From 01e461546e4b7e6310fb6fd427a171a8b7afbd53 Mon Sep 17 00:00:00 2001 From: atm-lena Date: Wed, 8 Mar 2023 14:28:43 +0100 Subject: [PATCH 01/14] FIX dol_textishtml() function --- htdocs/core/lib/functions.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index aa7294eac75..0924e95e8ed 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -7483,7 +7483,7 @@ function dol_textishtml($msg, $option = 0) return true; } elseif (preg_match('/<\/textarea/i', $msg)) { return true; - } elseif (preg_match('/<(b|em|i|u)>/i', $msg)) { + } elseif (preg_match('/<(b|em|i|u)[^>]*>/i', $msg)) { return true; } elseif (preg_match('/
/i', $msg)) { + } elseif (preg_match('/<(b|em|i|u)[^>]*>/i', $msg)) { return true; } elseif (preg_match('//i', $msg)) { return true; From 914096bd0a4692a3b519a0bafee2044fc1696a56 Mon Sep 17 00:00:00 2001 From: Guenter Lukas Date: Mon, 13 Mar 2023 08:45:29 +0100 Subject: [PATCH 02/14] update --- htdocs/comm/action/card.php | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index 545088e47e9..806011b2575 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -90,8 +90,8 @@ if ($fulldayevent) { // Security check $socid = GETPOST('socid', 'int'); $id = GETPOST('id', 'int'); -if ($user->socid) { - $socid = $user->socid; +if ($user->socid && ($socid != $user->socid)) { + accessforbidden(); } $error = GETPOST("error"); @@ -142,9 +142,6 @@ if (!empty($conf->global->AGENDA_REMINDER_EMAIL)) { $TDurationTypes = array('y'=>$langs->trans('Years'), 'm'=>$langs->trans('Month'), 'w'=>$langs->trans('Weeks'), 'd'=>$langs->trans('Days'), 'h'=>$langs->trans('Hours'), 'i'=>$langs->trans('Minutes')); $result = restrictedArea($user, 'agenda', $object->id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id'); -if ($user->socid && $socid) { - $result = restrictedArea($user, 'societe', $socid); -} /* From e68076b8f16973e4735ec9249dfe45da094ddac6 Mon Sep 17 00:00:00 2001 From: atm-lena Date: Tue, 21 Mar 2023 13:34:22 +0100 Subject: [PATCH 03/14] Add better protect --- htdocs/core/lib/functions.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 0924e95e8ed..e6f38d50da2 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -7483,7 +7483,7 @@ function dol_textishtml($msg, $option = 0) return true; } elseif (preg_match('/<\/textarea/i', $msg)) { return true; - } elseif (preg_match('/<(b|em|i|u)[^>]*>/i', $msg)) { + } elseif (preg_match('/<(b|em|i|u)(\s*[^>]+)?>/i', $msg)) { return true; } elseif (preg_match('/
]*>/i', $msg)) { + } elseif (preg_match('/<(b|em|i|u)(\s*[^>]+)?>/i', $msg)) { return true; } elseif (preg_match('//i', $msg)) { return true; From 0ddf48869afdae46eb3c7c51b9559b57c28aaeae Mon Sep 17 00:00:00 2001 From: atm-lena Date: Tue, 21 Mar 2023 14:03:55 +0100 Subject: [PATCH 04/14] Add unit test fol_textishtml() --- test/phpunit/FunctionsLibTest.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/test/phpunit/FunctionsLibTest.php b/test/phpunit/FunctionsLibTest.php index d910a9f9d57..f0bb0b9ac2f 100644 --- a/test/phpunit/FunctionsLibTest.php +++ b/test/phpunit/FunctionsLibTest.php @@ -577,6 +577,9 @@ class FunctionsLibTest extends PHPUnit\Framework\TestCase $input='This is a text with accent é'; $after=dol_textishtml($input); $this->assertTrue($after, 'Test with a é'); + $input='xxx'; + $after=dol_textishtml($input); + $this->assertTrue($after, 'Test with i tag and class;'); // False $input='xxx < br>'; From e1fee2e14c83fe7e0b0517c7be77d135a1ed01c5 Mon Sep 17 00:00:00 2001 From: Gauthier PC portable 024 Date: Wed, 22 Mar 2023 16:29:18 +0100 Subject: [PATCH 05/14] FIX : missing column default workstation --- htdocs/product/list.php | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/htdocs/product/list.php b/htdocs/product/list.php index 356253cfab7..88fea64b6fc 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -43,6 +43,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/product.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php'; +require_once DOL_DOCUMENT_ROOT.'/workstation/class/workstation.class.php'; if (isModEnabled('categorie')) { require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcategory.class.php'; @@ -230,6 +231,7 @@ $arrayfields = array( 'p.volume'=>array('label'=>'Volume', 'checked'=>0, 'enabled'=>(isModEnabled("product") && empty($conf->global->PRODUCT_DISABLE_VOLUME) && $type != '1'), 'position'=>30), 'p.volume_units'=>array('label'=>'VolumeUnits', 'checked'=>0, 'enabled'=>(isModEnabled("product") && empty($conf->global->PRODUCT_DISABLE_VOLUME) && $type != '1'), 'position'=>31), 'cu.label'=>array('label'=>"DefaultUnitToShow", 'checked'=>0, 'enabled'=>(isModEnabled("product") && !empty($conf->global->PRODUCT_USE_UNITS)), 'position'=>32), + 'p.fk_default_worksation'=>array('label'=>'DefaultWorkstation', 'checked'=>0, 'enabled'=>isModEnabled('workstation') && $type == 1, 'position'=>33), 'p.sellprice'=>array('label'=>"SellingPrice", 'checked'=>1, 'enabled'=>empty($conf->global->PRODUIT_MULTIPRICES), 'position'=>40), 'p.tva_tx'=>array('label'=>"VATRate", 'checked'=>0, 'enabled'=>empty($conf->global->PRODUIT_MULTIPRICES), 'position'=>41), 'p.minbuyprice'=>array('label'=>"BuyingPriceMinShort", 'checked'=>1, 'enabled'=>(!empty($user->rights->fournisseur->lire)), 'position'=>42), @@ -409,7 +411,10 @@ if ($search_type != '' && $search_type != '-1') { $sql = 'SELECT p.rowid, p.ref, p.label, p.fk_product_type, p.barcode, p.price, p.tva_tx, p.price_ttc, p.price_base_type, p.entity,'; $sql .= ' p.fk_product_type, p.duration, p.finished, p.tosell, p.tobuy, p.seuil_stock_alerte, p.desiredstock,'; -$sql .= ' p.tobatch,'; +$sql .= ' p.tobatch, '; +if (isModEnabled('workstation')) { + $sql .= ' p.fk_default_workstation, ws.status as status_workstation, ws.ref as ref_workstation, '; +} if (empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { $sql .= " p.accountancy_code_sell, p.accountancy_code_sell_intra, p.accountancy_code_sell_export, p.accountancy_code_buy, p.accountancy_code_buy_intra, p.accountancy_code_buy_export,"; } else { @@ -438,6 +443,9 @@ $sql .= $hookmanager->resPrint; $sqlfields = $sql; // $sql fields to remove for count total $sql .= ' FROM '.MAIN_DB_PREFIX.'product as p'; +if (isModEnabled('workstation')) { + $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "workstation_workstation ws ON (p.fk_default_workstation = ws.rowid)"; +} if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as ppe ON ppe.fk_product = p.rowid AND ppe.entity = " . ((int) $conf->entity); } @@ -1015,6 +1023,12 @@ if (!empty($arrayfields['cu.label']['checked'])) { print ''; } +// Default workstation +if (!empty($arrayfields['p.fk_default_worksation']['checked'])) { + print ''; + print ''; +} + // Sell price if (!empty($arrayfields['p.sellprice']['checked'])) { print ''; @@ -1230,6 +1244,9 @@ if (!empty($arrayfields['p.volume_units']['checked'])) { if (!empty($arrayfields['cu.label']['checked'])) { print_liste_field_titre($arrayfields['cu.label']['label'], $_SERVER['PHP_SELF'], '', '', $param, '', $sortfield, $sortorder, 'center '); } +if (!empty($arrayfields['p.fk_default_worksation']['checked'])) { + print_liste_field_titre($arrayfields['p.fk_default_worksation']['label'], $_SERVER['PHP_SELF'], '', '', $param, '', $sortfield, $sortorder, 'center '); +} if (!empty($arrayfields['p.sellprice']['checked'])) { print_liste_field_titre($arrayfields['p.sellprice']['label'], $_SERVER["PHP_SELF"], "", "", $param, '', $sortfield, $sortorder, 'right '); } @@ -1665,6 +1682,25 @@ while ($i < min($num, $limit)) { } } + // Default Workstation + if (!empty($arrayfields['p.fk_default_worksation']['checked'])) { + + print ''; + if (!empty($obj->fk_default_workstation)) { + $static_ws = new Workstation($db); + $static_ws->id = $obj->fk_default_workstation; + $static_ws->ref = $obj->ref_workstation; + $static_ws->status = $obj->status_workstation; + + print $static_ws->getNomUrl(1); + } + print ''; + if (!$i) { + $totalarray['nbfield']++; + } + + } + // Sell price if (!empty($arrayfields['p.sellprice']['checked'])) { print ''; From ffae1ac0d2cbd22e78ac97e1de430c6e464e0b5a Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Wed, 22 Mar 2023 15:35:49 +0000 Subject: [PATCH 06/14] Fixing style errors. --- htdocs/product/list.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/htdocs/product/list.php b/htdocs/product/list.php index 88fea64b6fc..daeeea9e4b8 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -1684,7 +1684,6 @@ while ($i < min($num, $limit)) { // Default Workstation if (!empty($arrayfields['p.fk_default_worksation']['checked'])) { - print ''; if (!empty($obj->fk_default_workstation)) { $static_ws = new Workstation($db); @@ -1698,7 +1697,6 @@ while ($i < min($num, $limit)) { if (!$i) { $totalarray['nbfield']++; } - } // Sell price From a3762281cb041752b37f45469b5016cc90af867e Mon Sep 17 00:00:00 2001 From: Gauthier PC portable 024 Date: Wed, 22 Mar 2023 17:32:13 +0100 Subject: [PATCH 07/14] FIX : feedbacks --- htdocs/product/list.php | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/htdocs/product/list.php b/htdocs/product/list.php index 88fea64b6fc..cf5798bce7b 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -70,6 +70,7 @@ $search_ref = GETPOST("search_ref", 'alpha'); $search_ref_supplier = GETPOST("search_ref_supplier", 'alpha'); $search_barcode = GETPOST("search_barcode", 'alpha'); $search_label = GETPOST("search_label", 'alpha'); +$search_default_workstation = GETPOST("search_default_workstation", 'alpha'); $search_type = GETPOST("search_type", 'int'); $search_vatrate = GETPOST("search_vatrate", 'alpha'); $searchCategoryProductOperator = 0; @@ -231,7 +232,7 @@ $arrayfields = array( 'p.volume'=>array('label'=>'Volume', 'checked'=>0, 'enabled'=>(isModEnabled("product") && empty($conf->global->PRODUCT_DISABLE_VOLUME) && $type != '1'), 'position'=>30), 'p.volume_units'=>array('label'=>'VolumeUnits', 'checked'=>0, 'enabled'=>(isModEnabled("product") && empty($conf->global->PRODUCT_DISABLE_VOLUME) && $type != '1'), 'position'=>31), 'cu.label'=>array('label'=>"DefaultUnitToShow", 'checked'=>0, 'enabled'=>(isModEnabled("product") && !empty($conf->global->PRODUCT_USE_UNITS)), 'position'=>32), - 'p.fk_default_worksation'=>array('label'=>'DefaultWorkstation', 'checked'=>0, 'enabled'=>isModEnabled('workstation') && $type == 1, 'position'=>33), + 'p.fk_default_workstation'=>array('label'=>'DefaultWorkstation', 'checked'=>0, 'enabled'=>isModEnabled('workstation') && $type == 1, 'position'=>33), 'p.sellprice'=>array('label'=>"SellingPrice", 'checked'=>1, 'enabled'=>empty($conf->global->PRODUIT_MULTIPRICES), 'position'=>40), 'p.tva_tx'=>array('label'=>"VATRate", 'checked'=>0, 'enabled'=>empty($conf->global->PRODUIT_MULTIPRICES), 'position'=>41), 'p.minbuyprice'=>array('label'=>"BuyingPriceMinShort", 'checked'=>1, 'enabled'=>(!empty($user->rights->fournisseur->lire)), 'position'=>42), @@ -333,6 +334,7 @@ if (empty($reshook)) { $search_ref = ""; $search_ref_supplier = ""; $search_label = ""; + $search_default_workstation = ""; $search_barcode = ""; $searchCategoryProductOperator = 0; $searchCategoryProductList = array(); @@ -501,6 +503,9 @@ if ($search_ref) { if ($search_label) { $sql .= natural_search('p.label', $search_label); } +if ($search_default_workstation) { + $sql .= natural_search('ws.ref', $search_default_workstation); +} if ($search_barcode) { $sql .= natural_search('p.barcode', $search_barcode); } @@ -707,6 +712,9 @@ if ($search_barcode) { if ($search_label) { $param .= "&search_label=".urlencode($search_label); } +if ($search_default_workstation) { + $param .= "&search_default_workstation=".urlencode($search_default_workstation); +} if ($search_tosell != '') { $param .= "&search_tosell=".urlencode($search_tosell); } @@ -1024,8 +1032,9 @@ if (!empty($arrayfields['cu.label']['checked'])) { } // Default workstation -if (!empty($arrayfields['p.fk_default_worksation']['checked'])) { +if (!empty($arrayfields['p.fk_default_workstation']['checked'])) { print ''; + print ''; print ''; } @@ -1244,8 +1253,8 @@ if (!empty($arrayfields['p.volume_units']['checked'])) { if (!empty($arrayfields['cu.label']['checked'])) { print_liste_field_titre($arrayfields['cu.label']['label'], $_SERVER['PHP_SELF'], '', '', $param, '', $sortfield, $sortorder, 'center '); } -if (!empty($arrayfields['p.fk_default_worksation']['checked'])) { - print_liste_field_titre($arrayfields['p.fk_default_worksation']['label'], $_SERVER['PHP_SELF'], '', '', $param, '', $sortfield, $sortorder, 'center '); +if (!empty($arrayfields['p.fk_default_workstation']['checked'])) { + print_liste_field_titre($arrayfields['p.fk_default_workstation']['label'], $_SERVER['PHP_SELF'], 'ws.ref', '', $param, '', $sortfield, $sortorder); } if (!empty($arrayfields['p.sellprice']['checked'])) { print_liste_field_titre($arrayfields['p.sellprice']['label'], $_SERVER["PHP_SELF"], "", "", $param, '', $sortfield, $sortorder, 'right '); @@ -1339,6 +1348,7 @@ print "\n"; $product_static = new Product($db); +$static_ws = new Workstation($db); $product_fourn = new ProductFournisseur($db); $i = 0; @@ -1683,11 +1693,10 @@ while ($i < min($num, $limit)) { } // Default Workstation - if (!empty($arrayfields['p.fk_default_worksation']['checked'])) { + if (!empty($arrayfields['p.fk_default_workstation']['checked'])) { - print ''; + print ''; if (!empty($obj->fk_default_workstation)) { - $static_ws = new Workstation($db); $static_ws->id = $obj->fk_default_workstation; $static_ws->ref = $obj->ref_workstation; $static_ws->status = $obj->status_workstation; From edbb58e55eaad11ccb33ed6493740e60a0d25eed Mon Sep 17 00:00:00 2001 From: Gauthier PC portable 024 Date: Thu, 23 Mar 2023 09:43:30 +0100 Subject: [PATCH 08/14] FIX : full group by handle --- htdocs/product/list.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/product/list.php b/htdocs/product/list.php index cf5798bce7b..0145831d72a 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -600,6 +600,9 @@ $sql .= ' p.weight, p.weight_units, p.length, p.length_units, p.width, p.width_u if (!empty($conf->global->PRODUCT_USE_UNITS)) { $sql .= ', p.fk_unit, cu.label'; } +if (isModEnabled('workstation')) { + $sql .= ', p.fk_default_workstation, ws.status, ws.ref '; +} if (isModEnabled('variants') && (!empty($conf->global->PRODUIT_ATTRIBUTES_HIDECHILD) && !$show_childproducts)) { $sql .= ', pac.rowid'; From 7c989c31280d7257f7330ac3f93f89b2b40ad80e Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Thu, 23 Mar 2023 08:51:23 +0000 Subject: [PATCH 09/14] Fixing style errors. --- htdocs/product/list.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/htdocs/product/list.php b/htdocs/product/list.php index 0145831d72a..4a00c711040 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -1697,7 +1697,6 @@ while ($i < min($num, $limit)) { // Default Workstation if (!empty($arrayfields['p.fk_default_workstation']['checked'])) { - print ''; if (!empty($obj->fk_default_workstation)) { $static_ws->id = $obj->fk_default_workstation; @@ -1710,7 +1709,6 @@ while ($i < min($num, $limit)) { if (!$i) { $totalarray['nbfield']++; } - } // Sell price From 3603952301e4048e94e7b95785aa9930e3e84ffd Mon Sep 17 00:00:00 2001 From: priojk Date: Fri, 24 Mar 2023 13:43:49 +0100 Subject: [PATCH 10/14] add hooks to customize automatic closing of invoices (e.g. cash discount) --- htdocs/compta/paiement/class/paiement.class.php | 15 ++++++++++++++- htdocs/fourn/class/paiementfourn.class.php | 14 +++++++++++++- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index ec1392e9ea7..6425e23903b 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -11,6 +11,7 @@ * Copyright (C) 2018-2022 Frédéric France * Copyright (C) 2020 Andreu Bisquerra Gaya * Copyright (C) 2021 OpenDsi + * Copyright (C) 2023 Joachim Kueter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -383,7 +384,19 @@ class Paiement extends CommonObject if (!in_array($invoice->type, $affected_types)) { dol_syslog("Invoice ".$facid." is not a standard, nor replacement invoice, nor credit note, nor deposit invoice, nor situation invoice. We do nothing more."); } elseif ($remaintopay) { - dol_syslog("Remain to pay for invoice ".$facid." not null. We do nothing more."); + // hook to have an option to automatically close a closable invoice with less payment than the total amount (e.g. agreed cash discount terms) + global $hookmanager; + $hookmanager->initHooks(array('paymentdao')); + $parameters = array('facid' => $facid, 'invoice' => $invoice, 'remaintopay' => $remaintopay); + $action = 'CLOSEPAIDINVOICE'; + $reshook = $hookmanager->executeHooks('createPayment', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks + if ($reshook < 0) { + $this->errors[] = $hookmanager->error; + $this->error = $hookmanager->error; + $error++; + } elseif ($reshook == 0) { + dol_syslog("Remain to pay for invoice " . $facid . " not null. We do nothing more."); + } // } else if ($mustwait) dol_syslog("There is ".$mustwait." differed payment to process, we do nothing more."); } else { // If invoice is a down payment, we also convert down payment to discount diff --git a/htdocs/fourn/class/paiementfourn.class.php b/htdocs/fourn/class/paiementfourn.class.php index bdf4f8aa457..20ac5330e75 100644 --- a/htdocs/fourn/class/paiementfourn.class.php +++ b/htdocs/fourn/class/paiementfourn.class.php @@ -7,6 +7,7 @@ * Copyright (C) 2014 Marcos García * Copyright (C) 2018 Nicolas ZABOURI * Copyright (C) 2018 Frédéric France + * Copyright (C) 2023 Joachim Kueter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -341,7 +342,18 @@ class PaiementFourn extends Paiement } } } else { - dol_syslog("Remain to pay for invoice ".$facid." not null. We do nothing."); + // hook to have an option to automatically close a closable invoice with less payment than the total amount (e.g. agreed cash discount terms) + global $hookmanager; + $hookmanager->initHooks(array('payment_supplierdao')); + $parameters = array('facid' => $facid, 'invoice' => $invoice, 'remaintopay' => $remaintopay); + $action = 'CLOSEPAIDSUPPLIERINVOICE'; + $reshook = $hookmanager->executeHooks('createPayment', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks + if ($reshook < 0) { + $this->error = $hookmanager->error; + $error++; + } elseif ($reshook == 0) { + dol_syslog("Remain to pay for invoice " . $facid . " not null. We do nothing more."); + } } } From f693822d15d9ac194d31bdb94d27b8d7cca83553 Mon Sep 17 00:00:00 2001 From: priojk Date: Fri, 24 Mar 2023 14:03:19 +0100 Subject: [PATCH 11/14] Stikler whitespace --- htdocs/compta/paiement/class/paiement.class.php | 2 +- htdocs/fourn/class/paiementfourn.class.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index 6425e23903b..78ef8f0d909 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -11,7 +11,7 @@ * Copyright (C) 2018-2022 Frédéric France * Copyright (C) 2020 Andreu Bisquerra Gaya * Copyright (C) 2021 OpenDsi - * Copyright (C) 2023 Joachim Kueter + * Copyright (C) 2023 Joachim Kueter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/htdocs/fourn/class/paiementfourn.class.php b/htdocs/fourn/class/paiementfourn.class.php index 20ac5330e75..93df2b8ac37 100644 --- a/htdocs/fourn/class/paiementfourn.class.php +++ b/htdocs/fourn/class/paiementfourn.class.php @@ -7,7 +7,7 @@ * Copyright (C) 2014 Marcos García * Copyright (C) 2018 Nicolas ZABOURI * Copyright (C) 2018 Frédéric France - * Copyright (C) 2023 Joachim Kueter + * Copyright (C) 2023 Joachim Kueter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by From 148d88a7ecb9d0164348f3d65a2d792625a8d4dc Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sun, 26 Mar 2023 11:10:46 +0200 Subject: [PATCH 12/14] FIX avoid php8 warnings --- htdocs/accountancy/admin/export.php | 4 ++-- htdocs/core/lib/security.lib.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/accountancy/admin/export.php b/htdocs/accountancy/admin/export.php index 23a16340c0b..30cc0144a1f 100644 --- a/htdocs/accountancy/admin/export.php +++ b/htdocs/accountancy/admin/export.php @@ -269,9 +269,9 @@ if ($num2) { // Value print ''; if (is_array($key['param'])) { - print $form->selectarray($label, $key['param'], $conf->global->$label, 0); + print $form->selectarray($label, $key['param'], getDolGlobalString($label), 0); } else { - print ''; + print ''; } print ''; diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 7ee9f7ce9b5..aeb58d34c0f 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -267,9 +267,9 @@ function dol_verifyHash($chain, $hash, $type = '0') if ($type == '0' && !empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'password_hash' && function_exists('password_verify')) { if (! empty($hash[0]) && $hash[0] == '$') { return password_verify($chain, $hash); - } elseif (strlen($hash) == 32) { + } elseif (dol_strlen($hash) == 32) { return dol_verifyHash($chain, $hash, '3'); // md5 - } elseif (strlen($hash) == 40) { + } elseif (dol_strlen($hash) == 40) { return dol_verifyHash($chain, $hash, '2'); // sha1md5 } From af945c190173bbef3ed7ba1ca369c92b7ec1c5a0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 26 Mar 2023 18:15:32 +0200 Subject: [PATCH 13/14] Update functions.lib.php --- htdocs/core/lib/functions.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index e6f38d50da2..e7fd28eb927 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -7483,7 +7483,7 @@ function dol_textishtml($msg, $option = 0) return true; } elseif (preg_match('/<\/textarea/i', $msg)) { return true; - } elseif (preg_match('/<(b|em|i|u)(\s*[^>]+)?>/i', $msg)) { + } elseif (preg_match('/<(b|em|i|u)(\s+[^>]+)?>/i', $msg)) { return true; } elseif (preg_match('/
]+)?>/i', $msg)) { + } elseif (preg_match('/<(b|em|i|u)(\s+[^>]+)?>/i', $msg)) { return true; } elseif (preg_match('//i', $msg)) { return true; From e0cd351b3eeb38909f5bffcfe7fcf3c00c93f06a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 27 Mar 2023 17:37:09 +0200 Subject: [PATCH 14/14] Fix sanitize website module --- htdocs/core/lib/website.lib.php | 12 ++++++++---- test/phpunit/AllTests.php | 5 +++++ ...Website.class.php => WebsiteTest.class.php} | 18 ++++++++++++++++++ 3 files changed, 31 insertions(+), 4 deletions(-) rename test/phpunit/{Website.class.php => WebsiteTest.class.php} (91%) diff --git a/htdocs/core/lib/website.lib.php b/htdocs/core/lib/website.lib.php index af48ec64885..8012d6cce4c 100644 --- a/htdocs/core/lib/website.lib.php +++ b/htdocs/core/lib/website.lib.php @@ -35,8 +35,10 @@ function dolStripPhpCode($str, $replacewith = '') $newstr = ''; - //split on each opening tag - $parts = explode('addTestSuite('AccountingAccountTest'); + // Rest require_once dirname(__FILE__).'/RestAPIUserTest.php'; $suite->addTestSuite('RestAPIUserTest'); require_once dirname(__FILE__).'/RestAPIDocumentTest.php'; @@ -270,6 +271,10 @@ class AllTests require_once dirname(__FILE__).'/EmailCollectorTest.php'; $suite->addTestSuite('EmailCollectorTest'); + // Website + require_once dirname(__FILE__).'/WebsiteTest.php'; + $suite->addTestSuite('Website'); + return $suite; } } diff --git a/test/phpunit/Website.class.php b/test/phpunit/WebsiteTest.class.php similarity index 91% rename from test/phpunit/Website.class.php rename to test/phpunit/WebsiteTest.class.php index 50d0c16453d..2f0afbbed96 100644 --- a/test/phpunit/Website.class.php +++ b/test/phpunit/WebsiteTest.class.php @@ -175,4 +175,22 @@ class WebsiteTest extends PHPUnit\Framework\TestCase // We must found no line (so code should be KO). If we found somethiing, it means there is a SQL injection of the 1=1 $this->assertEquals($res['code'], 'KO'); } + + /** + * testDolStripPhpCode + * + * @return void + */ + public function testDolStripPhpCode() + { + global $db; + + $s = "abc\nghi"; + $result = dolStripPhpCode($s); + $this->assertEquals("abc\nghi", $result); + + $s = "abc\nghi"; + $result = dolStripPhpCode($s); + $this->assertEquals("abc\nghi", $result); + } }