Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-20 20:04:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
151,322 Commits 39 Branches 191 Tags
23.0
Commit Graph

4759 Commits

Author SHA1 Message Date
Laurent Destailleur
5433a5642d Merge branch '22.0' of git@github.com:Dolibarr/dolibarr.git into 23.0 2026-02-16 21:21:13 +01:00
Laurent Destailleur
02f23d5193 Fix #37227 Fix #37233 2026-02-16 20:54:57 +01:00
Joachim Kueter
7a37ebbeb3 FIX: Clean filenames with double spaces (#37256) 
* Clean filenames with double spaces

If a filename contains double spaces, it can get uploaded in Dolibarr exactly as it is.

When listing the file or trying to download it, the dolibarr functions clear double spaces in the filename. In particular the alpha parameter for GETPOST.

This results in files being uploaded (e.g. attachments for invoices) than can get listed but remain inaccessible and even cannot get deleted via UI. 

We either need to fix all these places to accept double spaces or we change a single location, when we sanitize filenames.

* removed white space
 2026-02-16 20:03:22 +01:00
Laurent Destailleur
db5154871c More functions in blacklist (even if nw we use the whitelist by default) 2026-02-10 14:41:36 +01:00
Laurent Destailleur
574b4b5d62 Merge branch '22.0' of git@github.com:Dolibarr/dolibarr.git into 23.0 2026-02-08 13:12:52 +01:00
Laurent Destailleur
556b103dc6 Fix max 2026-02-07 21:57:02 +01:00
Laurent Destailleur
205cb50766 Debug v23 2026-02-07 21:55:20 +01:00
Laurent Destailleur
8d54cac841 Code comment 2026-02-07 21:03:04 +01:00
Laurent Destailleur
447242b3d5 Debug v23 2026-02-07 15:43:49 +01:00
Benjamin Falière
e2aed0f5c1 FIX: #36989 private mention on ticket pdf (#37079) 
Co-authored-by: Benjamin Falière <benjamin.faliere@altairis.fr>
 2026-02-04 14:41:29 +01:00
Laurent Destailleur
6b73bb78a4 CI 2026-01-30 13:22:02 +01:00
Laurent Destailleur
4fd58bf4ea CI 2026-01-30 13:21:27 +01:00
Laurent Destailleur
a452dfb596 FIX substitution of vars in donation templates 2026-01-24 17:41:06 +01:00
Laurent Destailleur
1eb0970e11 Fix ci 2026-01-24 15:10:33 +01:00
Laurent Destailleur
5e406a945b Fix message on button tooltip 2026-01-22 16:41:11 +01:00
Laurent Destailleur
f8d9a2e829 Fix css and responsive pb 2026-01-21 11:16:10 +01:00
Laurent Destailleur
3e3e2a3759 Fix CI 2026-01-19 21:06:51 +01:00
Alexandre SPANGARO
048d71dec3 FIX warnings with GETPOSTDATE and saverestore (#36886) 2026-01-16 02:54:27 +01:00
Laurent Destailleur
2754b6485d Debug v23 2026-01-12 01:34:27 +01:00
Laurent Destailleur
544f4971bc Debug v23 2026-01-12 01:00:05 +01:00
Laurent Destailleur
39ed2ece8f Backport fix for #36850 2026-01-11 12:48:58 +01:00
Laurent Destailleur
0c49c8298e Fix case 2026-01-10 17:28:44 +01:00
Laurent Destailleur
e81cac68ec Debug v23 2026-01-10 13:14:01 +01:00
Laurent Destailleur
3aff6cded3 More phpuint tests 2026-01-07 14:14:37 +01:00
Laurent Destailleur
70a4de6394 Fix with accent like é are allowed in path 2026-01-07 13:28:56 +01:00
Laurent Destailleur
eef19fe761 Fix warnings 2026-01-05 17:12:38 +01:00
Laurent Destailleur
3b6d803bbd Merge branch '23.0' of git@github.com:Dolibarr/dolibarr.git into 23.0 2026-01-05 13:18:07 +01:00
Laurent Destailleur
bdcfe3f131 Debug v23 and migration 2026-01-05 13:17:36 +01:00
Frédéric FRANCE
e6249eee32 fix phpstan for v23 (#36774) 
* fix phpstan

* Update functions.lib.php

* Update admin.lang

* Update errors.lang

* Update fournisseur.commande.class.php

* Update fournisseur.commande.class.php

* Update blockedlog_archives.php

* Update blockedlog_archives.php

* Update blockedlog_archives.php

* Update blockedlog_archives.php
 2026-01-05 12:48:07 +01:00
Laurent Destailleur
e4cecad00d Debug v23 2026-01-04 15:36:32 +01:00
Laurent Destailleur
eaa3976b2c Maxi debug blockedlog module 2026-01-03 16:36:12 +01:00
Laurent Destailleur
e3876f3295 Debug v23 - restore geoipmaxmind 2025-12-28 02:19:01 +01:00
Laurent Destailleur
d9ad1bae8c Merge pull request #36720 from leninrivas/patch-36 
NEW substitutions values
 2025-12-22 20:40:56 +01:00
Laurent Destailleur
befd5e93c8 Merge pull request #36689 from thersane-john/fix_data_exposure 
Fix: prevent data exposure between customer and supplier
 2025-12-22 19:57:05 +01:00
Laurent Destailleur
4cbfb4829c Rename TVAINTRA to VATNUMBER in functions.lib.php 2025-12-22 19:22:03 +01:00
Laurent Destailleur
d7f9c0157e Merge pull request #36699 from W1W1-M/fix-document-api-agenda-event-list-download 
FIX document API agenda event list and download
 2025-12-22 19:08:55 +01:00
Laurent Destailleur
8ac7f73d4f Merge branch 'develop' into patch-36 2025-12-22 17:24:22 +01:00
Laurent Destailleur
f88bb0bd59 Debug v23 2025-12-21 17:00:04 +01:00
Laurent Destailleur
3a4cf15857 Debug v23 no propagation of warnings 2025-12-21 13:32:32 +01:00
Lenin Rivas
89b515a884 NEW substitutions values 
__AMOUNT_MULTICURRENCY_FORMATED__
__MYCOMPANY_TVAINTRA__
 2025-12-20 11:39:56 -05:00
William Mead
1d32ded07f Refactored and cleaned code 2025-12-19 16:26:35 +01:00
William Mead
a31e01bd77 Refactored to use getMultidirOutput 2025-12-19 08:50:50 +01:00
John BOTELLA
d6adb66789 fix(data): prevent data exposure between customer and supplier 2025-12-17 14:53:49 +01:00
Laurent Destailleur
ac4a110ca5 Sec: Fix Dolibarr Stored XSS via Meta Tag Injection GHSA-59gv-36h7-qwh8 2025-12-16 00:10:28 +01:00
Laurent Destailleur
f5cae96280 Complete blacklist. 2025-12-15 17:06:18 +01:00
Laurent Destailleur
35ad674345 Debug v23 2025-12-15 13:14:04 +01:00
Charlène Benke
8c692cec85 Fix SQL condition for project calendar filtering 2025-12-12 16:10:31 +01:00
MDW
6f4516f310 Qual: Allow null for $outputlangs in get_date_range 
# Qual: Allow null for $outputlangs in get_date_range

`null` is already the default for $outputlangs so allow it as an
argument value (fixes phan notice)
 2025-12-09 15:03:04 +01:00
Laurent Destailleur
add2758316 CSS 2025-12-09 14:30:40 +01:00
Laurent Destailleur
e8ac6cddd0 Fix Replace of__[xx]__ variables. 2025-12-09 11:09:19 +01:00