Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 01:28:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Deug v23

Browse Source
This commit is contained in:
Laurent Destailleur
2025-11-26 21:07:41 +01:00
parent 5f437d983a
commit 6d4708914d
3 changed files with 31 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/admin/system/security.php
View File

@@ -978,9 +978,9 @@ print '<strong>MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES</strong> = '.(getDol
print ' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").": 1 - does not work on HTML5 with some old libxml libs)</span><br>";
print '<br>';
// MAIN_DISALLOW_URL_INTO_DESCRIPTIONS = 1, disallow url links except if on /medias
// MAIN_DISALLOW_URL_INTO_DESCRIPTIONS = 2, disallow all external urls link
print '<strong>MAIN_DISALLOW_URL_INTO_DESCRIPTIONS</strong> = '.getDolGlobalString('MAIN_DISALLOW_URL_INTO_DESCRIPTIONS', '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': 1=only local links allowed or 2=no links at all)</span>')."<br>";
// MAIN_DISALLOW_URL_INTO_DESCRIPTIONS = 1, disallow url links except if on the local wrapper document.php or viewimage.php
// MAIN_DISALLOW_URL_INTO_DESCRIPTIONS = 2, disallow all urls link
print '<strong>MAIN_DISALLOW_URL_INTO_DESCRIPTIONS</strong> = '.getDolGlobalString('MAIN_DISALLOW_URL_INTO_DESCRIPTIONS', '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': 1=only local links allowed (to wrapper document.php or image.php) or 2=no links at all)</span>')."<br>";
print '<br>';
print '<strong>MAIN_ALLOW_SVG_FILES_AS_EXTERNAL_LINKS</strong> = '.getDolGlobalString('MAIN_ALLOW_SVG_FILES_AS_EXTERNAL_LINKS', '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)</span>')."<br>";

28
htdocs/core/lib/functions.lib.php
View File

@@ -9540,22 +9540,44 @@ function dol_htmlwithnojs($stringtoencode, $nouseofiframesandbox = 0, $check = '
$out = 'ErrorHTMLLinksNotAllowed';
}
} elseif (getDolGlobalInt('MAIN_DISALLOW_URL_INTO_DESCRIPTIONS') == 1) {
// Refuse any links except it they are to the wrapper document.php or viewimage.php
$nblinks = 0;
// Loop on each url in src= and url(
$pattern = '/src=["\']?(http[^"\']+)|url\(["\']?(http[^\)]+)/';
global $dolibarr_main_url_root;
$matches = array();
if (preg_match_all($pattern, $out, $matches)) {
// URLs are into $matches[1]
$urls = $matches[1];
// Affiche les URLs
// Show URLs
$firstexturl = '';
$secondexturl = '';
foreach ($urls as $url) {
$urlok = 0;
$parsedurl = parse_url($url);
if (!empty($parsedurl)) {
if (preg_match('/'.preg_quote($dolibarr_main_url_root, '/').'/', $url)
//&& preg_match('/(document|viewimage)\.php$/', $parsedurl['path']) && preg_match('/modulepart=(media|mycompany)/', $parsedurl['query'])
) {
$urlok = 1;
}
}
if (!$urlok) {
$nblinks++;
echo "Found url = " . $url . "\n";
if (empty($firstexturl)) {
$firstexturl = $url;
} elseif (empty($secondexturl)) {
$secondexturl = $url;
}
//echo "Found url = ".$url . "\n";
}
}
if ($nblinks > 0) {
$out = 'ErrorHTMLExternalLinksNotAllowed';
$out = 'ErrorHTMLExternalLinksNotAllowed (Example: '.$firstexturl.($secondexturl ? ' '.$secondexturl : '').')';
}
}
}

2
htdocs/install/doctemplates/maillayout/basic.html
View File

@@ -20,6 +20,8 @@ body {
<h1 style="text-align: center;"><strong><span style="font-size:36px">__SUBJECT__</span></strong></h1>
<br><br>
<!-- PRODUCTS_START -->
<span style="font-size:16px">__CONTENTOFMAILHOLDER__</span>
<!-- PRODUCTS_END -->