From 4958015e93ae519b81b0270c1399c57708de440e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 4 Aug 2021 12:26:38 +0200 Subject: [PATCH 01/34] Fix token --- htdocs/admin/tools/dolibarr_export.php | 9 +++++++-- htdocs/admin/tools/dolibarr_import.php | 12 ++++++++++-- htdocs/admin/tools/export_files.php | 4 ++++ htdocs/admin/tools/listsessions.php | 11 ++++++++--- htdocs/admin/tools/purge.php | 13 +++++++++---- htdocs/admin/tools/update.php | 17 +++++++++++------ 6 files changed, 49 insertions(+), 17 deletions(-) diff --git a/htdocs/admin/tools/dolibarr_export.php b/htdocs/admin/tools/dolibarr_export.php index 428c80676a2..4f6977ffb41 100644 --- a/htdocs/admin/tools/dolibarr_export.php +++ b/htdocs/admin/tools/dolibarr_export.php @@ -136,7 +136,7 @@ $title = $langs->trans("Backup"); print load_fiche_titre($title, '', 'title_setup'); //print_barre_liste($langs->trans("Backup"), '', '', '', '', '', $langs->trans("BackupDesc",DOL_DATA_ROOT), 0, 0, 'title_setup'); -print '
'; +print '
'; print $langs->trans("BackupDesc", DOL_DATA_ROOT); print '
'; print '
'; @@ -147,8 +147,11 @@ print ''; print ''; print '
1'; +print ''; print $langs->trans("BackupDesc3", $dolibarr_main_db_name).'
'; //print $langs->trans("BackupDescY").'
'; +print ''; + print '
'; print '
'; @@ -157,7 +160,7 @@ $title = $langs->trans("BackupDumpWizard"); print load_fiche_titre($title); -print ''; +print '
'; print ''; print ''; // Amount - print ''; // Date From a84c9943684ded3ea6117d53b2aaa546fb9c3732 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 4 Aug 2021 12:43:36 +0200 Subject: [PATCH 06/34] Fix no tooltip on link in error message --- htdocs/compta/prelevement/create.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/prelevement/create.php b/htdocs/compta/prelevement/create.php index 1956cb14516..4c36922e5f4 100644 --- a/htdocs/compta/prelevement/create.php +++ b/htdocs/compta/prelevement/create.php @@ -96,7 +96,7 @@ if (empty($reshook)) { $bank = new Account($db); $bank->fetch($conf->global->{$default_account}); if (empty($bank->ics) || empty($bank->ics_transfer)) { - $errormessage = str_replace('{url}', $bank->getNomUrl(1), $langs->trans("ErrorICSmissing", '{url}')); + $errormessage = str_replace('{url}', $bank->getNomUrl(1, '', '', -1, 1), $langs->trans("ErrorICSmissing", '{url}')); setEventMessages($errormessage, null, 'errors'); header("Location: ".DOL_URL_ROOT.'/compta/prelevement/create.php'); exit; From 2f3105d884fd941ab0d446f66c8a6f3a6982eb6e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 4 Aug 2021 13:05:07 +0200 Subject: [PATCH 07/34] Add CSRF protection --- htdocs/admin/system/database-tables.php | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/htdocs/admin/system/database-tables.php b/htdocs/admin/system/database-tables.php index 7535500e799..3d31c516858 100644 --- a/htdocs/admin/system/database-tables.php +++ b/htdocs/admin/system/database-tables.php @@ -1,6 +1,6 @@ - * Copyright (C) 2004-2005 Laurent Destailleur + * Copyright (C) 2004-2021 Laurent Destailleur * Copyright (C) 2004 Sebastien Di Cintio * Copyright (C) 2004 Benoit Mortier * Copyright (C) 2005-2012 Regis Houssin @@ -21,9 +21,13 @@ /** * \file htdocs/admin/system/database-tables.php - * \brief Page with information on database tables + * \brief Page with information on database tables. Add also some maintenance action to convert tables. */ +if (! defined('CSRFCHECK_WITH_TOKEN')) { + define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET +} + require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; @@ -126,14 +130,14 @@ if (!$base) { print ''; print ''; if (isset($obj->Engine) && $obj->Engine == "MyISAM") { - print ''; + print ''; } else { print ''; } print ''; print ''; @@ -145,7 +149,7 @@ if (!$base) { print ''; print ''; print ''; From bec87f5739d65826d2221570ba70df2481ef7d43 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 4 Aug 2021 13:12:07 +0200 Subject: [PATCH 08/34] Fix translation ICS --- htdocs/compta/bank/card.php | 10 +++++----- htdocs/langs/en_US/withdrawals.lang | 3 +-- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index ea9f7799849..d1cc0413bfd 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -212,7 +212,7 @@ if (empty($reshook)) { $object->ics = trim(GETPOST("ics", 'alpha')); $object->ics_transfer = trim(GETPOST("ics_transfer", 'alpha')); - $account_number = GETPOST('account_number', 'alpha'); + $account_number = GETPOST('account_number', 'alphanohtml'); if (empty($account_number) || $account_number == '-1') { $object->account_number = ''; } else { @@ -754,13 +754,13 @@ if ($action == 'create') { print ''; if ($conf->prelevement->enabled) { - print ''; + print ''; print ''; print ''; } if ($conf->paymentbybanktransfer->enabled) { - print ''; + print ''; print ''; print ''; } @@ -1053,12 +1053,12 @@ if ($action == 'create') { print ''; if ($conf->prelevement->enabled) { - print ''; + print ''; print ''; } if ($conf->paymentbybanktransfer->enabled) { - print ''; + print ''; print ''; } diff --git a/htdocs/langs/en_US/withdrawals.lang b/htdocs/langs/en_US/withdrawals.lang index 7d5b57f7da9..a3773a427a1 100644 --- a/htdocs/langs/en_US/withdrawals.lang +++ b/htdocs/langs/en_US/withdrawals.lang @@ -133,8 +133,7 @@ SEPARCUR=SEPA CUR SEPAFRST=SEPA FRST ExecutionDate=Execution date CreateForSepa=Create direct debit file -ICS=Creditor Identifier CI for direct debit -ICSTransfer=Creditor Identifier CI for bank transfer +ICS=Creditor Identifier - ICS END_TO_END="EndToEndId" SEPA XML tag - Unique id assigned per transaction USTRD="Unstructured" SEPA XML tag ADDDAYS=Add days to Execution Date From de228c568760e672d716c4d686dc89924fbb2e18 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 4 Aug 2021 13:18:03 +0200 Subject: [PATCH 09/34] Fix bad link. Can't delete SEPA bank transfer request --- htdocs/compta/prelevement/card.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/htdocs/compta/prelevement/card.php b/htdocs/compta/prelevement/card.php index a94d068603a..b03ed9d93e0 100644 --- a/htdocs/compta/prelevement/card.php +++ b/htdocs/compta/prelevement/card.php @@ -325,19 +325,19 @@ if ($id > 0 || $ref) { // Actions if ($action != 'settransmitted' && $action != 'setcredited') { - print "\n
\n"; + print "\n".'
'."\n"; if (empty($object->date_trans) && $user->rights->prelevement->bons->send) { - print "id."\">".$langs->trans("SetToStatusSent").""; + print ''.$langs->trans("SetToStatusSent").''; } if (!empty($object->date_trans) && $object->date_credit == 0) { - print "id."\">".$langs->trans("ClassCredited").""; + print ''.$langs->trans("ClassCredited").''; } - print "id."\">".$langs->trans("Delete").""; + print ''.$langs->trans("Delete").''; - print "
"; + print '
'; } @@ -413,7 +413,7 @@ if ($id > 0 || $ref) { print "'; @@ -434,7 +434,7 @@ if ($id > 0 || $ref) { if ($obj->statut == 2) { if ($user->rights->prelevement->bons->credit) { //print ''.$langs->trans("StandingOrderReject").''; - print ''.$langs->trans("StandingOrderReject").''; + print ''.$langs->trans("StandingOrderReject").''; } else { //print ''.$langs->trans("StandingOrderReject").''; } From 23ea8d2907671e27e2bf54d76258039e817585c3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 4 Aug 2021 13:22:24 +0200 Subject: [PATCH 10/34] Fix link into message --- htdocs/compta/prelevement/create.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/prelevement/create.php b/htdocs/compta/prelevement/create.php index 4c36922e5f4..6f045f3ca74 100644 --- a/htdocs/compta/prelevement/create.php +++ b/htdocs/compta/prelevement/create.php @@ -125,9 +125,13 @@ if (empty($reshook)) { } } else { if ($type != 'bank-transfer') { - setEventMessages($langs->trans("DirectDebitOrderCreated", $bprev->getNomUrl(1)), null); + $texttoshow = $langs->trans("DirectDebitOrderCreated", '{s}'); + $texttoshow = str_replace('{s}', $bprev->getNomUrl(1), $texttoshow); + setEventMessages($texttoshow, null); } else { - setEventMessages($langs->trans("CreditTransferOrderCreated", $bprev->getNomUrl(1)), null); + $texttoshow = $langs->trans("CreditTransferOrderCreated", '{s}'); + $texttoshow = str_replace('{s}', $bprev->getNomUrl(1), $texttoshow); + setEventMessages($texttoshow, null); } header("Location: ".DOL_URL_ROOT.'/compta/prelevement/card.php?id='.$bprev->id); From a9ced1098ddff4a689e23fac59290b286a992316 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 4 Aug 2021 13:51:54 +0200 Subject: [PATCH 11/34] Fix lang loaded --- htdocs/compta/prelevement/orders_list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/prelevement/orders_list.php b/htdocs/compta/prelevement/orders_list.php index 5c6f058bff1..3ca9ce32fbe 100644 --- a/htdocs/compta/prelevement/orders_list.php +++ b/htdocs/compta/prelevement/orders_list.php @@ -29,7 +29,7 @@ require_once DOL_DOCUMENT_ROOT.'/compta/prelevement/class/bonprelevement.class.p require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; // Load translation files required by the page -$langs->loadLangs(array('banks', 'categories', 'widthdrawals')); +$langs->loadLangs(array('banks', 'categories', 'withdrawals')); $contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'directdebitcredittransferlist'; // To manage different context of search From 58ca982e5596ec618675818a58a6b86fe1426a9b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 4 Aug 2021 14:01:57 +0200 Subject: [PATCH 12/34] Fix trans --- htdocs/commande/class/commande.class.php | 2 +- htdocs/knowledgemanagement/class/knowledgerecord.class.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 333d4e2ded6..65b446727e5 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -195,7 +195,7 @@ class Commande extends CommonOrder /** * @var int Date expected for delivery - * @see delivery_date + * @see $delivery_date * @deprecated */ public $date_livraison; diff --git a/htdocs/knowledgemanagement/class/knowledgerecord.class.php b/htdocs/knowledgemanagement/class/knowledgerecord.class.php index 550ef976aba..dacdf57d3a8 100644 --- a/htdocs/knowledgemanagement/class/knowledgerecord.class.php +++ b/htdocs/knowledgemanagement/class/knowledgerecord.class.php @@ -114,7 +114,7 @@ class KnowledgeRecord extends CommonObject 'answer' => array('type'=>'html', 'label'=>'Solution', 'enabled'=>'1', 'position'=>50, 'notnull'=>0, 'visible'=>3, 'csslist'=>'tdoverflow300'), //'url' => array('type'=>'varchar(255)', 'label'=>'URL', 'enabled'=>'1', 'position'=>55, 'notnull'=>0, 'visible'=>-1, 'csslist'=>'tdoverflow200', 'help'=>'UrlForInfoPage'), 'fk_c_ticket_category' => array('type'=>'integer:CTicketCategory:ticket/class/cticketcategory.class.php', 'label'=>'GroupOfTicket', 'enabled'=>'$conf->ticket->enabled', 'position'=>512, 'notnull'=>0, 'visible'=>-1, 'help'=>'YouCanLinkArticleToATicketCategory'), - 'status' => array('type'=>'integer', 'label'=>'Status', 'enabled'=>'1', 'position'=>1000, 'notnull'=>1, 'visible'=>1, 'default'=>0, 'index'=>1, 'arrayofkeyval'=>array('0'=>'Draft', '1'=>'Valid'),), + 'status' => array('type'=>'integer', 'label'=>'Status', 'enabled'=>'1', 'position'=>1000, 'notnull'=>1, 'visible'=>1, 'default'=>0, 'index'=>1, 'arrayofkeyval'=>array('0'=>'Draft', '1'=>'Validated'),), ); public $rowid; public $ref; From c60927da61025442630295f011d6c89f859e8a1c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 4 Aug 2021 15:16:51 +0200 Subject: [PATCH 13/34] Add missing security info --- htdocs/admin/system/security.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index 79690032901..fe3c95d1d3e 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -88,10 +88,13 @@ if (function_exists('exec')) { } print '
'; -print "PHP safe_mode = ".(ini_get('safe_mode') ? ini_get('safe_mode') : yn(0)).'   '.$langs->trans("Deprecated")." (removed in PHP 5.4)
\n"; +print "PHP session.use_strict_mode = ".(ini_get('session.use_strict_mode') ? ini_get('session.use_strict_mode') : yn(0)).'   ('.$langs->trans("RecommendedValueIs", '1').")
\n"; +print "PHP session.use_only_cookies = ".(ini_get('session.use_only_cookies') ? ini_get('session.use_only_cookies') : yn(0)).'   ('.$langs->trans("RecommendedValueIs", '1').")
\n"; +print "PHP session.cookie_samesite = ".(ini_get('session.cookie_samesite') ? ini_get('session.cookie_samesite') : 'None').'   ('.$langs->trans("RecommendedValueIs", 'Strict').")
\n"; print "PHP open_basedir = ".(ini_get('open_basedir') ? ini_get('open_basedir') : yn(0).'   ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("ARestrictedPath").', '.$langs->transnoentitiesnoconv("Example").' '.$_SERVER["DOCUMENT_ROOT"]).')')."
\n"; print "PHP allow_url_fopen = ".(ini_get('allow_url_fopen') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_fopen') : yn(0)).'   ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")
\n"; print "PHP allow_url_include = ".(ini_get('allow_url_include') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_include') : yn(0)).'   ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")
\n"; +print "PHP safe_mode = ".(ini_get('safe_mode') ? ini_get('safe_mode') : yn(0)).'   '.$langs->trans("Deprecated")." (removed in PHP 5.4)
\n"; print "PHP disable_functions = "; $arrayoffunctionsdisabled = explode(',', ini_get('disable_functions')); $arrayoffunctionstodisable = explode(',', 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals'); From ba403dd33fa070406b5b162a3f5b875a7324a80b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 4 Aug 2021 15:21:01 +0200 Subject: [PATCH 14/34] Add missing security info --- htdocs/admin/system/security.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index fe3c95d1d3e..b745ad75818 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -90,6 +90,7 @@ print '
'; print "PHP session.use_strict_mode = ".(ini_get('session.use_strict_mode') ? ini_get('session.use_strict_mode') : yn(0)).'   ('.$langs->trans("RecommendedValueIs", '1').")
\n"; print "PHP session.use_only_cookies = ".(ini_get('session.use_only_cookies') ? ini_get('session.use_only_cookies') : yn(0)).'   ('.$langs->trans("RecommendedValueIs", '1').")
\n"; +print "PHP session.cookie_httponly = ".(ini_get('session.cookie_httponly') ? ini_get('session.cookie_httponly') : '').'   ('.$langs->trans("RecommendedValueIs", '1').")
\n"; print "PHP session.cookie_samesite = ".(ini_get('session.cookie_samesite') ? ini_get('session.cookie_samesite') : 'None').'   ('.$langs->trans("RecommendedValueIs", 'Strict').")
\n"; print "PHP open_basedir = ".(ini_get('open_basedir') ? ini_get('open_basedir') : yn(0).'   ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("ARestrictedPath").', '.$langs->transnoentitiesnoconv("Example").' '.$_SERVER["DOCUMENT_ROOT"]).')')."
\n"; print "PHP allow_url_fopen = ".(ini_get('allow_url_fopen') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_fopen') : yn(0)).'   ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")
\n"; From a5d11a1ccfed1da3591ae8c92715ca6a7871b85e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 4 Aug 2021 15:46:00 +0200 Subject: [PATCH 15/34] Fix warning --- htdocs/admin/system/security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index b745ad75818..1ca4b95856e 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -249,7 +249,7 @@ if (empty($dolibarr_main_prod)) { } print '
'; -print '$dolibarr_nocsrfcheck: '.$dolibarr_nocsrfcheck; +print '$dolibarr_nocsrfcheck: '.(empty($dolibarr_nocsrfcheck) ? '0' : $dolibarr_nocsrfcheck); if (!empty($dolibarr_nocsrfcheck)) { print '   '.img_picto('', 'warning').' '.$langs->trans("IfYouAreOnAProductionSetThis", 0); } From 965bdbb34260f0d4b27a13966b0464492b73d1ba Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 4 Aug 2021 23:08:57 +0200 Subject: [PATCH 16/34] Trans --- htdocs/langs/en_US/admin.lang | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 76f5c18b70b..d4047e654d3 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1780,7 +1780,7 @@ ClickToDialSetup=Click To Dial module setup ClickToDialUrlDesc=Url called when a click on phone picto is done. In URL, you can use tags
__PHONETO__ that will be replaced with the phone number of person to call
__PHONEFROM__ that will be replaced with phone number of calling person (yours)
__LOGIN__ that will be replaced with clicktodial login (defined on user card)
__PASS__ that will be replaced with clicktodial password (defined on user card). ClickToDialDesc=This module change phone numbers, when using a desktop computer, into clickable links. A click will call the number. This can be used to start the phone call when using a soft phone on your desktop or when using a CTI system based on SIP protocol for example. Note: When using a smartphone, phone numbers are always clickable. ClickToDialUseTelLink=Use just a link "tel:" on phone numbers -ClickToDialUseTelLinkDesc=Use this method if your users have a softphone or a software interface, installed on the same computer as the browser, and called when you click on a link starting with "tel:" in your browser. If you need link that start with "sip:" or a full server solution (no need of local software installation), you must set this to "No" and fill next field. +ClickToDialUseTelLinkDesc=Use this method if your users have a softphone or a software interface, installed on the same computer as the browser, and called when you click on a link starting with "tel:" in your browser. If you need a link that start with "sip:" or a full server solution (no need of local software installation), you must set this to "No" and fill the next field. ##### Point Of Sale (CashDesk) ##### CashDesk=Point of Sale CashDeskSetup=Point of Sales module setup From 0a31f3dc1a77ef4468360629382e3231a59f4594 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 4 Aug 2021 23:11:59 +0200 Subject: [PATCH 17/34] FIX #18341 lang not loaded --- htdocs/admin/agenda_reminder.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/admin/agenda_reminder.php b/htdocs/admin/agenda_reminder.php index b3a85d1fe4b..2b2da673202 100644 --- a/htdocs/admin/agenda_reminder.php +++ b/htdocs/admin/agenda_reminder.php @@ -226,6 +226,7 @@ if (empty($conf->cron->enabled)) { // Get the max frequency of reminder if ($job->id > 0) { if ($job->status != $job::STATUS_ENABLED) { + $langs->load("cron"); print ''.$langs->trans("JobXMustBeEnabled", $langs->transnoentitiesnoconv("sendEmailsReminder")).''; } else { print ''.img_picto($langs->trans('Enabled'), 'switch_on').''; From 5d717113be3586694ea199316c843363f9b8ca64 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 5 Aug 2021 11:20:43 +0200 Subject: [PATCH 18/34] Add language key --- htdocs/langs/en_US/languages.lang | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/langs/en_US/languages.lang b/htdocs/langs/en_US/languages.lang index 373fdf2eab5..e3b6bed94c8 100644 --- a/htdocs/langs/en_US/languages.lang +++ b/htdocs/langs/en_US/languages.lang @@ -2,6 +2,7 @@ Language_am_ET=Ethiopian Language_ar_AR=Arabic Language_ar_EG=Arabic (Egypt) +Language_ar_MA=Arabic (Moroco) Language_ar_SA=Arabic Language_ar_TN=Arabic (Tunisia) Language_ar_IQ=Arabic (Iraq) From fca3980dce3b2a5fa0b07340155786158f49ff84 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 5 Aug 2021 15:15:03 +0200 Subject: [PATCH 19/34] FIX Can't remove a permission of a group --- htdocs/user/group/perms.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/user/group/perms.php b/htdocs/user/group/perms.php index 9fc4426ecac..3ccbcf94d05 100644 --- a/htdocs/user/group/perms.php +++ b/htdocs/user/group/perms.php @@ -315,7 +315,7 @@ if ($object->id > 0) { if (in_array($obj->id, $permsgroupbyentity[$entity])) { // Own permission by group if ($caneditperms) { - print ''; From 591b8acd513eb75483e336f8a1c871bbf20b1853 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 5 Aug 2021 15:57:51 +0200 Subject: [PATCH 20/34] FIX show info of company into user dropdown --- htdocs/main.inc.php | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 2ceb2175799..e4677499bd6 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -2015,27 +2015,25 @@ function top_menu_user($hideloginname = 0, $urllogout = '') $dropdownBody .= ' '.$langs->trans("ShowCompanyInfos").''; $dropdownBody .= '
'; - if (!empty($conf->global->MAIN_INFO_SIREN)) { - $dropdownBody .= '
'.$langs->transcountry("ProfId1Short", $mysoc->country_code).': '.showValueWithClipboardCPButton($conf->global->MAIN_INFO_SIREN).''; + if ($langs->transcountry("ProfId1", $mysoc->country_code) != '-') { + $dropdownBody .= '
'.$langs->transcountry("ProfId1", $mysoc->country_code).': '.showValueWithClipboardCPButton($conf->global->MAIN_INFO_SIREN).''; } - if (!empty($conf->global->MAIN_INFO_SIRET)) { - $dropdownBody .= '
'.$langs->transcountry("ProfId2Short", $mysoc->country_code).': '.showValueWithClipboardCPButton($conf->global->MAIN_INFO_SIRET).''; + if ($langs->transcountry("ProfId2", $mysoc->country_code) != '-') { + $dropdownBody .= '
'.$langs->transcountry("ProfId2", $mysoc->country_code).': '.showValueWithClipboardCPButton($conf->global->MAIN_INFO_SIRET).''; } - if (!empty($conf->global->MAIN_INFO_APE)) { - $dropdownBody .= '
'.$langs->transcountry("ProfId3Short", $mysoc->country_code).': '.showValueWithClipboardCPButton($conf->global->MAIN_INFO_APE).''; + if ($langs->transcountry("ProfId3", $mysoc->country_code) != '-') { + $dropdownBody .= '
'.$langs->transcountry("ProfId3", $mysoc->country_code).': '.showValueWithClipboardCPButton($conf->global->MAIN_INFO_APE).''; } - if (!empty($conf->global->MAIN_INFO_RCS)) { - $dropdownBody .= '
'.$langs->transcountry("ProfId4Short", $mysoc->country_code).': '.showValueWithClipboardCPButton($conf->global->MAIN_INFO_RCS).''; + if ($langs->transcountry("ProfId4", $mysoc->country_code) != '-') { + $dropdownBody .= '
'.$langs->transcountry("ProfId4", $mysoc->country_code).': '.showValueWithClipboardCPButton($conf->global->MAIN_INFO_RCS).''; } - if (!empty($conf->global->MAIN_INFO_PROFID5)) { - $dropdownBody .= '
'.$langs->transcountry("ProfId5Short", $mysoc->country_code).': '.showValueWithClipboardCPButton($conf->global->MAIN_INFO_PROFID5).''; + if ($langs->transcountry("ProfId5", $mysoc->country_code) != '-') { + $dropdownBody .= '
'.$langs->transcountry("ProfId5", $mysoc->country_code).': '.showValueWithClipboardCPButton($conf->global->MAIN_INFO_PROFID5).''; } - if (!empty($conf->global->MAIN_INFO_PROFID6)) { - $dropdownBody .= '
'.$langs->transcountry("ProfId6Short", $mysoc->country_code).': '.showValueWithClipboardCPButton($conf->global->MAIN_INFO_PROFID6).''; - } - if (!empty($conf->global->MAIN_INFO_TVAINTRA)) { - $dropdownBody .= '
'.$langs->trans("VATIntraShort").': '.showValueWithClipboardCPButton($conf->global->MAIN_INFO_TVAINTRA).''; + if ($langs->transcountry("ProfId6", $mysoc->country_code) != '-') { + $dropdownBody .= '
'.$langs->transcountry("ProfId6", $mysoc->country_code).': '.showValueWithClipboardCPButton($conf->global->MAIN_INFO_PROFID6).''; } + $dropdownBody .= '
'.$langs->trans("VATIntraShort").': '.showValueWithClipboardCPButton($conf->global->MAIN_INFO_TVAINTRA).''; $dropdownBody .= '
'; From c0c46fb704b2777be00527f3cb10c8c11b17408e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 6 Aug 2021 12:18:51 +0200 Subject: [PATCH 21/34] FIX Link of download main doc on vat list --- htdocs/compta/tva/list.php | 10 +++++++++- htdocs/core/class/html.formfile.class.php | 5 +++-- htdocs/core/lib/files.lib.php | 9 ++++++--- htdocs/theme/eldy/global.inc.php | 3 +++ htdocs/theme/md/style.css.php | 6 ++++++ 5 files changed, 27 insertions(+), 6 deletions(-) diff --git a/htdocs/compta/tva/list.php b/htdocs/compta/tva/list.php index 69ce8ae8ae5..1dc0180bd60 100644 --- a/htdocs/compta/tva/list.php +++ b/htdocs/compta/tva/list.php @@ -31,6 +31,7 @@ require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/compta/tva/class/tva.class.php'; require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingjournal.class.php'; @@ -135,6 +136,7 @@ if (empty($reshook)) { $form = new Form($db); $formother = new FormOther($db); +$formfile = new FormFile($db); $tva_static = new Tva($db); $bankstatic = new Account($db); $accountingjournal = new AccountingJournal($db); @@ -445,7 +447,13 @@ while ($i < min($num, $limit)) { // Ref if (!empty($arrayfields['t.rowid']['checked'])) { - print ''; + print ''; if (!$i) { $totalarray['nbfield']++; } diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index 2b8a2d15aff..3a5cff5ea9e 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -985,9 +985,10 @@ class FormFile * @param string $modulesubdir Sub-directory to scan (Example: '0/1/10', 'FA/DD/MM/YY/9999'). Use '' if file is not into subdir of module. * @param string $filedir Full path to directory to scan * @param string $filter Filter filenames on this regex string (Example: '\.pdf$') + * @param string $morecss Add more css to the download picto * @return string Output string with HTML link of documents (might be empty string). This also fill the array ->infofiles */ - public function getDocumentsLink($modulepart, $modulesubdir, $filedir, $filter = '') + public function getDocumentsLink($modulepart, $modulesubdir, $filedir, $filter = '', $morecss = 'valignmiddle') { global $conf, $langs; @@ -1019,7 +1020,7 @@ class FormFile $out .= ''."\n"; if (!empty($file_list)) { $out = '
-
'.img_picto('', 'listlight', '', 0, 0, 0, '', 'valignmiddle').'
+
'.img_picto('', 'listlight', '', 0, 0, 0, '', $morecss).'
    '; $tmpout = ''; diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 05d8c6c4ec5..3c35bcda2a9 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2235,7 +2235,7 @@ function dol_most_recent_file($dir, $regexfilter = '', $excludefilter = array('( * Security check when accessing to a document (used by document.php, viewimage.php and webservices to get documents). * TODO Replace code that set $accesallowed by a call to restrictedArea() * - * @param string $modulepart Module of document ('module', 'module_user_temp', 'module_user' or 'module_temp') + * @param string $modulepart Module of document ('module', 'module_user_temp', 'module_user' or 'module_temp'). Exemple: 'medias', 'invoice', 'logs', 'tax-vat', ... * @param string $original_file Relative path with filename, relative to modulepart. * @param string $entity Restrict onto entity (0=no restriction) * @param User $fuser User object (forced) @@ -2263,10 +2263,13 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, $entity = 0; } } - // Fix modulepart + // Fix modulepart for backward compatibility if ($modulepart == 'users') { $modulepart = 'user'; } + if ($modulepart == 'tva') { + $modulepart = 'tax-vat'; + } //print 'dol_check_secure_access_document modulepart='.$modulepart.' original_file='.$original_file.' entity='.$entity; dol_syslog('dol_check_secure_access_document modulepart='.$modulepart.' original_file='.$original_file.' entity='.$entity); @@ -2436,7 +2439,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, $accessallowed = 1; } $original_file = (!empty($conf->product->multidir_temp[$entity]) ? $conf->product->multidir_temp[$entity] : $conf->service->multidir_temp[$entity]).'/'.$original_file; - } elseif (in_array($modulepart, array('tax', 'tax-vat')) && !empty($conf->tax->dir_output)) { + } elseif (in_array($modulepart, array('tax', 'tax-vat', 'tva')) && !empty($conf->tax->dir_output)) { // Wrapping for taxes if ($fuser->rights->tax->charges->{$lire}) { $accessallowed = 1; diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index ab9ab624801..e384007262f 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -736,6 +736,9 @@ textarea.centpercent { .paddingleft2 { padding-: 2px; } +.paddingleft2imp { + padding-: 2px !important; +} .paddingright { padding-: 4px; } diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index 8e679e754f2..dfa8b00f9eb 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -878,12 +878,18 @@ textarea.centpercent { .paddingleft2 { padding-: 2px; } +.paddingleft2imp { + padding-: 2px !important; +} .paddingright { padding-: 4px; } .paddingright2 { padding-: 2px; } +.paddingright2imp { + padding-: 2px !important; +} .marginleft2 { margin-: 2px; } From cf74af4401bc0ca68421b3814e6a4a7434cb3206 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 6 Aug 2021 13:07:07 +0200 Subject: [PATCH 22/34] css --- htdocs/salaries/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/salaries/card.php b/htdocs/salaries/card.php index aff3e4cce92..d3c7ba504cb 100755 --- a/htdocs/salaries/card.php +++ b/htdocs/salaries/card.php @@ -729,7 +729,7 @@ if ($id) { if ($action == 'edit') { print '
'; } else { - print ''; + print ''; } // Default mode of payment From fec5a22c651037592e655c5a90fb6e66ed975d9c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 6 Aug 2021 13:24:40 +0200 Subject: [PATCH 23/34] Fix filter to find files of a ref. --- htdocs/core/class/html.formfile.class.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index 3a5cff5ea9e..60054ecf5ad 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -981,14 +981,15 @@ class FormFile * You may want to call this into a div like this: * print '
'.$formfile->getDocumentsLink($element_doc, $filename, $filedir).'
'; * - * @param string $modulepart propal, facture, facture_fourn, ... + * @param string $modulepart 'propal', 'facture', 'facture_fourn', ... * @param string $modulesubdir Sub-directory to scan (Example: '0/1/10', 'FA/DD/MM/YY/9999'). Use '' if file is not into subdir of module. * @param string $filedir Full path to directory to scan * @param string $filter Filter filenames on this regex string (Example: '\.pdf$') * @param string $morecss Add more css to the download picto + * @param string $allfiles 0=Only generated docs, 1=All files * @return string Output string with HTML link of documents (might be empty string). This also fill the array ->infofiles */ - public function getDocumentsLink($modulepart, $modulesubdir, $filedir, $filter = '', $morecss = 'valignmiddle') + public function getDocumentsLink($modulepart, $modulesubdir, $filedir, $filter = '', $morecss = 'valignmiddle', $allfiles = 0) { global $conf, $langs; @@ -1006,12 +1007,11 @@ class FormFile $entity = ((!empty($regs[1]) && $regs[1] > 1) ? $regs[1] : 1); // If entity id not found in $filedir this is entity 1 by default } - // Get list of files starting with name of ref (but not followed by "-" to discard uploaded files and get only generated files) - // @todo Why not showing by default all files by just removing the '[^\-]+' at end of regex ? - if (!empty($conf->global->MAIN_SHOW_ALL_FILES_ON_DOCUMENT_TOOLTIP)) { - $filterforfilesearch = preg_quote(basename($modulesubdir), '/'); + // Get list of files starting with name of ref (Note: files with '^ref\.extension' are generated files, files with '^ref-...' are uploaded files) + if ($allfiles || !empty($conf->global->MAIN_SHOW_ALL_FILES_ON_DOCUMENT_TOOLTIP)) { + $filterforfilesearch = '^'.preg_quote(basename($modulesubdir), '/'); } else { - $filterforfilesearch = preg_quote(basename($modulesubdir), '/').'[^\-]+'; + $filterforfilesearch = '^'.preg_quote(basename($modulesubdir), '/').'\.'; } $file_list = dol_dir_list($filedir, 'files', 0, $filterforfilesearch, '\.meta$|\.png$'); // We also discard .meta and .png preview From 458f773baf6fdab3d4a831f78455b8696395aee3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 6 Aug 2021 18:32:40 +0200 Subject: [PATCH 24/34] Fix security options --- htdocs/admin/system/security.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index 1ca4b95856e..3f90414e6b7 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -372,6 +372,9 @@ print '
'; print 'MAIN_RESTRICTHTML_ONLY_VALID_HTML = '.(empty($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommanded").': 1)' : $conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML)."
"; print '
'; +print 'MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE = '.(empty($conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommanded").': 1)' : $conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE)."
"; +print '
'; + print 'MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = '.(empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommanded").': 1)' : $conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)."
"; print '
'; From e26eda3f5ff3ac547a750257f69ceb583218aa0d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 6 Aug 2021 18:34:35 +0200 Subject: [PATCH 25/34] Position of option --- htdocs/admin/system/security.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index 3f90414e6b7..ea6aa10d3c9 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -175,7 +175,7 @@ print '
'; print load_fiche_titre($langs->trans("OSSetup").' - '.$langs->trans("PermissionsOnFiles"), '', 'folder'); print ''.$langs->trans("PermissionsOnFilesInWebRoot").': '; -$arrayoffilesinroot = dol_dir_list(DOL_DOCUMENT_ROOT, 'all', 1, '', array('\/custom'), 'name', SORT_ASC, 4, 1, '', 1); +$arrayoffilesinroot = dol_dir_list(DOL_DOCUMENT_RMAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADEOOT, 'all', 1, '', array('\/custom'), 'name', SORT_ASC, 4, 1, '', 1); $fileswithwritepermission = array(); foreach ($arrayoffilesinroot as $fileinroot) { // Test if there is at least one write permission file. If yes, add the entry into array $fileswithwritepermission @@ -235,7 +235,7 @@ if (file_exists($installlock)) { } print '
'; - +MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE // File conf.php print '
'; @@ -369,10 +369,10 @@ print '
'; print 'MAIN_ALLOW_SVG_FILES_AS_IMAGES = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0   ('.$langs->trans("Recommanded").': 0)' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)."
"; print '
'; -print 'MAIN_RESTRICTHTML_ONLY_VALID_HTML = '.(empty($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommanded").': 1)' : $conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML)."
"; +print 'MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE = '.(empty($conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommanded").': 1)' : $conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE)."
"; print '
'; -print 'MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE = '.(empty($conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommanded").': 1)' : $conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE)."
"; +print 'MAIN_RESTRICTHTML_ONLY_VALID_HTML = '.(empty($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommanded").': 1)' : $conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML)."
"; print '
'; print 'MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = '.(empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommanded").': 1)' : $conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)."
"; From a7fa238b71dd081b376cabdd2da06ae024bc34c9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 6 Aug 2021 18:35:16 +0200 Subject: [PATCH 26/34] Position of option --- htdocs/admin/system/security.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index ea6aa10d3c9..478338ad79a 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -175,7 +175,7 @@ print '
'; print load_fiche_titre($langs->trans("OSSetup").' - '.$langs->trans("PermissionsOnFiles"), '', 'folder'); print ''.$langs->trans("PermissionsOnFilesInWebRoot").': '; -$arrayoffilesinroot = dol_dir_list(DOL_DOCUMENT_RMAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADEOOT, 'all', 1, '', array('\/custom'), 'name', SORT_ASC, 4, 1, '', 1); +$arrayoffilesinroot = dol_dir_list(DOL_DOCUMENT_ROOT, 'all', 1, '', array('\/custom'), 'name', SORT_ASC, 4, 1, '', 1); $fileswithwritepermission = array(); foreach ($arrayoffilesinroot as $fileinroot) { // Test if there is at least one write permission file. If yes, add the entry into array $fileswithwritepermission @@ -235,7 +235,7 @@ if (file_exists($installlock)) { } print '
'; -MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE + // File conf.php print '
'; From d437d382d882446f4d282a797f65849aa25e98ab Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 6 Aug 2021 18:48:05 +0200 Subject: [PATCH 27/34] Fix trans --- htdocs/admin/system/security.php | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index 478338ad79a..c5c149d6b59 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -350,7 +350,7 @@ if (empty($conf->global->MAIN_SECURITY_HASH_ALGO)) { if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') { print '
MAIN_SECURITY_SALT = '.(empty($conf->global->MAIN_SECURITY_SALT) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_SALT).'
'; } else { - print '('.$langs->trans("Recommanded").': password_hash)'; + print '('.$langs->trans("Recommended").': password_hash)'; print '
'; } if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') { @@ -363,19 +363,19 @@ if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') { } print '
'; -print 'MAIN_SECURITY_ANTI_SSRF_SERVER_IP = '.(empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Example").': static-ips-of-server - '.$langs->trans("Note").': common loopback ip like 127.*.*.*, [::1] are already added)' : $conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP)."
"; +print 'MAIN_SECURITY_ANTI_SSRF_SERVER_IP = '.(empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': List of static IPs of server separated with coma - '.$langs->trans("Note").': common loopback ip like 127.*.*.*, [::1] are already added)' : $conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP)."
"; print '
'; -print 'MAIN_ALLOW_SVG_FILES_AS_IMAGES = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0   ('.$langs->trans("Recommanded").': 0)' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)."
"; +print 'MAIN_ALLOW_SVG_FILES_AS_IMAGES = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0   ('.$langs->trans("Recommended").': 0)' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)."
"; print '
'; -print 'MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE = '.(empty($conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommanded").': 1)' : $conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE)."
"; +print 'MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE = '.(empty($conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': 1)' : $conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE)."
"; print '
'; -print 'MAIN_RESTRICTHTML_ONLY_VALID_HTML = '.(empty($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommanded").': 1)' : $conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML)."
"; +print 'MAIN_RESTRICTHTML_ONLY_VALID_HTML = '.(empty($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': 1)' : $conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML)."
"; print '
'; -print 'MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = '.(empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommanded").': 1)' : $conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)."
"; +print 'MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = '.(empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': 1)' : $conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)."
"; print '
'; print 'MAIN_EXEC_USE_POPEN = '; @@ -385,10 +385,14 @@ if (empty($conf->global->MAIN_EXEC_USE_POPEN)) { print $conf->global->MAIN_EXEC_USE_POPEN; } if ($execmethod == 1) { - print '   ("exec" PHP method will be used for shell commands)'; + print ', "exec" PHP method will be used for shell commands'; + print '   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 1)'; + print ''; } if ($execmethod == 2) { - print '   ("popen" PHP method will be used for shell commands)'; + print ', "popen" PHP method will be used for shell commands'; + print '   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 1)'; + print ''; } print "
"; print '
'; From 143517240554f7f6c321b6c44c4bfba03be71279 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 6 Aug 2021 18:55:41 +0200 Subject: [PATCH 28/34] Better help --- htdocs/admin/system/security.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index c5c149d6b59..4b98b40fb41 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -366,10 +366,10 @@ print '
'; print 'MAIN_SECURITY_ANTI_SSRF_SERVER_IP = '.(empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': List of static IPs of server separated with coma - '.$langs->trans("Note").': common loopback ip like 127.*.*.*, [::1] are already added)' : $conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP)."
"; print '
'; -print 'MAIN_ALLOW_SVG_FILES_AS_IMAGES = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0   ('.$langs->trans("Recommended").': 0)' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)."
"; +print 'MAIN_ALLOW_SVG_FILES_AS_IMAGES = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES).'   ('.$langs->trans("Recommended").': 0)
'; print '
'; -print 'MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE = '.(empty($conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': 1)' : $conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE)."
"; +print 'MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE = '.(empty($conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE).'   ('.$langs->trans("Recommended").': 1)
'; print '
'; print 'MAIN_RESTRICTHTML_ONLY_VALID_HTML = '.(empty($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': 1)' : $conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML)."
"; From 948663deb40f38ab739ceafee84fa1e08a105781 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 7 Aug 2021 13:59:07 +0200 Subject: [PATCH 29/34] Fix deprecated var --- htdocs/admin/system/security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index 4b98b40fb41..f2df395060b 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -95,7 +95,7 @@ print "PHP session.cookie_samesite = ".(ini_get('session.cookie print "PHP open_basedir = ".(ini_get('open_basedir') ? ini_get('open_basedir') : yn(0).'   ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("ARestrictedPath").', '.$langs->transnoentitiesnoconv("Example").' '.$_SERVER["DOCUMENT_ROOT"]).')')."
\n"; print "PHP allow_url_fopen = ".(ini_get('allow_url_fopen') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_fopen') : yn(0)).'   ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")
\n"; print "PHP allow_url_include = ".(ini_get('allow_url_include') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_include') : yn(0)).'   ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")
\n"; -print "PHP safe_mode = ".(ini_get('safe_mode') ? ini_get('safe_mode') : yn(0)).'   '.$langs->trans("Deprecated")." (removed in PHP 5.4)
\n"; +//print "PHP safe_mode = ".(ini_get('safe_mode') ? ini_get('safe_mode') : yn(0)).'   '.$langs->trans("Deprecated")." (removed in PHP 5.4)
\n"; print "PHP disable_functions = "; $arrayoffunctionsdisabled = explode(',', ini_get('disable_functions')); $arrayoffunctionstodisable = explode(',', 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals'); From 3f0a5cc6893b9253804f724c6efdc46fc77e9cab Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 8 Aug 2021 12:04:21 +0200 Subject: [PATCH 30/34] Fix permission info on permissions group --- htdocs/user/group/perms.php | 94 ++++++++++++++++++++++++------------- htdocs/user/perms.php | 6 +-- 2 files changed, 65 insertions(+), 35 deletions(-) diff --git a/htdocs/user/group/perms.php b/htdocs/user/group/perms.php index 3ccbcf94d05..4bb95b46a89 100644 --- a/htdocs/user/group/perms.php +++ b/htdocs/user/group/perms.php @@ -22,9 +22,13 @@ /** * \file htdocs/user/group/perms.php - * \brief Onglet user et permissions de la fiche utilisateur + * \brief Page to set permissions of a user group record */ +if (!defined('CSRFCHECK_WITH_TOKEN')) { + define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET +} + require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/user/class/usergroup.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php'; @@ -41,6 +45,10 @@ $module = GETPOST('module', 'alpha'); $rights = GETPOST('rights', 'int'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'groupperms'; // To manage different context of search +if (!isset($id) || empty($id)) { + accessforbidden(); +} + // Define if user can read permissions $canreadperms = ($user->admin || $user->rights->user->user->lire); // Define if user can modify group permissions @@ -53,12 +61,15 @@ if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { $caneditperms = ($user->admin || $user->rights->user->group_advance->write); } +// Security check +//$result = restrictedArea($user, 'user', $id, 'usergroup', ''); if (!$canreadperms) { accessforbidden(); } $object = new Usergroup($db); $object->fetch($id); +$object->getrights(); $entity = $conf->entity; @@ -79,7 +90,7 @@ if ($reshook < 0) { if (empty($reshook)) { if ($action == 'addrights' && $caneditperms) { $editgroup = new Usergroup($db); - $result = $editgroup->fetch($id); + $result = $editgroup->fetch($object->id); if ($result > 0) { $result = $editgroup->addrights($rights, $module, '', $entity); if ($result < 0) { @@ -88,6 +99,9 @@ if (empty($reshook)) { } else { dol_print_error($db); } + + $object->clearrights(); + $object->getrights(); } if ($action == 'delrights' && $caneditperms) { @@ -101,11 +115,14 @@ if (empty($reshook)) { } else { dol_print_error($db); } + + $object->clearrights(); + $object->getrights(); } } -/** +/* * View */ @@ -114,11 +131,6 @@ $form = new Form($db); llxHeader('', $langs->trans("Permissions")); if ($object->id > 0) { - /* - * Affichage onglets - */ - $object->getrights(); // Reload permission - $head = group_prepare_head($object); $title = $langs->trans("Group"); print dol_get_fiche_head($head, 'rights', $title, -1, 'group'); @@ -165,8 +177,8 @@ if ($object->id > 0) { $sql .= " FROM ".MAIN_DB_PREFIX."rights_def as r,"; $sql .= " ".MAIN_DB_PREFIX."usergroup_rights as gr"; $sql .= " WHERE gr.fk_id = r.id"; - $sql .= " AND gr.entity = ".$entity; - $sql .= " AND gr.fk_usergroup = ".$object->id; + $sql .= " AND gr.entity = ".((int) $entity); + $sql .= " AND gr.fk_usergroup = ".((int) $object->id); dol_syslog("get user perms", LOG_DEBUG); $result = $db->query($sql); @@ -186,6 +198,10 @@ if ($object->id > 0) { dol_print_error($db); } + /* + * Part to add/remove permissions + */ + $linkback = ''.$langs->trans("BackToList").''; dol_banner_tab($object, 'id', $linkback, $user->rights->user->user->lire || $user->admin); @@ -193,9 +209,6 @@ if ($object->id > 0) { print '
'; print '
'; - /* - * Ecran ajout/suppression permission - */ print '
'; print $langs->trans("DatabaseName").' : '.$dolibarr_main_db_name.'
'; @@ -554,8 +557,10 @@ print ''; print '
2'; +print ''; print $langs->trans("BackupDesc2", DOL_DATA_ROOT).'
'; print $langs->trans("BackupDescX").'

'; +print ''; print '
'; diff --git a/htdocs/admin/tools/dolibarr_import.php b/htdocs/admin/tools/dolibarr_import.php index 1fc0ca49221..29bfe5c12a4 100644 --- a/htdocs/admin/tools/dolibarr_import.php +++ b/htdocs/admin/tools/dolibarr_import.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2006-2021 Laurent Destailleur * Copyright (C) 2006-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify @@ -22,6 +22,10 @@ * \brief Page to import database */ +if (! defined('CSRFCHECK_WITH_TOKEN')) { + define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET +} + require '../../main.inc.php'; // Load translation files required by the page @@ -72,7 +76,7 @@ jQuery(document).ready(function() { print load_fiche_titre($langs->trans("Restore"), '', 'title_setup'); -print '
'; +print '
'; print $langs->trans("RestoreDesc", DOL_DATA_ROOT); print '
'; print '
'; @@ -81,7 +85,9 @@ print '
';
1 '; print $langs->trans("RestoreDesc2", DOL_DATA_ROOT).'

'; +print ''; ?>
@@ -90,7 +96,9 @@ print $langs->trans("RestoreDesc2", DOL_DATA_ROOT).'

';
2 '; print $langs->trans("RestoreDesc3", $dolibarr_main_db_name).'

'; +print ''; ?> trans("DatabaseName").' : '.$dolibarr_main_db_name.''; ?>

diff --git a/htdocs/admin/tools/export_files.php b/htdocs/admin/tools/export_files.php index 34685676320..384b08e19cf 100644 --- a/htdocs/admin/tools/export_files.php +++ b/htdocs/admin/tools/export_files.php @@ -22,6 +22,10 @@ * \brief Page to export documents into a compressed file */ +if (! defined('CSRFCHECK_WITH_TOKEN')) { + define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET +} + require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; diff --git a/htdocs/admin/tools/listsessions.php b/htdocs/admin/tools/listsessions.php index 61d2b1cea58..10a38fb59a1 100644 --- a/htdocs/admin/tools/listsessions.php +++ b/htdocs/admin/tools/listsessions.php @@ -22,9 +22,14 @@ * \brief List of PHP sessions */ +if (! defined('CSRFCHECK_WITH_TOKEN')) { + define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET +} + require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; + // Load translation files required by the page $langs->loadLangs(array("companies", "install", "users", "other")); @@ -185,14 +190,14 @@ print '
'; if (empty($conf->global->MAIN_ONLY_LOGIN_ALLOWED)) { - print ''.$langs->trans("LockNewSessions").''; + print ''.$langs->trans("LockNewSessions").''; } else { - print ''.$langs->trans("UnlockNewSessions").''; + print ''.$langs->trans("UnlockNewSessions").''; } if ($savehandler == 'files') { if (count($listofsessions)) { - print ''.$langs->trans("PurgeSessions").''; + print ''.$langs->trans("PurgeSessions").''; } } diff --git a/htdocs/admin/tools/purge.php b/htdocs/admin/tools/purge.php index e20b9c2b13a..09647549c8b 100644 --- a/htdocs/admin/tools/purge.php +++ b/htdocs/admin/tools/purge.php @@ -21,15 +21,15 @@ * \brief Page to purge files (temporary or not) */ +if (! defined('CSRFCHECK_WITH_TOKEN')) { + define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET +} + require '../../main.inc.php'; include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $langs->load("admin"); -if (!$user->admin) { - accessforbidden(); -} - $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $choice = GETPOST('choice', 'aZ09'); @@ -42,10 +42,15 @@ if (!empty($conf->syslog->enabled)) { $filelog = preg_replace('/DOL_DATA_ROOT/i', DOL_DATA_ROOT, $filelog); } +if (!$user->admin) { + accessforbidden(); +} + /* * Actions */ + if ($action == 'purge' && !preg_match('/^confirm/i', $choice) && ($choice != 'allfiles' || $confirm == 'yes')) { // Increase limit of time. Works only if we are not in safe mode $ExecTimeLimit = 600; diff --git a/htdocs/admin/tools/update.php b/htdocs/admin/tools/update.php index 5a6ff94ce57..821bcd9e3f3 100644 --- a/htdocs/admin/tools/update.php +++ b/htdocs/admin/tools/update.php @@ -22,6 +22,10 @@ * \brief Page to make a Dolibarr online upgrade */ +if (! defined('CSRFCHECK_WITH_TOKEN')) { + define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET +} + require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; @@ -100,7 +104,7 @@ if (function_exists('curl_init')) { print $langs->trans("LastStableVersion").' : '.$langs->trans("UpdateServerOffline").'
'; } } else { - print $langs->trans("LastStableVersion").' : '.$langs->trans("Check").'
'; + print $langs->trans("LastStableVersion").' : '.$langs->trans("Check").'
'; } } @@ -113,14 +117,14 @@ print '
'; print $langs->trans("ThisIsProcessToFollow").'
'; print ''.$langs->trans("StepNb", 1).': '; $fullurl = ''.$urldolibarr.''; -print $langs->trans("DownloadPackageFromWebSite", $fullurl).'
'; +print str_replace('{s}', $fullurl, $langs->trans("DownloadPackageFromWebSite", '{s}')).'
'; print ''.$langs->trans("StepNb", 2).': '; -print $langs->trans("UnpackPackageInDolibarrRoot", $dolibarrroot).'
'; +print str_replace('{s}', $dolibarrroot, $langs->trans("UnpackPackageInDolibarrRoot", '{s}')).'
'; print ''.$langs->trans("StepNb", 3).': '; print $langs->trans("RemoveLock", $dolibarrdataroot.'/install.lock').'
'; print ''.$langs->trans("StepNb", 4).': '; $fullurl = ''.DOL_URL_ROOT.'/install/'; -print $langs->trans("CallUpdatePage", $fullurl).'
'; +print str_replace('{s}', $fullurl, $langs->trans("CallUpdatePage", '{s}')).'
'; print ''.$langs->trans("StepNb", 5).': '; print $langs->trans("RestoreLock", $dolibarrdataroot.'/install.lock').'
'; @@ -133,8 +137,9 @@ print '
'; print $langs->trans("AddExtensionThemeModuleOrOther").'
'; print '
'; - -print $langs->trans("GoModuleSetupArea", DOL_URL_ROOT.'/admin/modules.php?mode=deploy', $langs->transnoentities("Home").' - '.$langs->transnoentities("Setup").' - '.$langs->transnoentities("Modules")); +$texttoshow = $langs->trans("GoModuleSetupArea", DOL_URL_ROOT.'/admin/modules.php?mode=deploy', '{s2}'); +$texttoshow = str_replace('{s2}', img_picto('', 'tools', 'class="pictofixedwidth"').$langs->transnoentities("Home").' - '.$langs->transnoentities("Setup").' - '.$langs->transnoentities("Modules"), $texttoshow); +print $texttoshow; // End of page llxFooter(); From 4dfc8bab93a5bef1ee226fb8496b953e1a0a15c9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 4 Aug 2021 12:28:13 +0200 Subject: [PATCH 02/34] Fix bad title --- htdocs/compta/prelevement/create.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/prelevement/create.php b/htdocs/compta/prelevement/create.php index be18099b6a8..f2d232780c9 100644 --- a/htdocs/compta/prelevement/create.php +++ b/htdocs/compta/prelevement/create.php @@ -232,7 +232,7 @@ if ($nb) { if ($pricetowithdraw) { $title = print $langs->trans('BankToReceiveWithdraw').': '; if ($type == 'bank-transfer') { - $title .= $langs->trans('BankToPayCreditTransfer').': '; + $title = $langs->trans('BankToPayCreditTransfer').': '; } print $title; $form->select_comptes($conf->global->PRELEVEMENT_ID_BANKACCOUNT, 'id_bankaccount', 0, "courant=1"); From 6dc8024d8702925cba437ace802216612ad1eb95 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 4 Aug 2021 12:30:48 +0200 Subject: [PATCH 03/34] Fix title --- htdocs/compta/prelevement/create.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/prelevement/create.php b/htdocs/compta/prelevement/create.php index f2d232780c9..72dfda2fe43 100644 --- a/htdocs/compta/prelevement/create.php +++ b/htdocs/compta/prelevement/create.php @@ -230,7 +230,7 @@ print ''; print ''; if ($nb) { if ($pricetowithdraw) { - $title = print $langs->trans('BankToReceiveWithdraw').': '; + $title = $langs->trans('BankToReceiveWithdraw').': '; if ($type == 'bank-transfer') { $title = $langs->trans('BankToPayCreditTransfer').': '; } From aaefb7b32495178fa9cafe172b20f107fc63f5bd Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 4 Aug 2021 12:38:28 +0200 Subject: [PATCH 04/34] Fix css --- htdocs/compta/prelevement/create.php | 3 ++- htdocs/core/ajax/selectsearchbox.php | 6 +++--- htdocs/core/search_page.php | 4 ++-- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/htdocs/compta/prelevement/create.php b/htdocs/compta/prelevement/create.php index 72dfda2fe43..92ccd5f7bce 100644 --- a/htdocs/compta/prelevement/create.php +++ b/htdocs/compta/prelevement/create.php @@ -235,7 +235,8 @@ if ($nb) { $title = $langs->trans('BankToPayCreditTransfer').': '; } print $title; - $form->select_comptes($conf->global->PRELEVEMENT_ID_BANKACCOUNT, 'id_bankaccount', 0, "courant=1"); + print img_picto('', 'bank_account'); + print $form->select_comptes($conf->global->PRELEVEMENT_ID_BANKACCOUNT, 'id_bankaccount', 0, "courant=1", 0, '', 0, '', 1); print ' - '; print $langs->trans('ExecutionDate').' '; diff --git a/htdocs/core/ajax/selectsearchbox.php b/htdocs/core/ajax/selectsearchbox.php index 509d10e7858..1814b476d06 100644 --- a/htdocs/core/ajax/selectsearchbox.php +++ b/htdocs/core/ajax/selectsearchbox.php @@ -110,13 +110,13 @@ if (!empty($conf->facture->enabled) && empty($conf->global->MAIN_SEARCHFORM_CUST } if (!empty($conf->supplier_proposal->enabled) && empty($conf->global->MAIN_SEARCHFORM_SUPPLIER_PROPAL_DISABLED) && $user->rights->supplier_proposal->lire) { - $arrayresult['searchintosupplierpropal'] = array('position'=>100, 'img'=>'object_propal', 'label'=>$langs->trans("SearchIntoSupplierProposals", $search_boxvalue), 'text'=>img_picto('', 'object_supplier_proposal').' '.$langs->trans("SearchIntoSupplierProposals", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/supplier_proposal/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : '')); + $arrayresult['searchintosupplierpropal'] = array('position'=>100, 'img'=>'object_supplier_proposal', 'label'=>$langs->trans("SearchIntoSupplierProposals", $search_boxvalue), 'text'=>img_picto('', 'object_supplier_proposal').' '.$langs->trans("SearchIntoSupplierProposals", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/supplier_proposal/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : '')); } if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) && $user->rights->fournisseur->commande->lire) || (!empty($conf->supplier_order->enabled) && $user->rights->supplier_order->lire)) && empty($conf->global->MAIN_SEARCHFORM_SUPPLIER_ORDER_DISABLED)) { - $arrayresult['searchintosupplierorder'] = array('position'=>110, 'img'=>'object_order', 'label'=>$langs->trans("SearchIntoSupplierOrders", $search_boxvalue), 'text'=>img_picto('', 'object_supplier_order').' '.$langs->trans("SearchIntoSupplierOrders", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/fourn/commande/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : '')); + $arrayresult['searchintosupplierorder'] = array('position'=>110, 'img'=>'object_supplier_order', 'label'=>$langs->trans("SearchIntoSupplierOrders", $search_boxvalue), 'text'=>img_picto('', 'object_supplier_order').' '.$langs->trans("SearchIntoSupplierOrders", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/fourn/commande/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : '')); } if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) && $user->rights->fournisseur->facture->lire) || (!empty($conf->supplier_invoice->enabled) && $user->rights->supplier_invoice->lire)) && empty($conf->global->MAIN_SEARCHFORM_SUPPLIER_INVOICE_DISABLED)) { - $arrayresult['searchintosupplierinvoice'] = array('position'=>120, 'img'=>'object_bill', 'label'=>$langs->trans("SearchIntoSupplierInvoices", $search_boxvalue), 'text'=>img_picto('', 'object_supplier_invoice').' '.$langs->trans("SearchIntoSupplierInvoices", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/fourn/facture/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : '')); + $arrayresult['searchintosupplierinvoice'] = array('position'=>120, 'img'=>'object_supplier_invoice', 'label'=>$langs->trans("SearchIntoSupplierInvoices", $search_boxvalue), 'text'=>img_picto('', 'object_supplier_invoice').' '.$langs->trans("SearchIntoSupplierInvoices", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/fourn/facture/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : '')); } // Customer payments diff --git a/htdocs/core/search_page.php b/htdocs/core/search_page.php index 8581776a2d8..2b82501208a 100644 --- a/htdocs/core/search_page.php +++ b/htdocs/core/search_page.php @@ -20,7 +20,7 @@ /** * \file htdocs/core/search_page.php - * \brief File to return a page with search boxes + * \brief File to return a page with the complete search form (all search input fields) */ //if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Not disabled cause need to load personalized language @@ -77,7 +77,7 @@ $hookmanager->initHooks(array('searchform')); // Define $searchform $searchform = ''; -if ($conf->use_javascript_ajax && 1 == 2) { // select2 is ko with jmobile +if ($conf->use_javascript_ajax && 1 == 2) { // select2 is not best with smartphone if (!is_object($form)) { $form = new Form($db); } From bf49309d581c13e26965da0a13dd1fc90ca7e663 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 4 Aug 2021 12:41:27 +0200 Subject: [PATCH 05/34] Fix css --- htdocs/compta/prelevement/create.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/prelevement/create.php b/htdocs/compta/prelevement/create.php index 92ccd5f7bce..1956cb14516 100644 --- a/htdocs/compta/prelevement/create.php +++ b/htdocs/compta/prelevement/create.php @@ -440,7 +440,7 @@ if ($resql) { } print '
'; + print ''; print price($obj->amount, 0, $langs, 0, 0, -1, $conf->currency); print ''.$obj->Engine.''.$langs->trans("Convert").' InnoDb'.$langs->trans("Convert").' InnoDb '; print $obj->Row_format; if (isset($obj->Row_format) && (in_array($obj->Row_format, array("Compact")))) { - print '
'.$langs->trans("Convert").' Dynamic'; + print '
'.$langs->trans("Convert").' Dynamic'; } print '		'.$obj->Rows.''.$obj->Check_time.''.$obj->Collation; if (isset($obj->Collation) && (in_array($obj->Collation, array("utf8mb4_general_ci", "utf8mb4_unicode_ci", "latin1_swedish_ci")))) { - print '
'.$langs->trans("Convert").' UTF8'; + print '
'.$langs->trans("Convert").' UTF8'; } print '
'.$langs->trans("ICS").'
'.$langs->trans("ICS").' ('.$langs->trans("StandingOrder").')'.$object->ics.'
'.$langs->trans("ICSTransfer").'
'.$langs->trans("ICS").' ('.$langs->trans("BankTransfer").')'.$object->ics_transfer.'
'.$langs->trans("ICS").'
'.$langs->trans("ICS").' ('.$langs->trans("StandingOrder").')
'.$langs->trans("ICSTransfer").'
'.$langs->trans("ICS").' ('.$langs->trans("BankTransfer").')
"; print $ligne->LibStatut($obj->statut, 2); print " "; - print ''; + print ''; print sprintf("%06s", $obj->rowid); print 'id.'">'; + print 'id.'&token='.newToken().'">'; //print img_edit_remove($langs->trans("Remove")); print img_picto($langs->trans("Remove"), 'switch_on'); print ''.$tva_static->getNomUrl(1).''; + print $tva_static->getNomUrl(1); + $filename = dol_sanitizeFileName($tva_static->ref); + $filedir = $conf->tax->dir_output.'/vat/'.dol_sanitizeFileName($tva_static->ref); + $urlsource = $_SERVER['PHP_SELF'].'?id='.$tva_static->id; + print $formfile->getDocumentsLink($tva_static->element, $filename, $filedir, '', 'valignmiddle paddingleft2imp'); + print '
' . $langs->trans("Amount") . '
' . $langs->trans("Amount") . '' . price($object->amount, 0, $outputlangs, 1, -1, -1, $conf->currency) . '
' . $langs->trans("Amount") . '' . price($object->amount, 0, $langs, 1, -1, -1, $conf->currency) . '
'; @@ -235,26 +248,26 @@ if ($object->id > 0) { print ''; if ($caneditperms) { print ''; } print ''; print ''; if ($user->admin) { - print ''; + print ''; } print ''."\n"; - $sql = "SELECT r.id, r.libelle as label, r.module"; + $sql = "SELECT r.id, r.libelle as label, r.module, r.perms, r.subperms, r.module_position, r.bydefault"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def as r"; $sql .= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous" - $sql .= " AND r.entity = ".$entity; + $sql .= " AND r.entity = ".((int) $entity); if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { $sql .= " AND r.perms NOT LIKE '%_advance'"; // Hide advanced perms if option is disable } - $sql .= " ORDER BY r.module, r.id"; + $sql .= " ORDER BY r.family_position, r.module_position, r.module, r.id"; $result = $db->query($sql); if ($result) { @@ -265,13 +278,16 @@ if ($object->id > 0) { while ($i < $num) { $obj = $db->fetch_object($result); - // If line is for a module that doe snot existe anymore (absent of includes/module), we ignore it + // If line is for a module that does not exist anymore (absent of includes/module), we ignore it if (empty($modules[$obj->module])) { $i++; continue; } - if ($oldmod <> $obj->module) { + $objMod = $modules[$obj->module]; + + // Break found, it's a new module to catch + if (isset($obj->module) && ($oldmod <> $obj->module)) { $oldmod = $obj->module; // Break detected, we get objMod @@ -286,21 +302,22 @@ if ($object->id > 0) { print ''; if ($caneditperms) { print ''; } else { print ''; } - print ''; - + print ''; + print ''; + // Permission id if ($user->admin) { print ''; } - print ''; + print ''."\n"; } print ''."\n"; @@ -315,7 +332,7 @@ if ($object->id > 0) { if (in_array($obj->id, $permsgroupbyentity[$entity])) { // Own permission by group if ($caneditperms) { - print ''; @@ -326,7 +343,7 @@ if ($object->id > 0) { } else { // Do not own permission if ($caneditperms) { - print ''; @@ -336,7 +353,7 @@ if ($object->id > 0) { } else { // Do not own permission if ($caneditperms) { - print ''; @@ -344,12 +361,25 @@ if ($object->id > 0) { print ''; } - $permlabel = ($conf->global->MAIN_USE_ADVANCED_PERMS && ($langs->trans("PermissionAdvanced".$obj->id) != ("PermissionAdvanced".$obj->id)) ? $langs->trans("PermissionAdvanced".$obj->id) : (($langs->trans("Permission".$obj->id) != ("Permission".$obj->id)) ? $langs->trans("Permission".$obj->id) : $langs->trans($obj->label))); - print ''; + // Description of permission + $permlabel = (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && ($langs->trans("PermissionAdvanced".$obj->id) != ("PermissionAdvanced".$obj->id)) ? $langs->trans("PermissionAdvanced".$obj->id) : (($langs->trans("Permission".$obj->id) != ("Permission".$obj->id)) ? $langs->trans("Permission".$obj->id) : $langs->trans($obj->label))); + print ''; // Permission id if ($user->admin) { - print ''; + print ''; } print ''."\n"; diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 957c7a3a819..5e96a76119c 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -90,7 +90,7 @@ $hookmanager->initHooks(array('usercard', 'userperms', 'globalcard')); * Actions */ -$parameters = array('id'=>$socid); +$parameters = array('socid'=>$socid); $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); @@ -193,7 +193,7 @@ $permsuser = array(); $sql = "SELECT DISTINCT ur.fk_id"; $sql .= " FROM ".MAIN_DB_PREFIX."user_rights as ur"; -$sql .= " WHERE ur.entity = ".$entity; +$sql .= " WHERE ur.entity = ".((int) $entity); $sql .= " AND ur.fk_user = ".((int) $object->id); dol_syslog("get user perms", LOG_DEBUG); @@ -386,7 +386,7 @@ if ($result) { // Picto and label of module print ''; // Permission and tick From c377e5ea3d418676a3b43e88fac7a1ab51f67fc1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 8 Aug 2021 12:09:18 +0200 Subject: [PATCH 31/34] Fix undefined method --- htdocs/user/group/perms.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/htdocs/user/group/perms.php b/htdocs/user/group/perms.php index 4bb95b46a89..e2c419b0543 100644 --- a/htdocs/user/group/perms.php +++ b/htdocs/user/group/perms.php @@ -99,9 +99,9 @@ if (empty($reshook)) { } else { dol_print_error($db); } - - $object->clearrights(); - $object->getrights(); + + $user->clearrights(); + $user->getrights(); } if ($action == 'delrights' && $caneditperms) { @@ -115,9 +115,9 @@ if (empty($reshook)) { } else { dol_print_error($db); } - - $object->clearrights(); - $object->getrights(); + + $user->clearrights(); + $user->getrights(); } } @@ -201,7 +201,7 @@ if ($object->id > 0) { /* * Part to add/remove permissions */ - + $linkback = ''.$langs->trans("BackToList").''; dol_banner_tab($object, 'id', $linkback, $user->rights->user->user->lire || $user->admin); @@ -285,7 +285,7 @@ if ($object->id > 0) { } $objMod = $modules[$obj->module]; - + // Break found, it's a new module to catch if (isset($obj->module) && ($oldmod <> $obj->module)) { $oldmod = $obj->module; @@ -311,7 +311,7 @@ if ($object->id > 0) { } print ''; print ''; - + // Permission id if ($user->admin) { print ''; From 28ff7c894bad496ca8f74522cb7e66e7e27f9929 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 8 Aug 2021 12:14:40 +0200 Subject: [PATCH 32/34] Fix missing permission --- htdocs/core/menus/standard/eldy.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 1fbd91cb623..28f2b52ed35 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -334,7 +334,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = // Accounting $tmpentry = array( 'enabled'=>(!empty($conf->comptabilite->enabled) || !empty($conf->accounting->enabled) || !empty($conf->asset->enabled) || !empty($conf->intracommreport->enabled)), - 'perms'=>(!empty($user->rights->compta->resultat->lire) || !empty($user->rights->accounting->mouvements->lire) || !empty($user->rights->asset->read) || !empty($user->rights->intracommreport->read)), + 'perms'=>(!empty($user->rights->compta->resultat->lire) || !empty($user->rights->accounting->comptarapport->lire) || !empty($user->rights->accounting->mouvements->lire) || !empty($user->rights->asset->read) || !empty($user->rights->intracommreport->read)), 'module'=>'comptabilite|accounting|asset|intracommreport' ); $menu_arr[] = array( From 78e993c9f3d253f7b103fc80948bcddc5ce1099a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 8 Aug 2021 12:23:14 +0200 Subject: [PATCH 33/34] Fix permission to read reports --- htdocs/accountancy/index.php | 2 +- htdocs/core/menus/standard/eldy.lib.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/accountancy/index.php b/htdocs/accountancy/index.php index 6e13a662948..1842c23f418 100644 --- a/htdocs/accountancy/index.php +++ b/htdocs/accountancy/index.php @@ -49,7 +49,7 @@ if (empty($user->rights->accounting->mouvements->lire)) { if (empty($conf->comptabilite->enabled) && empty($conf->accounting->enabled) && empty($conf->asset->enabled) && empty($conf->intracommreport->enabled)) { accessforbidden(); } -if (empty($user->rights->compta->resultat->lire) && empty($user->rights->accounting->mouvements->lire) && empty($user->rights->asset->read) && empty($user->rights->intracommreport->read)) { +if (empty($user->rights->compta->resultat->lire) && empty($user->rights->accounting->comptarapport->lire) && empty($user->rights->accounting->mouvements->lire) && empty($user->rights->asset->read) && empty($user->rights->intracommreport->read)) { accessforbidden(); } diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 28f2b52ed35..d0b30d97398 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -1205,7 +1205,7 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM // Accounting (Double entries) if (!empty($conf->accounting->enabled)) { - $permtoshowmenu = (!empty($conf->accounting->enabled) || $user->rights->accounting->bind->write || $user->rights->compta->resultat->lire); + //$permtoshowmenu = (!empty($conf->accounting->enabled) || $user->rights->accounting->bind->write || $user->rights->compta->resultat->lire); //$newmenu->add("/accountancy/index.php?leftmenu=accountancy", $langs->trans("MenuAccountancy"), 0, $permtoshowmenu, '', $mainmenu, 'accountancy'); // Configuration @@ -1342,7 +1342,7 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM } // Accounting - $newmenu->add("/accountancy/index.php?leftmenu=accountancy_accountancy", $langs->trans("MenuAccountancy"), 0, $user->rights->accounting->mouvements->lire, '', $mainmenu, 'accountancy', 1, '', '', '', img_picto('', 'accountancy', 'class="paddingright pictofixedwidth"')); + $newmenu->add("/accountancy/index.php?leftmenu=accountancy_accountancy", $langs->trans("MenuAccountancy"), 0, $user->rights->accounting->mouvements->lire || $user->rights->accounting->comptarapport->lire, '', $mainmenu, 'accountancy', 1, '', '', '', img_picto('', 'accountancy', 'class="paddingright pictofixedwidth"')); // General Ledger $newmenu->add("/accountancy/bookkeeping/listbyaccount.php?mainmenu=accountancy&leftmenu=accountancy_accountancy", $langs->trans("Bookkeeping"), 1, $user->rights->accounting->mouvements->lire); From 029da815b2071f3743d630f137a7e8ba4411068d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 8 Aug 2021 12:35:52 +0200 Subject: [PATCH 34/34] Code comment --- htdocs/core/class/commondocgenerator.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/commondocgenerator.class.php b/htdocs/core/class/commondocgenerator.class.php index 2a5e3391eb9..909178d4fb1 100644 --- a/htdocs/core/class/commondocgenerator.class.php +++ b/htdocs/core/class/commondocgenerator.class.php @@ -531,7 +531,7 @@ abstract class CommonDocGenerator $totalUp += $line->subprice * $line->qty; } - // @GS: Calculate total up and total discount percentage + // Calculate total up and total discount percentage // Note that this added fields does not match a field into database in Dolibarr (Dolibarr manage discount on lines not as a global property of object) $resarray['object_total_up'] = $totalUp; $resarray['object_total_up_locale'] = price($resarray['object_total_up'], 0, $outputlangs);
'.$langs->trans("Module").''; - print ''.$langs->trans("All").""; + print ''.$langs->trans("All").""; print '/'; - print ''.$langs->trans("None").""; + print ''.$langs->trans("None").""; print ' '.$langs->trans("Permissions").''.$langs->trans("ID").'
'; - print 'module.'&token='.newToken().'">'.$langs->trans("All").""; + print 'module.'&token='.newToken().'">'.$langs->trans("All").""; print '/'; - print 'module.'&token='.newToken().'">'.$langs->trans("None").""; + print 'module.'&token='.newToken().'">'.$langs->trans("None").""; print '    
id.'&token='.newToken().'">'; + print 'id.'&confirm=yes&token='.newToken().'">'; //print img_edit_remove($langs->trans("Remove")); print img_picto($langs->trans("Remove"), 'switch_on'); print 'id.'&token='.newToken().'">'; + print 'id.'&confirm=yes&token='.newToken().'">'; //print img_edit_add($langs->trans("Add")); print img_picto($langs->trans("Add"), 'switch_off'); print 'id.'&token='.newToken().'">'; + print 'id.'&confirm=yes&token='.newToken().'">'; //print img_edit_add($langs->trans("Add")); print img_picto($langs->trans("Add"), 'switch_off'); print ' '.$permlabel.''; + print $permlabel; + if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { + if (preg_match('/_advance$/', $obj->perms)) { + print ' ('.$langs->trans("AdvancedModeOnly").')'; + } + } + print ''.$obj->id.''; + $htmltext = $langs->trans("ID").': '.$obj->id; + $htmltext .= '
'.$langs->trans("Permission").': user->rights->'.$obj->module.'->'.$obj->perms.($obj->subperms ? '->'.$obj->subperms : ''); + print $form->textwithpicto('', $htmltext); + //print ''.$obj->id.''; + print '
'; - //print img_object('', $picto, 'class="pictoobjectwidth"').' '.$objMod->getName(); + //print img_object('', $picto, 'class="inline-block pictoobjectwidth"').' '.$objMod->getName(); print '