";
-
- //²$crawledLinks[]=$link;
-}
-
-/**
- * @param string $doc Doc
- * @param string $url URL
- * @return string URL/Title
- */
-function getDocTitle(&$doc, $url)
-{
- $titleNodes = $doc->getElementsByTagName('title');
- if (count($titleNodes) == 0 or !isset($titleNodes[0]->nodeValue)) {
- return $url;
- }
- $title = str_replace('', '\n', $titleNodes[0]->nodeValue);
- return (strlen($title) < 1) ? $url : $title;
-}
-
-/**
- * @param string $doc Doc
- * @return array Array
- */
-function getDocMetaData(&$doc)
-{
- $metaData = array();
- $metaNodes = $doc->getElementsByTagName('meta');
- foreach ($metaNodes as $node) {
- $metaData[$node->getAttribute("name")] = $node->getAttribute("content");
- }
- if (!isset($metaData['description'])) {
- $metaData['description'] = 'No Description Available';
- }
- if (!isset($metaData['keywords'])) {
- $metaData['keywords'] = '';
- }
- return array(
- 'keywords' => str_replace('', '\n', $metaData['keywords']),
- 'description' => str_replace('', '\n', $metaData['description'])
- );
-}
-
-
-followLink("http://localhost/dolibarr_dev/htdocs");
diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php
index f8aabe6867d..495a54d810f 100644
--- a/htdocs/adherents/class/adherent.class.php
+++ b/htdocs/adherents/class/adherent.class.php
@@ -351,7 +351,7 @@ class Adherent extends CommonObject
{
$this->db = $db;
$this->statut = self::STATUS_DRAFT;
- $this->status = $this->statut;
+ $this->status = self::STATUS_DRAFT;
// l'adherent n'est pas public par defaut
$this->public = 0;
// les champs optionnels sont vides
@@ -415,7 +415,7 @@ class Adherent extends CommonObject
}
}
- dol_syslog('send_an_email msgishtml='.$msgishtml);
+ dol_syslog('sendEmail msgishtml='.$msgishtml);
$texttosend = $this->makeSubstitution($text);
$subjecttosend = $this->makeSubstitution($subject);
@@ -707,7 +707,7 @@ class Adherent extends CommonObject
*/
public function update($user, $notrigger = 0, $nosyncuser = 0, $nosyncuserpass = 0, $nosyncthirdparty = 0, $action = 'update')
{
- global $conf, $langs, $hookmanager;
+ global $langs, $hookmanager;
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
@@ -2044,8 +2044,6 @@ class Adherent extends CommonObject
*/
public function exclude($user)
{
- global $langs, $conf;
-
$error = 0;
// Check parameters
@@ -2092,7 +2090,7 @@ class Adherent extends CommonObject
public function add_to_abo()
{
// phpcs:enable
- global $conf, $langs;
+ global $langs;
include_once DOL_DOCUMENT_ROOT.'/mailmanspip/class/mailmanspip.class.php';
$mailmanspip = new MailmanSpip($this->db);
diff --git a/htdocs/admin/security.php b/htdocs/admin/security.php
index 23f7a6d0aca..42945587fee 100644
--- a/htdocs/admin/security.php
+++ b/htdocs/admin/security.php
@@ -20,7 +20,7 @@
/**
* \file htdocs/admin/security.php
* \ingroup setup
- * \brief Page de configuration du module securite
+ * \brief Page of setup of security
*/
// Load Dolibarr environment
diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php
index 7ad70c385b5..6ad04701a52 100644
--- a/htdocs/admin/system/security.php
+++ b/htdocs/admin/system/security.php
@@ -117,7 +117,7 @@ print "PHP allow_url_include = ".(ini_get('allow_url_include')
//print "PHP safe_mode = ".(ini_get('safe_mode') ? ini_get('safe_mode') : yn(0)).' '.$langs->trans("Deprecated")." (removed in PHP 5.4) \n";
print "PHP disable_functions = ";
$arrayoffunctionsdisabled = explode(',', ini_get('disable_functions'));
-$arrayoffunctionstodisable = explode(',', 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals');
+$arrayoffunctionstodisable = explode(',', 'dl,apache_note,apache_setenv,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,show_source,virtual');
//$arrayoffunctionstodisable[] = 'stream_wrapper_restore';
//$arrayoffunctionstodisable[] = 'stream_wrapper_register';
if ($execmethod == 1) {
@@ -740,6 +740,11 @@ print ' ';
print 'MAIN_SECURITY_FORCERP = '.getDolGlobalString('MAIN_SECURITY_FORCERP', ''.$langs->trans("Undefined").'').' ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"same-origin\" so browser doesn't send any referrer when going into another web site domain) ";
print ' ';
+print 'MAIN_SECURITY_FORCE_ACCESS_CONTROL_ALLOW_ORIGIN = '.getDolGlobalString('MAIN_SECURITY_FORCE_ACCESS_CONTROL_ALLOW_ORIGIN', ''.$langs->trans("Undefined").'').' ('.$langs->trans("Recommended").": 1) ";
+print ' ';
+
+// For websites
+
print 'WEBSITE_MAIN_SECURITY_FORCECSPRO = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCECSPRO', ''.$langs->trans("Undefined").'');
print ' ('.$langs->trans("Example").": \"frame-ancestors 'self'; default-src 'self' 'unsafe-inline'; style-src https://cdnjs.cloudflare.com *.googleapis.com; script-src *.transifex.com *.google-analytics.com *.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src * data:;\") ";
print ' ';
@@ -757,6 +762,7 @@ print ' ';
print 'WEBSITE_MAIN_SECURITY_FORCEPP = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCEPP', ''.$langs->trans("Undefined").'').' ('.$langs->trans("Example").": \"camera: (); microphone: ();\") ";
print ' ';
+
print '';
diff --git a/htdocs/api/class/api_login.class.php b/htdocs/api/class/api_login.class.php
index 65db4155dae..cd8c4d3efb9 100644
--- a/htdocs/api/class/api_login.class.php
+++ b/htdocs/api/class/api_login.class.php
@@ -172,6 +172,10 @@ class Login
}
}
+ if (!ascii_check($token)) {
+ throw new RestException(500, 'Error the token for this user has not an hexa format. Try first to reset it.');
+ }
+
//return token
return array(
'success' => array(
diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php
index 313fefccac6..af2039c1ff4 100644
--- a/htdocs/comm/action/card.php
+++ b/htdocs/comm/action/card.php
@@ -971,15 +971,19 @@ if (empty($reshook) && $action == 'update') {
$object->setCategories($categories);
$object->loadReminders($remindertype, 0, false);
- if (!empty($object->reminders) && $object->datep > dol_now()) {
+
+ // If there is reminders, we remove them
+ if (!empty($object->reminders)) {
foreach ($object->reminders as $reminder) {
- $reminder->delete($user);
+ if ($reminder->status < 1) { // If already sent, we never remove it
+ $reminder->delete($user);
+ }
}
$object->reminders = array();
}
- // Create reminders
- if ($addreminder == 'on' && $object->datep > dol_now()) {
+ // Create reminders for every assigned user if reminder is on
+ if ($addreminder == 'on') {
$actionCommReminder = new ActionCommReminder($db);
$dateremind = dol_time_plus_duree($datep, -1 * $offsetvalue, $offsetunit);
@@ -2160,8 +2164,12 @@ if ($id > 0) {
$actionCommReminder->offsetunit = 'i';
$actionCommReminder->typeremind = 'email';
}
+ $disabled = '';
+ if ($object->datep < dol_now()) {
+ //$disabled = 'disabled title="'.dol_escape_htmltag($langs->trans("EventExpired")).'"';
+ }
- print ' ';
+ print ' ';
print '
';
@@ -2554,6 +2562,7 @@ if ($id > 0) {
print ' ('.$tmpuserstatic->getNomUrl(0, '', 0, 0, 16).')';
}
print ' - '.$actioncommreminder->offsetvalue.' '.$TDurationTypes[$actioncommreminder->offsetunit];
+
if ($actioncommreminder->status == $actioncommreminder::STATUS_TODO) {
print ' - ';
print $langs->trans("NotSent");
@@ -2562,6 +2571,10 @@ if ($id > 0) {
print ' - ';
print $langs->trans("Done");
print ' ';
+ } elseif ($actioncommreminder->status == $actioncommreminder::STATUS_ERROR) {
+ print ' - ';
+ print $form->textwithpicto($langs->trans("Error"), $actioncommreminder->lasterror);
+ print ' ';
}
print ' ';
}
diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php
index 8f13709a1e0..9fff8e09e31 100644
--- a/htdocs/comm/action/class/actioncomm.class.php
+++ b/htdocs/comm/action/class/actioncomm.class.php
@@ -2443,23 +2443,23 @@ class ActionComm extends CommonObject
$this->reminders = array();
//Select all action comm reminders for event
- $sql = "SELECT rowid as id, typeremind, dateremind, status, offsetvalue, offsetunit, fk_user";
+ $sql = "SELECT rowid as id, typeremind, dateremind, status, offsetvalue, offsetunit, fk_user, fk_email_template, lasterror";
$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm_reminder";
$sql .= " WHERE fk_actioncomm = ".((int) $this->id);
if ($onlypast) {
$sql .= " AND dateremind <= '".$this->db->idate(dol_now())."'";
}
if ($type) {
- $sql .= " AND typeremind ='".$this->db->escape($type)."'";
+ $sql .= " AND typeremind = '".$this->db->escape($type)."'";
}
if ($fk_user > 0) {
$sql .= " AND fk_user = ".((int) $fk_user);
}
if (!getDolGlobalString('AGENDA_REMINDER_EMAIL')) {
- $sql .= " AND typeremind != 'email'";
+ $sql .= " AND typeremind <> 'email'";
}
if (!getDolGlobalString('AGENDA_REMINDER_BROWSER')) {
- $sql .= " AND typeremind != 'browser'";
+ $sql .= " AND typeremind <> 'browser'";
}
$sql .= $this->db->order("dateremind", "ASC");
@@ -2475,6 +2475,8 @@ class ActionComm extends CommonObject
$tmpactioncommreminder->offsetunit = $obj->offsetunit;
$tmpactioncommreminder->status = $obj->status;
$tmpactioncommreminder->fk_user = $obj->fk_user;
+ $tmpactioncommreminder->fk_email_template = $obj->fk_email_template;
+ $tmpactioncommreminder->lasterror = $obj->lasterror;
$this->reminders[$obj->id] = $tmpactioncommreminder;
}
@@ -2523,7 +2525,8 @@ class ActionComm extends CommonObject
//Select all action comm reminders
$sql = "SELECT rowid as id FROM ".MAIN_DB_PREFIX."actioncomm_reminder";
- $sql .= " WHERE typeremind = 'email' AND status = 0";
+ $sql .= " WHERE typeremind = 'email'";
+ $sql .= " AND status = 0"; // 0=No yet sent, -1=Error. TODO Include reminder in error once we can count number of error, so we can try 5 times and not more on errors.
$sql .= " AND dateremind <= '".$this->db->idate($now)."'";
$sql .= " AND entity IN (".getEntity('actioncomm').")";
$sql .= $this->db->order("dateremind", "ASC");
@@ -2594,7 +2597,7 @@ class ActionComm extends CommonObject
if ($cMailFile->sendfile()) {
$nbMailSend++;
} else {
- $errormesg = $cMailFile->error.' : '.$to;
+ $errormesg = 'Failed to send email to: '.$to.' '.$cMailFile->error.join(',', $cMailFile->errors);
$error++;
}
}
diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php
index f87217d2e02..9f549577365 100644
--- a/htdocs/contact/class/contact.class.php
+++ b/htdocs/contact/class/contact.class.php
@@ -568,7 +568,7 @@ class Contact extends CommonObject
*/
public function update($id, $user = null, $notrigger = 0, $action = 'update', $nosyncuser = 0)
{
- global $conf, $langs, $hookmanager;
+ global $conf;
$error = 0;
@@ -596,6 +596,7 @@ class Contact extends CommonObject
$this->civility_code = $this->civility_id; // For backward compatibility
}
$this->setUpperOrLowerCase();
+
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET";
diff --git a/htdocs/contact/consumption.php b/htdocs/contact/consumption.php
index b4cde56687f..23b30813bb7 100644
--- a/htdocs/contact/consumption.php
+++ b/htdocs/contact/consumption.php
@@ -206,7 +206,7 @@ if ($type_element == 'fichinter') { // Customer : show products from invoices
$tables_from .= ' LEFT JOIN '.MAIN_DB_PREFIX.'fichinter as f ON d.fk_fichinter=f.rowid';
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX.'element_contact ec ON ec.element_id=f.rowid AND ec.fk_socpeople = '.((int) $object->id);
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX."c_type_contact tc ON (ec.fk_c_type_contact=tc.rowid and tc.element='fichinter' and tc.source='external' and tc.active=1)";
- $where = ' WHERE f.entity IN ('.getEntity('ficheinter').')';
+ $where = ' WHERE f.entity IN ('.getEntity('intervention').')';
$dateprint = 'f.datec';
$doc_number = 'f.ref';
} elseif ($type_element == 'invoice') { // Customer : show products from invoices
diff --git a/htdocs/core/ajax/check_notifications.php b/htdocs/core/ajax/check_notifications.php
index 6eb10d15e34..3a56d1df6d3 100644
--- a/htdocs/core/ajax/check_notifications.php
+++ b/htdocs/core/ajax/check_notifications.php
@@ -128,7 +128,9 @@ if (empty($_SESSION['auto_check_events_not_before']) || $time >= $_SESSION['auto
$sql = 'SELECT a.id as id_agenda, a.code, a.datep, a.label, a.location, ar.rowid as id_reminder, ar.dateremind, ar.fk_user as id_user_reminder';
$sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm as a';
$sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.((int) $user->id);
- $sql .= " AND ar.typeremind = 'browser' AND ar.dateremind < '".$db->idate(dol_now())."' AND ar.status = 0 AND ar.entity = ".((int) $conf->entity); // No sharing of entity for alerts
+ $sql .= " AND ar.typeremind = 'browser' AND ar.dateremind < '".$db->idate(dol_now())."'";
+ $sql .= " AND ar.status = 0";
+ $sql .= " AND ar.entity = ".((int) $conf->entity); // No sharing of entity for alerts
$sql .= $db->order('datep', 'ASC');
$sql .= $db->plimit(10); // Avoid too many notification at once
diff --git a/htdocs/core/js/lib_head.js.php b/htdocs/core/js/lib_head.js.php
index 2a04d27c591..360efa0b5c8 100644
--- a/htdocs/core/js/lib_head.js.php
+++ b/htdocs/core/js/lib_head.js.php
@@ -1304,6 +1304,7 @@ $(document).ready(function() {
} ?>
+
jQuery(document).ready(function() {
// Force to hide menus when page is inside an iFrame so we can show any page into a dialog popup
if (window.location && window.location.pathname.indexOf("externalsite/frametop.php") == -1 && window.location !== window.parent.location ) {
diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php
index c4f8972253a..e30931b3305 100644
--- a/htdocs/core/lib/files.lib.php
+++ b/htdocs/core/lib/files.lib.php
@@ -623,7 +623,7 @@ function dol_fileperm($pathoffile)
* @param string $destfile Destination file (can't be a directory). If empty, will be same than source file.
* @param int $newmask Mask for new file (0 by default means $conf->global->MAIN_UMASK). Example: '0666'
* @param int $indexdatabase 1=index new file into database.
- * @param int $arrayreplacementisregex 1=Array of replacement is regex
+ * @param int $arrayreplacementisregex 1=Array of replacement is already an array with key that is a regex. Warning: the key must be escaped with preg_quote for '/'
* @return int Return integer <0 if error, 0 if nothing done (dest file already exists), >0 if OK
* @see dol_copy()
*/
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index a1cb88fa60e..273e4c834db 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -7862,12 +7862,14 @@ function dol_htmlentities($string, $flags = ENT_QUOTES|ENT_SUBSTITUTE, $encoding
/**
* Check if a string is a correct iso string
- * If not, it will we considered not HTML encoded even if it is by FPDF.
+ * If not, it will not be considered as HTML encoded even if it is by FPDF.
* Example, if string contains euro symbol that has ascii code 128
*
* @param string $s String to check
* @param string $clean Clean if it is not an ISO. Warning, if file is utf8, you will get a bad formated file.
* @return int|string 0 if bad iso, 1 if good iso, Or the clean string if $clean is 1
+ * @deprecated Duplicate of ascii_check()
+ * @see ascii_check()
*/
function dol_string_is_good_iso($s, $clean = 0)
{
diff --git a/htdocs/core/modules/mrp/doc/pdf_vinci.modules.php b/htdocs/core/modules/mrp/doc/pdf_vinci.modules.php
index 6d3903bd57a..36ae75629c2 100644
--- a/htdocs/core/modules/mrp/doc/pdf_vinci.modules.php
+++ b/htdocs/core/modules/mrp/doc/pdf_vinci.modules.php
@@ -84,7 +84,7 @@ class pdf_vinci extends ModelePDFMo
global $langs, $mysoc;
// Load translation files required by the page
- $langs->loadLangs(array("main", "bills"));
+ $langs->loadLangs(array("main", "bills", "mrp"));
$this->db = $db;
$this->name = "vinci";
diff --git a/htdocs/don/list.php b/htdocs/don/list.php
index 876df4ee74f..4c323d9fded 100644
--- a/htdocs/don/list.php
+++ b/htdocs/don/list.php
@@ -140,7 +140,7 @@ if ($search_status != '' && $search_status != '-4') {
$sql .= " AND d.fk_statut IN (".$db->sanitize($search_status).")";
}
if (trim($search_ref) != '') {
- $sql .= natural_search('d.ref', $search_ref);
+ $sql .= natural_search(array('d.ref', "d.rowid"), $search_ref);
}
if (trim($search_all) != '') {
$sql .= natural_search(array_keys($fieldstosearchall), $search_all);
diff --git a/htdocs/emailcollector/lib/emailcollector.lib.php b/htdocs/emailcollector/lib/emailcollector.lib.php
index 60611c35841..51190e768ca 100644
--- a/htdocs/emailcollector/lib/emailcollector.lib.php
+++ b/htdocs/emailcollector/lib/emailcollector.lib.php
@@ -117,7 +117,7 @@ function getDParameters($part)
*/
function getAttachments($jk, $mbox)
{
- $structure = imap_fetchstructure($mbox, $jk);
+ $structure = imap_fetchstructure($mbox, $jk, FT_UID);
$parts = getParts($structure);
$fpos = 2;
$attachments = array();
@@ -153,7 +153,7 @@ function getAttachments($jk, $mbox)
*/
function getFileData($jk, $fpos, $type, $mbox)
{
- $mege = imap_fetchbody($mbox, $jk, $fpos);
+ $mege = imap_fetchbody($mbox, $jk, $fpos, FT_UID);
$data = getDecodeValue($mege, $type);
return $data;
diff --git a/htdocs/fichinter/class/fichinterstats.class.php b/htdocs/fichinter/class/fichinterstats.class.php
index ff1a1f38b22..afd981f9e4e 100644
--- a/htdocs/fichinter/class/fichinterstats.class.php
+++ b/htdocs/fichinter/class/fichinterstats.class.php
@@ -75,7 +75,7 @@ class FichinterStats extends Stats
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
$this->where .= (!empty($this->where) ? ' AND ' : '')." c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
- $this->where .= ($this->where ? ' AND ' : '')."c.entity IN (".getEntity('fichinter').')';
+ $this->where .= ($this->where ? ' AND ' : '')."c.entity IN (".getEntity('intervention').')';
if ($this->socid) {
$this->where .= " AND c.fk_soc = ".((int) $this->socid);
diff --git a/htdocs/fourn/class/fournisseur.facture-rec.class.php b/htdocs/fourn/class/fournisseur.facture-rec.class.php
index 994c5e89a1d..274fb881968 100644
--- a/htdocs/fourn/class/fournisseur.facture-rec.class.php
+++ b/htdocs/fourn/class/fournisseur.facture-rec.class.php
@@ -1351,7 +1351,7 @@ class FactureFournisseurRec extends CommonInvoice
}
if (!$error && ($facturerec->auto_validate || $forcevalidation)) {
$result = $new_fac_fourn->validate($user);
- $laststep="Validate by user $user";
+ $laststep="Validate by user {$user->id}";
if ($result <= 0) {
$this->errors = $new_fac_fourn->errors;
$this->error = $new_fac_fourn->error;
diff --git a/htdocs/includes/ace/src/worker-html.js b/htdocs/includes/ace/src/worker-html.js
index 7344b4aac5d..578c42e42e7 100644
--- a/htdocs/includes/ace/src/worker-html.js
+++ b/htdocs/includes/ace/src/worker-html.js
@@ -10803,6 +10803,7 @@ process.nextTick = (function () {
if (canPost) {
var queue = [];
window.addEventListener('message', function (ev) {
+ console.log("postMessage sent"+ev.data); /* Added by LDR to track postMessage event coming from same or other web page/sites */
var source = ev.source;
if ((source === window || source === null) && ev.data === 'process-tick') {
ev.stopPropagation();
diff --git a/htdocs/langs/en_US/agenda.lang b/htdocs/langs/en_US/agenda.lang
index 42c56174c46..2b6e2efc55e 100644
--- a/htdocs/langs/en_US/agenda.lang
+++ b/htdocs/langs/en_US/agenda.lang
@@ -129,6 +129,7 @@ MRP_MO_DELETEInDolibarr=MO deleted
MRP_MO_CANCELInDolibarr=MO canceled
PAIDInDolibarr=%s paid
ENABLEDISABLEInDolibarr=User enabled or disabled
+CANCELInDolibarr=Canceled
##### End agenda events #####
AgendaModelModule=Document templates for event
DateActionStart=Start date
diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang
index 419b92aad23..5a31ea22505 100644
--- a/htdocs/langs/en_US/errors.lang
+++ b/htdocs/langs/en_US/errors.lang
@@ -153,6 +153,7 @@ ErrorToConnectToMysqlCheckInstance=Connect to database fails. Check database ser
ErrorFailedToAddContact=Failed to add contact
ErrorDateMustBeBeforeToday=The date must be lower than today
ErrorDateMustBeInFuture=The date must be greater than today
+ErrorStartDateGreaterEnd=The start date is greater than the end date
ErrorPaymentModeDefinedToWithoutSetup=A payment mode was set to type %s but setup of module Invoice was not completed to define information to show for this payment mode.
ErrorPHPNeedModule=Error, your PHP must have module %s installed to use this feature.
ErrorOpenIDSetupNotComplete=You setup Dolibarr config file to allow OpenID authentication, but URL of OpenID service is not defined into constant %s
diff --git a/htdocs/langs/fr_FR/errors.lang b/htdocs/langs/fr_FR/errors.lang
index ab827544d1f..2a8a96f94f4 100644
--- a/htdocs/langs/fr_FR/errors.lang
+++ b/htdocs/langs/fr_FR/errors.lang
@@ -153,6 +153,7 @@ ErrorToConnectToMysqlCheckInstance=Echec de la connection au serveur de base de
ErrorFailedToAddContact=Echec à l'ajout du contact
ErrorDateMustBeBeforeToday=La date doit être inférieure à la date courante
ErrorDateMustBeInFuture=La date doit être postérieure à la date courante
+ErrorStartDateGreaterEnd=La date de début est postérieure à la date de fin
ErrorPaymentModeDefinedToWithoutSetup=Un mode de paiement a été défini de type %s mais la configuration du module Facture n'a pas été complétée pour définir les informations affichées pour ce mode de paiement.
ErrorPHPNeedModule=Erreur, votre PHP doit avoir le module %s installé pour utiliser cette fonctionnalité.
ErrorOpenIDSetupNotComplete=Vous avez configuré Dolibarr pour accepter l'authentication OpenID, mais l'URL du service OpenID n'est pas défini dans la constante %s
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 614b222baf6..6bf70b996fe 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -1543,11 +1543,18 @@ function top_httphead($contenttype = 'text/html', $forcenocache = 0)
// X-Frame-Options
if (!defined('XFRAMEOPTIONS_ALLOWALL')) {
- header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)
+ header("X-Frame-Options: SAMEORIGIN"); // By default, frames allowed only if on same domain (stop some XSS attacks)
} else {
header("X-Frame-Options: ALLOWALL");
}
+ if (getDolGlobalString('MAIN_SECURITY_FORCE_ACCESS_CONTROL_ALLOW_ORIGIN')) {
+ $tmpurl = constant('DOL_MAIN_URL_ROOT');
+ $tmpurl = preg_replace('/^(https?:\/\/[^\/]+)\/.*$/', '\1', $tmpurl);
+ header('Access-Control-Allow-Origin: '.$tmpurl);
+ header('Vary: Origin');
+ }
+
// X-XSS-Protection
//header("X-XSS-Protection: 1"); // XSS filtering protection of some browsers (note: use of Content-Security-Policy is more efficient). Disabled as deprecated.
diff --git a/htdocs/master.inc.php b/htdocs/master.inc.php
index 9a07285c7f1..e5ff0cc237f 100644
--- a/htdocs/master.inc.php
+++ b/htdocs/master.inc.php
@@ -82,7 +82,7 @@ $conf->file->main_authentication = empty($dolibarr_main_authentication) ? 'dolib
$conf->file->main_force_https = empty($dolibarr_main_force_https) ? '' : $dolibarr_main_force_https; // Force https
$conf->file->strict_mode = empty($dolibarr_strict_mode) ? '' : $dolibarr_strict_mode; // Force php strict mode (for debug)
$conf->file->instance_unique_id = empty($dolibarr_main_instance_unique_id) ? (empty($dolibarr_main_cookie_cryptkey) ? '' : $dolibarr_main_cookie_cryptkey) : $dolibarr_main_instance_unique_id; // Unique id of instance
-$conf->file->dol_main_url_root = $dolibarr_main_url_root;
+$conf->file->dol_main_url_root = $dolibarr_main_url_root; // Define url inside the config file
$conf->file->dol_document_root = array('main' => (string) DOL_DOCUMENT_ROOT); // Define array of document root directories ('/home/htdocs')
$conf->file->dol_url_root = array('main' => (string) DOL_URL_ROOT); // Define array of url root path ('' or '/dolibarr')
if (!empty($dolibarr_main_document_root_alt)) {
diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php
index 03171f5be86..fe5d5f42362 100644
--- a/htdocs/modulebuilder/index.php
+++ b/htdocs/modulebuilder/index.php
@@ -474,7 +474,7 @@ if ($dirins && in_array($action, array('initapi', 'initphpunit', 'initpagecontac
if ($varnametoupdate) {
// Now we update the object file to set $$varnametoupdate to 1
$srcfile = $dirins.'/'.strtolower($module).'/lib/'.strtolower($module).'_'.strtolower($objectname).'.lib.php';
- $arrayreplacement = array('/\$'.$varnametoupdate.' = 0;/' => '$'.$varnametoupdate.' = 1;');
+ $arrayreplacement = array('/\$'.preg_quote($varnametoupdate, '/').' = 0;/' => '$'.$varnametoupdate.' = 1;');
dolReplaceInFile($srcfile, $arrayreplacement, '', 0, 0, 1);
}
} else {
@@ -959,7 +959,7 @@ if ($dirins && $action == 'confirm_removefile' && !empty($module)) {
}
if ($varnametoupdate) {
$srcfile = $dirins.'/'.strtolower($module).'/lib/'.strtolower($module).'_'.strtolower($objectname).'.lib.php';
- $arrayreplacement = array('/\$'.$varnametoupdate.' = 1;/' => '$'.$varnametoupdate.' = 0;');
+ $arrayreplacement = array('/\$'.preg_quote($varnametoupdate, '/').' = 1;/' => '$'.preg_quote($varnametoupdate, '/').' = 0;');
dolReplaceInFile($srcfile, $arrayreplacement, '', 0, 0, 1);
}
}
@@ -1483,7 +1483,8 @@ if ($dirins && $action == 'initobject' && $module && $objectname) {
$error++;
setEventMessages($langs->trans("WarningCommentNotFound", $langs->trans("Menus"), "mod".$module."class.php"), null, 'warnings');
} else {
- dolReplaceInFile($moduledescriptorfile, array('/* END MODULEBUILDER LEFTMENU MYOBJECT */' => '/*LEFTMENU '.strtoupper($objectname).'*/'.$stringtoadd."\n\t\t".'/*END LEFTMENU '.strtoupper($objectname).'*/'."\n\t\t".'/* END MODULEBUILDER LEFTMENU MYOBJECT */'));
+ $arrayofreplacement = array('/* END MODULEBUILDER LEFTMENU MYOBJECT */' => '/*LEFTMENU '.strtoupper($objectname).'*/'.$stringtoadd."\n\t\t".'/*END LEFTMENU '.strtoupper($objectname).'*/'."\n\t\t".'/* END MODULEBUILDER LEFTMENU MYOBJECT */');
+ dolReplaceInFile($moduledescriptorfile, $arrayofreplacement);
}
}
// Add module descriptor to list of files to replace "MyObject' string with real name of object.
diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php
index 7c018077e5d..dfeda28018e 100644
--- a/htdocs/product/stock/class/mouvementstock.class.php
+++ b/htdocs/product/stock/class/mouvementstock.class.php
@@ -388,8 +388,8 @@ class MouvementStock extends CommonObject
}
} else { // If not found, we add record
$productlot = new Productlot($this->db);
- $productlot->origin = !empty($this->origin) ? (empty($this->origin->origin_type) ? $this->origin->element : $this->origin->origin_type) : '';
- $productlot->origin_id = !empty($this->origin) ? $this->origin->id : 0;
+ $productlot->origin = !empty($this->origin_type) ? $this->origin_type : '';
+ $productlot->origin_id = !empty($this->origin_id) ? $this->origin_id : 0;
$productlot->entity = $conf->entity;
$productlot->fk_product = $fk_product;
$productlot->batch = $batch;
diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php
index be4b8e92e9c..5410c6ce42f 100644
--- a/htdocs/theme/eldy/global.inc.php
+++ b/htdocs/theme/eldy/global.inc.php
@@ -3622,6 +3622,9 @@ a.tab:link, a.tab:visited, a.tab:hover, a.tab#active {
background: var(--colorbacktabcard1) !important;
margin: 0 0.2em 0 0.2em !important;
+ border-right: 1px solid transparent;
+ border-left: 1px solid transparent;
+ border-top: 1px solid transparent;
/*border-right: 1px solid #CCC !important;
border-left: 1px solid #CCC !important; */
border-bottom: 3px solid var(--colorbackhmenu1) !important;