diff --git a/SECURITY.md b/SECURITY.md index 1189b6abe06..ac9ccbc677f 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -62,12 +62,12 @@ No vulnerability disclosure, including partial is allowed for the moment. ## Scope for qualified vulnerabilities -ONLY vulnerabilities discovered when the following setup is used are accepted: +ONLY vulnerabilities discovered, when the following setup on tested platform is used, are accepted: * $dolibarr_main_prod must be 1 into conf.php * $dolibarr_nocsrfcheck must not be set to 0 (should be 1 by default) into conf.php -* The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this value should be switched soon to 1 by default) -* ONLY security reports on "stable" modules are allowed (troubles into experimental and developement modules are not accepted). +* The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this value should be hard switched soon to 1 by default) +* ONLY security reports on "stable" modules are allowed (troubles into "experimental" and "developement" modules are not accepted). Scope is the web application (back office) and the APIs. @@ -84,6 +84,8 @@ Scope is the web application (back office) and the APIs. * CORS with real security impact * Horizontal and vertical privilege escalation * "HTTP Host Header" XSS +* Software version disclosure (for non admin users only) +* Stack traces or path disclosure (for non admin users only) ## Non-qualifying vulnerabilities for Bug bounty programs, but qualified for reporting @@ -93,8 +95,6 @@ Scope is the web application (back office) and the APIs. * Mixed content warnings * Denial of Service attacks * Clickjacking/UI redressing -* Software version disclosure -* Stack traces or path disclosure * Physical or social engineering attempts * Recently disclosed 0-day vulnerabilities * Presence of autocomplete attribute on web forms @@ -104,5 +104,7 @@ Scope is the web application (back office) and the APIs. * Missing security-related HTTP headers which do not lead directly to a vulnerability * Reports from automated web vulnerability scanners (Acunetix, Vega, etc.) that have not been validated * Invalid or missing SPF (Sender Policy Framework) records (Incomplete or missing SPF/DKIM/DMARC) -* Reports on features flagged as experimental +* Reports on features flagged as "experimental" or "development" +* Software version disclosure when logged user is admin +* Stack traces or path disclosure when logged user is admin diff --git a/htdocs/accountancy/bookkeeping/balance.php b/htdocs/accountancy/bookkeeping/balance.php index 4de2be6fcbb..059e1eb57b1 100644 --- a/htdocs/accountancy/bookkeeping/balance.php +++ b/htdocs/accountancy/bookkeeping/balance.php @@ -1,7 +1,7 @@ * Copyright (C) 2016 Florian Henry - * Copyright (C) 2016-2019 Alexandre Spangaro + * Copyright (C) 2016-2020 Alexandre Spangaro * Copyright (C) 2018 Frédéric France * * This program is free software; you can redistribute it and/or modify @@ -31,6 +31,7 @@ require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; require_once DOL_DOCUMENT_ROOT.'/accountancy/class/bookkeeping.class.php'; +require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingaccount.class.php'; require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountancyexport.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; @@ -244,7 +245,7 @@ if ($action != 'export_csv') print ''; print ''; - print ''; print_liste_field_titre("AccountAccounting", $_SERVER['PHP_SELF'], "t.numero_compte", "", $param, "", $sortfield, $sortorder); - print_liste_field_titre("Label", $_SERVER['PHP_SELF'], "t.label_operation", "", $param, "", $sortfield, $sortorder); print_liste_field_titre("OpeningBalance", $_SERVER['PHP_SELF'], "", $param, "", 'class="right"', $sortfield, $sortorder); print_liste_field_titre("Debit", $_SERVER['PHP_SELF'], "t.debit", "", $param, 'class="right"', $sortfield, $sortorder); print_liste_field_titre("Credit", $_SERVER['PHP_SELF'], "t.credit", "", $param, 'class="right"', $sortfield, $sortorder); @@ -274,6 +274,8 @@ if ($action != 'export_csv') $sous_total_credit = 0; $displayed_account = ""; + $accountingaccountstatic = new AccountingAccount($db); + $sql = "select t.numero_compte, (SUM(t.debit) - SUM(t.credit)) as opening_balance from ".MAIN_DB_PREFIX."accounting_bookkeeping as t where entity in ".$conf->entity; $sql .= " AND t.doc_date < '".$db->idate($search_date_start)."' GROUP BY t.numero_compte"; $resql = $db->query($sql); @@ -286,12 +288,18 @@ if ($action != 'export_csv') foreach ($object->lines as $line) { + $accountingaccountstatic->fetch(null, $line->numero_compte, true); + if (!empty($accountingaccountstatic->account_number)) { + $accounting_account = $accountingaccountstatic->getNomUrl(0, 1, 1, '', 1); + } else { + $accounting_account = length_accountg($line->numero_compte); + } + $link = ''; $total_debit += $line->debit; $total_credit += $line->credit; - $description = $object->get_compte_desc($line->numero_compte); // Search description of the account $root_account_description = $object->get_compte_racine($line->numero_compte); - if (empty($description)) { + if (empty($accountingaccountstatic->account_number)) { $link = ''.img_edit_add().''; } print ''; @@ -303,7 +311,7 @@ if ($action != 'export_csv') // Show subtotal per accounting account if ($displayed_account != "") { print ''; - print ''; + print ''; print ''; print ''; print ''; @@ -313,7 +321,7 @@ if ($action != 'export_csv') // Show first line of a break print ''; - print ''; + print ''; print ''; $displayed_account = $root_account_description; @@ -321,10 +329,9 @@ if ($action != 'export_csv') $sous_total_credit = 0; } } - // $object->get_compte_racine($line->numero_compte); - print ''; - print ''; + // $object->get_compte_racine($line->numero_compte); + print ''; print ''; print ''; print ''; @@ -340,12 +347,12 @@ if ($action != 'export_csv') if (!empty($show_subgroup)) { - print ''; + print ''; print "\n"; print ''; } - print ''; + print ''; print "\n"; print ''; diff --git a/htdocs/accountancy/class/accountingaccount.class.php b/htdocs/accountancy/class/accountingaccount.class.php index 43442fa0ca5..7cb30a74bc6 100644 --- a/htdocs/accountancy/class/accountingaccount.class.php +++ b/htdocs/accountancy/class/accountingaccount.class.php @@ -448,9 +448,10 @@ class AccountingAccount extends CommonObject * @param int $notooltip 1=Disable tooltip * @param int $save_lastsearch_value -1=Auto, 0=No save of lastsearch_values when clicking, 1=Save lastsearch_values whenclicking * @param int $withcompletelabel 0=Short label (field short label), 1=Complete label (field label) + * @param int $option 'bookkeeping', 'bookkeepinglistbyaccount', 'accountcard' * @return string String with URL */ - public function getNomUrl($withpicto = 0, $withlabel = 0, $nourl = 0, $moretitle = '', $notooltip = 0, $save_lastsearch_value = -1, $withcompletelabel = 0) + public function getNomUrl($withpicto = 0, $withlabel = 0, $nourl = 0, $moretitle = '', $notooltip = 0, $save_lastsearch_value = -1, $withcompletelabel = 0, $option = '') { global $langs, $conf, $user; require_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php'; @@ -459,7 +460,13 @@ class AccountingAccount extends CommonObject $result = ''; - $url = DOL_URL_ROOT.'/accountancy/admin/card.php?id='.$this->id; + if (empty($option)) { + $url = DOL_URL_ROOT . '/accountancy/bookkeeping/list.php?search_accountancy_code_start=' . $this->account_number . '&search_accountancy_code_end=' . $this->account_number; + } elseif ($option == 'bookkeepinglistbyaccount') { + $url = DOL_URL_ROOT . '/accountancy/bookkeeping/listbyaccount.php?search_accountancy_code_start=' . $this->account_number . '&search_accountancy_code_end=' . $this->account_number; + } elseif ($option == 'accountcard') { + $url = DOL_URL_ROOT . '/accountancy/admin/card.php?id=' . $this->id; + } // Add param to save lastsearch_values or not $add_save_lastsearch_values = ($save_lastsearch_value == 1 ? 1 : 0); diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index f2cb8c440c2..63da0be8677 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -854,7 +854,7 @@ if ($rowid > 0) { print '">'; // Complementary action - if (!empty($conf->banque->enabled) || !empty($conf->facture->enabled)) { + if ((!empty($conf->banque->enabled) || !empty($conf->facture->enabled)) && empty($conf->global->ADHERENT_SUBSCRIPTION_HIDECOMPLEMENTARYACTIONS)) { $company = new Societe($db); if ($object->fk_soc) { $result = $company->fetch($object->fk_soc); diff --git a/htdocs/admin/mails_ticket.php b/htdocs/admin/mails_ticket.php new file mode 100644 index 00000000000..0a452d109ce --- /dev/null +++ b/htdocs/admin/mails_ticket.php @@ -0,0 +1,574 @@ + + * Copyright (C) 2009-2012 Regis Houssin + * Copyright (C) 2013 Juanjo Menent + * Copyright (C) 2016 Jonathan TISSEAU + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/** + * \file htdocs/admin/mails_ticket.php + * \brief Page to setup mails for ticket + */ + +require '../main.inc.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; + +// Load translation files required by the page +$langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'errors')); + +$action = GETPOST('action', 'alpha'); + +if (!$user->admin) accessforbidden(); + +$usersignature = $user->signature; +// For action = test or send, we ensure that content is not html, even for signature, because this we want a test with NO html. +if ($action == 'test' || $action == 'send') +{ + $usersignature = dol_string_nohtmltag($usersignature); +} + +$substitutionarrayfortest = array( +'__LOGIN__' => $user->login, +'__ID__' => 'TESTIdRecord', +'__EMAIL__' => 'TESTEMail', +'__LASTNAME__' => 'TESTLastname', +'__FIRSTNAME__' => 'TESTFirstname', +'__USER_SIGNATURE__' => (($user->signature && empty($conf->global->MAIN_MAIL_DO_NOT_USE_SIGN)) ? $usersignature : ''), +//'__PERSONALIZED__' => 'TESTPersonalized' // Hiden because not used yet +); +complete_substitutions_array($substitutionarrayfortest, $langs); + + + +/* + * Actions + */ + +if ($action == 'update' && empty($_POST["cancel"])) +{ + // Send mode parameters + dolibarr_set_const($db, "MAIN_MAIL_SENDMODE_TICKET", GETPOST("MAIN_MAIL_SENDMODE_TICKET"), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_MAIL_SMTP_PORT_TICKET", GETPOST("MAIN_MAIL_SMTP_PORT_TICKET"), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_MAIL_SMTP_SERVER_TICKET", GETPOST("MAIN_MAIL_SMTP_SERVER_TICKET"), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_MAIL_SMTPS_ID_TICKET", GETPOST("MAIN_MAIL_SMTPS_ID_TICKET"), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_MAIL_SMTPS_PW_TICKET", GETPOST("MAIN_MAIL_SMTPS_PW_TICKET"), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_MAIL_EMAIL_TLS_TICKET", GETPOST("MAIN_MAIL_EMAIL_TLS_TICKET"), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_MAIL_EMAIL_STARTTLS_TICKET", GETPOST("MAIN_MAIL_EMAIL_STARTTLS_TICKET"), 'chaine', 0, '', $conf->entity); + + header("Location: ".$_SERVER["PHP_SELF"]."?mainmenu=home&leftmenu=setup"); + exit; +} + + +// Actions to send emails +$id = 0; +$actiontypecode = ''; // Not an event for agenda +$triggersendname = ''; // Disable triggers +$paramname = 'id'; +$mode = 'emailfortest'; +$trackid = (($action == 'testhtml') ? "testhtml" : "test"); +$sendcontext = 'ticket'; // Force to use dedicated context of setup for ticket +include DOL_DOCUMENT_ROOT.'/core/actions_sendmails.inc.php'; + +if ($action == 'presend' && GETPOST('trackid') == 'test') $action = 'test'; +if ($action == 'presend' && GETPOST('trackid') == 'testhtml') $action = 'testhtml'; + + + + +/* + * View + */ + +$form = new Form($db); + +$linuxlike = 1; +if (preg_match('/^win/i', PHP_OS)) $linuxlike = 0; +if (preg_match('/^mac/i', PHP_OS)) $linuxlike = 0; + +if (empty($conf->global->MAIN_MAIL_SENDMODE_TICKET)) $conf->global->MAIN_MAIL_SENDMODE_TICKET = 'default'; +$port = !empty($conf->global->MAIN_MAIL_SMTP_PORT_TICKET) ? $conf->global->MAIN_MAIL_SMTP_PORT_TICKET : ini_get('smtp_port'); +if (!$port) $port = 25; +$server = !empty($conf->global->MAIN_MAIL_SMTP_SERVER_TICKET) ? $conf->global->MAIN_MAIL_SMTP_SERVER_TICKET : ini_get('SMTP'); +if (!$server) $server = '127.0.0.1'; + + +$wikihelp = 'EN:Setup_EMails|FR:Paramétrage_EMails|ES:Configuración_EMails'; +llxHeader('', $langs->trans("Setup"), $wikihelp); + +print load_fiche_titre($langs->trans("EMailsSetup"), '', 'title_setup'); + +$head = email_admin_prepare_head(); + +// List of sending methods +$listofmethods = array(); +$listofmethods['default'] = $langs->trans('DefaultOutgoingEmailSetup'); +$listofmethods['mail'] = 'PHP mail function'; +//$listofmethods['simplemail']='Simplemail class'; +$listofmethods['smtps'] = 'SMTP/SMTPS socket library'; +$listofmethods['swiftmailer'] = 'Swift Mailer socket library'; + + +if ($action == 'edit') +{ + if ($conf->use_javascript_ajax) + { + print "\n".''."\n"; + } + + print '
'; + print ''; + print ''; + + dol_fiche_head($head, 'common_ticket', '', -1); + + print ''.$langs->trans("EMailsDesc")."
\n"; + print "
\n"; + + + clearstatcache(); + + print '
'; + print ''; print $langs->trans('From'); print $formaccounting->select_account($search_accountancy_code_start, 'search_accountancy_code_start', 1, array(), 1, 1, ''); print ' '; @@ -260,7 +261,6 @@ if ($action != 'export_csv') print '
'.$langs->trans("SubTotal").':'.$langs->trans("SubTotal").':'.price($sous_total_debit).''.price($sous_total_credit).''.price(price2num($sous_total_credit - $sous_total_debit)).'
'.$line->numero_compte.($root_account_description ? ' - '.$root_account_description : '').''.$line->numero_compte.($root_account_description ? ' - '.$root_account_description : '').'
'.length_accountg($line->numero_compte).''.$description.''.$accounting_account.''.price($opening_balances["'".$line->numero_compte."'"]).''.price($line->debit).''.price($line->credit).'
'.$langs->trans("SubTotal").':'.price($sous_total_debit).''.price($sous_total_credit).''.price(price2num($sous_total_debit - $sous_total_credit)).'
'.$langs->trans("SubTotal").':'.price($sous_total_debit).''.price($sous_total_credit).''.price(price2num($sous_total_debit - $sous_total_credit)).'
'.$langs->trans("AccountBalance").':'.price($total_debit).''.price($total_credit).''.price(price2num($total_debit - $total_credit)).'
'.$langs->trans("AccountBalance").':'.price($total_debit).''.price($total_credit).''.price(price2num($total_debit - $total_credit)).'
'; + print ''; + + // Method + + print ''; + + // Host server + + print ''; + + // Port + + print ''; + + // ID + if (!empty($conf->use_javascript_ajax) || (isset($conf->global->MAIN_MAIL_SENDMODE_TICKET) && in_array($conf->global->MAIN_MAIL_SENDMODE_TICKET, array('smtps', 'swiftmailer')))) + { + $mainstmpid = (!empty($conf->global->MAIN_MAIL_SMTPS_ID_TICKET) ? $conf->global->MAIN_MAIL_SMTPS_ID_TICKET : ''); + print ''; + } + + // PW + if (!empty($conf->use_javascript_ajax) || (isset($conf->global->MAIN_MAIL_SENDMODE_TICKET) && in_array($conf->global->MAIN_MAIL_SENDMODE_TICKET, array('smtps', 'swiftmailer')))) + { + $mainsmtppw = (!empty($conf->global->MAIN_MAIL_SMTPS_PW_TICKET) ? $conf->global->MAIN_MAIL_SMTPS_PW_TICKET : ''); + print ''; + } + + // TLS + + print ''; + + // STARTTLS + + print ''; + + print '
'.$langs->trans("Parameter").''.$langs->trans("Value").'
'.$langs->trans("MAIN_MAIL_SENDMODE").''; + + // SuperAdministrator access only + if ((empty($conf->global->MAIN_MODULE_MULTICOMPANY)) || ($user->admin && !$user->entity)) + { + print $form->selectarray('MAIN_MAIL_SENDMODE_TICKET', $listofmethods, $conf->global->MAIN_MAIL_SENDMODE_TICKET); + } else { + $text = $listofmethods[$conf->global->MAIN_MAIL_SENDMODE_TICKET]; + if (empty($text)) $text = $langs->trans("Undefined"); + $htmltext = $langs->trans("ContactSuperAdminForChange"); + print $form->textwithpicto($text, $htmltext, 1, 'superadmin'); + print ''; + } + print '
'; + if (!$conf->use_javascript_ajax && $linuxlike && $conf->global->MAIN_MAIL_SENDMODE_TICKET == 'mail') + { + print $langs->trans("MAIN_MAIL_SMTP_SERVER_NotAvailableOnLinuxLike"); + print ''; + print $langs->trans("SeeLocalSendMailSetup"); + } else { + $mainserver = (!empty($conf->global->MAIN_MAIL_SMTP_SERVER_TICKET) ? $conf->global->MAIN_MAIL_SMTP_SERVER_TICKET : ''); + $smtpserver = ini_get('SMTP') ?ini_get('SMTP') : $langs->transnoentities("Undefined"); + if ($linuxlike) print $langs->trans("MAIN_MAIL_SMTP_SERVER_NotAvailableOnLinuxLike"); + else print $langs->trans("MAIN_MAIL_SMTP_SERVER", $smtpserver); + print ''; + // SuperAdministrator access only + if (empty($conf->multicompany->enabled) || ($user->admin && !$user->entity)) + { + print ''; + print ''; + print ''.$langs->trans("SeeLocalSendMailSetup").''; + } else { + $text = !empty($mainserver) ? $mainserver : $smtpserver; + $htmltext = $langs->trans("ContactSuperAdminForChange"); + print $form->textwithpicto($text, $htmltext, 1, 'superadmin'); + print ''; + } + } + print '
'; + if (!$conf->use_javascript_ajax && $linuxlike && $conf->global->MAIN_MAIL_SENDMODE_TICKET == 'mail') + { + print $langs->trans("MAIN_MAIL_SMTP_PORT_NotAvailableOnLinuxLike"); + print ''; + print $langs->trans("SeeLocalSendMailSetup"); + } else { + $mainport = (!empty($conf->global->MAIN_MAIL_SMTP_PORT_TICKET) ? $conf->global->MAIN_MAIL_SMTP_PORT_TICKET : ''); + $smtpport = ini_get('smtp_port') ?ini_get('smtp_port') : $langs->transnoentities("Undefined"); + if ($linuxlike) print $langs->trans("MAIN_MAIL_SMTP_PORT_NotAvailableOnLinuxLike"); + else print $langs->trans("MAIN_MAIL_SMTP_PORT", $smtpport); + print ''; + // SuperAdministrator access only + if (empty($conf->multicompany->enabled) || ($user->admin && !$user->entity)) + { + print ''; + print ''; + print ''.$langs->trans("SeeLocalSendMailSetup").''; + } else { + $text = (!empty($mainport) ? $mainport : $smtpport); + $htmltext = $langs->trans("ContactSuperAdminForChange"); + print $form->textwithpicto($text, $htmltext, 1, 'superadmin'); + print ''; + } + } + print '
'.$langs->trans("MAIN_MAIL_SMTPS_ID").''; + // SuperAdministrator access only + if (empty($conf->multicompany->enabled) || ($user->admin && !$user->entity)) + { + print ''; + } else { + $htmltext = $langs->trans("ContactSuperAdminForChange"); + print $form->textwithpicto($conf->global->MAIN_MAIL_SMTPS_ID_TICKET, $htmltext, 1, 'superadmin'); + print ''; + } + print '
'.$langs->trans("MAIN_MAIL_SMTPS_PW").''; + // SuperAdministrator access only + if (empty($conf->multicompany->enabled) || ($user->admin && !$user->entity)) + { + print ''; + } else { + $htmltext = $langs->trans("ContactSuperAdminForChange"); + print $form->textwithpicto($conf->global->MAIN_MAIL_SMTPS_PW_TICKET, $htmltext, 1, 'superadmin'); + print ''; + } + print '
'.$langs->trans("MAIN_MAIL_EMAIL_TLS").''; + if (!empty($conf->use_javascript_ajax) || (isset($conf->global->MAIN_MAIL_SENDMODE_TICKET) && in_array($conf->global->MAIN_MAIL_SENDMODE_TICKET, array('smtps', 'swiftmailer')))) + { + if (function_exists('openssl_open')) + { + print $form->selectyesno('MAIN_MAIL_EMAIL_TLS_TICKET', (!empty($conf->global->MAIN_MAIL_EMAIL_TLS_TICKET) ? $conf->global->MAIN_MAIL_EMAIL_TLS_TICKET : 0), 1); + } else print yn(0).' ('.$langs->trans("YourPHPDoesNotHaveSSLSupport").')'; + } else print yn(0).' ('.$langs->trans("NotSupported").')'; + print '
'.$langs->trans("MAIN_MAIL_EMAIL_STARTTLS").''; + if (!empty($conf->use_javascript_ajax) || (isset($conf->global->MAIN_MAIL_SENDMODE_TICKET) && in_array($conf->global->MAIN_MAIL_SENDMODE_TICKET, array('smtps', 'swiftmailer')))) + { + if (function_exists('openssl_open')) + { + print $form->selectyesno('MAIN_MAIL_EMAIL_STARTTLS_TICKET', (!empty($conf->global->MAIN_MAIL_EMAIL_STARTTLS_TICKET) ? $conf->global->MAIN_MAIL_EMAIL_STARTTLS_TICKET : 0), 1); + } else print yn(0).' ('.$langs->trans("YourPHPDoesNotHaveSSLSupport").')'; + } else print yn(0).' ('.$langs->trans("NotSupported").')'; + print '
'; + + dol_fiche_end(); + + print '
'; + print ''; + print '     '; + print ''; + print '
'; + + print ''; +} else { + dol_fiche_head($head, 'common_ticket', '', -1); + + print ''.$langs->trans("EMailsDesc")."
\n"; + print "
\n"; + + print ''; + print ''; + + // Method + print ''; + + if (!empty($conf->global->MAIN_MAIL_SENDMODE_TICKET) && $conf->global->MAIN_MAIL_SENDMODE_TICKET != 'default') + { + // Host server + if ($linuxlike && (isset($conf->global->MAIN_MAIL_SENDMODE_TICKET) && $conf->global->MAIN_MAIL_SENDMODE_TICKET == 'mail')) + { + print ''; + } else { + print ''; + } + + // Port + if ($linuxlike && (isset($conf->global->MAIN_MAIL_SENDMODE_TICKET) && $conf->global->MAIN_MAIL_SENDMODE_TICKET == 'mail')) + { + print ''; + } else { + print ''; + } + + // SMTPS ID + if (isset($conf->global->MAIN_MAIL_SENDMODE_TICKET) && in_array($conf->global->MAIN_MAIL_SENDMODE_TICKET, array('smtps', 'swiftmailer'))) + { + print ''; + } + + // SMTPS PW + if (isset($conf->global->MAIN_MAIL_SENDMODE_TICKET) && in_array($conf->global->MAIN_MAIL_SENDMODE_TICKET, array('smtps', 'swiftmailer'))) + { + print ''; + } + + // TLS + print ''; + + // STARTTLS + print ''; + } + + print '
'.$langs->trans("Parameter").''.$langs->trans("Value").'
'.$langs->trans("MAIN_MAIL_SENDMODE").''; + $text = $listofmethods[$conf->global->MAIN_MAIL_SENDMODE_TICKET]; + if (empty($text)) $text = $langs->trans("Undefined").img_warning(); + print $text; + print '
'.$langs->trans("MAIN_MAIL_SMTP_SERVER_NotAvailableOnLinuxLike").''.$langs->trans("SeeLocalSendMailSetup").'
'.$langs->trans("MAIN_MAIL_SMTP_SERVER", ini_get('SMTP') ?ini_get('SMTP') : $langs->transnoentities("Undefined")).''.(!empty($conf->global->MAIN_MAIL_SMTP_SERVER_TICKET) ? $conf->global->MAIN_MAIL_SMTP_SERVER_TICKET : '').'
'.$langs->trans("MAIN_MAIL_SMTP_PORT_NotAvailableOnLinuxLike").''.$langs->trans("SeeLocalSendMailSetup").'
'.$langs->trans("MAIN_MAIL_SMTP_PORT", ini_get('smtp_port') ?ini_get('smtp_port') : $langs->transnoentities("Undefined")).''.(!empty($conf->global->MAIN_MAIL_SMTP_PORT_TICKET) ? $conf->global->MAIN_MAIL_SMTP_PORT_TICKET : '').'
'.$langs->trans("MAIN_MAIL_SMTPS_ID").''.$conf->global->MAIN_MAIL_SMTPS_ID_TICKET.'
'.$langs->trans("MAIN_MAIL_SMTPS_PW").''.preg_replace('/./', '*', $conf->global->MAIN_MAIL_SMTPS_PW_TICKET).'
'.$langs->trans("MAIN_MAIL_EMAIL_TLS").''; + if (isset($conf->global->MAIN_MAIL_SENDMODE_TICKET) && in_array($conf->global->MAIN_MAIL_SENDMODE_TICKET, array('smtps', 'swiftmailer'))) + { + if (function_exists('openssl_open')) + { + print yn($conf->global->MAIN_MAIL_EMAIL_TLS_TICKET); + } else print yn(0).' ('.$langs->trans("YourPHPDoesNotHaveSSLSupport").')'; + } else print yn(0).' ('.$langs->trans("NotSupported").')'; + print '
'.$langs->trans("MAIN_MAIL_EMAIL_STARTTLS").''; + if (isset($conf->global->MAIN_MAIL_SENDMODE_TICKET) && in_array($conf->global->MAIN_MAIL_SENDMODE_TICKET, array('smtps', 'swiftmailer'))) + { + if (function_exists('openssl_open')) + { + print yn($conf->global->MAIN_MAIL_EMAIL_STARTTLS_TICKET); + } else print yn(0).' ('.$langs->trans("YourPHPDoesNotHaveSSLSupport").')'; + } else print yn(0).' ('.$langs->trans("NotSupported").')'; + print '
'; + + dol_fiche_end(); + + + if ($conf->global->MAIN_MAIL_SENDMODE_TICKET == 'mail' && empty($conf->global->MAIN_FIX_FOR_BUGGED_MTA)) + { + print '
'; + /* + // Warning 1 + if ($linuxlike) + { + $sendmailoption=ini_get('mail.force_extra_parameters'); + if (empty($sendmailoption) || ! preg_match('/ba/',$sendmailoption)) + { + print info_admin($langs->trans("SendmailOptionNotComplete")); + } + }*/ + // Warning 2 + print info_admin($langs->trans("SendmailOptionMayHurtBuggedMTA")); + } + + + // Buttons for actions + + print '
'; + + print ''.$langs->trans("Modify").''; + + if (!empty($conf->global->MAIN_MAIL_SENDMODE_TICKET) && $conf->global->MAIN_MAIL_SENDMODE_TICKET != 'default') + { + if ($conf->global->MAIN_MAIL_SENDMODE_TICKET != 'mail' || !$linuxlike) + { + if (function_exists('fsockopen') && $port && $server) + { + print ''.$langs->trans("DoTestServerAvailability").''; + } + } else { + print ''.$langs->trans("DoTestServerAvailability").''; + } + + print ''.$langs->trans("DoTestSend").''; + + if (!empty($conf->fckeditor->enabled)) + { + print ''.$langs->trans("DoTestSendHTML").''; + } + } + + print '
'; + + + if ($conf->global->MAIN_MAIL_SENDMODE_TICKET == 'mail' && !in_array($action, array('testconnect', 'test', 'testhtml'))) + { + $text = $langs->trans("WarningPHPMail"); + print info_admin($text); + } + + // Run the test to connect + if ($action == 'testconnect') + { + print load_fiche_titre($langs->trans("DoTestServerAvailability")); + + include_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php'; + $mail = new CMailFile('', '', '', '', array(), array(), array(), '', '', 0, '', '', '', '', $trackid, $sendcontext); + + $result = $mail->check_server_port($server, $port); + if ($result) print '
'.$langs->trans("ServerAvailableOnIPOrPort", $server, $port).'
'; + else { + $errormsg = $langs->trans("ServerNotAvailableOnIPOrPort", $server, $port); + + if ($mail->error) { + $errormsg .= ' - '.$mail->error; + } + + setEventMessages($errormsg, null, 'errors'); + } + print '
'; + } + + // Show email send test form + if ($action == 'test' || $action == 'testhtml') + { + print '
'; + print load_fiche_titre($action == 'testhtml' ? $langs->trans("DoTestSendHTML") : $langs->trans("DoTestSend")); + + dol_fiche_head(''); + + // Cree l'objet formulaire mail + include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php'; + $formmail = new FormMail($db); + $formmail->fromname = (isset($_POST['fromname']) ? $_POST['fromname'] : $conf->global->MAIN_MAIL_EMAIL_FROM); + $formmail->frommail = (isset($_POST['frommail']) ? $_POST['frommail'] : $conf->global->MAIN_MAIL_EMAIL_FROM); + $formmail->trackid = (($action == 'testhtml') ? "testhtml" : "test"); + $formmail->withfromreadonly = 0; + $formmail->withsubstit = 0; + $formmail->withfrom = 1; + $formmail->witherrorsto = 1; + $formmail->withto = (!empty($_POST['sendto']) ? $_POST['sendto'] : ($user->email ? $user->email : 1)); + $formmail->withtocc = (!empty($_POST['sendtocc']) ? $_POST['sendtocc'] : 1); // ! empty to keep field if empty + $formmail->withtoccc = (!empty($_POST['sendtoccc']) ? $_POST['sendtoccc'] : 1); // ! empty to keep field if empty + $formmail->withtopic = (isset($_POST['subject']) ? $_POST['subject'] : $langs->trans("Test")); + $formmail->withtopicreadonly = 0; + $formmail->withfile = 2; + $formmail->withbody = (isset($_POST['message']) ? $_POST['message'] : ($action == 'testhtml' ? $langs->transnoentities("PredefinedMailTestHtml") : $langs->transnoentities("PredefinedMailTest"))); + $formmail->withbodyreadonly = 0; + $formmail->withcancel = 1; + $formmail->withdeliveryreceipt = 1; + $formmail->withfckeditor = ($action == 'testhtml' ? 1 : 0); + $formmail->ckeditortoolbar = 'dolibarr_mailings'; + // Tableau des substitutions + $formmail->substit = $substitutionarrayfortest; + // Tableau des parametres complementaires du post + $formmail->param["action"] = "send"; + $formmail->param["models"] = "body"; + $formmail->param["mailid"] = 0; + $formmail->param["returnurl"] = $_SERVER["PHP_SELF"]; + + // Init list of files + if (GETPOST("mode") == 'init') + { + $formmail->clear_attached_files(); + } + + print $formmail->get_form('addfile', 'removefile'); + + dol_fiche_end(); + } +} + +// End of page +llxFooter(); +$db->close(); diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index dcb72cd2a18..a181586815f 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -58,23 +58,23 @@ $origin = GETPOST('origin', 'alpha'); $originid = GETPOST('originid', 'int'); $confirm = GETPOST('confirm', 'alpha'); -$fulldayevent = GETPOST('fullday'); +$fulldayevent = GETPOST('fullday', 'alpha'); -$aphour = GETPOST('aphour'); -$apmin = GETPOST('apmin'); -$p2hour = GETPOST('p2hour'); -$p2min = GETPOST('p2min'); +$aphour = GETPOST('aphour', 'int'); +$apmin = GETPOST('apmin', 'int'); +$p2hour = GETPOST('p2hour', 'int'); +$p2min = GETPOST('p2min', 'int'); -$addreminder = GETPOST('addreminder'); -$offsetvalue = GETPOST('offsetvalue'); -$offsetunit = GETPOST('offsetunittype_duration'); -$remindertype = GETPOST('selectremindertype'); -$modelmail = GETPOST('actioncommsendmodel_mail'); +$addreminder = GETPOST('addreminder', 'alpha'); +$offsetvalue = GETPOST('offsetvalue', 'int'); +$offsetunit = GETPOST('offsetunittype_duration', 'aZ09'); +$remindertype = GETPOST('selectremindertype', 'aZ09'); +$modelmail = GETPOST('actioncommsendmodel_mail', 'int'); //var_dump($_POST); exit; -$datep = dol_mktime($fulldayevent ? '00' : $aphour, $fulldayevent ? '00' : $apmin, 0, GETPOST("apmonth"), GETPOST("apday"), GETPOST("apyear")); -$datef = dol_mktime($fulldayevent ? '23' : $p2hour, $fulldayevent ? '59' : $p2min, $fulldayevent ? '59' : '0', GETPOST("p2month"), GETPOST("p2day"), GETPOST("p2year")); +$datep = dol_mktime($fulldayevent ? '00' : $aphour, $fulldayevent ? '00' : $apmin, 0, GETPOST("apmonth", 'int'), GETPOST("apday", 'int'), GETPOST("apyear", 'int')); +$datef = dol_mktime($fulldayevent ? '23' : $p2hour, $fulldayevent ? '59' : $p2min, $fulldayevent ? '59' : '0', GETPOST("p2month", 'int'), GETPOST("p2day", 'int'), GETPOST("p2year", 'int')); // Security check $socid = GETPOST('socid', 'int'); @@ -391,21 +391,9 @@ if (empty($reshook) && $action == 'add') if ($addreminder == 'on'){ $actionCommReminder = new ActionCommReminder($db); - if ($offsetunit == 'minute'){ - $dateremind = dol_time_plus_duree($datep, -$offsetvalue, 'i'); - } elseif ($offsetunit == 'hour'){ - $dateremind = dol_time_plus_duree($datep, -$offsetvalue, 'h'); - } elseif ($offsetunit == 'day') { - $dateremind = dol_time_plus_duree($datep, -$offsetvalue, 'd'); - } elseif ($offsetunit == 'week') { - $dateremind = dol_time_plus_duree($datep, -$offsetvalue, 'w'); - } elseif ($offsetunit == 'month') { - $dateremind = dol_time_plus_duree($datep, -$offsetvalue, 'm'); - } elseif ($offsetunit == 'year') { - $dateremind = dol_time_plus_duree($datep, -$offsetvalue, 'y'); - } + $dateremind = dol_time_plus_duree($datep, -$offsetvalue, 'i'); - $actionCommReminder->dateremind = $db->idate($dateremind); + $actionCommReminder->dateremind = $dateremind; $actionCommReminder->typeremind = $remindertype; $actionCommReminder->fk_user = $user; $actionCommReminder->offsetunit = $offsetunit; @@ -418,15 +406,20 @@ if (empty($reshook) && $action == 'add') if ($res <= 0){ // If error - $db->rollback(); + $error++; $langs->load("errors"); - $error = $langs->trans('ErrorReminderActionCommCreation'); - setEventMessages($error, null, 'errors'); + $error = $langs->trans('ErrorReminderActionCommCreation').' '.$actionCommReminder->error; + setEventMessages($error, $actionCommReminder->errors, 'errors'); $action = 'create'; $donotclearsession = 1; } } - $db->commit(); + if ($error) { + $db->rollback(); + } else { + $db->commit(); + } + if (!empty($backtopage)) { dol_syslog("Back to ".$backtopage.($moreparam ? (preg_match('/\?/', $backtopage) ? '&'.$moreparam : '?'.$moreparam) : '')); @@ -904,31 +897,48 @@ if ($action == 'create') // Full day print ''.$langs->trans("EventOnFullDay").''; - // Date start - $datep = ($datep ? $datep : $object->datep); - if (GETPOST('datep', 'int', 1)) $datep = dol_stringtotime(GETPOST('datep', 'int', 1), 0); - print ''.$langs->trans("DateActionStart").''; + $datep = ($datep ? $datep : $object->datep); + if (GETPOST('datep', 'int', 1)) $datep = dol_stringtotime(GETPOST('datep', 'int', 1), 0); + $datef = ($datef ? $datef : $object->datef); + if (GETPOST('datef', 'int', 1)) $datef = dol_stringtotime(GETPOST('datef', 'int', 1), 0); + if (empty($datef) && !empty($datep)) + { + if (GETPOST("actioncode", 'aZ09') == 'AC_RDV' || empty($conf->global->AGENDA_USE_EVENT_TYPE_DEFAULT)) { + $datef = dol_time_plus_duree($datep, (empty($conf->global->AGENDA_AUTOSET_END_DATE_WITH_DELTA_HOURS) ? 1 : $conf->global->AGENDA_AUTOSET_END_DATE_WITH_DELTA_HOURS), 'h'); + } + } + + // Date start + print ''; + print ''.$langs->trans("DateActionStart").''; + print ' - '; + print ''.$langs->trans("DateActionEnd").''; + print ''; if (GETPOST("afaire") == 1) { print $form->selectDate($datep, 'ap', 1, 1, 0, "action", 1, 2, 0, 'fulldaystart'); // Empty value not allowed for start date and hours if "todo" } else { print $form->selectDate($datep, 'ap', 1, 1, 1, "action", 1, 2, 0, 'fulldaystart'); } - print ''; + print '     -     '; + //print ' - '; + if (GETPOST("afaire") == 1) { + print $form->selectDate($datef, 'p2', 1, 1, 1, "action", 1, 0, 0, 'fulldayend'); + } else { + print $form->selectDate($datef, 'p2', 1, 1, 1, "action", 1, 0, 0, 'fulldayend'); + } + print ''; // Date end - $datef = ($datef ? $datef : $object->datef); - if (GETPOST('datef', 'int', 1)) $datef = dol_stringtotime(GETPOST('datef', 'int', 1), 0); - if (empty($datef) && !empty($datep) && !empty($conf->global->AGENDA_AUTOSET_END_DATE_WITH_DELTA_HOURS)) - { - $datef = dol_time_plus_duree($datep, $conf->global->AGENDA_AUTOSET_END_DATE_WITH_DELTA_HOURS, 'h'); - } - print ''.$langs->trans("DateActionEnd").''; + /*print ''; + print ''.$langs->trans("DateActionEnd").''; + print ''; + print ''; if (GETPOST("afaire") == 1) { print $form->selectDate($datef, 'p2', 1, 1, 1, "action", 1, 2, 0, 'fulldayend'); } else { print $form->selectDate($datef, 'p2', 1, 1, 1, "action", 1, 2, 0, 'fulldayend'); } - print ''; + print '';*/ // Dev in progress $userepeatevent = ($conf->global->MAIN_FEATURES_LEVEL == 2 ? 1 : 0); @@ -1173,13 +1183,14 @@ if ($action == 'create') if ($conf->global->AGENDA_REMINDER_EMAIL || $conf->global->AGENDA_REMINDER_BROWSER) { //checkbox create reminder - print '
'; - print ''.$langs->trans("AddReminder").''; + print '
'; + print '
'; + print '

'; print '