Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 09:38:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Debug v23

Browse Source
This commit is contained in:
Laurent Destailleur
2025-11-27 00:05:04 +01:00
parent 81ac5bddf9
commit ce01e1d95f
5 changed files with 24 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/admin/system/security.php
View File

@@ -40,6 +40,8 @@ require '../../main.inc.php';
* @var string $dolibarr_main_restrict_ip * @var string $dolibarr_main_restrict_ip
* @var string $dolibarr_main_db_pass * @var string $dolibarr_main_db_pass
* @var string $dolibarr_main_db_encrypted_pass * @var string $dolibarr_main_db_encrypted_pass
* @var string $dolibarr_main_stream_to_disable
* @var string $dolibarr_nocsrfcheck
*/ */
require_once DOL_DOCUMENT_ROOT.'/core/lib/memory.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/memory.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
@@ -398,7 +400,7 @@ if (empty($dolibarr_main_restrict_eval_methods)) {
} else { } else {
print $dolibarr_main_restrict_eval_methods; print $dolibarr_main_restrict_eval_methods;
} }
print ' &nbsp; &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", 'getDolGlobalString,getDolGlobalInt,getDolCurrency,fetchNoCompute,hasRight,isModEnabled,isStringVarMatching,abs,min,max,round,dol_now,dol_concat,preg_match').')</span>'; print ' &nbsp; &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", 'getDolGlobalString,getDolGlobalInt,getDolCurrency,fetchNoCompute,hasRight,isAdmin,isModEnabled,isStringVarMatching,abs,min,max,round,dol_now,dol_concat,preg_match').')</span>';
print '<br>'; print '<br>';
if (!getDolGlobalString('SECURITY_DISABLE_TEST_ON_OBFUSCATED_CONF')) { if (!getDolGlobalString('SECURITY_DISABLE_TEST_ON_OBFUSCATED_CONF')) {

6
htdocs/conf/conf.php.example
View File

@@ -316,11 +316,11 @@ $dolibarr_main_restrict_os_commands='mariadb-dump, mariadb, mysqldump, mysql, pg
// ================================== // ==================================
// A whitelist of functions and methods to restrict the commands you can execute in a custom calculated fields, like "computed fields" of // A whitelist of functions and methods to restrict the commands you can execute in a custom calculated fields, like "computed fields" of
// extrafields or string conditions of extrafields. // extrafields or string conditions of extrafields.
// Default value: 'getDolGlobalString, getDolGlobalInt, getDolCurrency, fetchNoCompute, hasRight, isModEnabled, isStringVarMatching, abs, round, dol_now, preg_match' // Default value: 'getDolGlobalString, getDolGlobalInt, getDolCurrency, fetchNoCompute, hasRight, isAdmin, isModEnabled, isStringVarMatching, abs, round, dol_now, preg_match'
// Examples: // Examples:
// $dolibarr_main_restrict_eval_methods='getDolGlobalString, getDolGlobalInt, getDolCurrency, fetchNoCompute, hasRight, isModEnabled, isStringVarMatching, abs, min, max, round, dol_now, dol_concat, preg_match'; // $dolibarr_main_restrict_eval_methods='getDolGlobalString, getDolGlobalInt, getDolCurrency, fetchNoCompute, hasRight, isAdmin, isModEnabled, isStringVarMatching, abs, min, max, round, dol_now, dol_concat, preg_match';
// //
$dolibarr_main_restrict_eval_methods='getDolGlobalString, getDolGlobalInt, getDolCurrency, fetchNoCompute, hasRight, isModEnabled, isStringVarMatching, abs, min, max, round, dol_now, preg_match'; $dolibarr_main_restrict_eval_methods='getDolGlobalString, getDolGlobalInt, getDolCurrency, fetchNoCompute, hasRight, isAdmin, isModEnabled, isStringVarMatching, abs, min, max, round, dol_now, preg_match';
// dolibarr_main_disabled_modules // dolibarr_main_disabled_modules
// ================================== // ==================================

9
htdocs/core/lib/functions.lib.php
View File

@@ -11970,7 +11970,7 @@ function dol_eval_standard($s, $hideerrors = 1, $onlysimplestring = '1')
// Set $dolibarr_main_restrict_eval_methods_array // Set $dolibarr_main_restrict_eval_methods_array
if (!isset($dolibarr_main_restrict_eval_methods)) { if (!isset($dolibarr_main_restrict_eval_methods)) {
$dolibarr_main_restrict_eval_methods = 'getDolGlobalString, getDolGlobalInt, getDolCurrency, fetchNoCompute, hasRight, isModEnabled, isStringVarMatching, abs, min, max, round, dol_now, preg_match'; $dolibarr_main_restrict_eval_methods = 'getDolGlobalString, getDolGlobalInt, getDolCurrency, fetchNoCompute, hasRight, isAdmin, isModEnabled, isStringVarMatching, abs, min, max, round, dol_now, preg_match';
} }
//print '$dolibarr_main_restrict_eval_methods = '.$dolibarr_main_restrict_eval_methods."\n"; //print '$dolibarr_main_restrict_eval_methods = '.$dolibarr_main_restrict_eval_methods."\n";
$dolibarr_main_restrict_eval_methods_array = explode(',', str_replace(" ", "", $dolibarr_main_restrict_eval_methods)); $dolibarr_main_restrict_eval_methods_array = explode(',', str_replace(" ", "", $dolibarr_main_restrict_eval_methods));
@@ -12063,13 +12063,14 @@ function dol_eval_standard($s, $hideerrors = 1, $onlysimplestring = '1')
$savescheck = $scheck; $savescheck = $scheck;
$scheck = preg_replace('/\$conf->[a-z\_]+->enabled/', '__VARCONFENABLED__', $scheck); // Remove this once $user->module->enabled has been replaced everywhere with isModEnabled. $scheck = preg_replace('/\$conf->[a-z\_]+->enabled/', '__VARCONFENABLED__', $scheck); // Remove this once $user->module->enabled has been replaced everywhere with isModEnabled.
$scheck = preg_replace('/\$user->hasRight/', '__VARUSERHASRIGHT__', $scheck); $scheck = preg_replace('/\$user->hasRight/', '__VARUSERHASRIGHT__', $scheck);
$scheck = preg_replace('/\$user->rights/', '__VARUSERHASRIGHT__', $scheck); // Remove this once $user->rights->xxx is removed everywhere. $scheck = preg_replace('/\$user->rights/', '__VARUSERHASRIGHT__', $scheck); // Remove this once $user->rights->xxx is replaced everywhere with $user->hasRight()
$scheck = preg_replace('/\$user->admin/', '__VARUSERISADMIN__', $scheck); // Remove this once $user->admin is replaced everywhere with $user->isAdmin()
$scheck = preg_replace('/\(\$db\)/', '__VARDB__', $scheck); $scheck = preg_replace('/\(\$db\)/', '__VARDB__', $scheck);
$scheck = preg_replace('/\$langs/', '__VARLANGSTRANS__', $scheck); $scheck = preg_replace('/\$langs/', '__VARLANGSTRANS__', $scheck);
$scheck = preg_replace('/\$mysoc/', '__VARMYSOC__', $scheck); $scheck = preg_replace('/\$mysoc/', '__VARMYSOC__', $scheck);
$scheck = preg_replace('/\$action/', '__VARACTION__', $scheck); $scheck = preg_replace('/\$action/', '__VARACTION__', $scheck);
$scheck = preg_replace('/\$mainmenu/', '__VARMAINMENU__', $scheck); $scheck = preg_replace('/\$mainmenu/', '__VARMAINMENU__', $scheck); // Remove this once all tests on $mainmenu has been replaced with isStringVarMatching
$scheck = preg_replace('/\$leftmenu/', '__VARLEFTMENU__', $scheck); $scheck = preg_replace('/\$leftmenu/', '__VARLEFTMENU__', $scheck); // Remove this once all tests on $mainmenu has been replaced with isStringVarMatching
$scheck = preg_replace('/\$websitepage/', '__VARWEBSITEPAGE__', $scheck); $scheck = preg_replace('/\$websitepage/', '__VARWEBSITEPAGE__', $scheck);
$scheck = preg_replace('/\$website/', '__VARWEBSITE__', $scheck); $scheck = preg_replace('/\$website/', '__VARWEBSITE__', $scheck);
$scheck = preg_replace('/\$objectoffield/', '__VAROBJECTOFFIELD__', $scheck); $scheck = preg_replace('/\$objectoffield/', '__VAROBJECTOFFIELD__', $scheck);

2
htdocs/core/modules/modBarcode.class.php
View File

@@ -128,7 +128,7 @@ class modBarcode extends DolibarrModules
'url'=>'/barcode/codeinit.php?mainmenu=home&leftmenu=admintools', 'url'=>'/barcode/codeinit.php?mainmenu=home&leftmenu=admintools',
'langs'=>'products', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. 'langs'=>'products', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory.
'position'=>300, 'position'=>300,
'enabled'=>'isModEnabled("barcode") && preg_match(\'/^(admintools|all)/\',$leftmenu)', // Define condition to show or hide menu entry. Use '$conf->mymodule->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected. 'enabled'=>'isModEnabled("barcode") && preg_match(\'/^(admintools|all)/\', $leftmenu)', // Define condition to show or hide menu entry. Use '$conf->mymodule->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected.
'perms'=>'$user->admin', 'perms'=>'$user->admin',
'target'=>'', 'target'=>'',
'user'=>0, // 0=Menu for internal users, 1=external users, 2=both 'user'=>0, // 0=Menu for internal users, 1=external users, 2=both

12
htdocs/user/class/user.class.php
View File

@@ -869,6 +869,18 @@ class User extends CommonObject
return 1; return 1;
} }
/**
* Return if a user is an admin user
* It replaces old syntax: if ($user->admin)
*
* @return int<0,1> Return integer 1 if user is admin, 0 if not.
*/
public function isAdmin()
{
return $this->admin;
}
/** /**
* Return if a user has a permission. * Return if a user has a permission.
* You can use it like this: if ($user->hasRight('module', 'level11')). * You can use it like this: if ($user->hasRight('module', 'level11')).