Sec: The data field into unalterable log table is stored in json instead

of serialize

htdocs/blockedlog/admin/blockedlog_list.php

@@ -176,9 +176,9 @@ if ($action === 'downloadblockchain') {
 
 	if (!$error) {
 		// Now restart request with all data = no limit(1) in sql request
-		$sql = "SELECT rowid,date_creation,tms,user_fullname,action,amounts,element,fk_object,date_object,ref_object,signature,fk_user,object_data";
+		$sql = "SELECT rowid, date_creation, tms, user_fullname, action, amounts, element, fk_object, date_object, ref_object, signature, fk_user, object_data, object_version";
 		$sql .= " FROM ".MAIN_DB_PREFIX."blockedlog";
-		$sql .= " WHERE entity = ".$conf->entity;
+		$sql .= " WHERE entity = ".((int) $conf->entity);
 		if (GETPOST('monthtoexport', 'int') > 0 || GETPOST('yeartoexport', 'int') > 0) {
 			$dates = dol_get_first_day(GETPOST('yeartoexport', 'int'), GETPOST('monthtoexport', 'int') ?GETPOST('monthtoexport', 'int') : 1);
 			$datee = dol_get_last_day(GETPOST('yeartoexport', 'int'), GETPOST('monthtoexport', 'int') ?GETPOST('monthtoexport', 'int') : 12);
@@ -204,6 +204,7 @@ if ($action === 'downloadblockchain') {
 				.';'.$langs->transnoentities('Fingerprint')
 				.';'.$langs->transnoentities('Status')
 				.';'.$langs->transnoentities('Note')
+				.';'.$langs->transnoentities('Version')
 				.';'.$langs->transnoentities('FullData')
 				."\n";
 
@@ -226,6 +227,7 @@ if ($action === 'downloadblockchain') {
 				$block_static->fk_user = $obj->fk_user;
 				$block_static->signature = $obj->signature;
 				$block_static->object_data = $block_static->dolDecodeBlockedData($obj->object_data);
+				$block_static->object_version = $obj->object_version;
 
 				$checksignature = $block_static->checkSignature($previoushash); // If $previoushash is not defined, checkSignature will search it
 
@@ -257,6 +259,7 @@ if ($action === 'downloadblockchain') {
 				print ';'.$obj->signature;
 				print ';'.$statusofrecord;
 				print ';'.$statusofrecordnote;
+				print ';'.$obj->object_version;
 				print ';"'.str_replace('"', '""', $obj->object_data).'"';
 				print "\n";
 

htdocs/blockedlog/ajax/block-info.php

@@ -57,7 +57,7 @@ $langs->loadLangs(array("admin"));
 
 top_httphead();
 
-print '<div id="pop-info"><table width="100%" height="80%" class="border"><thead><th width="50%" class="left">'.$langs->trans('Field').'</th><th class="left">'.$langs->trans('Value').'</th></thead>';
+print '<div id="pop-info"><table height="80%" class="border centpercent"><thead><th width="50%" class="left">'.$langs->trans('Field').'</th><th class="left">'.$langs->trans('Value').'</th></thead>';
 print '<tbody>';
 
 if ($block->fetch($id) > 0) {

htdocs/blockedlog/class/blockedlog.class.php

@@ -718,6 +718,10 @@ class BlockedLog
 			}
 		}
 
+		// A trick to be sure all the object_data is an associative array
+		// json_encode and json_decode are not able to manage mixed object (with array/object, only full arrays or full objects)
+		$this->object_data = json_decode(json_encode($this->object_data, JSON_FORCE_OBJECT), false);
+
 		return 1;
 	}
 
@@ -785,21 +789,42 @@ class BlockedLog
 	}
 
 
+	/**
+	 * Encode data
+	 *
+	 * @param	string	$data	Data to serialize
+	 * @param	string	$mode	0=serialize, 1=json_encode
+	 * @return 	string			Value serialized, an object (stdClass)
+	 */
+	public function dolEncodeBlockedData($data, $mode = 0)
+	{
+		try {
+			$aaa = json_encode($data);
+		} catch (Exception $e) {
+			//print $e->getErrs);
+		}
+		//var_dump($aaa);
+
+		return $aaa;
+	}
+
+
 	/**
 	 * Decode data
 	 *
 	 * @param	string	$data	Data to unserialize
 	 * @param	string	$mode	0=unserialize, 1=json_decode
-	 * @return 	string			Value unserialized
+	 * @return 	object			Value unserialized, an object (stdClass)
 	 */
 	public function dolDecodeBlockedData($data, $mode = 0)
 	{
 		try {
-			//include_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
-			$aaa = jsonOrUnserialize($data);
+			$aaa = (object) jsonOrUnserialize($data);
 		} catch (Exception $e) {
 			//print $e->getErrs);
 		}
+		//var_dump($aaa);
+
 		return $aaa;
 	}
 
@@ -864,6 +889,9 @@ class BlockedLog
 
 		$this->date_creation = dol_now();
 
+		$this->object_version = ((float) DOL_VERSION);
+
+
 		$this->db->begin();
 
 		$previoushash = $this->getPreviousHash(1, 0); // This get last record and lock database until insert is done
@@ -905,7 +933,7 @@ class BlockedLog
 		$sql .= $this->fk_object.",";
 		$sql .= "'".$this->db->idate($this->date_object)."',";
 		$sql .= "'".$this->db->escape($this->ref_object)."',";
-		$sql .= "'".$this->db->escape(serialize($this->object_data))."',";
+		$sql .= "'".$this->db->escape($this->dolEncodeBlockedData($this->object_data))."',";
 		$sql .= "'".$this->db->escape($this->object_version)."',";
 		$sql .= "0,";
 		$sql .= $this->fk_user.",";
@@ -913,6 +941,14 @@ class BlockedLog
 		$sql .= ($this->entity ? $this->entity : $conf->entity);
 		$sql .= ")";
 
+		/*
+		$a = serialize($this->object_data); $a2 = unserialize($a); $a4 = print_r($a2, true);
+		$b = json_encode($this->object_data); $b2 = json_decode($b); $b4 = print_r($b2, true);
+		var_dump($a4 == print_r($this->object_data, true) ? 'a=a' : 'a not = a');
+		var_dump($b4 == print_r($this->object_data, true) ? 'b=b' : 'b not = b');
+		exit;
+		*/
+
 		$res = $this->db->query($sql);
 		if ($res) {
 			$id = $this->db->last_insert_id(MAIN_DB_PREFIX."blockedlog");
@@ -952,7 +988,7 @@ class BlockedLog
 		$keyforsignature = $this->buildKeyForSignature();
 
 		//$signature_line = dol_hash($keyforsignature, '5'); // Not really usefull
-		$signature = dol_hash($previoushash.$keyforsignature, '5');
+		$signature = dol_hash($previoushash.$keyforsignature, 'sha256');
 		//var_dump($previoushash); var_dump($keyforsignature); var_dump($signature_line); var_dump($signature);
 
 		$res = ($signature === $this->signature);
@@ -984,8 +1020,8 @@ class BlockedLog
 	private function buildKeyForSignature()
 	{
 		//print_r($this->object_data);
-		if (((int) $this->object_version) > 12) {
-			return $this->date_creation.'|'.$this->action.'|'.$this->amounts.'|'.$this->ref_object.'|'.$this->date_object.'|'.$this->user_fullname.'|'.print_r($this->object_data, true);
+		if (((int) $this->object_version) >= 18) {
+			return $this->date_creation.'|'.$this->action.'|'.$this->amounts.'|'.$this->ref_object.'|'.$this->date_object.'|'.$this->user_fullname.'|'.json_encode($this->object_data, JSON_FORCE_OBJECT);
 		} else {
 			return $this->date_creation.'|'.$this->action.'|'.$this->amounts.'|'.$this->ref_object.'|'.$this->date_object.'|'.$this->user_fullname.'|'.print_r($this->object_data, true);
 		}
@@ -1006,7 +1042,7 @@ class BlockedLog
 		$previoussignature = '';
 
 		$sql = "SELECT rowid, signature FROM ".MAIN_DB_PREFIX."blockedlog";
-		$sql .= " WHERE entity=".$conf->entity;
+		$sql .= " WHERE entity = ".((int) $conf->entity);
 		if ($beforeid) {
 			$sql .= " AND rowid < ".(int) $beforeid;
 		}
@@ -1067,7 +1103,7 @@ class BlockedLog
 			 WHERE entity=".$conf->entity." AND certified = 1";
 		} else {
 			$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."blockedlog
-			 WHERE entity=".$conf->entity." AND element='".$this->db->escape($element)."'";
+			 WHERE entity=".$conf->entity." AND element = '".$this->db->escape($element)."'";
 		}
 
 		if ($fk_object) {

htdocs/core/lib/json.lib.php

@@ -36,6 +36,7 @@ if (!function_exists('json_encode')) {
 	}
 }
 
+
 /**
  * Implement json_encode for PHP that does not support it.
  * Use json_encode and json_decode in your code !

htdocs/filefunc.inc.php

@@ -34,7 +34,7 @@ if (!defined('DOL_APPLICATION_TITLE')) {
 	define('DOL_APPLICATION_TITLE', 'Dolibarr');
 }
 if (!defined('DOL_VERSION')) {
-	define('DOL_VERSION', '17.0.0-beta'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c
+	define('DOL_VERSION', '18.0.0-beta'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c
 }
 
 if (!defined('EURO')) {