Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 17:48:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
146,103 Commits 36 Branches 190 Tags
d8a07f6fd6c47d3b560f1119492fd494f018f013
Commit Graph

218 Commits

Author SHA1 Message Date
ldestailleur
f0a0aeb3a4 FIX #34746 - More complete fix for CVE-2024-40137 2025-07-17 19:26:24 +02:00
ldestailleur
85782ca3f6 Merge branch '21.0' of git@github.com:Dolibarr/dolibarr.git into 22.0 2025-07-15 15:21:59 +02:00
ldestailleur
87370eb0ba Sec: Remove all functions that accept callable params. 2025-07-15 05:42:06 +02:00
ldestailleur
a674676ded Merge branch '21.0' of git@github.com:Dolibarr/dolibarr.git into develop 2025-05-10 13:33:53 +02:00
ldestailleur
d76848351c Merge branch '20.0' of git@github.com:Dolibarr/dolibarr.git into 21.0 2025-05-10 13:30:36 +02:00
ldestailleur
ae94c71a10 Merge branch '19.0' of git@github.com:Dolibarr/dolibarr.git into 20.0 2025-05-10 13:25:31 +02:00
ldestailleur
445f089556 Merge branch '18.0' of git@github.com:Dolibarr/dolibarr.git into 19.0 2025-05-10 12:53:37 +02:00
Laurent Destailleur (aka Eldy)
b85bfc40f4 Fix phpunit 2025-05-06 11:59:08 +02:00
ldestailleur
eadc676edf NEW Add option MAIN_ALLOW_DOUBLE_COLON_IN_DOL_EVAL 2025-05-06 11:10:57 +02:00
ldestailleur
9582894136 Add constant SECURITY_WAF_ALLOW_QUOTES_IN_GET in WAF 2025-04-06 18:56:59 +02:00
ldestailleur
3edadbd8b8 Add option MAIN_DISALLOW_STRING_OBFUSCATION_IN_DOL_EVAL. Close #33612 2025-04-01 16:23:50 +02:00
ldestailleur
15f2f4f223 Clean code 2025-04-01 15:21:43 +02:00
ldestailleur
cc8c7b8329 Fix possible remote code execution using dol_concatdesc in dol_eval. To 
allow concat char, you can use
MAIN_ALLOW_UNSECURED_SPECIAL_CHARS_IN_DOL_EVAL='.'
 2025-04-01 13:25:10 +02:00
ldestailleur
bcf0ef0bc0 Test switch in dol_eval function() 2025-04-01 12:31:27 +02:00
ldestailleur
d670d67668 Disable test when libxml not good. 2025-03-09 23:37:36 +01:00
ldestailleur
202ffe732e Enhance phpunit tests 2025-03-09 21:26:51 +01:00
Laurent Destailleur (aka Eldy)
bd9bf8b5a8 FIX #CVE-2024-34051 2025-02-17 12:24:03 +01:00
Laurent Destailleur (aka Eldy)
d223f8a0b9 Merge branch '21.0' of git@github.com:Dolibarr/dolibarr.git into develop 2025-02-13 20:42:23 +01:00
Laurent Destailleur (aka Eldy)
705164cc9f Merge branch '20.0' of git@github.com:Dolibarr/dolibarr.git into 21.0 2025-02-13 20:39:19 +01:00
Laurent Destailleur (aka Eldy)
256e0e0470 Merge branch '19.0' of git@github.com:Dolibarr/dolibarr.git into 20.0 2025-02-13 20:37:12 +01:00
Laurent Destailleur (aka Eldy)
054010f8ec Fix test 2025-02-13 20:34:55 +01:00
Laurent Destailleur (aka Eldy)
36fd5b7b26 FIX #CVE-2024-34051 2025-02-13 20:29:25 +01:00
Laurent Destailleur (aka Eldy)
802562a575 Fix regression after a fix 2025-01-09 19:35:01 +01:00
Laurent Destailleur (aka Eldy)
56710ce9b7 FIX CVE-2024-55227 and CVE-2024-55228 CSRF when 
MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY is
on (hidden option not on by default)
 2025-01-09 19:35:01 +01:00
Laurent Destailleur
9de730aeab Add more phpunit 2025-01-09 19:28:08 +01:00
Laurent Destailleur
000e2ebe54 Test 2025-01-09 19:19:28 +01:00
Laurent Destailleur (aka Eldy)
429f5db55a Merge branch '21.0' of git@github.com:Dolibarr/dolibarr.git into develop 2025-01-09 14:09:33 +01:00
Laurent Destailleur (aka Eldy)
58e42656c0 Fix regression after a fix 2025-01-09 13:54:25 +01:00
Laurent Destailleur (aka Eldy)
79ae59ee2a Merge branch '21.0' of git@github.com:Dolibarr/dolibarr.git into develop 2025-01-08 17:54:13 +01:00
Laurent Destailleur (aka Eldy)
c0250e4c91 FIX CVE-2024-55227 CSRF when MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY is 
on (hidden option not on by default)
 2025-01-08 17:41:45 +01:00
Laurent Destailleur (aka Eldy)
3bfd6c1e30 Debug MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY 2025-01-06 12:56:24 +01:00
Laurent Destailleur (aka Eldy)
8733e9d57e Fix security test blocking $_SESSION... 2024-12-26 15:43:29 +01:00
Laurent Destailleur (aka Eldy)
fcc344f9da Security - More robust dol_eval function after vulnerability report by 
Muhammad Zeeshan (Xib3rR4dAr)
 2024-12-26 15:43:29 +01:00
Laurent Destailleur (aka Eldy)
7f4b2b08b4 Complete phpunit and tests to avoid use of non expected function 2024-12-18 19:00:33 +01:00
Frédéric FRANCE
9067c6deec replace deprecated (#31803) 
* replace deprecated

* replace deprecated
 2024-11-14 00:16:43 +01:00
Laurent Destailleur
eaf92c9fa4 FIX better regex to detect substitution key 2024-10-30 19:53:40 +01:00
Laurent Destailleur
b8aa7e2511 Fix option restricthtmlallowlinkscript of GETPOST 2024-09-09 15:56:47 +02:00
Laurent Destailleur
8ac368ce17 FIX Better sanitizing for javascript. Fix <> bypass. 2024-07-27 18:07:37 +02:00
Laurent Destailleur
7595609be2 Fix #yogosha23464 possible RCE by an admin user. 2024-07-23 18:27:18 +02:00
Laurent Destailleur
3633762298 Fix dolPrintHTML when MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY is off 2024-07-22 16:36:24 +02:00
Laurent Destailleur
04f64714f1 Debug v20 2024-06-26 21:45:36 +02:00
Laurent Destailleur
5bbc4e083e Add a phpunit test 2024-06-04 14:06:35 +02:00
Laurent Destailleur
4d49d01eec Fix phpunit 2024-05-15 12:19:57 +02:00
Laurent Destailleur
1b2bad3f42 NEW Add function to manipulate emojis 2024-05-14 18:19:48 +02:00
Laurent Destailleur
7f3ed10922 Add phpunit case 2024-05-14 04:08:54 +02:00
Laurent Destailleur
295587ea20 Fix warning 2024-03-24 14:19:44 +01:00
Laurent Destailleur
220b9d0852 Add a unit test on dol_eval 2024-03-24 07:08:40 +01:00
Laurent Destailleur
d9488770ae GETPOST(..., 'alpha') does not accept \ char anymore. Replaced with / 2024-03-24 01:45:31 +01:00
Laurent Destailleur
1aa1647606 Update SecurityTest.php 2024-03-11 12:53:03 +01:00
Laurent Destailleur
41a57c05c5 Update SecurityTest.php 2024-03-11 12:51:27 +01:00