From 2bca97af2f519db3b9cdd048a151a1728d5f52d4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 18 Feb 2023 13:13:05 +0100 Subject: [PATCH 1/3] Fix update of config setup page must not rely on javascript --- htdocs/admin/const.php | 30 +++++++++++++++++++++--------- htdocs/theme/eldy/global.inc.php | 2 +- 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/htdocs/admin/const.php b/htdocs/admin/const.php index e5625b0f975..895ce8c1b08 100644 --- a/htdocs/admin/const.php +++ b/htdocs/admin/const.php @@ -32,10 +32,6 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php'; // Load translation files required by the page $langs->load("admin"); -if (!$user->admin) { - accessforbidden(); -} - $rowid = GETPOST('rowid', 'int'); $entity = GETPOST('entity', 'int'); $action = GETPOST('action', 'aZ09'); @@ -44,7 +40,6 @@ $consts = GETPOST('const', 'array'); $constname = GETPOST('constname', 'alphanohtml'); $constvalue = GETPOST('constvalue', 'restricthtml'); // We should be able to send everything here $constnote = GETPOST('constnote', 'alpha'); - // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); @@ -63,12 +58,30 @@ if (empty($sortorder)) { $sortorder = 'ASC'; } +if ($action == 'add' && GETPOST('update')) { // Click on button update must be used in priority before param $action + $action = 'update'; +} +if ($action == 'add' && GETPOST('delete')) { // Click on button update must be used in priority before param $action + $action = 'delete'; +} +if ($action == 'update' && GETPOST('add')) { // Click on button add must be used in priority before param $action + $action = 'add'; +} +if ($action == 'delete' && GETPOST('add')) { // Click on button add must be used in priority before param $action + $action = 'add'; +} + +if (!$user->admin) { + accessforbidden(); +} + /* * Actions */ -if ($action == 'add' || (GETPOST('add') && $action != 'update')) { +// Add a new record +if ($action == 'add') { $error = 0; if (empty($constname)) { @@ -157,13 +170,12 @@ jQuery(document).ready(function() { jQuery("#delconst").hide(); jQuery(".checkboxfordelete").click(function() { jQuery("#delconst").show(); - jQuery("#action").val('delete'); }); jQuery(".inputforupdate").keyup(function() { // keypress does not support back var field_id = jQuery(this).attr("id"); var row_num = field_id.split("_"); jQuery("#updateconst").show(); - jQuery("#action").val('update'); + jQuery("#action").val('update'); // so default action if we type enter will be update, but correct action is also detected correctly without that when clicking on "Update" button. jQuery("#check_" + row_num[1]).prop("checked",true); }); }); @@ -180,7 +192,7 @@ $param = ''; print '
entity) && $debug) ? '?debug=1' : '').'" method="POST">'; print ''; -print ''; +print ''; print ''; print ''; diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index b006978d5fa..e7d94fe0d8c 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -7603,7 +7603,7 @@ div.clipboardCPValue.hidewithsize { } .dropdown dd ul { - max-width: 350px; + max-width: 370px; } } /* rule to reduce top menu - 2nd reduction: Reduce width of top menu icons again */ From a81510ccd65714bbf08d784c573568532c749fe7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 18 Feb 2023 14:15:39 +0100 Subject: [PATCH 2/3] Better exemple for RCP security string --- htdocs/admin/system/security.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index c23bdb3051f..d7f8884a38a 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -574,13 +574,13 @@ print '
'; print 'MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL = '.(empty($conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)' : $conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL)."
"; print '
'; -print 'MAIN_SECURITY_FORCECSP = '.(empty($conf->global->MAIN_SECURITY_FORCECSP) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_FORCECSP).'   ('.$langs->trans("Example").": \"frame-ancestors 'self'; default-src 'self'; img-src *;\")
"; +print 'MAIN_SECURITY_FORCECSP = '.(empty($conf->global->MAIN_SECURITY_FORCECSP) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_FORCECSP).'   ('.$langs->trans("Example").": \"frame-ancestors 'self'; default-src *; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';\")
"; print '
'; print 'MAIN_SECURITY_FORCERP = '.(empty($conf->global->MAIN_SECURITY_FORCERP) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_FORCERP).'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"same-origin\" so browser doesn't send any referrer when going into another web site domain)
"; print '
'; -print 'WEBSITE_MAIN_SECURITY_FORCECSP = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCECSP) ? ''.$langs->trans("Undefined").'' : $conf->global->WEBSITE_MAIN_SECURITY_FORCECSP).'   ('.$langs->trans("Example").": \"frame-ancestors 'self'; default-src 'self'; style-src https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src *;\")
"; +print 'WEBSITE_MAIN_SECURITY_FORCECSP = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCECSP) ? ''.$langs->trans("Undefined").'' : $conf->global->WEBSITE_MAIN_SECURITY_FORCECSP).'   ('.$langs->trans("Example").": \"frame-ancestors 'self'; default-src 'self' 'unsafe-inline'; style-src https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src *;\")
"; print '
'; print 'WEBSITE_MAIN_SECURITY_FORCERP = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCERP) ? ''.$langs->trans("Undefined").'' : $conf->global->WEBSITE_MAIN_SECURITY_FORCERP).'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"strict-origin-when-cross-origin\")
"; From b35d768d053f6bbee62845b13abd7ffcddb53a46 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 18 Feb 2023 20:47:19 +0100 Subject: [PATCH 3/3] Debug v17 --- htdocs/core/class/commonobject.class.php | 8 ++++---- htdocs/core/lib/images.lib.php | 8 ++++++-- htdocs/theme/md/style.css.php | 2 +- htdocs/theme/md/theme_vars.inc.php | 1 + 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 0ac16532246..e4e767b3cee 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -8711,9 +8711,9 @@ abstract class CommonObject if ($usesharelink) { if ($val['share']) { - if (empty($maxHeight) || $photo_vignette && $imgarray['height'] > $maxHeight) { + if (empty($maxHeight) || ($photo_vignette && $imgarray['height'] > $maxHeight)) { $return .= ''; - $return .= ''; + $return .= ''; } else { $return .= ''; $return .= ''; @@ -8723,9 +8723,9 @@ abstract class CommonObject $return .= ''; } } else { - if (empty($maxHeight) || $photo_vignette && $imgarray['height'] > $maxHeight) { + if (empty($maxHeight) || ($photo_vignette && $imgarray['height'] > $maxHeight)) { $return .= ''; - $return .= ''; + $return .= ''; } else { $return .= ''; $return .= ''; diff --git a/htdocs/core/lib/images.lib.php b/htdocs/core/lib/images.lib.php index 37cc70760eb..9ca4684ef51 100644 --- a/htdocs/core/lib/images.lib.php +++ b/htdocs/core/lib/images.lib.php @@ -130,8 +130,12 @@ function dol_getImageSize($file, $url = false) if ($filetoread) { $infoImg = getimagesize($filetoread); // Recuperation des infos de l'image - $ret['width'] = $infoImg[0]; // Largeur de l'image - $ret['height'] = $infoImg[1]; // Hauteur de l'image + if ($infoImg) { + $ret['width'] = $infoImg[0]; // Largeur de l'image + $ret['height'] = $infoImg[1]; // Hauteur de l'image + } else { + $ret['width'] = $ret['height'] = ''; + } } return $ret; diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index 945befdae08..6179c64db8c 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -4900,7 +4900,7 @@ div.titre { color: var(--colortexttitlenotab); } .tertiary { - color: var(--colortexttitlenotab); + color: var(--colortexttitlenotab2); } table.centpercent.notopnoleftnoright.table-fiche-title { diff --git a/htdocs/theme/md/theme_vars.inc.php b/htdocs/theme/md/theme_vars.inc.php index 84a1065f781..be799259b32 100644 --- a/htdocs/theme/md/theme_vars.inc.php +++ b/htdocs/theme/md/theme_vars.inc.php @@ -60,6 +60,7 @@ $colorbacklinepairchecked = '230,237,244'; // line checked $colorbacklinebreak = '250,246,251'; $colorbackbody = '248,248,248'; $colortexttitlenotab = '80,71,5'; +$colortexttitlenotab2 = '100,0,100'; $colortexttitle = '20,20,20'; $colortexttitlelink = '0,0,120'; $colortext = '0,0,0';