From dbb9caa196f61f7bc97c0bc7b3fdf44319199dff Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 11 Jan 2018 09:53:47 +0100 Subject: [PATCH 1/3] Prepare 6.0.5 --- ChangeLog | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/ChangeLog b/ChangeLog index 3c56559f8d0..a5fe90d2bbd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,21 @@ English Dolibarr ChangeLog -------------------------------------------------------------- +***** ChangeLog for 6.0.5 compared to 6.0.4 ***** +FIX: security vulnerability reported by ADLab of Venustech + CVE-2017-17897, CVE-2017-17898, CVE-2017-17899, CVE-2017-17900 +FIX: #7379: Compatibility with PRODUCT_USE_OLD_PATH_FOR_PHOTO variable +FIX: #7903 +FIX: #7933 +FIX: #8029 Unable to make leave request in holyday module +FIX: Edit accountancy account and warning message on loan +FIX: $accounts[$bid] is a label ! +FIX: $oldvatrateclean & $newvatrateclean must be set if preg_match === false +FIX: product best price on product list +FIX: search on contact list +FIX: stats trad for customerinvoice +FIX: translate unactivate on contractline + ***** ChangeLog for 6.0.4 compared to 6.0.3 ***** FIX: #7737 FIX: #7751 From c947502efa8d8fbbe1a9800c3bcf2956578c504a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 13 Jan 2018 17:22:59 +0100 Subject: [PATCH 2/3] Fix typo --- htdocs/core/lib/functions.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 4c6730500af..f87e53d2d9b 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -1248,7 +1248,7 @@ function dol_banner_tab($object, $paramid, $morehtml='', $shownav=1, $fieldid='r && (! file_exists($fileimagebis) || (filemtime($fileimagebis) < filemtime($file))) ) { - if (empty($conf->global->MAIN_DISABLE_PDF_THUMBS)) // If you experienc trouble with pdf thumb generation and imagick, you can disable here. + if (empty($conf->global->MAIN_DISABLE_PDF_THUMBS)) // If you experience trouble with pdf thumb generation and imagick, you can disable here. { $ret = dol_convert_file($file, 'png', $fileimage); if ($ret < 0) $error++; From 9f6118ed5271f3763efc3a6fff77c48f3e11a0a5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 14 Jan 2018 03:12:22 +0100 Subject: [PATCH 3/3] Code comments --- htdocs/core/class/extrafields.class.php | 13 ++++++++++--- htdocs/core/db/DoliDB.class.php | 8 +++++--- htdocs/core/lib/functions.lib.php | 4 +++- 3 files changed, 18 insertions(+), 7 deletions(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index f6f0006a6d6..9758bb4466b 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1651,9 +1651,16 @@ class ExtraFields $error_field_required[] = $value; } - if (in_array($key_type,array('date','datetime'))) + if (in_array($key_type,array('date'))) { // Clean parameters + // TODO GMT date in memory must be GMT so we should add gm=true in parameters + $value_key=dol_mktime(0, 0, 0, $_POST["options_".$key."month"], $_POST["options_".$key."day"], $_POST["options_".$key."year"]); + } + elseif (in_array($key_type,array('datetime'))) + { + // Clean parameters + // TODO GMT date in memory must be GMT so we should add gm=true in parameters $value_key=dol_mktime($_POST["options_".$key."hour"], $_POST["options_".$key."min"], 0, $_POST["options_".$key."month"], $_POST["options_".$key."day"], $_POST["options_".$key."year"]); } else if (in_array($key_type,array('checkbox','chkbxlst'))) @@ -1692,12 +1699,12 @@ class ExtraFields } /** - * return array_options array for object by extrafields value (using for data send by forms) + * return array_options array of data of extrafields value of object sent by a search form * * @param array $extralabels $array of extrafields * @param string $keyprefix Prefix string to add into name and id of field (can be used to avoid duplicate names) * @param string $keysuffix Suffix string to add into name and id of field (can be used to avoid duplicate names) - * @return int 1 if array_options set / 0 if no value + * @return array|int array_options set or 0 if no value */ function getOptionalsFromPost($extralabels,$keyprefix='',$keysuffix='') { diff --git a/htdocs/core/db/DoliDB.class.php b/htdocs/core/db/DoliDB.class.php index 9fc1739334c..657010af49c 100644 --- a/htdocs/core/db/DoliDB.class.php +++ b/htdocs/core/db/DoliDB.class.php @@ -89,6 +89,7 @@ abstract class DoliDB implements Database */ function idate($param) { + // TODO GMT $param should be gmt, so we should add tzouptut to 'gmt' return dol_print_date($param,"%Y%m%d%H%M%S"); } @@ -238,16 +239,16 @@ abstract class DoliDB implements Database else $return.=', '; $return.=preg_replace('/[^0-9a-z_\.]/i','',$val); - + $tmpsortorder = trim($orders[$i]); - + // Only ASC and DESC values are valid SQL if (strtoupper($tmpsortorder) === 'ASC') { $return .= ' ASC'; } elseif (strtoupper($tmpsortorder) === 'DESC') { $return .= ' DESC'; } - + $i++; } return $return; @@ -279,6 +280,7 @@ abstract class DoliDB implements Database */ function jdate($string, $gm=false) { + // TODO GMT must set param gm to true by default if ($string==0 || $string=="0000-00-00 00:00:00") return ''; $string=preg_replace('/([^0-9])/i','',$string); $tmp=$string.'000000'; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index f87e53d2d9b..9e7f554055b 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -1781,11 +1781,13 @@ function dol_mktime($hour,$minute,$second,$month,$day,$year,$gm=false,$check=1) if (empty($localtz)) { $localtz = new DateTimeZone('UTC'); } - + //var_dump($localtz); + //var_dump($year.'-'.$month.'-'.$day.'-'.$hour.'-'.$minute); $dt = new DateTime(null,$localtz); $dt->setDate($year,$month,$day); $dt->setTime((int) $hour, (int) $minute, (int) $second); $date=$dt->getTimestamp(); // should include daylight saving time + //var_dump($date); return $date; } else