From a55ab27c67c8f1b2bdedccbbbb5b3f0ae48f92f5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 14 Jul 2022 14:59:28 +0200 Subject: [PATCH 1/9] Fix http header --- htdocs/install/inc.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/htdocs/install/inc.php b/htdocs/install/inc.php index 6ca9a99cdcf..a20c3489866 100644 --- a/htdocs/install/inc.php +++ b/htdocs/install/inc.php @@ -195,6 +195,10 @@ if (preg_match('/install\.lock/i', $_SERVER["SCRIPT_FILENAME"])) { $langs->setDefaultLang('auto'); } $langs->load("install"); + + header("X-Content-Type-Options: nosniff"); + header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks) + print $langs->trans("YouTryInstallDisabledByDirLock"); if (!empty($dolibarr_main_url_root)) { print 'Click on following link, '; @@ -216,6 +220,10 @@ if (@file_exists($lockfile)) { $langs->setDefaultLang('auto'); } $langs->load("install"); + + header("X-Content-Type-Options: nosniff"); + header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks) + print $langs->trans("YouTryInstallDisabledByFileLock"); if (!empty($dolibarr_main_url_root)) { print $langs->trans("ClickOnLinkOrRemoveManualy").'
'; From af90eb0d020f16cf724b37e2e0baf3d55b9cd1b5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 15 Jul 2022 13:41:36 +0200 Subject: [PATCH 2/9] Debug --- htdocs/modulebuilder/index.php | 6 +++++- htdocs/modulebuilder/template/langs/en_US/mymodule.lang | 1 + htdocs/partnership/partnership_card.php | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index fd84cb5e4dd..b0dc297f403 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -2735,8 +2735,10 @@ if ($module == 'initmodule') { if (empty($forceddirread) && empty($dirread)) { $result = dol_include_once($pathtoclass); + $stringofinclude = "dol_include_once(".$pathtoclass.")"; } else { $result = @include_once $dirread.'/'.$pathtoclass; + $stringofinclude = "@include_once ".$dirread.'/'.$pathtoclass; } if (class_exists($tabobj)) { try { @@ -2744,6 +2746,8 @@ if ($module == 'initmodule') { } catch (Exception $e) { dol_syslog('Failed to load Constructor of class: '.$e->getMessage(), LOG_WARNING); } + } else { + print ''.$langs->trans('Failed to find the class '.$tabobj.' despite the '.$stringofinclude).'
'; } if (!empty($tmpobjet)) { @@ -3078,7 +3082,7 @@ if ($module == 'initmodule') { print ''; } else { - print ''.$langs->trans('Failed to init the object with the new.').''; + print ''.$langs->trans('Failed to init the object with the new '.$tabobj.'($db)').''; } } catch (Exception $e) { print $e->getMessage(); diff --git a/htdocs/modulebuilder/template/langs/en_US/mymodule.lang b/htdocs/modulebuilder/template/langs/en_US/mymodule.lang index ca8aa250748..cc518391c33 100644 --- a/htdocs/modulebuilder/template/langs/en_US/mymodule.lang +++ b/htdocs/modulebuilder/template/langs/en_US/mymodule.lang @@ -44,6 +44,7 @@ MyModuleAboutPage = MyModule about page # # Sample page # +MyModuleArea = Home MyModule MyPageName = My page name # diff --git a/htdocs/partnership/partnership_card.php b/htdocs/partnership/partnership_card.php index 08164421f60..25f8b286fb5 100644 --- a/htdocs/partnership/partnership_card.php +++ b/htdocs/partnership/partnership_card.php @@ -83,8 +83,8 @@ $managedfor = getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR', 'thirdparty'); if (empty($conf->partnership->enabled)) accessforbidden(); if (empty($permissiontoread)) accessforbidden(); -if ($object->id > 0 && $object->fk_member > 0 && $managedfor != 'member') accessforbidden(); -if ($object->id > 0 && $object->fk_soc > 0 && $managedfor != 'thirdparty') accessforbidden(); +if ($object->id > 0 && !($object->fk_member > 0) && $managedfor == 'member') accessforbidden(); +if ($object->id > 0 && !($object->fk_soc > 0) && $managedfor == 'thirdparty') accessforbidden(); /* From 4140cc084a306ef3c2e1059dc9433181696571ef Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 15 Jul 2022 14:31:00 +0200 Subject: [PATCH 3/9] Debug --- htdocs/modulebuilder/index.php | 87 ++++++++++++++++++++++++---------- 1 file changed, 61 insertions(+), 26 deletions(-) diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index b0dc297f403..776ba579a13 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -2563,10 +2563,63 @@ if ($module == 'initmodule') { $pathtonote = strtolower($module).'/'.strtolower($tabobj).'_note.php'; $pathtocontact = strtolower($module).'/'.strtolower($tabobj).'_contact.php'; $pathtophpunit = strtolower($module).'/test/phpunit/'.strtolower($tabobj).'Test.php'; - $pathtosql = strtolower($module).'/sql/llx_'.strtolower($module).'_'.strtolower($tabobj).'.sql'; - $pathtosqlextra = strtolower($module).'/sql/llx_'.strtolower($module).'_'.strtolower($tabobj).'_extrafields.sql'; - $pathtosqlkey = strtolower($module).'/sql/llx_'.strtolower($module).'_'.strtolower($tabobj).'.key.sql'; - $pathtosqlextrakey = strtolower($module).'/sql/llx_'.strtolower($module).'_'.strtolower($tabobj).'_extrafields.key.sql'; + + // Try to load object class file + clearstatcache(true); + if (function_exists('opcache_invalidate')) { + opcache_invalidate($dirread.'/'.$pathtoclass, true); // remove the include cache hell ! + } + + if (empty($forceddirread) && empty($dirread)) { + $result = dol_include_once($pathtoclass); + $stringofinclude = "dol_include_once(".$pathtoclass.")"; + } else { + $result = @include_once $dirread.'/'.$pathtoclass; + $stringofinclude = "@include_once ".$dirread.'/'.$pathtoclass; + } + if (class_exists($tabobj)) { + try { + $tmpobjet = @new $tabobj($db); + } catch (Exception $e) { + dol_syslog('Failed to load Constructor of class: '.$e->getMessage(), LOG_WARNING); + } + } else { + print ''.$langs->trans('Failed to find the class '.$tabobj.' despite the '.$stringofinclude).'

'; + } + + // Define path for sql file + $pathtosql = strtolower($module).'/sql/llx_'.strtolower($module).'_'.strtolower($tabobj).'-'.strtolower($module).'.sql'; + $result = dol_buildpath($pathtosql); + if (! dol_is_file($result)) { + $pathtosql = strtolower($module).'/sql/llx_'.strtolower($module).'_'.strtolower($tabobj).'.sql'; + $result = dol_buildpath($pathtosql); + if (! dol_is_file($result)) { + $pathtosql = 'install/mysql/tables/llx_'.strtolower($module).'_'.strtolower($tabobj).'-'.strtolower($module).'.sql'; + $result = dol_buildpath($pathtosql); + if (! dol_is_file($result)) { + $pathtosql = 'install/mysql/tables/llx_'.strtolower($module).'-'.strtolower($module).'.sql'; + $result = dol_buildpath($pathtosql); + if (! dol_is_file($result)) { + $pathtosql = 'install/mysql/tables/llx_'.strtolower($module).'.sql'; + $pathtosqlextra = 'install/mysql/tables/llx_'.strtolower($module).'_extrafields.sql'; + $result = dol_buildpath($pathtosql); + } else { + $pathtosqlextra = 'install/mysql/tables/llx_'.strtolower($module).'_extrafields-'.strtolower($module).'.sql'; + } + } else { + $pathtosqlextra = 'install/mysql/tables/llx_'.strtolower($module).'_'.strtolower($tabobj).'_extrafields-'.strtolower($module).'.sql'; + } + } else { + $pathtosqlextra = strtolower($module).'/sql/llx_'.strtolower($module).'_'.strtolower($tabobj).'_extrafields.sql'; + } + } else { + $pathtosqlextra = strtolower($module).'/sql/llx_'.strtolower($module).'_'.strtolower($tabobj).'_extrafields-'.strtolower($module).'.sql'; + } + $pathtosqlroot = preg_replace('/\/llx_.*$/', '', $pathtosql); + + $pathtosqlkey = preg_replace('/\.sql$/', '.key.sql', $pathtosql); + $pathtosqlextrakey = preg_replace('/\.sql$/', '.key.sql', $pathtosqlextra); + $pathtolib = strtolower($module).'/lib/'.strtolower($module).'.lib.php'; $pathtoobjlib = strtolower($module).'/lib/'.strtolower($module).'_'.strtolower($tabobj).'.lib.php'; $pathtopicto = strtolower($module).'/img/object_'.strtolower($tabobj).'.png'; @@ -2598,6 +2651,10 @@ if ($module == 'initmodule') { $urloflist = dol_buildpath('/'.$pathtolist, 1); $urlofcard = dol_buildpath('/'.$pathtocard, 1); + + + + print '
'; // Main DAO class file print ' '.$langs->trans("ClassFile").' : '.(dol_is_file($realpathtoclass) ? '' : '').preg_replace('/^'.strtolower($module).'\//', '', $pathtoclass).(dol_is_file($realpathtoclass) ? '' : '').''; @@ -2728,28 +2785,6 @@ if ($module == 'initmodule') { print '


'; - clearstatcache(true); - if (function_exists('opcache_invalidate')) { - opcache_invalidate($dirread.'/'.$pathtoclass, true); // remove the include cache hell ! - } - - if (empty($forceddirread) && empty($dirread)) { - $result = dol_include_once($pathtoclass); - $stringofinclude = "dol_include_once(".$pathtoclass.")"; - } else { - $result = @include_once $dirread.'/'.$pathtoclass; - $stringofinclude = "@include_once ".$dirread.'/'.$pathtoclass; - } - if (class_exists($tabobj)) { - try { - $tmpobjet = @new $tabobj($db); - } catch (Exception $e) { - dol_syslog('Failed to load Constructor of class: '.$e->getMessage(), LOG_WARNING); - } - } else { - print ''.$langs->trans('Failed to find the class '.$tabobj.' despite the '.$stringofinclude).'
'; - } - if (!empty($tmpobjet)) { $reflector = new ReflectionClass($tabobj); $reflectorproperties = $reflector->getProperties(); // Can also use get_object_vars From a86477197484b17825e74c7f1c3e30db29815f5d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 15 Jul 2022 15:35:45 +0200 Subject: [PATCH 4/9] Debug --- htdocs/core/lib/modulebuilder.lib.php | 64 ++++++++++++++++++--------- htdocs/langs/en_US/modulebuilder.lang | 1 + htdocs/modulebuilder/index.php | 10 ++--- 3 files changed, 50 insertions(+), 25 deletions(-) diff --git a/htdocs/core/lib/modulebuilder.lib.php b/htdocs/core/lib/modulebuilder.lib.php index a775569407a..9e17d925dbe 100644 --- a/htdocs/core/lib/modulebuilder.lib.php +++ b/htdocs/core/lib/modulebuilder.lib.php @@ -30,7 +30,7 @@ * @param string $objectname Name of object * @param string $newmask New mask * @param string $readdir Directory source (use $destdir when not defined) - * @param string $addfieldentry Array of the field entry to add array('key'=>,'type'=>,''label'=>,'visible'=>,'enabled'=>,'position'=>,'notnull'=>','index'=>,'searchall'=>,'comment'=>,'help'=>,'isameasure') + * @param string $addfieldentry Array of 1 field entry to add array('key'=>,'type'=>,''label'=>,'visible'=>,'enabled'=>,'position'=>,'notnull'=>','index'=>,'searchall'=>,'comment'=>,'help'=>,'isameasure') * @param string $delfieldentry Id of field to remove * @return int|object <=0 if KO, Object if OK * @see rebuildObjectSql() @@ -40,7 +40,7 @@ function rebuildObjectClass($destdir, $module, $objectname, $newmask, $readdir = global $db, $langs; if (empty($objectname)) { - return -1; + return -6; } if (empty($readdir)) { $readdir = $destdir; @@ -48,9 +48,11 @@ function rebuildObjectClass($destdir, $module, $objectname, $newmask, $readdir = if (!empty($addfieldentry['arrayofkeyval']) && !is_array($addfieldentry['arrayofkeyval'])) { dol_print_error('', 'Bad parameter addfieldentry with a property arrayofkeyval defined but that is not an array.'); - return -1; + return -7; } + $error = 0; + // Check parameters if (is_array($addfieldentry) && count($addfieldentry) > 0) { if (empty($addfieldentry['name'])) { @@ -62,8 +64,8 @@ function rebuildObjectClass($destdir, $module, $objectname, $newmask, $readdir = return -2; } if (!preg_match('/^(integer|price|sellist|varchar|double|text|html|duration)/', $addfieldentry['type']) - && !preg_match('/^(boolean|real|date|datetime|timestamp)$/', $addfieldentry['type'])) { - setEventMessages($langs->trans('BadValueForType', $objectname), null, 'errors'); + && !preg_match('/^(boolean|smallint|real|date|datetime|timestamp|phone|mail|url|ip|password)$/', $addfieldentry['type'])) { + setEventMessages($langs->trans('BadValueForType', $addfieldentry['type']), null, 'errors'); return -2; } } @@ -217,10 +219,14 @@ function rebuildObjectClass($destdir, $module, $objectname, $newmask, $readdir = dol_mkdir(dirname($pathoffiletoedittarget)); //file_put_contents($pathoffiletoedittmp, $contentclass); - file_put_contents(dol_osencode($pathoffiletoedittarget), $contentclass); - @chmod($pathoffiletoedittarget, octdec($newmask)); + $result = file_put_contents(dol_osencode($pathoffiletoedittarget), $contentclass); + if ($result) { + @chmod($pathoffiletoedittarget, octdec($newmask)); + } else { + $error++; + } - return $object; + return $error ? -1 : $object; } catch (Exception $e) { print $e->getMessage(); return -5; @@ -257,13 +263,33 @@ function rebuildObjectSql($destdir, $module, $objectname, $newmask, $readdir = ' // Edit .sql file if ($moduletype == 'internal') { - $pathoffiletoeditsrc = $readdir.'/../install/mysql/tables/llx_'.strtolower($module).'_'.strtolower($objectname).'.sql'; - $pathoffiletoedittarget = $destdir.'/../install/mysql/tables/llx_'.strtolower($module).'_'.strtolower($objectname).'.sql'.($readdir != $destdir ? '.new' : ''); + $pathoffiletoeditsrc = '/../install/mysql/tables/llx_'.strtolower($module).'_'.strtolower($objectname).'.sql'; + if (! dol_is_file($readdir.$pathoffiletoeditsrc)) { + $pathoffiletoeditsrc = '/../install/mysql/tables/llx_'.strtolower($module).'_'.strtolower($objectname).'-'.strtolower($module).'.sql'; + if (! dol_is_file($readdir.$pathoffiletoeditsrc)) { + $pathoffiletoeditsrc = '/../install/mysql/tables/llx_'.strtolower($module).'-'.strtolower($module).'.sql'; + if (! dol_is_file($readdir.$pathoffiletoeditsrc)) { + $pathoffiletoeditsrc = '/../install/mysql/tables/llx_'.strtolower($module).'.sql'; + } + } + } } else { - $pathoffiletoeditsrc = $readdir.'/sql/llx_'.strtolower($module).'_'.strtolower($objectname).'.sql'; - $pathoffiletoedittarget = $destdir.'/sql/llx_'.strtolower($module).'_'.strtolower($objectname).'.sql'.($readdir != $destdir ? '.new' : ''); + $pathoffiletoeditsrc = '/sql/llx_'.strtolower($module).'_'.strtolower($objectname).'.sql'; + if (! dol_is_file($readdir.$pathoffiletoeditsrc)) { + $pathoffiletoeditsrc = '/sql/llx_'.strtolower($module).'_'.strtolower($objectname).'-'.strtolower($module).'.sql'; + if (! dol_is_file($readdir.$pathoffiletoeditsrc)) { + $pathoffiletoeditsrc = '/sql/llx_'.strtolower($module).'-'.strtolower($module).'.sql'; + if (! dol_is_file($readdir.$pathoffiletoeditsrc)) { + $pathoffiletoeditsrc = '/sql/llx_'.strtolower($module).'.sql'; + } + } + } } + // Complete path to be full path + $pathoffiletoedittarget = $destdir.$pathoffiletoeditsrc.($readdir != $destdir ? '.new' : ''); + $pathoffiletoeditsrc = $readdir.$pathoffiletoeditsrc; + if (!dol_is_file($pathoffiletoeditsrc)) { $langs->load("errors"); setEventMessages($langs->trans("ErrorFileNotFound", $pathoffiletoeditsrc), null, 'errors'); @@ -340,16 +366,13 @@ function rebuildObjectSql($destdir, $module, $objectname, $newmask, $readdir = ' @chmod($pathoffiletoedittarget, octdec($newmask)); } else { $error++; + setEventMessages($langs->trans("ErrorFailToCreateFile", $pathoffiletoedittarget), null, 'errors'); } // Edit .key.sql file - if ($moduletype == 'internal') { - $pathoffiletoeditsrc = $readdir.'/../install/mysql/tables/llx_'.strtolower($module).'_'.strtolower($objectname).'.key.sql'; - $pathoffiletoedittarget = $destdir.'/../install/mysql/tables/llx_'.strtolower($module).'_'.strtolower($objectname).'.key.sql'.($readdir != $destdir ? '.new' : ''); - } else { - $pathoffiletoeditsrc = $destdir.'/sql/llx_'.strtolower($module).'_'.strtolower($objectname).'.key.sql'; - $pathoffiletoedittarget = $destdir.'/sql/llx_'.strtolower($module).'_'.strtolower($objectname).'.key.sql'.($readdir != $destdir ? '.new' : ''); - } + $pathoffiletoeditsrc = preg_replace('/\.sql$/', '.key.sql', $pathoffiletoeditsrc); + $pathoffiletoedittarget = preg_replace('/\.sql$/', '.key.sql', $pathoffiletoedittarget); + $pathoffiletoedittarget = preg_replace('/\.sql.new$/', '.key.sql.new', $pathoffiletoedittarget); $contentsql = file_get_contents(dol_osencode($pathoffiletoeditsrc), 'r'); @@ -378,10 +401,11 @@ function rebuildObjectSql($destdir, $module, $objectname, $newmask, $readdir = ' dol_mkdir(dirname($pathoffiletoedittarget)); $result2 = file_put_contents($pathoffiletoedittarget, $contentsql); - if ($result) { + if ($result2) { @chmod($pathoffiletoedittarget, octdec($newmask)); } else { $error++; + setEventMessages($langs->trans("ErrorFailToCreateFile", $pathoffiletoedittarget), null, 'errors'); } return $error ? -1 : 1; diff --git a/htdocs/langs/en_US/modulebuilder.lang b/htdocs/langs/en_US/modulebuilder.lang index b17ab4fdeb2..c9c69b6af3b 100644 --- a/htdocs/langs/en_US/modulebuilder.lang +++ b/htdocs/langs/en_US/modulebuilder.lang @@ -153,3 +153,4 @@ LinkToParentMenu=Parent menu (fk_xxxxmenu) ListOfTabsEntries=List of tab entries TabsDefDesc=Define here the tabs provided by your module TabsDefDescTooltip=The tabs provided by your module/application are defined into the array $this->tabs into the module descriptor file. You can edit manually this file or use the embedded editor. +BadValueForType=Bad value for type %s \ No newline at end of file diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index 776ba579a13..e1b2643137b 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -1507,9 +1507,10 @@ if ($dirins && $action == 'addproperty' && empty($cancel) && !empty($module) && $error++; }*/ + $moduletype = $listofmodules[strtolower($module)]['moduletype']; + // Edit the class file to write properties if (!$error) { - $moduletype = 'external'; $object = rebuildObjectClass($destdir, $module, $objectname, $newmask, $srcdir, $addfieldentry, $moduletype); if (is_numeric($object) && $object <= 0) { @@ -1519,21 +1520,20 @@ if ($dirins && $action == 'addproperty' && empty($cancel) && !empty($module) && // Edit sql with new properties if (!$error) { - $moduletype = 'external'; - $result = rebuildObjectSql($destdir, $module, $objectname, $newmask, $srcdir, $object, $moduletype); + if ($result <= 0) { $error++; } } if (!$error) { + clearstatcache(true); + setEventMessages($langs->trans('FilesForObjectUpdated', $objectname), null); setEventMessages($langs->trans('WarningDatabaseIsNotUpdated'), null); - clearstatcache(true); - // Make a redirect to reload all data header("Location: ".DOL_URL_ROOT.'/modulebuilder/index.php?tab=objects&module='.$module.($forceddirread ? '@'.$dirread : '').'&tabobj='.$objectname.'&nocache='.time()); From 6d7a45ddf4d57e46f36087bc62a43dc943c4538e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 15 Jul 2022 14:37:35 +0200 Subject: [PATCH 5/9] Fix reposition --- htdocs/modulebuilder/index.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index e1b2643137b..0ab1abe8f9f 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -2796,6 +2796,7 @@ if ($module == 'initmodule') { print ''; print ''; print ''; + print ''; print ''; print ''; @@ -2984,8 +2985,8 @@ if ($module == 'initmodule') { print ''; print ''; print ''; - print ''; - print ''; + print ''; + print ''; print ''; } else { print ''; From c21c4f36f81695dedf0bb21426890e08bda8d923 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 16 Jul 2022 01:09:23 +0200 Subject: [PATCH 6/9] css --- htdocs/recruitment/class/recruitmentcandidature.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/recruitment/class/recruitmentcandidature.class.php b/htdocs/recruitment/class/recruitmentcandidature.class.php index 021ed614a5f..122adbe1ecf 100644 --- a/htdocs/recruitment/class/recruitmentcandidature.class.php +++ b/htdocs/recruitment/class/recruitmentcandidature.class.php @@ -127,7 +127,7 @@ class RecruitmentCandidature extends CommonObject //'fk_recruitment_origin' => array('type'=>'integer:CRecruitmentOrigin:recruitment/class/crecruitmentorigin.class.php', 'label'=>'Origin', 'enabled'=>'1', 'position'=>45, 'visible'=>1, 'index'=>1), 'remuneration_requested' => array('type'=>'integer', 'label'=>'RequestedRemuneration', 'enabled'=>'1', 'position'=>80, 'notnull'=>0, 'visible'=>-1,), 'remuneration_proposed' => array('type'=>'integer', 'label'=>'ProposedRemuneration', 'enabled'=>'1', 'position'=>81, 'notnull'=>0, 'visible'=>-1,), - 'description' => array('type'=>'html', 'label'=>'Description', 'enabled'=>'1', 'position'=>500, 'notnull'=>0, 'visible'=>3,), + 'description' => array('type'=>'html', 'label'=>'Description', 'enabled'=>'1', 'position'=>500, 'notnull'=>0, 'visible'=>3, 'css'=>'wordbreak'), 'import_key' => array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>'1', 'position'=>1000, 'notnull'=>-1, 'visible'=>-2,), 'model_pdf' => array('type'=>'varchar(255)', 'label'=>'Model pdf', 'enabled'=>'1', 'position'=>1010, 'notnull'=>-1, 'visible'=>0,), 'status' => array('type'=>'smallint', 'label'=>'Status', 'enabled'=>'1', 'position'=>1000, 'notnull'=>1, 'visible'=>1, 'index'=>1, 'default'=>0, 'arrayofkeyval'=>array('0'=>'Draft', '1'=>'Received', '3'=>'ContractProposed', '5'=>'ContractSigned', '8'=>'Refused', '9'=>'Canceled')), From 07216577e485ce8da1c19040173dedb7c8960ae1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 16 Jul 2022 02:03:38 +0200 Subject: [PATCH 7/9] FIX #yogosha11806 --- htdocs/admin/clicktodial.php | 59 +++++++++++++++++-- htdocs/cron/admin/cron.php | 19 +++--- htdocs/langs/en_US/admin.lang | 1 + .../clicktodial}/cidlookup.php | 50 ++++++++++++++-- htdocs/public/cron/cron_run_jobs_by_url.php | 2 +- 5 files changed, 111 insertions(+), 20 deletions(-) rename htdocs/{asterisk => public/clicktodial}/cidlookup.php (71%) diff --git a/htdocs/admin/clicktodial.php b/htdocs/admin/clicktodial.php index 326e7028bbf..9986780c4a2 100644 --- a/htdocs/admin/clicktodial.php +++ b/htdocs/admin/clicktodial.php @@ -47,8 +47,9 @@ if (!in_array('clicktodial', $conf->modules)) { if ($action == 'setvalue' && $user->admin) { $result1 = dolibarr_set_const($db, "CLICKTODIAL_USE_TEL_LINK_ON_PHONE_NUMBERS", GETPOST("CLICKTODIAL_USE_TEL_LINK_ON_PHONE_NUMBERS"), 'chaine', 0, '', $conf->entity); $result2 = dolibarr_set_const($db, "CLICKTODIAL_URL", GETPOST("CLICKTODIAL_URL"), 'chaine', 0, '', $conf->entity); + $result3 = dolibarr_set_const($db, "CLICKTODIAL_KEY_FOR_CIDLOOKUP", GETPOST("CLICKTODIAL_KEY_FOR_CIDLOOKUP"), 'chaine', 0, '', $conf->entity); - if ($result1 >= 0 && $result2 >= 0) { + if ($result1 >= 0 && $result2 >= 0 && $result3 >= 0) { setEventMessages($langs->trans("SetupSaved"), null, 'mesgs'); } else { setEventMessages($langs->trans("Error"), null, 'errors'); @@ -80,7 +81,7 @@ print ''; print '
'; print ''; print ''; -print ''; +print ''; print ''; print "\n"; @@ -89,7 +90,7 @@ print ''; @@ -102,8 +103,8 @@ print $langs->trans("ClickToDialUrlDesc").'
'; print '
'; print ''; print $langs->trans("Examples").':
'; -print 'https://myphoneserver/mypage?login=__LOGIN__&password=__PASS__&caller=__PHONEFROM__&called=__PHONETO__
'; -print 'sip:__PHONETO__@my.sip.server'; +print '* https://myphoneserver/phoneurl?login=__LOGIN__&password=__PASS__&caller=__PHONEFROM__&called=__PHONETO__
'; +print '* sip:__PHONETO__@my.sip.server'; print ''; //if (! empty($user->clicktodial_url)) @@ -114,6 +115,37 @@ print ''; print ''; +print ''; +print ''; +print ''; +print ''; + print '
'.$langs->trans("Name").''.$langs->trans("Name").''.$langs->trans("Value").'
'; print $langs->trans("ClickToDialUseTelLink").''; print $form->selectyesno("CLICKTODIAL_USE_TEL_LINK_ON_PHONE_NUMBERS", $conf->global->CLICKTODIAL_USE_TEL_LINK_ON_PHONE_NUMBERS, 1).'
'; print '
'; -print $langs->trans("ClickToDialUseTelLinkDesc"); +print ''.$langs->trans("ClickToDialUseTelLinkDesc").''; print '
'.$langs->trans("SecurityKey").''; + +global $dolibarr_main_url_root; + +// Define $urlwithroot +$urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root)); +$urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file +//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current + +// Url for CIDLookup +//print '
'; +//print $langs->trans("URLToLaunchCronJobs").':
'; +$url = $urlwithroot.'/public/clicktodial/cidlookup.php?securitykey='.getDolGlobalString('CLICKTODIAL_KEY_FOR_CIDLOOKUP', 'ValueToDefine').'&phone=...'; +//print img_picto('', 'globe').' '.$url."
\n"; +//print '
'; +//print '
'; + + +print ''.$langs->trans("CIDLookupURL").''; +print '
'.$url; +print '
'; +print '
'; +print ''; +if (!empty($conf->use_javascript_ajax)) { + print ' '.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_token" class="linkobject"'); +} +print '
'; print '
'; @@ -156,6 +188,23 @@ if (!empty($conf->global->CLICKTODIAL_URL)) { } } +if (!empty($conf->use_javascript_ajax)) { + print "\n".''; +} + // End of page llxFooter(); $db->close(); diff --git a/htdocs/cron/admin/cron.php b/htdocs/cron/admin/cron.php index 28078242dc6..ff413a8a1c2 100644 --- a/htdocs/cron/admin/cron.php +++ b/htdocs/cron/admin/cron.php @@ -133,15 +133,16 @@ if (!empty($conf->use_javascript_ajax)) { print "\n".''; } diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 698ade8b8d1..fa6fa693bb0 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -2278,3 +2278,4 @@ INVOICE_ADD_SWISS_QR_CODE=Show the swiss QR-Bill code on invoices UrlSocialNetworksDesc=Url link of social network. Use {socialid} for the variable part that contains the social network ID. IfThisCategoryIsChildOfAnother=If this category is a child of another one NoName=No name +CIDLookupURL=The module brings an URL that can be used by an external tool to get the name of a thirdparty or contact from its phone number. URL to use is: \ No newline at end of file diff --git a/htdocs/asterisk/cidlookup.php b/htdocs/public/clicktodial/cidlookup.php similarity index 71% rename from htdocs/asterisk/cidlookup.php rename to htdocs/public/clicktodial/cidlookup.php index 716057198f8..3ec7024855d 100644 --- a/htdocs/asterisk/cidlookup.php +++ b/htdocs/public/clicktodial/cidlookup.php @@ -16,20 +16,45 @@ */ /** - * \file htdocs/asterisk/cidlookup.php + * \file htdocs/public/clicktodial/cidlookup.php * \brief Script to search companies names based on incoming calls, from caller phone number - * \remarks To use this script, your Asterisk must be compiled with CURL, - * and your dialplan must be something like this: + * \remarks To use this script, your Asterisk must be compiled with CURL, and your dialplan must be something like this: * - * exten => s,1,Set(CALLERID(name)=${CURL(http://IP-DOLIBARR:80/asterisk/cidlookup.php?phone=${CALLERID(num)})}) + * exten => s,1,Set(CALLERID(name)=${CURL(http://IP-DOLIBARR:80/asterisk/cidlookup.php?phone=${CALLERID(num)}&securitykey=SECURITYKEY)}) * * Change IP-DOLIBARR to the IP address of your dolibarr server + * Change SECURITYKEY to the value defined into your setup of module ClickToDial */ +if (!defined('NOTOKENRENEWAL')) { + define('NOTOKENRENEWAL', '1'); // Disables token renewal +} +if (!defined('NOREQUIREMENU')) { + define('NOREQUIREMENU', '1'); +} +if (!defined('NOREQUIREHTML')) { + define('NOREQUIREHTML', '1'); +} +if (!defined('NOREQUIREAJAX')) { + define('NOREQUIREAJAX', '1'); +} +if (!defined('NOLOGIN')) { + define('NOLOGIN', '1'); +} +if (!defined('NOIPCHECK')) { + define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +} -include '../master.inc.php'; +// So log file will have a suffix +if (!defined('USESUFFIXINLOG')) { + define('USESUFFIXINLOG', '_cidlookup'); +} + +include '../../main.inc.php'; $phone = GETPOST('phone'); +$securitykey = GETPOST('securitykey'); + $notfound = $langs->trans("Unknown"); // Security check @@ -38,12 +63,27 @@ if (empty($conf->clicktodial->enabled)) { exit; } + +/* + * View + */ + +if (empty($securitykey)) { + echo 'Securitykey is required. Check setup of clicktodial module.'; + exit; +} +if ($securitykey != getDolGlobalString('CLICKTODIAL_KEY_FOR_CIDLOOKUP')) { + echo 'Securitykey is wrong.'; + exit; +} + // Check parameters if (empty($phone)) { print "Error: Url must be called with parameter phone=phone to search\n"; exit; } + $sql = "SELECT s.nom as name FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as sp ON sp.fk_soc = s.rowid"; $sql .= " WHERE s.entity IN (".getEntity('societe').")"; diff --git a/htdocs/public/cron/cron_run_jobs_by_url.php b/htdocs/public/cron/cron_run_jobs_by_url.php index 8aa910a2d4f..fea2a2d7f82 100644 --- a/htdocs/public/cron/cron_run_jobs_by_url.php +++ b/htdocs/public/cron/cron_run_jobs_by_url.php @@ -93,7 +93,7 @@ if (empty($key)) { echo 'Securitykey is required. Check setup of cron jobs module.'; exit; } -if ($key != $conf->global->CRON_KEY) { +if ($key != getDolGlobalString('CRON_KEY')) { echo 'Securitykey is wrong.'; exit; } From f63281ffef039cee0bdac4b1013986fdd50d6851 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 16 Jul 2022 02:10:21 +0200 Subject: [PATCH 8/9] php8 --- htdocs/admin/clicktodial.php | 2 +- htdocs/margin/admin/margin.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/admin/clicktodial.php b/htdocs/admin/clicktodial.php index 9986780c4a2..a8d33ae5a09 100644 --- a/htdocs/admin/clicktodial.php +++ b/htdocs/admin/clicktodial.php @@ -96,7 +96,7 @@ print ''; print ''; print $langs->trans("DefaultLink").''; -print 'global->CLICKTODIAL_USE_TEL_LINK_ON_PHONE_NUMBERS ? ' disabled="disabled"' : '').' value="'.$conf->global->CLICKTODIAL_URL.'">
'; +print '
'; print ajax_autoselect('CLICKTODIAL_URL'); print '
'; print $langs->trans("ClickToDialUrlDesc").'
'; diff --git a/htdocs/margin/admin/margin.php b/htdocs/margin/admin/margin.php index 94330eb8dc1..b87131a4135 100644 --- a/htdocs/margin/admin/margin.php +++ b/htdocs/margin/admin/margin.php @@ -212,7 +212,7 @@ print ''; print ''; print ''.$langs->trans("MARGIN_METHODE_FOR_DISCOUNT").''; print ''; -print Form::selectarray('MARGIN_METHODE_FOR_DISCOUNT', $methods, $conf->global->MARGIN_METHODE_FOR_DISCOUNT); +print Form::selectarray('MARGIN_METHODE_FOR_DISCOUNT', $methods, getDolGlobalString('MARGIN_METHODE_FOR_DISCOUNT')); print ''; print ''; print ''; @@ -230,7 +230,7 @@ print ''.$langs->trans("AgentContactType").''; print ''; $formcompany = new FormCompany($db); $facture = new Facture($db); -print $formcompany->selectTypeContact($facture, $conf->global->AGENT_CONTACT_TYPE, "AGENT_CONTACT_TYPE", "internal", "code", 1, "maxwidth250"); +print $formcompany->selectTypeContact($facture, getDolGlobalString('AGENT_CONTACT_TYPE'), "AGENT_CONTACT_TYPE", "internal", "code", 1, "maxwidth250"); print ''; print ''; print ''; From a423f8685a72f465a0a1c44c608b3a74356a1c99 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 16 Jul 2022 02:23:30 +0200 Subject: [PATCH 9/9] php8 --- htdocs/core/class/dolgraph.class.php | 2 +- htdocs/core/customreports.php | 42 +++++++++++++++------------- 2 files changed, 23 insertions(+), 21 deletions(-) diff --git a/htdocs/core/class/dolgraph.class.php b/htdocs/core/class/dolgraph.class.php index 2fe60cc323c..e24afd73879 100644 --- a/htdocs/core/class/dolgraph.class.php +++ b/htdocs/core/class/dolgraph.class.php @@ -1316,7 +1316,7 @@ class DolGraph if (empty($showlegend)) { $this->stringtoshow .= 'legend: { display: false }, '."\n"; } else { - $this->stringtoshow .= 'legend: { maxWidth: '.round($this->width / 2).', labels: { boxWidth: 15 }, position: \'' . ($showlegend == 2 ? 'right' : 'top') . '\' },'."\n"; + $this->stringtoshow .= 'legend: { maxWidth: '.round(intVal($this->width) / 2).', labels: { boxWidth: 15 }, position: \'' . (($showlegend && $showlegend == 2) ? 'right' : 'top') . '\' },'."\n"; } $this->stringtoshow .= "}, \n"; diff --git a/htdocs/core/customreports.php b/htdocs/core/customreports.php index 46b885bd60a..2ad0e047346 100644 --- a/htdocs/core/customreports.php +++ b/htdocs/core/customreports.php @@ -217,7 +217,7 @@ foreach ($arrayoftype as $key => $val) { if (dol_eval($val['enabled'], 1, 1, '1')) { $newarrayoftype[$key] = $arrayoftype[$key]; } - if ($val['langs']) { + if (!empty($val['langs'])) { $langs->load($val['langs']); } } @@ -970,31 +970,31 @@ function fillArrayOfMeasures($object, $tablealias, $labelofobject, &$arrayofmesu // Add main fields of object foreach ($object->fields as $key => $val) { if (!empty($val['isameasure']) && (!isset($val['enabled']) || dol_eval($val['enabled'], 1, 1, '1'))) { - $position = (!empty($val['position']) ? $val['position'] : 0); + $position = (empty($val['position']) ? 0 : intVal($val['position'])); $arrayofmesures[$tablealias.'.'.$key.'-sum'] = array( 'label' => img_picto('', $object->picto, 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($val['label']).' ('.$langs->trans("Sum").')', - 'position' => ($position+($count * 100000)).'.1', + 'position' => ($position + ($count * 100000)).'.1', 'table' => $object->table_element ); $arrayofmesures[$tablealias.'.'.$key.'-average'] = array( 'label' => img_picto('', $object->picto, 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($val['label']).' ('.$langs->trans("Average").')', - 'position' => ($position+($count * 100000)).'.2', + 'position' => ($position + ($count * 100000)).'.2', 'table' => $object->table_element ); $arrayofmesures[$tablealias.'.'.$key.'-min'] = array( 'label' => img_picto('', $object->picto, 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($val['label']).' ('.$langs->trans("Minimum").')', - 'position' => ($position+($count * 100000)).'.3', + 'position' => ($position + ($count * 100000)).'.3', 'table' => $object->table_element ); $arrayofmesures[$tablealias.'.'.$key.'-max'] = array( 'label' => img_picto('', $object->picto, 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($val['label']).' ('.$langs->trans("Maximum").')', - 'position' => ($position+($count * 100000)).'.4', + 'position' => ($position + ($count * 100000)).'.4', 'table' => $object->table_element ); } } // Add extrafields to Measures - if ($object->isextrafieldmanaged) { + if (!empty($object->isextrafieldmanaged)) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { if (!empty($extrafields->attributes[$object->table_element]['totalizable'][$key]) && (!isset($extrafields->attributes[$object->table_element]['enabled'][$key]) || dol_eval($extrafields->attributes[$object->table_element]['enabled'][$key], 1, 1, '1'))) { $position = (!empty($val['position']) ? $val['position'] : 0); @@ -1098,26 +1098,27 @@ function fillArrayOfXAxis($object, $tablealias, $labelofobject, &$arrayofxaxis, continue; } if (in_array($val['type'], array('timestamp', 'date', 'datetime'))) { - $position = (!empty($val['position']) ? $val['position'] : 0); + $position = (empty($val['position']) ? 0 : intVal($val['position'])); $arrayofxaxis[$tablealias.'.'.$key.'-year'] = array( 'label' => img_picto('', $object->picto, 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($val['label']).' ('.$YYYY.')', - 'position' => ($position+($count * 100000)).'.1', + 'position' => ($position + ($count * 100000)).'.1', 'table' => $object->table_element ); $arrayofxaxis[$tablealias.'.'.$key.'-month'] = array( 'label' => img_picto('', $object->picto, 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($val['label']).' ('.$YYYY.'-'.$MM.')', - 'position' => ($position+($count * 100000)).'.2', + 'position' => ($position + ($count * 100000)).'.2', 'table' => $object->table_element ); $arrayofxaxis[$tablealias.'.'.$key.'-day'] = array( 'label' => img_picto('', $object->picto, 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($val['label']).' ('.$YYYY.'-'.$MM.'-'.$DD.')', - 'position' => ($position+($count * 100000)).'.3', + 'position' => ($position + ($count * 100000)).'.3', 'table' => $object->table_element ); } else { + $position = (empty($val['position']) ? 0 : intVal($val['position'])); $arrayofxaxis[$tablealias.'.'.$key] = array( 'label' => img_picto('', $object->picto, 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($val['label']), - 'position' => ($position+($count * 100000)), + 'position' => ($position + ($count * 100000)), 'table' => $object->table_element ); } @@ -1125,7 +1126,7 @@ function fillArrayOfXAxis($object, $tablealias, $labelofobject, &$arrayofxaxis, } // Add extrafields to X-Axis - if ($object->isextrafieldmanaged) { + if (!empty($object->isextrafieldmanaged)) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { if ($extrafields->attributes[$object->table_element]['type'][$key] == 'separate') { continue; @@ -1196,7 +1197,7 @@ function fillArrayOfGroupBy($object, $tablealias, $labelofobject, &$arrayofgroup // Add main fields of object foreach ($object->fields as $key => $val) { - if (!$val['isameasure']) { + if (empty($val['isameasure'])) { if (in_array($key, array( 'id', 'ref_int', 'ref_ext', 'rowid', 'entity', 'last_main_doc', 'logo', 'logo_squarred', 'extraparams', 'parent', 'photo', 'socialnetworks', 'webservices_url', 'webservices_key'))) { @@ -1218,26 +1219,27 @@ function fillArrayOfGroupBy($object, $tablealias, $labelofobject, &$arrayofgroup continue; } if (in_array($val['type'], array('timestamp', 'date', 'datetime'))) { - $position = (!empty($val['position']) ? $val['position'] : 0); + $position = (empty($val['position']) ? 0 : intVal($val['position'])); $arrayofgroupby[$tablealias.'.'.$key.'-year'] = array( 'label' => img_picto('', $object->picto, - 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($val['label']).' ('.$YYYY.')', 'position' => ($position+($count * 100000)).'.1', + 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($val['label']).' ('.$YYYY.')', 'position' => ($position + ($count * 100000)).'.1', 'table' => $object->table_element ); $arrayofgroupby[$tablealias.'.'.$key.'-month'] = array( 'label' => img_picto('', $object->picto, - 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($val['label']).' ('.$YYYY.'-'.$MM.')', 'position' => ($position+($count * 100000)).'.2', + 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($val['label']).' ('.$YYYY.'-'.$MM.')', 'position' => ($position + ($count * 100000)).'.2', 'table' => $object->table_element ); $arrayofgroupby[$tablealias.'.'.$key.'-day'] = array( 'label' => img_picto('', $object->picto, - 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($val['label']).' ('.$YYYY.'-'.$MM.'-'.$DD.')', 'position' => ($position+($count * 100000)).'.3', + 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($val['label']).' ('.$YYYY.'-'.$MM.'-'.$DD.')', 'position' => ($position + ($count * 100000)).'.3', 'table' => $object->table_element ); } else { + $position = (empty($val['position']) ? 0 : intVal($val['position'])); $arrayofgroupby[$tablealias.'.'.$key] = array( 'label' => img_picto('', $object->picto, - 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($val['label']), 'position' => ($position+($count * 100000)), + 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($val['label']), 'position' => ($position + ($count * 100000)), 'table' => $object->table_element ); } @@ -1245,7 +1247,7 @@ function fillArrayOfGroupBy($object, $tablealias, $labelofobject, &$arrayofgroup } // Add extrafields to Group by - if ($object->isextrafieldmanaged) { + if (! empty($object->isextrafieldmanaged)) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { if ($extrafields->attributes[$object->table_element]['type'][$key] == 'separate') { continue;