Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

NEW All ajax pages have now a top_httphead()

Browse Source
This commit is contained in:
Laurent Destailleur
2022-09-03 20:08:13 +02:00
parent a7c17f59b9
commit cfd3eeb245
23 changed files with 84 additions and 290 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/adherents/note.php
View File

@@ -146,7 +146,7 @@ if ($id) {
print '<tr><td>'.$langs->trans("Company").'</td><td class="valeur">'.dol_escape_htmltag($object->company).'</td></tr>';
// Civility
print '<tr><td>'.$langs->trans("UserTitle").'</td><td class="valeur">'.$object->getCivilityLabel().'&nbsp;</td>';
print '<tr><td>'.$langs->trans("UserTitle").'</td><td class="valeur">'.$object->getCivilityLabel().'</td>';
print '</tr>';
print "</table>";

17
htdocs/admin/dolistore/ajax/image.php
View File

@@ -27,14 +27,17 @@ if (!defined('NOTOKENRENEWAL')) {
* \ingroup admin
* \brief Page des informations dolistore
*/
require "../../../main.inc.php";
// CORE
global $lang, $user, $conf;
require_once DOL_DOCUMENT_ROOT.'/admin/dolistore/class/dolistore.class.php';
/*
* View
*/
top_httphead('image');
$dolistore = new Dolistore();
$id_product = GETPOST('id_product', 'int');
@@ -51,7 +54,7 @@ try {
);
//echo $url;
$request = $api->executeRequest($url, array(CURLOPT_CUSTOMREQUEST => 'GET'));
header('Content-type:image');
print $request['response'];
} catch (PrestaShopWebserviceException $e) {
// Here we are dealing with errors

7
htdocs/blockedlog/ajax/authority.php
View File

@@ -44,6 +44,13 @@ require_once DOL_DOCUMENT_ROOT.'/blockedlog/class/authority.class.php';
$user = new User($db);
$user->fetch(1); //TODO conf user authority
/*
* View
*/
top_httphead();
$auth = new BlockedLogAuthority($db);
$signature = GETPOST('s');

7
htdocs/blockedlog/ajax/block-add.php
View File

@@ -42,6 +42,13 @@ $id = GETPOST('id', 'int');
$element = GETPOST('element', 'alpha');
$action = GETPOST('action', 'aZ09');
/*
* View
*/
top_httphead();
if ($element === 'facture') {
require_once DOL_DOCUMENT_ROOT.'/blockedlog/class/blockedlog.class.php';
require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';

2
htdocs/blockedlog/ajax/block-info.php
View File

@@ -54,6 +54,8 @@ $langs->loadLangs(array("admin"));
* View
*/
top_httphead();
print '<div id="pop-info"><table width="100%" height="80%" class="border"><thead><th width="50%" class="left">'.$langs->trans('Field').'</th><th class="left">'.$langs->trans('Value').'</th></thead>';
print '<tbody>';

6
htdocs/blockedlog/ajax/check_signature.php
View File

@@ -48,6 +48,12 @@ if (empty($conf->global->BLOCKEDLOG_AUTHORITY_URL)) {
}
/*
* View
*/
top_httphead();
$auth = new BlockedLogAuthority($db);
$auth->syncSignatureWithAuthority();

2
htdocs/comm/action/rapport/index.php
View File

@@ -29,7 +29,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/modules/action/rapport.pdf.php';
require_once DOL_DOCUMENT_ROOT.'/core/modules/action/rapport.class.php';
// Load translation files required by the page
$langs->loadLangs(array("agenda", "commercial"));

2
htdocs/core/ajax/fetchKnowledgeRecord.php
View File

@@ -66,6 +66,8 @@ $lang = GETPOST('lang', 'aZ09');
* View
*/
top_httphead('application/json');
if ($action == "getKnowledgeRecord") {
$response = '';
$sql = "SELECT kr.rowid, kr.ref, kr.question, kr.answer,kr.url,ctc.code";

7
htdocs/core/ajax/fileupload.php
View File

@@ -50,6 +50,13 @@ $element = GETPOST('element', 'alpha');
$upload_handler = new FileUpload(null, $fk_element, $element);
/*
* View
*/
top_httphead();
header('Pragma: no-cache');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Content-Disposition: inline; filename="files.json"');

2
htdocs/core/ajax/onlineSign.php
View File

@@ -91,6 +91,8 @@ if (empty($SECUREKEY) || !dol_verifyHash($securekeyseed.$type.$ref.(!isModEnable
* View
*/
top_httphead();
if ($action == "importSignature") {
if (!empty($signature) && $signature[0] == "image/png;base64") {
$signature = $signature[1];

2
htdocs/core/ajax/selectsearchbox.php
View File

@@ -25,6 +25,8 @@
// This script is called with a POST method or as an include.
if (!isset($usedbyinclude) || empty($usedbyinclude)) {
top_httphead('application/json');
if (!defined('NOTOKENRENEWAL')) {
define('NOTOKENRENEWAL', 1); // Disables token renewal
}

2
htdocs/core/class/html.form.class.php
View File

@@ -8635,7 +8635,7 @@ class Form
print '</table>';
if (!empty($compatibleImportElementsList)) {
$res = @include dol_buildpath('core/tpl/ajax/objectlinked_lineimport.tpl.php');
$res = @include dol_buildpath('core/tpl/objectlinked_lineimport.tpl.php');
}

36
htdocs/core/class/html.formfile.class.php
View File

@@ -71,7 +71,7 @@ class FormFile
* @param Object $object Object to use (when attachment is done on an element)
* @param string $options Add an option column
* @param integer $useajax Use fileupload ajax (0=never, 1=if enabled, 2=always whatever is option).
* Deprecated 2 should never be used and if 1 is used, option should no be enabled.
* Deprecated 2 should never be used and if 1 is used, option should not be enabled.
* @param string $savingdocmask Mask to use to define output filename. For example 'XXXXX-__YYYYMMDD__-__file__'
* @param integer $linkfiles 1=Also add form to link files, 0=Do not show form to link files
* @param string $htmlname Name and id of HTML form ('formuserfile' by default, 'formuserfileecm' when used to upload a file in ECM)
@@ -104,7 +104,8 @@ class FormFile
// TODO: This does not support option savingdocmask
// TODO: This break feature to upload links too
// TODO: Thisdoes not work when param nooutput=1
return $this->_formAjaxFileUpload($object);
//return $this->_formAjaxFileUpload($object);
return 'Feature too bugged so removed';
} else {
//If there is no permission and the option to hide unauthorized actions is enabled, then nothing is printed
if (!$perm && !empty($conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED)) {
@@ -1919,37 +1920,6 @@ class FormFile
// Fin de zone
}
/**
* Show form to upload a new file with jquery fileupload.
* This form use the fileupload.php file.
*
* @param Object $object Object to use
* @return void
*/
private function _formAjaxFileUpload($object)
{
global $langs, $conf;
// PHP post_max_size
$post_max_size = ini_get('post_max_size');
$mul_post_max_size = substr($post_max_size, -1);
$mul_post_max_size = ($mul_post_max_size == 'M' ? 1048576 : ($mul_post_max_size == 'K' ? 1024 : ($mul_post_max_size == 'G' ? 1073741824 : 1)));
$post_max_size = $mul_post_max_size * (int) $post_max_size;
// PHP upload_max_filesize
$upload_max_filesize = ini_get('upload_max_filesize');
$mul_upload_max_filesize = substr($upload_max_filesize, -1);
$mul_upload_max_filesize = ($mul_upload_max_filesize == 'M' ? 1048576 : ($mul_upload_max_filesize == 'K' ? 1024 : ($mul_upload_max_filesize == 'G' ? 1073741824 : 1)));
$upload_max_filesize = $mul_upload_max_filesize * (int) $upload_max_filesize;
// Max file size
$max_file_size = (($post_max_size < $upload_max_filesize) ? $post_max_size : $upload_max_filesize);
// Include main
include DOL_DOCUMENT_ROOT.'/core/tpl/ajax/fileupload_main.tpl.php';
// Include template
include DOL_DOCUMENT_ROOT.'/core/tpl/ajax/fileupload_view.tpl.php';
}
/**
* Show array with linked files
*

2
htdocs/core/modules/action/rapport.pdf.php → htdocs/core/modules/action/rapport.class.php
View File

@@ -19,7 +19,7 @@
*/
/**
* \file htdocs/core/modules/action/rapport.pdf.php
* \file htdocs/core/modules/action/rapport.class.php
* \ingroup commercial
* \brief File to build PDF with events
*/

96
htdocs/core/tpl/ajax/fileupload_main.tpl.php
View File

@@ -1,96 +0,0 @@
<?php
/* Copyright (C) 2011-2013 Regis Houssin <regis.houssin@inodbox.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
// Protection to avoid direct call of template
if (empty($conf) || !is_object($conf)) {
print "Error, template page can't be called as URL";
exit;
}
?>
<!-- START TEMPLATE FILE UPLOAD MAIN -->
<script>
window.locale = {
"fileupload": {
"errors": {
"maxFileSize": "<?php echo $langs->trans('FileIsTooBig'); ?>",
"minFileSize": "<?php echo $langs->trans('FileIsTooSmall'); ?>",
"acceptFileTypes": "<?php echo $langs->trans('FileTypeNotAllowed'); ?>",
"maxNumberOfFiles": "<?php echo $langs->trans('MaxNumberOfFilesExceeded'); ?>",
"uploadedBytes": "<?php echo $langs->trans('UploadedBytesExceedFileSize'); ?>",
"emptyResult": "<?php echo $langs->trans('EmptyFileUploadResult'); ?>"
},
"error": "<?php echo $langs->trans('Error'); ?>",
"start": "<?php echo $langs->trans('Start'); ?>",
"cancel": "<?php echo $langs->trans("Cancel"); ?>",
"destroy": "<?php echo $langs->trans('Delete'); ?>"
}
};
$(function () {
'use strict';
// Initialize the jQuery File Upload widget:
$('#fileupload').fileupload();
// Events
$('#fileupload').fileupload({
stop: function (e, data) {
location.href='<?php echo dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]); ?>';
},
destroy: function (e, data) {
var that = $(this).data('fileupload');
$( "#confirm-delete" ).dialog({
resizable: false,
width: 400,
modal: true,
buttons: {
"<?php echo $langs->trans('Ok'); ?>": function() {
$( "#confirm-delete" ).dialog( "close" );
if (data.url) {
$.ajax({
method: "POST",
data: { token: '<?php echo currentToken(); ?>' },
url: data.url
}).success(function (data) {
if (data) {
that._adjustMaxNumberOfFiles(1);
$(this).fadeOut(function () {
$(this).remove();
$.jnotify("<?php echo $langs->trans('FileIsDelete'); ?>");
});
} else {
$.jnotify("<?php echo $langs->trans('ErrorFileNotDeleted'); ?>", "error", true);
}
});
} else {
data.context.fadeOut(function () {
$(this).remove();
});
}
},
"<?php echo $langs->trans("Cancel"); ?>": function() {
$( "#confirm-delete" ).dialog( "close" );
}
}
});
}
});
});
</script>
<!-- END TEMPLATE FILE UPLOAD MAIN -->

147
htdocs/core/tpl/ajax/fileupload_view.tpl.php
View File

@@ -1,147 +0,0 @@
<?php
/* Copyright (C) 2011-2012 Regis Houssin <regis.houssin@inodbox.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
// Protection to avoid direct call of template
if (empty($conf) || !is_object($conf)) {
print "Error, template page can't be called as URL";
exit;
}
?>
<!-- START TEMPLATE FILE UPLOAD -->
<!-- The file upload form used as target for the file upload widget -->
<form id="fileupload" action="<?php echo DOL_URL_ROOT; ?>/core/ajax/fileupload.php" method="POST" enctype="multipart/form-data">
<input type="hidden" name="fk_element" value="<?php echo $object->id; ?>">
<input type="hidden" name="element" value="<?php echo $object->element; ?>">
<input type="hidden" name="redirect" value="<?php echo $_SERVER['PHP_SELF'].'?id='.$object->id; ?>">
<!-- The fileupload-buttonbar contains buttons to add/delete files and start/cancel the upload -->
<div class="row fileupload-buttonbar">
<div class="span7">
<!-- The fileinput-button span is used to style the file input field as button -->
<span class="btn btn-success fileinput-button">
<i class="icon-plus icon-white"></i>
<span><?php echo $langs->trans('AddFiles'); ?></span>
<?php
$maxfilesizearray = getMaxFileSizeArray();
$maxmin = $maxfilesizearray['maxmin'];
if ($maxmin > 0) {
print '<input type="hidden" name="MAX_FILE_SIZE" value="'.($maxmin * 1024).'">'; // MAX_FILE_SIZE must precede the field type=file
}
?>
<input type="file" name="files[]" multiple>
</span>
<button type="submit" class="btn btn-primary start">
<i class="icon-upload icon-white"></i>
<span><?php echo $langs->trans('StartUpload'); ?></span>
</button>
<button type="reset" class="btn btn-warning cancel">
<i class="icon-ban-circle icon-white"></i>
<span><?php echo $langs->trans('CancelUpload'); ?></span>
</button>
<!--
<button type="button" class="btn btn-danger delete">
<i class="icon-trash icon-white"></i>
<span><?php echo $langs->trans('Delete'); ?></span>
</button>
<input type="checkbox" class="toggle">
-->
</div>
<!-- The global progress information -->
<div class="span5 fileupload-progress fade">
<!-- The global progress bar -->
<!--
<div class="progress progress-success progress-striped active" role="progressbar" aria-valuemin="0" aria-valuemax="100">
<div class="bar" style="width:0%;"></div>
</div>
-->
<!-- The extended global progress information -->
<div class="progress-extended">&nbsp;</div>
</div>
</div>
<!-- The loading indicator is shown during file processing -->
<div class="fileupload-loading"></div>
<br>
<!-- The table listing the files available for upload/download -->
<table role="presentation" class="table table-striped"><tbody class="files" data-toggle="modal-gallery" data-target="#modal-gallery"></tbody></table>
</form>
<!-- The template to display files available for upload -->
<!-- Warning id on script is not W3C compliant and is reported as error by phpcs but it is required by fileupload plugin -->
<script id="template-upload" type="text/x-tmpl">
{% for (var i=0, file; file=o.files[i]; i++) { %}
<tr class="template-upload fade">
<td class="preview"><span class="fade"></span></td>
<td class="name"><span>{%=file.name%}</span></td>
<td class="size"><span>{%=o.formatFileSize(file.size)%}</span></td>
{% if (file.error) { %}
<td class="error" colspan="2"><span class="label label-important">{%=locale.fileupload.error%}</span> {%=locale.fileupload.errors[file.error] || file.error%}</td>
{% } else if (o.files.valid && !i) { %}
<td>
<div class="progress progress-success progress-striped active" role="progressbar" aria-valuemin="0" aria-valuemax="100" aria-valuenow="0"><div class="bar" style="width:0%;"></div></div>
</td>
<td class="start">{% if (!o.options.autoUpload) { %}
<button class="btn btn-primary">
<i class="icon-upload icon-white"></i>
<span>{%=locale.fileupload.start%}</span>
</button>
{% } %}</td>
{% } else { %}
<td colspan="2"></td>
{% } %}
<td class="cancel">{% if (!i) { %}
<button class="btn btn-warning">
<i class="icon-ban-circle icon-white"></i>
<span>{%=locale.fileupload.cancel%}</span>
</button>
{% } %}</td>
</tr>
{% } %}
</script>
<!-- The template to display files available for download -->
<!-- Warning id on script is not W3C compliant and is reported as error by phpcs but it is required by jfilepload plugin -->
<script id="template-download" type="text/x-tmpl">
{% for (var i=0, file; file=o.files[i]; i++) { %}
<tr class="template-download fade">
{% if (file.error) { %}
<td></td>
<td class="name"><span>{%=file.name%}</span></td>
<td class="size"><span>{%=o.formatFileSize(file.size)%}</span></td>
<td class="error" colspan="2"><span class="label label-important">{%=locale.fileupload.error%}</span> {%=locale.fileupload.errors[file.error] || file.error%}</td>
{% } else { %}
<td class="preview">{% if (file.thumbnail_url) { %}
<a href="{%=file.url%}" title="{%=file.name%}" rel="gallery" download="{%=file.name%}"><img src="{%=file.thumbnail_url%}"></a>
{% } %}</td>
<td class="name">
<a href="{%=file.url%}" title="{%=file.name%}" rel="{%=file.thumbnail_url&&'gallery'%}" download="{%=file.name%}">{%=file.name%}</a>
</td>
<td class="size"><span>{%=o.formatFileSize(file.size)%}</span></td>
<td colspan="2"></td>
{% } %}
<td class="delete">
<button class="btn btn-danger" data-type="{%=file.delete_type%}" data-url="{%=file.delete_url%}">
<i class="icon-trash icon-white"></i>
<span>{%=locale.fileupload.destroy%}</span>
</button>
<input type="checkbox" name="delete" value="1">
</td>
</tr>
{% } %}
</script>
<br>
<!-- END PHP TEMPLATE -->

0
htdocs/core/tpl/ajax/objectlinked_lineimport.tpl.php → htdocs/core/tpl/objectlinked_lineimport.tpl.php
View File

4
htdocs/mrp/ajax/ajax_bom.php
View File

@@ -46,13 +46,15 @@ require '../../main.inc.php'; // Load $user and permissions
require_once DOL_DOCUMENT_ROOT.'/bom/class/bom.class.php';
$idbom = GETPOST('idbom', 'alpha');
$action = GETPOST('action', 'aZ09');
//$action = GETPOST('action', 'aZ09');
/*
* View
*/
top_httphead('application/json');
$object = new BOM($db);
$result = $object->fetch($idbom);
if ($result > 0) {

2
htdocs/product/ajax/products.php
View File

@@ -79,6 +79,8 @@ if ($action == 'fetch' && !empty($id)) {
require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
top_httphead('application/json');
$outjson = array();
$object = new Product($db);

7
htdocs/product/inventory/ajax/searchfrombarcode.php
View File

@@ -58,6 +58,13 @@ $warehousefound = 0;
$warehouseid = 0;
$objectreturn = array();
/*
* View
*/
top_httphead('application/json');
if ($action == "existbarcode" && !empty($barcode)) {
if (!empty($mode) && $mode == "lotserial") {
$sql = "SELECT ps.fk_entrepot, ps.fk_product, p.barcode, ps.reel, pb.batch";

2
htdocs/salaries/ajax/ajaxsalaries.php
View File

@@ -52,6 +52,8 @@ restrictedArea($user, 'salaries');
* View
*/
top_httphead('application/json');
$fk_user = GETPOST('fk_user', 'int');
$return_arr = array();

2
htdocs/stripe/ajax/ajax.php
View File

@@ -59,6 +59,8 @@ if (empty($user->rights->takepos->run)) {
* View
*/
top_httphead('application/json');
if ($action == 'getConnexionToken') {
try {
// Be sure to authenticate the endpoint for creating connection tokens.

18
test/phpunit/CodingPhpTest.php
View File

@@ -198,7 +198,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase
|| preg_match('/boxes\/box_/', $file['relativename'])
|| preg_match('/modules\/.*\/doc\/(doc|pdf)_/', $file['relativename'])
|| preg_match('/modules\/(import|mailings|printing)\//', $file['relativename'])
|| in_array($file['name'], array('modules_boxes.php', 'rapport.pdf.php', 'TraceableDB.php'))) {
|| in_array($file['name'], array('modules_boxes.php', 'TraceableDB.php'))) {
// Check into Class files
if (! in_array($file['name'], array(
'api.class.php',
@@ -247,6 +247,20 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase
}
}
// Check we don't miss top_httphead() into any ajax pages
if (preg_match('/ajax\//', $file['relativename'])) {
print "Analyze ajax page ".$file['relativename']."\n";
$ok=true;
$matches=array();
preg_match_all('/top_httphead/', $filecontent, $matches, PREG_SET_ORDER);
if (count($matches) == 0) {
$ok=false;
}
//print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
$this->assertTrue($ok, 'Did not find top_httphead into the ajax page '.$file['relativename']);
//exit;
}
// Check if a var_dump has been forgotten
if (!preg_match('/test\/phpunit/', $file['fullname'])) {
$ok=true;
@@ -463,7 +477,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase
foreach ($matches as $key => $val) {
//var_dump($val);
if (!in_array($val[1], array(
"'replacestring'", "'htmlheader'", "'WEBSITE_HTML_HEADER'", "'WEBSITE_CSS_INLINE'", "'WEBSITE_JS_INLINE'", "'WEBSITE_MANIFEST_JSON'", "'PAGE_CONTENT'", "'WEBSITE_README'",
"'replacestring'", "'htmlheader'", "'WEBSITE_HTML_HEADER'", "'WEBSITE_CSS_INLINE'", "'WEBSITE_JS_INLINE'", "'WEBSITE_MANIFEST_JSON'", "'PAGE_CONTENT'", "'WEBSITE_README'", "'WEBSITE_LICENSE'",
'"mysqldump"', '"postgresqldump"',
"'db_pass_root'", "'db_pass'", '"pass"', '"pass1"', '"pass2"', '"password"', "'password'",
'"MAIN_MAIL_SMTPS_PW"', '"MAIN_MAIL_SMTPS_PW_EMAILING"', '"MAIN_MAIL_SMTPS_PW_TICKET"'))) {