mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-12-10 19:41:26 +01:00
Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into develop
This commit is contained in:
Laurent Destailleur
@@ -309,57 +309,58 @@ print '<br>';
|
|||||||
|
|
||||||
// Parameters in conf.php file (when a parameter start with ?, it is shown only if defined)
|
// Parameters in conf.php file (when a parameter start with ?, it is shown only if defined)
|
||||||
$configfileparameters = array(
|
$configfileparameters = array(
|
||||||
'dolibarr_main_url_root' => $langs->trans("URLRoot"),
|
'dolibarr_main_prod' => 'Production mode (Hide all error messages)',
|
||||||
'?dolibarr_main_url_root_alt' => $langs->trans("URLRoot").' (alt)',
|
'dolibarr_main_instance_unique_id' => $langs->trans("InstanceUniqueID"),
|
||||||
'dolibarr_main_document_root'=> $langs->trans("DocumentRootServer"),
|
'separator0' => '',
|
||||||
'?dolibarr_main_document_root_alt' => $langs->trans("DocumentRootServer").' (alt)',
|
'dolibarr_main_url_root' => $langs->trans("URLRoot"),
|
||||||
'dolibarr_main_data_root' => $langs->trans("DataRootServer"),
|
'?dolibarr_main_url_root_alt' => $langs->trans("URLRoot").' (alt)',
|
||||||
'dolibarr_main_instance_unique_id' => $langs->trans("InstanceUniqueID"),
|
'dolibarr_main_document_root'=> $langs->trans("DocumentRootServer"),
|
||||||
'separator1' => '',
|
'?dolibarr_main_document_root_alt' => $langs->trans("DocumentRootServer").' (alt)',
|
||||||
'dolibarr_main_db_host' => $langs->trans("DatabaseServer"),
|
'dolibarr_main_data_root' => $langs->trans("DataRootServer"),
|
||||||
'dolibarr_main_db_port' => $langs->trans("DatabasePort"),
|
'separator1' => '',
|
||||||
'dolibarr_main_db_name' => $langs->trans("DatabaseName"),
|
'dolibarr_main_db_host' => $langs->trans("DatabaseServer"),
|
||||||
'dolibarr_main_db_type' => $langs->trans("DriverType"),
|
'dolibarr_main_db_port' => $langs->trans("DatabasePort"),
|
||||||
'dolibarr_main_db_user' => $langs->trans("DatabaseUser"),
|
'dolibarr_main_db_name' => $langs->trans("DatabaseName"),
|
||||||
'dolibarr_main_db_pass' => $langs->trans("DatabasePassword"),
|
'dolibarr_main_db_type' => $langs->trans("DriverType"),
|
||||||
'dolibarr_main_db_character_set' => $langs->trans("DBStoringCharset"),
|
'dolibarr_main_db_user' => $langs->trans("DatabaseUser"),
|
||||||
'dolibarr_main_db_collation' => $langs->trans("DBSortingCollation"),
|
'dolibarr_main_db_pass' => $langs->trans("DatabasePassword"),
|
||||||
'?dolibarr_main_db_prefix' => $langs->trans("Prefix"),
|
'dolibarr_main_db_character_set' => $langs->trans("DBStoringCharset"),
|
||||||
'separator2' => '',
|
'dolibarr_main_db_collation' => $langs->trans("DBSortingCollation"),
|
||||||
'dolibarr_main_authentication' => $langs->trans("AuthenticationMode"),
|
'?dolibarr_main_db_prefix' => $langs->trans("DatabasePrefix"),
|
||||||
'?multicompany_transverse_mode'=> $langs->trans("MultiCompanyMode"),
|
'separator2' => '',
|
||||||
'separator'=> '',
|
'dolibarr_main_authentication' => $langs->trans("AuthenticationMode"),
|
||||||
'?dolibarr_main_auth_ldap_login_attribute' => 'dolibarr_main_auth_ldap_login_attribute',
|
'?multicompany_transverse_mode'=> $langs->trans("MultiCompanyMode"),
|
||||||
'?dolibarr_main_auth_ldap_host' => 'dolibarr_main_auth_ldap_host',
|
'separator'=> '',
|
||||||
'?dolibarr_main_auth_ldap_port' => 'dolibarr_main_auth_ldap_port',
|
'?dolibarr_main_auth_ldap_login_attribute' => 'dolibarr_main_auth_ldap_login_attribute',
|
||||||
'?dolibarr_main_auth_ldap_version' => 'dolibarr_main_auth_ldap_version',
|
'?dolibarr_main_auth_ldap_host' => 'dolibarr_main_auth_ldap_host',
|
||||||
'?dolibarr_main_auth_ldap_dn' => 'dolibarr_main_auth_ldap_dn',
|
'?dolibarr_main_auth_ldap_port' => 'dolibarr_main_auth_ldap_port',
|
||||||
'?dolibarr_main_auth_ldap_admin_login' => 'dolibarr_main_auth_ldap_admin_login',
|
'?dolibarr_main_auth_ldap_version' => 'dolibarr_main_auth_ldap_version',
|
||||||
'?dolibarr_main_auth_ldap_admin_pass' => 'dolibarr_main_auth_ldap_admin_pass',
|
'?dolibarr_main_auth_ldap_dn' => 'dolibarr_main_auth_ldap_dn',
|
||||||
'?dolibarr_main_auth_ldap_debug' => 'dolibarr_main_auth_ldap_debug',
|
'?dolibarr_main_auth_ldap_admin_login' => 'dolibarr_main_auth_ldap_admin_login',
|
||||||
'separator3' => '',
|
'?dolibarr_main_auth_ldap_admin_pass' => 'dolibarr_main_auth_ldap_admin_pass',
|
||||||
'?dolibarr_lib_ADODB_PATH' => 'dolibarr_lib_ADODB_PATH',
|
'?dolibarr_main_auth_ldap_debug' => 'dolibarr_main_auth_ldap_debug',
|
||||||
'?dolibarr_lib_FPDF_PATH' => 'dolibarr_lib_FPDF_PATH',
|
'separator3' => '',
|
||||||
'?dolibarr_lib_TCPDF_PATH' => 'dolibarr_lib_TCPDF_PATH',
|
'?dolibarr_lib_ADODB_PATH' => 'dolibarr_lib_ADODB_PATH',
|
||||||
'?dolibarr_lib_FPDI_PATH' => 'dolibarr_lib_FPDI_PATH',
|
'?dolibarr_lib_FPDF_PATH' => 'dolibarr_lib_FPDF_PATH',
|
||||||
'?dolibarr_lib_TCPDI_PATH' => 'dolibarr_lib_TCPDI_PATH',
|
'?dolibarr_lib_TCPDF_PATH' => 'dolibarr_lib_TCPDF_PATH',
|
||||||
'?dolibarr_lib_NUSOAP_PATH' => 'dolibarr_lib_NUSOAP_PATH',
|
'?dolibarr_lib_FPDI_PATH' => 'dolibarr_lib_FPDI_PATH',
|
||||||
'?dolibarr_lib_GEOIP_PATH' => 'dolibarr_lib_GEOIP_PATH',
|
'?dolibarr_lib_TCPDI_PATH' => 'dolibarr_lib_TCPDI_PATH',
|
||||||
'?dolibarr_lib_ODTPHP_PATH' => 'dolibarr_lib_ODTPHP_PATH',
|
'?dolibarr_lib_NUSOAP_PATH' => 'dolibarr_lib_NUSOAP_PATH',
|
||||||
'?dolibarr_lib_ODTPHP_PATHTOPCLZIP' => 'dolibarr_lib_ODTPHP_PATHTOPCLZIP',
|
'?dolibarr_lib_GEOIP_PATH' => 'dolibarr_lib_GEOIP_PATH',
|
||||||
'?dolibarr_js_CKEDITOR' => 'dolibarr_js_CKEDITOR',
|
'?dolibarr_lib_ODTPHP_PATH' => 'dolibarr_lib_ODTPHP_PATH',
|
||||||
'?dolibarr_js_JQUERY' => 'dolibarr_js_JQUERY',
|
'?dolibarr_lib_ODTPHP_PATHTOPCLZIP' => 'dolibarr_lib_ODTPHP_PATHTOPCLZIP',
|
||||||
'?dolibarr_js_JQUERY_UI' => 'dolibarr_js_JQUERY_UI',
|
'?dolibarr_js_CKEDITOR' => 'dolibarr_js_CKEDITOR',
|
||||||
'?dolibarr_font_DOL_DEFAULT_TTF' => 'dolibarr_font_DOL_DEFAULT_TTF',
|
'?dolibarr_js_JQUERY' => 'dolibarr_js_JQUERY',
|
||||||
'?dolibarr_font_DOL_DEFAULT_TTF_BOLD' => 'dolibarr_font_DOL_DEFAULT_TTF_BOLD',
|
'?dolibarr_js_JQUERY_UI' => 'dolibarr_js_JQUERY_UI',
|
||||||
'separator4' => '',
|
'?dolibarr_font_DOL_DEFAULT_TTF' => 'dolibarr_font_DOL_DEFAULT_TTF',
|
||||||
'dolibarr_main_prod' => 'Production mode (Hide all error messages)',
|
'?dolibarr_font_DOL_DEFAULT_TTF_BOLD' => 'dolibarr_font_DOL_DEFAULT_TTF_BOLD',
|
||||||
'dolibarr_main_restrict_os_commands' => 'Restrict CLI commands for backups',
|
'separator4' => '',
|
||||||
'dolibarr_main_restrict_ip' => 'Restrict access to some IPs only',
|
'dolibarr_main_restrict_os_commands' => 'Restrict CLI commands for backups',
|
||||||
'?dolibarr_mailing_limit_sendbyweb' => 'Limit nb of email sent by page',
|
'dolibarr_main_restrict_ip' => 'Restrict access to some IPs only',
|
||||||
'?dolibarr_mailing_limit_sendbycli' => 'Limit nb of email sent by cli',
|
'?dolibarr_mailing_limit_sendbyweb' => 'Limit nb of email sent by page',
|
||||||
'?dolibarr_strict_mode' => 'Strict mode is on/off',
|
'?dolibarr_mailing_limit_sendbycli' => 'Limit nb of email sent by cli',
|
||||||
'?dolibarr_nocsrfcheck' => 'Disable CSRF security checks'
|
'?dolibarr_strict_mode' => 'Strict mode is on/off',
|
||||||
|
'?dolibarr_nocsrfcheck' => 'Disable CSRF security checks'
|
||||||
);
|
);
|
||||||
|
|
||||||
print '<div class="div-table-responsive-no-min">';
|
print '<div class="div-table-responsive-no-min">';
|
||||||
@@ -400,8 +401,10 @@ foreach ($configfileparameters as $key => $value) {
|
|||||||
if (in_array($newkey, array('dolibarr_main_db_pass', 'dolibarr_main_auth_ldap_admin_pass'))) {
|
if (in_array($newkey, array('dolibarr_main_db_pass', 'dolibarr_main_auth_ldap_admin_pass'))) {
|
||||||
if (empty($dolibarr_main_prod)) {
|
if (empty($dolibarr_main_prod)) {
|
||||||
print '<!-- '.${$newkey}.' -->';
|
print '<!-- '.${$newkey}.' -->';
|
||||||
|
print showValueWithClipboardCPButton(${$newkey}, 0, '********');
|
||||||
|
} else {
|
||||||
|
print '**********';
|
||||||
}
|
}
|
||||||
print '**********';
|
|
||||||
} elseif ($newkey == 'dolibarr_main_url_root' && preg_match('/__auto__/', ${$newkey})) {
|
} elseif ($newkey == 'dolibarr_main_url_root' && preg_match('/__auto__/', ${$newkey})) {
|
||||||
print ${$newkey}.' => '.constant('DOL_MAIN_URL_ROOT');
|
print ${$newkey}.' => '.constant('DOL_MAIN_URL_ROOT');
|
||||||
} elseif ($newkey == 'dolibarr_main_document_root_alt') {
|
} elseif ($newkey == 'dolibarr_main_document_root_alt') {
|
||||||
@@ -420,9 +423,14 @@ foreach ($configfileparameters as $key => $value) {
|
|||||||
}
|
}
|
||||||
} elseif ($newkey == 'dolibarr_main_instance_unique_id') {
|
} elseif ($newkey == 'dolibarr_main_instance_unique_id') {
|
||||||
//print $conf->file->instance_unique_id;
|
//print $conf->file->instance_unique_id;
|
||||||
global $dolibarr_main_cookie_cryptkey;
|
global $dolibarr_main_cookie_cryptkey, $dolibarr_main_instance_unique_id;
|
||||||
$valuetoshow = ${$newkey} ? ${$newkey} : $dolibarr_main_cookie_cryptkey; // Use $dolibarr_main_instance_unique_id first then $dolibarr_main_cookie_cryptkey
|
$valuetoshow = $dolibarr_main_instance_unique_id ? $dolibarr_main_instance_unique_id : $dolibarr_main_cookie_cryptkey; // Use $dolibarr_main_instance_unique_id first then $dolibarr_main_cookie_cryptkey
|
||||||
print $valuetoshow;
|
if (empty($dolibarr_main_prod)) {
|
||||||
|
print '<!-- '.${$newkey}.' -->';
|
||||||
|
print showValueWithClipboardCPButton($valuetoshow, 0, '********');
|
||||||
|
} else {
|
||||||
|
print '**********';
|
||||||
|
}
|
||||||
if (empty($valuetoshow)) {
|
if (empty($valuetoshow)) {
|
||||||
print img_warning("EditConfigFileToAddEntry", 'dolibarr_main_instance_unique_id');
|
print img_warning("EditConfigFileToAddEntry", 'dolibarr_main_instance_unique_id');
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -829,8 +829,8 @@ class Account extends CommonObject
|
|||||||
$sql .= ",min_desired = ".($this->min_desired != '' ? price2num($this->min_desired) : "null");
|
$sql .= ",min_desired = ".($this->min_desired != '' ? price2num($this->min_desired) : "null");
|
||||||
$sql .= ",comment = '".$this->db->escape($this->comment)."'";
|
$sql .= ",comment = '".$this->db->escape($this->comment)."'";
|
||||||
|
|
||||||
$sql .= ",state_id = ".($this->state_id > 0 ? $this->state_id : "null");
|
$sql .= ",state_id = ".($this->state_id > 0 ? ((int) $this->state_id) : "null");
|
||||||
$sql .= ",fk_pays = ".($this->country_id > 0 ? $this->country_id : "null");
|
$sql .= ",fk_pays = ".($this->country_id > 0 ? ((int) $this->country_id) : "null");
|
||||||
$sql .= ",ics = '".$this->db->escape($this->ics)."'";
|
$sql .= ",ics = '".$this->db->escape($this->ics)."'";
|
||||||
$sql .= ",ics_transfer = '".$this->db->escape($this->ics_transfer)."'";
|
$sql .= ",ics_transfer = '".$this->db->escape($this->ics_transfer)."'";
|
||||||
|
|
||||||
|
|||||||
@@ -260,13 +260,13 @@ class Cchargesociales
|
|||||||
// Update request
|
// Update request
|
||||||
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET';
|
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET';
|
||||||
$sql .= ' libelle = '.(isset($this->libelle) ? "'".$this->db->escape($this->libelle)."'" : "null").',';
|
$sql .= ' libelle = '.(isset($this->libelle) ? "'".$this->db->escape($this->libelle)."'" : "null").',';
|
||||||
$sql .= ' deductible = '.(isset($this->deductible) ? $this->deductible : "null").',';
|
$sql .= ' deductible = '.(isset($this->deductible) ? ((int) $this->deductible) : "null").',';
|
||||||
$sql .= ' active = '.(isset($this->active) ? $this->active : "null").',';
|
$sql .= ' active = '.(isset($this->active) ? ((int) $this->active) : "null").',';
|
||||||
$sql .= ' code = '.(isset($this->code) ? "'".$this->db->escape($this->code)."'" : "null").',';
|
$sql .= ' code = '.(isset($this->code) ? "'".$this->db->escape($this->code)."'" : "null").',';
|
||||||
$sql .= ' fk_pays = '.(isset($this->fk_pays) ? $this->fk_pays : "null").',';
|
$sql .= ' fk_pays = '.((isset($this->fk_pays) && $this->fk_pays > 0) ? ((int) $this->fk_pays) : "null").',';
|
||||||
$sql .= ' module = '.(isset($this->module) ? "'".$this->db->escape($this->module)."'" : "null").',';
|
$sql .= ' module = '.(isset($this->module) ? "'".$this->db->escape($this->module)."'" : "null").',';
|
||||||
$sql .= ' accountancy_code = '.(isset($this->accountancy_code) ? "'".$this->db->escape($this->accountancy_code)."'" : "null");
|
$sql .= ' accountancy_code = '.(isset($this->accountancy_code) ? "'".$this->db->escape($this->accountancy_code)."'" : "null");
|
||||||
$sql .= ' WHERE id='.$this->id;
|
$sql .= ' WHERE id='.((int) $this->id);
|
||||||
|
|
||||||
$this->db->begin();
|
$this->db->begin();
|
||||||
|
|
||||||
|
|||||||
@@ -476,8 +476,8 @@ function getRandomPassword($generic = false, $replaceambiguouschars = null, $len
|
|||||||
}
|
}
|
||||||
|
|
||||||
$generated_password = str_shuffle($randomCode);
|
$generated_password = str_shuffle($randomCode);
|
||||||
} else // Old platform, non cryptographic random
|
} else {
|
||||||
{
|
// Old platform, non cryptographic random
|
||||||
$max = strlen($lowercase) - 1;
|
$max = strlen($lowercase) - 1;
|
||||||
for ($x = 0; $x < $nbofchar; $x++) {
|
for ($x = 0; $x < $nbofchar; $x++) {
|
||||||
$tmp = mt_rand(0, $max);
|
$tmp = mt_rand(0, $max);
|
||||||
|
|||||||
@@ -99,7 +99,7 @@ class modGeneratePassStandard extends ModeleGenPassword
|
|||||||
$password = "";
|
$password = "";
|
||||||
|
|
||||||
// define possible characters
|
// define possible characters
|
||||||
$possible = "0123456789bcdfghjkmnpqrstvwxyz";
|
$possible = "0123456789qwertyuiopasdfghjklzxcvbnmASDFGHJKLZXCVBNMQWERTYUIOP";
|
||||||
|
|
||||||
// set up a counter
|
// set up a counter
|
||||||
$i = 0;
|
$i = 0;
|
||||||
@@ -107,10 +107,13 @@ class modGeneratePassStandard extends ModeleGenPassword
|
|||||||
// add random characters to $password until $length is reached
|
// add random characters to $password until $length is reached
|
||||||
while ($i < $this->length) {
|
while ($i < $this->length) {
|
||||||
// pick a random character from the possible ones
|
// pick a random character from the possible ones
|
||||||
$char = substr($possible, mt_rand(0, dol_strlen($possible) - 1), 1);
|
if (function_exists('random_int')) { // Cryptographic random
|
||||||
|
$char = substr($possible, random_int(0, dol_strlen($possible) - 1), 1);
|
||||||
|
} else {
|
||||||
|
$char = substr($possible, mt_rand(0, dol_strlen($possible) - 1), 1);
|
||||||
|
}
|
||||||
|
|
||||||
// we don't want this character if it's already in the password
|
if (substr_count($password, $char) <= 6) { // we don't want this character if it's already 5 times in the password
|
||||||
if (!strstr($password, $char)) {
|
|
||||||
$password .= $char;
|
$password .= $char;
|
||||||
$i++;
|
$i++;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -554,7 +554,7 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// We set country_id, country_code and country for the selected country
|
// We set country_id, country_code and country for the selected country
|
||||||
$object->country_id = GETPOST('country_id') != '' ?GETPOST('country_id') : $mysoc->country_id;
|
$object->country_id = GETPOST('country_id', 'int') != '' ? GETPOST('country_id', 'int') : $mysoc->country_id;
|
||||||
if ($object->country_id) {
|
if ($object->country_id) {
|
||||||
$tmparray = getCountry($object->country_id, 'all');
|
$tmparray = getCountry($object->country_id, 'all');
|
||||||
$object->country_code = $tmparray['code'];
|
$object->country_code = $tmparray['code'];
|
||||||
|
|||||||
@@ -894,7 +894,7 @@ class Societe extends CommonObject
|
|||||||
$sql .= ", ".(!empty($user->id) ? ((int) $user->id) : "null");
|
$sql .= ", ".(!empty($user->id) ? ((int) $user->id) : "null");
|
||||||
$sql .= ", ".(!empty($this->typent_id) ? ((int) $this->typent_id) : "null");
|
$sql .= ", ".(!empty($this->typent_id) ? ((int) $this->typent_id) : "null");
|
||||||
$sql .= ", ".(!empty($this->canvas) ? "'".$this->db->escape($this->canvas)."'" : "null");
|
$sql .= ", ".(!empty($this->canvas) ? "'".$this->db->escape($this->canvas)."'" : "null");
|
||||||
$sql .= ", ".$this->status;
|
$sql .= ", ".((int) $this->status);
|
||||||
$sql .= ", ".(!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null");
|
$sql .= ", ".(!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null");
|
||||||
$sql .= ", 0";
|
$sql .= ", 0";
|
||||||
$sql .= ", ".(int) $this->fk_incoterms;
|
$sql .= ", ".(int) $this->fk_incoterms;
|
||||||
@@ -1369,13 +1369,13 @@ class Societe extends CommonObject
|
|||||||
$sql .= ",zip = ".(!empty($this->zip) ? "'".$this->db->escape($this->zip)."'" : "null");
|
$sql .= ",zip = ".(!empty($this->zip) ? "'".$this->db->escape($this->zip)."'" : "null");
|
||||||
$sql .= ",town = ".(!empty($this->town) ? "'".$this->db->escape($this->town)."'" : "null");
|
$sql .= ",town = ".(!empty($this->town) ? "'".$this->db->escape($this->town)."'" : "null");
|
||||||
|
|
||||||
$sql .= ",fk_departement = '".(!empty($this->state_id) ? $this->state_id : '0')."'";
|
$sql .= ",fk_departement = ".((!empty($this->state_id) && $this->state_id > 0) ? ((int) $this->state_id) : 'null');
|
||||||
$sql .= ",fk_pays = '".(!empty($this->country_id) ? $this->country_id : '0')."'";
|
$sql .= ",fk_pays = ".((!empty($this->country_id) && $this->country_id > 0) ? ((int) $this->country_id) : 'null');
|
||||||
|
|
||||||
$sql .= ",phone = ".(!empty($this->phone) ? "'".$this->db->escape($this->phone)."'" : "null");
|
$sql .= ",phone = ".(!empty($this->phone) ? "'".$this->db->escape($this->phone)."'" : "null");
|
||||||
$sql .= ",fax = ".(!empty($this->fax) ? "'".$this->db->escape($this->fax)."'" : "null");
|
$sql .= ",fax = ".(!empty($this->fax) ? "'".$this->db->escape($this->fax)."'" : "null");
|
||||||
$sql .= ",email = ".(!empty($this->email) ? "'".$this->db->escape($this->email)."'" : "null");
|
$sql .= ",email = ".(!empty($this->email) ? "'".$this->db->escape($this->email)."'" : "null");
|
||||||
$sql .= ", socialnetworks = '".$this->db->escape(json_encode($this->socialnetworks))."'";
|
$sql .= ",socialnetworks = '".$this->db->escape(json_encode($this->socialnetworks))."'";
|
||||||
$sql .= ",url = ".(!empty($this->url) ? "'".$this->db->escape($this->url)."'" : "null");
|
$sql .= ",url = ".(!empty($this->url) ? "'".$this->db->escape($this->url)."'" : "null");
|
||||||
|
|
||||||
$sql .= ",parent = ".($this->parent > 0 ? $this->parent : "null");
|
$sql .= ",parent = ".($this->parent > 0 ? $this->parent : "null");
|
||||||
|
|||||||
@@ -87,14 +87,14 @@ if (empty($reshook)) {
|
|||||||
// Validate new password
|
// Validate new password
|
||||||
if ($action == 'validatenewpassword' && $username && $passworduidhash) {
|
if ($action == 'validatenewpassword' && $username && $passworduidhash) {
|
||||||
$edituser = new User($db);
|
$edituser = new User($db);
|
||||||
$result = $edituser->fetch('', $_GET["username"]);
|
$result = $edituser->fetch('', $username);
|
||||||
if ($result < 0) {
|
if ($result < 0) {
|
||||||
$message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorLoginDoesNotExists", $username)).'</div>';
|
$message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorLoginDoesNotExists", $username)).'</div>';
|
||||||
} else {
|
} else {
|
||||||
global $dolibarr_main_instance_unique_id;
|
global $dolibarr_main_instance_unique_id;
|
||||||
|
|
||||||
//print $edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id.' '.$passworduidhash;
|
//print $edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id.' '.$passworduidhash;
|
||||||
if (dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id, $passworduidhash)) {
|
if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id, $passworduidhash)) {
|
||||||
// Clear session
|
// Clear session
|
||||||
unset($_SESSION['dol_login']);
|
unset($_SESSION['dol_login']);
|
||||||
$_SESSION['dol_loginmesg'] = $langs->trans('NewPasswordValidated'); // Save message for the session page
|
$_SESSION['dol_loginmesg'] = $langs->trans('NewPasswordValidated'); // Save message for the session page
|
||||||
|
|||||||
@@ -323,8 +323,8 @@ class SecurityTest extends PHPUnit\Framework\TestCase
|
|||||||
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject lll');
|
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject lll');
|
||||||
|
|
||||||
$test="Text with ' encoded with the numeric html entity converted into text entity ' (like when submited by CKEditor)";
|
$test="Text with ' encoded with the numeric html entity converted into text entity ' (like when submited by CKEditor)";
|
||||||
$result=testSqlAndScriptInject($test, 0);
|
$result=testSqlAndScriptInject($test, 0); // result must be 0
|
||||||
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject mmm');
|
$this->assertEquals(0, $result, 'Error on testSqlAndScriptInject mmm');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Reference in New Issue
Block a user