lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into knowledgemgmt

Browse Source
This commit is contained in:
Frédéric FRANCE 2023-02-13 13:28:35 +01:00
commit 1b2ac98e37
3 changed files with 24 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/admin/system/security.php
View File

@ -577,6 +577,9 @@ print '<br>';
print '<strong>MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL</strong> = '.getDolGlobalString('MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL', '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)</span>')."<br>"; print '<strong>MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL</strong> = '.getDolGlobalString('MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL', '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)</span>')."<br>";
print '<br>'; print '<br>';
print '<strong>MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED</strong> = '.getDolGlobalString('MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED', '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)</span>')."<br>";
print '<br>';
print '<strong>MAIN_SECURITY_FORCECSP</strong> = '.getDolGlobalString('MAIN_SECURITY_FORCECSP', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>').' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").": \"frame-ancestors 'self'; default-src 'self'; img-src *;\")</span><br>"; print '<strong>MAIN_SECURITY_FORCECSP</strong> = '.getDolGlobalString('MAIN_SECURITY_FORCECSP', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>').' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").": \"frame-ancestors 'self'; default-src 'self'; img-src *;\")</span><br>";
print '<br>'; print '<br>';

61
htdocs/core/class/antivir.class.php
View File

@ -81,63 +81,38 @@ class AntiVir
} }
$fullcommand = $this->getCliCommand($file); $fullcommand = $this->getCliCommand($file);
//$fullcommand="/usr/bin/clamdscan --fdpass '/tmp/phpuxoAEo'"
//$fullcommand='"c:\Program Files (x86)\ClamWin\bin\clamscan.exe" --database="C:\Program Files (x86)\ClamWin\lib" "c:\temp\aaa.txt"'; //$fullcommand='"c:\Program Files (x86)\ClamWin\bin\clamscan.exe" --database="C:\Program Files (x86)\ClamWin\lib" "c:\temp\aaa.txt"';
$fullcommand .= ' 2>&1'; // This is to get error output //var_dump($fullcommand);
$output = array();
$return_var = 0;
$safemode = ini_get("safe_mode"); $safemode = ini_get("safe_mode");
// Create a clean fullcommand // Create a clean fullcommand
dol_syslog("AntiVir::dol_avscan_file Run command=".$fullcommand." with safe_mode ".($safemode ? "on" : "off")); dol_syslog("AntiVir::dol_avscan_file Run command=".$fullcommand." with safe_mode ".($safemode ? "on" : "off"));
// Run CLI command. If run of Windows, you can get return with echo %ERRORLEVEL% // Run CLI command.
$lastline = exec($fullcommand, $output, $return_var); include_once DOL_DOCUMENT_ROOT.'/core/class/utils.class.php';
$utils = new Utils($this->db);
$outputfile = $conf->user->dir_temp.'/antivir.tmp';
$result = $utils->executeCLI($fullcommand, $outputfile);
$return_var = $result['result'];
$output = $result['output'];
$errorstring = $result['error'];
if (is_null($output)) { if (is_null($output)) {
$output = array(); $output = array();
} }
//print "x".$lastline." - ".join(',',$output)." - ".$return_var."y";exit; dol_syslog("AntiVir::dol_avscan_file Result return_var=".$return_var." output=".$output);
/*
$outputfile=$conf->admin->dir_temp.'/dol_avscan_file.out.'.session_id();
$handle = fopen($outputfile, 'w');
if ($handle)
{
$handlein = popen($fullcommand, 'r');
while (!feof($handlein))
{
$read = fgets($handlein);
fwrite($handle,$read);
}
pclose($handlein);
$errormsg = fgets($handle,2048);
$this->output=$errormsg;
fclose($handle);
if (!empty($conf->global->MAIN_UMASK))
@chmod($outputfile, octdec($conf->global->MAIN_UMASK));
}
else
{
$langs->load("errors");
dol_syslog("Failed to open file ".$outputfile,LOG_ERR);
$this->error="ErrorFailedToWriteInDir";
$return=-1;
}
*/
dol_syslog("AntiVir::dol_avscan_file Result return_var=".$return_var." output=".join(',', $output));
$returncodevirus = 1; $returncodevirus = 1;
if ($return_var == $returncodevirus) { // Virus found if ($return_var == $returncodevirus) { // Virus found
$this->errors = $output; $this->errors = array($errorstring, $output);
return -99; return -99;
} }
if ($return_var > 0) { // If other error if ($return_var > 0) { // If other error
$this->errors = $output; $this->errors = array($errorstring, $output);
return -98; return -98;
} }
@ -178,10 +153,12 @@ class AntiVir
} }
if (preg_match("/\s/", $command)) { if (preg_match("/\s/", $command)) {
$command = escapeshellarg($command); // Use quotes on command. Using escapeshellcmd fails. $command = escapeshellarg($command); // Force use of quotes on command. Using escapeshellcmd fails.
} }
$ret = $command.' '.$param; $forbidden_chars_to_replace = array("*", "?", "\"", "<", ">", "|", "[", "]", ";", '°', '$');
$ret = dol_sanitizePathName($command).' '.dol_string_nospecial($param, '_', $forbidden_chars_to_replace);
//$ret=$command.' '.$param.' 2>&1'; //$ret=$command.' '.$param.' 2>&1';
//print "xx".$ret."xx";exit; //print "xx".$ret."xx";exit;

4
htdocs/core/lib/functions.lib.php
View File

@ -1385,7 +1385,7 @@ function dol_string_unaccent($str)
/** /**
* Clean a string from all punctuation characters to use it as a ref or login. * Clean a string from all punctuation characters to use it as a ref or login.
* This is a more complete function than dol_sanitizeFileName. * This is a more complete function than dol_sanitizeFileName().
* *
* @param string $str String to clean * @param string $str String to clean
* @param string $newstr String to replace forbidden chars with * @param string $newstr String to replace forbidden chars with
@ -1397,7 +1397,7 @@ function dol_string_unaccent($str)
*/ */
function dol_string_nospecial($str, $newstr = '_', $badcharstoreplace = '', $badcharstoremove = '') function dol_string_nospecial($str, $newstr = '_', $badcharstoreplace = '', $badcharstoremove = '')
{ {
$forbidden_chars_to_replace = array(" ", "'", "/", "\\", ":", "*", "?", "\"", "<", ">", "|", "[", "]", ",", ";", "=", '°'); // more complete than dol_sanitizeFileName $forbidden_chars_to_replace = array(" ", "'", "/", "\\", ":", "*", "?", "\"", "<", ">", "|", "[", "]", ",", ";", "=", '°', '$', ';'); // more complete than dol_sanitizeFileName
$forbidden_chars_to_remove = array(); $forbidden_chars_to_remove = array();
//$forbidden_chars_to_remove=array("(",")"); //$forbidden_chars_to_remove=array("(",")");