From bcd5aacb4c6863a5e5ba6b06e7f64ca382ffd509 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Thu, 4 Aug 2022 16:53:58 +0200 Subject: [PATCH 01/21] Fix : Spam db public page --- htdocs/admin/security_other.php | 15 ++++++++++-- htdocs/langs/en_US/admin.lang | 2 ++ htdocs/public/ticket/create_ticket.php | 33 ++++++++++++++++++++++---- htdocs/ticket/class/ticket.class.php | 4 +++- 4 files changed, 47 insertions(+), 7 deletions(-) diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php index 090e2254541..beffa8d4ea8 100644 --- a/htdocs/admin/security_other.php +++ b/htdocs/admin/security_other.php @@ -61,7 +61,7 @@ if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) { dol_print_error($db); } } elseif ($action == 'updateform') { - $res1 = 1; $res2 = 1; $res3 = 1; + $res1 = 1; $res2 = 1; $res3 = 1; $res4 = 1; if (GETPOSTISSET('MAIN_APPLICATION_TITLE')) { $res1 = dolibarr_set_const($db, "MAIN_APPLICATION_TITLE", GETPOST("MAIN_APPLICATION_TITLE", 'alphanohtml'), 'chaine', 0, '', $conf->entity); } @@ -71,7 +71,10 @@ if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) { if (GETPOSTISSET('MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT')) { $res3 = dolibarr_set_const($db, "MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT", GETPOST("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT", 'alphanohtml'), 'int', 0, '', $conf->entity); } - if ($res1 && $res2 && $res3) { + if (GETPOSTISSET('MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS')) { + $res4 = dolibarr_set_const($db, "MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", GETPOST("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 'alphanohtml'), 'int', 0, '', $conf->entity); + } + if ($res1 && $res2 && $res3 && $res4) { setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs'); } } @@ -185,6 +188,14 @@ print ''; +print ''.$langs->trans("MaxNumberOfPostOnPublicPagesByIP").''; +print ''; +print ''; +print ' '.strtolower($langs->trans("Posts")); +print ''; +print ''; + /* if (empty($conf->global->MAIN_APPLICATION_TITLE)) { $conf->global->MAIN_APPLICATION_TITLE = ""; diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 149668e34a7..d20b8d139d9 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -2288,5 +2288,7 @@ NoName=No name ShowAdvancedOptions= Show advanced options HideAdvancedoptions= Hide advanced options Images=Images +Posts=Posts MaxNumberOfImagesInGetPost=Max number of images allowed in GETPOST check +MaxNumberOfPostOnPublicPagesByIP=Max number of posts on public pages with an IP Address CIDLookupURL=The module brings an URL that can be used by an external tool to get the name of a thirdparty or contact from its phone number. URL to use is: diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index 1c302c33b2e..dbda57d348f 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -138,6 +138,7 @@ if (empty($reshook) && GETPOST('removedfile', 'alpha') && !GETPOST('save', 'alph if (empty($reshook) && $action == 'create_ticket' && GETPOST('save', 'alpha')) { $error = 0; + $nb_post_ip = 0; $origin_email = GETPOST('email', 'alpha'); if (empty($origin_email)) { $error++; @@ -231,6 +232,21 @@ if (empty($reshook) && $action == 'create_ticket' && GETPOST('save', 'alpha')) { $object->type_code = GETPOST("type_code", 'aZ09'); $object->category_code = GETPOST("category_code", 'aZ09'); $object->severity_code = GETPOST("severity_code", 'aZ09'); + $object->ip = (empty($_SERVER['REMOTE_ADDR']) ? 'unknown' : $_SERVER['REMOTE_ADDR']); + + $sql = "SELECT COUNT(ref) as nb_tickets"; + $sql .= " FROM ".MAIN_DB_PREFIX."ticket"; + $sql .= " WHERE ip = '".$db->escape($object->ip)."'"; + $resql = $db->query($sql); + if ($resql) { + $num = $db->num_rows($resql); + $i = 0; + while ($i < $num) { + $i++; + $obj = $db->fetch_object($resql); + $nb_post_ip = $obj->nb_tickets; + } + } if (!is_object($user)) { $user = new User($db); @@ -289,14 +305,23 @@ if (empty($reshook) && $action == 'create_ticket' && GETPOST('save', 'alpha')) { $object->context['disableticketemail'] = 1; // Disable emails sent by ticket trigger when creation is done from this page, emails are already sent later - $id = $object->create($user); - if ($id <= 0) { + if ($nb_post_ip >= getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000)) { $error++; - $errors = ($object->error ? array($object->error) : $object->errors); - array_push($object->errors, $object->error ? array($object->error) : $object->errors); + $errors = array($langs->trans("AlreadyTooMuchPostOnThisIPAdress")); + array_push($object->errors, array($langs->trans("AlreadyTooMuchPostOnThisIPAdress"))); $action = 'create_ticket'; } + if (!$error) { + $id = $object->create($user); + if ($id <= 0) { + $error++; + $errors = ($object->error ? array($object->error) : $object->errors); + array_push($object->errors, $object->error ? array($object->error) : $object->errors); + $action = 'create_ticket'; + } + } + if (!$error && $id > 0) { if ($usertoassign > 0) { $object->add_contact($usertoassign, "SUPPORTCLI", 'external', 0); diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 82c2142d786..5c1ba2e5dde 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -459,7 +459,8 @@ class Ticket extends CommonObject $sql .= "date_read,"; $sql .= "date_close,"; $sql .= "entity,"; - $sql .= "notify_tiers_at_create"; + $sql .= "notify_tiers_at_create,"; + $sql .= "ip"; $sql .= ") VALUES ("; $sql .= " ".(!isset($this->ref) ? '' : "'".$this->db->escape($this->ref)."'").","; $sql .= " ".(!isset($this->track_id) ? 'NULL' : "'".$this->db->escape($this->track_id)."'").","; @@ -484,6 +485,7 @@ class Ticket extends CommonObject $sql .= " ".(!isset($this->date_close) || dol_strlen($this->date_close) == 0 ? 'NULL' : "'".$this->db->idate($this->date_close)."'").""; $sql .= ", ".((int) $conf->entity); $sql .= ", ".(!isset($this->notify_tiers_at_create) ? '1' : "'".$this->db->escape($this->notify_tiers_at_create)."'"); + $sql .= ", ".(!isset($this->ip) ? 'unknown' : "'".$this->db->escape($this->ip)."'"); $sql .= ")"; $this->db->begin(); From 872602594e472df69c731cbde02da1cc619400f7 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Fri, 5 Aug 2022 12:34:16 +0200 Subject: [PATCH 02/21] fix CI error --- htdocs/ticket/class/ticket.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 5c1ba2e5dde..edda0dd4ee5 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -485,7 +485,7 @@ class Ticket extends CommonObject $sql .= " ".(!isset($this->date_close) || dol_strlen($this->date_close) == 0 ? 'NULL' : "'".$this->db->idate($this->date_close)."'").""; $sql .= ", ".((int) $conf->entity); $sql .= ", ".(!isset($this->notify_tiers_at_create) ? '1' : "'".$this->db->escape($this->notify_tiers_at_create)."'"); - $sql .= ", ".(!isset($this->ip) ? 'unknown' : "'".$this->db->escape($this->ip)."'"); + $sql .= ", ".(!isset($this->ip) ? 'NULL' : "'".$this->db->escape($this->ip)."'"); $sql .= ")"; $this->db->begin(); From a3fb4ad03014966faa625798d44cdaedf404486d Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Mon, 29 Aug 2022 10:22:01 +0200 Subject: [PATCH 03/21] use of getUserRemoteIp() --- htdocs/public/ticket/create_ticket.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index dbda57d348f..9720df0881c 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -232,7 +232,7 @@ if (empty($reshook) && $action == 'create_ticket' && GETPOST('save', 'alpha')) { $object->type_code = GETPOST("type_code", 'aZ09'); $object->category_code = GETPOST("category_code", 'aZ09'); $object->severity_code = GETPOST("severity_code", 'aZ09'); - $object->ip = (empty($_SERVER['REMOTE_ADDR']) ? 'unknown' : $_SERVER['REMOTE_ADDR']); + $object->ip = getUserRemoteIP(); $sql = "SELECT COUNT(ref) as nb_tickets"; $sql .= " FROM ".MAIN_DB_PREFIX."ticket"; From 499720851fc9ce2807beb0d8282b455a7235f3da Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Thu, 8 Sep 2022 10:59:24 +0200 Subject: [PATCH 04/21] fix error of brackets + better look code --- htdocs/public/ticket/create_ticket.php | 265 +++++++++++++------------ 1 file changed, 133 insertions(+), 132 deletions(-) diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index 75e5dcdb868..79334a5b5f5 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -233,24 +233,24 @@ if (empty($reshook)) { if (!$error) { $object->db->begin(); - $object->type_code = GETPOST("type_code", 'aZ09'); - $object->category_code = GETPOST("category_code", 'aZ09'); - $object->severity_code = GETPOST("severity_code", 'aZ09'); - $object->ip = getUserRemoteIP(); + $object->type_code = GETPOST("type_code", 'aZ09'); + $object->category_code = GETPOST("category_code", 'aZ09'); + $object->severity_code = GETPOST("severity_code", 'aZ09'); + $object->ip = getUserRemoteIP(); - $sql = "SELECT COUNT(ref) as nb_tickets"; - $sql .= " FROM ".MAIN_DB_PREFIX."ticket"; - $sql .= " WHERE ip = '".$db->escape($object->ip)."'"; - $resql = $db->query($sql); - if ($resql) { - $num = $db->num_rows($resql); - $i = 0; - while ($i < $num) { - $i++; - $obj = $db->fetch_object($resql); - $nb_post_ip = $obj->nb_tickets; + $sql = "SELECT COUNT(ref) as nb_tickets"; + $sql .= " FROM ".MAIN_DB_PREFIX."ticket"; + $sql .= " WHERE ip = '".$db->escape($object->ip)."'"; + $resql = $db->query($sql); + if ($resql) { + $num = $db->num_rows($resql); + $i = 0; + while ($i < $num) { + $i++; + $obj = $db->fetch_object($resql); + $nb_post_ip = $obj->nb_tickets; + } } - } $object->track_id = generate_random_id(16); @@ -320,122 +320,81 @@ if (empty($reshook)) { $object->context['disableticketemail'] = 1; // Disable emails sent by ticket trigger when creation is done from this page, emails are already sent later - if ($nb_post_ip >= getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000)) { - $error++; - $errors = array($langs->trans("AlreadyTooMuchPostOnThisIPAdress")); - array_push($object->errors, array($langs->trans("AlreadyTooMuchPostOnThisIPAdress"))); - $action = 'create_ticket'; - } - - if (!$error) { - $id = $object->create($user); - if ($id <= 0) { + if ($nb_post_ip >= getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000)) { $error++; - $errors = ($object->error ? array($object->error) : $object->errors); - array_push($object->errors, $object->error ? array($object->error) : $object->errors); - $action = 'create_ticket'; - } - } - - if (!$error && $id > 0) { - if ($usertoassign > 0) { - $object->add_contact($usertoassign, "SUPPORTCLI", 'external', 0); - } - - if (!$error) { - $object->db->commit(); - $action = "infos_success"; - } else { - $object->db->rollback(); - setEventMessages($object->error, $object->errors, 'errors'); + $errors = array($langs->trans("AlreadyTooMuchPostOnThisIPAdress")); + array_push($object->errors, array($langs->trans("AlreadyTooMuchPostOnThisIPAdress"))); $action = 'create_ticket'; } if (!$error) { - $res = $object->fetch($id); - if ($res) { - // Create form object - include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php'; - include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; - $formmail = new FormMail($db); + $id = $object->create($user); + if ($id <= 0) { + $error++; + $errors = ($object->error ? array($object->error) : $object->errors); + array_push($object->errors, $object->error ? array($object->error) : $object->errors); + $action = 'create_ticket'; + } + } - // Init to avoid errors - $filepath = array(); - $filename = array(); - $mimetype = array(); + if (!$error && $id > 0) { + if ($usertoassign > 0) { + $object->add_contact($usertoassign, "SUPPORTCLI", 'external', 0); + } - $attachedfiles = $formmail->get_attached_files(); - $filepath = $attachedfiles['paths']; - $filename = $attachedfiles['names']; - $mimetype = $attachedfiles['mimes']; + if (!$error) { + $object->db->commit(); + $action = "infos_success"; + } else { + $object->db->rollback(); + setEventMessages($object->error, $object->errors, 'errors'); + $action = 'create_ticket'; + } - // Send email to customer + if (!$error) { + $res = $object->fetch($id); + if ($res) { + // Create form object + include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php'; + include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; + $formmail = new FormMail($db); - $subject = '['.$conf->global->MAIN_INFO_SOCIETE_NOM.'] '.$langs->transnoentities('TicketNewEmailSubject', $object->ref, $object->track_id); - $message = ($conf->global->TICKET_MESSAGE_MAIL_NEW ? $conf->global->TICKET_MESSAGE_MAIL_NEW : $langs->transnoentities('TicketNewEmailBody')).'

'; - $message .= $langs->transnoentities('TicketNewEmailBodyInfosTicket').'
'; + // Init to avoid errors + $filepath = array(); + $filename = array(); + $mimetype = array(); - $url_public_ticket = ($conf->global->TICKET_URL_PUBLIC_INTERFACE ? $conf->global->TICKET_URL_PUBLIC_INTERFACE.'/view.php' : dol_buildpath('/public/ticket/view.php', 2)).'?track_id='.$object->track_id; - $infos_new_ticket = $langs->transnoentities('TicketNewEmailBodyInfosTrackId', ''.$object->track_id.'').'
'; - $infos_new_ticket .= $langs->transnoentities('TicketNewEmailBodyInfosTrackUrl').'

'; + $attachedfiles = $formmail->get_attached_files(); + $filepath = $attachedfiles['paths']; + $filename = $attachedfiles['names']; + $mimetype = $attachedfiles['mimes']; - $message .= $infos_new_ticket; - $message .= getDolGlobalString('TICKET_MESSAGE_MAIL_SIGNATURE', $langs->transnoentities('TicketMessageMailSignatureText', $mysoc->name)); + // Send email to customer - $sendto = GETPOST('email', 'alpha'); + $subject = '['.$conf->global->MAIN_INFO_SOCIETE_NOM.'] '.$langs->transnoentities('TicketNewEmailSubject', $object->ref, $object->track_id); + $message = ($conf->global->TICKET_MESSAGE_MAIL_NEW ? $conf->global->TICKET_MESSAGE_MAIL_NEW : $langs->transnoentities('TicketNewEmailBody')).'

'; + $message .= $langs->transnoentities('TicketNewEmailBodyInfosTicket').'
'; - $from = $conf->global->MAIN_INFO_SOCIETE_NOM.' <'.getDolGlobalString('TICKET_NOTIFICATION_EMAIL_FROM').'>'; - $replyto = $from; - $sendtocc = ''; - $deliveryreceipt = 0; + $url_public_ticket = ($conf->global->TICKET_URL_PUBLIC_INTERFACE ? $conf->global->TICKET_URL_PUBLIC_INTERFACE.'/view.php' : dol_buildpath('/public/ticket/view.php', 2)).'?track_id='.$object->track_id; + $infos_new_ticket = $langs->transnoentities('TicketNewEmailBodyInfosTrackId', ''.$object->track_id.'').'
'; + $infos_new_ticket .= $langs->transnoentities('TicketNewEmailBodyInfosTrackUrl').'

'; - if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { - $old_MAIN_MAIL_AUTOCOPY_TO = $conf->global->MAIN_MAIL_AUTOCOPY_TO; - $conf->global->MAIN_MAIL_AUTOCOPY_TO = ''; - } - include_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php'; - $mailfile = new CMailFile($subject, $sendto, $from, $message, $filepath, $mimetype, $filename, $sendtocc, '', $deliveryreceipt, -1, '', '', 'tic'.$object->id, '', 'ticket'); - if ($mailfile->error || $mailfile->errors) { - setEventMessages($mailfile->error, $mailfile->errors, 'errors'); - } else { - $result = $mailfile->sendfile(); - } - if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { - $conf->global->MAIN_MAIL_AUTOCOPY_TO = $old_MAIN_MAIL_AUTOCOPY_TO; - } + $message .= $infos_new_ticket; + $message .= getDolGlobalString('TICKET_MESSAGE_MAIL_SIGNATURE', $langs->transnoentities('TicketMessageMailSignatureText', $mysoc->name)); - // Send email to TICKET_NOTIFICATION_EMAIL_TO - $sendto = $conf->global->TICKET_NOTIFICATION_EMAIL_TO; - if ($sendto) { - $subject = '['.$conf->global->MAIN_INFO_SOCIETE_NOM.'] '.$langs->transnoentities('TicketNewEmailSubjectAdmin', $object->ref, $object->track_id); - $message_admin = $langs->transnoentities('TicketNewEmailBodyAdmin', $object->track_id).'

'; - $message_admin .= '
  • '.$langs->trans('Title').' : '.$object->subject.'
    • '; - $message_admin .= '
  • '.$langs->trans('Type').' : '.$object->type_label.'
    • '; - $message_admin .= '
  • '.$langs->trans('Category').' : '.$object->category_label.'
    • '; - $message_admin .= '
  • '.$langs->trans('Severity').' : '.$object->severity_label.'
    • '; - $message_admin .= '
  • '.$langs->trans('From').' : '.$object->origin_email.'
    • '; - // Extrafields - $extrafields->fetch_name_optionals_label($object->table_element); - if (is_array($object->array_options) && count($object->array_options) > 0) { - foreach ($object->array_options as $key => $value) { - $key = substr($key, 8); // remove "options_" - $message_admin .= '
  • '.$langs->trans($extrafields->attributes[$object->table_element]['label'][$key]).' : '.$extrafields->showOutputField($key, $value, '', $object->table_element).'
    • '; - } - } - $message_admin .= '
'; + $sendto = GETPOST('email', 'alpha'); - $message_admin .= '

'.$langs->trans('Message').' :
'.$object->message.'

'; - $message_admin .= '

'.$langs->trans('SeeThisTicketIntomanagementInterface').'

'; - - $from = $conf->global->MAIN_INFO_SOCIETE_NOM.' <'.$conf->global->TICKET_NOTIFICATION_EMAIL_FROM.'>'; + $from = $conf->global->MAIN_INFO_SOCIETE_NOM.' <'.getDolGlobalString('TICKET_NOTIFICATION_EMAIL_FROM').'>'; $replyto = $from; + $sendtocc = ''; + $deliveryreceipt = 0; if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { $old_MAIN_MAIL_AUTOCOPY_TO = $conf->global->MAIN_MAIL_AUTOCOPY_TO; $conf->global->MAIN_MAIL_AUTOCOPY_TO = ''; } include_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php'; - $mailfile = new CMailFile($subject, $sendto, $from, $message_admin, $filepath, $mimetype, $filename, $sendtocc, '', $deliveryreceipt, -1, '', '', 'tic'.$object->id, '', 'ticket'); + $mailfile = new CMailFile($subject, $sendto, $from, $message, $filepath, $mimetype, $filename, $sendtocc, '', $deliveryreceipt, -1, '', '', 'tic'.$object->id, '', 'ticket'); if ($mailfile->error || $mailfile->errors) { setEventMessages($mailfile->error, $mailfile->errors, 'errors'); } else { @@ -444,32 +403,74 @@ if (empty($reshook)) { if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { $conf->global->MAIN_MAIL_AUTOCOPY_TO = $old_MAIN_MAIL_AUTOCOPY_TO; } + + // Send email to TICKET_NOTIFICATION_EMAIL_TO + $sendto = $conf->global->TICKET_NOTIFICATION_EMAIL_TO; + if ($sendto) { + $subject = '['.$conf->global->MAIN_INFO_SOCIETE_NOM.'] '.$langs->transnoentities('TicketNewEmailSubjectAdmin', $object->ref, $object->track_id); + $message_admin = $langs->transnoentities('TicketNewEmailBodyAdmin', $object->track_id).'

'; + $message_admin .= '
  • '.$langs->trans('Title').' : '.$object->subject.'
    • '; + $message_admin .= '
  • '.$langs->trans('Type').' : '.$object->type_label.'
    • '; + $message_admin .= '
  • '.$langs->trans('Category').' : '.$object->category_label.'
    • '; + $message_admin .= '
  • '.$langs->trans('Severity').' : '.$object->severity_label.'
    • '; + $message_admin .= '
  • '.$langs->trans('From').' : '.$object->origin_email.'
    • '; + // Extrafields + $extrafields->fetch_name_optionals_label($object->table_element); + if (is_array($object->array_options) && count($object->array_options) > 0) { + foreach ($object->array_options as $key => $value) { + $key = substr($key, 8); // remove "options_" + $message_admin .= '
  • '.$langs->trans($extrafields->attributes[$object->table_element]['label'][$key]).' : '.$extrafields->showOutputField($key, $value, '', $object->table_element).'
    • '; + } + } + $message_admin .= '
'; + + $message_admin .= '

'.$langs->trans('Message').' :
'.$object->message.'

'; + $message_admin .= '

'.$langs->trans('SeeThisTicketIntomanagementInterface').'

'; + + $from = $conf->global->MAIN_INFO_SOCIETE_NOM.' <'.$conf->global->TICKET_NOTIFICATION_EMAIL_FROM.'>'; + $replyto = $from; + + if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { + $old_MAIN_MAIL_AUTOCOPY_TO = $conf->global->MAIN_MAIL_AUTOCOPY_TO; + $conf->global->MAIN_MAIL_AUTOCOPY_TO = ''; + } + include_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php'; + $mailfile = new CMailFile($subject, $sendto, $from, $message_admin, $filepath, $mimetype, $filename, $sendtocc, '', $deliveryreceipt, -1, '', '', 'tic'.$object->id, '', 'ticket'); + if ($mailfile->error || $mailfile->errors) { + setEventMessages($mailfile->error, $mailfile->errors, 'errors'); + } else { + $result = $mailfile->sendfile(); + } + if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { + $conf->global->MAIN_MAIL_AUTOCOPY_TO = $old_MAIN_MAIL_AUTOCOPY_TO; + } + } } + + // Copy files into ticket directory + $destdir = $conf->ticket->dir_output.'/'.$object->ref; + if (!dol_is_dir($destdir)) { + dol_mkdir($destdir); + } + foreach ($filename as $i => $val) { + dol_move($filepath[$i], $destdir.'/'.$filename[$i], 0, 1); + $formmail->remove_attached_files($i); + } + + //setEventMessages($langs->trans('YourTicketSuccessfullySaved'), null, 'mesgs'); + + // Make a redirect to avoid to have ticket submitted twice if we make back + $messagetoshow = $langs->trans('MesgInfosPublicTicketCreatedWithTrackId', '{s1}', '{s2}'); + $messagetoshow = str_replace(array('{s1}', '{s2}'), array(''.$object->track_id.'', ''.$object->ref.''), $messagetoshow); + setEventMessages($messagetoshow, null, 'warnings'); + setEventMessages($langs->trans('PleaseRememberThisId'), null, 'warnings'); + + header("Location: index.php".(!empty($entity) && isModEnabled('multicompany')?'?entity='.$entity:'')); + exit; } - - // Copy files into ticket directory - $destdir = $conf->ticket->dir_output.'/'.$object->ref; - if (!dol_is_dir($destdir)) { - dol_mkdir($destdir); - } - foreach ($filename as $i => $val) { - dol_move($filepath[$i], $destdir.'/'.$filename[$i], 0, 1); - $formmail->remove_attached_files($i); - } - - //setEventMessages($langs->trans('YourTicketSuccessfullySaved'), null, 'mesgs'); - - // Make a redirect to avoid to have ticket submitted twice if we make back - $messagetoshow = $langs->trans('MesgInfosPublicTicketCreatedWithTrackId', '{s1}', '{s2}'); - $messagetoshow = str_replace(array('{s1}', '{s2}'), array(''.$object->track_id.'', ''.$object->ref.''), $messagetoshow); - setEventMessages($messagetoshow, null, 'warnings'); - setEventMessages($langs->trans('PleaseRememberThisId'), null, 'warnings'); - - header("Location: index.php".(!empty($entity) && isModEnabled('multicompany')?'?entity='.$entity:'')); - exit; + } else { + setEventMessages($object->error, $object->errors, 'errors'); } - } else { - setEventMessages($object->error, $object->errors, 'errors'); } } } From 06ea3d3ae1d1462517e2fe850c72446673b7936e Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Sat, 10 Sep 2022 11:06:34 +0200 Subject: [PATCH 05/21] Update index.php $help_url --- htdocs/accountancy/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/accountancy/index.php b/htdocs/accountancy/index.php index 21c736900aa..bd7d6273848 100644 --- a/htdocs/accountancy/index.php +++ b/htdocs/accountancy/index.php @@ -79,7 +79,7 @@ if (GETPOST('addbox')) { * View */ -$help_url = ''; +$help_url = 'EN:Module_Double_Entry_Accounting#Setup'; llxHeader('', $langs->trans("AccountancyArea"), $help_url); From 5451bef0f710dda77297f17d22f6038f97c927f1 Mon Sep 17 00:00:00 2001 From: Faustin Date: Sat, 10 Sep 2022 13:58:19 +0200 Subject: [PATCH 06/21] scrutinizer CMailFile: undeclared variable --- htdocs/core/class/CMailFile.class.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/htdocs/core/class/CMailFile.class.php b/htdocs/core/class/CMailFile.class.php index ba657f58087..b3ff0aae930 100644 --- a/htdocs/core/class/CMailFile.class.php +++ b/htdocs/core/class/CMailFile.class.php @@ -878,7 +878,11 @@ class CMailFile $keyforsupportedoauth2array = preg_replace('/-.*$/', '', $keyforsupportedoauth2array); $keyforsupportedoauth2array = 'OAUTH_'.$keyforsupportedoauth2array.'_NAME'; - $OAUTH_SERVICENAME = (empty($supportedoauth2array[$keyforsupportedoauth2array]['name']) ? 'Unknown' : $supportedoauth2array[$keyforsupportedoauth2array]['name'].($keyforprovider ? '-'.$keyforprovider : '')); + if (isset($supportedoauth2array)) { + $OAUTH_SERVICENAME = (empty($supportedoauth2array[$keyforsupportedoauth2array]['name']) ? 'Unknown' : $supportedoauth2array[$keyforsupportedoauth2array]['name'].($keyforprovider ? '-'.$keyforprovider : '')); + } else { + $OAUTH_SERVICENAME = 'Unknown'; + } require_once DOL_DOCUMENT_ROOT.'/includes/OAuth/bootstrap.php'; From 349e33592db873c055a5ffb9bd20e112bd76c023 Mon Sep 17 00:00:00 2001 From: Faustin Date: Sat, 10 Sep 2022 14:09:58 +0200 Subject: [PATCH 07/21] scrutinizer in accountancy/class/accountingaccount.class.php: variable not always defined --- .../class/accountingaccount.class.php | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/htdocs/accountancy/class/accountingaccount.class.php b/htdocs/accountancy/class/accountingaccount.class.php index bf487d47c2c..95296624145 100644 --- a/htdocs/accountancy/class/accountingaccount.class.php +++ b/htdocs/accountancy/class/accountingaccount.class.php @@ -811,9 +811,9 @@ class AccountingAccount extends CommonObject $suggestedaccountingaccountfor = ''; if ((($buyer->country_code == $seller->country_code) || empty($buyer->country_code))) { // If buyer in same country than seller (if not defined, we assume it is same country) - if ($type=='customer' && !empty($product->accountancy_code_sell)) { + if ($type == 'customer' && !empty($product->accountancy_code_sell)) { $code_p = $product->accountancy_code_sell; - } elseif ($type=='supplier' && !empty($product->accountancy_code_buy)) { + } elseif ($type == 'supplier' && !empty($product->accountancy_code_buy)) { $code_p = $product->accountancy_code_buy; } $suggestedid = $accountingAccount['dom']; @@ -821,36 +821,36 @@ class AccountingAccount extends CommonObject } else { if ($isSellerInEEC && $isBuyerInEEC && $factureDet->tva_tx != 0) { // European intravat sale, but with VAT - if ($type=='customer' && !empty($product->accountancy_code_sell)) { + if ($type == 'customer' && !empty($product->accountancy_code_sell)) { $code_p = $product->accountancy_code_sell; - } elseif ($type=='supplier' && !empty($product->accountancy_code_buy)) { + } elseif ($type == 'supplier' && !empty($product->accountancy_code_buy)) { $code_p = $product->accountancy_code_buy; } $suggestedid = $accountingAccount['dom']; $suggestedaccountingaccountfor = 'eecwithvat'; } elseif ($isSellerInEEC && $isBuyerInEEC && empty($buyer->tva_intra)) { // European intravat sale, without VAT intra community number - if ($type=='customer' && !empty($product->accountancy_code_sell)) { + if ($type == 'customer' && !empty($product->accountancy_code_sell)) { $code_p = $product->accountancy_code_sell; - } elseif ($type=='supplier' && !empty($product->accountancy_code_buy)) { + } elseif ($type == 'supplier' && !empty($product->accountancy_code_buy)) { $code_p = $product->accountancy_code_buy; } $suggestedid = $accountingAccount['dom']; // There is a doubt for this case. Is it an error on vat or we just forgot to fill vat number ? $suggestedaccountingaccountfor = 'eecwithoutvatnumber'; } elseif ($isSellerInEEC && $isBuyerInEEC && !empty($product->accountancy_code_sell_intra)) { // European intravat sale - if ($type=='customer' && !empty($product->accountancy_code_sell_intra)) { + if ($type == 'customer' && !empty($product->accountancy_code_sell_intra)) { $code_p = $product->accountancy_code_sell_intra; - } elseif ($type=='supplier' && !empty($product->accountancy_code_buy_intra)) { + } elseif ($type == 'supplier' && !empty($product->accountancy_code_buy_intra)) { $code_p = $product->accountancy_code_buy_intra; } $suggestedid = $accountingAccount['intra']; $suggestedaccountingaccountfor = 'eec'; } else { // Foreign sale - if ($type=='customer' && !empty($product->accountancy_code_sell_export)) { + if ($type == 'customer' && !empty($product->accountancy_code_sell_export)) { $code_p = $product->accountancy_code_sell_export; - } elseif ($type=='supplier' && !empty($product->accountancy_code_buy_export)) { + } elseif ($type == 'supplier' && !empty($product->accountancy_code_buy_export)) { $code_p = $product->accountancy_code_buy_export; } $suggestedid = $accountingAccount['export']; @@ -870,12 +870,12 @@ class AccountingAccount extends CommonObject // Manage Deposit if ($factureDet->desc == "(DEPOSIT)" || $facture->type == $facture::TYPE_DEPOSIT) { $accountdeposittoventilated = new self($this->db); - if ($type=='customer') { + if ($type == 'customer') { $result = $accountdeposittoventilated->fetch('', $conf->global->ACCOUNTING_ACCOUNT_CUSTOMER_DEPOSIT, 1); - } elseif ($type=='supplier') { + } elseif ($type == 'supplier') { $result = $accountdeposittoventilated->fetch('', $conf->global->ACCOUNTING_ACCOUNT_SUPPLIER_DEPOSIT, 1); } - if ($result < 0) { + if (isset($result) && $result < 0) { return -1; } From 034da214c01298281684ac5de01cc0b0307baec8 Mon Sep 17 00:00:00 2001 From: Faustin Date: Sat, 10 Sep 2022 14:14:15 +0200 Subject: [PATCH 08/21] scrutinizer in takepos/send.php : string[] implicitely converted to a boolean --- htdocs/takepos/send.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/takepos/send.php b/htdocs/takepos/send.php index 2003abaf1f1..918c218ad95 100644 --- a/htdocs/takepos/send.php +++ b/htdocs/takepos/send.php @@ -85,7 +85,7 @@ if ($action == "send") { $sendto = $email; $from = $mysoc->email; $mail = new CMailFile($subject, $sendto, $from, $msg, array(), array(), array(), '', '', 0, 1); - if ($mail->error || $mail->errors) { + if ($mail->error || !empty($mail->errors)) { setEventMessages($mail->error, $mail->errors, 'errors'); } else { $result = $mail->sendfile(); From cabfc61ba3fb3f569d4d49ed89f2b3d32ec6b6d2 Mon Sep 17 00:00:00 2001 From: Faustin Date: Sat, 10 Sep 2022 14:39:36 +0200 Subject: [PATCH 09/21] scrutinizer in bookmarks/bookmarks.lib.php: variable $Bookmark not defined for all paths --- htdocs/bookmarks/bookmarks.lib.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/bookmarks/bookmarks.lib.php b/htdocs/bookmarks/bookmarks.lib.php index 2abd90cf538..df42b8942a5 100644 --- a/htdocs/bookmarks/bookmarks.lib.php +++ b/htdocs/bookmarks/bookmarks.lib.php @@ -89,6 +89,7 @@ function printDropdownBookmarksList() $listbtn = ''; $listbtn .= img_picto('', 'edit', 'class="paddingright opacitymedium"').$langs->trans('EditBookmarks').''; + $bookmarkList = ''; // Menu with list of bookmarks $sql = "SELECT rowid, title, url, target FROM ".MAIN_DB_PREFIX."bookmark"; $sql .= " WHERE (fk_user = ".((int) $user->id)." OR fk_user is NULL OR fk_user = 0)"; From 1c561b75f0cc104db99a706a341946d09107c397 Mon Sep 17 00:00:00 2001 From: Faustin Date: Sat, 10 Sep 2022 15:20:00 +0200 Subject: [PATCH 10/21] scrutinizer in holiday/card_group.php: doc of function sendMail incomplete --- htdocs/holiday/card_group.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/htdocs/holiday/card_group.php b/htdocs/holiday/card_group.php index de10c3d72f6..8ebddf045a7 100644 --- a/htdocs/holiday/card_group.php +++ b/htdocs/holiday/card_group.php @@ -657,10 +657,12 @@ if (is_object($db)) { } /** * send email to validator for current leave represented by (id) - * @param $id validator for current leave represented by (id) - * @param $cancreate flag for user right - * @param $now date - * @param $autoValidation boolean flag on autovalidation + * + * @param int $id validator for current leave represented by (id) + * @param int $cancreate flag for user right + * @param int $now date + * @param int $autoValidation boolean flag on autovalidation + * * @return stdClass * @throws Exception */ From b66b71817c0c402b5d1994e13f2120d5ee955005 Mon Sep 17 00:00:00 2001 From: Faustin Date: Sat, 10 Sep 2022 15:49:54 +0200 Subject: [PATCH 11/21] scrutinizer in core/lib/ftp.lib.php: $localpath never defiened for ftp_get, added it and modify consequently file where the function is called --- htdocs/core/lib/ftp.lib.php | 5 +++-- htdocs/ftp/index.php | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/htdocs/core/lib/ftp.lib.php b/htdocs/core/lib/ftp.lib.php index 118c85e9b74..807bae63b0a 100644 --- a/htdocs/core/lib/ftp.lib.php +++ b/htdocs/core/lib/ftp.lib.php @@ -193,11 +193,12 @@ function dol_ftp_delete($connect_id, $file, $newsection) * Download a FTP file * * @param resource $connect_id Connection handler - * @param string $file File + * @param string $localfile The local file path + * @param string $file The remote file path * @param string $newsection $newsection * @return result */ -function dol_ftp_get($connect_id, $file, $newsection) +function dol_ftp_get($connect_id, $localfile, $file, $newsection) { global $conf; diff --git a/htdocs/ftp/index.php b/htdocs/ftp/index.php index 857d41fc85b..6d06f501e8f 100644 --- a/htdocs/ftp/index.php +++ b/htdocs/ftp/index.php @@ -317,7 +317,7 @@ if ($action == 'download') { $newsection = $section; - $result = dol_ftp_get($connect_id, $file, $newsection); + $result = dol_ftp_get($connect_id, $localfile, $file, $newsection); if ($result) { From 44728ff93a9aac3484c98b0d8dd3add705fd1dfd Mon Sep 17 00:00:00 2001 From: Faustin Date: Sat, 10 Sep 2022 16:21:16 +0200 Subject: [PATCH 12/21] scrutinizer in core/class/notify.class.php : variable \labeltouse not defined for all paths --- htdocs/core/class/notify.class.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/core/class/notify.class.php b/htdocs/core/class/notify.class.php index 3f26a98c728..b1e37ab1948 100644 --- a/htdocs/core/class/notify.class.php +++ b/htdocs/core/class/notify.class.php @@ -625,6 +625,8 @@ class Notify $mimefilename_list[] = $ref.".pdf"; } + $labeltouse = !empty($labeltouse) ? $labeltouse : ''; + $parameters = array('notifcode'=>$notifcode, 'sendto'=>$sendto, 'replyto'=>$replyto, 'file'=>$filename_list, 'mimefile'=>$mimetype_list, 'filename'=>$mimefilename_list, 'outputlangs'=>$outputlangs, 'labeltouse'=>$labeltouse); if (!isset($action)) { $action = ''; From 21274c94328b9df1f2e4be154adb1f0c2785089d Mon Sep 17 00:00:00 2001 From: Faustin Date: Sat, 10 Sep 2022 16:43:04 +0200 Subject: [PATCH 13/21] scrutinizer in core/class/html.formsetup.class.php: variable $valconst wasn't defined for all paths --- htdocs/core/class/html.formsetup.class.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/core/class/html.formsetup.class.php b/htdocs/core/class/html.formsetup.class.php index c2183653686..aef01514eba 100644 --- a/htdocs/core/class/html.formsetup.class.php +++ b/htdocs/core/class/html.formsetup.class.php @@ -758,6 +758,8 @@ class FormSetupItem $val = GETPOST($this->confKey, 'array'); if ($val && is_array($val)) { $val_const = implode(',', $val); + } else { + $val_const = ''; } } elseif ($this->type == 'html') { $val_const = GETPOST($this->confKey, 'restricthtml'); From 0819b04171e87b3a2c7a13aa4ac37d3faf14d26d Mon Sep 17 00:00:00 2001 From: Faustin Date: Sat, 10 Sep 2022 16:52:40 +0200 Subject: [PATCH 14/21] scrutinizer in asset/class/assetdepreciationoptions.class.php : variable $mode_info substituted by $field_info --- htdocs/asset/class/assetdepreciationoptions.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/asset/class/assetdepreciationoptions.class.php b/htdocs/asset/class/assetdepreciationoptions.class.php index ce2ddd73c08..49efadca869 100644 --- a/htdocs/asset/class/assetdepreciationoptions.class.php +++ b/htdocs/asset/class/assetdepreciationoptions.class.php @@ -163,8 +163,8 @@ class AssetDepreciationOptions extends CommonObject } // Unset required option (notnull) if field disabled - if (!empty($mode_info['enabled_field'])) { - $info = explode(':', $mode_info['enabled_field']); + if (!empty($field_info['enabled_field'])) { + $info = explode(':', $field_info['enabled_field']); if ($this->deprecation_options[$info[0]][$info[1]] != $info[2] && isset($this->fields[$field_key]['notnull'])) { unset($this->fields[$field_key]['notnull']); } From 3cf7eda258f27160c207b981cd557a83e42a3cbb Mon Sep 17 00:00:00 2001 From: Faustin Date: Sat, 10 Sep 2022 17:11:24 +0200 Subject: [PATCH 15/21] scrutinizer in core/modules/printing/printgcp.modules.php: var $printer_id not defined for all paths --- htdocs/core/modules/printing/printgcp.modules.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/core/modules/printing/printgcp.modules.php b/htdocs/core/modules/printing/printgcp.modules.php index 391f5b435d7..c04d3ac9ca5 100644 --- a/htdocs/core/modules/printing/printgcp.modules.php +++ b/htdocs/core/modules/printing/printgcp.modules.php @@ -332,6 +332,7 @@ class printing_printgcp extends PrintingDriver } $fileprint .= '/'.$file; $mimetype = dol_mimetype($fileprint); + $printer_id = ''; // select printer uri for module order, propal,... $sql = "SELECT rowid, printer_id, copy FROM ".MAIN_DB_PREFIX."printing WHERE module='".$this->db->escape($module)."' AND driver='printgcp' AND userid=".((int) $user->id); $result = $this->db->query($sql); From 231270d7816a1d98741e33265dfe65a6fea755c9 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Sat, 10 Sep 2022 20:27:25 +0200 Subject: [PATCH 16/21] Update bom_note.php --- htdocs/bom/bom_note.php | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/htdocs/bom/bom_note.php b/htdocs/bom/bom_note.php index 9984a1498b8..0c32b8643fb 100644 --- a/htdocs/bom/bom_note.php +++ b/htdocs/bom/bom_note.php @@ -17,9 +17,9 @@ */ /** - * \file bom_note.php - * \ingroup bom - * \brief Car with notes on BillOfMaterials + * \file htdocs/bom/bom_note.php + * \ingroup bom + * \brief Card with notes on BillOfMaterials */ // Load Dolibarr environment @@ -31,8 +31,8 @@ require_once DOL_DOCUMENT_ROOT.'/bom/lib/bom.lib.php'; $langs->loadLangs(array("mrp", "companies")); // Get parameters -$id = GETPOST('id', 'int'); -$ref = GETPOST('ref', 'alpha'); +$id = GETPOST('id', 'int'); +$ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); @@ -40,9 +40,13 @@ $backtopage = GETPOST('backtopage', 'alpha'); // Initialize technical objects $object = new BOM($db); $extrafields = new ExtraFields($db); -$diroutputmassaction = $conf->bom->dir_output.'/temp/massgeneration/'.$user->id; + +// Initialize technical objects for hooks $hookmanager->initHooks(array('bomnote', 'globalcard')); // Note that conf->hooks_modules contains array +// Massactions +$diroutputmassaction = $conf->bom->dir_output.'/temp/massgeneration/'.$user->id; + // Fetch optionals attributes and labels $extrafields->fetch_name_optionals_label($object->table_element); From 8c9159ae047d92c6414cc04dc59717353363eca9 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Sat, 10 Sep 2022 20:54:24 +0200 Subject: [PATCH 17/21] Update bom_card.php --- htdocs/bom/bom_card.php | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php index 2cf2b3a4dd3..46d4f0b8ff9 100644 --- a/htdocs/bom/bom_card.php +++ b/htdocs/bom/bom_card.php @@ -17,9 +17,9 @@ */ /** - * \file htdocs/bom/bom_card.php - * \ingroup bom - * \brief Page to create/edit/view bom + * \file htdocs/bom/bom_card.php + * \ingroup bom + * \brief Page to create/edit/view BillOfMaterial */ // Load Dolibarr environment @@ -32,17 +32,18 @@ require_once DOL_DOCUMENT_ROOT.'/mrp/lib/mrp.lib.php'; // Load translation files required by the page -$langs->loadLangs(array("mrp", "other")); +$langs->loadLangs(array('mrp', 'other')); // Get parameters -$id = GETPOST('id', 'int'); -$ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'aZ09'); -$confirm = GETPOST('confirm', 'alpha'); -$cancel = GETPOST('cancel', 'aZ09'); +$id = GETPOST('id', 'int'); +$lineid = GETPOST('lineid', 'int'); +$ref = GETPOST('ref', 'alpha'); +$action = GETPOST('action', 'aZ09'); +$confirm = GETPOST('confirm', 'alpha'); +$cancel = GETPOST('cancel', 'aZ09'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'bomcard'; // To manage different context of search -$backtopage = GETPOST('backtopage', 'alpha'); -$lineid = GETPOST('lineid', 'int'); +$backtopage = GETPOST('backtopage', 'alpha'); + // PDF $hidedetails = (GETPOST('hidedetails', 'int') ? GETPOST('hidedetails', 'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 1 : 0)); @@ -54,6 +55,7 @@ $object = new BOM($db); $extrafields = new ExtraFields($db); $diroutputmassaction = $conf->bom->dir_output.'/temp/massgeneration/'.$user->id; $hookmanager->initHooks(array('bomcard', 'globalcard')); // Note that conf->hooks_modules contains array + // Fetch optionals attributes and labels $extrafields->fetch_name_optionals_label($object->table_element); $search_array_options = $extrafields->getOptionalsFromPost($object->table_element, '', 'search_'); @@ -84,6 +86,7 @@ if ($object->id > 0) { $isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); $result = restrictedArea($user, 'bom', $object->id, 'bom_bom', '', '', 'rowid', $isdraft); +// Permissions $permissionnote = $user->rights->bom->write; // Used by the include of actions_setnotes.inc.php $permissiondellink = $user->rights->bom->write; // Used by the include of actions_dellink.inc.php $permissiontoadd = $user->rights->bom->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php From d1fbdbb33fb9b7fcb128d34151a9f27b84c54d9d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 13 Sep 2022 02:14:02 +0200 Subject: [PATCH 18/21] Update create_ticket.php --- htdocs/public/ticket/create_ticket.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index f1ce166cf81..8ea7de98442 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -438,7 +438,7 @@ if (empty($reshook)) { include_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php'; $mailfile = new CMailFile($subject, $sendto, $from, $message_admin, $filepath, $mimetype, $filename, $sendtocc, '', $deliveryreceipt, -1, '', '', 'tic'.$object->id, '', 'ticket'); if ($mailfile->error || $mailfile->errors) { - setEventMessages($mailfile->error, $mailfile->errors, 'errors'); + setEventMessages($mailfile->error, !empty($mailfile->errors), 'errors'); } else { $result = $mailfile->sendfile(); } From c6144df3976be647ae8c2e95f462568ddcb2ce95 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 13 Sep 2022 02:15:31 +0200 Subject: [PATCH 19/21] Update create_ticket.php --- htdocs/public/ticket/create_ticket.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index 8ea7de98442..62802744690 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -437,8 +437,8 @@ if (empty($reshook)) { } include_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php'; $mailfile = new CMailFile($subject, $sendto, $from, $message_admin, $filepath, $mimetype, $filename, $sendtocc, '', $deliveryreceipt, -1, '', '', 'tic'.$object->id, '', 'ticket'); - if ($mailfile->error || $mailfile->errors) { - setEventMessages($mailfile->error, !empty($mailfile->errors), 'errors'); + if ($mailfile->error || !empty($mailfile->errors)) { + setEventMessages($mailfile->error, $mailfile->errors, 'errors'); } else { $result = $mailfile->sendfile(); } From 7c92a45cd630b615d499b67aff09cf32353f3b57 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 13 Sep 2022 02:21:24 +0200 Subject: [PATCH 20/21] Update create_ticket.php --- htdocs/public/ticket/create_ticket.php | 35 +++++++++++++++----------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index 62802744690..107547c9248 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -232,29 +232,34 @@ if (empty($reshook)) { } if (!$error) { - $object->db->begin(); - $object->type_code = GETPOST("type_code", 'aZ09'); $object->category_code = GETPOST("category_code", 'aZ09'); $object->severity_code = GETPOST("severity_code", 'aZ09'); $object->ip = getUserRemoteIP(); - $sql = "SELECT COUNT(ref) as nb_tickets"; - $sql .= " FROM ".MAIN_DB_PREFIX."ticket"; - $sql .= " WHERE ip = '".$db->escape($object->ip)."'"; - $resql = $db->query($sql); - if ($resql) { - $num = $db->num_rows($resql); - $i = 0; - while ($i < $num) { - $i++; - $obj = $db->fetch_object($resql); - $nb_post_ip = $obj->nb_tickets; + $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000); + + // Calculate nb of post for IP + $nb_post_ip = 0; + if ($nb_post_max > 0) { // Calculate only if there is a limit to check + $sql = "SELECT COUNT(ref) as nb_tickets"; + $sql .= " FROM ".MAIN_DB_PREFIX."ticket"; + $sql .= " WHERE ip = '".$db->escape($object->ip)."'"; + $resql = $db->query($sql); + if ($resql) { + $num = $db->num_rows($resql); + $i = 0; + while ($i < $num) { + $i++; + $obj = $db->fetch_object($resql); + $nb_post_ip = $obj->nb_tickets; + } } } - + $object->track_id = generate_random_id(16); + $object->db->begin(); $object->subject = GETPOST("subject", "restricthtml"); $object->message = GETPOST("message", "restricthtml"); @@ -321,7 +326,7 @@ if (empty($reshook)) { $object->context['disableticketemail'] = 1; // Disable emails sent by ticket trigger when creation is done from this page, emails are already sent later - if ($nb_post_ip >= getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000)) { + if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) { $error++; $errors = array($langs->trans("AlreadyTooMuchPostOnThisIPAdress")); array_push($object->errors, array($langs->trans("AlreadyTooMuchPostOnThisIPAdress"))); From 1579ddea88291cb62b7e4a89a395e8d0029287d2 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Tue, 13 Sep 2022 00:26:00 +0000 Subject: [PATCH 21/21] Fixing style errors. --- htdocs/public/ticket/create_ticket.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index 107547c9248..75f9fc11bb7 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -256,7 +256,7 @@ if (empty($reshook)) { } } } - + $object->track_id = generate_random_id(16); $object->db->begin();