
 				($active ? ' AND product_shop.`active` = 1' : '');
 		if (!$result = Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS($sql))
 			return false;
-
+		foreach ($result as &$row)
+			$row['id_product_attribute'] = Product::getDefaultAttribute((int)$row['id_product']);
 		return $this->getProductsProperties($id_lang, $result);
 	}
 
@@ -3461,6 +3528,8 @@ class ProductCore extends ObjectModel
 		$usetax = Tax::excludeTaxeOption();
 
 		$cache_key = $row['id_product'].'-'.$row['id_product_attribute'].'-'.$id_lang.'-'.(int)$usetax;
+		if (isset($row['id_product_pack']))
+			$cache_key .= '-pack'.$row['id_product_pack'];
 		if (isset(self::$producPropertiesCache[$cache_key]))
 			return self::$producPropertiesCache[$cache_key];
 
@@ -3964,18 +4033,19 @@ class ProductCore extends ObjectModel
 	{
 		if (!((int)$id_product > 0) || !is_array($categories) || empty($categories))
 			return false;
-		$sql = 'SELECT id_product FROM `'._DB_PREFIX_.'category_product` WHERE `id_product`='.(int)$id_product.' AND `id_category` IN(';
+		$sql = 'SELECT id_product FROM `'._DB_PREFIX_.'category_product` WHERE `id_product` = '.(int)$id_product.' AND `id_category` IN (';
 		foreach ($categories as $category)
 			$sql .= (int)$category['id_category'].',';
 		$sql = rtrim($sql, ',').')';
 
-		if (isset(self::$_incat[md5($sql)]))
-			return self::$_incat[md5($sql)];
-
-		if (!Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS($sql))
-			return false;
-		self::$_incat[md5($sql)] = (Db::getInstance(_PS_USE_SQL_SLAVE_)->NumRows() > 0 ? true : false);
-		return self::$_incat[md5($sql)];
+		$hash = md5($sql);
+		if (!isset(self::$_incat[$hash]))
+		{
+			if (!Db::getInstance(_PS_USE_SQL_SLAVE_)->getValue($sql))
+				return false;
+			self::$_incat[$hash] = (Db::getInstance(_PS_USE_SQL_SLAVE_)->NumRows() > 0 ? true : false);
+		}
+		return self::$_incat[$hash];
 	}
 
 	public function getNoPackPrice()
@@ -4187,7 +4257,8 @@ class ProductCore extends ObjectModel
 		$result = Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS(
 			'SELECT cp.`id_category` AS id
 			FROM `'._DB_PREFIX_.'category_product` cp
-			'.Shop::addSqlAssociation('category', 'cp').'
+			LEFT JOIN `'._DB_PREFIX_.'category` c ON (c.id_category = cp.id_category)
+			'.Shop::addSqlAssociation('category', 'c').'
 			WHERE cp.`id_product` = '.(int)$this->id
 		);
 		return $result;
@@ -4263,7 +4334,7 @@ class ProductCore extends ObjectModel
 				$ids_orig[] = $id['id'];
 
 		$all_ids = array();
-		$all = Db::getInstance()->executeS('SELECT pa.`id_product_attribute` as id FROM `'._DB_PREFIX_.'product_attribute` '.Shop::addSqlAssociation('product_attribute', 'pa'));
+		$all = Db::getInstance()->executeS('SELECT pa.`id_product_attribute` as id FROM `'._DB_PREFIX_.'product_attribute` pa '.Shop::addSqlAssociation('product_attribute', 'pa'));
 		if (is_array($all))
 			foreach ($all as $id)
 				$all_ids[] = $id['id'];
@@ -4429,11 +4500,12 @@ class ProductCore extends ObjectModel
 	 * @param int $id_product the id of the product
 	 * @return array product attribute id list
 	 */
-	public static function getProductAttributesIds($id_product)
+	public static function getProductAttributesIds($id_product, $shop_only = false)
 	{
 		return Db::getInstance()->executeS('
 		SELECT pa.id_product_attribute
-		FROM `'._DB_PREFIX_.'product_attribute` pa
+		FROM `'._DB_PREFIX_.'product_attribute` pa'.
+		($shop_only ? Shop::addSqlAssociation('product_attribute', 'pa') : '').'
 		WHERE pa.`id_product` = '.(int)$id_product);
 	}
 
@@ -4907,11 +4979,10 @@ class ProductCore extends ObjectModel
 
 	public function hasAttributesInOtherShops()
 	{
-		return Db::getInstance(_PS_USE_SQL_SLAVE_)->getValue('
-			SELECT COUNT(*)
+		return (bool)Db::getInstance(_PS_USE_SQL_SLAVE_)->getValue('
+			SELECT pa.id_product_attribute
 			FROM `'._DB_PREFIX_.'product_attribute` pa
-			LEFT JOIN `'._DB_PREFIX_.'product_attribute_shop` pas
-				ON (pa.`id_product_attribute` = pas.`id_product_attribute`)
+			LEFT JOIN `'._DB_PREFIX_.'product_attribute_shop` pas ON (pa.`id_product_attribute` = pas.`id_product_attribute`)
 			WHERE pa.`id_product` = '.(int)$this->id
 		);
 	}

classes/Profile.php

@@ -110,17 +110,25 @@ class ProfileCore extends ObjectModel
 		return (isset($accesses[$id_tab]) ? $accesses[$id_tab] : false);
 	}
 
-	public static function getProfileAccesses($id_profile)
+	public static function getProfileAccesses($id_profile, $type = 'id_tab')
 	{
+		if (!in_array($type, array('id_tab', 'class_name')))
+			return false;
+
 		if (!isset(self::$_cache_accesses[$id_profile]))
+			self::$_cache_accesses[$id_profile] = array();
+			
+		if (!isset(self::$_cache_accesses[$id_profile][$type]))
 		{
+			self::$_cache_accesses[$id_profile][$type] = array();
 			// Super admin profile has full auth
 			if ($id_profile == _PS_ADMIN_PROFILE_)
 			{
 				foreach (Tab::getTabs(Context::getContext()->language->id) as $tab)
-					self::$_cache_accesses[$id_profile][$tab['id_tab']] = array(
+					self::$_cache_accesses[$id_profile][$type][$tab[$type]] = array(
 						'id_profile' => _PS_ADMIN_PROFILE_,
 						'id_tab' => $tab['id_tab'],
+						'class_name' => $tab['class_name'],
 						'view' => '1',
 						'add' => '1',
 						'edit' => '1',
@@ -131,19 +139,16 @@ class ProfileCore extends ObjectModel
 			{
 				$result = Db::getInstance()->executeS('
 				SELECT *
-				FROM `'._DB_PREFIX_.'access`
+				FROM `'._DB_PREFIX_.'access` a
+				LEFT JOIN `'._DB_PREFIX_.'tab` t ON t.id_tab = a.id_tab
 				WHERE `id_profile` = '.(int)$id_profile);
 
-				self::$_cache_accesses[$id_profile] = array();
 				foreach ($result as $row)
-				{
-					if (!isset(self::$_cache_accesses[$id_profile][$row['id_tab']]))
-						self::$_cache_accesses[$id_profile][$row['id_tab']] = array();
-					self::$_cache_accesses[$id_profile][$row['id_tab']] = $row;
-				}
+					self::$_cache_accesses[$id_profile][$type][$row[$type]] = $row;
 			}
 		}
-		return self::$_cache_accesses[$id_profile];
+
+		return self::$_cache_accesses[$id_profile][$type];
 	}
 }
 

classes/Tab.php

@@ -117,27 +117,20 @@ class TabCore extends ObjectModel
 			$context = Context::getContext();
 	 	if (!$context->employee || !$context->employee->id_profile)
 	 		return false;
+
 	 	/* Profile selection */
-	 	$profiles = Db::getInstance()->executeS('
-	 		SELECT `id_profile`
-	 		FROM '._DB_PREFIX_.'profile
-	 		WHERE `id_profile` != 1
-	 	');
+	 	$profiles = Db::getInstance()->executeS('SELECT `id_profile` FROM '._DB_PREFIX_.'profile WHERE `id_profile` != 1');
 	 	if (!$profiles || empty($profiles))
-	 		return false;
+	 		return true;
 
 	 	/* Query definition */
-		// note : insert ignore should be avoided
-	 	$query = 'INSERT IGNORE INTO `'._DB_PREFIX_.'access` (`id_profile`, `id_tab`, `view`, `add`, `edit`, `delete`) VALUES ';
-		// default admin
+	 	$query = 'REPLACE INTO `'._DB_PREFIX_.'access` (`id_profile`, `id_tab`, `view`, `add`, `edit`, `delete`) VALUES ';
 		$query .= '(1, '.(int)$id_tab.', 1, 1, 1, 1),';
 
 	 	foreach ($profiles as $profile)
 	 	{
-			// no cast needed for profile[id_profile], which cames from db
-			// And we disable all profile but current one
 	 	 	$rights = $profile['id_profile'] == $context->employee->id_profile ? 1 : 0;
-			$query .= '('.$profile['id_profile'].', '.(int)$id_tab.', '.$rights.', '.$rights.', '.$rights.', '.$rights.'),';
+			$query .= '('.(int)$profile['id_profile'].', '.(int)$id_tab.', '.(int)$rights.', '.(int)$rights.', '.(int)$rights.', '.(int)$rights.'),';
 	 	}
 		$query = trim($query, ', ');
 	 	return Db::getInstance()->execute($query);

classes/Tools.php

@@ -175,9 +175,11 @@ class ToolsCore
 	 * @param boolean $entities
 	 * @return string host
 	 */
-	public static function getHttpHost($http = false, $entities = false)
+	public static function getHttpHost($http = false, $entities = false, $ignore_port = false)
 	{
 		$host = (isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST']);
+		if ($ignore_port && $pos = strpos($host, ':'))
+			$host = substr($host, 0, $pos);
 		if ($entities)
 			$host = htmlspecialchars($host, ENT_COMPAT, 'UTF-8');
 		if ($http)
@@ -971,6 +973,8 @@ class ToolsCore
 			$str = mb_strtolower($str, 'utf-8');
 
 		$str = trim($str);
+		if (!function_exists('mb_strtolower'))
+			$str = Tools::replaceAccentedChars($str);
 
 		// Remove all non-whitelist chars.
 		$str = preg_replace('/[^a-zA-Z0-9\s\'\:\/\[\]-\pL]/u', '', $str);
@@ -979,7 +983,8 @@ class ToolsCore
 
 		// If it was not possible to lowercase the string with mb_strtolower, we do it after the transformations.
 		// This way we lose fewer special chars.
-		$str = strtolower($str);
+		if (!function_exists('mb_strtolower'))
+			$str = strtolower($str);
 
 		return $str;
 	}
@@ -1245,7 +1250,7 @@ class ToolsCore
 
 		if (in_array(ini_get('allow_url_fopen'), array('On', 'on', '1')))
 			return @file_get_contents($url, $use_include_path, $stream_context);
-		elseif (function_exists('curl_init') && in_array(ini_get('allow_url_fopen'), array('On', 'on', '1')))
+		elseif (function_exists('curl_init'))
 		{
 			$curl = curl_init();
 			curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
@@ -1457,8 +1462,6 @@ class ToolsCore
 		// Default values for parameters
 		if (is_null($path))
 			$path = _PS_ROOT_DIR_.'/.htaccess';
-		if (is_null($rewrite_settings))
-			$rewrite_settings = (int)Configuration::get('PS_REWRITING_SETTINGS');
 		if (is_null($cache_control))
 			$cache_control = (int)Configuration::get('PS_HTACCESS_CACHE_CONTROL');
 		if (is_null($disable_multiviews))
@@ -1498,6 +1501,7 @@ class ToolsCore
 			$domains[$shop_url->domain][] = array(
 				'physical' =>	$shop_url->physical_uri,
 				'virtual' =>	$shop_url->virtual_uri,
+				'id_shop' =>	$shop_url->id_shop
 			);
 		}
 
@@ -1514,63 +1518,74 @@ class ToolsCore
 			fwrite($write_fd, "\n# Disable Multiviews\nOptions -Multiviews\n\n");
 
 		fwrite($write_fd, "RewriteEngine on\n\n");
+		// Webservice
+		fwrite($write_fd, 'RewriteRule ^api/?(.*)$ '."webservice/dispatcher.php?url=$1 [QSA,L]\n\n");
 		foreach ($domains as $domain => $list_uri)
+		{
 			foreach ($list_uri as $uri)
+			{
+				$rewrite_settings = (int)Configuration::get('PS_REWRITING_SETTINGS', null, null, (int)$uri['id_shop']);
+				$domain_rewrite_cond = 'RewriteCond %{HTTP_HOST} ^'.$domain.'$'."\n";
 				// Rewrite virtual multishop uri
 				if ($uri['virtual'])
 				{
 					if (!$rewrite_settings)
 					{
-						fwrite($write_fd, 'RewriteCond %{HTTP_HOST} ^'.$domain.'$'."\n");
+						fwrite($write_fd, $domain_rewrite_cond);
 						fwrite($write_fd, 'RewriteRule ^'.trim($uri['virtual'], '/').'/?$ '.$uri['physical'].$uri['virtual']."index.php [L,R]\n");
 					}
 					else
 					{
-						fwrite($write_fd, 'RewriteCond %{HTTP_HOST} ^'.$domain.'$'."\n");
+						fwrite($write_fd, $domain_rewrite_cond);
 						fwrite($write_fd, 'RewriteRule ^'.trim($uri['virtual'], '/').'$ '.$uri['physical'].$uri['virtual']." [L,R]\n");
 					}
-					fwrite($write_fd, 'RewriteCond %{HTTP_HOST} ^'.$domain.'$'."\n");
+					fwrite($write_fd, $domain_rewrite_cond);
 					fwrite($write_fd, 'RewriteRule ^'.ltrim($uri['virtual'], '/').'(.*) '.$uri['physical']."$1 [L]\n\n");
 				}
 
-		// Webservice
-		fwrite($write_fd, 'RewriteRule ^api/?(.*)$ '."webservice/dispatcher.php?url=$1 [QSA,L]\n\n");
-
-		if ($rewrite_settings)
-		{
-			// Compatibility with the old image filesystem
-			fwrite($write_fd, "# Images\n");
-			if (Configuration::get('PS_LEGACY_IMAGES'))
-			{
-				fwrite($write_fd, 'RewriteRule ^([a-z0-9]+)\-([a-z0-9]+)(\-[_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ '._PS_PROD_IMG_.'$1-$2$3$4.jpg [L]'."\n");
-				fwrite($write_fd, 'RewriteRule ^([0-9]+)\-([0-9]+)(-[0-9]+)?/.+\.jpg$ '._PS_PROD_IMG_.'$1-$2$3.jpg [L]'."\n");
-			}
-
-			// Rewrite product images < 100 millions
-			for ($i = 1; $i <= 8; $i++)
-			{
-				$img_path = $img_name = '';
-				for ($j = 1; $j <= $i; $j++)
+				if ($rewrite_settings)
 				{
-					$img_path .= '$'.$j.'/';
-					$img_name .= '$'.$j;
-				}
-				$img_name .= '$'.$j;
-				fwrite($write_fd, 'RewriteRule ^'.str_repeat('([0-9])', $i).'(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ '._PS_PROD_IMG_.$img_path.$img_name.'$'.($j + 1).".jpg [L]\n");
-			}
-			fwrite($write_fd, 'RewriteRule ^c/([0-9]+)(\-[_a-zA-Z0-9-\.*]*)(-[0-9]+)?/.+\.jpg$ img/c/$1$2$3.jpg [L]'."\n");
-			fwrite($write_fd, 'RewriteRule ^c/([a-zA-Z-]+)(-[0-9]+)?/.+\.jpg$ img/c/$1$2.jpg [L]'."\n");
-		}
+					// Compatibility with the old image filesystem
+					fwrite($write_fd, "# Images\n");
+					if (Configuration::get('PS_LEGACY_IMAGES'))
+					{
+						fwrite($write_fd, $domain_rewrite_cond);
+						fwrite($write_fd, 'RewriteRule ^([a-z0-9]+)\-([a-z0-9]+)(\-[_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ '._PS_PROD_IMG_.'$1-$2$3$4.jpg [L]'."\n");
+						fwrite($write_fd, $domain_rewrite_cond);
+						fwrite($write_fd, 'RewriteRule ^([0-9]+)\-([0-9]+)(-[0-9]+)?/.+\.jpg$ '._PS_PROD_IMG_.'$1-$2$3.jpg [L]'."\n");
+					}
 
-		// Redirections to dispatcher
-		if ($rewrite_settings)
-		{
-			fwrite($write_fd, "\n# Dispatcher\n");
-			fwrite($write_fd, "RewriteCond %{REQUEST_FILENAME} -s [OR]\n");
-			fwrite($write_fd, "RewriteCond %{REQUEST_FILENAME} -l [OR]\n");
-			fwrite($write_fd, "RewriteCond %{REQUEST_FILENAME} -d\n");
-			fwrite($write_fd, "RewriteRule ^.*$ - [NC,L]\n");
-			fwrite($write_fd, "RewriteRule ^.*\$ index.php [NC,L]\n");
+					// Rewrite product images < 100 millions
+					for ($i = 1; $i <= 8; $i++)
+					{
+						$img_path = $img_name = '';
+						for ($j = 1; $j <= $i; $j++)
+						{
+							$img_path .= '$'.$j.'/';
+							$img_name .= '$'.$j;
+						}
+						$img_name .= '$'.$j;
+						fwrite($write_fd, $domain_rewrite_cond);
+						fwrite($write_fd, 'RewriteRule ^'.str_repeat('([0-9])', $i).'(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ '._PS_PROD_IMG_.$img_path.$img_name.'$'.($j + 1).".jpg [L]\n");
+					}
+					fwrite($write_fd, $domain_rewrite_cond);
+					fwrite($write_fd, 'RewriteRule ^c/([0-9]+)(\-[_a-zA-Z0-9-\.*]*)(-[0-9]+)?/.+\.jpg$ img/c/$1$2$3.jpg [L]'."\n");
+					fwrite($write_fd, $domain_rewrite_cond);
+					fwrite($write_fd, 'RewriteRule ^c/([a-zA-Z-]+)(-[0-9]+)?/.+\.jpg$ img/c/$1$2.jpg [L]'."\n");
+				}
+			}
+			// Redirections to dispatcher
+			if ($rewrite_settings)
+			{
+				fwrite($write_fd, "\n# Dispatcher\n");
+				fwrite($write_fd, "RewriteCond %{REQUEST_FILENAME} -s [OR]\n");
+				fwrite($write_fd, "RewriteCond %{REQUEST_FILENAME} -l [OR]\n");
+				fwrite($write_fd, "RewriteCond %{REQUEST_FILENAME} -d\n");
+				fwrite($write_fd, $domain_rewrite_cond);
+				fwrite($write_fd, "RewriteRule ^.*$ - [NC,L]\n");
+				fwrite($write_fd, $domain_rewrite_cond);
+				fwrite($write_fd, "RewriteRule ^.*\$ index.php [NC,L]\n");
+			}
 		}
 
 		fwrite($write_fd, "</IfModule>\n\n");
@@ -2168,7 +2183,11 @@ FileETag INode MTime Size
 
 	public static function modRewriteActive()
 	{
-		return Tools::apacheModExists('mod_rewrite');
+		if (!Tools::apacheModExists('mod_rewrite'))
+			return true;
+		if ((isset($_SERVER['HTTP_MOD_REWRITE']) && strtolower($_SERVER['HTTP_MOD_REWRITE']) == 'on') || strtolower(getenv('HTTP_MOD_REWRITE')) == 'on')
+				return true;
+		return false;
 	}
 
 	public static function unSerialize($serialized, $object = false)

classes/Translate.php

@@ -46,7 +46,7 @@ class TranslateCore
 		// @todo remove global keyword in translations files and use static
 		global $_LANGADM;
 
-		if ($modules_tabs !== null)
+		if ($modules_tabs === null)
 			$modules_tabs = Tab::getModuleTabList();
 
 		if ($_LANGADM == null)
@@ -72,7 +72,8 @@ class TranslateCore
 		else
 			$str = Translate::getGenericAdminTranslation($string, $key, $_LANGADM);
 
-		$str = $htmlentities ? htmlentities($str, ENT_QUOTES, 'utf-8') : $str;
+		if ($htmlentities)
+			$str = htmlentities($str, ENT_QUOTES, 'utf-8');
 		$str = str_replace('"', '"', $str);
 
 		if ($sprintf !== null)
@@ -125,38 +126,27 @@ class TranslateCore
 		// $translations_merged is a cache of wether a specific module's translations have already been added to $_MODULES
 		static $translations_merged = array();
 
-		if ($module instanceof Module)
-			$name = $module->name;
-		else
-			$name = $module;
-
-		$local_path = _PS_MODULE_DIR_.$name.'/';
-
-		if (!isset($name) || !isset($translations_merged[$name]))
+		$name = $module instanceof Module ? $module->name : $module;
+		if (!isset($translations_merged[$name]))
 		{
-			// Check if translations exists in a current theme
-			if (Tools::file_exists_cache(_PS_THEME_DIR_.'modules/'.$name.'/translations/'.Context::getContext()->language->iso_code.'.php'))
-				$file_theme = _PS_THEME_DIR_.'modules/'.$name.'/translations/'.Context::getContext()->language->iso_code.'.php';
-			elseif (Tools::file_exists_cache(_PS_THEME_DIR_.'modules/'.$name.'/'.Context::getContext()->language->iso_code.'.php'))
-				$file_theme = _PS_THEME_DIR_.'modules/'.$name.'/'.Context::getContext()->language->iso_code.'.php';
-			else
-				$file_theme = false;
+			$filesByPriority = array(
+				// Translations in theme
+				_PS_THEME_DIR_.'modules/'.$name.'/translations/'.Context::getContext()->language->iso_code.'.php', 
+				_PS_THEME_DIR_.'modules/'.$name.'/'.Context::getContext()->language->iso_code.'.php', 
+				// PrestaShop 1.5 translations
+				_PS_MODULE_DIR_.$name.'/translations/'.Context::getContext()->language->iso_code.'.php',
+				// PrestaShop 1.4 translations
+				_PS_MODULE_DIR_.$name.'/'.Context::getContext()->language->iso_code.'.php'
+			);
 
-			if ($file_theme && !isset($translations_merged[$name]) && Tools::file_exists_cache($file_theme) && include_once($file_theme))
-				$_MODULES = !empty($_MODULES) ? array_merge($_MODULES, $_MODULE) : $_MODULE;
-			else
-			{
-				// @retrocompatibility with translations files in module root
-				// @since 1.5 modules have a translations/ folder
-				if (Tools::file_exists_cache($local_path.'/translations/'.Context::getContext()->language->iso_code.'.php'))
-					$file = $local_path.'/translations/'.Context::getContext()->language->iso_code.'.php';
-				else
-					$file = $local_path.'/'.Context::getContext()->language->iso_code.'.php';
-				// Load translations file if it has not been already done
-				if (Tools::file_exists_cache($file) && include_once($file))
+			foreach ($filesByPriority as $file)
+				if (Tools::file_exists_cache($file))
+				{
+					include_once($file);
 					$_MODULES = !empty($_MODULES) ? array_merge($_MODULES, $_MODULE) : $_MODULE;
-			}
-			$translations_merged[$name] = true;
+					$translations_merged[$name] = true;
+					break;
+				}
 		}
 
 		$key = md5(str_replace('\'', '\\\'', $string));

classes/Validate.php

@@ -384,7 +384,7 @@ class ValidateCore
 		$events .= '|ondragleave|ondragover|ondragstart|ondrop|onerrorupdate|onfilterchange|onfinish|onfocusin|onfocusout|onhashchange|onhelp|oninput|onlosecapture|onmessage|onmouseup|onmovestart';
 		$events .= '|onoffline|ononline|onpaste|onpropertychange|onreadystatechange|onresizeend|onresizestart|onrowenter|onrowexit|onrowsdelete|onrowsinserted|onscroll|onsearch|onselectionchange';
 		$events .= '|onselectstart|onstart|onstop';
-		return (!preg_match('/<[ \t\n]*script/ims', $html) && !preg_match('/<?.*('.$events.')[ \t\n]*=/ims', $html) && !preg_match('/.*script\:/ims', $html) && !preg_match('/<[ \t\n]*i?frame/ims', $html));
+		return (!preg_match('/<[ \t\n]*script/ims', $html) && !preg_match('/('.$events.')[ \t\n]*=/ims', $html) && !preg_match('/.*script\:/ims', $html) && !preg_match('/<[ \t\n]*i?frame/ims', $html));
 	}
 
 	/**
@@ -761,7 +761,7 @@ class ValidateCore
 	 */
 	public static function isFileName($name)
 	{
-		return preg_match('/^[a-zA-Z0-9_.-]*$/', $name);
+		return preg_match('/^[a-zA-Z0-9_.-]+$/', $name);
 	}
 
 	/**

classes/controller/AdminController.php

@@ -109,6 +109,9 @@ class AdminControllerCore extends Controller
 
 	protected $shopLink;
 
+	/** @var string SQL query */
+	protected $_listsql = '';
+
 	/** @var array Cache for query results */
 	protected $_list = array();
 
@@ -248,6 +251,7 @@ class AdminControllerCore extends Controller
 	public $controller_name;
 
 	public $multishop_context = -1;
+	public $multishop_context_group = true;
 
 	/**
 	 * Current breadcrumb position as an array of tab names
@@ -321,8 +325,7 @@ class AdminControllerCore extends Controller
 
 		$this->initShopContext();
 
-		$currency = Shop::getEntityIds('currency', $this->context->shop->id, true, true);
-		$this->context->currency = new Currency($currency[0]['id_currency']);
+		$this->context->currency = new Currency(Configuration::get('PS_CURRENCY_DEFAULT'));
 	}
 
 	/**
@@ -605,7 +608,6 @@ class AdminControllerCore extends Controller
 	{
 		/* Checking fields validity */
 		$this->validateRules();
-
 		if (count($this->errors) <= 0)
 		{
 			$object = new $this->className();
@@ -1270,9 +1272,39 @@ class AdminControllerCore extends Controller
 			if (empty($sub_tabs))
 				unset($tabs[$index]);
 		}
+		
+		if (Validate::isLoadedObject($this->context->employee))
+		{
+			$accesses = Profile::getProfileAccesses($this->context->employee->id_profile, 'class_name');
 
-		/* Hooks are volontary out the initialize array (need those variables already assigned) */
-		$bo_color = empty($this->context->employee->bo_color) ? '#FFFFFF' : $this->context->employee->bo_color;
+			/* Hooks are volontary out the initialize array (need those variables already assigned) */
+			$bo_color = empty($this->context->employee->bo_color) ? '#FFFFFF' : $this->context->employee->bo_color;
+			$this->context->smarty->assign(array(
+				'autorefresh_notifications' => Configuration::get('PS_ADMIN_REFRESH_NOTIFICATION'),
+				'help_box' => Configuration::get('PS_HELPBOX'),
+				'round_mode' => Configuration::get('PS_PRICE_ROUND_MODE'),
+				'brightness' => Tools::getBrightness($bo_color) < 128 ? 'white' : '#383838',
+				'bo_width' => (int)$this->context->employee->bo_width,
+				'bo_color' => isset($this->context->employee->bo_color) ? Tools::htmlentitiesUTF8($this->context->employee->bo_color) : null,
+				'show_new_orders' => Configuration::get('PS_SHOW_NEW_ORDERS') && $accesses['AdminOrders']['view'],
+				'show_new_customers' => Configuration::get('PS_SHOW_NEW_CUSTOMERS') && $accesses['AdminCustomers']['view'],
+				'show_new_messages' => Configuration::get('PS_SHOW_NEW_MESSAGES') && $accesses['AdminCustomerThreads']['view'],
+				'first_name' => Tools::substr($this->context->employee->firstname, 0, 1),
+				'last_name' => htmlentities($this->context->employee->lastname, ENT_COMPAT, 'UTF-8'),
+				'employee' => $this->context->employee,
+				'search_type' => Tools::getValue('bo_search_type'),
+				'bo_query' => Tools::safeOutput(Tools::stripslashes(Tools::getValue('bo_query'))),
+				'quick_access' => $quick_access,
+				'multi_shop' => Shop::isFeatureActive(),
+				'shop_list' => Helper::renderShopList(),
+				'shop' => $this->context->shop,
+				'shop_group' => new ShopGroup((int)Shop::getContextShopGroupID()),
+				'current_parent_id' => (int)Tab::getCurrentParentId(),
+				'tabs' => $tabs,
+				'is_multishop' => $is_multishop,
+				'multishop_context' => $this->multishop_context,
+			));
+		}
 		$this->context->smarty->assign(array(
 			'img_dir' => _PS_IMG_,
 			'iso' => $this->context->language->iso_code,
@@ -1280,52 +1312,18 @@ class AdminControllerCore extends Controller
 			'iso_user' => $this->context->language->iso_code,
 			'country_iso_code' => $this->context->country->iso_code,
 			'version' => _PS_VERSION_,
-			'autorefresh_notifications' => Configuration::get('PS_ADMIN_REFRESH_NOTIFICATION'),
-			'help_box' => Configuration::get('PS_HELPBOX'),
-			'round_mode' => Configuration::get('PS_PRICE_ROUND_MODE'),
-			'brightness' => Tools::getBrightness($bo_color) < 128 ? 'white' : '#383838',
 			'lang_iso' => $this->context->language->iso_code,
 			'link' => $this->context->link,
-			'bo_width' => (int)$this->context->employee->bo_width,
-			'bo_color' => isset($this->context->employee->bo_color) ? Tools::htmlentitiesUTF8($this->context->employee->bo_color) : null,
 			'shop_name' => Configuration::get('PS_SHOP_NAME'),
-			'show_new_orders' => Configuration::get('PS_SHOW_NEW_ORDERS'),
-			'show_new_customers' => Configuration::get('PS_SHOW_NEW_CUSTOMERS'),
-			'show_new_messages' => Configuration::get('PS_SHOW_NEW_MESSAGES'),
-			'first_name' => Tools::substr($this->context->employee->firstname, 0, 1),
-			'last_name' => htmlentities($this->context->employee->lastname, ENT_COMPAT, 'UTF-8'),
 			'base_url' => $this->context->shop->getBaseURL(),
-			'employee' => $this->context->employee,
-			'search_type' => Tools::getValue('bo_search_type'),
-			'bo_query' => Tools::safeOutput(Tools::stripslashes(Tools::getValue('bo_query'))),
-			'quick_access' => $quick_access,
-			'multi_shop' => Shop::isFeatureActive(),
-			'shop_list' => Helper::renderShopList(),
-			'shop' => $this->context->shop,
-			'shop_group' => new ShopGroup((int)Shop::getContextShopGroupID()),
-			'tab' => $tab,
+			'tab' => $tab, // Deprecated, this tab is declared in the foreach, so it's the last tab in the foreach
 			'current_parent_id' => (int)Tab::getCurrentParentId(),
 			'tabs' => $tabs,
 			'install_dir_exists' => file_exists(_PS_ADMIN_DIR_.'/../install'),
-			'is_multishop' => $is_multishop,
-			'multishop_context' => $this->multishop_context,
 			'pic_dir' => _THEME_PROD_PIC_DIR_,
 			'controller_name' => htmlentities(Tools::getValue('controller')),
 			'currentIndex' => self::$currentIndex
 		));
-
-		// Shop context
-		if ($is_multishop)
-		{
-			if (Shop::getContext() == Shop::CONTEXT_SHOP)
-				$shop_name = $this->context->shop->name;
-			else
-				$shop_name = 'PrestaShop';
-
-			$this->context->smarty->assign(array(
-				'shop_name' => $shop_name,
-			));
-		}
 	}
 
 	/**
@@ -1356,6 +1354,12 @@ class AdminControllerCore extends Controller
 	 */
 	public function initContent()
 	{
+		if (!$this->viewAccess())
+		{
+			$this->errors[] = Tools::displayError('You do not have permission to view here.');
+			return;
+		}
+		
 		$this->getLanguages();
 		// toolbar (save, cancel, new, ..)
 		$this->initToolbar();
@@ -1669,8 +1673,16 @@ class AdminControllerCore extends Controller
 			'current' => self::$currentIndex,
 			'token' => $this->token,
 		));
-
-		$this->context->smarty->assign('submit_form_ajax', (int)Tools::getValue('submitFormAjax'));
+		
+		if ($this->display_header)
+			$this->context->smarty->assign('displayBackOfficeHeader', Hook::exec('displayBackOfficeHeader', array()));
+		
+		$this->context->smarty->assign(
+			array(
+				'displayBackOfficeTop' => Hook::exec('displayBackOfficeTop', array()),
+				'submit_form_ajax' => (int)Tools::getValue('submitFormAjax')
+				)
+			);
 
 		$this->initProcess();
 	}
@@ -1812,8 +1824,6 @@ class AdminControllerCore extends Controller
 			else
 				$this->errors[] = Tools::displayError('You do not have permission to edit here.');
 		}
-		elseif ($submitted_action = Tools::getValue('submitAction'.$this->table))
-				$this->action = $submitted_action;
 		elseif (Tools::getValue('submitAdd'.$this->table)
 				 || Tools::getValue('submitAdd'.$this->table.'AndStay')
 				 || Tools::getValue('submitAdd'.$this->table.'AndPreview'))
@@ -1998,22 +2008,18 @@ class AdminControllerCore extends Controller
 			$where_shop = Shop::addSqlRestriction($this->shopShareDatas, 'a', $this->shopLinkType);
 		}
 
-		$filter_shop = '';
 		if ($this->multishop_context && Shop::isTableAssociated($this->table) && !empty($this->className))
 		{
-			if (Shop::getContext() != Shop::CONTEXT_ALL || Shop::isTableAssociated($this->table) || !$this->context->employee->isSuperAdmin())
+			if (Shop::getContext() != Shop::CONTEXT_ALL || !$this->context->employee->isSuperAdmin())
 			{
-				$idenfier_shop = Shop::getContextListShopID();
-				if (!$this->_group)
-					$this->_group = ' GROUP BY a.'.pSQL($this->identifier);
-				elseif (!preg_match('#(\s|,)\s*a\.`?'.pSQL($this->identifier).'`?(\s|,|$)#', $this->_group))
-					$this->_group .= ', a.'.pSQL($this->identifier);
-
 				$test_join = !preg_match('#`?'.preg_quote(_DB_PREFIX_.$this->table.'_shop').'`? *sa#', $this->_join);
-				if (Shop::isFeatureActive() && $test_join)
+				if (Shop::isFeatureActive() && $test_join && Shop::isTableAssociated($this->table))
 				{
-					$filter_shop = ' JOIN `'._DB_PREFIX_.$this->table.'_shop` sa ';
-					$filter_shop .= 'ON (sa.'.$this->identifier.' = a.'.$this->identifier.' AND sa.id_shop IN ('.implode(', ', $idenfier_shop).'))';
+					$this->_where .= ' AND a.'.$this->identifier.' IN (
+						SELECT sa.'.$this->identifier.'
+						FROM `'._DB_PREFIX_.$this->table.'_shop` sa
+						WHERE sa.id_shop IN ('.implode(', ', Shop::getContextListShopID()).')
+					)';
 				}
 			}
 		}
@@ -2022,13 +2028,16 @@ class AdminControllerCore extends Controller
 		$lang_join = '';
 		if ($this->lang)
 		{
-			$lang_join = 'LEFT JOIN `'._DB_PREFIX_.$this->table.'_lang` b ON (b.`'.$this->identifier.'` = a.`'.$this->identifier.'`';
-			$lang_join .= ' AND b.`id_lang` = '.(int)$id_lang;
+			$lang_join = 'LEFT JOIN `'._DB_PREFIX_.$this->table.'_lang` b ON (b.`'.$this->identifier.'` = a.`'.$this->identifier.'` AND b.`id_lang` = '.(int)$id_lang;
 			if ($id_lang_shop)
-				if (Shop::getContext() == Shop::CONTEXT_SHOP)
-					$lang_join .= ' AND b.`id_shop`='.(int)$id_lang_shop;
+			{
+				if (!Shop::isFeatureActive())
+					$lang_join .= ' AND b.`id_shop` = 1';
+				elseif (Shop::getContext() == Shop::CONTEXT_SHOP)
+					$lang_join .= ' AND b.`id_shop` = '.(int)$id_lang_shop;
 				else
-					$lang_join .= ' AND b.`id_shop` IN ('.implode(',', array_map('intval', Shop::getContextListShopID())).')';
+					$lang_join .= ' AND b.`id_shop` = a.id_shop_default';
+			}
 			$lang_join .= ')';
 		}
 
@@ -2048,23 +2057,23 @@ class AdminControllerCore extends Controller
 			$order_by = pSQL($order_by[0]).'.`'.pSQL($order_by[1]).'`';
 		}
 
-		$sql = 'SELECT SQL_CALC_FOUND_ROWS
-			'.($this->_tmpTableFilter ? ' * FROM (SELECT ' : '').'
-			'.($this->lang ? 'b.*, ' : '').'a.*'.(isset($this->_select) ? ', '.$this->_select.' ' : '').$select_shop.'
-			FROM `'._DB_PREFIX_.$sql_table.'` a
-			'.$filter_shop.'
-			'.$lang_join.'
-			'.(isset($this->_join) ? $this->_join.' ' : '').'
-			'.$join_shop.'
-			WHERE 1 '.(isset($this->_where) ? $this->_where.' ' : '').($this->deleted ? 'AND a.`deleted` = 0 ' : '').
-			(isset($this->_filter) ? $this->_filter : '').$where_shop.'
-			'.(isset($this->_group) ? $this->_group.' ' : '').'
-			'.$having_clause.'
-			ORDER BY '.(($order_by == $this->identifier) ? 'a.' : '').pSQL($order_by).' '.pSQL($order_way).
-			($this->_tmpTableFilter ? ') tmpTable WHERE 1'.$this->_tmpTableFilter : '').
-			(($use_limit === true) ? ' LIMIT '.(int)$start.','.(int)$limit : '');
+		$this->_listsql = '
+		SELECT SQL_CALC_FOUND_ROWS
+		'.($this->_tmpTableFilter ? ' * FROM (SELECT ' : '').'
+		'.($this->lang ? 'b.*, ' : '').'a.*'.(isset($this->_select) ? ', '.$this->_select.' ' : '').$select_shop.'
+		FROM `'._DB_PREFIX_.$sql_table.'` a
+		'.$lang_join.'
+		'.(isset($this->_join) ? $this->_join.' ' : '').'
+		'.$join_shop.'
+		WHERE 1 '.(isset($this->_where) ? $this->_where.' ' : '').($this->deleted ? 'AND a.`deleted` = 0 ' : '').
+		(isset($this->_filter) ? $this->_filter : '').$where_shop.'
+		'.(isset($this->_group) ? $this->_group.' ' : '').'
+		'.$having_clause.'
+		ORDER BY '.(($order_by == $this->identifier) ? 'a.' : '').pSQL($order_by).' '.pSQL($order_way).
+		($this->_tmpTableFilter ? ') tmpTable WHERE 1'.$this->_tmpTableFilter : '').
+		(($use_limit === true) ? ' LIMIT '.(int)$start.','.(int)$limit : '');
 
-		$this->_list = Db::getInstance()->executeS($sql);
+		$this->_list = Db::getInstance()->executeS($this->_listsql);
 		$this->_listTotal = Db::getInstance()->getValue('SELECT FOUND_ROWS() AS `'._DB_PREFIX_.$this->table.'`');
 	}
 
@@ -2186,7 +2195,7 @@ class AdminControllerCore extends Controller
 				if (!Tools::getValue($this->identifier) || ($field != 'passwd' && $field != 'no-picture'))
 					$this->errors[] = sprintf(
 						Tools::displayError('The field %s is required.'),
-						call_user_func(array($class_name, 'displayFieldName'), $field, $class_name)
+						Tools::safeOutput(call_user_func(array($class_name, 'displayFieldName'), $field, $class_name))
 					);
 
 		/* Checking for multilingual required fields */
@@ -2194,7 +2203,7 @@ class AdminControllerCore extends Controller
 			if (($empty = Tools::getValue($field_lang.'_'.$default_language->id)) === false || $empty !== '0' && empty($empty))
 				$this->errors[] = sprintf(
 					Tools::displayError('The field %1$s is required at least in %2$s.'),
-					call_user_func(array($class_name, 'displayFieldName'), $field_lang, $class_name),
+					Tools::safeOutput(call_user_func(array($class_name, 'displayFieldName'), $field_lang, $class_name)),
 					$default_language->name
 				);
 
@@ -2203,7 +2212,7 @@ class AdminControllerCore extends Controller
 			if (Tools::getValue($field) !== false && Tools::strlen(Tools::getValue($field)) > $max_length)
 				$this->errors[] = sprintf(
 					Tools::displayError('The field %1$s is too long (%2$d chars max).'),
-					call_user_func(array($class_name, 'displayFieldName'), $field, $class_name),
+					Tools::safeOutput(call_user_func(array($class_name, 'displayFieldName'), $field, $class_name)),
 					$max_length
 				);
 
@@ -2215,7 +2224,7 @@ class AdminControllerCore extends Controller
 				if ($field_lang !== false && Tools::strlen($field_lang) > $max_length)
 					$this->errors[] = sprintf(
 						Tools::displayError('The field %1$s (%2$s) is too long (%3$d chars max, html chars including).'),
-						call_user_func(array($class_name, 'displayFieldName'), $field_lang, $class_name),
+						Tools::safeOutput(call_user_func(array($class_name, 'displayFieldName'), $field_lang, $class_name)),
 						$language['name'],
 						$max_length
 					);
@@ -2229,7 +2238,7 @@ class AdminControllerCore extends Controller
 				if (!Validate::$function($value) && !empty($value))
 					$this->errors[] = sprintf(
 						Tools::displayError('The field %s is invalid.'),
-						call_user_func(array($class_name, 'displayFieldName'), $field, $class_name)
+						Tools::safeOutput(call_user_func(array($class_name, 'displayFieldName'), $field, $class_name))
 					);
 
 		/* Checking for passwd_old validity */
@@ -2238,12 +2247,12 @@ class AdminControllerCore extends Controller
 			if ($class_name == 'Employee' && !Validate::isPasswdAdmin($value))
 				$this->errors[] = sprintf(
 					Tools::displayError('The field %s is invalid.'),
-					call_user_func(array($class_name, 'displayFieldName'), 'passwd', $class_name)
+					Tools::safeOutput(call_user_func(array($class_name, 'displayFieldName'), 'passwd', $class_name))
 				);
 			elseif ($class_name == 'Customer' && !Validate::isPasswd($value))
 				$this->errors[] = sprintf(
 					Tools::displayError('The field %s is invalid.'),
-					call_user_func(array($class_name, 'displayFieldName'), 'passwd', $class_name)
+					Tools::safeOutput(call_user_func(array($class_name, 'displayFieldName'), 'passwd', $class_name))
 				);
 		}
 
@@ -2254,7 +2263,7 @@ class AdminControllerCore extends Controller
 					if (!Validate::$function($value))
 						$this->errors[] = sprintf(
 							Tools::displayError('The field %1$s (%2$s) is invalid.'),
-							call_user_func(array($class_name, 'displayFieldName'), $field_lang, $class_name),
+							Tools::safeOutput(call_user_func(array($class_name, 'displayFieldName'), $field_lang, $class_name)),
 							$language['name']
 						);
 	}
@@ -2743,7 +2752,7 @@ class AdminControllerCore extends Controller
 		$context = stream_context_create($opts);
 		foreach ($protocolsList as $protocol => $port)
 		{
-			$content = file_get_contents($protocol.$this->addons_url, false, $context);
+			$content = Tools::file_get_contents($protocol.$this->addons_url, false, $context);
 
 			// If content returned, we cache it
 			if ($content)

classes/controller/Controller.php

@@ -177,7 +177,7 @@ abstract class ControllerCore
 			if ($this->ajax)
 			{
 				$action = Tools::getValue('action');
-				if (!empty($action) && method_exists($this, 'displayAjax'.Tools::toCamelCase($action)))
+				if (!empty($action) && method_exists($this, 'displayAjax'.Tools::toCamelCase($action, true)))
 					$this->{'displayAjax'.$action}();
 				elseif (method_exists($this, 'displayAjax'))
 					$this->displayAjax();

classes/controller/FrontController.php

@@ -249,6 +249,12 @@ class FrontControllerCore extends Controller
 			CartRule::autoAddToCart($this->context);
 		}
 
+		// Check mobile context
+		if (Tools::isSubmit('no_mobile_theme'))
+			$this->context->cookie->no_mobile = true;
+		else if (Tools::isSubmit('mobile_theme_ok'))
+			$this->context->cookie->no_mobile = false;
+
 		$locale = strtolower(Configuration::get('PS_LOCALE_LANGUAGE')).'_'.strtoupper(Configuration::get('PS_LOCALE_COUNTRY').'.UTF-8');
 		setlocale(LC_COLLATE, $locale);
 		setlocale(LC_CTYPE, $locale);
@@ -305,6 +311,8 @@ class FrontControllerCore extends Controller
 			$meta_language[] = $lang['iso_code'];
 
 		$this->context->smarty->assign(array(
+			// Usefull for layout.tpl
+			'mobile_device' => $this->context->getMobileDevice(),
 			'link' => $link,
 			'cart' => $cart,
 			'currency' => $currency,
@@ -338,6 +346,12 @@ class FrontControllerCore extends Controller
 			'request' => $link->getPaginationLink(false, false, false, true)
 		));
 
+		// Add the tpl files directory for mobile
+		if ($this->context->getMobileDevice() != false)
+			$this->context->smarty->assign(array(
+				'tpl_mobile_uri' => _PS_THEME_MOBILE_DIR_,
+			));
+
 		// Deprecated
 		$this->context->smarty->assign(array(
 			'id_currency_cookie' => (int)$currency->id,
@@ -361,6 +375,14 @@ class FrontControllerCore extends Controller
 			'pic_dir' => _THEME_PROD_PIC_DIR_
 		);
 
+		// Add the images directory for mobile
+		if ($this->context->getMobileDevice() != false)
+			$assign_array['img_mobile_dir'] = _THEME_MOBILE_IMG_DIR_;
+
+		// Add the CSS directory for mobile
+		if ($this->context->getMobileDevice() != false)
+			$assign_array['css_mobile_dir'] = _THEME_MOBILE_CSS_DIR_;
+
 		foreach ($assign_array as $assign_key => $assign_value)
 			if (substr($assign_value, 0, 1) == '/' || $protocol_content == 'https://')
 				$this->context->smarty->assign($assign_key, $protocol_content.Tools::getMediaServer($assign_value).$assign_value);
@@ -419,12 +441,25 @@ class FrontControllerCore extends Controller
 		$this->process();
 		if (!isset($this->context->cart))
 			$this->context->cart = new Cart();
-		$this->context->smarty->assign(array(
-			'HOOK_HEADER' => Hook::exec('displayHeader'),
-			'HOOK_TOP' => Hook::exec('displayTop'),
-			'HOOK_LEFT_COLUMN' => ($this->display_column_left ? Hook::exec('displayLeftColumn') : ''),
-			'HOOK_RIGHT_COLUMN' => ($this->display_column_right ? Hook::exec('displayRightColumn', array('cart' => $this->context->cart)) : ''),
-		));
+		if ($this->context->getMobileDevice() == false)
+		{
+			// These hooks aren't used for the mobile theme.
+			// Needed hooks are called in the tpl files.
+			if (!isset($this->context->cart))
+				$this->context->cart = new Cart();
+			$this->context->smarty->assign(array(
+				'HOOK_HEADER' => Hook::exec('displayHeader'),
+				'HOOK_TOP' => Hook::exec('displayTop'),
+				'HOOK_LEFT_COLUMN' => ($this->display_column_left ? Hook::exec('displayLeftColumn') : ''),
+				'HOOK_RIGHT_COLUMN' => ($this->display_column_right ? Hook::exec('displayRightColumn', array('cart' => $this->context->cart)) : ''),
+			));
+		}
+		else
+		{
+			$this->context->smarty->assign(array(
+				'HOOK_MOBILE_HEADER' => Hook::exec('displayMobileHeader'),
+			));
+		}
 	}
 
 	/**
@@ -517,7 +552,8 @@ class FrontControllerCore extends Controller
 			'display_footer' => $this->display_footer,
 		));
 
-		if (Tools::isSubmit('live_edit'))
+		// Don't use live edit if on mobile device
+		if ($this->context->getMobileDevice() == false && Tools::isSubmit('live_edit'))
 			$this->context->smarty->assign('live_edit', $this->getLiveEditFooter());
 
 		$layout = $this->getLayout();
@@ -572,7 +608,9 @@ class FrontControllerCore extends Controller
 			{
 				header('HTTP/1.1 503 temporarily overloaded');
 				$this->context->smarty->assign('favicon_url', _PS_IMG_.Configuration::get('PS_FAVICON'));
-				$this->context->smarty->display(_PS_THEME_DIR_.'maintenance.tpl');
+
+				$template_dir = ($this->context->getMobileDevice() == true ? _PS_THEME_MOBILE_DIR_ : _PS_THEME_DIR_);
+				$this->context->smarty->display($template_dir.'maintenance.tpl');
 				exit;
 			}
 		}
@@ -597,23 +635,23 @@ class FrontControllerCore extends Controller
 		if (!preg_match('/^'.Tools::pRegexp(rawurldecode($canonical_url), '/').'([&?].*)?$/', $match_url))
 		{
 			$params = array();
-			$excluded_key = array('isolang', 'id_lang', 'controller', 'fc');
-			foreach ($_GET as $key => $value)
-				if (!in_array($key, $excluded_key) && Validate::isUrl($key) && Validate::isUrl($value))
-					$params[$key] = $value;
-
 			$str_params = '';
 			$url_details = parse_url($canonical_url);
+
 			if (!empty($url_details['query']))
 			{
 				parse_str($url_details['query'], $query);
 				foreach ($query as $key => $value)
-					$params[$key] = $value;
+					$params[Tools::safeOutput($key)] = Tools::safeOutput($value);
 			}
-			
+			$excluded_key = array('isolang', 'id_lang', 'controller', 'fc', 'id_product', 'id_category', 'id_manufacturer', 'id_supplier', 'id_cms');
+			foreach ($_GET as $key => $value)
+				if (!in_array($key, $excluded_key) && Validate::isUrl($key) && Validate::isUrl($value))
+					$params[Tools::safeOutput($key)] = Tools::safeOutput($value);
+
 			$str_params = http_build_query($params, '', '&');
 			if (!empty($str_params))
-				$final_url = preg_replace('/^([^?]*)?.*$/', '$1', $canonical_url).'?'.Tools::safeOutput($str_params);
+				$final_url = preg_replace('/^([^?]*)?.*$/', '$1', $canonical_url).'?'.$str_params;
 			else
 				$final_url = preg_replace('/^([^?]*)?.*$/', '$1', $canonical_url);
 
@@ -685,8 +723,32 @@ class FrontControllerCore extends Controller
 		return false;
 	}
 
+	/**
+	 * Specific medias for mobile device.
+	 */
+	public function setMobileMedia()
+	{
+		$this->addjquery();
+		$this->addJS(_THEME_MOBILE_JS_DIR_.'jquery.mobile-1.1.1.min.js');
+		$this->addJS(_THEME_MOBILE_JS_DIR_.'jqm-docs.js');
+		$this->addJS(_PS_JS_DIR_.'tools.js');
+		$this->addJS(_THEME_MOBILE_JS_DIR_.'global.js');
+			$this->addjqueryPlugin('fancybox');
+
+		$this->addCSS(_THEME_MOBILE_CSS_DIR_.'jquery.mobile-1.1.1.min.css', 'all');
+		$this->addCSS(_THEME_MOBILE_CSS_DIR_.'jqm-docs.css', 'all');
+		$this->addCSS(_THEME_MOBILE_CSS_DIR_.'global.css', 'all');
+	}
+
 	public function setMedia()
 	{
+		// if website is accessed by mobile device
+		// @see FrontControllerCore::setMobileMedia()
+		if ($this->context->getMobileDevice() != false)
+		{
+			$this->setMobileMedia();
+			return true;
+		}
 		$this->addCSS(_THEME_CSS_DIR_.'global.css', 'all');
 		$this->addjquery();
 		$this->addjqueryPlugin('easing');
@@ -730,6 +792,10 @@ class FrontControllerCore extends Controller
 	{
 		$this->context->smarty->assign(array(
 			'HOOK_FOOTER' => Hook::exec('displayFooter'),
+			'conditions' => Configuration::get('PS_CONDITIONS'),
+			'id_cgv' => Configuration::get('PS_CONDITIONS_CMS_ID'),
+			'PS_SHOP_NAME' => Configuration::get('PS_SHOP_NAME'),
+			'PS_ALLOW_MOBILE_DEVICE' => isset($_SERVER['HTTP_USER_AGENT']) && (bool)Configuration::get('PS_ALLOW_MOBILE_DEVICE') && @filemtime(_PS_THEME_MOBILE_DIR_)
 		));
 
 	}
@@ -960,15 +1026,20 @@ class FrontControllerCore extends Controller
 
 	/**
 	 * This is overrided to manage is behaviour
+	 * if a customer access to the site with mobile device.
 	 */
 	public function setTemplate($default_template)
 	{
-        $template = $this->getOverrideTemplate();
-
-        if ($template)
-		    parent::setTemplate($template);
-        else
-            parent::setTemplate($default_template);
+		if ($this->context->getMobileDevice() != false)
+			$this->setMobileTemplate($default_template);
+		else
+		{
+			$template = $this->getOverrideTemplate();
+			if ($template)
+				parent::setTemplate($template);
+			else
+				parent::setTemplate($default_template);
+		}
 	}
 
     /**
@@ -1002,6 +1073,12 @@ class FrontControllerCore extends Controller
 
 		$layout_dir = _PS_THEME_DIR_;
 		$layout_override_dir  = _PS_THEME_OVERRIDE_DIR_;
+		if ($this->context->getMobileDevice() != false)
+		{
+			$layout_dir = _PS_THEME_MOBILE_DIR_;
+			$layout_override_dir = _PS_THEME_MOBILE_OVERRIDE_DIR_;
+		}
+
 		$layout = false;
 		if ($entity)
 		{
@@ -1016,4 +1093,47 @@ class FrontControllerCore extends Controller
 
 		return $layout;
     }
+
+	/**
+	 * This checks if the template set is available for mobile themes,
+	 * otherwise the front template is choosen.
+	 */
+	public function setMobileTemplate($template)
+	{
+		// Needed for site map
+		$blockmanufacturer = Module::getInstanceByName('blockmanufacturer');
+		$blocksupplier = Module::getInstanceByName('blocksupplier');
+		$this->context->smarty->assign('categoriesTree', Category::getRootCategory()->recurseLiteCategTree(0));
+		$this->context->smarty->assign('categoriescmsTree', CMSCategory::getRecurseCategory($this->context->language->id, 1, 1, 1));
+		$this->context->smarty->assign('voucherAllowed', (int)Configuration::get('PS_VOUCHERS'));
+		$this->context->smarty->assign('display_manufacturer_link', (bool)$blockmanufacturer->active);
+		$this->context->smarty->assign('display_supplier_link', (bool)$blocksupplier->active);
+		$this->context->smarty->assign('PS_DISPLAY_SUPPLIERS', Configuration::get('PS_DISPLAY_SUPPLIERS'));
+		$this->context->smarty->assign('display_store', Configuration::get('PS_STORES_DISPLAY_SITEMAP'));
+		$this->context->smarty->assign('conditions', Configuration::get('PS_CONDITIONS'));
+		$this->context->smarty->assign('id_cgv', Configuration::get('PS_CONDITIONS_CMS_ID'));
+		$this->context->smarty->assign('PS_SHOP_NAME', Configuration::get('PS_SHOP_NAME'));
+
+		$mobile_template = '';
+		$tpl_file = basename($template);
+		$dirname = dirname($template).(substr(dirname($template), -1, 1) == '/' ? '' : '/');
+
+		if ($dirname == _PS_THEME_DIR_)
+		{
+			if (file_exists(_PS_THEME_MOBILE_DIR_.$tpl_file))
+				$template = _PS_THEME_MOBILE_DIR_.$tpl_file;
+		}
+		elseif ($dirname == _PS_THEME_MOBILE_DIR_)
+		{
+			if (!file_exists(_PS_THEME_MOBILE_DIR_.$tpl_file) && file_exists(_PS_THEME_DIR_.$tpl_file))
+				$template = _PS_THEME_DIR_.$tpl_file;
+		}
+		$assign = array();
+		$assign['tpl_file'] = basename($tpl_file, '.tpl');
+		if (isset($this->php_self))
+			$assign['controller_name'] = $this->php_self;
+
+		$this->context->smarty->assign($assign);
+		$this->template = $template;
+	}
 }

classes/db/Db.php

@@ -322,7 +322,7 @@ abstract class DbCore
 	 */
 	public function insert($table, $data, $null_values = false, $use_cache = true, $type = Db::INSERT, $add_prefix = true)
 	{
-		if (!$data)
+		if (!$data && !$null_values)
 			return true;
 
 		if ($add_prefix)
@@ -596,7 +596,10 @@ abstract class DbCore
 
 		$errno = $this->getNumberError();
 		if ($webservice_call && $errno)
-			WebserviceRequest::getInstance()->setError(500, '[SQL Error] '.$this->getMsgError().'. Query was : '.$sql, 97);
+		{
+			$dbg = debug_backtrace();
+			WebserviceRequest::getInstance()->setError(500, '[SQL Error] '.$this->getMsgError().'. From '.(isset($dbg[3]['class']) ? $dbg[3]['class'] : '').'->'.$dbg[3]['function'].'() Query was : '.$sql, 97);
+		}
 		else if (_PS_DEBUG_SQL_ && $errno && !defined('PS_INSTALLATION_IN_PROGRESS'))
 		{
 			if ($sql)
@@ -637,9 +640,9 @@ abstract class DbCore
 	 * @param bool $engine
 	 * @return int
 	 */
-	public static function checkConnection($server, $user, $pwd, $db, $new_db_link = true, $engine = null)
+	public static function checkConnection($server, $user, $pwd, $db, $new_db_link = true, $engine = null, $timeout = 5)
 	{
-		return call_user_func_array(array(Db::getClass(), 'tryToConnect'), array($server, $user, $pwd, $db, $new_db_link, $engine));
+		return call_user_func_array(array(Db::getClass(), 'tryToConnect'), array($server, $user, $pwd, $db, $new_db_link, $engine, $timeout));
 	}
 
 	/**

classes/db/DbMySQLi.php

@@ -161,10 +161,16 @@ class DbMySQLiCore extends Db
 	/**
 	 * @see Db::checkConnection()
 	 */
-	static public function tryToConnect($server, $user, $pwd, $db, $newDbLink = true, $engine = null)
+	public static function tryToConnect($server, $user, $pwd, $db, $newDbLink = true, $engine = null, $timeout = 5)
 	{
-		$link = @new mysqli($server, $user, $pwd, $db);
-		if (mysqli_connect_error())
+		$link = mysqli_init();
+		if (!$link)
+			return -1;
+
+		if (!$link->options(MYSQLI_OPT_CONNECT_TIMEOUT, $timeout))
+			return 1;
+
+		if (!$link->real_connect($server, $user, $pwd, $db))
 			return (mysqli_connect_errno() == 1049) ? 2 : 1;
 
 		if (strtolower($engine) == 'innodb')

classes/db/DbPDO.php

@@ -1,225 +1,218 @@
-<?php
-/*
-* 2007-2012 PrestaShop
-*
-* NOTICE OF LICENSE
-*
-* This source file is subject to the Open Software License (OSL 3.0)
-* that is bundled with this package in the file LICENSE.txt.
-* It is also available through the world-wide-web at this URL:
-* http://opensource.org/licenses/osl-3.0.php
-* If you did not receive a copy of the license and are unable to
-* obtain it through the world-wide-web, please send an email
-* to license@prestashop.com so we can send you a copy immediately.
-*
-* DISCLAIMER
-*
-* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
-* versions in the future. If you wish to customize PrestaShop for your
-* needs please refer to http://www.prestashop.com for more information.
-*
-*  @author PrestaShop SA <contact@prestashop.com>
-*  @copyright  2007-2012 PrestaShop SA
-*  @version  Release: $Revision$
-*  @license    http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
-*  International Registered Trademark & Property of PrestaShop SA
-*/
-
-/**
- * This class is currently only here for tests
- *
- * @since 1.5.0
- */
-class DbPDOCore extends Db
-{
-	/**
-	 * @see DbCore::connect()
-	 */
-	public function	connect()
-	{
-		try
-		{
-			$dsn = 'mysql:dbname='.$this->database;
-			if (strpos($this->server, ':') !== false)
-			{
-				list($server, $port) = explode(':', $this->server);
-				$dsn .= ';host='.$server.';port='.$port;
-			}
-			else
-				$dsn .= ';host='.$this->server;
-
-			$this->link = new PDO($dsn, $this->user, $this->password);
-		}
-		catch (PDOException $e)
-		{
-			throw new PrestaShopDatabaseException(sprintf(Tools::displayError('Link to database cannot be established: %s'), $e->getMessage()));
-		}
-
-		// UTF-8 support
-		if ($this->link->exec('SET NAMES \'utf8\'') === false)
-			throw new PrestaShopDatabaseException(Tools::displayError('PrestaShop Fatal error: no utf-8 support. Please check your server configuration.'));
-
-		return $this->link;
-	}
-
-	/**
-	 * @see DbCore::disconnect()
-	 */
-	public function	disconnect()
-	{
-		unset($this->link);
-	}
-
-	/**
-	 * @see DbCore::_query()
-	 */
-	protected function _query($sql)
-	{
-		return $this->link->query($sql);
-	}
-
-	/**
-	 * @see DbCore::nextRow()
-	 */
-	public function nextRow($result = false)
-	{
-		if (!$result)
-			$result = $this->result;
-		return $result->fetch(PDO::FETCH_ASSOC);
-	}
-
-	/**
-	 * @see DbCore::_numRows()
-	 */
-	protected function _numRows($result)
-	{
-		return $result->rowCount();
-	}
-
-	/**
-	 * @see DbCore::Insert_ID()
-	 */
-	public function	Insert_ID()
-	{
-		return $this->link->lastInsertId();
-	}
-
-	/**
-	 * @see DbCore::Affected_Rows()
-	 */
-	public function	Affected_Rows()
-	{
-		return $this->result->rowCount();
-	}
-
-	/**
-	 * @see DbCore::getMsgError()
-	 */
-	public function getMsgError($query = false)
-	{
-		$error = $this->link->errorInfo();
-		return ($error[0] == '00000') ? '' : $error[2];
-	}
-
-	/**
-	 * @see DbCore::getNumberError()
-	 */
-	public function getNumberError()
-	{
-		$error = $this->link->errorInfo();
-		return isset($error[1]) ? $error[1] : 0;
-	}
-
-	/**
-	 * @see DbCore::getVersion()
-	 */
-	public function getVersion()
-	{
-		return $this->getValue('SELECT VERSION()');
-	}
-
-	/**
-	 * @see DbCore::_escape()
-	 */
-	public function _escape($str)
-	{
-		$search = array("\\", "\0", "\n", "\r", "\x1a", "'", '"');
-		$replace = array("\\\\", "\\0", "\\n", "\\r", "\Z", "\'", '\"');
-
-		return str_replace($search, $replace, $str);
-	}
-
-	/**
-	 * @see DbCore::set_db()
-	 */
-	public function set_db($db_name)
-	{
-		return $this->link->exec('USE '.pSQL($db_name));
-	}
-
-	/**
-	 * @see Db::hasTableWithSamePrefix()
-	 */
-	public static function hasTableWithSamePrefix($server, $user, $pwd, $db, $prefix)
-	{
-		try
-		{
-			$link = @new PDO('mysql:dbname='.$db.';host='.$server, $user, $pwd);
-		}
-		catch (PDOException $e)
-		{
-			return false;
-		}
-
-		$sql = 'SHOW TABLES LIKE \''.$prefix.'%\'';
-		$result = $link->query($sql);
-		return (bool)$result->fetch();
-	}
-
-	/**
-	 * @see Db::checkConnection()
-	 */
-	static public function tryToConnect($server, $user, $pwd, $db, $newDbLink = true, $engine = null)
-	{
-		try
-		{
-			$link = @new PDO('mysql:dbname='.$db.';host='.$server, $user, $pwd);
-		}
-		catch (PDOException $e)
-		{
-			return ($e->getCode() == 1049) ? 2 : 1;
-		}
-
-		if (strtolower($engine) == 'innodb')
-		{
-			$sql = 'SHOW VARIABLES WHERE Variable_name = \'have_innodb\'';
-			$result = $link->query($sql);
-			if (!$result)
-				return 4;
-			$row = $result->fetch();
-			if (!$row || strtolower($row['Value']) != 'yes')
-				return 4;
-		}
-		unset($link);
-		return 0;
-	}
-
-	/**
-	 * @see Db::checkEncoding()
-	 */
-	static public function tryUTF8($server, $user, $pwd)
-	{
-		try
-		{
-			$link = new PDO('mysql:host='.$server, $user, $pwd);
-		}
-		catch (PDOException $e)
-		{
-			return false;
-		}
-		$result = $link->exec('SET NAMES \'utf8\'');
-		unset($link);
-
-		return ($result === false) ? false : true;
-	}
-}
+<?php
+/*
+* 2007-2012 PrestaShop
+*
+* NOTICE OF LICENSE
+*
+* This source file is subject to the Open Software License (OSL 3.0)
+* that is bundled with this package in the file LICENSE.txt.
+* It is also available through the world-wide-web at this URL:
+* http://opensource.org/licenses/osl-3.0.php
+* If you did not receive a copy of the license and are unable to
+* obtain it through the world-wide-web, please send an email
+* to license@prestashop.com so we can send you a copy immediately.
+*
+* DISCLAIMER
+*
+* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
+* versions in the future. If you wish to customize PrestaShop for your
+* needs please refer to http://www.prestashop.com for more information.
+*
+*  @author PrestaShop SA <contact@prestashop.com>
+*  @copyright  2007-2012 PrestaShop SA
+*  @version  Release: $Revision$
+*  @license    http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
+*  International Registered Trademark & Property of PrestaShop SA
+*/
+
+/**
+ * This class is currently only here for tests
+ *
+ * @since 1.5.0
+ */
+class DbPDOCore extends Db
+{
+	protected static function _getPDO($host, $user, $password, $dbname, $timeout = 5)
+	{
+		$dsn = 'mysql:';
+		if ($dbname)
+			$dsn .= 'dbname='.$dbname.';';
+		if (preg_match('/^(.*):([0-9]+)$/', $host, $matches))
+			$dsn .= 'host='.$matches[1].';port='.$matches[2];
+		elseif (preg_match('#^.*:(/.*)$#', $host, $matches))
+			$dsn .= 'unix_socket='.$matches[1];
+		else
+			$dsn .= 'host='.$host;
+
+		return new PDO($dsn, $user, $password, array(PDO::ATTR_TIMEOUT => $timeout, PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true));
+	}
+	
+	/**
+	 * @see DbCore::connect()
+	 */
+	public function	connect()
+	{
+		try {
+			$this->link = $this->_getPDO($this->server, $this->user, $this->password, $this->database, 5);
+		} catch (PDOException $e) {
+			throw new PrestaShopDatabaseException(sprintf(Tools::displayError('Link to database cannot be established: %s'), $e->getMessage()));
+		}
+
+		// UTF-8 support
+		if ($this->link->exec('SET NAMES \'utf8\'') === false)
+			throw new PrestaShopDatabaseException(Tools::displayError('PrestaShop Fatal error: no utf-8 support. Please check your server configuration.'));
+
+		return $this->link;
+	}
+
+	/**
+	 * @see DbCore::disconnect()
+	 */
+	public function	disconnect()
+	{
+		unset($this->link);
+	}
+
+	/**
+	 * @see DbCore::_query()
+	 */
+	protected function _query($sql)
+	{
+		return $this->link->query($sql);
+	}
+
+	/**
+	 * @see DbCore::nextRow()
+	 */
+	public function nextRow($result = false)
+	{
+		if (!$result)
+			$result = $this->result;
+		return $result->fetch(PDO::FETCH_ASSOC);
+	}
+
+	/**
+	 * @see DbCore::_numRows()
+	 */
+	protected function _numRows($result)
+	{
+		return $result->rowCount();
+	}
+
+	/**
+	 * @see DbCore::Insert_ID()
+	 */
+	public function	Insert_ID()
+	{
+		return $this->link->lastInsertId();
+	}
+
+	/**
+	 * @see DbCore::Affected_Rows()
+	 */
+	public function	Affected_Rows()
+	{
+		return $this->result->rowCount();
+	}
+
+	/**
+	 * @see DbCore::getMsgError()
+	 */
+	public function getMsgError($query = false)
+	{
+		$error = $this->link->errorInfo();
+		return ($error[0] == '00000') ? '' : $error[2];
+	}
+
+	/**
+	 * @see DbCore::getNumberError()
+	 */
+	public function getNumberError()
+	{
+		$error = $this->link->errorInfo();
+		return isset($error[1]) ? $error[1] : 0;
+	}
+
+	/**
+	 * @see DbCore::getVersion()
+	 */
+	public function getVersion()
+	{
+		return $this->getValue('SELECT VERSION()');
+	}
+
+	/**
+	 * @see DbCore::_escape()
+	 */
+	public function _escape($str)
+	{
+		$search = array("\\", "\0", "\n", "\r", "\x1a", "'", '"');
+		$replace = array("\\\\", "\\0", "\\n", "\\r", "\Z", "\'", '\"');		
+		return str_replace($search, $replace, $str);
+	}
+
+	/**
+	 * @see DbCore::set_db()
+	 */
+	public function set_db($db_name)
+	{
+		return $this->link->exec('USE '.pSQL($db_name));
+	}
+
+	/**
+	 * @see Db::hasTableWithSamePrefix()
+	 */
+	public static function hasTableWithSamePrefix($server, $user, $pwd, $db, $prefix)
+	{
+		try {
+			$link = DbPDO::_getPDO($server, $user, $pwd, $db, 5);
+		} catch (PDOException $e) {
+			return false;
+		}
+
+		$sql = 'SHOW TABLES LIKE \''.$prefix.'%\'';
+		$result = $link->query($sql);
+		return (bool)$result->fetch();
+	}
+
+	/**
+	 * @see Db::checkConnection()
+	 */
+	public static function tryToConnect($server, $user, $pwd, $db, $newDbLink = true, $engine = null, $timeout = 5)
+	{
+		try {
+			$link = DbPDO::_getPDO($server, $user, $pwd, $db, $timeout);
+		} catch (PDOException $e) {
+			return ($e->getCode() == 1049) ? 2 : 1;
+		}
+
+		if (strtolower($engine) == 'innodb')
+		{
+			$sql = 'SHOW VARIABLES WHERE Variable_name = \'have_innodb\'';
+			$result = $link->query($sql);
+			if (!$result)
+				return 4;
+			$row = $result->fetch();
+			if (!$row || strtolower($row['Value']) != 'yes')
+				return 4;
+		}
+		unset($link);
+		return 0;
+	}
+
+	/**
+	 * @see Db::checkEncoding()
+	 */
+	public static function tryUTF8($server, $user, $pwd)
+	{
+		try {
+			$link = DbPDO::_getPDO($server, $user, $pwd, false, 5);
+		} catch (PDOException $e) {
+			return false;
+		}
+		$result = $link->exec('SET NAMES \'utf8\'');
+		unset($link);
+
+		return ($result === false) ? false : true;
+	}
+}

classes/db/MySQL.php

@@ -154,8 +154,9 @@ class MySQLCore extends Db
 	/**
 	 * @see Db::checkConnection()
 	 */
-	public static function tryToConnect($server, $user, $pwd, $db, $newDbLink = true, $engine = null)
+	public static function tryToConnect($server, $user, $pwd, $db, $newDbLink = true, $engine = null, $timeout = 5)
 	{
+		ini_set('mysql.connect_timeout', $timeout);
 		if (!$link = @mysql_connect($server, $user, $pwd, $newDbLink))
 			return 1;
 		if (!@mysql_select_db($db, $link))

classes/exception/PrestaShopDatabaseException.php

@@ -30,6 +30,9 @@
  */
 class PrestaShopDatabaseExceptionCore extends PrestaShopException
 {
-
+	public function __toString()
+	{
+		return $this->message;
+	}
 }
 

classes/helper/Helper.php

@@ -361,9 +361,10 @@ class HelperCore
 		$context = Context::getContext();
 
 		// Get default value
-		if (Shop::getContext() == Shop::CONTEXT_ALL)
+		$shop_context = Shop::getContext();
+		if ($shop_context == Shop::CONTEXT_ALL || ($context->controller->multishop_context_group == false && $shop_context == Shop::CONTEXT_GROUP))
 			$value = '';
-		else if (Shop::getContext() == Shop::CONTEXT_GROUP)
+		else if ($shop_context == Shop::CONTEXT_GROUP)
 			$value = 'g-'.Shop::getContextShopGroupID();
 		else
 			$value = 's-'.Shop::getContextShopID();
@@ -376,14 +377,14 @@ class HelperCore
 		foreach ($tree as $gID => $group_data)
 		{
 			if ((!isset($context->controller->multishop_context) || $context->controller->multishop_context & Shop::CONTEXT_GROUP))
-				$html .= '<option class="group" value="g-'.$gID.'" '.(($value == 'g-'.$gID) ? 'selected="selected"' : '').'>'.Translate::getAdminTranslation('Group:').' '.htmlspecialchars($group_data['name']).'</option>';
+				$html .= '<option class="group" value="g-'.$gID.'" '.(($value == 'g-'.$gID) ? 'selected="selected"' : '').' '.($context->controller->multishop_context_group == false ? 'disabled="disabled"' : '').'>'.Translate::getAdminTranslation('Group:').' '.htmlspecialchars($group_data['name']).'</option>';
 			else
-				$html .= '<optgroup class="group" label="'.Translate::getAdminTranslation('Group:').' '.htmlspecialchars($group_data['name']).'">';
+				$html .= '<optgroup class="group" label="'.Translate::getAdminTranslation('Group:').' '.htmlspecialchars($group_data['name']).'" '.($context->controller->multishop_context_group == false ? 'disabled="disabled"' : '').'>';
 
 			if (!isset($context->controller->multishop_context) || $context->controller->multishop_context & Shop::CONTEXT_SHOP)
 				foreach ($group_data['shops'] as $sID => $shopData)
 					if ($shopData['active'])
-						$html .= '<option value="s-'.$sID.'" class="shop" '.(($value == 's-'.$sID) ? 'selected="selected"' : '').'>&raquo; '.$shopData['name'].'</option>';
+						$html .= '<option value="s-'.$sID.'" class="shop" '.(($value == 's-'.$sID) ? 'selected="selected"' : '').'>&raquo; '.($context->controller->multishop_context_group == false ? htmlspecialchars($group_data['name']).' - ' : '').$shopData['name'].'</option>';
 
 			if (!(!isset($context->controller->multishop_context) || $context->controller->multishop_context & Shop::CONTEXT_GROUP))
 				$html .= '</optgroup>';

classes/helper/HelperList.php

@@ -256,15 +256,7 @@ class HelperListCore extends Helper
 				{
 					// item_id is the product id in a product image context, else it is the image id.
 					$item_id = isset($params['image_id']) ? $tr[$params['image_id']] : $id;
-					// If it's a product image
-					if (isset($tr['id_image']))
-					{
-						$image = new Image((int)$tr['id_image']);
-						$path_to_image = _PS_IMG_DIR_.$params['image'].'/'.$image->getExistingImgPath().'.'.$this->imageType;
-					}
-					else
-						$path_to_image = _PS_IMG_DIR_.$params['image'].'/'.$item_id.(isset($tr['id_image']) ? '-'.(int)$tr['id_image'] : '').'.'.$this->imageType;
-
+					$path_to_image = _PS_IMG_DIR_.$params['image'].'/'.$item_id.(isset($tr['id_image']) ? '-'.(int)$tr['id_image'] : '').'.'.$this->imageType;
 					$this->_list[$index][$key] = ImageManager::thumbnail($path_to_image, $this->table.'_mini_'.$item_id.'.'.$this->imageType, 45, $this->imageType);
 				}
 				else if (isset($params['icon']) && (isset($params['icon'][$tr[$key]]) || isset($params['icon']['default'])))
@@ -540,9 +532,7 @@ class HelperListCore extends Helper
 		{
 			if (!isset($params['type']))
 				$params['type'] = 'text';
-
-			$value = Tools::getValue($this->table.'Filter_'.(array_key_exists('filter_key', $params) ? $params['filter_key'] : $key));
-
+			$value = Context::getContext()->cookie->{$this->table.'Filter_'.(array_key_exists('filter_key', $params) ? $params['filter_key'] : $key)};
 			switch ($params['type'])
 			{
 				case 'bool':
@@ -566,9 +556,9 @@ class HelperListCore extends Helper
 				case 'select':
 					foreach ($params['list'] as $option_value => $option_display)
 					{
-						if (isset($_POST[$this->table.'Filter_'.$params['filter_key']])
-							&& Tools::getValue($this->table.'Filter_'.$params['filter_key']) == $option_value
-							&& Tools::getValue($this->table.'Filter_'.$params['filter_key']) != '')
+						if (isset(Context::getContext()->cookie->{$this->table.'Filter_'.$params['filter_key']})
+							&& Context::getContext()->cookie->{$this->table.'Filter_'.$params['filter_key']} == $option_value
+							&& Context::getContext()->cookie->{$this->table.'Filter_'.$params['filter_key']} != '')
 							$this->fields_list[$key]['select'][$option_value]['selected'] = 'selected';
 					}
 					break;

classes/module/Module.php

@@ -167,8 +167,8 @@ abstract class ModuleCore
 			// We load configuration from the cache
 			if (isset(self::$modules_cache[$this->name]))
 			{
-				$this->active = self::$modules_cache[$this->name]['active'];
-				$this->id = self::$modules_cache[$this->name]['id_module'];
+				if (isset(self::$modules_cache[$this->name]['id_module']))
+					$this->id = self::$modules_cache[$this->name]['id_module'];
 				foreach (self::$modules_cache[$this->name] as $key => $value)
 					if (key_exists($key, $this))
 						$this->{$key} = $value;
@@ -215,8 +215,13 @@ abstract class ModuleCore
 		}
 
 		// Install overrides
-		if (!$this->installOverrides())
+		try {
+			$this->installOverrides();
+		} catch (Exception $e) {
+			$this->_errors[] = sprintf(Tools::displayError('Unable to install override: %s'), $e->getMessage());
+			$this->uninstallOverrides();
 			return false;
+		}
 
 		// Install module and retrieve the installation id
 		$result = Db::getInstance()->insert($this->table, array('name' => $this->name, 'active' => 1, 'version' => $this->version));
@@ -584,7 +589,7 @@ abstract class ModuleCore
 	public function disable($forceAll = false)
 	{
 		// Disable module for all shops
-		$sql = 'DELETE FROM `'._DB_PREFIX_.'module_shop` WHERE `id_module` = '.$this->id.' '.((!$forceAll) ? ' AND `id_shop` IN('.implode(', ', Shop::getContextListShopID()).')' : '');
+		$sql = 'DELETE FROM `'._DB_PREFIX_.'module_shop` WHERE `id_module` = '.(int)$this->id.' '.((!$forceAll) ? ' AND `id_shop` IN('.implode(', ', Shop::getContextListShopID()).')' : '');
 		Db::getInstance()->execute($sql);
 	}
 
@@ -1284,8 +1289,11 @@ abstract class ModuleCore
 		if (isset($context->cart))
 			$billing = new Address((int)$context->cart->id_address_invoice);
 
+		$frontend = true;
 		$groups = array();
-		if (isset($context->customer))
+		if (isset($context->employee))
+			$frontend = false;
+		elseif (isset($context->customer))
 		{
 			$groups = $context->customer->getGroups();
 			if (empty($groups))
@@ -1296,28 +1304,27 @@ abstract class ModuleCore
 		if (Db::getInstance()->getValue('SELECT `id_hook` FROM `'._DB_PREFIX_.'hook` WHERE `name` = \'displayPayment\''))
 			$hookPayment = 'displayPayment';
 
-		$list = Shop::getContextListShopID();
-		$sql = 'SELECT DISTINCT h.`id_hook`, m.`name`, hm.`position`
-				FROM `'._DB_PREFIX_.'module_country` mc
-				LEFT JOIN `'._DB_PREFIX_.'module` m ON m.`id_module` = mc.`id_module`
-				INNER JOIN `'._DB_PREFIX_.'module_group` mg ON (m.`id_module` = mg.`id_module`)
-				'.(isset($context->customer)
-					? 'INNER JOIN `'._DB_PREFIX_.'customer_group` cg on (cg.`id_group` = mg.`id_group`AND cg.`id_customer` = '.(int)$context->customer->id.')'
-					: '').'
-				LEFT JOIN `'._DB_PREFIX_.'hook_module` hm ON hm.`id_module` = m.`id_module`
-				LEFT JOIN `'._DB_PREFIX_.'hook` h ON hm.`id_hook` = h.`id_hook`
-				WHERE h.`name` = \''.pSQL($hookPayment).'\'
-					'.(isset($billing) ? 'AND mc.id_country = '.(int)$billing->id_country : '').'
-					AND mc.id_shop = '.(int)$context->shop->id.'
-					AND mg.id_shop = '.(int)$context->shop->id.'
-					AND (SELECT COUNT(*) FROM '._DB_PREFIX_.'module_shop ms WHERE ms.id_module = m.id_module AND ms.id_shop IN('.implode(', ', $list).')) = '.count($list).'
-					AND hm.id_shop IN('.implode(', ', $list).')
-					'.(count($groups) ? 'AND (mg.`id_group` IN('.implode(', ', $groups).'))' : '').'
-				GROUP BY hm.id_hook, hm.id_module
-				ORDER BY hm.`position`, m.`name` DESC';
-		$result = Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS($sql);
+		$paypal_condition = '';
+		$iso_code = Country::getIsoById((int)Configuration::get('PS_COUNTRY_DEFAULT'));
+		$paypal_countries = array('ES', 'FR', 'PL', 'IT');
+		if (Context::getContext()->getMobileDevice() && Context::getContext()->shop->getTheme() == 'default' && in_array($iso_code, $paypal_countries))
+			$paypal_condition = ' AND m.`name` = \'paypal\'';
 
-		return $result;
+		$list = Shop::getContextListShopID();
+		return Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS('SELECT DISTINCT h.`id_hook`, m.`name`, hm.`position`
+		FROM `'._DB_PREFIX_.'module` m
+		'.($frontend ? 'LEFT JOIN `'._DB_PREFIX_.'module_country` mc ON (m.`id_module` = mc.`id_module` AND mc.id_shop = '.(int)$context->shop->id.')' : '').'
+		'.($frontend ? 'INNER JOIN `'._DB_PREFIX_.'module_group` mg ON (m.`id_module` = mg.`id_module` AND mg.id_shop = '.(int)$context->shop->id.')' : '').'
+		'.($frontend && isset($context->customer) ? 'INNER JOIN `'._DB_PREFIX_.'customer_group` cg on (cg.`id_group` = mg.`id_group`AND cg.`id_customer` = '.(int)$context->customer->id.')' : '').'
+		LEFT JOIN `'._DB_PREFIX_.'hook_module` hm ON hm.`id_module` = m.`id_module`
+		LEFT JOIN `'._DB_PREFIX_.'hook` h ON hm.`id_hook` = h.`id_hook`
+		WHERE h.`name` = \''.pSQL($hookPayment).'\'
+		'.(isset($billing) && $frontend ? 'AND mc.id_country = '.(int)$billing->id_country : '').'
+		AND (SELECT COUNT(*) FROM '._DB_PREFIX_.'module_shop ms WHERE ms.id_module = m.id_module AND ms.id_shop IN('.implode(', ', $list).')) = '.count($list).'
+		AND hm.id_shop IN('.implode(', ', $list).')
+		'.(count($groups) && $frontend ? 'AND (mg.`id_group` IN('.implode(', ', $groups).'))' : '').$paypal_condition.'
+		GROUP BY hm.id_hook, hm.id_module
+		ORDER BY hm.`position`, m.`name` DESC');
 	}
 
 	/**
@@ -1850,24 +1857,40 @@ abstract class ModuleCore
 	{
 		$path = Autoload::getInstance()->getClassPath($classname.'Core');
 
+		// Check if there is already an override file, if not, we just need to copy the file
+		if (!($classpath = Autoload::getInstance()->getClassPath($classname)))
+		{
+			$override_src = $this->getLocalPath().'override'.DIRECTORY_SEPARATOR.$path;
+			$override_dest = _PS_ROOT_DIR_.DIRECTORY_SEPARATOR.'override'.DIRECTORY_SEPARATOR.$path;
+			if (!is_writable(dirname($override_dest)))
+				throw new Exception(sprintf(Tools::displayError('directory (%s) not writable'), dirname($override_dest)));
+			copy($override_src, $override_dest);
+			return true;
+		}
+		
 		// Check if override file is writable
 		$override_path = _PS_ROOT_DIR_.'/'.Autoload::getInstance()->getClassPath($classname);
 		if (!is_writable($override_path))
-			return false;
-
+			throw new Exception(sprintf(Tools::displayError('file (%s) not writable'), $override_path));
+			
 		// Make a reflection of the override class and the module override class
 		$override_file = file($override_path);
 		eval(preg_replace(array('#^\s*<\?php#', '#class\s+'.$classname.'\s+extends\s+([a-z0-9_]+)(\s+implements\s+([a-z0-9_]+))?#i'), array('', 'class '.$classname.'OverrideOriginal'), implode('', $override_file)));
 		$override_class = new ReflectionClass($classname.'OverrideOriginal');
 
-		$module_file = file($this->getLocalPath().'override/'.$path);
+		$module_file = file($this->getLocalPath().'override'.DIRECTORY_SEPARATOR.$path);
 		eval(preg_replace(array('#^\s*<\?php#', '#class\s+'.$classname.'(\s+extends\s+([a-z0-9_]+)(\s+implements\s+([a-z0-9_]+))?)?#i'), array('', 'class '.$classname.'Override'), implode('', $module_file)));
 		$module_class = new ReflectionClass($classname.'Override');
 
 		// Check if none of the methods already exists in the override class
 		foreach ($module_class->getMethods() as $method)
-			if ($override_class->hasMethod($method->name))
-				return false;
+			if ($override_class->hasMethod($method->getName()))
+				throw new Exception(sprintf(Tools::displayError('The method %1$s in the class %2$s is already overriden.'), $method->getName(), $classname));
+
+		// Check if none of the properties already exists in the override class
+		foreach ($module_class->getProperties() as $property)
+			if ($override_class->hasProperty($property->getName()))
+				throw new Exception(sprintf(Tools::displayError('The property %1$s in the class %2$s is already defined.'), $property->getName(), $classname));
 
 		// Insert the methods from module override in override
 		$copy_from = array_slice($module_file, $module_class->getStartLine() + 1, $module_class->getEndLine() - $module_class->getStartLine() - 2);
@@ -1888,6 +1911,9 @@ abstract class ModuleCore
 	{
 		$path = Autoload::getInstance()->getClassPath($classname.'Core');
 
+		if (!Autoload::getInstance()->getClassPath($classname))
+			return true;
+		
 		// Check if override file is writable
 		$override_path = _PS_ROOT_DIR_.'/'.Autoload::getInstance()->getClassPath($classname);
 		if (!is_writable($override_path))
@@ -1906,14 +1932,29 @@ abstract class ModuleCore
 		$override_file = file($override_path);
 		foreach ($module_class->getMethods() as $method)
 		{
-			if (!$override_class->hasMethod($method->name))
+			if (!$override_class->hasMethod($method->getName()))
 				continue;
 
-			$method = $override_class->getMethod($method->name);
+			$method = $override_class->getMethod($method->getName());
 			$length = $method->getEndLine() - $method->getStartLine() + 1;
 			array_splice($override_file, $method->getStartLine() - 1, $length, array_pad(array(), $length, '#--remove--#'));
 		}
 
+		// Remove properties from override file
+		foreach ($module_class->getProperties() as $property)
+		{
+			if (!$override_class->hasProperty($property->getName()))
+				continue;
+
+			// Remplacer la ligne de déclaration par "remove"
+			foreach ($override_file as $line_number => &$line_content)
+				if (preg_match('/(public|private|protected)\s+(static\s+)?\$'.$property->getName().'/i', $line_content))
+				{
+					$line_content = '#--remove--#';
+					break;
+				}
+		}
+
 		// Rewrite nice code
 		$code = '';
 		foreach ($override_file as $line)

classes/module/ModuleGraph.php

@@ -234,7 +234,7 @@ abstract class ModuleGraphCore extends Module
 	{
 		if (!Validate::isModuleName($render))
 			die(Tools::displayError());
-		if (!Tools::file_exists_cache($file = dirname(__FILE__).'/../modules/'.$render.'/'.$render.'.php'))
+		if (!Tools::file_exists_cache($file = _PS_ROOT_DIR_.'/modules/'.$render.'/'.$render.'.php'))
 			die(Tools::displayError());
 		require_once($file);
 		$this->_render = new $render($type);
@@ -265,7 +265,7 @@ abstract class ModuleGraphCore extends Module
 			return Tools::displayError('No graph engine selected');
 		if (!Validate::isModuleName($render))
 			die(Tools::displayError());
-		if (!file_exists(dirname(__FILE__).'/../../modules/'.$render.'/'.$render.'.php'))
+		if (!file_exists(_PS_ROOT_DIR_.'/modules/'.$render.'/'.$render.'.php'))
 			return Tools::displayError('Graph engine selected is unavailable.');
 
 		$id_employee = (int)$context->employee->id;
@@ -287,7 +287,7 @@ abstract class ModuleGraphCore extends Module
 		$url_params['id_lang'] = $id_lang;
 		$drawer = 'drawer.php?'.http_build_query(array_map('Tools::safeOutput', $url_params), '', '&');
 
-		require_once(dirname(__FILE__).'/../../modules/'.$render.'/'.$render.'.php');
+		require_once(_PS_ROOT_DIR_.'/modules/'.$render.'/'.$render.'.php');
 		return call_user_func(array($render, 'hookGraphEngine'), $params, $drawer);
 	}
 

classes/module/ModuleGrid.php

@@ -69,7 +69,7 @@ abstract class ModuleGridCore extends Module
 	{
 		if (!Validate::isModuleName($render))
 			die(Tools::displayError());
-		if (!Tools::file_exists_cache($file = dirname(__FILE__).'/../../modules/'.$render.'/'.$render.'.php'))
+		if (!Tools::file_exists_cache($file = _PS_ROOT_DIR_.'/modules/'.$render.'/'.$render.'.php'))
 			die(Tools::displayError());
 		require_once($file);
 		$this->_render = new $render($type);
@@ -99,7 +99,7 @@ abstract class ModuleGridCore extends Module
 			return Tools::displayError('No grid engine selected');
 		if (!Validate::isModuleName($render))
 			die(Tools::displayError());
-		if (!file_exists(dirname(__FILE__).'/../../modules/'.$render.'/'.$render.'.php'))
+		if (!file_exists(_PS_ROOT_DIR_.'/modules/'.$render.'/'.$render.'.php'))
 			return Tools::displayError('Grid engine selected is unavailable.');
 
 		$grider = 'grider.php?render='.$render.'&module='.Tools::safeOutput(Tools::getValue('module'));
@@ -132,7 +132,7 @@ abstract class ModuleGridCore extends Module
 		if (isset($params['dir']) && Validate::isSortDirection($params['dir']))
 			$grider .= '&dir='.$params['dir'];
 
-		require_once(dirname(__FILE__).'/../../modules/'.$render.'/'.$render.'.php');
+		require_once(_PS_ROOT_DIR_.'/modules/'.$render.'/'.$render.'.php');
 		return call_user_func(array($render, 'hookGridEngine'), $params, $grider);
 	}
 

classes/order/Order.php

@@ -300,7 +300,7 @@ class OrderCore extends ObjectModel
 			$orderDetail->product_quantity_refunded += (int)($quantity);
 			return $orderDetail->update();
 		}
-		return $this->_deleteProduct($orderDetail, (int)($quantity));
+		return $this->_deleteProduct($orderDetail, (int)$quantity);
 	}
 
 	/**
@@ -335,64 +335,51 @@ class OrderCore extends ObjectModel
 	/* DOES delete the product */
 	protected function _deleteProduct($orderDetail, $quantity)
 	{
-		$tax_calculator = $orderDetail->getTaxCalculator();
-
-		$price = $tax_calculator->addTaxes($orderDetail->product_price);
-		if ($orderDetail->reduction_percent != 0.00)
-			$reduction_amount = $price * $orderDetail->reduction_percent / 100;
-		elseif ($orderDetail->reduction_amount != '0.000000')
-			$reduction_amount = Tools::ps_round($orderDetail->reduction_amount, 2);
-		if (isset($reduction_amount) && $reduction_amount)
-			$price = Tools::ps_round($price - $reduction_amount, 2);
-		$productPriceWithoutTax = number_format($tax_calculator->removeTaxes($price), 2, '.', '');
-		$price += Tools::ps_round($orderDetail->ecotax * (1 + $orderDetail->ecotax_tax_rate / 100), 2);
-		$productPrice = number_format($quantity * $price, 2, '.', '');
+		$product_price_tax_excl = $orderDetail->unit_price_tax_excl * $quantity;
+		$product_price_tax_incl = $orderDetail->unit_price_tax_incl * $quantity;
+		
 		/* Update cart */
 		$cart = new Cart($this->id_cart);
 		$cart->updateQty($quantity, $orderDetail->product_id, $orderDetail->product_attribute_id, false, 'down'); // customization are deleted in deleteCustomization
 		$cart->update();
 
 		/* Update order */
-		$shippingDiff = $this->total_shipping - $cart->getPackageShippingCost($this->id_carrier, true, null, $this->getCartProducts());
-		$this->total_products -= $productPriceWithoutTax;
-
-		// After upgrading from old version
-		// total_products_wt is null
-		// removing a product made order total negative
-		// and don't recalculating totals (on getTotalProductsWithTaxes)
-		if ($this->total_products_wt != 0)
-		$this->total_products_wt -= $productPrice;
-
-		$this->total_shipping = $cart->getTotalShippingCost();
-
-		/* It's temporary fix for 1.3 version... */
-		if ($orderDetail->product_quantity_discount != '0.000000')
-			$this->total_paid -= ($productPrice + $shippingDiff);
-		else
-			$this->total_paid = $cart->getOrderTotal();
-
-		$this->total_paid_real -= ($productPrice + $shippingDiff);
+		$shipping_diff_tax_incl = $this->total_shipping_tax_incl - $cart->getPackageShippingCost($this->id_carrier, true, null, $this->getCartProducts());
+		$shipping_diff_tax_excl = $this->total_shipping_tax_excl - $cart->getPackageShippingCost($this->id_carrier, false, null, $this->getCartProducts());
+		$this->total_shipping -= $shipping_diff_tax_incl;
+		$this->total_shipping_tax_excl -= $shipping_diff_tax_excl;
+		$this->total_shipping_tax_incl -= $shipping_diff_tax_incl;
+		$this->total_products -= $product_price_tax_excl;
+		$this->total_products_wt -= $product_price_tax_incl;
+		$this->total_paid -= $product_price_tax_incl + $shipping_diff_tax_incl;
+		$this->total_paid_tax_incl -= $product_price_tax_incl + $shipping_diff_tax_incl;
+		$this->total_paid_tax_excl -= $product_price_tax_excl + $shipping_diff_tax_excl;
+		$this->total_paid_real -= $product_price_tax_incl + $shipping_diff_tax_incl;
 
+		$fields = array(
+			'total_shipping',
+			'total_shipping_tax_excl',
+			'total_shipping_tax_incl',
+			'total_products',
+			'total_products_wt',
+			'total_paid',
+			'total_paid_tax_incl',
+			'total_paid_tax_excl',
+			'total_paid_real'
+		);
+		
 		/* Prevent from floating precision issues (total_products has only 2 decimals) */
-		if ($this->total_products < 0)
-			$this->total_products = 0;
-
-		if ($this->total_paid < 0)
-			$this->total_paid = 0;
-
-		if ($this->total_paid_real < 0)
-			$this->total_paid_real = 0;
+		foreach ($fields as $field)
+			if ($this->{$field} < 0)
+				$this->{$field} = 0;
 
 		/* Prevent from floating precision issues */
-		$this->total_paid = number_format($this->total_paid, 2, '.', '');
-		$this->total_paid_real = number_format($this->total_paid_real, 2, '.', '');
-		$this->total_products = number_format($this->total_products, 2, '.', '');
-		$this->total_products_wt = number_format($this->total_products_wt, 2, '.', '');
+		foreach ($fields as $field)
+			$this->{$field} = number_format($this->{$field}, 2, '.', '');
 
 		/* Update order detail */
-		$orderDetail->product_quantity -= (int)($quantity);
-
-		if (!$orderDetail->product_quantity)
+		$orderDetail->product_quantity -= (int)$quantity;
+		if ($orderDetail->product_quantity == 0)
 		{
 			if (!$orderDetail->delete())
 				return false;
@@ -406,6 +393,13 @@ class OrderCore extends ObjectModel
 			}
 			return $this->update();
 		}
+		else
+		{
+			$orderDetail->total_price_tax_incl -= $product_price_tax_incl;
+			$orderDetail->total_price_tax_excl -= $product_price_tax_excl;
+			$orderDetail->total_shipping_price_tax_incl -= $shipping_diff_tax_incl;
+			$orderDetail->total_shipping_price_tax_excl -= $shipping_diff_tax_excl;
+		}
 		return $orderDetail->update() && $this->update();
 	}
 
@@ -422,7 +416,7 @@ class OrderCore extends ObjectModel
 			return false;
 		if (!Db::getInstance()->execute('DELETE FROM `'._DB_PREFIX_.'customization` WHERE `quantity` = 0'))
 			return false;
-		return $this->_deleteProduct($orderDetail, (int)($quantity));
+		return $this->_deleteProduct($orderDetail, (int)$quantity);
 	}
 
 	/**
@@ -488,9 +482,8 @@ class OrderCore extends ObjectModel
 		return Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS('
 		SELECT *
 		FROM `'._DB_PREFIX_.'order_detail` od
-		LEFT JOIN `'._DB_PREFIX_.'product` p
-		ON p.id_product = od.product_id
-		'.Shop::addSqlAssociation('product', 'p').'
+		LEFT JOIN `'._DB_PREFIX_.'product` p ON (p.id_product = od.product_id)
+		LEFT JOIN `'._DB_PREFIX_.'product_shop` ps ON (ps.id_product = p.id_product AND ps.id_shop = od.id_shop)
 		WHERE od.`id_order` = '.(int)($this->id));
 	}
 
@@ -952,22 +945,9 @@ class OrderCore extends ObjectModel
 			$products = $this->getProductsDetail();
 
 		$return = 0;
-
 		foreach ($products as $row)
-		{
-			if (!isset($row['tax_rate']))
-				$row['tax_rate'] = 0;
+			$return += $row['total_price_tax_incl'];
 
-			$price = Tools::ps_round($row['product_price'] * (1 + $row['tax_rate'] / 100), 2);
-			if ($row['reduction_percent'])
-				$price -= $price * ($row['reduction_percent'] * 0.01);
-			if ($row['reduction_amount'])
-				$price -= $row['reduction_amount'] * (1 + ($row['tax_rate'] * 0.01));
-			if ($row['group_reduction'])
-				$price -= $price * ($row['group_reduction'] * 0.01);
-			$price += $row['ecotax'] * (1 + $row['ecotax_tax_rate'] / 100);
-			$return += Tools::ps_round($price, 2) * $row['product_quantity'];
-		}
 		if (!$products)
 		{
 			$this->total_products_wt = $return;
@@ -1152,19 +1132,21 @@ class OrderCore extends ObjectModel
 			// Update order payment
 			if ($use_existing_payment)
 			{
-				$id_order_payment = Db::getInstance()->getValue('
-					SELECT MAX(id_order_payment) FROM `'._DB_PREFIX_.'order_payment` op
-					INNER JOIN `'._DB_PREFIX_.'orders` o
-					ON o.reference = op.order_reference
-					WHERE id_order = '.(int)$order_invoice->id_order);
+				$id_order_payments = Db::getInstance()->executeS('
+					SELECT op.id_order_payment 
+					FROM `'._DB_PREFIX_.'order_payment` op
+					INNER JOIN `'._DB_PREFIX_.'orders` o ON (o.reference = op.order_reference)
+					LEFT JOIN `'._DB_PREFIX_.'order_invoice_payment` oip ON (oip.id_order_payment = op.id_order_payment)					
+					WHERE oip.id_order_payment IS NULL AND o.id_order = '.(int)$order_invoice->id_order);
 				
-				if ($id_order_payment)
-					Db::getInstance()->execute('
-						INSERT INTO `'._DB_PREFIX_.'order_invoice_payment`
-						SET
-							`id_order_invoice` = '.(int)$order_invoice->id.',
-							`id_order_payment` = '.(int)$id_order_payment.',
-							`id_order` = '.(int)$order_invoice->id_order);
+				if (count($id_order_payments))
+					foreach ($id_order_payments as $order_payment)
+						Db::getInstance()->execute('
+							INSERT INTO `'._DB_PREFIX_.'order_invoice_payment`
+							SET
+								`id_order_invoice` = '.(int)$order_invoice->id.',
+								`id_order_payment` = '.(int)$order_payment['id_order_payment'].',
+								`id_order` = '.(int)$order_invoice->id_order);
 			}
 
 			// Update order cart rule

classes/order/OrderDetail.php

@@ -39,6 +39,9 @@ class OrderDetailCore extends ObjectModel
 	/** @var integer */
 	public $product_id;
 
+	/** @var integer */
+	public $id_shop;
+
 	/** @var integer */
 	public $product_attribute_id;
 
@@ -160,6 +163,7 @@ class OrderDetailCore extends ObjectModel
 			'id_order' => 					array('type' => self::TYPE_INT, 'validate' => 'isUnsignedId', 'required' => true),
 			'id_order_invoice' => 			array('type' => self::TYPE_INT, 'validate' => 'isUnsignedId'),
 			'id_warehouse' => 				array('type' => self::TYPE_INT, 'validate' => 'isUnsignedId', 'required' => true),
+			'id_shop' => 				array('type' => self::TYPE_INT, 'validate' => 'isUnsignedId', 'required' => true),
 			'product_id' => 				array('type' => self::TYPE_INT, 'validate' => 'isUnsignedId'),
 			'product_attribute_id' =>		array('type' => self::TYPE_INT, 'validate' => 'isUnsignedId'),
 			'product_name' => 				array('type' => self::TYPE_STRING, 'validate' => 'isGenericName', 'required' => true),
@@ -460,8 +464,8 @@ class OrderDetailCore extends ObjectModel
 		Product::getPriceStatic((int)$product['id_product'], true, (int)$product['id_product_attribute'], 6, null, false, true, $product['cart_quantity'], false, (int)$order->id_customer, (int)$order->id_cart, (int)$order->{Configuration::get('PS_TAX_ADDRESS_TYPE')}, $specific_price);
 		$this->specificPrice = $specific_price;
 
-		$this->original_product_price = Product::getPriceStatic($product['id_product'], false, (int)$product['id_product_attribute'], null, null, false, false, 1, false);
-		$this->product_price = (float)$product['price'];
+		$this->original_product_price = Product::getPriceStatic($product['id_product'], false, (int)$product['id_product_attribute'], 6, null, false, false, 1, false);
+		$this->product_price = $this->original_product_price;
 		$this->unit_price_tax_incl = (float)$product['price_wt'];
 		$this->unit_price_tax_excl = (float)$product['price'];
 		$this->total_price_tax_incl = (float)$product['total_wt'];
@@ -546,7 +550,10 @@ class OrderDetailCore extends ObjectModel
 
 		// Set order invoice id
 		$this->id_order_invoice = (int)$id_order_invoice;
-
+		
+		// Set shop id
+		$this->id_shop = (int)$product['id_shop'];
+		
 		// Add new entry to the table
 		$this->save();
 

classes/order/OrderInvoice.php

@@ -119,7 +119,7 @@ class OrderInvoiceCore extends ObjectModel
 		FROM `'._DB_PREFIX_.'order_detail` od
 		LEFT JOIN `'._DB_PREFIX_.'product` p
 		ON p.id_product = od.product_id
-		'.Shop::addSqlAssociation('product', 'p').'
+		LEFT JOIN `'._DB_PREFIX_.'product_shop` ps ON (ps.id_product = p.id_product AND ps.id_shop = od.id_shop)
 		WHERE od.`id_order` = '.(int)$this->id_order.'
 		AND od.`id_order_invoice` = '.(int)$this->id);
 	}

classes/order/OrderPayment.php

@@ -48,7 +48,7 @@ class OrderPaymentCore extends ObjectModel
 		'fields' => array(
 			'order_reference' => 	array('type' => self::TYPE_STRING, 'validate' => 'isAnything', 'size' => 9),
 			'id_currency' => 		array('type' => self::TYPE_INT, 'validate' => 'isUnsignedId', 'required' => true),
-			'amount' => 			array('type' => self::TYPE_FLOAT, 'validate' => 'isPrice', 'required' => true),
+			'amount' => 			array('type' => self::TYPE_FLOAT, 'validate' => 'isNegativePrice', 'required' => true),
 			'payment_method' => 	array('type' => self::TYPE_STRING, 'validate' => 'isGenericName'),
 			'conversion_rate' => 	array('type' => self::TYPE_INT, 'validate' => 'isFloat'),
 			'transaction_id' => 	array('type' => self::TYPE_STRING, 'validate' => 'isAnything', 'size' => 254),

classes/order/OrderReturn.php

@@ -226,9 +226,9 @@ class OrderReturnCore extends ObjectModel
 	public static function addReturnedQuantity(&$products, $id_order)
 	{
 		$details = Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS('
-			SELECT od.id_order_detail, IFNULL(GREATEST(od.product_quantity_return, ord.product_quantity),0) as qty_returned
-			FROM ps_order_detail od
-			LEFT JOIN ps_order_return_detail ord
+			SELECT od.id_order_detail, GREATEST(od.product_quantity_return, IFNULL(ord.product_quantity,0)) as qty_returned
+			FROM '._DB_PREFIX_.'order_detail od
+			LEFT JOIN '._DB_PREFIX_.'order_return_detail ord
 			ON ord.id_order_detail = od.id_order_detail
 			WHERE od.id_order = '.(int)$id_order
 		);

classes/order/OrderSlip.php

@@ -67,9 +67,9 @@ class OrderSlipCore extends ObjectModel
 			'id_customer' => 			array('type' => self::TYPE_INT, 'validate' => 'isUnsignedId', 'required' => true),
 			'id_order' => 				array('type' => self::TYPE_INT, 'validate' => 'isUnsignedId', 'required' => true),
 			'conversion_rate' => 		array('type' => self::TYPE_FLOAT, 'validate' => 'isFloat', 'required' => true),
-			'amount' => 				array('type' => self::TYPE_INT),
+			'amount' => 				array('type' => self::TYPE_FLOAT, 'validate' => 'isFloat'),
 			'shipping_cost' => 			array('type' => self::TYPE_INT),
-			'shipping_cost_amount' =>	array('type' => self::TYPE_FLOAT),
+			'shipping_cost_amount' =>	array('type' => self::TYPE_FLOAT, 'validate' => 'isFloat'),
 			'partial' =>				array('type' => self::TYPE_INT),
 			'date_add' => 				array('type' => self::TYPE_DATE, 'validate' => 'isDate'),
 			'date_upd' => 				array('type' => self::TYPE_DATE, 'validate' => 'isDate'),
@@ -115,38 +115,36 @@ class OrderSlipCore extends ObjectModel
 		.($id_order_detail ? ' WHERE `id_order_detail` = '.(int)($id_order_detail) : ''));
 	}
 
-	// TODO clean getProducts($resTab) => now getProducts method don't use his parameters
 	public static function getOrdersSlipProducts($orderSlipId, $order)
 	{
 		$cart_rules = $order->getCartRules(true);
 		$productsRet = OrderSlip::getOrdersSlipDetail($orderSlipId);
-		$products = $order->getProductsDetail();
+		$order_details = $order->getProductsDetail();
 
-		$tmp = array();
+		$slip_quantity = array();
 		foreach ($productsRet as $slip_detail)
-			$tmp[$slip_detail['id_order_detail']] = $slip_detail['product_quantity'];
-		$resTab = array();
-		foreach ($products as $key => $product)
-			if (isset($tmp[$product['id_order_detail']]))
+			$slip_quantity[$slip_detail['id_order_detail']] = $slip_detail['product_quantity'];
+		$products = array();
+		foreach ($order_details as $key => $product)
+			if (isset($slip_quantity[$product['id_order_detail']]))
 			{
-				$resTab[$key] = $product;
-				$resTab[$key]['product_quantity'] = $tmp[$product['id_order_detail']];
+				$products[$key] = $product;
+				$products[$key]['product_quantity'] = $slip_quantity[$product['id_order_detail']];
 				if (count($cart_rules))
 				{
 					$order->setProductPrices($product);
-					$realProductPrice = $resTab[$key]['product_price'];
+					$realProductPrice = $products[$key]['product_price'];
 					// Todo : must be updated to use the cart rules
 					foreach ($cart_rules as $cart_rule)
 					{
 						if ($cart_rule['reduction_percent'])
-							$resTab[$key]['product_price'] -= $realProductPrice * ($cart_rule['reduction_percent'] / 100);
+							$products[$key]['product_price'] -= $realProductPrice * ($cart_rule['reduction_percent'] / 100);
 						elseif ($cart_rule['reduction_amount'])
-							$resTab[$key]['product_price'] -= (($cart_rule['reduction_amount'] * ($product['product_price_wt'] / $order->total_products_wt)) / (1.00 + ($product['tax_rate'] / 100)));
+							$products[$key]['product_price'] -= (($cart_rule['reduction_amount'] * ($product['product_price_wt'] / $order->total_products_wt)) / (1.00 + ($product['tax_rate'] / 100)));
 					}
-
 				}
 			}
-		return $order->getProducts($resTab);
+		return $order->getProducts($products);
 	}
 
 	/**