Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

FIX Security fixes (filter onload js, less verbose error message in

Browse Source 
download and viewimage, show info to encourage dolibarr_main_prod=1)
This commit is contained in:
Laurent Destailleur
2017-09-06 11:39:30 +02:00
parent 9cc344f8cc
commit d26b2a694d
7 changed files with 215 additions and 211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
htdocs/admin/company.php
View File

@@ -49,7 +49,7 @@ $error=0;
* Actions
*/
if ( ($action == 'update' && empty($_POST["cancel"]))
if ( ($action == 'update' && ! GETPOST("cancel",'alpha'))
|| ($action == 'updateedit') )
{
$tmparray=getCountry(GETPOST('country_id','int'),'all',$db,$langs,0);
@@ -63,18 +63,18 @@ if ( ($action == 'update' && empty($_POST["cancel"]))
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_COUNTRY", $s,'chaine',0,'',$conf->entity);
}
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOM",$_POST["nom"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ADDRESS",$_POST["address"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TOWN",$_POST["town"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ZIP",$_POST["zipcode"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_STATE",$_POST["state_id"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_MONNAIE",$_POST["currency"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TEL",$_POST["tel"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FAX",$_POST["fax"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MAIL",$_POST["mail"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_WEB",$_POST["web"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOTE",$_POST["note"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_GENCOD",$_POST["barcode"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOM", GETPOST("nom",'nohtml'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ADDRESS", GETPOST("address",'nohtml'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TOWN", GETPOST("town",'nohtml'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ZIP", GETPOST("zipcode",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_STATE", GETPOST("state_id",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_MONNAIE", GETPOST("currency",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TEL", GETPOST("tel",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FAX", GETPOST("fax",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MAIL", GETPOST("mail",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_WEB", GETPOST("web",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOTE", GETPOST("note",'none'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_GENCOD", GETPOST("barcode",'alpha'),'chaine',0,'',$conf->entity);
$varforimage='logo'; $dirforimage=$conf->mycompany->dir_output.'/logos/';
if ($_FILES[$varforimage]["tmp_name"])
@@ -144,26 +144,26 @@ if ( ($action == 'update' && empty($_POST["cancel"]))
}
}
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MANAGERS",$_POST["MAIN_INFO_SOCIETE_MANAGERS"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_CAPITAL",$_POST["capital"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FORME_JURIDIQUE",$_POST["forme_juridique_code"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SIREN",$_POST["siren"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SIRET",$_POST["siret"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_APE",$_POST["ape"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_RCS",$_POST["rcs"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_PROFID5",$_POST["MAIN_INFO_PROFID5"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_PROFID6",$_POST["MAIN_INFO_PROFID6"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MANAGERS", GETPOST("MAIN_INFO_SOCIETE_MANAGERS",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_CAPITAL", GETPOST("capital",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FORME_JURIDIQUE", GETPOST("forme_juridique_code",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SIREN", GETPOST("siren",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SIRET", GETPOST("siret",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_APE", GETPOST("ape",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_RCS", GETPOST("rcs",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_PROFID5", GETPOST("MAIN_INFO_PROFID5",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_PROFID6", GETPOST("MAIN_INFO_PROFID6",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_TVAINTRA",$_POST["tva"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_OBJECT",$_POST["object"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_TVAINTRA", GETPOST("tva",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_OBJECT", GETPOST("object",'nohtml'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "SOCIETE_FISCAL_MONTH_START",$_POST["fiscalmonthstart"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "SOCIETE_FISCAL_MONTH_START", GETPOST("fiscalmonthstart",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "FACTURE_TVAOPTION",$_POST["optiontva"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "FACTURE_TVAOPTION", GETPOST("optiontva",'alpha'),'chaine',0,'',$conf->entity);
// Local taxes
dolibarr_set_const($db, "FACTURE_LOCAL_TAX1_OPTION",$_POST["optionlocaltax1"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "FACTURE_LOCAL_TAX2_OPTION",$_POST["optionlocaltax2"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "FACTURE_LOCAL_TAX1_OPTION", GETPOST("optionlocaltax1",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "FACTURE_LOCAL_TAX2_OPTION", GETPOST("optionlocaltax2",'alpha'),'chaine',0,'',$conf->entity);
if($_POST["optionlocaltax1"]=="localtax1on")
{
@@ -173,9 +173,9 @@ if ( ($action == 'update' && empty($_POST["cancel"]))
}
else
{
dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX1", GETPOST('lt1'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX1", GETPOST('lt1','alpha'),'chaine',0,'',$conf->entity);
}
dolibarr_set_const($db,"MAIN_INFO_LOCALTAX_CALC1", $_POST["clt1"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db,"MAIN_INFO_LOCALTAX_CALC1", GETPOST("clt1",'alpha'),'chaine',0,'',$conf->entity);
}
if($_POST["optionlocaltax2"]=="localtax2on")
{
@@ -185,9 +185,9 @@ if ( ($action == 'update' && empty($_POST["cancel"]))
}
else
{
dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX2", GETPOST('lt2'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX2", GETPOST('lt2','alpha'),'chaine',0,'',$conf->entity);
}
dolibarr_set_const($db,"MAIN_INFO_LOCALTAX_CALC2", $_POST["clt2"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db,"MAIN_INFO_LOCALTAX_CALC2", GETPOST("clt2",'alpha'),'chaine',0,'',$conf->entity);
}
if ($action != 'updateedit' && ! $error)
@@ -311,20 +311,20 @@ if ($action == 'edit' || $action == 'updateedit')
// Name
print '<tr class="oddeven"><td class="fieldrequired"><label for="name">'.$langs->trans("CompanyName").'</label></td><td>';
print '<input name="nom" id="name" class="minwidth200" value="'. ($conf->global->MAIN_INFO_SOCIETE_NOM?$conf->global->MAIN_INFO_SOCIETE_NOM:$_POST["nom"]) . '" autofocus="autofocus"></td></tr>'."\n";
print '<input name="nom" id="name" class="minwidth200" value="'. ($conf->global->MAIN_INFO_SOCIETE_NOM?$conf->global->MAIN_INFO_SOCIETE_NOM: GETPOST("nom",'nohtml')) . '" autofocus="autofocus"></td></tr>'."\n";
// Addresse
print '<tr class="oddeven"><td><label for="address">'.$langs->trans("CompanyAddress").'</label></td><td>';
print '<textarea name="address" id="address" class="quatrevingtpercent" rows="'.ROWS_3.'">'. ($conf->global->MAIN_INFO_SOCIETE_ADDRESS?$conf->global->MAIN_INFO_SOCIETE_ADDRESS:$_POST["address"]) . '</textarea></td></tr>'."\n";
print '<textarea name="address" id="address" class="quatrevingtpercent" rows="'.ROWS_3.'">'. ($conf->global->MAIN_INFO_SOCIETE_ADDRESS?$conf->global->MAIN_INFO_SOCIETE_ADDRESS: GETPOST("address",'nohtml')) . '</textarea></td></tr>'."\n";
print '<tr class="oddeven"><td><label for="zipcode">'.$langs->trans("CompanyZip").'</label></td><td>';
print '<input class="minwidth100" name="zipcode" id="zipcode" value="'. ($conf->global->MAIN_INFO_SOCIETE_ZIP?$conf->global->MAIN_INFO_SOCIETE_ZIP:$_POST["zipcode"]) . '"></td></tr>'."\n";
print '<input class="minwidth100" name="zipcode" id="zipcode" value="'. ($conf->global->MAIN_INFO_SOCIETE_ZIP?$conf->global->MAIN_INFO_SOCIETE_ZIP: GETPOST("zipcode",'alpha')) . '"></td></tr>'."\n";
print '<tr class="oddeven"><td><label for="town">'.$langs->trans("CompanyTown").'</label></td><td>';
print '<input name="town" class="minwidth100" id="town" value="'. ($conf->global->MAIN_INFO_SOCIETE_TOWN?$conf->global->MAIN_INFO_SOCIETE_TOWN:$_POST["town"]) . '"></td></tr>'."\n";
print '<input name="town" class="minwidth100" id="town" value="'. ($conf->global->MAIN_INFO_SOCIETE_TOWN?$conf->global->MAIN_INFO_SOCIETE_TOWN: GETPOST("town",'nohtml')) . '"></td></tr>'."\n";
// Country
@@ -394,7 +394,7 @@ if ($action == 'edit' || $action == 'updateedit')
// Note
print '<tr class="oddeven"><td class="tdtop"><label for="note">'.$langs->trans("Note").'</label></td><td>';
print '<textarea class="flat quatrevingtpercent" name="note" id="note" rows="'.ROWS_5.'">'.(! empty($conf->global->MAIN_INFO_SOCIETE_NOTE) ? $conf->global->MAIN_INFO_SOCIETE_NOTE : '').'</textarea></td></tr>';
print '<textarea class="flat quatrevingtpercent" name="note" id="note" rows="'.ROWS_5.'">'.(GETPOST('note','none') ? GETPOST('note','none') : $conf->global->MAIN_INFO_SOCIETE_NOTE).'</textarea></td></tr>';
print '</td></tr>';
print '</table>';

91
htdocs/admin/menus/edit.php
View File

@@ -85,25 +85,25 @@ if ($action == 'update')
}
$menu = new Menubase($db);
$result=$menu->fetch($_POST['menuId']);
$result=$menu->fetch(GETPOST('menuId', 'int'));
if ($result > 0)
{
$menu->titre=$_POST['titre'];
$menu->leftmenu=$_POST['leftmenu'];
$menu->url=$_POST['url'];
$menu->langs=$_POST['langs'];
$menu->position=$_POST['position'];
$menu->enabled=$_POST['enabled'];
$menu->perms=$_POST['perms'];
$menu->target=$_POST['target'];
$menu->user=$_POST['user'];
if (is_numeric($_POST['menuIdParent']))
$menu->titre=GETPOST('titre', 'alpha');
$menu->leftmenu=GETPOST('leftmenu', 'alpha');
$menu->url=GETPOST('url','alpha');
$menu->langs=GETPOST('langs','alpha');
$menu->position=GETPOST('position','int');
$menu->enabled=GETPOST('enabled','alpha');
$menu->perms=GETPOST('perms','alpha');
$menu->target=GETPOST('target','alpha');
$menu->user=GETPOST('user','alpha');
if (is_numeric(GETPOST('menuIdParent','alpha')))
{
$menu->fk_menu=$_POST['menuIdParent'];
$menu->fk_menu=GETPOST('menuIdParent','alpha');
}
else
{
if ($_POST['type'] == 'top') $menu->fk_menu=0;
if (GETPOST('type','alpha') == 'top') $menu->fk_menu=0;
else $menu->fk_menu=-1;
$menu->fk_mainmenu=$mainmenu;
$menu->fk_leftmenu=$leftmenu;
@@ -123,7 +123,6 @@ if ($action == 'update')
{
setEventMessages($menu->error, $menu->errors, 'errors');
}
$_GET["menuId"] = $_POST['menuId'];
$action = "edit";
}
else
@@ -148,9 +147,9 @@ if ($action == 'add')
}
$leftmenu=''; $mainmenu='';
if (! empty($_POST['menuId']) && ! is_numeric($_POST['menuId']))
if (GETPOST('menuId','int') && ! is_numeric(GETPOST('menuId','int')))
{
$tmp=explode('&',$_POST['menuId']);
$tmp=explode('&',GETPOST('menuId','int'));
foreach($tmp as $s)
{
if (preg_match('/fk_mainmenu=/',$s))
@@ -197,7 +196,7 @@ if ($action == 'add')
$action = 'create';
$error++;
}
if (! $error && empty($_POST['menuId']) && $_POST['type'] == 'left')
if (! $error && ! $_POST['menuId'] && $_POST['type'] == 'left')
{
setEventMessages($langs->trans("ErrorLeftMenuMustHaveAParentId"), null, 'errors');
$action = 'create';
@@ -207,23 +206,23 @@ if ($action == 'add')
if (! $error)
{
$menu = new Menubase($db);
$menu->menu_handler=preg_replace('/_menu$/','',$_POST['menu_handler']);
$menu->type=$_POST['type'];
$menu->titre=$_POST['titre'];
$menu->url=$_POST['url'];
$menu->langs=$_POST['langs'];
$menu->position=$_POST['position'];
$menu->enabled=$_POST['enabled'];
$menu->perms=$_POST['perms'];
$menu->target=$_POST['target'];
$menu->user=$_POST['user'];
if (is_numeric($_POST['menuId']))
$menu->menu_handler=preg_replace('/_menu$/','',GETPOST('menu_handler','aZ09'));
$menu->type=GETPOST('type','alpha');
$menu->titre=GETPOST('titre','alpha');
$menu->url=GETPOST('url','alpha');
$menu->langs=GETPOST('langs','alpha');
$menu->position=GETPOST('position','int');
$menu->enabled=GETPOST('enabled','alpha');
$menu->perms=GETPOST('perms','alpha');
$menu->target=GETPOST('target','alpha');
$menu->user=GETPOST('user','alpha');
if (is_numeric(GETPOST('menuId','int')))
{
$menu->fk_menu=$_POST['menuId'];
$menu->fk_menu=GETPOST('menuId','int');
}
else
{
if ($_POST['type'] == 'top') $menu->fk_menu=0;
if (GETPOST('type','alpha') == 'top') $menu->fk_menu=0;
else $menu->fk_menu=-1;
$menu->fk_mainmenu=$mainmenu;
$menu->fk_leftmenu=$leftmenu;
@@ -232,7 +231,7 @@ if ($action == 'add')
$result=$menu->create($user);
if ($result > 0)
{
header("Location: ".DOL_URL_ROOT."/admin/menus/index.php?menu_handler=".$_POST['menu_handler']);
header("Location: ".DOL_URL_ROOT."/admin/menus/index.php?menu_handler=".GETPOST('menu_handler','aZ09'));
exit;
}
else
@@ -306,7 +305,7 @@ if ($action == 'create')
print load_fiche_titre($langs->trans("NewMenu"),'','title_setup');
print '<form action="./edit.php?action=add&menuId='.$_GET['menuId'].'" method="post" name="formmenucreate">';
print '<form action="./edit.php?action=add&menuId='.GETPOST('menuId', 'int').'" method="post" name="formmenucreate">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
dol_fiche_head();
@@ -314,8 +313,8 @@ if ($action == 'create')
print '<table class="border" width="100%">';
// Id
$parent_rowid = $_GET['menuId'];
if ($_GET['menuId'])
$parent_rowid = GETPOST('menuId', 'int');
if (GETPOST('menuId', 'int'))
{
$sql = "SELECT m.rowid, m.mainmenu, m.leftmenu, m.level, m.langs FROM ".MAIN_DB_PREFIX."menu as m WHERE m.rowid = ".GETPOST('menuId', 'int');
$res = $db->query($sql);
@@ -375,35 +374,35 @@ if ($action == 'create')
}
else
{
print '<td><input type="text" size="48" id="menuId" name="menuId" value="'.($_POST["menuId"]?$_POST["menuId"]:'').'"></td>';
print '<td><input type="text" size="48" id="menuId" name="menuId" value="'.(GETPOST("menuId", 'int')?GETPOST("menuId", 'int'):'').'"></td>';
}
print '<td>'.$langs->trans('DetailMenuIdParent');
print ', '.$langs->trans("Example").': fk_mainmenu=abc&fk_leftmenu=def';
print '</td></tr>';
// Title
print '<tr><td class="fieldrequired">'.$langs->trans('Title').'</td><td><input type="text" size="30" name="titre" value="'.$_POST["titre"].'"></td><td>'.$langs->trans('DetailTitre').'</td></tr>';
print '<tr><td class="fieldrequired">'.$langs->trans('Title').'</td><td><input type="text" size="30" name="titre" value="'.dol_escape_htmltag(GETPOST("titre",'alpha')).'"></td><td>'.$langs->trans('DetailTitre').'</td></tr>';
// URL
print '<tr><td class="fieldrequired">'.$langs->trans('URL').'</td><td><input type="text" size="60" name="url" value="'.$_POST["url"].'"></td><td>'.$langs->trans('DetailUrl').'</td></tr>';
print '<tr><td class="fieldrequired">'.$langs->trans('URL').'</td><td><input type="text" size="60" name="url" value="'.GETPOST("url",'alpha').'"></td><td>'.$langs->trans('DetailUrl').'</td></tr>';
// Langs
print '<tr><td>'.$langs->trans('LangFile').'</td><td><input type="text" size="30" name="langs" value="'.$parent_langs.'"></td><td>'.$langs->trans('DetailLangs').'</td></tr>';
// Position
print '<tr><td>'.$langs->trans('Position').'</td><td><input type="text" size="5" name="position" value="'.(isset($_POST["position"])?$_POST["position"]:100).'"></td><td>'.$langs->trans('DetailPosition').'</td></tr>';
print '<tr><td>'.$langs->trans('Position').'</td><td><input type="text" size="5" name="position" value="'.dol_escape_htmltag(isset($_POST["position"])?$_POST["position"]:100).'"></td><td>'.$langs->trans('DetailPosition').'</td></tr>';
// Target
print '<tr><td>'.$langs->trans('Target').'</td><td><select class="flat" name="target">';
print '<option value=""'.($menu->target==""?' selected':'').'>'.$langs->trans('').'</option>';
print '<option value=""'.($menu->target==""?' selected':'').'>&nbsp;</option>';
print '<option value="_blank"'.($menu->target=="_blank"?' selected':'').'>'.$langs->trans('_blank').'</option>';
print '</select></td></td><td>'.$langs->trans('DetailTarget').'</td></tr>';
// Enabled
print '<tr><td>'.$langs->trans('Enabled').'</td><td><input type="text" size="60" name="enabled" value="'.$_POST["enabled"].'"></td><td>'.$langs->trans('DetailEnabled').'</td></tr>';
print '<tr><td>'.$langs->trans('Enabled').'</td><td><input type="text" size="60" name="enabled" value="'.GETPOST("enabled",'alpha').'"></td><td>'.$langs->trans('DetailEnabled').'</td></tr>';
// Perms
print '<tr><td>'.$langs->trans('Rights').'</td><td><input type="text" size="60" name="perms" value="'.$_POST["perms"].'"></td><td>'.$langs->trans('DetailRight').'</td></tr>';
print '<tr><td>'.$langs->trans('Rights').'</td><td><input type="text" size="60" name="perms" value="'.GETPOST('perms','alpha').'"></td><td>'.$langs->trans('DetailRight').'</td></tr>';
print '</table>';
@@ -426,14 +425,14 @@ elseif ($action == 'edit')
print '<form action="./edit.php?action=update" method="POST" name="formmenuedit">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="handler_origine" value="'.$menu_handler.'">';
print '<input type="hidden" name="menuId" value="'.$_GET['menuId'].'">';
print '<input type="hidden" name="menuId" value="'.GETPOST('menuId', 'int').'">';
dol_fiche_head();
print '<table class="border" width="100%">';
$menu = new Menubase($db);
$result=$menu->fetch($_GET['menuId']);
$result=$menu->fetch(GETPOST('menuId', 'int'));
//var_dump($menu);
// Id
@@ -472,20 +471,20 @@ elseif ($action == 'edit')
//print '<tr><td>'.$langs->trans('Level').'</td><td>'.$menu->level.'</td><td>'.$langs->trans('DetailLevel').'</td></tr>';
// Title
print '<tr><td class="fieldrequired">'.$langs->trans('Title').'</td><td><input type="text" size="30" name="titre" value="'.$menu->titre.'"></td><td>'.$langs->trans('DetailTitre').'</td></tr>';
print '<tr><td class="fieldrequired">'.$langs->trans('Title').'</td><td><input type="text" size="30" name="titre" value="'.dol_escape_htmltag($menu->titre).'"></td><td>'.$langs->trans('DetailTitre').'</td></tr>';
// Url
print '<tr><td class="fieldrequired">'.$langs->trans('URL').'</td><td><input type="text" class="quatrevingtpercent" name="url" value="'.$menu->url.'"></td><td>'.$langs->trans('DetailUrl').'</td></tr>';
// Langs
print '<tr><td>'.$langs->trans('LangFile').'</td><td><input type="text" size="30" name="langs" value="'.$menu->langs.'"></td><td>'.$langs->trans('DetailLangs').'</td></tr>';
print '<tr><td>'.$langs->trans('LangFile').'</td><td><input type="text" size="30" name="langs" value="'.dol_escape_htmltag($menu->langs).'"></td><td>'.$langs->trans('DetailLangs').'</td></tr>';
// Position
print '<tr><td>'.$langs->trans('Position').'</td><td><input type="text" size="5" name="position" value="'.$menu->position.'"></td><td>'.$langs->trans('DetailPosition').'</td></tr>';
// Target
print '<tr><td>'.$langs->trans('Target').'</td><td><select class="flat" name="target">';
print '<option value=""'.($menu->target==""?' selected':'').'>'.$langs->trans('').'</option>';
print '<option value=""'.($menu->target==""?' selected':'').'>&nbsp;</option>';
print '<option value="_blank"'.($menu->target=="_blank"?' selected':'').'>'.$langs->trans('_blank').'</option>';
print '</select></td><td>'.$langs->trans('DetailTarget').'</td></tr>';

7
htdocs/core/lib/functions.lib.php
View File

@@ -3251,7 +3251,12 @@ function dol_print_error($db='',$error='',$errors=null)
}
if (empty($dolibarr_main_prod)) print $out;
else define("MAIN_CORE_ERROR", 1);
else
{
print $langs->trans("DolibarrHasDetectedError").'. ';
print $langs->trans("YouCanSetOptionDolibarrMainProdToZero");
define("MAIN_CORE_ERROR", 1);
}
//else print 'Sorry, an error occured but the parameter $dolibarr_main_prod is defined in conf file so no message is reported to your browser. Please read the log file for error message.';
dol_syslog("Error ".$syslog, LOG_ERR);
}

29
htdocs/document.php
View File

@@ -110,7 +110,7 @@ if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');
$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $refname);
$accessallowed = $check_access['accessallowed'];
$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
$original_file = $check_access['original_file']; // original_file is now a full path name
$fullpath_original_file = $check_access['original_file']; // $fullpath_original_file is now a full path name
// Basic protection (against external users only)
if ($user->societe_id > 0)
@@ -137,36 +137,35 @@ if ($user->societe_id > 0)
}
// Security:
// Limite acces si droits non corrects
// Limit access if permissions are wrong
if (! $accessallowed)
{
accessforbidden();
}
// Security:
// On interdit les remontees de repertoire ainsi que les pipe dans
// les noms de fichiers.
if (preg_match('/\.\./',$original_file) || preg_match('/[<>|]/',$original_file))
// On interdit les remontees de repertoire ainsi que les pipe dans les noms de fichiers.
if (preg_match('/\.\./',$fullpath_original_file) || preg_match('/[<>|]/',$fullpath_original_file))
{
dol_syslog("Refused to deliver file ".$original_file);
$file=basename($original_file); // Do no show plain path of original_file in shown error message
dol_print_error(0,$langs->trans("ErrorFileNameInvalid",$file));
dol_syslog("Refused to deliver file ".$fullpath_original_file);
print "ErrorFileNameInvalid: ".$original_file;
exit;
}
clearstatcache();
$filename = basename($original_file);
$filename = basename($fullpath_original_file);
// Output file on browser
dol_syslog("document.php download $original_file $filename content-type=$type");
$original_file_osencoded=dol_osencode($original_file); // New file name encoded in OS encoding charset
dol_syslog("document.php download $fullpath_original_file filename=$filename content-type=$type");
$fullpath_original_file_osencoded=dol_osencode($fullpath_original_file); // New file name encoded in OS encoding charset
// This test if file exists should be useless. We keep it to find bug more easily
if (! file_exists($original_file_osencoded))
if (! file_exists($fullpath_original_file_osencoded))
{
dol_print_error(0,$langs->trans("ErrorFileDoesNotExists",$original_file));
dol_syslog("ErrorFileDoesNotExists: ".$fullpath_original_file);
print "ErrorFileDoesNotExists: ".$original_file;
exit;
}
@@ -177,7 +176,7 @@ if ($encoding) header('Content-Encoding: '.$encoding);
// Add MIME Content-Disposition from RFC 2183 (inline=automatically displayed, atachment=need user action to open)
if ($attachment) header('Content-Disposition: attachment; filename="'.$filename.'"');
else header('Content-Disposition: inline; filename="'.$filename.'"');
header('Content-Length: ' . dol_filesize($original_file));
header('Content-Length: ' . dol_filesize($fullpath_original_file));
// Ajout directives pour resoudre bug IE
header('Cache-Control: Public, must-revalidate');
header('Pragma: public');
@@ -185,6 +184,6 @@ header('Pragma: public');
//ob_clean();
//flush();
readfile($original_file_osencoded);
readfile($fullpath_original_file_osencoded);
if (is_object($db)) $db->close();

3
htdocs/langs/en_US/main.lang
View File

@@ -103,7 +103,8 @@ RequestLastAccessInError=Latest database access request error
ReturnCodeLastAccessInError=Return code for latest database access request error
InformationLastAccessInError=Information for latest database access request error
DolibarrHasDetectedError=Dolibarr has detected a technical error
InformationToHelpDiagnose=This information can be useful for diagnostic purposes
YouCanSetOptionDolibarrMainProdToZero=You can read log file or set option $dolibarr_main_prod to '0' in your config file to get more information.
InformationToHelpDiagnose=This information can be useful for diagnostic purposes (you can set option $dolibarr_main_prod to '1' to remove such notices)
MoreInformation=More information
TechnicalInformation=Technical information
TechnicalID=Technical ID

41
htdocs/main.inc.php
View File

@@ -77,38 +77,39 @@ if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* deprecated in PHP
*/
function test_sql_and_script_inject($val, $type)
{
$sql_inj = 0;
$inj = 0;
// For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
if ($type != 2)
{
$sql_inj += preg_match('/delete\s+from/i', $val);
$sql_inj += preg_match('/create\s+table/i', $val);
$sql_inj += preg_match('/update.+set.+=/i', $val);
$sql_inj += preg_match('/insert\s+into/i', $val);
$sql_inj += preg_match('/select.+from/i', $val);
$sql_inj += preg_match('/union.+select/i', $val);
$sql_inj += preg_match('/into\s+(outfile|dumpfile)/i', $val);
$sql_inj += preg_match('/(\.\.%2f)+/i', $val);
$inj += preg_match('/delete\s+from/i', $val);
$inj += preg_match('/create\s+table/i', $val);
$inj += preg_match('/update.+set.+=/i', $val);
$inj += preg_match('/insert\s+into/i', $val);
$inj += preg_match('/select.+from/i', $val);
$inj += preg_match('/union.+select/i', $val);
$inj += preg_match('/into\s+(outfile|dumpfile)/i', $val);
$inj += preg_match('/(\.\.%2f)+/i', $val);
}
// For XSS Injection done by adding javascript with script
// This is all cases a browser consider text is javascript:
// When it found '<script', 'javascript:', '<style', 'onload\s=' on body tag, '="&' on a tag size with old browsers
// All examples on page: http://ha.ckers.org/xss.html#XSScalc
$sql_inj += preg_match('/<script/i', $val);
if (! defined('NOSTYLECHECK')) $sql_inj += preg_match('/<style/i', $val);
$sql_inj += preg_match('/base[\s]+href/si', $val);
$sql_inj += preg_match('/<.*onmouse/si', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
$sql_inj += preg_match('/onerror\s*=/i', $val); // onerror can be set on img or any html tag like <img title='...' onerror = alert(1)>
$sql_inj += preg_match('/onfocus\s*=/i', $val); // onfocus can be set on input text html tag like <input type='text' value='...' onfocus = alert(1)>
$inj += preg_match('/<script/i', $val);
if (! defined('NOSTYLECHECK')) $inj += preg_match('/<style/i', $val);
$inj += preg_match('/base[\s]+href/si', $val);
$inj += preg_match('/<.*onmouse/si', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
$inj += preg_match('/onerror\s*=/i', $val); // onerror can be set on img or any html tag like <img title='...' onerror = alert(1)>
$inj += preg_match('/onfocus\s*=/i', $val); // onfocus can be set on input text html tag like <input type='text' value='...' onfocus = alert(1)>
$inj += preg_match('/onload\s*=/i', $val); // onload can be set on input text html tag like <input type='text' value='...' onfocus = alert(1)>
if ($type == 1)
{
$sql_inj += preg_match('/javascript:/i', $val);
$sql_inj += preg_match('/vbscript:/i', $val);
$inj += preg_match('/javascript:/i', $val);
$inj += preg_match('/vbscript:/i', $val);
}
// For XSS Injection done by adding javascript closing html tags like with onmousemove, etc... (closing a src or href tag with not cleaned param)
if ($type == 1) $sql_inj += preg_match('/"/i', $val); // We refused " in GET parameters value
if ($type == 2) $sql_inj += preg_match('/[;"]/', $val); // PHP_SELF is a file system path. It can contains spaces.
return $sql_inj;
if ($type == 1) $inj += preg_match('/"/i', $val); // We refused " in GET parameters value
if ($type == 2) $inj += preg_match('/[;"]/', $val); // PHP_SELF is a file system path. It can contains spaces.
return $inj;
}
/**

27
htdocs/viewimage.php
View File

@@ -113,7 +113,7 @@ if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');
$check_access = dol_check_secure_access_document($modulepart,$original_file,$entity,$refname);
$accessallowed = $check_access['accessallowed'];
$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
$original_file = $check_access['original_file'];
$fullpath_original_file = $check_access['original_file'];
// Security:
// Limit access if permissions are wrong
@@ -124,11 +124,10 @@ if (! $accessallowed)
// Security:
// On interdit les remontees de repertoire ainsi que les pipe dans les noms de fichiers.
if (preg_match('/\.\./',$original_file) || preg_match('/[<>|]/',$original_file))
if (preg_match('/\.\./',$fullpath_original_file) || preg_match('/[<>|]/',$fullpath_original_file))
{
dol_syslog("Refused to deliver file ".$original_file, LOG_WARNING);
// Do no show plain path in shown error message
dol_print_error(0,'Error: File '.$_GET["file"].' does not exists');
dol_syslog("Refused to deliver file ".$fullpath_original_file);
print "ErrorFileNameInvalid: ".$original_file;
exit;
}
@@ -143,7 +142,7 @@ if ($modulepart == 'barcode')
if (empty($generator) || empty($encoding))
{
dol_print_error(0,'Error, parameter "generator" or "encoding" not defined');
print 'Error: Parameter "generator" or "encoding" not defined';
exit;
}
@@ -176,14 +175,13 @@ else // Open and return file
clearstatcache();
// Output files on browser
dol_syslog("viewimage.php return file $original_file content-type=$type");
dol_syslog("viewimage.php return file $fullpath_original_file content-type=$type");
// This test is to avoid error images when image is not available (for example thumbs).
if (! dol_is_file($original_file) && empty($_GET["noalt"]))
if (! dol_is_file($fullpath_original_file) && empty($_GET["noalt"]))
{
$original_file=DOL_DOCUMENT_ROOT.'/public/theme/common/nophoto.png';
$fullpath_original_file=DOL_DOCUMENT_ROOT.'/public/theme/common/nophoto.png';
/*$error='Error: File '.$_GET["file"].' does not exists or filesystems permissions are not allowed';
dol_print_error(0,$error);
print $error;
exit;*/
}
@@ -192,16 +190,17 @@ else // Open and return file
if ($type)
{
top_httphead($type);
header('Content-Disposition: inline; filename="'.basename($original_file).'"');
header('Content-Disposition: inline; filename="'.basename($fullpath_original_file).'"');
}
else
{
top_httphead('image/png');
header('Content-Disposition: inline; filename="'.basename($original_file).'"');
header('Content-Disposition: inline; filename="'.basename($fullpath_original_file).'"');
}
$original_file_osencoded=dol_osencode($original_file);
readfile($original_file_osencoded);
$fullpath_original_file_osencoded=dol_osencode($fullpath_original_file);
readfile($fullpath_original_file_osencoded);
}