From 620dea9e29e09f2b9ed1f791fd2fb85a687bbe95 Mon Sep 17 00:00:00 2001 From: MDW Date: Mon, 13 Jan 2025 00:28:00 +0100 Subject: [PATCH 1/3] Qual: Fix ci by correcting PHPDoc typing # Qual: Fix ci by correcting PHPDoc typing Fix the return type, while reviewing the typing, also made some PHPDoc more specific --- htdocs/core/lib/security.lib.php | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index b5ed5542749..92afd4da700 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -1,8 +1,9 @@ * Copyright (C) 2008-2021 Regis Houssin * Copyright (C) 2020 Ferran Marcet - * Copyright (C) 2024 MDW + * Copyright (C) 2024-2025 MDW * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -234,15 +235,15 @@ function dolDecrypt($chain, $key = '') * If constant MAIN_SECURITY_SALT is defined, we use it as a salt (used only if hashing algorithm is something else than 'password_hash'). * * @param string $chain String to hash - * @param string $type Type of hash: - * 'auto' or '0': will use MAIN_SECURITY_HASH_ALGO else md5 - * 'sha1' or '1': sha1 - * 'sha1md5' or '2': sha1md5 - * 'md5' or '3': md5 - * 'openldapxxx' or '4': for OpenLdap - * 'sha256' or '5': sha256 - * 'password_hash' or '6': password_hash - * Use 'md5' if hash is not needed for security purpose. For security need, prefer 'auto'. + * @param 'auto'|'0'|'sha1'|'1'|'sha1md5'|'2'|'md5'|'3'|'openldap'|'4'|'sha256'|'5'|'password_hash'|'6' $type Type of hash: + * 'auto' or '0': will use MAIN_SECURITY_HASH_ALGO else md5 + * 'sha1' or '1': sha1 + * 'sha1md5' or '2': sha1md5 + * 'md5' or '3': md5 + * 'openldapxxx' or '4': for OpenLdap + * 'sha256' or '5': sha256 + * 'password_hash' or '6': password_hash + * Use 'md5' if hash is not needed for security purpose. For security need, prefer 'auto'. * @param int $nosalt Do not include any salt * @param int $mode 0=Return encoded password, 1=Return array with encoding password + encoding algorithm * @return string|array{pass_encrypted:string,pass_encoding:string} Hash of string or array with pass_encrypted and pass_encoding From d32ba0f1e161775ffb4c408b88741754f39b8581 Mon Sep 17 00:00:00 2001 From: MDW Date: Mon, 13 Jan 2025 02:10:37 +0100 Subject: [PATCH 2/3] Fix: Correct $search_ref typo into $search_ref_ext --- htdocs/contact/list.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 48d54d40f5f..9661927d240 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -12,7 +12,7 @@ * Copyright (C) 2019-2024 Frédéric France * Copyright (C) 2019 Josep Lluís Amador * Copyright (C) 2020 Open-Dsi - * Copyright (C) 2024 MDW + * Copyright (C) 2024-2025 MDW * Copyright (C) 2024 Benjamin Falière * * This program is free software; you can redistribute it and/or modify @@ -368,7 +368,7 @@ if (empty($reshook)) { if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All tests are required to be compatible with all browsers $search_all = ""; $search_id = ''; - $search_ref = ''; + $search_ref_ext = ''; $search_firstlast_only = ""; $search_lastname = ""; $search_firstname = ""; @@ -866,8 +866,8 @@ if ($search_all != '') { if ($search_id > 0) { $param .= "&search_id=".((int) $search_id); } -if ($search_ref) { - $param .= "&search_ref=".urlencode($search_ref); +if ($search_ref_ext) { + $param .= "&search_ref_ext=".urlencode($search_ref_ext); } if ($search_lastname != '') { $param .= '&search_lastname='.urlencode($search_lastname); From d8824dd141136bfeb0cf31182675745e273c54de Mon Sep 17 00:00:00 2001 From: MDW Date: Mon, 13 Jan 2025 02:15:26 +0100 Subject: [PATCH 3/3] Fix: Change hash type to 'md5' which was used for invalid 'master' type --- htdocs/public/eventorganization/attendee_new.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/public/eventorganization/attendee_new.php b/htdocs/public/eventorganization/attendee_new.php index d3099bbc36b..fa7613e14db 100644 --- a/htdocs/public/eventorganization/attendee_new.php +++ b/htdocs/public/eventorganization/attendee_new.php @@ -1,7 +1,7 @@ * Copyright (C) 2023 Laurent Destailleur - * Copyright (C) 2024 MDW + * Copyright (C) 2024-2025 MDW * Copyright (C) 2024 Frédéric France * * This program is free software; you can redistribute it and/or modify @@ -362,7 +362,7 @@ if (empty($reshook) && $action == 'add' && (!empty($conference->id) && $conferen // If the registration has already been paid for this attendee if (!empty($confattendee->date_subscription) && !empty($confattendee->amount)) { - $securekeyurl = dol_hash(getDolGlobalString('EVENTORGANIZATION_SECUREKEY') . 'conferenceorbooth'.$id, 'master'); + $securekeyurl = dol_hash(getDolGlobalString('EVENTORGANIZATION_SECUREKEY') . 'conferenceorbooth'.$id, 'md5'); $redirection = $dolibarr_main_url_root.'/public/eventorganization/subscriptionok.php?id='.((int) $id).'&securekey='.urlencode($securekeyurl); $mesg = $langs->trans("RegistrationAndPaymentWereAlreadyRecorded", $email);