diff --git a/htdocs/admin/const.php b/htdocs/admin/const.php index e5625b0f975..895ce8c1b08 100644 --- a/htdocs/admin/const.php +++ b/htdocs/admin/const.php @@ -32,10 +32,6 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php'; // Load translation files required by the page $langs->load("admin"); -if (!$user->admin) { - accessforbidden(); -} - $rowid = GETPOST('rowid', 'int'); $entity = GETPOST('entity', 'int'); $action = GETPOST('action', 'aZ09'); @@ -44,7 +40,6 @@ $consts = GETPOST('const', 'array'); $constname = GETPOST('constname', 'alphanohtml'); $constvalue = GETPOST('constvalue', 'restricthtml'); // We should be able to send everything here $constnote = GETPOST('constnote', 'alpha'); - // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); @@ -63,12 +58,30 @@ if (empty($sortorder)) { $sortorder = 'ASC'; } +if ($action == 'add' && GETPOST('update')) { // Click on button update must be used in priority before param $action + $action = 'update'; +} +if ($action == 'add' && GETPOST('delete')) { // Click on button update must be used in priority before param $action + $action = 'delete'; +} +if ($action == 'update' && GETPOST('add')) { // Click on button add must be used in priority before param $action + $action = 'add'; +} +if ($action == 'delete' && GETPOST('add')) { // Click on button add must be used in priority before param $action + $action = 'add'; +} + +if (!$user->admin) { + accessforbidden(); +} + /* * Actions */ -if ($action == 'add' || (GETPOST('add') && $action != 'update')) { +// Add a new record +if ($action == 'add') { $error = 0; if (empty($constname)) { @@ -157,13 +170,12 @@ jQuery(document).ready(function() { jQuery("#delconst").hide(); jQuery(".checkboxfordelete").click(function() { jQuery("#delconst").show(); - jQuery("#action").val('delete'); }); jQuery(".inputforupdate").keyup(function() { // keypress does not support back var field_id = jQuery(this).attr("id"); var row_num = field_id.split("_"); jQuery("#updateconst").show(); - jQuery("#action").val('update'); + jQuery("#action").val('update'); // so default action if we type enter will be update, but correct action is also detected correctly without that when clicking on "Update" button. jQuery("#check_" + row_num[1]).prop("checked",true); }); }); @@ -180,7 +192,7 @@ $param = ''; print '
entity) && $debug) ? '?debug=1' : '').'" method="POST">'; print ''; -print ''; +print ''; print ''; print ''; diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index eec4d564d9f..1dd2b0126c1 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -580,14 +580,15 @@ print '
'; print 'MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED = '.getDolGlobalString('MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED', ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)')."
"; print '
'; -print 'MAIN_SECURITY_FORCECSP = '.getDolGlobalString('MAIN_SECURITY_FORCECSP', ''.$langs->trans("Undefined").'').'   ('.$langs->trans("Example").": \"frame-ancestors 'self'; default-src 'self' 'unsafe-inline'; img-src *;\")
"; +print 'MAIN_SECURITY_FORCECSP = '.getDolGlobalString('MAIN_SECURITY_FORCECSP', ''.$langs->trans("Undefined").'').'   ('.$langs->trans("Example").": \"frame-ancestors 'self'; default-src *; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';\")
"; print '
'; print 'MAIN_SECURITY_FORCERP = '.getDolGlobalString('MAIN_SECURITY_FORCERP', ''.$langs->trans("Undefined").'').'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"same-origin\" so browser doesn't send any referrer when going into another web site domain)
"; print '
'; print 'WEBSITE_MAIN_SECURITY_FORCECSP = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCECSP', ''.$langs->trans("Undefined").''); -print '   ('.$langs->trans("Example").": \"frame-ancestors 'self'; default-src 'self' 'unsafe-inline'; style-src https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src https://cdn.transifex.com https://www.googletagmanager.com 'unsafe-inline'; object-src https://youtube.com; frame-src https://youtube.com; img-src *;\")
"; +print '   ('.$langs->trans("Example").": \"frame-ancestors 'self'; default-src 'self' 'unsafe-inline'; style-src https://cdnjs.cloudflare.com https://fonts.googleapis.com 'unsafe-inline'; script-src https://cdn.transifex.com https://www.googletagmanager.com 'unsafe-inline'; object-src https://youtube.com; frame-src https://youtube.com; img-src *;\")
"; + print '
'; print 'WEBSITE_MAIN_SECURITY_FORCERP = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCERP', ''.$langs->trans("Undefined").'').'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"strict-origin-when-cross-origin\")
"; diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 1376155e0e7..d32f1c6e58b 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -8797,9 +8797,9 @@ abstract class CommonObject if ($usesharelink) { if ($val['share']) { - if (empty($maxHeight) || $photo_vignette && $imgarray['height'] > $maxHeight) { + if (empty($maxHeight) || ($photo_vignette && $imgarray['height'] > $maxHeight)) { $return .= ''; - $return .= ''; + $return .= ''; } else { $return .= ''; $return .= ''; @@ -8809,9 +8809,9 @@ abstract class CommonObject $return .= ''; } } else { - if (empty($maxHeight) || $photo_vignette && $imgarray['height'] > $maxHeight) { + if (empty($maxHeight) || ($photo_vignette && $imgarray['height'] > $maxHeight)) { $return .= ''; - $return .= ''; + $return .= ''; } else { $return .= ''; $return .= ''; diff --git a/htdocs/core/lib/images.lib.php b/htdocs/core/lib/images.lib.php index b10b000b8e7..ec64e77f42e 100644 --- a/htdocs/core/lib/images.lib.php +++ b/htdocs/core/lib/images.lib.php @@ -130,8 +130,12 @@ function dol_getImageSize($file, $url = false) if ($filetoread) { $infoImg = getimagesize($filetoread); // Recuperation des infos de l'image - $ret['width'] = $infoImg[0]; // Largeur de l'image - $ret['height'] = $infoImg[1]; // Hauteur de l'image + if ($infoImg) { + $ret['width'] = $infoImg[0]; // Largeur de l'image + $ret['height'] = $infoImg[1]; // Hauteur de l'image + } else { + $ret['width'] = $ret['height'] = ''; + } } return $ret; diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index dc80cb31e88..2da37a2c077 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -7678,7 +7678,7 @@ div.clipboardCPValue.hidewithsize { } .dropdown dd ul { - max-width: 350px; + max-width: 370px; } } /* rule to reduce top menu - 2nd reduction: Reduce width of top menu icons again */ diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index bd0cc016db7..cfca2f1a104 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -4924,7 +4924,7 @@ div.titre { color: var(--colortexttitlenotab); } .tertiary { - color: var(--colortexttitlenotab); + color: var(--colortexttitlenotab2); } table.centpercent.notopnoleftnoright.table-fiche-title { diff --git a/htdocs/theme/md/theme_vars.inc.php b/htdocs/theme/md/theme_vars.inc.php index 84a1065f781..be799259b32 100644 --- a/htdocs/theme/md/theme_vars.inc.php +++ b/htdocs/theme/md/theme_vars.inc.php @@ -60,6 +60,7 @@ $colorbacklinepairchecked = '230,237,244'; // line checked $colorbacklinebreak = '250,246,251'; $colorbackbody = '248,248,248'; $colortexttitlenotab = '80,71,5'; +$colortexttitlenotab2 = '100,0,100'; $colortexttitle = '20,20,20'; $colortexttitlelink = '0,0,120'; $colortext = '0,0,0';