forked from Wavyzz/dolibarr
Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into develop
This commit is contained in:
Laurent Destailleur
@@ -309,12 +309,14 @@ print '<br>';
|
||||
|
||||
// Parameters in conf.php file (when a parameter start with ?, it is shown only if defined)
|
||||
$configfileparameters = array(
|
||||
'dolibarr_main_prod' => 'Production mode (Hide all error messages)',
|
||||
'dolibarr_main_instance_unique_id' => $langs->trans("InstanceUniqueID"),
|
||||
'separator0' => '',
|
||||
'dolibarr_main_url_root' => $langs->trans("URLRoot"),
|
||||
'?dolibarr_main_url_root_alt' => $langs->trans("URLRoot").' (alt)',
|
||||
'dolibarr_main_document_root'=> $langs->trans("DocumentRootServer"),
|
||||
'?dolibarr_main_document_root_alt' => $langs->trans("DocumentRootServer").' (alt)',
|
||||
'dolibarr_main_data_root' => $langs->trans("DataRootServer"),
|
||||
'dolibarr_main_instance_unique_id' => $langs->trans("InstanceUniqueID"),
|
||||
'separator1' => '',
|
||||
'dolibarr_main_db_host' => $langs->trans("DatabaseServer"),
|
||||
'dolibarr_main_db_port' => $langs->trans("DatabasePort"),
|
||||
@@ -324,7 +326,7 @@ $configfileparameters = array(
|
||||
'dolibarr_main_db_pass' => $langs->trans("DatabasePassword"),
|
||||
'dolibarr_main_db_character_set' => $langs->trans("DBStoringCharset"),
|
||||
'dolibarr_main_db_collation' => $langs->trans("DBSortingCollation"),
|
||||
'?dolibarr_main_db_prefix' => $langs->trans("Prefix"),
|
||||
'?dolibarr_main_db_prefix' => $langs->trans("DatabasePrefix"),
|
||||
'separator2' => '',
|
||||
'dolibarr_main_authentication' => $langs->trans("AuthenticationMode"),
|
||||
'?multicompany_transverse_mode'=> $langs->trans("MultiCompanyMode"),
|
||||
@@ -353,7 +355,6 @@ $configfileparameters = array(
|
||||
'?dolibarr_font_DOL_DEFAULT_TTF' => 'dolibarr_font_DOL_DEFAULT_TTF',
|
||||
'?dolibarr_font_DOL_DEFAULT_TTF_BOLD' => 'dolibarr_font_DOL_DEFAULT_TTF_BOLD',
|
||||
'separator4' => '',
|
||||
'dolibarr_main_prod' => 'Production mode (Hide all error messages)',
|
||||
'dolibarr_main_restrict_os_commands' => 'Restrict CLI commands for backups',
|
||||
'dolibarr_main_restrict_ip' => 'Restrict access to some IPs only',
|
||||
'?dolibarr_mailing_limit_sendbyweb' => 'Limit nb of email sent by page',
|
||||
@@ -400,8 +401,10 @@ foreach ($configfileparameters as $key => $value) {
|
||||
if (in_array($newkey, array('dolibarr_main_db_pass', 'dolibarr_main_auth_ldap_admin_pass'))) {
|
||||
if (empty($dolibarr_main_prod)) {
|
||||
print '<!-- '.${$newkey}.' -->';
|
||||
}
|
||||
print showValueWithClipboardCPButton(${$newkey}, 0, '********');
|
||||
} else {
|
||||
print '**********';
|
||||
}
|
||||
} elseif ($newkey == 'dolibarr_main_url_root' && preg_match('/__auto__/', ${$newkey})) {
|
||||
print ${$newkey}.' => '.constant('DOL_MAIN_URL_ROOT');
|
||||
} elseif ($newkey == 'dolibarr_main_document_root_alt') {
|
||||
@@ -420,9 +423,14 @@ foreach ($configfileparameters as $key => $value) {
|
||||
}
|
||||
} elseif ($newkey == 'dolibarr_main_instance_unique_id') {
|
||||
//print $conf->file->instance_unique_id;
|
||||
global $dolibarr_main_cookie_cryptkey;
|
||||
$valuetoshow = ${$newkey} ? ${$newkey} : $dolibarr_main_cookie_cryptkey; // Use $dolibarr_main_instance_unique_id first then $dolibarr_main_cookie_cryptkey
|
||||
print $valuetoshow;
|
||||
global $dolibarr_main_cookie_cryptkey, $dolibarr_main_instance_unique_id;
|
||||
$valuetoshow = $dolibarr_main_instance_unique_id ? $dolibarr_main_instance_unique_id : $dolibarr_main_cookie_cryptkey; // Use $dolibarr_main_instance_unique_id first then $dolibarr_main_cookie_cryptkey
|
||||
if (empty($dolibarr_main_prod)) {
|
||||
print '<!-- '.${$newkey}.' -->';
|
||||
print showValueWithClipboardCPButton($valuetoshow, 0, '********');
|
||||
} else {
|
||||
print '**********';
|
||||
}
|
||||
if (empty($valuetoshow)) {
|
||||
print img_warning("EditConfigFileToAddEntry", 'dolibarr_main_instance_unique_id');
|
||||
}
|
||||
|
||||
@@ -829,8 +829,8 @@ class Account extends CommonObject
|
||||
$sql .= ",min_desired = ".($this->min_desired != '' ? price2num($this->min_desired) : "null");
|
||||
$sql .= ",comment = '".$this->db->escape($this->comment)."'";
|
||||
|
||||
$sql .= ",state_id = ".($this->state_id > 0 ? $this->state_id : "null");
|
||||
$sql .= ",fk_pays = ".($this->country_id > 0 ? $this->country_id : "null");
|
||||
$sql .= ",state_id = ".($this->state_id > 0 ? ((int) $this->state_id) : "null");
|
||||
$sql .= ",fk_pays = ".($this->country_id > 0 ? ((int) $this->country_id) : "null");
|
||||
$sql .= ",ics = '".$this->db->escape($this->ics)."'";
|
||||
$sql .= ",ics_transfer = '".$this->db->escape($this->ics_transfer)."'";
|
||||
|
||||
|
||||
@@ -260,13 +260,13 @@ class Cchargesociales
|
||||
// Update request
|
||||
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET';
|
||||
$sql .= ' libelle = '.(isset($this->libelle) ? "'".$this->db->escape($this->libelle)."'" : "null").',';
|
||||
$sql .= ' deductible = '.(isset($this->deductible) ? $this->deductible : "null").',';
|
||||
$sql .= ' active = '.(isset($this->active) ? $this->active : "null").',';
|
||||
$sql .= ' deductible = '.(isset($this->deductible) ? ((int) $this->deductible) : "null").',';
|
||||
$sql .= ' active = '.(isset($this->active) ? ((int) $this->active) : "null").',';
|
||||
$sql .= ' code = '.(isset($this->code) ? "'".$this->db->escape($this->code)."'" : "null").',';
|
||||
$sql .= ' fk_pays = '.(isset($this->fk_pays) ? $this->fk_pays : "null").',';
|
||||
$sql .= ' fk_pays = '.((isset($this->fk_pays) && $this->fk_pays > 0) ? ((int) $this->fk_pays) : "null").',';
|
||||
$sql .= ' module = '.(isset($this->module) ? "'".$this->db->escape($this->module)."'" : "null").',';
|
||||
$sql .= ' accountancy_code = '.(isset($this->accountancy_code) ? "'".$this->db->escape($this->accountancy_code)."'" : "null");
|
||||
$sql .= ' WHERE id='.$this->id;
|
||||
$sql .= ' WHERE id='.((int) $this->id);
|
||||
|
||||
$this->db->begin();
|
||||
|
||||
|
||||
@@ -476,8 +476,8 @@ function getRandomPassword($generic = false, $replaceambiguouschars = null, $len
|
||||
}
|
||||
|
||||
$generated_password = str_shuffle($randomCode);
|
||||
} else // Old platform, non cryptographic random
|
||||
{
|
||||
} else {
|
||||
// Old platform, non cryptographic random
|
||||
$max = strlen($lowercase) - 1;
|
||||
for ($x = 0; $x < $nbofchar; $x++) {
|
||||
$tmp = mt_rand(0, $max);
|
||||
|
||||
@@ -99,7 +99,7 @@ class modGeneratePassStandard extends ModeleGenPassword
|
||||
$password = "";
|
||||
|
||||
// define possible characters
|
||||
$possible = "0123456789bcdfghjkmnpqrstvwxyz";
|
||||
$possible = "0123456789qwertyuiopasdfghjklzxcvbnmASDFGHJKLZXCVBNMQWERTYUIOP";
|
||||
|
||||
// set up a counter
|
||||
$i = 0;
|
||||
@@ -107,10 +107,13 @@ class modGeneratePassStandard extends ModeleGenPassword
|
||||
// add random characters to $password until $length is reached
|
||||
while ($i < $this->length) {
|
||||
// pick a random character from the possible ones
|
||||
if (function_exists('random_int')) { // Cryptographic random
|
||||
$char = substr($possible, random_int(0, dol_strlen($possible) - 1), 1);
|
||||
} else {
|
||||
$char = substr($possible, mt_rand(0, dol_strlen($possible) - 1), 1);
|
||||
}
|
||||
|
||||
// we don't want this character if it's already in the password
|
||||
if (!strstr($password, $char)) {
|
||||
if (substr_count($password, $char) <= 6) { // we don't want this character if it's already 5 times in the password
|
||||
$password .= $char;
|
||||
$i++;
|
||||
}
|
||||
|
||||
@@ -554,7 +554,7 @@ if (empty($reshook)) {
|
||||
}
|
||||
|
||||
// We set country_id, country_code and country for the selected country
|
||||
$object->country_id = GETPOST('country_id') != '' ?GETPOST('country_id') : $mysoc->country_id;
|
||||
$object->country_id = GETPOST('country_id', 'int') != '' ? GETPOST('country_id', 'int') : $mysoc->country_id;
|
||||
if ($object->country_id) {
|
||||
$tmparray = getCountry($object->country_id, 'all');
|
||||
$object->country_code = $tmparray['code'];
|
||||
|
||||
@@ -894,7 +894,7 @@ class Societe extends CommonObject
|
||||
$sql .= ", ".(!empty($user->id) ? ((int) $user->id) : "null");
|
||||
$sql .= ", ".(!empty($this->typent_id) ? ((int) $this->typent_id) : "null");
|
||||
$sql .= ", ".(!empty($this->canvas) ? "'".$this->db->escape($this->canvas)."'" : "null");
|
||||
$sql .= ", ".$this->status;
|
||||
$sql .= ", ".((int) $this->status);
|
||||
$sql .= ", ".(!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null");
|
||||
$sql .= ", 0";
|
||||
$sql .= ", ".(int) $this->fk_incoterms;
|
||||
@@ -1369,8 +1369,8 @@ class Societe extends CommonObject
|
||||
$sql .= ",zip = ".(!empty($this->zip) ? "'".$this->db->escape($this->zip)."'" : "null");
|
||||
$sql .= ",town = ".(!empty($this->town) ? "'".$this->db->escape($this->town)."'" : "null");
|
||||
|
||||
$sql .= ",fk_departement = '".(!empty($this->state_id) ? $this->state_id : '0')."'";
|
||||
$sql .= ",fk_pays = '".(!empty($this->country_id) ? $this->country_id : '0')."'";
|
||||
$sql .= ",fk_departement = ".((!empty($this->state_id) && $this->state_id > 0) ? ((int) $this->state_id) : 'null');
|
||||
$sql .= ",fk_pays = ".((!empty($this->country_id) && $this->country_id > 0) ? ((int) $this->country_id) : 'null');
|
||||
|
||||
$sql .= ",phone = ".(!empty($this->phone) ? "'".$this->db->escape($this->phone)."'" : "null");
|
||||
$sql .= ",fax = ".(!empty($this->fax) ? "'".$this->db->escape($this->fax)."'" : "null");
|
||||
|
||||
@@ -87,14 +87,14 @@ if (empty($reshook)) {
|
||||
// Validate new password
|
||||
if ($action == 'validatenewpassword' && $username && $passworduidhash) {
|
||||
$edituser = new User($db);
|
||||
$result = $edituser->fetch('', $_GET["username"]);
|
||||
$result = $edituser->fetch('', $username);
|
||||
if ($result < 0) {
|
||||
$message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorLoginDoesNotExists", $username)).'</div>';
|
||||
} else {
|
||||
global $dolibarr_main_instance_unique_id;
|
||||
|
||||
//print $edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id.' '.$passworduidhash;
|
||||
if (dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id, $passworduidhash)) {
|
||||
if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id, $passworduidhash)) {
|
||||
// Clear session
|
||||
unset($_SESSION['dol_login']);
|
||||
$_SESSION['dol_loginmesg'] = $langs->trans('NewPasswordValidated'); // Save message for the session page
|
||||
|
||||
@@ -323,8 +323,8 @@ class SecurityTest extends PHPUnit\Framework\TestCase
|
||||
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject lll');
|
||||
|
||||
$test="Text with ' encoded with the numeric html entity converted into text entity ' (like when submited by CKEditor)";
|
||||
$result=testSqlAndScriptInject($test, 0);
|
||||
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject mmm');
|
||||
$result=testSqlAndScriptInject($test, 0); // result must be 0
|
||||
$this->assertEquals(0, $result, 'Error on testSqlAndScriptInject mmm');
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user