From 0a73daba016fa1e766c9fbfc0d1ebe77b312e90f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 2 Dec 2017 01:13:32 +0100 Subject: [PATCH] Security: on target=_blank, we must have rel="noopener" --- htdocs/admin/boxes.php | 19 +++----- htdocs/comm/action/list.php | 43 +++++++++-------- htdocs/core/boxes/box_bookmarks.php | 2 +- htdocs/core/boxes/modules_boxes.php | 2 +- htdocs/holiday/card.php | 10 ++-- htdocs/holiday/class/holiday.class.php | 51 ++++++++++++++------ htdocs/holiday/list.php | 21 +++++++-- htdocs/imports/import.php | 2 +- htdocs/langs/en_US/admin.lang | 1 + htdocs/main.inc.php | 10 ++-- htdocs/theme/eldy/style.css.php | 4 +- test/phpunit/HolidayTest.php | 65 ++++++++++++++++++++++++-- 12 files changed, 161 insertions(+), 69 deletions(-) diff --git a/htdocs/admin/boxes.php b/htdocs/admin/boxes.php index 03e4a0ec9f3..bc1dc74f6c4 100644 --- a/htdocs/admin/boxes.php +++ b/htdocs/admin/boxes.php @@ -248,10 +248,8 @@ if ($resql) // Check record to know if we must recalculate sort order $i = 0; $decalage=0; - $var=false; while ($i < $num) { - $var = ! $var; $obj = $db->fetch_object($resql); $boxes[$obj->position][$obj->box_id]=1; $i++; @@ -321,6 +319,8 @@ if ($resql) // Available boxes to activate $boxtoadd=InfoBox::listBoxes($db,'available',-1,null,$actives); +// Activated boxes +$boxactivated=InfoBox::listBoxes($db,'activated',-1,null); print "
\n"; print "\n\n".''."\n"; @@ -339,11 +339,9 @@ print ''.$langs->trans("Note").'/'.$langs->trans("Parameters").''; print ''.$langs->trans("SourceFile").''; print ''.$langs->trans("ActivateOn").''; print "\n"; -$var=true; + foreach($boxtoadd as $box) { - - if (preg_match('/^([^@]+)@([^@]+)$/i',$box->boximg)) { $logo = $box->boximg; @@ -376,7 +374,10 @@ foreach($boxtoadd as $box) print ''."\n"; } - +if (! count($boxtoadd) && count($boxactivated)) +{ + print ''.$langs->trans("AllWidgetsWereEnabled").''; +} print ''."\n"; print ''; @@ -387,8 +388,6 @@ print ''; print "\n".''."\n"; -// Activated boxes -$boxactivated=InfoBox::listBoxes($db,'activated',-1,null); //var_dump($boxactivated); print "
\n\n"; print load_fiche_titre($langs->trans("BoxesActivated")); @@ -404,13 +403,10 @@ print ''.$langs->trans("PositionByDefa print ''.$langs->trans("Disable").''; print ''."\n"; -$var=true; $box_order=1; $foundrupture=1; foreach($boxactivated as $key => $box) { - $var = ! $var; - if (preg_match('/^([^@]+)@([^@]+)$/i',$box->boximg)) { $logo = $box->boximg; @@ -462,7 +458,6 @@ print ''; print ''; print ''; -$var=false; print ''; print ''; print ''; diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index 0502bbed3e7..2061d73be00 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -343,6 +343,26 @@ if ($resql) print ''."\n"; + if ($optioncss != '') print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + $nav=''; + if ($optioncss != '') $nav.= ''; + //if ($actioncode) $nav.=''; + if ($resourceid) $nav.=''; + if ($filter) $nav.=''; + if ($filtert) $nav.=''; + if ($socid) $nav.=''; + if ($showbirthday) $nav.=''; + if ($pid) $nav.=''; + if ($usergroup) $nav.=''; + print $nav; + dol_fiche_head($head, $tabactive, $langs->trans('Agenda'), 0, 'action'); print_actions_filter($form,$canedit,$status,$year,$month,$day,$showbirthday,0,$filtert,0,$pid,$socid,$action,-1,$actioncode,$usergroup,'',$resourceid); dol_fiche_end(); @@ -378,27 +398,6 @@ if ($resql) $s = $hookmanager->resPrint; } - - if ($optioncss != '') print ''; - print ''; - print ''; - print ''; - print ''; - print ''; - print ''; - print ''; - $nav=''; - if ($optioncss != '') $nav.= ''; - //if ($actioncode) $nav.=''; - if ($resourceid) $nav.=''; - if ($filter) $nav.=''; - if ($filtert) $nav.=''; - if ($socid) $nav.=''; - if ($showbirthday) $nav.=''; - if ($pid) $nav.=''; - if ($usergroup) $nav.=''; - print $nav; - if ($user->rights->agenda->myactions->create || $user->rights->agenda->allactions->create) { $tmpforcreatebutton=dol_getdate(dol_now(), true); @@ -412,7 +411,7 @@ if ($resql) $link.= ''; } - print_barre_liste($s, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $link, $num, -1 * $nbtotalofrecords, '', 0, $nav, '', $limit); + print_barre_liste($s, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num, -1 * $nbtotalofrecords, '', 0, $nav.$link, '', $limit); $moreforfilter=''; diff --git a/htdocs/core/boxes/box_bookmarks.php b/htdocs/core/boxes/box_bookmarks.php index 34cf15497c6..e2a45ffab22 100644 --- a/htdocs/core/boxes/box_bookmarks.php +++ b/htdocs/core/boxes/box_bookmarks.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2005-2017 Laurent Destailleur * Copyright (C) 2015 Frederic France * * This program is free software; you can redistribute it and/or modify diff --git a/htdocs/core/boxes/modules_boxes.php b/htdocs/core/boxes/modules_boxes.php index 790fe29fbcf..4f59d3912a7 100644 --- a/htdocs/core/boxes/modules_boxes.php +++ b/htdocs/core/boxes/modules_boxes.php @@ -260,7 +260,7 @@ class ModeleBoxes // Can't be abtract as it is instantiated to build "empty" if (! empty($conf->use_javascript_ajax)) { $sublink=''; - if (! empty($head['sublink'])) $sublink.= ''; + if (! empty($head['sublink'])) $sublink.= ''; if (! empty($head['subpicto'])) $sublink.= img_picto($head['subtext'], $head['subpicto'], 'class="'.(empty($head['subclass'])?'':$head['subclass']).'" id="idsubimg'.$this->boxcode.'"'); if (! empty($head['sublink'])) $sublink.= ''; diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index 978fceea80e..e3009c975bc 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -149,11 +149,11 @@ if ($action == 'create') { $object->fk_user = $fuserid; $object->description = $description; - $object->date_debut = $date_debut; - $object->date_fin = $date_fin; $object->fk_validator = $valideur; - $object->halfday = $halfday; $object->fk_type = $type; + $object->date_debut = $date_debut; + $object->date_fin = $date_fin; + $object->halfday = $halfday; $result = $object->create($user); if ($result <= 0) @@ -1089,7 +1089,7 @@ else print ''; print ''; print ''; } @@ -1111,7 +1111,7 @@ else print ''; print ''; print ''; } diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index 4381eacb3a7..041505759f8 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -698,14 +698,14 @@ class Holiday extends CommonObject * Warning: It consumes a lot of memory because it load in ->holiday all holiday of a dedicated user at each call. * * @param int $fk_user Id user - * @param date $dateDebut Start date of period to check - * @param date $dateFin End date of period to check + * @param date $dateStart Start date of period to check + * @param date $dateEnd End date of period to check * @param int $halfday Tag to define how start and end the period to check: - * 0:Full days, 2:Sart afternoon end monring, -1:Start afternoon, 1:End morning - * @return boolean False is on holiday at least partially into the period, True is never on holiday during chcked period. + * 0:Full days, 2:Start afternoon end morning, -1:Start afternoon end afternoon, 1:Start morning end morning + * @return boolean False = New range overlap an existing holiday, True = no overlapping (is never on holiday during checked period). * @see verifDateHolidayForTimestamp */ - function verifDateHolidayCP($fk_user, $dateDebut, $dateFin, $halfday=0) + function verifDateHolidayCP($fk_user, $dateStart, $dateEnd, $halfday=0) { $this->fetchByUser($fk_user,'',''); @@ -713,34 +713,59 @@ class Holiday extends CommonObject { if ($infos_CP['statut'] == 4) continue; // ignore not validated holidays if ($infos_CP['statut'] == 5) continue; // ignore not validated holidays + /* + var_dump("--"); + var_dump("old: ".dol_print_date($infos_CP['date_debut'],'dayhour').' '.dol_print_date($infos_CP['date_fin'],'dayhour').' '.$infos_CP['halfday']); + var_dump("new: ".dol_print_date($dateStart,'dayhour').' '.dol_print_date($dateEnd,'dayhour').' '.$halfday); + */ - // TODO Also use halfday for the check if ($halfday == 0) { - if ($dateDebut >= $infos_CP['date_debut'] && $dateDebut <= $infos_CP['date_fin'] || $dateFin <= $infos_CP['date_fin'] && $dateFin >= $infos_CP['date_debut']) + if ($dateStart >= $infos_CP['date_debut'] && $dateStart <= $infos_CP['date_fin']) + { + return false; + } + if ($dateEnd <= $infos_CP['date_fin'] && $dateEnd >= $infos_CP['date_debut']) { return false; } } elseif ($halfday == -1) { - if ($dateDebut >= $infos_CP['date_debut'] && $dateDebut <= $infos_CP['date_fin'] || $dateFin <= $infos_CP['date_fin'] && $dateFin >= $infos_CP['date_debut']) + // new start afternoon, new end afternoon + if ($dateStart >= $infos_CP['date_debut'] && $dateStart <= $infos_CP['date_fin']) { - return false; + if ($dateStart < $infos_CP['date_fin'] || in_array($infos_CP['halfday'], array(0, -1))) return false; + } + if ($dateEnd <= $infos_CP['date_fin'] && $dateEnd >= $infos_CP['date_debut']) + { + if ($dateStart < $dateEnd) return false; + if ($dateEnd < $infos_CP['date_fin'] || in_array($infos_CP['halfday'], array(0, -1))) return false; } } elseif ($halfday == 1) { - if ($dateDebut >= $infos_CP['date_debut'] && $dateDebut <= $infos_CP['date_fin'] || $dateFin <= $infos_CP['date_fin'] && $dateFin >= $infos_CP['date_debut']) + // new start morning, new end morning + if ($dateStart >= $infos_CP['date_debut'] && $dateStart <= $infos_CP['date_fin']) { - return false; + if ($dateStart < $dateEnd) return false; + if ($dateStart > $infos_CP['date_debut'] || in_array($infos_CP['halfday'], array(0, 1))) return false; + } + if ($dateEnd <= $infos_CP['date_fin'] && $dateEnd >= $infos_CP['date_debut']) + { + if ($dateEnd > $infos_CP['date_debut'] || in_array($infos_CP['halfday'], array(0, 1))) return false; } } elseif ($halfday == 2) { - if ($dateDebut >= $infos_CP['date_debut'] && $dateDebut <= $infos_CP['date_fin'] || $dateFin <= $infos_CP['date_fin'] && $dateFin >= $infos_CP['date_debut']) + // new start afternoon, new end morning + if ($dateStart >= $infos_CP['date_debut'] && $dateStart <= $infos_CP['date_fin']) { - return false; + if ($dateStart < $infos_CP['date_fin'] || in_array($infos_CP['halfday'], array(0, -1))) return false; + } + if ($dateEnd <= $infos_CP['date_fin'] && $dateEnd >= $infos_CP['date_debut']) + { + if ($dateEnd > $infos_CP['date_debut'] || in_array($infos_CP['halfday'], array(0, 1))) return false; } } else diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php index ac1b7370993..8627b7367d9 100644 --- a/htdocs/holiday/list.php +++ b/htdocs/holiday/list.php @@ -471,6 +471,8 @@ print_liste_field_titre("Status",$_SERVER["PHP_SELF"],"cp.statut","",$param,'ali print getTitleFieldOfList($selectedfields, 0, $_SERVER["PHP_SELF"],"",'','','align="center"',$sortfield,$sortorder,'maxwidthsearch ')."\n"; print "\n"; +$listhalfday=array('morning'=>$langs->trans("Morning"),"afternoon"=>$langs->trans("Afternoon")); + // Lines if (! empty($holiday->holiday)) { @@ -481,6 +483,10 @@ if (! empty($holiday->holiday)) foreach($holiday->holiday as $infos_CP) { + // Leave request + $holidaystatic->id=$infos_CP['rowid']; + $holidaystatic->ref=$infos_CP['rowid']; + // User $userstatic->id=$infos_CP['fk_user']; $userstatic->lastname=$infos_CP['user_lastname']; @@ -499,10 +505,11 @@ if (! empty($holiday->holiday)) $date = $infos_CP['date_create']; + $starthalfday=($infos_CP['halfday'] == -1 || $infos_CP['halfday'] == 2)?'afternoon':'morning'; + $endhalfday=($infos_CP['halfday'] == 1 || $infos_CP['halfday'] == 2)?'morning':'afternoon'; + print ''; print ''; print ''; @@ -515,8 +522,14 @@ if (! empty($holiday->holiday)) $nbopenedday=num_open_day($infos_CP['date_debut_gmt'], $infos_CP['date_fin_gmt'], 0, 1, $infos_CP['halfday']); print $nbopenedday.' '.$langs->trans('DurationDays'); print ''; - print ''; - print ''; + print ''; + print ''; print ''; // Action column diff --git a/htdocs/imports/import.php b/htdocs/imports/import.php index 1549e7124e0..6223bf92aad 100644 --- a/htdocs/imports/import.php +++ b/htdocs/imports/import.php @@ -1478,7 +1478,7 @@ if ($step == 5 && $datatoimport) while ($sourcelinenb < $nboflines && ! $endoffile) { $sourcelinenb++; - // Read line and stor it into $arrayrecord + // Read line and store it into $arrayrecord $arrayrecord=$obj->import_read_record(); if ($arrayrecord === false) { diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index b1856809856..b8673911f7f 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -131,6 +131,7 @@ HoursOnThisPageAreOnServerTZ=Warning, in contrary of other screens, hours on thi Box=Widget Boxes=Widgets MaxNbOfLinesForBoxes=Max number of lines for widgets +AllWidgetsWereEnabled=All available widgets are enabled PositionByDefault=Default order Position=Position MenusDesc=Menu managers set content of the two menu bars (horizontal and vertical). diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 006b9275b58..c9e14f3d67a 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -1526,7 +1526,7 @@ function top_menu($head, $title='', $target='', $disablejs=0, $disablehead=0, $a $title=$appli.'
'; $title.=$langs->trans($mode == 'wiki' ? 'GoToWikiHelpPage': 'GoToHelpPage'); if ($mode == 'wiki') $title.=' - '.$langs->trans("PageWiki").' "'.dol_escape_htmltag(strtr($helppage,'_',' ')).'"'; - $text.=''; @@ -1609,8 +1609,8 @@ function left_menu($menu_array_before, $helppagename='', $notused='', $menu_arra foreach($arrayresult as $key => $val) { - //$searchform.=printSearchForm($val['url'], $val['url'], $val['label'], 'maxwidth100', 'sall', $val['shortcut'], 'searchleftt', img_picto('',$val['img'])); - $searchform.=printSearchForm($val['url'], $val['url'], $val['label'], 'maxwidth125', 'sall', $val['shortcut'], 'searchleftt', img_picto('', $val['img'], '', false, 1, 1)); + //$searchform.=printSearchForm($val['url'], $val['url'], $val['label'], 'maxwidth100', 'sall', $val['shortcut'], 'searchleft', img_picto('',$val['img'])); + $searchform.=printSearchForm($val['url'], $val['url'], $val['label'], 'maxwidth125', 'sall', $val['shortcut'], 'searchleft', img_picto('', $val['img'], '', false, 1, 1)); } } @@ -1689,7 +1689,7 @@ function left_menu($menu_array_before, $helppagename='', $notused='', $menu_arra } else $appli.=" ".DOL_VERSION; print '
'; - if ($doliurl) print ''; + if ($doliurl) print ''; else print ''; print $appli; if ($doliurl) print ''; @@ -1719,7 +1719,7 @@ function left_menu($menu_array_before, $helppagename='', $notused='', $menu_arra $bugbaseurl.= urlencode("\n"); $bugbaseurl.= urlencode("## Report\n"); print ''; } diff --git a/htdocs/theme/eldy/style.css.php b/htdocs/theme/eldy/style.css.php index ee52662cfcb..b0d4fd7de7c 100644 --- a/htdocs/theme/eldy/style.css.php +++ b/htdocs/theme/eldy/style.css.php @@ -3628,8 +3628,8 @@ table.cal_event td.cal_event_right { padding: 4px 4px !important; } /* ============================================================================== */ /* CSS for treeview */ -.treeview ul { background-color: transparent !important; margin-top: 0; } -.treeview li { background-color: transparent !important; padding: 0 0 0 16px !important; min-height: 20px; } +.treeview ul { background-color: transparent !important; margin-top: 4px; padding-top: 4px !important; } +.treeview li { background-color: transparent !important; padding: 0 0 0 16px !important; min-height: 26px; } .treeview .hover { color: rgb() !important; text-decoration: underline !important; } diff --git a/test/phpunit/HolidayTest.php b/test/phpunit/HolidayTest.php index a04646a8a14..3204e9f07b1 100644 --- a/test/phpunit/HolidayTest.php +++ b/test/phpunit/HolidayTest.php @@ -201,11 +201,11 @@ class HolidayTest extends PHPUnit_Framework_TestCase $localobject->email='newemail@newemail.com'; $localobject->jabberid='New im id'; $localobject->default_lang='es_ES'; - + $result=$localobject->update($localobject->id,$user); print __METHOD__." id=".$localobject->id." result=".$result."\n"; $this->assertLessThan($result, 0, 'Holiday::update error'); - + $result=$localobject->update_note($localobject->note_private,'_private'); print __METHOD__." id=".$localobject->id." result=".$result."\n"; $this->assertLessThan($result, 0, 'Holiday::update_note (private) error'); @@ -213,7 +213,7 @@ class HolidayTest extends PHPUnit_Framework_TestCase $result=$localobject->update_note($localobject->note_public, '_public'); print __METHOD__." id=".$localobject->id." result=".$result."\n"; $this->assertLessThan($result, 0, 'Holiday::update_note (public) error'); - + $newobject=new Holiday($this->savdb); $result=$newobject->fetch($localobject->id); @@ -291,4 +291,63 @@ class HolidayTest extends PHPUnit_Framework_TestCase return $result; } + /** + * testVerifDateHolidayCP + * + * @return void + */ + public function testVerifDateHolidayCP() + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + // Create a leave request the 1st morning only + $localobjecta=new Holiday($this->savdb); + $localobjecta->initAsSpecimen(); + $localobjecta->date_debut = dol_mktime(0, 0, 0, 1, 1, 2020); + $localobjecta->date_fin = dol_mktime(0, 0, 0, 1, 1, 2020); + $localobjecta->halfday = 1; + $result=$localobjecta->create($user); + + // Create a leave request the 2 afternoon only + $localobjectb=new Holiday($this->savdb); + $localobjectb->initAsSpecimen(); + $localobjectb->date_debut = dol_mktime(0, 0, 0, 1, 2, 2020); + $localobjectb->date_fin = dol_mktime(0, 0, 0, 1, 2, 2020); + $localobjectb->halfday = -1; + $result=$localobjectb->create($user); + + $date_debut = dol_mktime(0, 0, 0, 1, 1, 2020); + $date_fin = dol_mktime(0, 0, 0, 1, 2, 2020); + + $localobjectc=new Holiday($this->savdb); + + $result=$localobjectc->verifDateHolidayCP($user->id, $date_debut, $date_debut, 0); + $this->assertFalse($result, 'result should be false, there is overlapping, full day is not available.'); + $result=$localobjectc->verifDateHolidayCP($user->id, $date_debut, $date_fin, 0); + $this->assertFalse($result, 'result should be false, there is overlapping, full day is not available.'); + $result=$localobjectc->verifDateHolidayCP($user->id, $date_fin, $date_fin, 0); + $this->assertFalse($result, 'result should be false, there is overlapping, full day is not available.'); + + $result=$localobjectc->verifDateHolidayCP($user->id, $date_debut, $date_debut, 1); + $this->assertFalse($result, 'result should be false, there is overlapping, morning of first day is not available.'); + $result=$localobjectc->verifDateHolidayCP($user->id, $date_debut, $date_fin, 1); + $this->assertFalse($result, 'result should be false, there is overlapping, morning of first day is not available.'); + $result=$localobjectc->verifDateHolidayCP($user->id, $date_fin, $date_fin, 1); + $this->assertTrue($result, 'result should be true, there is no overlapping'); + + $result=$localobjectc->verifDateHolidayCP($user->id, $date_debut, $date_debut, -1); + $this->assertTrue($result, 'result should be true, there is no overlapping'); + $result=$localobjectc->verifDateHolidayCP($user->id, $date_debut, $date_fin, -1); + $this->assertFalse($result, 'result should be false, there is overlapping, afternoon of second day is not available'); + $result=$localobjectc->verifDateHolidayCP($user->id, $date_fin, $date_fin, -1); + $this->assertFalse($result, 'result should be false, there is overlapping, afternoon of second day is not available'); + + $result=$localobjectc->verifDateHolidayCP($user->id, $date_debut, $date_fin, 2); // start afternoon and end morning + $this->assertTrue($result, 'result should be true, there is no overlapping'); + } + }
'.$langs->trans("Parameter").''.$langs->trans("Value").'
'.$langs->trans('DateDebCP').' ('.$langs->trans("FirstDayOfHoliday").')'.dol_print_date($object->date_debut,'day'); print '     '; - print $langs->trans($listhalfday[$starthalfday]); + print ''.$langs->trans($listhalfday[$starthalfday]).''; print '
'.$langs->trans('DateFinCP').' ('.$langs->trans("LastDayOfHoliday").')'.dol_print_date($object->date_fin,'day'); print '     '; - print $langs->trans($listhalfday[$endhalfday]); + print ''.$langs->trans($listhalfday[$endhalfday]).''; print '
'; - $holidaystatic->id=$infos_CP['rowid']; - $holidaystatic->ref=$infos_CP['rowid']; print $holidaystatic->getNomUrl(1); print ''.dol_print_date($date,'day').''.dol_print_date($infos_CP['date_debut'],'day').''.dol_print_date($infos_CP['date_fin'],'day').''; + print dol_print_date($infos_CP['date_debut'],'day'); + print ' ('.$langs->trans($listhalfday[$starthalfday]).')'; + print ''; + print dol_print_date($infos_CP['date_fin'],'day'); + print ' ('.$langs->trans($listhalfday[$endhalfday]).')'; + print ''.$holidaystatic->LibStatut($infos_CP['statut'],5).'