'was wondering if the filter change of Dolibarr 13 might have affected
something else and, well, yes...
So, following e1ac0a6d69, we also disable the
filter for the email addresses, else we get something like
"Webmaster <webmaster@bugness.org>" becoming "Webmaster".
The behaviour of GETPOST(..., 'alpha') changed with Dolibarr 13, copying
'alphanohtml'. Unfortunately, there is no retro-compatible option. Thus the
'none' filter seems the better call since there doesn't seem to have any big
attack involving emails' body (except HTML+JS...)
For the next big version, maybe use the 'restricthtml' filter, but it only
appeared in Dolibarr 12.
Following the arrival of supplier invoice templates in Dolibarr 16, it's better
to specify than this module only manage customer invoices.
Adding the management of supplier invoice seems possible but I don't really see
a use case at the moment.
With the introduction of supplier invoice templates in Dolibarr 16, with the
same hook but different table, this module tried to load the customer invoice
having the same id than the supplier invoice template being treated. This could
result in severe information disclosure.
Fixes gh-10
Technical reminder about the DB upgrade :
There doesn't seem to be an easy and reusable way to give CMail both
parts of an text+html email, so we rework the database schema to have
a simple 'body' field with a 'body_ishtml' switch, following CMail
interface.
Enhancement from issue #1
