lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Security: Remove, from memory, database password just after creating database connexion (the only place we need it).

Browse Source
This commit is contained in:
Laurent Destailleur 2008-08-29 19:01:20 +00:00
parent 6e5eb9ccdc
commit 04e84bd09e
9 changed files with 35 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/admin/system/index.php
View File

@ -89,10 +89,10 @@ print "<tr $bc[0]><td width=\"280\">".$langs->trans("Version")."</td><td>" . $db
print "<tr $bc[1]><td>".$langs->trans("DatabaseServer")."</td><td>" . $conf->db->host . "</td></tr>\n";
print "<tr $bc[0]><td>".$langs->trans("DatabaseName")."</td><td>" . $conf->db->name . "</td></tr>\n";
print "<tr $bc[1]><td>".$langs->trans("DriverType")."</td><td>" . $conf->db->type . "</td></tr>\n";
print "<tr $bc[0]><td>".$langs->trans("User")."</td><td>" . $conf->db->user . "&nbsp;</td></tr>\n";
print "<tr $bc[1]><td>".$langs->trans("Password")."</td><td>" . ereg_replace(".","*",$conf->db->pass) . "&nbsp;</td></tr>\n";
print "<tr $bc[0]><td>".$langs->trans("DBStoringCharset")."</td><td>" . $db->getDefaultCharacterSetDatabase() . "&nbsp;</td></tr>\n";
print "<tr $bc[1]><td>".$langs->trans("DBSortingCharset")."</td><td>" . $db->getDefaultCollationDatabase() . "&nbsp;</td></tr>\n";
print "<tr $bc[0]><td>".$langs->trans("User")."</td><td>" . $conf->db->user . "</td></tr>\n";
print "<tr $bc[1]><td>".$langs->trans("Password")."</td><td>" . $langs->trans("NotAvailable") . "</td></tr>\n";
print "<tr $bc[0]><td>".$langs->trans("DBStoringCharset")."</td><td>" . $db->getDefaultCharacterSetDatabase() . "</td></tr>\n";
print "<tr $bc[1]><td>".$langs->trans("DBSortingCharset")."</td><td>" . $db->getDefaultCollationDatabase() . "</td></tr>\n";
print '</table>';
print '<br>';

18
htdocs/fourn/product/liste.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2007 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
@ -16,16 +16,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/fourn/product/liste.php
\ingroup produit
\brief Page liste des produits ou services
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@ -75,6 +72,12 @@ if (isset($_REQUEST['catid']))
$title=$langs->trans("ProductsAndServices");
if ($fourn_id)
{
$supplier = new Fournisseur($db);
$supplier->fetch($fourn_id);
}
$sql = "SELECT p.rowid, p.label, p.ref, p.fk_product_type";
$sql .= ", pf.fk_soc, pf.ref_fourn";
$sql .= ", min(ppf.price) as price";
@ -143,9 +146,12 @@ if ($resql)
exit;
}
$texte = $langs->trans("List");
if (! empty($supplier->id)) $texte = $langs->trans("ListOfSupplierProductForSupplier",$supplier->nom);
else $texte = $langs->trans("List");
llxHeader("","",$texte);
$param="&envente=$envente&sref=$sref&snom=$snom&fourn_id=$fourn_id".(isset($type)?"&amp;type=$type":"");
print_barre_liste($texte, $page, "liste.php", $param, $sortfield, $sortorder,'',$num);

4
htdocs/install/etape1.php
View File

@ -285,7 +285,7 @@ if ($_POST["action"] == "set")
{
dolibarr_install_syslog("etape1: Creation de l'utilisateur: ".$dolibarr_main_db_user);
//print $conf->db->host." , ".$conf->db->name." , ".$conf->db->user." , ".$conf->db->pass." , ".$conf->db->port;
//print $conf->db->host." , ".$conf->db->name." , ".$conf->db->user." , ".$conf->db->port;
$databasefortest=$conf->db->name;
if ($conf->db->type == 'mysql' || $conf->db->type == 'mysqli')
{
@ -502,7 +502,7 @@ if ($_POST["action"] == "set")
print "</td></tr>";
// Affiche aide diagnostique
print '<tr><td colspan="2"><br>Le serveur "<b>'.$conf->db->host.'</b>", nom de base "<b>'.$conf->db->name.'</b>", login "<b>'.$conf->db->user.'</b>", ou mot de passe <b>"'.$conf->db->pass.'</b>" de la base de donnée est peut-être incorrect ou la version du client PHP trop ancienne par rapport à la version de la base de donnée.<br>';
print '<tr><td colspan="2"><br>Le serveur "<b>'.$conf->db->host.'</b>", nom de base "<b>'.$conf->db->name.'</b>", login "<b>'.$conf->db->user.'</b>", ou mot de passe de la base de donnée est peut-être incorrect ou la version du client PHP trop ancienne par rapport à la version de la base de donnée.<br>';
print 'Si le login n\'existe pas encore, vous devez cocher l\'option "Créer l\'utilisateur".<br>';
print $langs->trans("ErrorGoBackAndCorrectParameters").'<br><br>';
print '</td></tr>';

3
htdocs/langs/en_US/suppliers.lang
View File

@ -30,4 +30,5 @@ ConfirmCancelThisOrder=Are you sure you want to cancel this order ?
AddCustomerOrder=Create customer order
AddCustomerInvoice=Create customer invoice
AddSupplierOrder=Create supplier order
AddSupplierInvoice=Create supplier invoice
AddSupplierInvoice=Create supplier invoice
ListOfSupplierProductForSupplier=List of products and prices for supplier <b>%s</b>

3
htdocs/langs/fr_FR/suppliers.lang
View File

@ -30,4 +30,5 @@ ConfirmCancelThisOrder=Etes-vous s
AddCustomerOrder=Créer commande client
AddCustomerInvoice=Créer facture/avoir client
AddSupplierOrder=Créer commande fournisseur
AddSupplierInvoice=Créer facture fournisseur
AddSupplierInvoice=Créer facture fournisseur
ListOfSupplierProductForSupplier=Liste des produits et prix du fournisseurs <b>%s</b>

3
htdocs/master.inc.php
View File

@ -181,6 +181,9 @@ if (! defined('NOREQUIREDB'))
exit;
}
}
// Now database connexion is known we can forget password
$dolibarr_main_db_pass='';
$conf->db->pass='';
/*
* Creation objet $user

33
htdocs/public/bplc/bplc.php
View File

@ -14,36 +14,19 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/*
* Gestion du retour du syst<EFBFBD>me de Cyberpaiement
* Cette page est appell<EFBFBD>e par le serveur de la BPLC lors de l'utilisation
* su syst<EFBFBD>me RSTS
*
/**
* \brief Gestion du retour du systeme de Cyberpaiement
* Cette page est appellee par le serveur de la BPLC lors de l'utilisation
* au systeme RSTS
* \version $Id$
*/
require("../../conf/conf.class.php");
require("./retourbplc.class.php");
require("../../don.class.php");
require("../../main.inc.php");
require_once(DOL_DOCUMENT_ROOT."/public/bplc/retourbplc.class.php");
require_once(DOL_DOCUMENT_ROOT."/don.class.php");
$conf = new Conf();
$conf->db->type = $dolibarr_main_db_type;
$conf->db->port = $dolibarr_main_db_port;
$conf->db->host = $dolibarr_main_db_host;
$conf->db->name = $dolibarr_main_db_name;
$conf->db->user = $dolibarr_main_db_user;
$conf->db->pass = $dolibarr_main_db_pass;
// Si type non d<>fini (pour compatibilit<69> avec ancienne install), on
// travail avec mysql
if (! $conf->db->type) { $conf->db->type = 'mysql'; }
require_once(DOL_DOCUMENT_ROOT ."/lib/".$dolibarr_main_db_type.".lib.php");
$db = new DoliDb($conf->db->type,$conf->db->host,$conf->db->user,$conf->db->pass,$conf->db->name,$conf->db->port);
$retbplc = new Retourbplc($db);

7
scripts/adherents/sync_member_dolibarr2ldap.php
View File

@ -1,6 +1,6 @@
<?PHP
/* Copyright (C) 2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2006 Laurent Destailleur <eldy@users.sourceforge.net>
/* Copyright (C) 2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2006-2008 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -15,8 +15,6 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
@ -65,7 +63,6 @@ print "type=".$conf->db->type."\n";
print "host=".$conf->db->host."\n";
print "port=".$conf->db->port."\n";
print "login=".$conf->db->user."\n";
print "pass=".eregi_replace('.','*',$conf->db->pass)."\n";
print "database=".$conf->db->name."\n";
print "\n";
print "----- To LDAP database:\n";

1
scripts/adherents/sync_member_ldap2dolibarr.php
View File

@ -76,7 +76,6 @@ print "type=".$conf->db->type."\n";
print "host=".$conf->db->host."\n";
print "port=".$conf->db->port."\n";
print "login=".$conf->db->user."\n";
print "pass=".eregi_replace('.','*',$conf->db->pass)."\n";
print "database=".$conf->db->name."\n";
print "\n";
print "Press a key to confirm...\n";