forked from Wavyzz/dolibarr
Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
122b33d87d | ||
|
|
9413f9ddfc | ||
|
|
a45ffeecca | ||
|
|
d9e089256e | ||
|
|
ed16699de6 | ||
|
|
0814fa76f8 | ||
|
|
35ce670bf2 |
128
.travis.yml
128
.travis.yml
@@ -8,9 +8,6 @@ notifications:
|
||||
on_success: never # [always|never|change] default: change
|
||||
on_failure: change # [always|never|change] default: always
|
||||
|
||||
services:
|
||||
- memcached # will start memcached
|
||||
|
||||
# This will tell travis to run phpunit
|
||||
language: php
|
||||
php:
|
||||
@@ -29,12 +26,6 @@ before_script:
|
||||
- echo Home dir is `echo ~`
|
||||
- export PHPV=`phpenv version-name`
|
||||
- echo PHP version $PHPV
|
||||
# - echo Update composer
|
||||
# - ~/.phpenv/versions/$(phpenv version-name)/bin/composer.phar self-update
|
||||
- echo Install phpcs then show installed rules
|
||||
- pyrus install pear/PHP_CodeSniffer
|
||||
- phpenv rehash
|
||||
- phpcs -i
|
||||
- echo Create dir $(pwd)/htdocs/documents
|
||||
- sudo mkdir -p $(pwd)/htdocs/documents/admin/temp;
|
||||
- sudo touch $(pwd)/htdocs/documents/dolibarr.log;
|
||||
@@ -42,46 +33,87 @@ before_script:
|
||||
- sudo chmod -R a+rwx $(pwd);
|
||||
- sudo chown -R www-data:travis $(pwd)/htdocs/documents;
|
||||
- find $(pwd)/htdocs/documents -type d -exec ls -alt {} \;
|
||||
- echo Edit php.ini file
|
||||
- echo 'date.timezone = "Europe/Paris"' >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini
|
||||
# - echo "extension = memcache.so" >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini
|
||||
- echo "extension = memcached.so" >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini
|
||||
- sh -c "if [ '$PHPV' = '5.3' ]; then echo 'extension = apc.so' >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini; fi"
|
||||
- sh -c "if [ '$PHPV' = '5.4' ]; then echo 'extension = apc.so' >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini; fi"
|
||||
- sh -c "if [ '$PHPV' = '5.3' ]; then echo 'zend_extension_ts = xdebug.so' >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini; fi"
|
||||
- sh -c "if [ '$PHPV' = '5.4' ]; then echo 'zend_extension_ts = xdebug.so' >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini; fi"
|
||||
- cat ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini
|
||||
- echo Init database
|
||||
- sh -c "if [ '$DB' = 'pgsql' ]; then psql -c 'DROP DATABASE IF EXISTS myapp_test;' -U postgres; fi"
|
||||
- sh -c "if [ '$DB' = 'pgsql' ]; then psql -c 'CREATE DATABASE myapp_test;' -U postgres; fi"
|
||||
- sh -c "if [ '$DB' = 'mysql' ]; then mysql -e 'DROP DATABASE IF EXISTS myapp_test;'; fi"
|
||||
- sh -c "if [ '$DB' = 'mysql' ]; then mysql -e 'CREATE DATABASE IF NOT EXISTS myapp_test;'; fi"
|
||||
- sh -c "if [ '$DB' = 'mysql' ]; then mysql -D myapp_test < $(pwd)/dev/initdata/mysqldump_dolibarr_3.5.0.sql; fi"
|
||||
- echo Create config file htdocs/conf/conf.php
|
||||
- echo '<?php ' > htdocs/conf/conf.php
|
||||
- sh -c "if [ '$DB' = 'pgsql' ]; then echo '$'dolibarr_main_db_type=\'pgsql\'';' >> htdocs/conf/conf.php; fi"
|
||||
- sh -c "if [ '$DB' = 'mysql' ]; then echo '$'dolibarr_main_db_type=\'mysqli\'';' >> htdocs/conf/conf.php; fi"
|
||||
- echo '$'dolibarr_main_url_root=\'http://localhost/\'';' >> htdocs/conf/conf.php
|
||||
- echo '$'dolibarr_main_document_root=\'$(pwd)/htdocs\'';' >> htdocs/conf/conf.php
|
||||
- echo '$'dolibarr_main_data_root=\'$(pwd)/htdocs/documents\'';' >> htdocs/conf/conf.php
|
||||
- echo '$'dolibarr_main_db_host=\'localhost\'';' >> htdocs/conf/conf.php
|
||||
- echo '$'dolibarr_main_db_name=\'myapp_test\'';' >> htdocs/conf/conf.php
|
||||
- echo '$'dolibarr_main_db_user=\'travis\'';' >> htdocs/conf/conf.php
|
||||
- echo '$'dolibarr_main_authentication=\'dolibarr\'';' >> htdocs/conf/conf.php
|
||||
- echo '?>' >> htdocs/conf/conf.php
|
||||
- echo Show conf.php content
|
||||
- cat htdocs/conf/conf.php
|
||||
- echo Install apache server
|
||||
- sudo apt-get update
|
||||
- sudo apt-get install -y --force-yes apache2 libapache2-mod-php5 php5-curl php5-mysql php5-pgsql php5-intl
|
||||
- sudo sed -i -e "s,/var/www,$(pwd)/htdocs,g" /etc/apache2/sites-available/default
|
||||
- echo Show default virtual host
|
||||
- sudo cat /etc/apache2/sites-available/default
|
||||
- sudo /etc/init.d/apache2 restart
|
||||
- wget http://localhost/
|
||||
- cat index.html
|
||||
|
||||
|
||||
- |
|
||||
echo "Setting up PHP"
|
||||
echo
|
||||
echo "Set timezone"
|
||||
echo 'date.timezone = "Europe/Paris"' >> ~/.phpenv/versions/$PHP_VERSION_NAME/etc/php.ini
|
||||
if [ "$TRAVIS_PHP_VERSION" = '5.3' ] || [ "$TRAVIS_PHP_VERSION" = '5.4' ]; then
|
||||
#echo
|
||||
#echo "Enabling APC for PHP <= 5.4"
|
||||
# Documentation says it should be available for PHP <= 5.6 but it's not for 5.5 and 5.6!
|
||||
#echo 'extension = apc.so' >> ~/.phpenv/versions/$PHP_VERSION_NAME/etc/php.ini
|
||||
echo
|
||||
echo "Enabling Memcached for PHP <= 5.4"
|
||||
# Documentation says it should be available for all PHP versions but it's not for 5.5 and 5.6, 7.0 and nightly!
|
||||
echo 'extension = memcached.so' >> ~/.phpenv/versions/$PHP_VERSION_NAME/etc/php.ini
|
||||
fi
|
||||
phpenv rehash
|
||||
echo
|
||||
|
||||
- |
|
||||
echo "Setting up database"
|
||||
if [ "$DB" = 'mysql' ] || [ "$DB" = 'mariadb' ]; then
|
||||
echo "MySQL"
|
||||
mysql -e 'DROP DATABASE IF EXISTS travis;'
|
||||
mysql -e 'CREATE DATABASE IF NOT EXISTS travis;'
|
||||
mysql -D travis < dev/initdata/mysqldump_dolibarr_3.5.0.sql
|
||||
fi
|
||||
# FIXME: find a way to import a MySQL dump into PostgreSQL
|
||||
#if [ "$DB" = 'postgresql' ]; then
|
||||
# pgsql travis < dev/initdata/mysqldump_dolibarr_3.5.0.sql
|
||||
#fi
|
||||
# TODO: SQLite
|
||||
echo
|
||||
|
||||
- |
|
||||
export CONF_FILE=htdocs/conf/conf.php
|
||||
echo "Setting up Dolibarr $CONF_FILE"
|
||||
echo '<?php ' > $CONF_FILE
|
||||
echo '$'dolibarr_main_url_root=\'http://127.0.0.1\'';' >> $CONF_FILE
|
||||
echo '$'dolibarr_main_document_root=\'$TRAVIS_BUILD_DIR/htdocs\'';' >> $CONF_FILE
|
||||
echo '$'dolibarr_main_data_root=\'$TRAVIS_BUILD_DIR/documents\'';' >> $CONF_FILE
|
||||
echo '$'dolibarr_main_db_host=\'127.0.0.1\'';' >> $CONF_FILE
|
||||
echo '$'dolibarr_main_db_name=\'travis\'';' >> $CONF_FILE
|
||||
echo '$'dolibarr_main_db_user=\'travis\'';' >> $CONF_FILE
|
||||
if [ "$DB" = 'mysql' ] || [ "$DB" = 'mariadb' ]; then
|
||||
echo '$'dolibarr_main_db_type=\'mysqli\'';' >> $CONF_FILE
|
||||
fi
|
||||
# FIXME
|
||||
#if [ "$DB" = 'postgresql' ]; then
|
||||
# echo '$'dolibarr_main_db_type=\'pgsql\'';' >> $CONF_FILE
|
||||
#fi
|
||||
# TODO: SQLite
|
||||
echo '$'dolibarr_main_authentication=\'dolibarr\'';' >> $CONF_FILE
|
||||
cat $CONF_FILE
|
||||
echo
|
||||
|
||||
- |
|
||||
echo "Setting up Apache + FPM"
|
||||
# enable php-fpm
|
||||
cp ~/.phpenv/versions/$PHP_VERSION_NAME/etc/php-fpm.conf.default ~/.phpenv/versions/$PHP_VERSION_NAME/etc/php-fpm.conf
|
||||
if [ "$TRAVIS_PHP_VERSION" = '7.0' ] || [ "$TRAVIS_PHP_VERSION" = 'nightly' ]; then
|
||||
# Copy the included pool
|
||||
cp ~/.phpenv/versions/$PHP_VERSION_NAME/etc/php-fpm.d/www.conf.default ~/.phpenv/versions/$PHP_VERSION_NAME/etc/php-fpm.d/www.conf
|
||||
fi
|
||||
if [ "$DEBUG" = true ]; then
|
||||
cat ~/.phpenv/versions/$PHP_VERSION_NAME/etc/php-fpm.conf
|
||||
fi
|
||||
sudo a2enmod rewrite actions fastcgi alias
|
||||
echo "cgi.fix_pathinfo = 1" >> ~/.phpenv/versions/$PHP_VERSION_NAME/etc/php.ini
|
||||
if [ "$DEBUG" = true ]; then
|
||||
cat ~/.phpenv/versions/$PHP_VERSION_NAME/etc/php.ini
|
||||
fi
|
||||
~/.phpenv/versions/$PHP_VERSION_NAME/sbin/php-fpm
|
||||
# configure apache virtual hosts
|
||||
sudo cp -f build/travis-ci/apache.conf /etc/apache2/sites-available/default
|
||||
sudo sed -e "s?%TRAVIS_BUILD_DIR%?$TRAVIS_BUILD_DIR?g" --in-place /etc/apache2/sites-available/default
|
||||
if [ "$DEBUG" = true ]; then
|
||||
sudo cat /etc/apache2/sites-available/default
|
||||
fi
|
||||
sudo service apache2 restart
|
||||
echo
|
||||
|
||||
script:
|
||||
- cd htdocs/install
|
||||
|
||||
12
ChangeLog
12
ChangeLog
@@ -2,6 +2,18 @@
|
||||
English Dolibarr ChangeLog
|
||||
--------------------------------------------------------------
|
||||
|
||||
|
||||
***** ChangeLog for 3.5.8 compared to 3.5.7 *****
|
||||
FIX: #4291 Correctly filter external calendar GETPOSTs
|
||||
FIX: bad calculation for stock value
|
||||
FIX: bad stock valo
|
||||
FIX: change order date on clone (as everywhere else)
|
||||
FIX: CVE CVE-2015-8685
|
||||
FIX: The hours of date filter aren't correct
|
||||
FIX: #3442 Remove useless syslog
|
||||
FIX: #3448 Pass expected date format
|
||||
FIX: #3471 3.5 Rounding issue when dispatching non-integer
|
||||
|
||||
***** ChangeLog for 3.5.7 compared to 3.5.6 *****
|
||||
Fix: Paypal link were broken due to SSL v3 closed.
|
||||
Fix: [ bug #1769 ] Error when installing to a PostgreSQL DB that contains numbers
|
||||
|
||||
@@ -159,7 +159,7 @@ Comments:
|
||||
Those files are not shipped in the binary package as we
|
||||
configure Dolibarr to use Dejavu fonts from "fonts-dejavu-core".
|
||||
|
||||
Files: docs/images/*
|
||||
Files: doc/images/*
|
||||
Copyright: Laurent Destailleur
|
||||
License: CC-BY-SA-3.0
|
||||
You are free:
|
||||
@@ -176,7 +176,7 @@ License: CC-BY-SA-3.0
|
||||
.
|
||||
For more information, see http://creativecommons.org/licenses/by-sa/3.0/
|
||||
|
||||
Files: htdocs/includes/fpdi/*
|
||||
Files: htdocs/includes/fpdfi/*
|
||||
Copyright: 2004-2011 Setasign - Jan Slabon
|
||||
License: GPL-2+
|
||||
This program is free software; you can redistribute it
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
<?php
|
||||
/* Copyright (C) 2008-2011 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2011-2014 Juanjo Menent <jmenent@2byte.es>
|
||||
/* Copyright (C) 2008-2011 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2011-2014 Juanjo Menent <jmenent@2byte.es>
|
||||
* Copyright (C) 2016 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@@ -88,7 +89,7 @@ if ($actionsave)
|
||||
// Save nb of agenda
|
||||
if (! $error)
|
||||
{
|
||||
$res=dolibarr_set_const($db,'AGENDA_EXT_NB',trim(GETPOST('AGENDA_EXT_NB','alpha')),'chaine',0,'',$conf->entity);
|
||||
$res=dolibarr_set_const($db,'AGENDA_EXT_NB',trim(GETPOST('AGENDA_EXT_NB','int')),'chaine',0,'',$conf->entity);
|
||||
if (! $res > 0) $error++;
|
||||
if (empty($conf->global->AGENDA_EXT_NB)) $conf->global->AGENDA_EXT_NB=5;
|
||||
$MAXAGENDA=empty($conf->global->AGENDA_EXT_NB)?5:$conf->global->AGENDA_EXT_NB;
|
||||
@@ -201,9 +202,9 @@ while ($i <= $MAXAGENDA)
|
||||
// Nb
|
||||
print '<td width="180" class="nowrap">'.$langs->trans("AgendaExtNb",$key)."</td>";
|
||||
// Name
|
||||
print '<td><input type="text" class="flat hideifnotset" name="agenda_ext_name'.$key.'" value="'. (GETPOST('agenda_ext_name'.$key)?GETPOST('agenda_ext_name'.$key):$conf->global->$name) . '" size="28"></td>';
|
||||
print '<td><input type="text" class="flat hideifnotset" name="agenda_ext_name'.$key.'" value="'. (GETPOST('agenda_ext_name'.$key)?GETPOST('agenda_ext_name'.$key, 'alpha'):$conf->global->$name) . '" size="28"></td>';
|
||||
// URL
|
||||
print '<td><input type="url" class="flat hideifnotset" name="agenda_ext_src'.$key.'" value="'. (GETPOST('agenda_ext_src'.$key)?GETPOST('agenda_ext_src'.$key):$conf->global->$src) . '" size="60"></td>';
|
||||
print '<td><input type="url" class="flat hideifnotset" name="agenda_ext_src'.$key.'" value="'. (GETPOST('agenda_ext_src'.$key)?GETPOST('agenda_ext_src'.$key, 'alpha'):$conf->global->$src) . '" size="60"></td>';
|
||||
// Color (Possible colors are limited by Google)
|
||||
print '<td class="nowrap" align="right">';
|
||||
//print $formadmin->selectColor($conf->global->$color, "google_agenda_color".$key, $colorlist);
|
||||
|
||||
@@ -131,11 +131,16 @@ class Export
|
||||
//print_r("$perm[0]-$perm[1]-$perm[2]<br>");
|
||||
if (! empty($perm[2]))
|
||||
{
|
||||
$bool=$user->rights->$perm[0]->$perm[1]->$perm[2];
|
||||
$a=$perm[0];
|
||||
$b=$perm[1];
|
||||
$c=$perm[2];
|
||||
$bool=$user->rights->$a->$b->$c;
|
||||
}
|
||||
else
|
||||
{
|
||||
$bool=$user->rights->$perm[0]->$perm[1];
|
||||
$a=$perm[0];
|
||||
$b=$perm[1];
|
||||
$bool=$user->rights->$a->$b;
|
||||
}
|
||||
if ($perm[0]=='user' && $user->admin) $bool=true;
|
||||
if (! $bool) break;
|
||||
|
||||
@@ -19,7 +19,7 @@
|
||||
* Upgrade scripts can be ran from command line with syntax:
|
||||
*
|
||||
* cd htdocs/install
|
||||
* php upgrade.php 3.4.0 3.5.0
|
||||
* php upgrade.php 3.4.0 3.5.0 [dirmodule|ignoredbversion]
|
||||
* php upgrade2.php 3.4.0 3.5.0
|
||||
*
|
||||
* Return code is 0 if OK, >0 if error
|
||||
@@ -54,7 +54,8 @@ $setuplang=GETPOST("selectlang",'',3)?GETPOST("selectlang",'',3):'auto';
|
||||
$langs->setDefaultLang($setuplang);
|
||||
$versionfrom=GETPOST("versionfrom",'',3)?GETPOST("versionfrom",'',3):(empty($argv[1])?'':$argv[1]);
|
||||
$versionto=GETPOST("versionto",'',3)?GETPOST("versionto",'',3):(empty($argv[2])?'':$argv[2]);
|
||||
$versionmodule=GETPOST("versionmodule",'',3)?GETPOST("versionmodule",'',3):(empty($argv[3])?'':$argv[3]);
|
||||
$versionmodule=(GETPOST("versionmodule",'',3) && GETPOST("versionmodule",'',3) != 'ignoredbversion')?GETPOST("versionmodule",'',3):((empty($argv[3]) || $argv[3] == 'ignoredbversion')?'':$argv[3]);
|
||||
$ignoredbversion=(GETPOST('ignoredbversion','',3)=='ignoredbversion')?GETPOST('ignoredbversion','',3):((empty($argv[3]) || $argv[3] != 'ignoredbversion')?'':$argv[3]);
|
||||
|
||||
$langs->load("admin");
|
||||
$langs->load("install");
|
||||
|
||||
@@ -80,13 +80,15 @@ function test_sql_and_script_inject($val, $type)
|
||||
// For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
|
||||
if ($type != 2)
|
||||
{
|
||||
$sql_inj += preg_match('/delete[\s]+from/i', $val);
|
||||
$sql_inj += preg_match('/create[\s]+table/i', $val);
|
||||
$sql_inj += preg_match('/update.+set.+=/i', $val);
|
||||
$sql_inj += preg_match('/insert[\s]+into/i', $val);
|
||||
$sql_inj += preg_match('/select.+from/i', $val);
|
||||
$sql_inj += preg_match('/union.+select/i', $val);
|
||||
$sql_inj += preg_match('/(\.\.%2f)+/i', $val);
|
||||
$sql_inj += preg_match('/delete\s+from/i', $val);
|
||||
$sql_inj += preg_match('/create\s+table/i', $val);
|
||||
$sql_inj += preg_match('/update.+set.+=/i', $val);
|
||||
$sql_inj += preg_match('/insert\s+into/i', $val);
|
||||
$sql_inj += preg_match('/select.+from/i', $val);
|
||||
$sql_inj += preg_match('/union.+select/i', $val);
|
||||
$sql_inj += preg_match('/into\s+(outfile|dumpfile)/i', $val);
|
||||
$sql_inj += preg_match('/(\.\.%2f)+/i', $val);
|
||||
$sql_inj += preg_match('/onerror=/i', $val);
|
||||
}
|
||||
// For XSS Injection done by adding javascript with script
|
||||
// This is all cases a browser consider text is javascript:
|
||||
@@ -94,7 +96,8 @@ function test_sql_and_script_inject($val, $type)
|
||||
// All examples on page: http://ha.ckers.org/xss.html#XSScalc
|
||||
$sql_inj += preg_match('/<script/i', $val);
|
||||
if (! defined('NOSTYLECHECK')) $sql_inj += preg_match('/<style/i', $val);
|
||||
$sql_inj += preg_match('/base[\s]+href/i', $val);
|
||||
$sql_inj += preg_match('/base[\s]+href/si', $val);
|
||||
$sql_inj += preg_match('/<.*onmouse/si', $val); // onmouseover can be set on img or any html tag like <img title='>' onmouseover=alert(1)>
|
||||
if ($type == 1)
|
||||
{
|
||||
$sql_inj += preg_match('/javascript:/i', $val);
|
||||
|
||||
Reference in New Issue
Block a user