From 5c074a2bedb50f64858f61820e1db46bf46d41cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9=20Cendrier?= Date: Thu, 14 Dec 2023 10:20:50 +0100 Subject: [PATCH 01/19] FIX MouvementStock::origin is not an object --- htdocs/product/stock/class/mouvementstock.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php index 01d5bd19daa..2792dfc9344 100644 --- a/htdocs/product/stock/class/mouvementstock.class.php +++ b/htdocs/product/stock/class/mouvementstock.class.php @@ -373,8 +373,8 @@ class MouvementStock extends CommonObject } } else { // If not found, we add record $productlot = new Productlot($this->db); - $productlot->origin = !empty($this->origin) ? (empty($this->origin->origin_type) ? $this->origin->element : $this->origin->origin_type) : ''; - $productlot->origin_id = !empty($this->origin) ? $this->origin->id : 0; + $productlot->origin = !empty($this->origin_type) ? $this->origin_type : ''; + $productlot->origin_id = !empty($this->origin_id) ? $this->origin_id : 0; $productlot->entity = $conf->entity; $productlot->fk_product = $fk_product; $productlot->batch = $batch; From a5b95b7be3c478ca8a26a69bff811cfd371710b3 Mon Sep 17 00:00:00 2001 From: ATM-Nicolas Date: Fri, 15 Dec 2023 11:01:16 +0100 Subject: [PATCH 02/19] FIX : Fatal error converting object of class User to string (php8) --- htdocs/fourn/class/fournisseur.facture-rec.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/fourn/class/fournisseur.facture-rec.class.php b/htdocs/fourn/class/fournisseur.facture-rec.class.php index cb455ae5cc9..322d1ed9285 100644 --- a/htdocs/fourn/class/fournisseur.facture-rec.class.php +++ b/htdocs/fourn/class/fournisseur.facture-rec.class.php @@ -1323,7 +1323,7 @@ class FactureFournisseurRec extends CommonInvoice } if (!$error && ($facturerec->auto_validate || $forcevalidation)) { $result = $new_fac_fourn->validate($user); - $laststep="Validate by user $user"; + $laststep="Validate by user {$user->id}"; if ($result <= 0) { $this->errors = $new_fac_fourn->errors; $this->error = $new_fac_fourn->error; From 4eddee5b4d55b41edaeaa9e28adbe8cdc760e98e Mon Sep 17 00:00:00 2001 From: thibdrev Date: Fri, 15 Dec 2023 14:18:43 +0100 Subject: [PATCH 03/19] add ErrorStartDateGreaterEnd to /en_US/errors.lang --- htdocs/langs/en_US/errors.lang | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index 51b550f9480..8896bfa5a75 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -151,6 +151,7 @@ ErrorToConnectToMysqlCheckInstance=Connect to database fails. Check database ser ErrorFailedToAddContact=Failed to add contact ErrorDateMustBeBeforeToday=The date must be lower than today ErrorDateMustBeInFuture=The date must be greater than today +ErrorStartDateGreaterEnd=The start date is greater than the end date ErrorPaymentModeDefinedToWithoutSetup=A payment mode was set to type %s but setup of module Invoice was not completed to define information to show for this payment mode. ErrorPHPNeedModule=Error, your PHP must have module %s installed to use this feature. ErrorOpenIDSetupNotComplete=You setup Dolibarr config file to allow OpenID authentication, but URL of OpenID service is not defined into constant %s From 2245ea09d46e9ceed26df9e4a12edd0d19f07409 Mon Sep 17 00:00:00 2001 From: thibdrev Date: Fri, 15 Dec 2023 14:24:00 +0100 Subject: [PATCH 04/19] add ErrorStartDateGreaterEnd to /fr_FR/errors.lang --- htdocs/langs/fr_FR/errors.lang | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/langs/fr_FR/errors.lang b/htdocs/langs/fr_FR/errors.lang index 1cecc490b36..84fbfaf4a21 100644 --- a/htdocs/langs/fr_FR/errors.lang +++ b/htdocs/langs/fr_FR/errors.lang @@ -151,6 +151,7 @@ ErrorToConnectToMysqlCheckInstance=Echec de la connection au serveur de base de ErrorFailedToAddContact=Echec à l'ajout du contact ErrorDateMustBeBeforeToday=La date doit être inférieure à la date courante ErrorDateMustBeInFuture=La date doit être postérieure à la date courante +ErrorStartDateGreaterEnd=La date de début est postérieure à la date de fin ErrorPaymentModeDefinedToWithoutSetup=Un mode de paiement a été défini de type %s mais la configuration du module Facture n'a pas été complétée pour définir les informations affichées pour ce mode de paiement. ErrorPHPNeedModule=Erreur, votre PHP doit avoir le module %s installé pour utiliser cette fonctionnalité. ErrorOpenIDSetupNotComplete=Vous avez configuré Dolibarr pour accepter l'authentication OpenID, mais l'URL du service OpenID n'est pas défini dans la constante %s From 70e01178a9443b03165c92f46597803a7430a757 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Mon, 18 Dec 2023 09:27:52 +0100 Subject: [PATCH 05/19] FIX uniformization to use "intervention" --- htdocs/contact/consumption.php | 2 +- htdocs/fichinter/class/fichinterstats.class.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/contact/consumption.php b/htdocs/contact/consumption.php index 7b2374830b3..19812f9885d 100644 --- a/htdocs/contact/consumption.php +++ b/htdocs/contact/consumption.php @@ -206,7 +206,7 @@ if ($type_element == 'fichinter') { // Customer : show products from invoices $tables_from .= ' LEFT JOIN '.MAIN_DB_PREFIX.'fichinter as f ON d.fk_fichinter=f.rowid'; $tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX.'element_contact ec ON ec.element_id=f.rowid AND ec.fk_socpeople = '.((int) $object->id); $tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX."c_type_contact tc ON (ec.fk_c_type_contact=tc.rowid and tc.element='fichinter' and tc.source='external' and tc.active=1)"; - $where = ' WHERE f.entity IN ('.getEntity('ficheinter').')'; + $where = ' WHERE f.entity IN ('.getEntity('intervention').')'; $dateprint = 'f.datec'; $doc_number = 'f.ref'; } elseif ($type_element == 'invoice') { // Customer : show products from invoices diff --git a/htdocs/fichinter/class/fichinterstats.class.php b/htdocs/fichinter/class/fichinterstats.class.php index 8146c5272ee..fd8e4e99308 100644 --- a/htdocs/fichinter/class/fichinterstats.class.php +++ b/htdocs/fichinter/class/fichinterstats.class.php @@ -75,7 +75,7 @@ class FichinterStats extends Stats if (empty($user->rights->societe->client->voir) && !$this->socid) { $this->where .= (!empty($this->where) ? ' AND ' : '')." c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } - $this->where .= ($this->where ? ' AND ' : '')."c.entity IN (".getEntity('fichinter').')'; + $this->where .= ($this->where ? ' AND ' : '')."c.entity IN (".getEntity('intervention').')'; if ($this->socid) { $this->where .= " AND c.fk_soc = ".((int) $this->socid); From 4dcd7955ef9314055377fcb38d27c196e9c293c4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 18 Dec 2023 17:42:17 +0100 Subject: [PATCH 06/19] FIX Error on emailreminder not reported --- htdocs/comm/action/card.php | 5 +++++ htdocs/comm/action/class/actioncomm.class.php | 4 +++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index 2b3aae73a4d..365e45a2f5e 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -2447,6 +2447,7 @@ if ($id > 0) { print ' ('.$tmpuserstatic->getNomUrl(0, '', 0, 0, 16).')'; } print ' - '.$actioncommreminder->offsetvalue.' '.$TDurationTypes[$actioncommreminder->offsetunit]; + if ($actioncommreminder->status == $actioncommreminder::STATUS_TODO) { print ' - '; print $langs->trans("NotSent"); @@ -2455,6 +2456,10 @@ if ($id > 0) { print ' - '; print $langs->trans("Done"); print ' '; + } elseif ($actioncommreminder->status == $actioncommreminder::STATUS_ERROR) { + print ' - '; + print $form->textwithpicto($langs->trans("Error"), $actioncommreminder->lasterror); + print ' '; } print '
'; } diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 69bc112e081..75a7638f676 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -2414,7 +2414,7 @@ class ActionComm extends CommonObject $this->reminders = array(); //Select all action comm reminders for event - $sql = "SELECT rowid as id, typeremind, dateremind, status, offsetvalue, offsetunit, fk_user"; + $sql = "SELECT rowid as id, typeremind, dateremind, status, offsetvalue, offsetunit, fk_user, fk_email_template, lasterror"; $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm_reminder"; $sql .= " WHERE fk_actioncomm = ".((int) $this->id); if ($onlypast) { @@ -2446,6 +2446,8 @@ class ActionComm extends CommonObject $tmpactioncommreminder->offsetunit = $obj->offsetunit; $tmpactioncommreminder->status = $obj->status; $tmpactioncommreminder->fk_user = $obj->fk_user; + $tmpactioncommreminder->fk_email_template = $obj->fk_email_template; + $tmpactioncommreminder->lasterror = $obj->lasterror; $this->reminders[$obj->id] = $tmpactioncommreminder; } From aa1abf2b69c5809afb297582a1c3368fdc56338b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 19 Dec 2023 00:49:08 +0100 Subject: [PATCH 07/19] Fix trans --- htdocs/core/modules/mrp/doc/pdf_vinci.modules.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/mrp/doc/pdf_vinci.modules.php b/htdocs/core/modules/mrp/doc/pdf_vinci.modules.php index 498fa080dab..5f9bf5eab0c 100644 --- a/htdocs/core/modules/mrp/doc/pdf_vinci.modules.php +++ b/htdocs/core/modules/mrp/doc/pdf_vinci.modules.php @@ -125,7 +125,7 @@ class pdf_vinci extends ModelePDFMo global $conf, $langs, $mysoc; // Load translation files required by the page - $langs->loadLangs(array("main", "bills")); + $langs->loadLangs(array("main", "bills", "mrp")); $this->db = $db; $this->name = "vinci"; From fca6541c83482c0eef211e41e6bd0b1f81a7eedf Mon Sep 17 00:00:00 2001 From: alsoft10 Date: Tue, 19 Dec 2023 13:00:11 +0530 Subject: [PATCH 08/19] FIX#27166 --- htdocs/emailcollector/lib/emailcollector.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/emailcollector/lib/emailcollector.lib.php b/htdocs/emailcollector/lib/emailcollector.lib.php index 60611c35841..51190e768ca 100644 --- a/htdocs/emailcollector/lib/emailcollector.lib.php +++ b/htdocs/emailcollector/lib/emailcollector.lib.php @@ -117,7 +117,7 @@ function getDParameters($part) */ function getAttachments($jk, $mbox) { - $structure = imap_fetchstructure($mbox, $jk); + $structure = imap_fetchstructure($mbox, $jk, FT_UID); $parts = getParts($structure); $fpos = 2; $attachments = array(); @@ -153,7 +153,7 @@ function getAttachments($jk, $mbox) */ function getFileData($jk, $fpos, $type, $mbox) { - $mege = imap_fetchbody($mbox, $jk, $fpos); + $mege = imap_fetchbody($mbox, $jk, $fpos, FT_UID); $data = getDecodeValue($mege, $type); return $data; From 11780b0f12152ee83e2cb0ee9b4ce3c8d6505a4e Mon Sep 17 00:00:00 2001 From: Thomas905 Date: Tue, 19 Dec 2023 08:58:02 +0100 Subject: [PATCH 09/19] search by ref & rowid in don list --- htdocs/don/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/don/list.php b/htdocs/don/list.php index 891f7e6877b..7cb4e37df5a 100644 --- a/htdocs/don/list.php +++ b/htdocs/don/list.php @@ -111,7 +111,7 @@ if ($search_status != '' && $search_status != '-4') { $sql .= " AND d.fk_statut IN (".$db->sanitize($search_status).")"; } if (trim($search_ref) != '') { - $sql .= natural_search('d.ref', $search_ref); + $sql .= natural_search(['d.ref', "d.rowid"], $search_ref); } if (trim($search_all) != '') { $sql .= natural_search(array_keys($fieldstosearchall), $search_all); From 53c1244ad25c3987d30f8df86e9c57d52279f337 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 19 Dec 2023 14:09:28 +0100 Subject: [PATCH 10/19] Fix missing trans --- htdocs/langs/en_US/agenda.lang | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/langs/en_US/agenda.lang b/htdocs/langs/en_US/agenda.lang index aa4f4391fde..71cc75f2f00 100644 --- a/htdocs/langs/en_US/agenda.lang +++ b/htdocs/langs/en_US/agenda.lang @@ -129,6 +129,7 @@ MRP_MO_DELETEInDolibarr=MO deleted MRP_MO_CANCELInDolibarr=MO canceled PAIDInDolibarr=%s paid ENABLEDISABLEInDolibarr=User enabled or disabled +CANCELInDolibarr=Canceled ##### End agenda events ##### AgendaModelModule=Document templates for event DateActionStart=Start date From 9892abdbb22aed8c741e3009aef44c162ac9f230 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 19 Dec 2023 22:32:49 +0100 Subject: [PATCH 11/19] FIX Menu Create of project no working on smartphone with no top menu. --- htdocs/core/js/lib_head.js.php | 20 ++++++++++++++++++++ htdocs/main.inc.php | 16 ---------------- 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/htdocs/core/js/lib_head.js.php b/htdocs/core/js/lib_head.js.php index d9a81c2a5af..96f2fe24274 100644 --- a/htdocs/core/js/lib_head.js.php +++ b/htdocs/core/js/lib_head.js.php @@ -1299,6 +1299,7 @@ $(document).ready(function() { }); + jQuery(document).ready(function() { // Force to hide menus when page is inside an iFrame so we can show any page into a dialog popup if (window.location && window.location.pathname.indexOf("externalsite/frametop.php") == -1 && window.location !== window.parent.location ) { @@ -1314,6 +1315,25 @@ jQuery(document).ready(function() { }); +jQuery(document).ready(function() { + jQuery(".butAction.dropdown-toggle").on("click", function(event) { + console.log("Click on .butAction.dropdown-toggle"); + var parentholder = jQuery(".butAction.dropdown-toggle").closest(".dropdown"); + var offset = parentholder.offset(); + var widthdocument = $(document).width(); + var left = offset.left; + var right = widthdocument - offset.left - parentholder.width(); + var widthpopup = parentholder.children(".dropdown-content").width(); + console.log("left="+left+" right="+right+" width="+widthpopup+" widthdocument="+widthdocument); + if (widthpopup + right >= widthdocument) { + right = 10; + } + parentholder.toggleClass("open"); + parentholder.children(".dropdown-content").css({"right": right+"px", "left": "auto"}); + }); +}); + + /* * Hacky fix for a bug in select2 with jQuery 3.6.0's new nested-focus "protection" * see: https://github.com/select2/select2/issues/5993 diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 3236c637828..2690ad2af84 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -2523,22 +2523,6 @@ function top_menu_user($hideloginname = 0, $urllogout = '') closeTopMenuLoginDropdown(); } }); - - jQuery(".butAction.dropdown-toggle").on("click", function(event) { - console.log("Click on .butAction.dropdown-toggle"); - var parentholder = jQuery(".butAction.dropdown-toggle").closest(".dropdown"); - var offset = parentholder.offset(); - var widthdocument = $(document).width(); - var left = offset.left; - var right = widthdocument - offset.left - parentholder.width(); - var widthpopup = parentholder.children(".dropdown-content").width(); - console.log("left="+left+" right="+right+" width="+widthpopup+" widthdocument="+widthdocument); - if (widthpopup + right >= widthdocument) { - right = 10; - } - parentholder.toggleClass("open"); - parentholder.children(".dropdown-content").css({"right": right+"px", "left": "auto"}); - }); '; From b1fa6f596f8424993f02fcad55d32bd58bf67bc0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 21 Dec 2023 13:01:09 +0100 Subject: [PATCH 12/19] Add experimental security option MAIN_SECURITY_FORCE_ACCESS_CONTROL_ALLOW_ORIGIN --- htdocs/admin/security.php | 2 +- htdocs/admin/system/security.php | 6 ++++++ htdocs/main.inc.php | 9 ++++++++- htdocs/master.inc.php | 2 +- 4 files changed, 16 insertions(+), 3 deletions(-) diff --git a/htdocs/admin/security.php b/htdocs/admin/security.php index 23f7a6d0aca..42945587fee 100644 --- a/htdocs/admin/security.php +++ b/htdocs/admin/security.php @@ -20,7 +20,7 @@ /** * \file htdocs/admin/security.php * \ingroup setup - * \brief Page de configuration du module securite + * \brief Page of setup of security */ // Load Dolibarr environment diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index 7ad70c385b5..f6c53f9ae2d 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -740,6 +740,11 @@ print '
'; print 'MAIN_SECURITY_FORCERP = '.getDolGlobalString('MAIN_SECURITY_FORCERP', ''.$langs->trans("Undefined").'').'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"same-origin\" so browser doesn't send any referrer when going into another web site domain)
"; print '
'; +print 'MAIN_SECURITY_FORCE_ACCESS_CONTROL_ALLOW_ORIGIN = '.getDolGlobalString('MAIN_SECURITY_FORCE_ACCESS_CONTROL_ALLOW_ORIGIN', ''.$langs->trans("Undefined").'').'   ('.$langs->trans("Recommended").": 1)
"; +print '
'; + +// For websites + print 'WEBSITE_MAIN_SECURITY_FORCECSPRO = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCECSPRO', ''.$langs->trans("Undefined").''); print '   ('.$langs->trans("Example").": \"frame-ancestors 'self'; default-src 'self' 'unsafe-inline'; style-src https://cdnjs.cloudflare.com *.googleapis.com; script-src *.transifex.com *.google-analytics.com *.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src * data:;\")
"; print '
'; @@ -757,6 +762,7 @@ print '
'; print 'WEBSITE_MAIN_SECURITY_FORCEPP = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCEPP', ''.$langs->trans("Undefined").'').'   ('.$langs->trans("Example").": \"camera: (); microphone: ();\")
"; print '
'; + print ''; diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 614b222baf6..6bf70b996fe 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -1543,11 +1543,18 @@ function top_httphead($contenttype = 'text/html', $forcenocache = 0) // X-Frame-Options if (!defined('XFRAMEOPTIONS_ALLOWALL')) { - header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks) + header("X-Frame-Options: SAMEORIGIN"); // By default, frames allowed only if on same domain (stop some XSS attacks) } else { header("X-Frame-Options: ALLOWALL"); } + if (getDolGlobalString('MAIN_SECURITY_FORCE_ACCESS_CONTROL_ALLOW_ORIGIN')) { + $tmpurl = constant('DOL_MAIN_URL_ROOT'); + $tmpurl = preg_replace('/^(https?:\/\/[^\/]+)\/.*$/', '\1', $tmpurl); + header('Access-Control-Allow-Origin: '.$tmpurl); + header('Vary: Origin'); + } + // X-XSS-Protection //header("X-XSS-Protection: 1"); // XSS filtering protection of some browsers (note: use of Content-Security-Policy is more efficient). Disabled as deprecated. diff --git a/htdocs/master.inc.php b/htdocs/master.inc.php index 9a07285c7f1..e5ff0cc237f 100644 --- a/htdocs/master.inc.php +++ b/htdocs/master.inc.php @@ -82,7 +82,7 @@ $conf->file->main_authentication = empty($dolibarr_main_authentication) ? 'dolib $conf->file->main_force_https = empty($dolibarr_main_force_https) ? '' : $dolibarr_main_force_https; // Force https $conf->file->strict_mode = empty($dolibarr_strict_mode) ? '' : $dolibarr_strict_mode; // Force php strict mode (for debug) $conf->file->instance_unique_id = empty($dolibarr_main_instance_unique_id) ? (empty($dolibarr_main_cookie_cryptkey) ? '' : $dolibarr_main_cookie_cryptkey) : $dolibarr_main_instance_unique_id; // Unique id of instance -$conf->file->dol_main_url_root = $dolibarr_main_url_root; +$conf->file->dol_main_url_root = $dolibarr_main_url_root; // Define url inside the config file $conf->file->dol_document_root = array('main' => (string) DOL_DOCUMENT_ROOT); // Define array of document root directories ('/home/htdocs') $conf->file->dol_url_root = array('main' => (string) DOL_URL_ROOT); // Define array of url root path ('' or '/dolibarr') if (!empty($dolibarr_main_document_root_alt)) { From f9f3d3a6e169c1fbdcd370620679512789a8f2ae Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 21 Dec 2023 14:27:05 +0100 Subject: [PATCH 13/19] FIX can edit reminders on past events --- htdocs/comm/action/card.php | 21 +++++++++++++------ htdocs/comm/action/class/actioncomm.class.php | 9 ++++---- htdocs/core/ajax/check_notifications.php | 4 +++- 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index 365e45a2f5e..62d958a51e1 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -769,7 +769,8 @@ if (empty($reshook) && $action == 'update') { } if (!$datef && $percentage == 100) { - $error++; $donotclearsession = 1; + $error++; + $donotclearsession = 1; setEventMessages($langs->transnoentitiesnoconv("ErrorFieldRequired", $langs->transnoentitiesnoconv("DateEnd")), $object->errors, 'errors'); $action = 'edit'; } @@ -901,15 +902,19 @@ if (empty($reshook) && $action == 'update') { $object->setCategories($categories); $object->loadReminders($remindertype, 0, false); - if (!empty($object->reminders) && $object->datep > dol_now()) { + + // If there is reminders, we remove them + if (!empty($object->reminders)) { foreach ($object->reminders as $reminder) { - $reminder->delete($user); + if ($reminder->status < 1) { // If already sent, we never remove it + $reminder->delete($user); + } } $object->reminders = array(); } - //Create reminders - if ($addreminder == 'on' && $object->datep > dol_now()) { + // Create reminders for every assigned user if reminder is on + if ($addreminder == 'on') { $actionCommReminder = new ActionCommReminder($db); $dateremind = dol_time_plus_duree($datep, -$offsetvalue, $offsetunit); @@ -2056,8 +2061,12 @@ if ($id > 0) { $actionCommReminder->offsetunit = 'i'; $actionCommReminder->typeremind = 'email'; } + $disabled = ''; + if ($object->datep < dol_now()) { + //$disabled = 'disabled title="'.dol_escape_htmltag($langs->trans("EventExpired")).'"'; + } - print '
'; + print '
'; print '
'; diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 75a7638f676..0070f96fc68 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -2421,16 +2421,16 @@ class ActionComm extends CommonObject $sql .= " AND dateremind <= '".$this->db->idate(dol_now())."'"; } if ($type) { - $sql .= " AND typeremind ='".$this->db->escape($type)."'"; + $sql .= " AND typeremind = '".$this->db->escape($type)."'"; } if ($fk_user > 0) { $sql .= " AND fk_user = ".((int) $fk_user); } if (empty($conf->global->AGENDA_REMINDER_EMAIL)) { - $sql .= " AND typeremind != 'email'"; + $sql .= " AND typeremind <> 'email'"; } if (empty($conf->global->AGENDA_REMINDER_BROWSER)) { - $sql .= " AND typeremind != 'browser'"; + $sql .= " AND typeremind <> 'browser'"; } $sql .= $this->db->order("dateremind", "ASC"); @@ -2496,7 +2496,8 @@ class ActionComm extends CommonObject //Select all action comm reminders $sql = "SELECT rowid as id FROM ".MAIN_DB_PREFIX."actioncomm_reminder"; - $sql .= " WHERE typeremind = 'email' AND status = 0"; + $sql .= " WHERE typeremind = 'email'"; + $sql .= " AND status <= 0"; // 0=No yet sent, -1=Error $sql .= " AND dateremind <= '".$this->db->idate($now)."'"; $sql .= " AND entity IN (".getEntity('actioncomm').")"; $sql .= $this->db->order("dateremind", "ASC"); diff --git a/htdocs/core/ajax/check_notifications.php b/htdocs/core/ajax/check_notifications.php index 6eb10d15e34..3a56d1df6d3 100644 --- a/htdocs/core/ajax/check_notifications.php +++ b/htdocs/core/ajax/check_notifications.php @@ -128,7 +128,9 @@ if (empty($_SESSION['auto_check_events_not_before']) || $time >= $_SESSION['auto $sql = 'SELECT a.id as id_agenda, a.code, a.datep, a.label, a.location, ar.rowid as id_reminder, ar.dateremind, ar.fk_user as id_user_reminder'; $sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm as a'; $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.((int) $user->id); - $sql .= " AND ar.typeremind = 'browser' AND ar.dateremind < '".$db->idate(dol_now())."' AND ar.status = 0 AND ar.entity = ".((int) $conf->entity); // No sharing of entity for alerts + $sql .= " AND ar.typeremind = 'browser' AND ar.dateremind < '".$db->idate(dol_now())."'"; + $sql .= " AND ar.status = 0"; + $sql .= " AND ar.entity = ".((int) $conf->entity); // No sharing of entity for alerts $sql .= $db->order('datep', 'ASC'); $sql .= $db->plimit(10); // Avoid too many notification at once From 450cbbb76dce3d6ca41cc044060edcba25522828 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 21 Dec 2023 14:35:40 +0100 Subject: [PATCH 14/19] FIX can edit reminders on past events --- htdocs/comm/action/class/actioncomm.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 0070f96fc68..df388d7b5fa 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -2497,7 +2497,7 @@ class ActionComm extends CommonObject //Select all action comm reminders $sql = "SELECT rowid as id FROM ".MAIN_DB_PREFIX."actioncomm_reminder"; $sql .= " WHERE typeremind = 'email'"; - $sql .= " AND status <= 0"; // 0=No yet sent, -1=Error + $sql .= " AND status = 0"; // 0=No yet sent, -1=Error. TODO Include reminder in error once we can count number of error, so we can try 5 times and not more on errors. $sql .= " AND dateremind <= '".$this->db->idate($now)."'"; $sql .= " AND entity IN (".getEntity('actioncomm').")"; $sql .= $this->db->order("dateremind", "ASC"); @@ -2568,7 +2568,7 @@ class ActionComm extends CommonObject if ($cMailFile->sendfile()) { $nbMailSend++; } else { - $errormesg = $cMailFile->error.' : '.$to; + $errormesg = 'Failed to send email to: '.$to.' '.$cMailFile->error.join(',', $cMailFile->errors); $error++; } } From 5c6c5853abb112b083585afec88978466121fa40 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 21 Dec 2023 15:03:26 +0100 Subject: [PATCH 15/19] Clean code --- htdocs/adherents/class/adherent.class.php | 10 ++++------ htdocs/contact/class/contact.class.php | 3 ++- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index f8aabe6867d..495a54d810f 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -351,7 +351,7 @@ class Adherent extends CommonObject { $this->db = $db; $this->statut = self::STATUS_DRAFT; - $this->status = $this->statut; + $this->status = self::STATUS_DRAFT; // l'adherent n'est pas public par defaut $this->public = 0; // les champs optionnels sont vides @@ -415,7 +415,7 @@ class Adherent extends CommonObject } } - dol_syslog('send_an_email msgishtml='.$msgishtml); + dol_syslog('sendEmail msgishtml='.$msgishtml); $texttosend = $this->makeSubstitution($text); $subjecttosend = $this->makeSubstitution($subject); @@ -707,7 +707,7 @@ class Adherent extends CommonObject */ public function update($user, $notrigger = 0, $nosyncuser = 0, $nosyncuserpass = 0, $nosyncthirdparty = 0, $action = 'update') { - global $conf, $langs, $hookmanager; + global $langs, $hookmanager; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; @@ -2044,8 +2044,6 @@ class Adherent extends CommonObject */ public function exclude($user) { - global $langs, $conf; - $error = 0; // Check parameters @@ -2092,7 +2090,7 @@ class Adherent extends CommonObject public function add_to_abo() { // phpcs:enable - global $conf, $langs; + global $langs; include_once DOL_DOCUMENT_ROOT.'/mailmanspip/class/mailmanspip.class.php'; $mailmanspip = new MailmanSpip($this->db); diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index f87217d2e02..9f549577365 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -568,7 +568,7 @@ class Contact extends CommonObject */ public function update($id, $user = null, $notrigger = 0, $action = 'update', $nosyncuser = 0) { - global $conf, $langs, $hookmanager; + global $conf; $error = 0; @@ -596,6 +596,7 @@ class Contact extends CommonObject $this->civility_code = $this->civility_id; // For backward compatibility } $this->setUpperOrLowerCase(); + $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET"; From 6f721a4704ac7af0d4440ffb29df736ebe532fad Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 21 Dec 2023 16:57:38 +0100 Subject: [PATCH 16/19] Fix css --- htdocs/theme/eldy/global.inc.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index be4b8e92e9c..5410c6ce42f 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -3622,6 +3622,9 @@ a.tab:link, a.tab:visited, a.tab:hover, a.tab#active { background: var(--colorbacktabcard1) !important; margin: 0 0.2em 0 0.2em !important; + border-right: 1px solid transparent; + border-left: 1px solid transparent; + border-top: 1px solid transparent; /*border-right: 1px solid #CCC !important; border-left: 1px solid #CCC !important; */ border-bottom: 3px solid var(--colorbackhmenu1) !important; From 5ce90555eec3eb8905dd0157d8d7ec5698195e4e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 21 Dec 2023 18:29:55 +0100 Subject: [PATCH 17/19] Removed useless file #yogosha19667 --- dev/tools/spider.php | 156 ------------------------------------------- 1 file changed, 156 deletions(-) delete mode 100644 dev/tools/spider.php diff --git a/dev/tools/spider.php b/dev/tools/spider.php deleted file mode 100644 index 28871122e2c..00000000000 --- a/dev/tools/spider.php +++ /dev/null @@ -1,156 +0,0 @@ -#!/usr/bin/env php -. - */ - -/** - * \file dev/tools/spider.php - * \brief Script to spider Dolibarr app. - * - * To use it: - * - Disable module "bookmark" - * - Exclude param optioncss, token, sortfield, sortorder - */ - -$crawledLinks = array(); -const MAX_DEPTH = 2; - - -/** - * @param string $url URL - * @param string $depth Depth - * @return string String - */ -function followLink($url, $depth = 0) -{ - global $crawledLinks; - $crawling = array(); - if ($depth > MAX_DEPTH) { - echo "
The Crawler is giving up!
"; - return; - } - $options = array( - 'http' => array( - 'method' => "GET", - 'user-agent' => "gfgBot/0.1\n" - ) - ); - $context = stream_context_create($options); - $doc = new DomDocument(); - @$doc->loadHTML(file_get_contents($url, false, $context)); - $links = $doc->getElementsByTagName('a'); - $pageTitle = getDocTitle($doc, $url); - $metaData = getDocMetaData($doc); - foreach ($links as $i) { - $link = $i->getAttribute('href'); - if (ignoreLink($link)) { - continue; - } - $link = convertLink($url, $link); - if (!in_array($link, $crawledLinks)) { - $crawledLinks[] = $link; - $crawling[] = $link; - insertIntoDatabase($link, $pageTitle, $metaData, $depth); - } - } - foreach ($crawling as $crawlURL) { - followLink($crawlURL, $depth + 1); - } -} - -/** - * @param string $site Site - * @param string $path Path - * @return string String - */ -function convertLink($site, $path) -{ - if (substr_compare($path, "//", 0, 2) == 0) { - return parse_url($site)['scheme'].$path; - } elseif (substr_compare($path, "http://", 0, 7) == 0 - or substr_compare($path, "https://", 0, 8) == 0 - or substr_compare($path, "www.", 0, 4) == 0 - ) { - return $path; - } else { - return $site.'/'.$path; - } -} - -/** - * @param string $url URL - * @return boolean - */ -function ignoreLink($url) -{ - return $url[0] == "#" or substr($url, 0, 11) == "javascript:"; -} - -/** - * @param string $link URL - * @param string $title Title - * @param string $metaData Array - * @param int $depth Depth - * @return void - */ -function insertIntoDatabase($link, $title, &$metaData, $depth) -{ - //global $crawledLinks; - - echo "Inserting new record {URL= ".$link.", Title = '$title', Description = '".$metaData['description']."', Keywords = ' ".$metaData['keywords']."'}


"; - - //²$crawledLinks[]=$link; -} - -/** - * @param string $doc Doc - * @param string $url URL - * @return string URL/Title - */ -function getDocTitle(&$doc, $url) -{ - $titleNodes = $doc->getElementsByTagName('title'); - if (count($titleNodes) == 0 or !isset($titleNodes[0]->nodeValue)) { - return $url; - } - $title = str_replace('', '\n', $titleNodes[0]->nodeValue); - return (strlen($title) < 1) ? $url : $title; -} - -/** - * @param string $doc Doc - * @return array Array - */ -function getDocMetaData(&$doc) -{ - $metaData = array(); - $metaNodes = $doc->getElementsByTagName('meta'); - foreach ($metaNodes as $node) { - $metaData[$node->getAttribute("name")] = $node->getAttribute("content"); - } - if (!isset($metaData['description'])) { - $metaData['description'] = 'No Description Available'; - } - if (!isset($metaData['keywords'])) { - $metaData['keywords'] = ''; - } - return array( - 'keywords' => str_replace('', '\n', $metaData['keywords']), - 'description' => str_replace('', '\n', $metaData['description']) - ); -} - - -followLink("http://localhost/dolibarr_dev/htdocs"); From 9a6ae3c45475586ec6d2f4641c8ad9d60a6cf5d9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 21 Dec 2023 19:25:07 +0100 Subject: [PATCH 18/19] FIX Return a better error message when token is not valid --- htdocs/api/class/api_login.class.php | 4 ++++ htdocs/core/lib/functions.lib.php | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/htdocs/api/class/api_login.class.php b/htdocs/api/class/api_login.class.php index 7cad862b3be..865a82b734f 100644 --- a/htdocs/api/class/api_login.class.php +++ b/htdocs/api/class/api_login.class.php @@ -165,6 +165,10 @@ class Login $token = $tmpuser->api_key; } + if (!ascii_check($token)) { + throw new RestException(500, 'Error the token for this user has not an hexa format. Try first to reset it.'); + } + //return token return array( 'success' => array( diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index a5c96292a5e..cf8bb9b324e 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -7609,12 +7609,14 @@ function dol_htmlentities($string, $flags = ENT_QUOTES|ENT_SUBSTITUTE, $encoding /** * Check if a string is a correct iso string - * If not, it will we considered not HTML encoded even if it is by FPDF. + * If not, it will not be considered as HTML encoded even if it is by FPDF. * Example, if string contains euro symbol that has ascii code 128 * * @param string $s String to check * @param string $clean Clean if it is not an ISO. Warning, if file is utf8, you will get a bad formated file. * @return int|string 0 if bad iso, 1 if good iso, Or the clean string if $clean is 1 + * @deprecated Duplicate of ascii_check() + * @see ascii_check() */ function dol_string_is_good_iso($s, $clean = 0) { From c6040146b24a3bf2250851336f1b2f420e488188 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 21 Dec 2023 19:39:02 +0100 Subject: [PATCH 19/19] Add more function to disable. Add preg_quote to avoid false positive. --- htdocs/admin/system/security.php | 2 +- htdocs/core/lib/files.lib.php | 2 +- htdocs/modulebuilder/index.php | 7 ++++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index f6c53f9ae2d..6ad04701a52 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -117,7 +117,7 @@ print "PHP allow_url_include = ".(ini_get('allow_url_include') //print "PHP safe_mode = ".(ini_get('safe_mode') ? ini_get('safe_mode') : yn(0)).'   '.$langs->trans("Deprecated")." (removed in PHP 5.4)
\n"; print "PHP disable_functions = "; $arrayoffunctionsdisabled = explode(',', ini_get('disable_functions')); -$arrayoffunctionstodisable = explode(',', 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals'); +$arrayoffunctionstodisable = explode(',', 'dl,apache_note,apache_setenv,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,show_source,virtual'); //$arrayoffunctionstodisable[] = 'stream_wrapper_restore'; //$arrayoffunctionstodisable[] = 'stream_wrapper_register'; if ($execmethod == 1) { diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index c4f8972253a..e30931b3305 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -623,7 +623,7 @@ function dol_fileperm($pathoffile) * @param string $destfile Destination file (can't be a directory). If empty, will be same than source file. * @param int $newmask Mask for new file (0 by default means $conf->global->MAIN_UMASK). Example: '0666' * @param int $indexdatabase 1=index new file into database. - * @param int $arrayreplacementisregex 1=Array of replacement is regex + * @param int $arrayreplacementisregex 1=Array of replacement is already an array with key that is a regex. Warning: the key must be escaped with preg_quote for '/' * @return int Return integer <0 if error, 0 if nothing done (dest file already exists), >0 if OK * @see dol_copy() */ diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index 03171f5be86..fe5d5f42362 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -474,7 +474,7 @@ if ($dirins && in_array($action, array('initapi', 'initphpunit', 'initpagecontac if ($varnametoupdate) { // Now we update the object file to set $$varnametoupdate to 1 $srcfile = $dirins.'/'.strtolower($module).'/lib/'.strtolower($module).'_'.strtolower($objectname).'.lib.php'; - $arrayreplacement = array('/\$'.$varnametoupdate.' = 0;/' => '$'.$varnametoupdate.' = 1;'); + $arrayreplacement = array('/\$'.preg_quote($varnametoupdate, '/').' = 0;/' => '$'.$varnametoupdate.' = 1;'); dolReplaceInFile($srcfile, $arrayreplacement, '', 0, 0, 1); } } else { @@ -959,7 +959,7 @@ if ($dirins && $action == 'confirm_removefile' && !empty($module)) { } if ($varnametoupdate) { $srcfile = $dirins.'/'.strtolower($module).'/lib/'.strtolower($module).'_'.strtolower($objectname).'.lib.php'; - $arrayreplacement = array('/\$'.$varnametoupdate.' = 1;/' => '$'.$varnametoupdate.' = 0;'); + $arrayreplacement = array('/\$'.preg_quote($varnametoupdate, '/').' = 1;/' => '$'.preg_quote($varnametoupdate, '/').' = 0;'); dolReplaceInFile($srcfile, $arrayreplacement, '', 0, 0, 1); } } @@ -1483,7 +1483,8 @@ if ($dirins && $action == 'initobject' && $module && $objectname) { $error++; setEventMessages($langs->trans("WarningCommentNotFound", $langs->trans("Menus"), "mod".$module."class.php"), null, 'warnings'); } else { - dolReplaceInFile($moduledescriptorfile, array('/* END MODULEBUILDER LEFTMENU MYOBJECT */' => '/*LEFTMENU '.strtoupper($objectname).'*/'.$stringtoadd."\n\t\t".'/*END LEFTMENU '.strtoupper($objectname).'*/'."\n\t\t".'/* END MODULEBUILDER LEFTMENU MYOBJECT */')); + $arrayofreplacement = array('/* END MODULEBUILDER LEFTMENU MYOBJECT */' => '/*LEFTMENU '.strtoupper($objectname).'*/'.$stringtoadd."\n\t\t".'/*END LEFTMENU '.strtoupper($objectname).'*/'."\n\t\t".'/* END MODULEBUILDER LEFTMENU MYOBJECT */'); + dolReplaceInFile($moduledescriptorfile, $arrayofreplacement); } } // Add module descriptor to list of files to replace "MyObject' string with real name of object.