From 619e0d3792920887e42d2d748cd9310537df9a02 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 24 Feb 2018 14:01:52 +0100 Subject: [PATCH 1/3] FIX Bad var for substitution of free text --- .../modules/contract/doc/doc_generic_contract_odt.modules.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/contract/doc/doc_generic_contract_odt.modules.php b/htdocs/core/modules/contract/doc/doc_generic_contract_odt.modules.php index 62eade74dfa..7e308964e29 100644 --- a/htdocs/core/modules/contract/doc/doc_generic_contract_odt.modules.php +++ b/htdocs/core/modules/contract/doc/doc_generic_contract_odt.modules.php @@ -324,7 +324,7 @@ class doc_generic_contract_odt extends ModelePDFContract // Line of free text $newfreetext=''; - $paramfreetext='contract_FREE_TEXT'; + $paramfreetext='CONTRACT_FREE_TEXT'; if (! empty($conf->global->$paramfreetext)) { $newfreetext=make_substitutions($conf->global->$paramfreetext,$substitutionarray); From a5b1f114c2a88a3438a3ec3fb35697686f528ca2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 24 Feb 2018 14:02:27 +0100 Subject: [PATCH 2/3] FIX Generic substitution of constant disabled for sensitive constant --- htdocs/core/lib/functions.lib.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 0f10c40fddf..715095f96ae 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -5685,7 +5685,8 @@ function make_substitutions($text, $substitutionarray, $outputlangs=null) if (dol_textishtml($text,1)) $msgishtml = 1; $keyfound = $reg[1]; - $newval=empty($conf->global->$keyfound)?'':$conf->global->$keyfound; + if (preg_match('/(_pass|password|secret|_key|key$)/i', $keyfound)) $newval = '*****forbidden*****'; + else $newval=empty($conf->global->$keyfound)?'':$conf->global->$keyfound; $text = preg_replace('/__\['.preg_quote($keyfound, '/').'\]__/', $msgishtml?dol_htmlentitiesbr($newval):$newval, $text); } From 2d252e85e6a1728f2edb456df781c9fab277acf4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 25 Feb 2018 12:13:34 +0100 Subject: [PATCH 3/3] FIX Import process must stop after ending line nb to import --- htdocs/imports/import.php | 107 +++++++++++++++++++------------------- 1 file changed, 54 insertions(+), 53 deletions(-) diff --git a/htdocs/imports/import.php b/htdocs/imports/import.php index 82ecad62417..abf3ec45c7c 100644 --- a/htdocs/imports/import.php +++ b/htdocs/imports/import.php @@ -225,7 +225,7 @@ if ($step == 3 && $datatoimport) $param='&datatoimport='.$datatoimport.'&format='.$format; if ($excludefirstline) $param.='&excludefirstline='.$excludefirstline; if ($endatlinenb) $param.='&endatlinenb='.$endatlinenb; - + $file = $conf->import->dir_temp . '/' . GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). $ret=dol_delete_file($file); if ($ret) setEventMessages($langs->trans("FileWasRemoved", GETPOST('urlfile')), null, 'mesgs'); @@ -429,9 +429,9 @@ if ($step == 2 && $datatoimport) print ''; print '
'; - + dol_fiche_end(); - + print '
'; print ''; @@ -450,7 +450,7 @@ if ($step == 2 && $datatoimport) $liste=$objmodelimport->liste_modeles($db); foreach($liste as $key) { - + print ''; print ''.img_picto_common($key,$objmodelimport->getPictoForKey($key)).''; $text=$objmodelimport->getDriverDescForKey($key); @@ -495,7 +495,7 @@ if ($step == 3 && $datatoimport) print '
'; print '
'; - + print ''; // Module @@ -516,11 +516,11 @@ if ($step == 3 && $datatoimport) print '
'; print '
'; - + print '
'; - + print ''.$langs->trans("InformationOnSourceFile").''; - + print '
'; print '
'; print ''; @@ -537,15 +537,15 @@ if ($step == 3 && $datatoimport) print '
'; print '
'; - + dol_fiche_end(); print '
'; - + print ''; print ''; print ''; - + print ''; print ''; print ''; @@ -553,7 +553,7 @@ if ($step == 3 && $datatoimport) print ''; print ''; print ''; - + print ''; $filetoimport=''; @@ -613,7 +613,7 @@ if ($step == 3 && $datatoimport) $modulepart='import'; $urlsource=$_SERVER["PHP_SELF"].'?step='.$step.$param.'&filetoimport='.urlencode($filetoimport); $relativepath=$file; - + print ''; print ''; print '
'.img_mime($file).''; @@ -665,9 +665,9 @@ if ($step == 4 && $datatoimport) header("Location: ".$_SERVER["PHP_SELF"].'?step=3'.$param.'&filetoimport='.urlencode($relativepath)); exit; } - + } - + if (GETPOST('update')) { $array_match_file_to_database=array(); } @@ -772,9 +772,9 @@ if ($step == 4 && $datatoimport) print '
'; print ''; - + print '
'; - + print ''.$langs->trans("InformationOnSourceFile").''; print '
'; print '
'; @@ -820,9 +820,9 @@ if ($step == 4 && $datatoimport) print ''; print '
'; - + dol_fiche_end(); - + print '
'."\n"; @@ -873,7 +873,7 @@ if ($step == 4 && $datatoimport) $lefti=1; foreach ($array_match_file_to_database as $key => $val) { - + show_elem($fieldssource,$key,$val,$var); // key is field number in source file //print '> '.$lefti.'-'.$key.'-'.$val; $listofkeys[$key]=1; @@ -890,7 +890,7 @@ if ($step == 4 && $datatoimport) $num=count($fieldssource); while ($lefti <= $num) { - + $newkey=getnewkey($fieldssource,$listofkeys); show_elem($fieldssource,$newkey,'',$var); // key start after field number in source file //print '> '.$lefti.'-'.$newkey; @@ -913,7 +913,7 @@ if ($step == 4 && $datatoimport) print ''; foreach($fieldstarget as $code=>$label) { - + print ''; $i++; @@ -1148,7 +1148,7 @@ if ($step == 4 && $datatoimport) $var=false; while ($i < $num) { - + $obj = $db->fetch_object($resql); print '
'; print $obj->label; @@ -1213,16 +1213,16 @@ if ($step == 5 && $datatoimport) if ($excludefirstline) $param.='&excludefirstline='.$excludefirstline; if ($endatlinenb) $param.='&endatlinenb='.$endatlinenb; if (!empty($updatekeys)) $param.='&updatekeys[]='.implode('&updatekeys[]=', $updatekeys); - + llxHeader('',$langs->trans("NewImport"),'EN:Module_Imports_En|FR:Module_Imports|ES:Módulo_Importaciones'); $head = import_prepare_head($param,5); - + print ''; print ''; // step 5 print ''; // step 5 - + dol_fiche_head($head, 'step5', $langs->trans("NewImport"), -1); print '
'; @@ -1248,9 +1248,9 @@ if ($step == 5 && $datatoimport) print '
'; print ''; - + print '
'; - + print ''.$langs->trans("InformationOnSourceFile").''; print '
'; print '
'; @@ -1274,7 +1274,7 @@ if ($step == 5 && $datatoimport) print htmlentities($enclosure); print ''; } - + // File to import print ''.$langs->trans("FileToImport").''; print ''; @@ -1351,16 +1351,16 @@ if ($step == 5 && $datatoimport) print_r($objimport->array_import_updatekeys); echo '';*/ print ''; - + print ''; print '
'; - + print '
'; print ''.$langs->trans("InformationOnTargetTables").''; print '
'; print '
'; - + print ''; //print ''; @@ -1426,7 +1426,7 @@ if ($step == 5 && $datatoimport) print '
'.$langs->trans("InformationOnTargetTables").'
'; print '
'; - + dol_fiche_end(); @@ -1475,10 +1475,11 @@ if ($step == 5 && $datatoimport) $sourcelinenb=0; $endoffile=0; // Loop on each input file record - while ($sourcelinenb < $nboflines && ! $endoffile) + while (($sourcelinenb < $nboflines) && ! $endoffile) { $sourcelinenb++; // Read line and stor it into $arrayrecord + //dol_syslog("line ".$sourcelinenb.' - '.$nboflines.' - '.$excludefirstline.' - '.$endatlinenb); $arrayrecord=$obj->import_read_record(); if ($arrayrecord === false) { @@ -1487,11 +1488,11 @@ if ($step == 5 && $datatoimport) continue; } if ($excludefirstline && ($sourcelinenb < $excludefirstline)) continue; - if ($endatlinenb && ($sourcelinenb > $endatlinenb)) continue; - + if ($endatlinenb && ($sourcelinenb > $endatlinenb)) break; + // Run import $result=$obj->import_insert($arrayrecord,$array_match_file_to_database,$objimport,count($fieldssource),$importid,$updatekeys); - + if (count($obj->errors)) $arrayoferrors[$sourcelinenb]=$obj->errors; if (count($obj->warnings)) $arrayofwarnings[$sourcelinenb]=$obj->warnings; if (! count($obj->errors) && ! count($obj->warnings)) $nbok++; @@ -1505,7 +1506,7 @@ if ($step == 5 && $datatoimport) } $error=0; - + // Run the sql after import if defined //var_dump($objimport->array_import_run_sql_after[0]); if (! empty($objimport->array_import_run_sql_after[0]) && is_array($objimport->array_import_run_sql_after[0])) @@ -1515,14 +1516,14 @@ if ($step == 5 && $datatoimport) { $i++; $resqlafterimport=$db->query($sqlafterimport); - if (! $resqlafterimport) + if (! $resqlafterimport) { $arrayoferrors['none'][]=array('lib'=>$langs->trans("Error running final request: ".$sqlafterimport)); $error++; } } } - + $db->rollback(); // We force rollback because this was just a simulation. // Show OK @@ -1613,7 +1614,7 @@ if ($step == 5 && $datatoimport) print ''.$langs->trans("RunImportFile").''; } print ''; - + } print '
'; @@ -1690,9 +1691,9 @@ if ($step == 6 && $datatoimport) print ''; print ''; - + print '
'; - + print ''.$langs->trans("InformationOnSourceFile").'
'; print ''; //print ''; @@ -1714,7 +1715,7 @@ if ($step == 6 && $datatoimport) print htmlentities($enclosure); print ''; } - + // File to import print ''; print ''; - + print '
'.$langs->trans("InformationOnSourceFile").'
'.$langs->trans("FileToImport").''; @@ -1745,7 +1746,7 @@ if ($step == 6 && $datatoimport) print ''; print ''; print '
'; print '
'; @@ -1848,11 +1849,11 @@ if ($step == 6 && $datatoimport) continue; } if ($excludefirstline && ($sourcelinenb < $excludefirstline)) continue; - if ($endatlinenb && ($sourcelinenb > $endatlinenb)) continue; + if ($endatlinenb && ($sourcelinenb > $endatlinenb)) break; // Run import $result=$obj->import_insert($arrayrecord,$array_match_file_to_database,$objimport,count($fieldssource),$importid,$updatekeys); - + if (count($obj->errors)) $arrayoferrors[$sourcelinenb]=$obj->errors; if (count($obj->warnings)) $arrayofwarnings[$sourcelinenb]=$obj->warnings; if (! count($obj->errors) && ! count($obj->warnings)) $nbok++; @@ -1866,10 +1867,10 @@ if ($step == 6 && $datatoimport) } if (count($arrayoferrors) > 0) $db->rollback(); // We force rollback because this was errors. - else + else { $error=0; - + // Run the sql after import if defined //var_dump($objimport->array_import_run_sql_after[0]); if (! empty($objimport->array_import_run_sql_after[0]) && is_array($objimport->array_import_run_sql_after[0])) @@ -1879,18 +1880,18 @@ if ($step == 6 && $datatoimport) { $i++; $resqlafterimport=$db->query($sqlafterimport); - if (! $resqlafterimport) + if (! $resqlafterimport) { $arrayoferrors['none'][]=array('lib'=>$langs->trans("Error running final request: ".$sqlafterimport)); $error++; } } } - + if (! $error) $db->commit(); // We can commit if no errors. else $db->rollback(); } - + dol_fiche_end(); @@ -1930,7 +1931,7 @@ function show_elem($fieldssource,$pos,$key,$var,$nostyle='') global $langs,$bc; $height='24'; - + print "\n\n\n"; print '
'."\n";