mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-12-06 09:38:23 +01:00
Debug v20
This commit is contained in:
Laurent Destailleur
@@ -390,12 +390,10 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
|
||||
$targetdir = ($object->target_directory ? $object->target_directory : ''); // Can be '[Gmail]/Trash' or 'mytag'
|
||||
|
||||
$connection = null;
|
||||
$connectstringserver = '';
|
||||
$connectstringserver = $object->getConnectStringIMAP(); // Note: $object->host has been loaded by the fetch
|
||||
$connectstringsource = '';
|
||||
$connectstringtarget = '';
|
||||
|
||||
// Note: $object->host has been loaded by the fetch
|
||||
$connectstringserver = $object->getConnectStringIMAP();
|
||||
|
||||
if ($action == 'scan') {
|
||||
if (getDolGlobalString('MAIN_IMAP_USE_PHPIMAP')) {
|
||||
@@ -603,6 +601,16 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
|
||||
print '<div class="underbanner clearboth"></div>';
|
||||
print '<table class="border centpercent tableforfield">'."\n";
|
||||
|
||||
// Clean info (in view mode only)
|
||||
if ($object->acces_type == 0) {
|
||||
// If authent is using LOGIN and not OAUTHTOKEN, we don't need to show the OAUTH token
|
||||
unset($object->fields['oauth_service']);
|
||||
}
|
||||
if ($object->acces_type == 1) {
|
||||
// If authent is using OAUTHTOKEN, we don't need to show the password
|
||||
unset($object->fields['password']);
|
||||
}
|
||||
|
||||
// Common attributes
|
||||
//$keyforbreak='fieldkeytoswithonsecondcolumn';
|
||||
include DOL_DOCUMENT_ROOT.'/core/tpl/commonfields_view.tpl.php';
|
||||
@@ -760,7 +768,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
|
||||
// Add operation
|
||||
print '<tr class="oddeven nodrag nodrop">';
|
||||
print '<td>';
|
||||
print $form->selectarray('operationtype', $arrayoftypes, '', 1, 0, 0, '', 1, 0, 0, '', 'minwidth150 maxwidth300', 1);
|
||||
print $form->selectarray('operationtype', $arrayoftypes, '', 1, 0, 0, '', 1, 0, 0, '', 'minwidth150 maxwidth250', 1);
|
||||
print '</td><td>';
|
||||
print '<textarea class="centpercent" name="operationparam" rows="3"></textarea>';
|
||||
print '</td>';
|
||||
|
||||
@@ -1185,8 +1185,8 @@ function sanitizeVal($out = '', $check = 'alphanohtml', $filter = null, $options
|
||||
$oldstringtoclean = $out;
|
||||
// Remove html tags
|
||||
$out = dol_string_nohtmltag($out, 0);
|
||||
// Convert '\' used for windows path into '/' so we can use for path but not for octal syntax \999, hexa syntax \x999 and unicode syntax \u{999}
|
||||
$out = str_ireplace('\\', '/', $out);
|
||||
// Refuse octal syntax \999, hexa syntax \x999 and unicode syntax \u{999} by replacing the \ into / (so if it is a \ for a windows path, it is still ok).
|
||||
$out = preg_replace('/\\\([0-9xu])/', '/\1', $out);
|
||||
// Remove also other dangerous string sequences
|
||||
// '../' or '..\' is dangerous because it allows dir transversals
|
||||
// '&', '&', '&'... is a the char '&' alone but there is no reason to accept such way to encode input char
|
||||
@@ -1205,8 +1205,8 @@ function sanitizeVal($out = '', $check = 'alphanohtml', $filter = null, $options
|
||||
$oldstringtoclean = $out;
|
||||
// Decode html entities
|
||||
$out = dol_html_entity_decode($out, ENT_COMPAT | ENT_HTML5, 'UTF-8');
|
||||
// Convert '\' used for windows path into '/' so we can use for path but not for octal syntax \999, hexa syntax \x999 and unicode syntax \u{999}
|
||||
$out = str_ireplace('\\', '/', $out);
|
||||
// Refuse octal syntax \999, hexa syntax \x999 and unicode syntax \u{999} by replacing the \ into / (so if it is a \ for a windows path, it is still ok).
|
||||
$out = preg_replace('/\\\([0-9xu])/', '/\1', $out);
|
||||
// Remove also other dangerous string sequences
|
||||
// '../' or '..\' is dangerous because it allows dir transversals
|
||||
// '&', '&', '&'... is a the char '&' alone but there is no reason to accept such way to encode input char
|
||||
@@ -14340,6 +14340,7 @@ function show_actions_messaging($conf, $langs, $db, $filterobj, $objcon = null,
|
||||
*/
|
||||
function GETPOSTDATE($prefix, $hourTime = '', $gm = 'auto')
|
||||
{
|
||||
$m = array();
|
||||
if ($hourTime === 'getpost') {
|
||||
$hour = GETPOSTINT($prefix . 'hour');
|
||||
$minute = GETPOSTINT($prefix . 'minute');
|
||||
|
||||
@@ -3470,7 +3470,11 @@ class EmailCollector extends CommonObject
|
||||
|
||||
$this->datelastresult = $now;
|
||||
$this->lastresult = $output;
|
||||
if (getDolGlobalString('MAIN_IMAP_USE_PHPIMAP')) {
|
||||
$this->debuginfo .= 'IMAP search array used : '.$search;
|
||||
} else {
|
||||
$this->debuginfo .= 'IMAP search string used : '.$search;
|
||||
}
|
||||
if ($searchhead) {
|
||||
$this->debuginfo .= '<br>Then search string into email header : '.dol_escape_htmltag($searchhead);
|
||||
}
|
||||
|
||||
@@ -309,6 +309,7 @@ class SecurityTest extends CommonClassTest
|
||||
$_GET["param3"] = '"na/b#e(pr)qq-rr\cc'; // Same than param2 + " and n
|
||||
$_GET["param4a"] = '../../dir';
|
||||
$_GET["param4b"] = '..\..\dirwindows';
|
||||
$_GET["param4c"] = '\a123 \123 \u123 \x123';
|
||||
$_GET["param5"] = "a_1-b";
|
||||
$_POST["param6"] = ""><svg onload='console.log("123")'>";
|
||||
$_POST["param6b"] = '<<<../>../>../svg><<<../>../>../animate =alert(1)>abc';
|
||||
@@ -358,19 +359,23 @@ class SecurityTest extends CommonClassTest
|
||||
|
||||
$result = GETPOST("param2", 'alpha');
|
||||
print __METHOD__." result=".$result."\n";
|
||||
$this->assertEquals($result, 'a/b#e(pr)qq-rr/cc', 'Test on param2');
|
||||
$this->assertEquals('a/b#e(pr)qq-rr\cc', $result, 'Test on param2');
|
||||
|
||||
$result = GETPOST("param3", 'alpha'); // Must return string sanitized from char "
|
||||
print __METHOD__." result=".$result."\n";
|
||||
$this->assertEquals($result, 'na/b#e(pr)qq-rr/cc', 'Test on param3');
|
||||
$this->assertEquals('na/b#e(pr)qq-rr\cc', $result, 'Test on param3');
|
||||
|
||||
$result = GETPOST("param4a", 'alpha'); // Must return string sanitized from ../
|
||||
print __METHOD__." result=".$result."\n";
|
||||
$this->assertEquals($result, 'dir');
|
||||
$this->assertEquals('dir', $result);
|
||||
|
||||
$result = GETPOST("param4b", 'alpha'); // Must return string sanitized from ../
|
||||
print __METHOD__." result=".$result."\n";
|
||||
$this->assertEquals($result, 'dirwindows');
|
||||
$this->assertEquals('dirwindows', $result);
|
||||
|
||||
$result = GETPOST("param4c", 'alpha'); // Must return string sanitized from ../
|
||||
print __METHOD__." result=".$result."\n";
|
||||
$this->assertEquals('\a123 /123 /u123 /x123', $result);
|
||||
|
||||
// Test with aZ09
|
||||
|
||||
@@ -1185,35 +1190,6 @@ class SecurityTest extends CommonClassTest
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* testCheckLoginPassEntity
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function testCheckLoginPassEntity()
|
||||
{
|
||||
$login = checkLoginPassEntity('loginbidon', 'passwordbidon', 1, array('dolibarr'));
|
||||
print __METHOD__." login=".$login."\n";
|
||||
$this->assertEquals($login, '');
|
||||
|
||||
$login = checkLoginPassEntity('admin', 'passwordbidon', 1, array('dolibarr'));
|
||||
print __METHOD__." login=".$login."\n";
|
||||
$this->assertEquals($login, '');
|
||||
|
||||
$login = checkLoginPassEntity('admin', 'admin', 1, array('dolibarr')); // Should works because admin/admin exists
|
||||
print __METHOD__." login=".$login."\n";
|
||||
$this->assertEquals($login, 'admin', 'The test to check if pass of user "admin" is "admin" has failed');
|
||||
|
||||
$login = checkLoginPassEntity('admin', 'admin', 1, array('http','dolibarr')); // Should work because of second authentication method
|
||||
print __METHOD__." login=".$login."\n";
|
||||
$this->assertEquals($login, 'admin');
|
||||
|
||||
$login = checkLoginPassEntity('admin', 'admin', 1, array('forceuser'));
|
||||
print __METHOD__." login=".$login."\n";
|
||||
$this->assertEquals('', $login, 'Error'); // Expected '' because should failed because login 'auto' does not exists
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* testRealCharforNumericEntities()
|
||||
*
|
||||
@@ -1278,4 +1254,33 @@ class SecurityTest extends CommonClassTest
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* testCheckLoginPassEntity
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function testCheckLoginPassEntity()
|
||||
{
|
||||
$login = checkLoginPassEntity('loginbidon', 'passwordbidon', 1, array('dolibarr'));
|
||||
print __METHOD__." login=".$login."\n";
|
||||
$this->assertEquals($login, '');
|
||||
|
||||
$login = checkLoginPassEntity('admin', 'passwordbidon', 1, array('dolibarr'));
|
||||
print __METHOD__." login=".$login."\n";
|
||||
$this->assertEquals($login, '');
|
||||
|
||||
$login = checkLoginPassEntity('admin', 'admin', 1, array('dolibarr')); // Should works because admin/admin exists
|
||||
print __METHOD__." login=".$login."\n";
|
||||
$this->assertEquals($login, 'admin', 'The test to check if pass of user "admin" is "admin" has failed');
|
||||
|
||||
$login = checkLoginPassEntity('admin', 'admin', 1, array('http','dolibarr')); // Should work because of second authentication method
|
||||
print __METHOD__." login=".$login."\n";
|
||||
$this->assertEquals($login, 'admin');
|
||||
|
||||
$login = checkLoginPassEntity('admin', 'admin', 1, array('forceuser'));
|
||||
print __METHOD__." login=".$login."\n";
|
||||
$this->assertEquals('', $login, 'Error'); // Expected '' because should failed because login 'auto' does not exists
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user