Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity
120,597 Commits 36 Branches 189 Tags
df909b515faec901b0e5be76e53eab1109b49d4f
Commit Graph

132 Commits

Author SHA1 Message Date
Laurent Destailleur
4cacca413e FIX #yogosha5757 2021-03-29 14:43:40 +02:00
Laurent Destailleur
35869f1449 Add function dol_string_onlythesehtmlattributes() and option 
MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES to enable it.
 2021-03-17 21:39:28 +01:00
Laurent Destailleur
ded3beee71 Disallow use of &# into dol_sanitizeUrl() 2021-03-14 20:37:59 +01:00
Laurent Destailleur
9aa8916a9c Disallow use of &# into dol_sanitizeUrl() 2021-03-14 20:35:55 +01:00
Laurent Destailleur
45579edd43 Enhance WAF and dol_sanitizeUrl 2021-03-14 18:57:18 +01:00
Laurent Destailleur
4965ce8768 Fix method to sanitize an URL 2021-03-14 16:14:24 +01:00
Laurent Destailleur
74a61d559f FIX sanitizing with GETPOST(alphanohtml) #yogosha5629 2021-03-14 15:39:59 +01:00
Laurent Destailleur
72766c830d FIX #Yogosha5631 2021-03-14 15:06:40 +01:00
Laurent Destailleur
95006ec94c Fix sanitizing backtopage 2021-03-14 12:58:37 +01:00
Laurent Destailleur
0a542ad9f9 Fix redirect to external website. Bad sanitizing of backtopage parameter 2021-03-14 11:38:42 +01:00
Laurent Destailleur
ff2f93815f Fix backtourl 2021-03-13 12:33:26 +01:00
Frédéric FRANCE
1b046f25cf add new rule 2021-03-01 00:19:52 +01:00
Laurent Destailleur
f5406d487b Merge branch '13.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/compta/facture/card.php
	htdocs/core/class/html.formmail.class.php
	htdocs/core/lib/product.lib.php
	htdocs/product/stock/productlot_card.php
	test/phpunit/SecurityTest.php
 2021-02-26 12:53:06 +01:00
Laurent Destailleur
b7e2c7d87a FIX #16393 Do not sanitize <!DOCTYPE html> 2021-02-23 12:58:43 +01:00
Laurent Destailleur
21a9a69ba1 Merge branch '13.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	test/phpunit/SecurityTest.php
 2021-02-04 23:38:42 +01:00
Laurent Destailleur
4a2f26415e Fix GETPOST accept < if followed with a number 2021-02-04 23:36:41 +01:00
Laurent Destailleur
d7bf173f0d Merge branch '13.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	ChangeLog
	htdocs/core/lib/functions.lib.php
	test/phpunit/SecurityTest.php
 2021-01-26 12:12:35 +01:00
Laurent Destailleur
13378897a8 FIX Report by Ricardo Matias 
Conflicts:
	test/phpunit/SecurityTest.php
 2021-01-25 22:52:30 +01:00
Laurent Destailleur
6a12de741f FIX Report by Ricardo Matias 2021-01-25 22:46:09 +01:00
Frédéric FRANCE
177b87da0d Merge remote-tracking branch 'upstream/develop' into codesyntax 2021-01-16 17:58:01 +01:00
Laurent Destailleur
2cecd449cf Fix phpcs 2021-01-16 16:41:59 +01:00
Laurent Destailleur
16333b911a Fix phpunit 2021-01-16 15:57:30 +01:00
Laurent Destailleur
4aaf10b4b6 Fix phpunit 2021-01-16 14:25:59 +01:00
Frédéric FRANCE
7e55a71db0 Merge remote-tracking branch 'upstream/develop' into codesyntax 2021-01-14 15:16:27 +01:00
Frédéric FRANCE
b1a1cd4be6 code syntax 2021-01-14 15:09:08 +01:00
Laurent Destailleur
958b255822 Fix #15949 by introducing 'alphawithlgt' as GETPOST possible param. 2021-01-12 21:06:02 +01:00
Laurent Destailleur
ca11ea9839 Fix phpunit 
Signed-off-by: Laurent Destailleur <eldy@destailleur.fr>
 2021-01-06 20:47:57 +01:00
Laurent Destailleur
1f6f434a9c Merge branch '12.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/admin/tools/export_files.php
	test/phpunit/SecurityTest.php
 2020-12-11 15:56:19 +01:00
Laurent Destailleur
4fcd3fe493 Fix disallow -- string into filename for security purpose. Vulnerability 
reported by Yılmaz Değirmenci
 2020-12-11 15:12:42 +01:00
Laurent Destailleur
de61a7cfd3 Fix cleaning html tags with trans and with GETPOST. 2020-12-06 17:30:27 +01:00
Laurent Destailleur
34679c3bc1 Fix warning in phpunit 2020-12-04 13:22:47 +01:00
Laurent Destailleur
4119174ef1 Include sql injection tests into PHPUnit 2020-11-27 16:52:52 +01:00
Laurent Destailleur
80d13e711c More secured getURLContent method. Add PHPUnit on getURLContent 2020-10-27 18:02:05 +01:00
Laurent Destailleur
d750dc48a1 More secured getURLContent method. Add PHPUnit on getURLContent 2020-10-27 15:06:16 +01:00
Laurent Destailleur
5b37ff0bfd Html entities use now HTML5. Enhance the Dolibarr WAF. More PHPUnit 
tests.
 2020-10-15 19:36:08 +02:00
Laurent Destailleur
4a5ee7f04d Better testSqlAndScriptInject (deal htmlentities encoded signatures) 
More phpunits on GETPOST
 2020-09-19 03:25:25 +02:00
Laurent Destailleur
fa1d14fc7d More complete phpunit 2020-09-18 01:01:01 +02:00
Laurent Destailleur
a895cdcdf8 Fix dol_string_nohtmltag: the decode of entity must be done before split 2020-09-17 21:09:16 +02:00
Laurent Destailleur
3c6f122a81 Fix phpunit 2020-08-07 14:59:22 +02:00
Laurent Destailleur
4d6a45d491 Major doxygen fix 2020-05-03 22:48:35 +02:00
Laurent Destailleur
b8171cacb1 Fix phpcs 2020-02-20 14:07:25 +01:00
Alexandre SPANGARO
91b3bf76fd Merge branch 'develop' into 11.0_https 2019-10-01 06:11:43 +02:00
Laurent Destailleur
c53be23122 FIX Filtering the HTTP Header "Accept-Language". 2019-09-24 13:54:52 +02:00
Alexandre SPANGARO
02dbc11f98 Move Gnu.org to https 2019-09-23 21:55:30 +02:00
Laurent Destailleur
8938573f68 Fix phpunit for last versions of phpunit 2019-08-31 00:47:12 +02:00
Laurent Destailleur
3af4ad7fc3 Compatibility with phpunit v6 2019-07-05 21:28:27 +02:00
Frédéric FRANCE
42a1387218 wip 2019-02-25 00:56:48 +01:00
Frédéric FRANCE
24b073771e wip 2019-01-27 13:07:22 +01:00
Laurent Destailleur
8a70cf9ede NEW Add parameter replaceambiguouschars on getRandomPassword function 2018-12-21 09:56:54 +01:00
Laurent Destailleur
3d3edb19d8 Merge branch '8.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	.travis.yml
	htdocs/langs/en_US/commercial.lang
 2018-09-02 15:48:26 +02:00