Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-07 18:18:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
121,841 Commits 36 Branches 190 Tags
89e378bc78f175cdf3f6fdf6b51a453e2e181b90
Commit Graph

328 Commits

Author SHA1 Message Date
Laurent Destailleur
81882f8243 Merge pull request #19065 from javieralapps4up/develop 
Access forbidden when the password of other users is changed
 2021-10-22 22:52:55 +02:00
Frédéric FRANCE
fafabe3be2 fix multiple warnings 2021-10-22 22:22:55 +02:00
Frédéric FRANCE
46c4f28478 fix multiple warnings 2021-10-22 22:15:59 +02:00
javieralapps4up
f50dfe8571 Update security.lib.php 2021-10-21 18:20:06 +02:00
javieralapps4up
5d854dcce1 FIX #19064 
Access forbidden when the password of other users is changed

Steps to reproduce the behavior

User with lire and password (user) perms, but no creer.

When this user saves or cancels the edition of the password of another user, he is sent to the prohibited page
 2021-10-21 18:17:43 +02:00
Alexandre SPANGARO
3f26ab195b HTML5 - <font> tag is deprecated, replace by <span> 2021-10-05 09:46:48 +02:00
ksar
f2b39b3eeb FIX #18767 : Adherent delete 
Adherent Delete was not working due to the fact that 
$features = 'adherent';
$feature2 = 'cotisation';
And $user->rights->$feature->$subfeature->supprimer does not exist

Also I used the double declaration of salaries.
 2021-09-21 11:27:41 +02:00
lmarcouiller
a5e670291e Fix permission for salaries module 2021-09-08 15:36:51 +02:00
Laurent Destailleur
23829ae637 Cast numeric into on sql request 2021-08-23 18:56:46 +02:00
Laurent Destailleur
d4b5ee6c85 Fix cast into variable into sql request. 2021-08-23 17:41:11 +02:00
Laurent Destailleur
9c626bede4 Fix dol_hash for sha256 2021-07-30 18:43:35 +02:00
Laurent Destailleur
a0418fc17d FIX CWE-269 huntr - download of files of project 2021-05-21 18:53:09 +02:00
Laurent Destailleur
11fa523070 FIX CWE-269 2021-05-21 15:54:11 +02:00
Laurent Destailleur
b6dbe45242 Fix permissions on page to move position of file 2021-05-18 01:58:54 +02:00
Laurent Destailleur
aa05788d62 Merge branch '13.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	ChangeLog
	htdocs/compta/bank/class/account.class.php
	htdocs/core/class/extrafields.class.php
	htdocs/core/lib/security.lib.php
	htdocs/core/modules/societe/mod_codeclient_elephant.php
	htdocs/filefunc.inc.php
	test/phpunit/CodingPhpTest.php
 2021-05-11 20:34:46 +02:00
Laurent Destailleur
6591c3f50e Merge pull request #17538 from AlexisLaurier/fix/restrictedAreaPaymentFournDelete 
bug fix - deletion of invoice supplier payment
 2021-05-11 19:27:05 +02:00
Alexis LAURIER
d04c741a3b add payment_fourn delete proper check into security.lib 2021-05-08 09:12:17 +02:00
Laurent Destailleur
655056ed31 Debug v14 2021-04-29 12:10:55 +02:00
Alexandre SPANGARO
8d72448f43 Add right supplier_order 2021-04-12 09:47:16 +02:00
Laurent Destailleur
489cff46a3 FIX #yogosha5828 2021-04-08 00:37:17 +02:00
Laurent Destailleur
5ce9bc5801 FIX #yogosha5748 2021-04-02 23:23:44 +02:00
Laurent Destailleur
3857daed94 Fix remove log 2021-03-23 18:08:44 +01:00
Laurent Destailleur
5ff9038e4e Fix permissions on BOMs 2021-03-23 18:02:52 +01:00
Laurent Destailleur
15440917b1 Fix #ygosha5698 2021-03-22 11:30:18 +01:00
Laurent Destailleur
78aec3daae Removed option MAIN_EXTERNAL_USERS_CAN_SEE_SUBSIDIARY_COMPANIES. The 
implmentation did not make any test on subsidiaries. It has same effect
than being an internal user.
 2021-03-19 00:00:06 +01:00
stickler-ci
345fe648b3 Fixing style errors. 2021-03-11 15:37:27 +00:00
Laurent Destailleur
c596eb91a8 Merge branch 'develop' into abb120358 2021-03-11 16:35:21 +01:00
Bahfir Abbes
0158cbb893 Update security.lib.php 2021-03-11 04:02:30 +01:00
Frédéric FRANCE
a4e25359e7 add missing rule 2021-03-01 20:37:16 +01:00
Frédéric FRANCE
554e449e40 code syntax core directory 2021-02-23 22:03:23 +01:00
Laurent Destailleur
5340c30db3 FIX missing security test on payment page 
FIX sql error on group by on payment list
 2021-02-19 12:35:26 +01:00
abb
d82c62c40d New:Constant MAIN_SHOW_SOCIETE2EXTERN to allow access to any thirdparty for external users 2021-02-12 23:53:45 +01:00
Laurent Destailleur
0849ce288c Fix phpcs 2021-02-10 14:04:06 +01:00
LAURIER Alexis
0ae0eb5758 fix regression of #16118 - entity not check 
Entity is not anymore check for user having permission $user->rights->societe->client->voir on the current entity. Then we can open object from any entity with current permissions and the entity field of objects are not anymore checked.
 2021-02-09 20:13:13 +01:00
Laurent Destailleur
daf88944f8 FIX #16118 Timezone problem on some fields 2021-02-02 00:19:41 +01:00
Laurent Destailleur
f06d920460 FIX #15583 2020-12-03 16:22:03 +01:00
Scrutinizer Auto-Fixer
7f52920716 Scrutinizer Auto-Fixes 
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
 2020-10-31 13:32:18 +00:00
Laurent Destailleur
b5703350da Fix escape 2020-09-19 22:41:05 +02:00
Laurent Destailleur
f62d52f89a Fix tooltip for linkto object. 
Fix security of ajax selectobject.php
 2020-09-19 00:44:47 +02:00
Scrutinizer Auto-Fixer
b78ff67d7e Scrutinizer Auto-Fixes 
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
 2020-09-07 08:18:17 +00:00
Laurent Destailleur
bd65e5612f Fix duplicate id 2020-08-17 20:06:01 +02:00
Laurent Destailleur
c63d54631c Merge branch '11.0' of git@github.com:Dolibarr/dolibarr.git into 12.0 
Conflicts:
	htdocs/categories/class/categorie.class.php
 2020-08-17 19:59:17 +02:00
Laurent Destailleur
487d26c7db Merge branch '10.0' of git@github.com:Dolibarr/dolibarr.git into 11.0 
Conflicts:
	htdocs/categories/class/categorie.class.php
	htdocs/core/class/html.formfile.class.php
	htdocs/core/lib/functions.lib.php
 2020-08-17 19:54:23 +02:00
stickler-ci
8d88217434 Fixing style errors. 2020-08-04 14:48:15 +00:00
Ferran Marcet
70ad2fcee0 Fix: User can see events that are not assigned to it 2020-08-04 16:45:57 +02:00
Ferran Marcet
7a077a2d99 Fix: User can see events that are not assigned to it 2020-08-04 16:45:04 +02:00
stickler-ci
9926eac192 Fixing style errors. 2020-08-03 09:26:36 +00:00
Ferran Marcet
63b15dd1b6 Fix: User can see events that are not assigned to it 2020-08-03 11:17:30 +02:00
Laurent Destailleur
fd95551940 Fix upload of file in import module 
Conflicts:
	htdocs/core/lib/security.lib.php
 2020-07-09 21:52:27 +02:00
Laurent Destailleur
9bb0ef04f5 Fix upload of file in import module 2020-06-29 18:07:51 +02:00