lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '3.7' of git@github.com:Dolibarr/dolibarr.git into 3.7

Browse Source
This commit is contained in:
Florian HENRY 2015-03-26 16:56:06 +01:00
commit 2e13479e8f
8 changed files with 83 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
htdocs/core/lib/functions.lib.php
View File

@ -3972,9 +3972,10 @@ function dol_textishtml($msg,$option=0)
if (preg_match('/<html/i',$msg)) return true;
elseif (preg_match('/<body/i',$msg)) return true;
elseif (preg_match('/<(b|em|i)>/i',$msg)) return true;
elseif (preg_match('/<(br|div|font|img|li|span|strong|table)>/i',$msg)) return true;
elseif (preg_match('/<(br|div|font|img|li|span|strong|table)\s+[^<>\/]*>/i',$msg)) return true;
elseif (preg_match('/<(br|div|font|img|li|span|strong|table)\s+[^<>\/]*\/>/i',$msg)) return true;
elseif (preg_match('/<(br|div|font|li|span|strong|table)>/i',$msg)) return true;
elseif (preg_match('/<(br|div|font|li|span|strong|table)\s+[^<>\/]*>/i',$msg)) return true;
elseif (preg_match('/<(br|div|font|li|span|strong|table)\s+[^<>\/]*\/>/i',$msg)) return true;
elseif (preg_match('/<(img)\s+[^<>]*>/i',$msg)) return true; // must accept <img src="http://mydomain.com/aaa.png" />
elseif (preg_match('/<h[0-9]>/i',$msg)) return true;
elseif (preg_match('/&[A-Z0-9]{1,6};/i',$msg)) return true; // Html entities names (http://www.w3schools.com/tags/ref_entities.asp)
elseif (preg_match('/&#[0-9]{2,3};/i',$msg)) return true; // Html entities numbers (http://www.w3schools.com/tags/ref_entities.asp)

26
htdocs/core/login/functions_dolibarr.php
View File

@ -36,9 +36,6 @@
function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest=1)
{
global $db,$conf,$langs;
global $mc;
dol_syslog("functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest);
// Force master entity in transversal mode
$entity=$entitytotest;
@ -48,6 +45,8 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest=
if (! empty($usertotest))
{
dol_syslog("functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest." passwordtotest=".preg_replace('/./','*',$passwordtotest)." entitytotest=".$entitytotest);
// If test username/password asked, we define $test=false and $login var if ok, set $_SESSION["dol_loginmesg"] if ko
$table = MAIN_DB_PREFIX."user";
$usernamecol1 = 'login';
@ -60,7 +59,6 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest=
if (preg_match('/@/',$usertotest)) $sql.=' OR '.$usernamecol2." = '".$db->escape($usertotest)."'";
$sql.=') AND '.$entitycol." IN (0," . ($entity ? $entity : 1) . ")";
dol_syslog("functions_dolibarr::check_user_password_dolibarr", LOG_DEBUG);
$resql=$db->query($sql);
if ($resql)
{
@ -99,12 +97,6 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest=
}
}
if ($passok && ! empty($obj->entity) && (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)))
{
$ret=$mc->checkRight($obj->rowid, $entitytotest); // The module multicompany check here user belong to at least one group into company. This is a bugged behaviour, so you must hack module to make thing working.
if ($ret < 0) $passok=false;
}
// Password ok ?
if ($passok)
{
@ -112,12 +104,24 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest=
}
else
{
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko bad password pour '".$usertotest."'");
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko bad password for '".$usertotest."'");
sleep(1);
$langs->load('main');
$langs->load('errors');
$_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword");
}
if ($passok && ! empty($conf->multicompany->enabled)) // We must check entity
{
global $mc;
$ret=$mc->checkRight($obj->rowid, $entitytotest);
if ($ret < 0)
{
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko entity '".$entitytotest."' not allowed for user '".$obj->rowid."'");
$login=''; // force authentication failure
}
}
}
else
{

92
htdocs/core/login/functions_ldap.php
View File

@ -34,7 +34,8 @@
*/
function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest)
{
global $_POST,$db,$conf,$langs;
global $db,$conf,$langs;
global $_POST;
global $dolibarr_main_auth_ldap_host,$dolibarr_main_auth_ldap_port;
global $dolibarr_main_auth_ldap_version,$dolibarr_main_auth_ldap_servertype;
global $dolibarr_main_auth_ldap_login_attribute,$dolibarr_main_auth_ldap_dn;
@ -42,6 +43,13 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest)
global $dolibarr_main_auth_ldap_filter;
global $dolibarr_main_auth_ldap_debug;
// Force master entity in transversal mode
$entity=$entitytotest;
if (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)) $entity=1;
$login='';
$resultFetchUser='';
if (! function_exists("ldap_connect"))
{
dol_syslog("functions_ldap::check_user_password_ldap Authentification ko failed to connect to LDAP. LDAP functions are disabled on this PHP");
@ -52,11 +60,10 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest)
return;
}
$login='';
$resultFetchUser='';
if (!empty($_POST["username"]) || $usertotest)
if ($usertotest)
{
dol_syslog("functions_ldap::check_user_password_ldap usertotest=".$usertotest." passwordtotest=".preg_replace('/./','*',$passwordtotest)." entitytotest=".$entitytotest);
// If test username/password asked, we define $test=false and $login var if ok, set $_SESSION["dol_loginmesg"] if ko
$ldaphost=$dolibarr_main_auth_ldap_host;
$ldapport=$dolibarr_main_auth_ldap_port;
@ -80,7 +87,6 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest)
$ldap->searchUser=$ldapadminlogin;
$ldap->searchPassword=$ldapadminpass;
dol_syslog("functions_ldap::check_user_password_ldap usertotest=".$usertotest);
if ($ldapdebug)
{
dol_syslog("functions_ldap::check_user_password_ldap Server:".join(',',$ldap->server).", Port:".$ldap->serverPort.", Protocol:".$ldap->ldapProtocolVersion.", Type:".$ldap->serverType);
@ -146,52 +152,56 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest)
$login=$usertotest;
// ldap2dolibarr synchronisation
if ($login && ! empty($conf->ldap->enabled) && $conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr')
if ($login && ! empty($conf->ldap->enabled) && $conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr') // ldap2dolibarr synchronisation
{
dol_syslog("functions_ldap::check_user_password_ldap Sync ldap2dolibarr");
dol_syslog("functions_ldap::check_user_password_ldap Sync ldap2dolibarr");
// On charge les attributs du user ldap
if ($ldapdebug) print "DEBUG: login ldap = ".$login."<br>\n";
$resultFetchLdapUser = $ldap->fetch($login,$userSearchFilter);
// On charge les attributs du user ldap
if ($ldapdebug) print "DEBUG: login ldap = ".$login."<br>\n";
$resultFetchLdapUser = $ldap->fetch($login,$userSearchFilter);
if ($ldapdebug) print "DEBUG: UACF = ".join(',',$ldap->uacf)."<br>\n";
if ($ldapdebug) print "DEBUG: pwdLastSet = ".dol_print_date($ldap->pwdlastset,'day')."<br>\n";
if ($ldapdebug) print "DEBUG: badPasswordTime = ".dol_print_date($ldap->badpwdtime,'day')."<br>\n";
if ($ldapdebug) print "DEBUG: UACF = ".join(',',$ldap->uacf)."<br>\n";
if ($ldapdebug) print "DEBUG: pwdLastSet = ".dol_print_date($ldap->pwdlastset,'day')."<br>\n";
if ($ldapdebug) print "DEBUG: badPasswordTime = ".dol_print_date($ldap->badpwdtime,'day')."<br>\n";
// On recherche le user dolibarr en fonction de son SID ldap
$sid = $ldap->getObjectSid($login);
if ($ldapdebug) print "DEBUG: sid = ".$sid."<br>\n";
// On recherche le user dolibarr en fonction de son SID ldap
$sid = $ldap->getObjectSid($login);
if ($ldapdebug) print "DEBUG: sid = ".$sid."<br>\n";
$user=new User($db);
$resultFetchUser=$user->fetch('',$login,$sid);
if ($resultFetchUser > 0)
{
dol_syslog("functions_ldap::check_user_password_ldap Sync user found id=".$user->id);
// On verifie si le login a change et on met a jour les attributs dolibarr
if ($conf->multicompany->enabled)
$usertmp=new User($db);
$resultFetchUser=$usertmp->fetch('',$login,$sid);
if ($resultFetchUser > 0)
{
global $mc;
dol_syslog("functions_ldap::check_user_password_ldap Sync user found user id=".$usertmp->id);
// On verifie si le login a change et on met a jour les attributs dolibarr
$ret=$mc->checkRight($user->id, $entitytotest, $user); // The module multicompany check here user belong to at least one group into company. This is a bugged behaviour, so you must hack module to make thing working.
if ($ret < 0)
if ($usertmp->login != $ldap->login && $ldap->login)
{
dol_syslog("Failed to checkRight by module multicompany for user id = ".$user->id." into entity ".$entitytotest);
$login=false; // force error of authentication
$usertmp->login = $ldap->login;
$usertmp->update($usertmp);
// TODO Que faire si update echoue car on update avec un login deja existant.
}
//$resultUpdate = $usertmp->update_ldap2dolibarr($ldap);
}
if ($user->login != $ldap->login && $ldap->login)
{
$user->login = $ldap->login;
$user->update($user);
// TODO Que faire si update echoue car on update avec un login deja existant.
}
//$resultUpdate = $user->update_ldap2dolibarr($ldap);
}
unset($usertmp);
}
if (! empty($conf->multicompany->enabled)) // We must check entity (even if sync is not active)
{
global $mc;
$usertmp=new User($db);
$usertmp->fetch('',$login);
$ret=$mc->checkRight($usertmp->id, $entitytotest);
if ($ret < 0)
{
dol_syslog("functions_ldap::check_user_password_ldap Authentification ko entity '".$entitytotest."' not allowed for user '".$usertmp->id."'");
$login=''; // force authentication failure
}
unset($usertmp);
}
}
if ($result == 1)
{

12
htdocs/core/modules/modAgenda.class.php
View File

@ -367,24 +367,24 @@ class modAgenda extends DolibarrModules
$this->export_code[$r]=$this->rights_class.'_'.$r;
$this->export_label[$r]="ExportDataset_event1";
$this->export_permission[$r]=array(array("agenda","export"));
$this->export_fields_array[$r]=array('ac.id'=>"ActionId",'ac.ref_ext'=>"ExternalRef",'ac.datec'=>"ActionDateCreation",'ac.datep'=>"DateActionBegin",
'ac.datep2'=>"DateActionEnd",'ac.label'=>"Title",'ac.note'=>"Note",'ac.percent'=>"Percent",'ac.durationp'=>"durationp",
$this->export_fields_array[$r]=array('ac.id'=>"IdAgenda",'ac.ref_ext'=>"ExternalRef",'ac.datec'=>"DateCreation",'ac.datep'=>"DateActionBegin",
'ac.datep2'=>"DateActionEnd",'ac.label'=>"Title",'ac.note'=>"Note",'ac.percent'=>"Percent",'ac.durationp'=>"Duration",
'cac.libelle'=>"ActionType",
's.rowid'=>"IdCompany",'s.nom'=>'CompanyName','s.address'=>'Address','s.zip'=>'Zip','s.town'=>'Town',
'co.code'=>'CountryCode','s.phone'=>'Phone','s.siren'=>'ProfId1','s.siret'=>'ProfId2','s.ape'=>'ProfId3','s.idprof4'=>'ProfId4',
'co.code'=>'CountryCode','s.phone'=>'Phone','s.siren'=>'ProfId1','s.siret'=>'ProfId2','s.ape'=>'ProfId3','s.idprof4'=>'ProfId4','s.idprof5'=>'ProfId5','s.idprof6'=>'ProfId6',
's.code_compta'=>'CustomerAccountancyCode','s.code_compta_fournisseur'=>'SupplierAccountancyCode','s.tva_intra'=>'VATIntra');
$this->export_TypeFields_array[$r]=array('ac.ref_ext'=>"Text",'ac.datec'=>"Date",'ac.datep'=>"Date",
'ac.datep2'=>"Date",'ac.label'=>"Text",'ac.note'=>"Text",'ac.percent'=>"Number",
'ac.durationp'=>"Duree",
'cac.libelle'=>"List:c_actioncomm:libelle:rowid",
'cac.libelle'=>"List:c_actioncomm:libelle:id",
's.nom'=>'Text','s.address'=>'Text','s.zip'=>'Text','s.town'=>'Text',
'co.code'=>'Text','s.phone'=>'Text','s.siren'=>'Text','s.siret'=>'Text','s.ape'=>'Text','s.idprof4'=>'Text',
'co.code'=>'Text','s.phone'=>'Text','s.siren'=>'Text','s.siret'=>'Text','s.ape'=>'Text','s.idprof4'=>'Text','s.idprof5'=>'Text','s.idprof6'=>'Text',
's.code_compta'=>'Text','s.code_compta_fournisseur'=>'Text','s.tva_intra'=>'Text');
$this->export_entities_array[$r]=array('ac.id'=>"action",'ac.ref_ext'=>"action",'ac.datec'=>"action",'ac.datep'=>"action",
'ac.datep2'=>"action",'ac.label'=>"action",'ac.note'=>"action",'ac.percent'=>"action",'ac.durationp'=>"action",
'cac.libelle'=>"action",
's.rowid'=>"company",'s.nom'=>'company','s.address'=>'company','s.zip'=>'company','s.town'=>'company',
'co.code'=>'company','s.phone'=>'company','s.siren'=>'company','s.siret'=>'company','s.ape'=>'company','s.idprof4'=>'company',
'co.code'=>'company','s.phone'=>'company','s.siren'=>'company','s.siret'=>'company','s.ape'=>'company','s.idprof4'=>'company','s.idprof5'=>'company','s.idprof6'=>'company',
's.code_compta'=>'company','s.code_compta_fournisseur'=>'company','s.tva_intra'=>'company',);
$this->export_sql_start[$r]='SELECT DISTINCT ';

2
htdocs/exports/export.php
View File

@ -95,7 +95,7 @@ $entitytolang = array(
'project' => 'Projects',
'projecttask' => 'Tasks',
'task_time' => 'TaskTimeSpent',
'action' => 'Action'
'action' => 'Event'
);
$array_selected=isset($_SESSION["export_selected_fields"])?$_SESSION["export_selected_fields"]:array();

2
htdocs/langs/en_US/agenda.lang
View File

@ -91,3 +91,5 @@ WorkingTimeRange=Working time range
WorkingDaysRange=Working days range
AddEvent=Create event
MyAvailability=My availability
ActionType=Event type
DateActionBegin=Start event date

1
htdocs/langs/en_US/main.lang
View File

@ -347,6 +347,7 @@ Status=Status
Favorite=Favorite
ShortInfo=Info.
Ref=Ref.
ExternalRef=Ref. extern
RefSupplier=Ref. supplier
RefPayment=Ref. payment
CommercialProposalsShort=Commercial proposals

3
test/phpunit/FunctionsLibTest.php
View File

@ -204,6 +204,9 @@ class FunctionsLibTest extends PHPUnit_Framework_TestCase
$input='<h2>abc</h2>';
$after=dol_textishtml($input);
$this->assertTrue($after);
$input='<img src="https://xxx.com/aaa/image.png" />';
$after=dol_textishtml($input);
$this->assertTrue($after,'Failure on test of img tag');
// False
$input='xxx < br>';