forked from Wavyzz/dolibarr
Sec: Remove functions accepting callable params - Reported by phdwg1410
This commit is contained in:
ldestailleur
@@ -10709,14 +10709,14 @@ function verifCond($strToEvaluate, $onlysimplestring = '1')
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Replace eval function to add more security.
|
* Replace eval function to add more security.
|
||||||
* This function is called by verifCond() or trans() and transnoentitiesnoconv().
|
* This function is called by verifCond() for example.
|
||||||
*
|
*
|
||||||
* @param string $s String to evaluate
|
* @param string $s String to evaluate
|
||||||
* @param int<0,1> $returnvalue 0=No return (deprecated, used to execute eval($a=something)). 1=Value of eval is returned (used to eval($something)).
|
* @param int<0,1> $returnvalue 0=No return (deprecated, used to execute eval($a=something)). 1=Value of eval is returned (used to eval($something)).
|
||||||
* @param int<0,1> $hideerrors 1=Hide errors
|
* @param int<0,1> $hideerrors 1=Hide errors
|
||||||
* @param string $onlysimplestring '0' (deprecated, do not use it anymore)=Accept all chars,
|
* @param string $onlysimplestring '0' (deprecated, do not use it anymore) = Accept all chars,
|
||||||
* '1' (most common use)=Accept only simple string with char 'a-z0-9\s^$_+-.*>&|=!?():"\',/@';',
|
* '1' (most common use) = Accept only simple string with char 'a-z0-9\s^$_+-.*>&|=!?():"\',/@';',
|
||||||
* '2' (used for example for the compute property of extrafields)=Accept also '<[]'
|
* '2' (used for example for the compute property of extrafields) = Accept also '<[]'
|
||||||
* @return void|string Nothing or return result of eval (even if type can be int, it is safer to assume string and find all potential typing issues as abs(dol_eval(...)).
|
* @return void|string Nothing or return result of eval (even if type can be int, it is safer to assume string and find all potential typing issues as abs(dol_eval(...)).
|
||||||
* @see verifCond(), checkPHPCode() to see sanitizing rules that should be very close.
|
* @see verifCond(), checkPHPCode() to see sanitizing rules that should be very close.
|
||||||
* @phan-suppress PhanPluginUnsafeEval
|
* @phan-suppress PhanPluginUnsafeEval
|
||||||
@@ -10860,16 +10860,28 @@ function dol_eval($s, $returnvalue = 1, $hideerrors = 1, $onlysimplestring = '1'
|
|||||||
$forbiddenphpstrings = array_merge($forbiddenphpstrings, array('_ENV', '_SESSION', '_COOKIE', '_GET', '_POST', '_REQUEST', 'ReflectionFunction'));
|
$forbiddenphpstrings = array_merge($forbiddenphpstrings, array('_ENV', '_SESSION', '_COOKIE', '_GET', '_POST', '_REQUEST', 'ReflectionFunction'));
|
||||||
|
|
||||||
// We list all forbidden function as keywords we don't want to see (we don't mind it if is "kewyord(" or just "keyword", we don't want "keyword" at all)
|
// We list all forbidden function as keywords we don't want to see (we don't mind it if is "kewyord(" or just "keyword", we don't want "keyword" at all)
|
||||||
|
// We must exclude all functions that allow to execute another function. This includes all function that has a parameter with type "callable" to avoid things
|
||||||
|
// like we can do with array_map and its callable parameter: dol_eval('json_encode(array_map(implode("",["ex","ec"]), ["id"]))', 1, 1, '0')
|
||||||
$forbiddenphpfunctions = array();
|
$forbiddenphpfunctions = array();
|
||||||
// @phpcs:ignore
|
// @phpcs:ignore
|
||||||
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("base64"."_"."decode", "rawurl"."decode", "url"."decode", "str"."_rot13", "hex"."2bin")); // name of forbidden functions are split to avoid false positive
|
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("base64"."_"."decode", "rawurl"."decode", "url"."decode", "str"."_rot13", "hex"."2bin")); // name of forbidden functions are split to avoid false positive
|
||||||
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("override_function", "session_id", "session_create_id", "session_regenerate_id"));
|
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("override_function", "session_id", "session_create_id", "session_regenerate_id"));
|
||||||
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("get_defined_functions", "get_defined_vars", "get_defined_constants", "get_declared_classes"));
|
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("get_defined_functions", "get_defined_vars", "get_defined_constants", "get_declared_classes"));
|
||||||
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("function", "call_user_func", "call_user_func_array"));
|
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("function", "call_user_func", "call_user_func_array"));
|
||||||
|
|
||||||
|
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("array_all", "array_any", "array_diff_ukey", "array_filter", "array_find", "array_find_key", "array_map", "array_reduce", "array_intersect_uassoc", "array_intersect_ukey", "array_walk", "array_walk_recursive"));
|
||||||
|
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("usort", "uasort", "uksort", "preg_replace_callback", "preg_replace_callback_array", "header_register_callback"));
|
||||||
|
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("set_error_handler", "set_exception_handler", "libxml_set_external_entity_loader", "register_shutdown_function", "register_tick_function", "unregister_tick_function"));
|
||||||
|
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("spl_autoload_register", "spl_autoload_unregister", "iterator_apply", "session_set_save_handler"));
|
||||||
|
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("forward_static_call", "forward_static_call_array", "register_postsend_function"));
|
||||||
|
|
||||||
|
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("ob_start"));
|
||||||
|
|
||||||
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("require", "include", "require_once", "include_once"));
|
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("require", "include", "require_once", "include_once"));
|
||||||
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("exec", "passthru", "shell_exec", "system", "proc_open", "popen"));
|
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("exec", "passthru", "shell_exec", "system", "proc_open", "popen"));
|
||||||
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("dol_eval", "executeCLI", "verifCond")); // native dolibarr functions
|
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("dol_eval", "executeCLI", "verifCond")); // native dolibarr functions
|
||||||
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("eval", "create_function", "assert", "mb_ereg_replace")); // function with eval capabilities
|
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("eval", "create_function", "assert", "mb_ereg_replace", "mb_ereg_replace_callback")); // function with eval capabilities
|
||||||
|
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("readline_completion_function", "readline_callback_handler_install"));
|
||||||
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("dol_compress_dir", "dol_decode", "dol_delete_file", "dol_delete_dir", "dol_delete_dir_recursive", "dol_copy", "archiveOrBackupFile")); // more dolibarr functions
|
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("dol_compress_dir", "dol_decode", "dol_delete_file", "dol_delete_dir", "dol_delete_dir_recursive", "dol_copy", "archiveOrBackupFile")); // more dolibarr functions
|
||||||
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("fopen", "file_put_contents", "fputs", "fputscsv", "fwrite", "fpassthru", "mkdir", "rmdir", "symlink", "touch", "unlink", "umask"));
|
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("fopen", "file_put_contents", "fputs", "fputscsv", "fwrite", "fpassthru", "mkdir", "rmdir", "symlink", "touch", "unlink", "umask"));
|
||||||
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("require", "include"));
|
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("require", "include"));
|
||||||
|
|||||||
@@ -40,6 +40,11 @@
|
|||||||
|
|
||||||
define('ALLOWED_IF_UPGRADE_UNLOCK_FOUND', 1);
|
define('ALLOWED_IF_UPGRADE_UNLOCK_FOUND', 1);
|
||||||
include_once 'inc.php';
|
include_once 'inc.php';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var string $conffile
|
||||||
|
*/
|
||||||
|
|
||||||
if (!file_exists($conffile)) {
|
if (!file_exists($conffile)) {
|
||||||
print 'Error: Dolibarr config file was not found. This may means that Dolibarr is not installed yet. Please call the page "/install/index.php" instead of "/install/upgrade.php").';
|
print 'Error: Dolibarr config file was not found. This may means that Dolibarr is not installed yet. Please call the page "/install/index.php" instead of "/install/upgrade.php").';
|
||||||
}
|
}
|
||||||
@@ -48,6 +53,11 @@ require_once $dolibarr_main_document_root.'/core/lib/admin.lib.php';
|
|||||||
|
|
||||||
global $langs;
|
global $langs;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var Conf $conf
|
||||||
|
* @var Translate $langs
|
||||||
|
*/
|
||||||
|
|
||||||
$grant_query = '';
|
$grant_query = '';
|
||||||
$step = 2;
|
$step = 2;
|
||||||
$ok = 0;
|
$ok = 0;
|
||||||
|
|||||||
@@ -43,6 +43,11 @@
|
|||||||
|
|
||||||
define('ALLOWED_IF_UPGRADE_UNLOCK_FOUND', 1);
|
define('ALLOWED_IF_UPGRADE_UNLOCK_FOUND', 1);
|
||||||
include_once 'inc.php';
|
include_once 'inc.php';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var string $conffile
|
||||||
|
*/
|
||||||
|
|
||||||
if (!file_exists($conffile)) {
|
if (!file_exists($conffile)) {
|
||||||
print 'Error: Dolibarr config file was not found. This may means that Dolibarr is not installed yet. Please call the page "/install/index.php" instead of "/install/upgrade.php").';
|
print 'Error: Dolibarr config file was not found. This may means that Dolibarr is not installed yet. Please call the page "/install/index.php" instead of "/install/upgrade.php").';
|
||||||
}
|
}
|
||||||
@@ -59,13 +64,17 @@ require_once $dolibarr_main_document_root.'/core/lib/files.lib.php';
|
|||||||
|
|
||||||
global $langs;
|
global $langs;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var Conf $conf
|
||||||
|
* @var Translate $langs
|
||||||
|
*/
|
||||||
|
|
||||||
$grant_query = '';
|
$grant_query = '';
|
||||||
$step = 2;
|
$step = 2;
|
||||||
$error = 0;
|
$error = 0;
|
||||||
|
|
||||||
|
|
||||||
// Cette page peut etre longue. On augmente le delai autorise.
|
// This page can be long. We increase the allowed delay, but this does not work when we are in safe_mode.
|
||||||
// Ne fonctionne que si on est pas en safe_mode.
|
|
||||||
$err = error_reporting();
|
$err = error_reporting();
|
||||||
error_reporting(0);
|
error_reporting(0);
|
||||||
if (getDolGlobalString('MAIN_OVERRIDE_TIME_LIMIT')) {
|
if (getDolGlobalString('MAIN_OVERRIDE_TIME_LIMIT')) {
|
||||||
@@ -230,17 +239,23 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
$db->begin();
|
$db->begin();
|
||||||
|
|
||||||
foreach ($listofentities as $entity) {
|
foreach ($listofentities as $entity) {
|
||||||
|
dol_syslog("Process upgrade2 for entity ".$entity);
|
||||||
|
|
||||||
// Set $conf context for entity
|
// Set $conf context for entity
|
||||||
$conf->setEntityValues($db, $entity);
|
$conf->setEntityValues($db, $entity);
|
||||||
|
|
||||||
// Reset forced setup after the setValues
|
// Reset forced setup after the setValues
|
||||||
if (defined('SYSLOG_FILE')) {
|
if (defined('SYSLOG_FILE')) {
|
||||||
$conf->global->SYSLOG_FILE = constant('SYSLOG_FILE');
|
$conf->global->SYSLOG_FILE = constant('SYSLOG_FILE');
|
||||||
}
|
}
|
||||||
$conf->global->MAIN_ENABLE_LOG_TO_HTML = 1;
|
|
||||||
|
$conf->global->MAIN_ENABLE_LOG_TO_HTML = 1; // Add also log into conf->logbuffer.
|
||||||
|
|
||||||
$versiontoarray = array();
|
$versiontoarray = array();
|
||||||
$versionranarray = array();
|
$versionranarray = array();
|
||||||
|
|
||||||
|
dol_syslog("Process upgrade2 d for entity ".$entity);
|
||||||
|
|
||||||
if (!$error) {
|
if (!$error) {
|
||||||
if (count($listofentities) > 1) {
|
if (count($listofentities) > 1) {
|
||||||
print '<tr><td colspan="4">*** '.$langs->trans("Entity").' '.$entity.'</td></tr>'."\n";
|
print '<tr><td colspan="4">*** '.$langs->trans("Entity").' '.$entity.'</td></tr>'."\n";
|
||||||
@@ -257,10 +272,11 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
$versiontoarray = explode('.', $versionto);
|
$versiontoarray = explode('.', $versionto);
|
||||||
$versionranarray = explode('.', DOL_VERSION);
|
$versionranarray = explode('.', DOL_VERSION);
|
||||||
|
|
||||||
|
|
||||||
$afterversionarray = explode('.', '2.0.0');
|
$afterversionarray = explode('.', '2.0.0');
|
||||||
$beforeversionarray = explode('.', '2.7.9');
|
$beforeversionarray = explode('.', '2.7.9');
|
||||||
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
||||||
|
dol_syslog("Run migrate_... versionto is between ".json_encode($afterversionarray)." and ".json_encode($beforeversionarray));
|
||||||
|
|
||||||
// Script pour V2 -> V2.1
|
// Script pour V2 -> V2.1
|
||||||
migrate_paiements($db, $langs, $conf);
|
migrate_paiements($db, $langs, $conf);
|
||||||
|
|
||||||
@@ -324,6 +340,8 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
$beforeversionarray = explode('.', '2.8.9');
|
$beforeversionarray = explode('.', '2.8.9');
|
||||||
//print $versionto.' '.versioncompare($versiontoarray,$afterversionarray).' '.versioncompare($versiontoarray,$beforeversionarray);
|
//print $versionto.' '.versioncompare($versiontoarray,$afterversionarray).' '.versioncompare($versiontoarray,$beforeversionarray);
|
||||||
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
||||||
|
dol_syslog("Run migrate_... versionto is between ".json_encode($afterversionarray)." and ".json_encode($beforeversionarray));
|
||||||
|
|
||||||
migrate_price_facture($db, $langs, $conf); // Code of this function works for 2.8+ because need a field tva_tx
|
migrate_price_facture($db, $langs, $conf); // Code of this function works for 2.8+ because need a field tva_tx
|
||||||
|
|
||||||
migrate_relationship_tables($db, $langs, $conf, 'co_exp', 'fk_commande', 'commande', 'fk_expedition', 'shipping');
|
migrate_relationship_tables($db, $langs, $conf, 'co_exp', 'fk_commande', 'commande', 'fk_expedition', 'shipping');
|
||||||
@@ -349,6 +367,8 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
$afterversionarray = explode('.', '2.8.9');
|
$afterversionarray = explode('.', '2.8.9');
|
||||||
$beforeversionarray = explode('.', '2.9.9');
|
$beforeversionarray = explode('.', '2.9.9');
|
||||||
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
||||||
|
dol_syslog("Run migrate_... versionto is between ".json_encode($afterversionarray)." and ".json_encode($beforeversionarray));
|
||||||
|
|
||||||
migrate_element_time($db, $langs, $conf);
|
migrate_element_time($db, $langs, $conf);
|
||||||
|
|
||||||
migrate_customerorder_shipping($db, $langs, $conf);
|
migrate_customerorder_shipping($db, $langs, $conf);
|
||||||
@@ -369,6 +389,8 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
$afterversionarray = explode('.', '3.0.9');
|
$afterversionarray = explode('.', '3.0.9');
|
||||||
$beforeversionarray = explode('.', '3.1.9');
|
$beforeversionarray = explode('.', '3.1.9');
|
||||||
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
||||||
|
dol_syslog("Run migrate_... versionto is between ".json_encode($afterversionarray)." and ".json_encode($beforeversionarray));
|
||||||
|
|
||||||
migrate_rename_directories($db, $langs, $conf, '/rss', '/externalrss');
|
migrate_rename_directories($db, $langs, $conf, '/rss', '/externalrss');
|
||||||
|
|
||||||
migrate_actioncomm_element($db, $langs, $conf);
|
migrate_actioncomm_element($db, $langs, $conf);
|
||||||
@@ -378,6 +400,8 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
$afterversionarray = explode('.', '3.1.9');
|
$afterversionarray = explode('.', '3.1.9');
|
||||||
$beforeversionarray = explode('.', '3.2.9');
|
$beforeversionarray = explode('.', '3.2.9');
|
||||||
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
||||||
|
dol_syslog("Run migrate_... versionto is between ".json_encode($afterversionarray)." and ".json_encode($beforeversionarray));
|
||||||
|
|
||||||
migrate_price_contrat($db, $langs, $conf);
|
migrate_price_contrat($db, $langs, $conf);
|
||||||
|
|
||||||
migrate_mode_reglement($db, $langs, $conf);
|
migrate_mode_reglement($db, $langs, $conf);
|
||||||
@@ -389,6 +413,8 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
$afterversionarray = explode('.', '3.2.9');
|
$afterversionarray = explode('.', '3.2.9');
|
||||||
$beforeversionarray = explode('.', '3.3.9');
|
$beforeversionarray = explode('.', '3.3.9');
|
||||||
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
||||||
|
dol_syslog("Run migrate_... versionto is between ".json_encode($afterversionarray)." and ".json_encode($beforeversionarray));
|
||||||
|
|
||||||
migrate_categorie_association($db, $langs, $conf);
|
migrate_categorie_association($db, $langs, $conf);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -399,6 +425,8 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
$afterversionarray = explode('.', '3.6.9'); // target is after this
|
$afterversionarray = explode('.', '3.6.9'); // target is after this
|
||||||
$beforeversionarray = explode('.', '3.7.9'); // target is before this
|
$beforeversionarray = explode('.', '3.7.9'); // target is before this
|
||||||
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
||||||
|
dol_syslog("Run migrate_... versionto is between ".json_encode($afterversionarray)." and ".json_encode($beforeversionarray));
|
||||||
|
|
||||||
migrate_event_assignement($db, $langs, $conf);
|
migrate_event_assignement($db, $langs, $conf);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -413,6 +441,8 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
$afterversionarray = explode('.', '3.9.9');
|
$afterversionarray = explode('.', '3.9.9');
|
||||||
$beforeversionarray = explode('.', '4.0.9');
|
$beforeversionarray = explode('.', '4.0.9');
|
||||||
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
||||||
|
dol_syslog("Run migrate_... versionto is between ".json_encode($afterversionarray)." and ".json_encode($beforeversionarray));
|
||||||
|
|
||||||
migrate_rename_directories($db, $langs, $conf, '/fckeditor', '/medias');
|
migrate_rename_directories($db, $langs, $conf, '/fckeditor', '/medias');
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -420,6 +450,8 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
$afterversionarray = explode('.', '4.0.9');
|
$afterversionarray = explode('.', '4.0.9');
|
||||||
$beforeversionarray = explode('.', '5.0.9');
|
$beforeversionarray = explode('.', '5.0.9');
|
||||||
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
||||||
|
dol_syslog("Run migrate_... versionto is between ".json_encode($afterversionarray)." and ".json_encode($beforeversionarray));
|
||||||
|
|
||||||
// Migrate to add entity value into llx_societe_remise
|
// Migrate to add entity value into llx_societe_remise
|
||||||
migrate_remise_entity($db, $langs, $conf);
|
migrate_remise_entity($db, $langs, $conf);
|
||||||
|
|
||||||
@@ -436,6 +468,8 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
|
|
||||||
// Only if the transverse mode is not used
|
// Only if the transverse mode is not used
|
||||||
if (empty($multicompany_transverse_mode)) {
|
if (empty($multicompany_transverse_mode)) {
|
||||||
|
dol_syslog("Run migrate_... versionto is between ".json_encode($afterversionarray)." and ".json_encode($beforeversionarray));
|
||||||
|
|
||||||
// Migrate to add entity value into llx_user_rights
|
// Migrate to add entity value into llx_user_rights
|
||||||
migrate_user_rights_entity($db, $langs, $conf);
|
migrate_user_rights_entity($db, $langs, $conf);
|
||||||
|
|
||||||
@@ -449,6 +483,8 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
$afterversionarray = explode('.', '6.0.9');
|
$afterversionarray = explode('.', '6.0.9');
|
||||||
$beforeversionarray = explode('.', '7.0.9');
|
$beforeversionarray = explode('.', '7.0.9');
|
||||||
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
||||||
|
dol_syslog("Run migrate_... versionto is between ".json_encode($afterversionarray)." and ".json_encode($beforeversionarray));
|
||||||
|
|
||||||
// Migrate contact association
|
// Migrate contact association
|
||||||
migrate_event_assignement_contact($db, $langs, $conf);
|
migrate_event_assignement_contact($db, $langs, $conf);
|
||||||
|
|
||||||
@@ -459,6 +495,8 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
$afterversionarray = explode('.', '7.0.9');
|
$afterversionarray = explode('.', '7.0.9');
|
||||||
$beforeversionarray = explode('.', '8.0.9');
|
$beforeversionarray = explode('.', '8.0.9');
|
||||||
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
||||||
|
dol_syslog("Run migrate_... versionto is between ".json_encode($afterversionarray)." and ".json_encode($beforeversionarray));
|
||||||
|
|
||||||
migrate_rename_directories($db, $langs, $conf, '/contracts', '/contract');
|
migrate_rename_directories($db, $langs, $conf, '/contracts', '/contract');
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -473,6 +511,8 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
$afterversionarray = explode('.', '10.0.9');
|
$afterversionarray = explode('.', '10.0.9');
|
||||||
$beforeversionarray = explode('.', '11.0.9');
|
$beforeversionarray = explode('.', '11.0.9');
|
||||||
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
||||||
|
dol_syslog("Run migrate_... versionto is between ".json_encode($afterversionarray)." and ".json_encode($beforeversionarray));
|
||||||
|
|
||||||
migrate_users_socialnetworks();
|
migrate_users_socialnetworks();
|
||||||
migrate_members_socialnetworks();
|
migrate_members_socialnetworks();
|
||||||
migrate_contacts_socialnetworks();
|
migrate_contacts_socialnetworks();
|
||||||
@@ -483,6 +523,8 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
$afterversionarray = explode('.', '13.0.9');
|
$afterversionarray = explode('.', '13.0.9');
|
||||||
$beforeversionarray = explode('.', '14.0.9');
|
$beforeversionarray = explode('.', '14.0.9');
|
||||||
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
||||||
|
dol_syslog("Run migrate_... versionto is between ".json_encode($afterversionarray)." and ".json_encode($beforeversionarray));
|
||||||
|
|
||||||
migrate_export_import_profiles('export');
|
migrate_export_import_profiles('export');
|
||||||
migrate_export_import_profiles('import');
|
migrate_export_import_profiles('import');
|
||||||
}
|
}
|
||||||
@@ -491,6 +533,8 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
$afterversionarray = explode('.', '15.0.9');
|
$afterversionarray = explode('.', '15.0.9');
|
||||||
$beforeversionarray = explode('.', '16.0.9');
|
$beforeversionarray = explode('.', '16.0.9');
|
||||||
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
||||||
|
dol_syslog("Run migrate_... versionto is between ".json_encode($afterversionarray)." and ".json_encode($beforeversionarray));
|
||||||
|
|
||||||
migrate_user_photospath();
|
migrate_user_photospath();
|
||||||
migrate_user_photospath2();
|
migrate_user_photospath2();
|
||||||
}
|
}
|
||||||
@@ -499,6 +543,8 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
$afterversionarray = explode('.', '16.0.9');
|
$afterversionarray = explode('.', '16.0.9');
|
||||||
$beforeversionarray = explode('.', '17.0.9');
|
$beforeversionarray = explode('.', '17.0.9');
|
||||||
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
||||||
|
dol_syslog("Run migrate_... versionto is between ".json_encode($afterversionarray)." and ".json_encode($beforeversionarray));
|
||||||
|
|
||||||
migrate_contractdet_rank();
|
migrate_contractdet_rank();
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -506,6 +552,8 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
$afterversionarray = explode('.', '17.0.9');
|
$afterversionarray = explode('.', '17.0.9');
|
||||||
$beforeversionarray = explode('.', '18.0.9');
|
$beforeversionarray = explode('.', '18.0.9');
|
||||||
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
||||||
|
dol_syslog("Run migrate_... versionto is between ".json_encode($afterversionarray)." and ".json_encode($beforeversionarray));
|
||||||
|
|
||||||
migrate_contractdet_rank();
|
migrate_contractdet_rank();
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -521,20 +569,27 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
$afterversionarray = explode('.', '19.0.9');
|
$afterversionarray = explode('.', '19.0.9');
|
||||||
$beforeversionarray = explode('.', '20.0.9');
|
$beforeversionarray = explode('.', '20.0.9');
|
||||||
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
||||||
|
dol_syslog("Run migrate_... versionto is between ".json_encode($afterversionarray)." and ".json_encode($beforeversionarray));
|
||||||
|
|
||||||
migrate_invoice_export_models();
|
migrate_invoice_export_models();
|
||||||
}
|
}
|
||||||
|
|
||||||
// Scripts for 21.0
|
// Scripts for 21.0
|
||||||
$afterversionarray = explode('.', '20.0.9');
|
$afterversionarray = explode('.', '20.0.9');
|
||||||
$beforeversionarray = explode('.', '21.0.9');
|
$beforeversionarray = explode('.', '21.0.9');
|
||||||
|
|
||||||
|
|
||||||
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
|
||||||
|
dol_syslog("Run migrate_... versionto is between ".json_encode($afterversionarray)." and ".json_encode($beforeversionarray));
|
||||||
|
|
||||||
migrate_productlot_path();
|
migrate_productlot_path();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// Code executed only if migration is LAST ONE. Must always be done.
|
// Code executed only if migration is LAST ONE. Must always be done.
|
||||||
if (versioncompare($versiontoarray, $versionranarray) >= 0 || versioncompare($versiontoarray, $versionranarray) <= -3) {
|
if (versioncompare($versiontoarray, $versionranarray) >= 0 || versioncompare($versiontoarray, $versionranarray) <= -3) {
|
||||||
|
dol_syslog("Run migrate_... if migration is LAST ONE");
|
||||||
|
|
||||||
// Reload modules (this must be always done and only into last targeted version, because code to reload module may need table structure of last version)
|
// Reload modules (this must be always done and only into last targeted version, because code to reload module may need table structure of last version)
|
||||||
$listofmodule = array(
|
$listofmodule = array(
|
||||||
'MAIN_MODULE_ACCOUNTING' => 'newboxdefonly',
|
'MAIN_MODULE_ACCOUNTING' => 'newboxdefonly',
|
||||||
@@ -579,6 +634,7 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
|
|||||||
if ($result < 0) {
|
if ($result < 0) {
|
||||||
$error++;
|
$error++;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Reload menus (this must be always and only into last targeted version)
|
// Reload menus (this must be always and only into last targeted version)
|
||||||
$result = migrate_reload_menu($db, $langs, $conf);
|
$result = migrate_reload_menu($db, $langs, $conf);
|
||||||
if ($result < 0) {
|
if ($result < 0) {
|
||||||
@@ -4400,7 +4456,7 @@ function migrate_reload_menu($db, $langs, $conf)
|
|||||||
/**
|
/**
|
||||||
* Migrate file from old path to new one for lot path
|
* Migrate file from old path to new one for lot path
|
||||||
*
|
*
|
||||||
* @return void
|
* @return int Return integer <0 if KO, >0 if OK
|
||||||
*/
|
*/
|
||||||
function migrate_productlot_path()
|
function migrate_productlot_path()
|
||||||
{
|
{
|
||||||
@@ -4415,10 +4471,14 @@ function migrate_productlot_path()
|
|||||||
|
|
||||||
print '<b>'.$langs->trans('MigrationProductLotPath')."</b><br>\n";
|
print '<b>'.$langs->trans('MigrationProductLotPath')."</b><br>\n";
|
||||||
|
|
||||||
$sql = "SELECT rowid , entity, batch, fk_product from ".MAIN_DB_PREFIX."product_lot";
|
$sql = "SELECT rowid, entity, batch, fk_product from ".MAIN_DB_PREFIX."product_lot";
|
||||||
$resql = $db->query($sql);
|
$resql = $db->query($sql);
|
||||||
|
|
||||||
if ($resql) {
|
if ($resql) {
|
||||||
$modulepart="product_batch";
|
$modulepart="product_batch";
|
||||||
|
|
||||||
|
$lot = new Productlot($db);
|
||||||
|
|
||||||
while ($obj = $db->fetch_object($resql)) {
|
while ($obj = $db->fetch_object($resql)) {
|
||||||
$entity = (empty($obj->entity) ? 1 : $obj->entity);
|
$entity = (empty($obj->entity) ? 1 : $obj->entity);
|
||||||
if ($entity > 1) {
|
if ($entity > 1) {
|
||||||
@@ -4427,16 +4487,23 @@ function migrate_productlot_path()
|
|||||||
$dir = $conf->productbatch->multidir_output[$entity];
|
$dir = $conf->productbatch->multidir_output[$entity];
|
||||||
}
|
}
|
||||||
|
|
||||||
$lot = new Productlot($db);
|
if ($dir) {
|
||||||
$res = $lot->fetch($obj->rowid, $obj->fk_product, $obj->batch);
|
$lot->id = $obj->rowid;
|
||||||
|
$lot->ref = $obj->id; // No ref for the moment
|
||||||
|
$lot->batch = $obj->batch;
|
||||||
|
$lot->entity = $obj->entity;
|
||||||
|
$lot->fk_product = $obj->fk_product;
|
||||||
|
|
||||||
|
$savref = $lot->ref;
|
||||||
|
|
||||||
if ($dir && $res > 0) {
|
|
||||||
$lot->ref = $obj->batch;
|
$lot->ref = $obj->batch;
|
||||||
$origin = $dir . '/' . get_exdir(0, 0, 0, 1, $lot, $modulepart);
|
$origin = $dir . '/' . get_exdir(0, 0, 0, 1, $lot, $modulepart);
|
||||||
|
|
||||||
$lot->fetch($obj->rowid, $obj->fk_product, $obj->batch);
|
$lot->ref = $savref; // So restore the id
|
||||||
$destin = $dir . '/' . get_exdir(0, 0, 0, 1, $lot, $modulepart);
|
$destin = $dir . '/' . get_exdir(0, 0, 0, 1, $lot, $modulepart);
|
||||||
|
|
||||||
|
//var_dump($origin.' -> '.$destin.' '.$lot->batch.' dir origin is '.dol_is_dir($origin));exit;
|
||||||
|
|
||||||
if (dol_is_dir($origin) && !dol_is_dir($destin)) {
|
if (dol_is_dir($origin) && !dol_is_dir($destin)) {
|
||||||
dol_move_dir($origin, $destin, 0);
|
dol_move_dir($origin, $destin, 0);
|
||||||
}
|
}
|
||||||
@@ -4444,6 +4511,8 @@ function migrate_productlot_path()
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
print '</td></tr>';
|
print '</td></tr>';
|
||||||
|
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -666,6 +666,18 @@ class SecurityTest extends CommonClassTest
|
|||||||
print "result = ".$result."\n";
|
print "result = ".$result."\n";
|
||||||
$this->assertStringContainsString('Bad string syntax to evaluate', $result, 'The string was not detected as evil');
|
$this->assertStringContainsString('Bad string syntax to evaluate', $result, 'The string was not detected as evil');
|
||||||
|
|
||||||
|
$result = dol_eval('json_encode(array_map(implode("",["ex","ec"]), ["id"]))', 1, 1, '1'); // result of dol_eval may be an object Closure
|
||||||
|
print "result4a = ".json_encode($result)."\n";
|
||||||
|
$this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result), 'The string was not detected as evil, it should due to the [ char and method "2"');
|
||||||
|
|
||||||
|
$result = dol_eval('json_encode(array_map(implode("",["ex","ec"]), ["id"]))', 1, 1, '2'); // result of dol_eval may be an object Closure
|
||||||
|
print "result4b = ".json_encode($result)."\n";
|
||||||
|
$this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result), 'The string was not detected as evil, it should due to the use of array_map');
|
||||||
|
|
||||||
|
$result = dol_eval('json_encode(array_map(implode("",array("ex","ec"), array("id")))', 1, 1, '1'); // result of dol_eval may be an object Closure
|
||||||
|
print "result4c = ".json_encode($result)."\n";
|
||||||
|
$this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result), 'The string was not detected as evil, it should due to the use of array_map');
|
||||||
|
|
||||||
$result = dol_eval('$a=function() { }; $a', 1, 1, '0'); // result of dol_eval may be an object Closure
|
$result = dol_eval('$a=function() { }; $a', 1, 1, '0'); // result of dol_eval may be an object Closure
|
||||||
print "result5 = ".json_encode($result)."\n";
|
print "result5 = ".json_encode($result)."\n";
|
||||||
$this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result), 'The string was not detected as evil');
|
$this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result), 'The string was not detected as evil');
|
||||||
|
|||||||
Reference in New Issue
Block a user