On technical error, return http code 500
This commit is contained in:
Laurent Destailleur
parent
d9e7cacc84
commit
0d797a793a
@ -837,8 +837,7 @@ if ($resql)
|
||||
print '</div>';
|
||||
print '<div class="nowrap">';
|
||||
print $langs->trans('to').' ';*/
|
||||
print $langs->trans("Before").' ';
|
||||
print $form->selectDate($search_datelimit_end ? $search_datelimit_end : -1, 'search_datelimit_end', 0, 0, 1);
|
||||
print $form->selectDate($search_datelimit_end ? $search_datelimit_end : -1, 'search_datelimit_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans("Before"));
|
||||
print '<br><input type="checkbox" name="search_option" value="late"'.($option == 'late' ? ' checked' : '').'> '.$langs->trans("Alert");
|
||||
print '</div>';
|
||||
print '</td>';
|
||||
|
||||
@ -3896,20 +3896,21 @@ function dol_print_error($db = '', $error = '', $errors = null)
|
||||
$out = '';
|
||||
$syslog = '';
|
||||
|
||||
// Si erreur intervenue avant chargement langue
|
||||
// If error occurs before the $lang object was loaded
|
||||
if (!$langs)
|
||||
{
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/class/translate.class.php';
|
||||
$langs = new Translate('', $conf);
|
||||
$langs->load("main");
|
||||
}
|
||||
// Load translation files required by the page
|
||||
|
||||
// Load translation files required by the error messages
|
||||
$langs->loadLangs(array('main', 'errors'));
|
||||
|
||||
if ($_SERVER['DOCUMENT_ROOT']) // Mode web
|
||||
{
|
||||
$out .= $langs->trans("DolibarrHasDetectedError").".<br>\n";
|
||||
if (!empty($conf->global->MAIN_FEATURES_LEVEL)) $out .= "You use an experimental or develop level of features, so please do NOT report any bugs, except if problem is confirmed moving option MAIN_FEATURES_LEVEL back to 0.<br>\n";
|
||||
if (!empty($conf->global->MAIN_FEATURES_LEVEL)) $out .= "You use an experimental or develop level of features, so please do NOT report any bugs or vulnerability, except if problem is confirmed after moving option MAIN_FEATURES_LEVEL back to 0.<br>\n";
|
||||
$out .= $langs->trans("InformationToHelpDiagnose").":<br>\n";
|
||||
|
||||
$out .= "<b>".$langs->trans("Date").":</b> ".dol_print_date(time(), 'dayhourlog')."<br>\n";
|
||||
@ -3919,7 +3920,7 @@ function dol_print_error($db = '', $error = '', $errors = null)
|
||||
{
|
||||
$out .= "<b>".$langs->trans("PHP").":</b> ".phpversion()."<br>\n";
|
||||
}
|
||||
$out .= "<b>".$langs->trans("Server").":</b> ".$_SERVER["SERVER_SOFTWARE"]."<br>\n";
|
||||
$out .= "<b>".$langs->trans("Server").":</b> ".dol_htmlentities($_SERVER["SERVER_SOFTWARE"])."<br>\n";
|
||||
if (function_exists("php_uname"))
|
||||
{
|
||||
$out .= "<b>".$langs->trans("OS").":</b> ".php_uname()."<br>\n";
|
||||
@ -3927,8 +3928,8 @@ function dol_print_error($db = '', $error = '', $errors = null)
|
||||
$out .= "<b>".$langs->trans("UserAgent").":</b> ".dol_htmlentities($_SERVER["HTTP_USER_AGENT"], ENT_COMPAT, 'UTF-8')."<br>\n";
|
||||
$out .= "<br>\n";
|
||||
$out .= "<b>".$langs->trans("RequestedUrl").":</b> ".dol_htmlentities($_SERVER["REQUEST_URI"], ENT_COMPAT, 'UTF-8')."<br>\n";
|
||||
$out .= "<b>".$langs->trans("Referer").":</b> ".(isset($_SERVER["HTTP_REFERER"]) ?dol_htmlentities($_SERVER["HTTP_REFERER"], ENT_COMPAT, 'UTF-8') : '')."<br>\n";
|
||||
$out .= "<b>".$langs->trans("MenuManager").":</b> ".(isset($conf->standard_menu) ? $conf->standard_menu : '')."<br>\n";
|
||||
$out .= "<b>".$langs->trans("Referer").":</b> ".(isset($_SERVER["HTTP_REFERER"]) ? dol_htmlentities($_SERVER["HTTP_REFERER"], ENT_COMPAT, 'UTF-8') : '')."<br>\n";
|
||||
$out .= "<b>".$langs->trans("MenuManager").":</b> ".(isset($conf->standard_menu) ? dol_htmlentities($conf->standard_menu) : '')."<br>\n";
|
||||
$out .= "<br>\n";
|
||||
$syslog .= "url=".dol_escape_htmltag($_SERVER["REQUEST_URI"]);
|
||||
$syslog .= ", query_string=".dol_escape_htmltag($_SERVER["QUERY_STRING"]);
|
||||
@ -3948,9 +3949,9 @@ function dol_print_error($db = '', $error = '', $errors = null)
|
||||
if ($_SERVER['DOCUMENT_ROOT']) // Mode web
|
||||
{
|
||||
$out .= "<b>".$langs->trans("DatabaseTypeManager").":</b> ".$db->type."<br>\n";
|
||||
$out .= "<b>".$langs->trans("RequestLastAccessInError").":</b> ".($db->lastqueryerror() ?dol_escape_htmltag($db->lastqueryerror()) : $langs->trans("ErrorNoRequestInError"))."<br>\n";
|
||||
$out .= "<b>".$langs->trans("ReturnCodeLastAccessInError").":</b> ".($db->lasterrno() ?dol_escape_htmltag($db->lasterrno()) : $langs->trans("ErrorNoRequestInError"))."<br>\n";
|
||||
$out .= "<b>".$langs->trans("InformationLastAccessInError").":</b> ".($db->lasterror() ?dol_escape_htmltag($db->lasterror()) : $langs->trans("ErrorNoRequestInError"))."<br>\n";
|
||||
$out .= "<b>".$langs->trans("RequestLastAccessInError").":</b> ".($db->lastqueryerror() ? dol_escape_htmltag($db->lastqueryerror()) : $langs->trans("ErrorNoRequestInError"))."<br>\n";
|
||||
$out .= "<b>".$langs->trans("ReturnCodeLastAccessInError").":</b> ".($db->lasterrno() ? dol_escape_htmltag($db->lasterrno()) : $langs->trans("ErrorNoRequestInError"))."<br>\n";
|
||||
$out .= "<b>".$langs->trans("InformationLastAccessInError").":</b> ".($db->lasterror() ? dol_escape_htmltag($db->lasterror()) : $langs->trans("ErrorNoRequestInError"))."<br>\n";
|
||||
$out .= "<br>\n";
|
||||
} else // Mode CLI
|
||||
{
|
||||
@ -3997,8 +3998,14 @@ function dol_print_error($db = '', $error = '', $errors = null)
|
||||
$out .= "<br>\n";
|
||||
}
|
||||
|
||||
if (empty($dolibarr_main_prod)) print $out;
|
||||
else {
|
||||
// Return a http error code if possible
|
||||
if (! headers_sent()) {
|
||||
http_response_code(500);
|
||||
}
|
||||
|
||||
if (empty($dolibarr_main_prod)) {
|
||||
print $out;
|
||||
} else {
|
||||
// This should not happen, except if there is a bug somewhere. Enabled and check log in such case.
|
||||
print 'This website or feature is currently temporarly not available or failed after a technical error.<br><br>This may be due to a maintenance operation. Current status of operation are on next line...<br><br>'."\n";
|
||||
$langs->load("errors");
|
||||
@ -4006,7 +4013,7 @@ function dol_print_error($db = '', $error = '', $errors = null)
|
||||
print $langs->trans("YouCanSetOptionDolibarrMainProdToZero");
|
||||
define("MAIN_CORE_ERROR", 1);
|
||||
}
|
||||
//else print 'Sorry, an error occured but the parameter $dolibarr_main_prod is defined in conf file so no message is reported to your browser. Please read the log file for error message.';
|
||||
|
||||
dol_syslog("Error ".$syslog, LOG_ERR);
|
||||
}
|
||||
|
||||
|
||||
@ -318,6 +318,7 @@ if (is_array($extrafields->attributes[$object->table_element]['label']) && count
|
||||
if (!$search_all) $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf ON pf.fk_facturefourn = f.rowid';
|
||||
if ($search_all || $search_product_category > 0) $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'facture_fourn_det as pd ON f.rowid=pd.fk_facture_fourn';
|
||||
if ($search_product_category > 0) $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_product as cp ON cp.fk_product=pd.fk_product';
|
||||
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'user AS u ON f.fk_user_author = u.rowid';
|
||||
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."projet as p ON p.rowid = f.fk_projet";
|
||||
// We'll need this table joined to the select in order to filter by sale
|
||||
if ($search_sale > 0 || (!$user->rights->societe->client->voir && !$socid)) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
@ -326,7 +327,6 @@ if ($search_user > 0)
|
||||
$sql .= ", ".MAIN_DB_PREFIX."element_contact as ec";
|
||||
$sql .= ", ".MAIN_DB_PREFIX."c_type_contact as tc";
|
||||
}
|
||||
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'user AS u ON f.fk_user_author = u.rowid';
|
||||
$sql .= ' WHERE f.fk_soc = s.rowid';
|
||||
$sql .= ' AND f.entity IN ('.getEntity('facture_fourn').')';
|
||||
if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
|
||||
@ -365,8 +365,8 @@ if (!defined('NOTOKENRENEWAL'))
|
||||
if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN))
|
||||
|| defined('CSRFCHECK_WITH_TOKEN')) // Check validity of token, only if option MAIN_SECURITY_CSRF_WITH_TOKEN enabled or if constant CSRFCHECK_WITH_TOKEN is set
|
||||
{
|
||||
// Check all cases that need a token (all POST and some GET)
|
||||
if ($_SERVER['REQUEST_METHOD'] == 'POST' || (GETPOSTISSET('action') && defined('CSRFCHECK_WITH_TOKEN')) || in_array(GETPOST('action', 'aZ09'), array('add', 'update', 'install')))
|
||||
// Check all cases that need a token (all POST actions, all actions and mass actions on pages with CSRFCHECK_WITH_TOKEN set, all sensitive GET actions)
|
||||
if ($_SERVER['REQUEST_METHOD'] == 'POST' || ((GETPOSTISSET('action') || GETPOSTISSET('massaction')) && defined('CSRFCHECK_WITH_TOKEN')) || in_array(GETPOST('action', 'aZ09'), array('add', 'update', 'install', 'delete')))
|
||||
{
|
||||
if (!GETPOSTISSET('token')) {
|
||||
dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." refused by CSRFCHECK_WITH_TOKEN protection. Token not provided.");
|
||||
@ -384,10 +384,12 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->gl
|
||||
//if ($conf->global->MAIN_FEATURES_LEVEL >= 1) setEventMessages('Unset POST and GET params by CSRF protection in main.inc.php (Token provided was not generated by the previous page).'."<br>\n".'$_SERVER[REQUEST_URI] = '.$_SERVER['REQUEST_URI'].' $_SERVER[REQUEST_METHOD] = '.$_SERVER['REQUEST_METHOD'].' GETPOST(token) = '.GETPOST('token', 'alpha').' $_SESSION[token] = '.$_SESSION['token'], null, 'warnings');
|
||||
$savid = ((int) $_POST['id']);
|
||||
unset($_POST);
|
||||
//unset($_POST['action']);
|
||||
//unset($_POST['confirm']);
|
||||
//unset($_POST['action']); unset($_POST['massaction']);
|
||||
//unset($_POST['confirm']); unset($_POST['confirmmassaction']);
|
||||
unset($_GET['confirm']);
|
||||
unset($_GET['action']);
|
||||
unset($_GET['confirmmassaction']);
|
||||
unset($_GET['massaction']);
|
||||
$_POST['id'] = ((int) $savid);
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user