diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index dbe855da248..989a42524c3 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -229,13 +229,68 @@ if ($action == 'install' && $allowonlineinstall) { } } - if (!$error) { - // TODO Make more test - } - dol_syslog("Uncompress of module file is a success."); - // We check if this is a metapackage + // Load module into $objMod + /* + $modulesdir = array($modulenamedir.'/core/modules/'); + foreach ($modulesdir as $dir) { + // Load modules attributes in arrays (name, numero, orders) from dir directory + //print $dir."\n
"; + dol_syslog("Scan directory ".$dir." for module descriptor files (modXXX.class.php)"); + $handle = @opendir($dir); + if (is_resource($handle)) { + while (($file = readdir($handle)) !== false) { + print $dir." ".$file."\n
"; + if (is_readable($dir.$file) && substr($file, 0, 3) == 'mod' && substr($file, dol_strlen($file) - 10) == '.class.php') { + $modName = substr($file, 0, dol_strlen($file) - 10); + if ($modName) { + try { + $res = include_once $dir.$file; // A class already exists in a different file will send a non catchable fatal error. + $modName = substr($file, 0, dol_strlen($file) - 10); + if ($modName) { + if (class_exists($modName)) { + $objMod = new $modName($db); + '@phan-var-force DolibarrModules $objMod'; + + //var_dump($objMod); + } + } + } catch(Exception $e) { + // Nothing done + } + } + } + } + } + } + */ + + // Check if module is in the remote malware list + if (!$error) { + if (GETPOST('checkforcompliance') == 'on') { + try { + $res = include_once DOL_DOCUMENT_ROOT.'/core/modules/DolibarrModules.class.php'; + $dolibarrmodule = new DolibarrModules($db); + $checkRes = $dolibarrmodule->checkForcompliance($modulename); + + if (!is_numeric($checkRes) && $checkRes != '') { + $langs->load("errors"); + setEventMessages($modulename.' : '.$langs->trans($checkRes), null, 'errors'); + } + + $error++; + } catch (Exception $e) { + // Nothing done + } + } + } + + if (!$error) { + // TODO Make more test ??? + } + + // We check if this is a metapackage (and wecomplete with child packages) $modulenamearrays = array(); if (dol_is_file($modulenamedir.'/metapackage.conf')) { // This is a meta package @@ -245,32 +300,34 @@ if ($action == 'install' && $allowonlineinstall) { $modulenamearrays[$modulename] = $modulename; //var_dump($modulenamearrays);exit; - // Lop on each package of the metapackage - foreach ($modulenamearrays as $modulenameval) { - if (strpos($modulenameval, '#') === 0) { - continue; // Discard comments - } - if (strpos($modulenameval, '//') === 0) { - continue; // Discard comments - } - if (!trim($modulenameval)) { - continue; - } - - // Now we install the module - if (!$error) { - @dol_delete_dir_recursive($dirins.'/'.$modulenameval); // delete the target directory - $submodulenamedir = $conf->admin->dir_temp.'/'.$tmpdir.'/'.$modulenameval; - if (!dol_is_dir($submodulenamedir)) { - $submodulenamedir = $conf->admin->dir_temp.'/'.$tmpdir.'/htdocs/'.$modulenameval; + // Lop on each packages (can have several if package is a metapackage) + if (! $error) { + foreach ($modulenamearrays as $modulenameval) { + if (strpos($modulenameval, '#') === 0) { + continue; // Discard comments } - dol_syslog("We copy now directory ".$submodulenamedir." into target dir ".$dirins.'/'.$modulenameval); - $result = dolCopyDir($submodulenamedir, $dirins.'/'.$modulenameval, '0444', 1); - if ($result <= 0) { - dol_syslog('Failed to call dolCopyDir result='.$result." with param ".$submodulenamedir." and ".$dirins.'/'.$modulenameval, LOG_WARNING); - $langs->load("errors"); - setEventMessages($langs->trans("ErrorFailToCopyDir", $submodulenamedir, $dirins.'/'.$modulenameval), null, 'errors'); - $error++; + if (strpos($modulenameval, '//') === 0) { + continue; // Discard comments + } + if (!trim($modulenameval)) { + continue; + } + + // Now we install the module + if (!$error) { + @dol_delete_dir_recursive($dirins.'/'.$modulenameval); // delete the target directory + $submodulenamedir = $conf->admin->dir_temp.'/'.$tmpdir.'/'.$modulenameval; + if (!dol_is_dir($submodulenamedir)) { + $submodulenamedir = $conf->admin->dir_temp.'/'.$tmpdir.'/htdocs/'.$modulenameval; + } + dol_syslog("We copy now directory ".$submodulenamedir." into target dir ".$dirins.'/'.$modulenameval); + $result = dolCopyDir($submodulenamedir, $dirins.'/'.$modulenameval, '0444', 1); + if ($result <= 0) { + dol_syslog('Failed to call dolCopyDir result='.$result." with param ".$submodulenamedir." and ".$dirins.'/'.$modulenameval, LOG_WARNING); + $langs->load("errors"); + setEventMessages($langs->trans("ErrorFailToCopyDir", $submodulenamedir, $dirins.'/'.$modulenameval), null, 'errors'); + $error++; + } } } } @@ -281,30 +338,6 @@ if ($action == 'install' && $allowonlineinstall) { } } - /* - if (!$error) { - if (GETPOST('checkforcompliance')) { - $dir = $dirins; - $file = $modulenameval; - // $installedmodule - try { - $res = include_once $dir.$file; // A class already exists in a different file will send a non catchable fatal error. - $modName = substr($file, 0, dol_strlen($file) - 10); - if ($modName) { - if (class_exists($modName)) { - $objMod = new $modName($db); - '@phan-var-force DolibarrModules $objMod'; - - //var_dump($objMod); - } - } - } catch(Exception $e) { - // Nothing done - } - } - } - */ - if (!$error) { $searchParams = array( 'search_keyword' => $modulenameval, @@ -318,8 +351,6 @@ if ($action == 'install' && $allowonlineinstall) { $message = $langs->trans("SetupIsReadyForUse", $redirectUrl, $langs->transnoentitiesnoconv("Home").' - '.$langs->transnoentitiesnoconv("Setup").' - '.$langs->transnoentitiesnoconv("Modules")); setEventMessages($message, null, 'warnings'); - header('Location: ' . $redirectUrl); - exit; } } elseif ($action == 'install' && !$allowonlineinstall) { httponly_accessforbidden("You try to bypass the protection to disallow deployment of an external module. Hack attempt ?"); @@ -1303,13 +1334,13 @@ if ($mode == 'deploy') { print '
'; } - print '
'; - // $allowfromweb = -1 if installation or setup not correct, 0 if not allowed, 1 if allowed if ($allowfromweb >= 0) { if ($allowfromweb == 1) { //print $langs->trans("ThisIsProcessToFollow").'
'; } else { + print '
'; + print $langs->trans("ThisIsAlternativeProcessToFollow").'
'; print ''.$langs->trans("StepNb", 1).': '; print str_replace('{s1}', $fullurl, $langs->trans("FindPackageFromWebSite", '{s1}')).'
'; @@ -1324,10 +1355,10 @@ if ($mode == 'deploy') { print ''; print ''; - print $langs->trans("YouCanSubmitFile").'

'; + print $langs->trans("YouCanSubmitFile").'


'; print ''; - print ''; + print ''; print '

'; $max = getDolGlobalString('MAIN_UPLOAD_DOC'); // In Kb diff --git a/htdocs/core/modules/DolibarrModules.class.php b/htdocs/core/modules/DolibarrModules.class.php index 475e3f84486..397ccd65d34 100644 --- a/htdocs/core/modules/DolibarrModules.class.php +++ b/htdocs/core/modules/DolibarrModules.class.php @@ -2710,12 +2710,17 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it * Check for module compliance with Dolibarr rules and law * If a module is reported by this function,it is surely a malware. Delete it as soon as possible. * - * @return int|string Return integer <0 if Error, 0 == not compliant, 'string' with message if module not compliant + * @param string $nametocheck Name to check + * @return int|string Return integer <0 if Error, 0 == not compliant, 'string' with message if module not compliant */ - public function checkForCompliance() + public function checkForCompliance($nametocheck) { global $conf, $langs; + if (empty($nametocheck)) { + $nametocheck = $this->name; + } + // Get list of illegal modules name or ID if (empty($conf->cache['noncompliantmodules'])) { require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php'; @@ -2749,7 +2754,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it } if (!empty($conf->cache['noncompliantmodules'])) { - $modulekey = strtolower($this->name); + $modulekey = strtolower($nametocheck); if (in_array($modulekey, array_keys($conf->cache['noncompliantmodules']))) { $answer = trim($conf->cache['noncompliantmodules'][$modulekey]['message']); if (!empty($conf->cache['noncompliantmodules'][$modulekey]['message2'])) { diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index da87a6b9cf4..bcfebcbc286 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -2574,4 +2574,5 @@ SALES_ORDER_SHOW_SHIPPING_ADDRESSMore=Compulsory indication in some countries (F MaxNbOfRecordOnListIsOk=You have a max size for lists is set to %s lines. This is a good value. YouHaveALargeAmountOfRecordOnLists=You have a default max size for lists set to %s lines. This is a large value that need scrolling to see all answers. It is better to have a value lower than %s and use pagination to see record over this number. Change this in menu Home - Setup - Display. RoundBorders=Round borders -CheckIfModuleIsNotBlackListed=Some modules may be provided by some companies that do not respect the project's rules of goodwill (non-compliance with GDPR, violation of the rules tof use the Dolibarr brand name, etc.). By checking this box, a request will be made to the project server to see if a report was received about this module, and will protect you by blocking the deployment if module is flagged as this. +CheckIfModuleIsNotBlackListed=Block install for modules found into the Remote blacklist +CheckIfModuleIsNotBlackListedHelp=Some modules may be provided by some companies that do not respect the project's rules of goodwill (non-compliance with GDPR, violation of the rules tof use the Dolibarr brand name, etc.). By checking this box, a request will be made to the project server to see if a report was received about this module, and will protect you by blocking the deployment of flagged modules diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index 203f463b048..ecc1019ff89 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -391,7 +391,7 @@ WarningReadBankAlsoAllowedIfUserHasPermission=Warning, reading bank account is a WarningNoDataTransferedInAccountancyYet=Please note, there is no data in the accounting table. Please transfer your data recorded in the application to the accounting section or change the calculation mode to analyze the data recorded outside of accounting. WarningChangingThisMayBreakStopTaskScheduler=Warning, changing this value may disable the scheduler WarningAmountOfFileDiffersFromSumOfLines=Warning, amount of file (%s) differs from the sum of lines (%s) -WarningModuleAffiliatedToAReportedCompany=Warning, this module has been reported to the Dolibarr foundation as being published by a company using illegal practices (non-compliance with the rules for using the Dolibarr brand, collecting your data without your consent or deploying malware). Use it at your own risk! +WarningModuleAffiliatedToAReportedCompany=Warning, this module has been reported to the Dolibarr foundation as being published by a company using illegal practices (non-compliance with the rules for using the Dolibarr brand, collecting your data without your consent or deploying malware). WarningModuleAffiliatedToAPiratPlatform=Be careful when getting a module (paid or free) from a suspicious non official platform like %s SwissQrOnlyVIR = SwissQR invoice can only be added on invoices set to be paid with credit transfer payments.