Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity
106,143 Commits 36 Branches 189 Tags
2a48dd349e7de0d4a38e448b0d2ecbe25e968075
Commit Graph

106 Commits

Author SHA1 Message Date
Laurent Destailleur
2a48dd349e Fix #hunterb03d4415-d4f9-48c8-9ae2-d3aa248027b5 2022-03-01 16:38:06 +01:00
Laurent Destailleur
ef70777cf1 Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into 15.0 
Conflicts:
	htdocs/reception/card.php
 2022-01-28 15:57:09 +01:00
Laurent Destailleur
42f252b636 Add one more test 2022-01-26 12:39:41 +01:00
Laurent Destailleur
db903ad64d Fix #yogosha8457 2022-01-19 16:40:48 +01:00
Laurent Destailleur
654cd8bd1c Fix for dol_string_onlythesehtmlattributes() 2021-12-17 12:01:25 +01:00
Laurent Destailleur
a298a845f1 Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/accountancy/bookkeeping/list.php
	htdocs/core/actions_massactions.inc.php
	htdocs/core/lib/functions.lib.php
	htdocs/core/lib/memory.lib.php
	htdocs/langs/en_US/holiday.lang
	htdocs/ticket/card.php
 2021-11-30 16:24:18 +01:00
Laurent Destailleur
72493a5663 Fix typo 2021-11-27 15:13:36 +01:00
Laurent Destailleur
4f2cd2ba18 FIx #19227 2021-10-31 15:59:03 +01:00
Laurent Destailleur
d46dfd017a FIX #yogosha6944 Protection against traversal path. 2021-08-23 16:00:03 +02:00
Laurent Destailleur
b3043ab3d6 Fix phpunit 2021-08-22 01:20:25 +02:00
Laurent Destailleur
3dff7e29cc Fix #yogosha6567 2021-07-06 01:44:05 +02:00
Laurent Destailleur
0dfa7bdbcc Add option MAIN_RESTRICTHTML_ONLY_VALID_HTML 2021-07-06 00:47:43 +02:00
Laurent Destailleur
df1d1209f4 Fix phpunit 2021-07-05 22:57:27 +02:00
Laurent Destailleur
f8eadf6fe1 Fix #yogosha6561 2021-07-05 22:42:48 +02:00
Laurent Destailleur
f648185839 Fix phpcs 2021-07-05 17:34:25 +02:00
Laurent Destailleur
8b07e99e05 Fix for ' inserted by CKEditor instead of ' 2021-07-05 16:08:47 +02:00
Laurent Destailleur
796b2d201a Enhance the sanitizing. 2021-06-29 18:17:27 +02:00
Laurent Destailleur
46ae7180f8 Fix phpunit. Refused @@ char in sql. 2021-06-25 10:47:31 +02:00
Laurent Destailleur
f1c94ac659 NEW Reduce scope of dol_eval function. 2021-06-09 17:44:42 +02:00
Laurent Destailleur
c375668ab6 Clean code 2021-06-09 12:41:53 +02:00
Laurent Destailleur
fbe491c4da FIX CWE-79 huntr 2021-05-21 12:17:56 +02:00
Laurent Destailleur
ba0e95a4ff FIX huntr CWE-79 2021-05-17 23:47:16 +02:00
Laurent Destailleur
2578eb276c Fix phpunit 2021-04-19 20:25:22 +02:00
Laurent Destailleur
757a186b3c Fix phpunit 2021-03-29 23:43:07 +02:00
Laurent Destailleur
4cacca413e FIX #yogosha5757 2021-03-29 14:43:40 +02:00
Laurent Destailleur
35869f1449 Add function dol_string_onlythesehtmlattributes() and option 
MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES to enable it.
 2021-03-17 21:39:28 +01:00
Laurent Destailleur
ded3beee71 Disallow use of &# into dol_sanitizeUrl() 2021-03-14 20:37:59 +01:00
Laurent Destailleur
9aa8916a9c Disallow use of &# into dol_sanitizeUrl() 2021-03-14 20:35:55 +01:00
Laurent Destailleur
45579edd43 Enhance WAF and dol_sanitizeUrl 2021-03-14 18:57:18 +01:00
Laurent Destailleur
4965ce8768 Fix method to sanitize an URL 2021-03-14 16:14:24 +01:00
Laurent Destailleur
74a61d559f FIX sanitizing with GETPOST(alphanohtml) #yogosha5629 2021-03-14 15:39:59 +01:00
Laurent Destailleur
72766c830d FIX #Yogosha5631 2021-03-14 15:06:40 +01:00
Laurent Destailleur
95006ec94c Fix sanitizing backtopage 2021-03-14 12:58:37 +01:00
Laurent Destailleur
0a542ad9f9 Fix redirect to external website. Bad sanitizing of backtopage parameter 2021-03-14 11:38:42 +01:00
Laurent Destailleur
ff2f93815f Fix backtourl 2021-03-13 12:33:26 +01:00
Frédéric FRANCE
1b046f25cf add new rule 2021-03-01 00:19:52 +01:00
Laurent Destailleur
f5406d487b Merge branch '13.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/compta/facture/card.php
	htdocs/core/class/html.formmail.class.php
	htdocs/core/lib/product.lib.php
	htdocs/product/stock/productlot_card.php
	test/phpunit/SecurityTest.php
 2021-02-26 12:53:06 +01:00
Laurent Destailleur
b7e2c7d87a FIX #16393 Do not sanitize <!DOCTYPE html> 2021-02-23 12:58:43 +01:00
Laurent Destailleur
21a9a69ba1 Merge branch '13.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	test/phpunit/SecurityTest.php
 2021-02-04 23:38:42 +01:00
Laurent Destailleur
4a2f26415e Fix GETPOST accept < if followed with a number 2021-02-04 23:36:41 +01:00
Laurent Destailleur
d7bf173f0d Merge branch '13.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	ChangeLog
	htdocs/core/lib/functions.lib.php
	test/phpunit/SecurityTest.php
 2021-01-26 12:12:35 +01:00
Laurent Destailleur
13378897a8 FIX Report by Ricardo Matias 
Conflicts:
	test/phpunit/SecurityTest.php
 2021-01-25 22:52:30 +01:00
Laurent Destailleur
6a12de741f FIX Report by Ricardo Matias 2021-01-25 22:46:09 +01:00
Frédéric FRANCE
177b87da0d Merge remote-tracking branch 'upstream/develop' into codesyntax 2021-01-16 17:58:01 +01:00
Laurent Destailleur
2cecd449cf Fix phpcs 2021-01-16 16:41:59 +01:00
Laurent Destailleur
16333b911a Fix phpunit 2021-01-16 15:57:30 +01:00
Laurent Destailleur
4aaf10b4b6 Fix phpunit 2021-01-16 14:25:59 +01:00
Frédéric FRANCE
7e55a71db0 Merge remote-tracking branch 'upstream/develop' into codesyntax 2021-01-14 15:16:27 +01:00
Frédéric FRANCE
b1a1cd4be6 code syntax 2021-01-14 15:09:08 +01:00
Laurent Destailleur
958b255822 Fix #15949 by introducing 'alphawithlgt' as GETPOST possible param. 2021-01-12 21:06:02 +01:00