diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index e31c69a6d0c..de5ddc560b2 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -3972,9 +3972,10 @@ function dol_textishtml($msg,$option=0) if (preg_match('//i',$msg)) return true; - elseif (preg_match('/<(br|div|font|img|li|span|strong|table)>/i',$msg)) return true; - elseif (preg_match('/<(br|div|font|img|li|span|strong|table)\s+[^<>\/]*>/i',$msg)) return true; - elseif (preg_match('/<(br|div|font|img|li|span|strong|table)\s+[^<>\/]*\/>/i',$msg)) return true; + elseif (preg_match('/<(br|div|font|li|span|strong|table)>/i',$msg)) return true; + elseif (preg_match('/<(br|div|font|li|span|strong|table)\s+[^<>\/]*>/i',$msg)) return true; + elseif (preg_match('/<(br|div|font|li|span|strong|table)\s+[^<>\/]*\/>/i',$msg)) return true; + elseif (preg_match('/<(img)\s+[^<>]*>/i',$msg)) return true; // must accept elseif (preg_match('//i',$msg)) return true; elseif (preg_match('/&[A-Z0-9]{1,6};/i',$msg)) return true; // Html entities names (http://www.w3schools.com/tags/ref_entities.asp) elseif (preg_match('/&#[0-9]{2,3};/i',$msg)) return true; // Html entities numbers (http://www.w3schools.com/tags/ref_entities.asp) diff --git a/htdocs/core/login/functions_dolibarr.php b/htdocs/core/login/functions_dolibarr.php index 0a0ab1e8bfe..69aec814413 100644 --- a/htdocs/core/login/functions_dolibarr.php +++ b/htdocs/core/login/functions_dolibarr.php @@ -36,9 +36,6 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest=1) { global $db,$conf,$langs; - global $mc; - - dol_syslog("functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest); // Force master entity in transversal mode $entity=$entitytotest; @@ -48,6 +45,8 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest= if (! empty($usertotest)) { + dol_syslog("functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest." passwordtotest=".preg_replace('/./','*',$passwordtotest)." entitytotest=".$entitytotest); + // If test username/password asked, we define $test=false and $login var if ok, set $_SESSION["dol_loginmesg"] if ko $table = MAIN_DB_PREFIX."user"; $usernamecol1 = 'login'; @@ -60,7 +59,6 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest= if (preg_match('/@/',$usertotest)) $sql.=' OR '.$usernamecol2." = '".$db->escape($usertotest)."'"; $sql.=') AND '.$entitycol." IN (0," . ($entity ? $entity : 1) . ")"; - dol_syslog("functions_dolibarr::check_user_password_dolibarr", LOG_DEBUG); $resql=$db->query($sql); if ($resql) { @@ -99,12 +97,6 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest= } } - if ($passok && ! empty($obj->entity) && (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode))) - { - $ret=$mc->checkRight($obj->rowid, $entitytotest); // The module multicompany check here user belong to at least one group into company. This is a bugged behaviour, so you must hack module to make thing working. - if ($ret < 0) $passok=false; - } - // Password ok ? if ($passok) { @@ -112,12 +104,24 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest= } else { - dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko bad password pour '".$usertotest."'"); + dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko bad password for '".$usertotest."'"); sleep(1); $langs->load('main'); $langs->load('errors'); $_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword"); } + + if ($passok && ! empty($conf->multicompany->enabled)) // We must check entity + { + global $mc; + + $ret=$mc->checkRight($obj->rowid, $entitytotest); + if ($ret < 0) + { + dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko entity '".$entitytotest."' not allowed for user '".$obj->rowid."'"); + $login=''; // force authentication failure + } + } } else { diff --git a/htdocs/core/login/functions_ldap.php b/htdocs/core/login/functions_ldap.php index a67bc040e2f..208ccd0c37c 100644 --- a/htdocs/core/login/functions_ldap.php +++ b/htdocs/core/login/functions_ldap.php @@ -34,7 +34,8 @@ */ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest) { - global $_POST,$db,$conf,$langs; + global $db,$conf,$langs; + global $_POST; global $dolibarr_main_auth_ldap_host,$dolibarr_main_auth_ldap_port; global $dolibarr_main_auth_ldap_version,$dolibarr_main_auth_ldap_servertype; global $dolibarr_main_auth_ldap_login_attribute,$dolibarr_main_auth_ldap_dn; @@ -42,6 +43,13 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest) global $dolibarr_main_auth_ldap_filter; global $dolibarr_main_auth_ldap_debug; + // Force master entity in transversal mode + $entity=$entitytotest; + if (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)) $entity=1; + + $login=''; + $resultFetchUser=''; + if (! function_exists("ldap_connect")) { dol_syslog("functions_ldap::check_user_password_ldap Authentification ko failed to connect to LDAP. LDAP functions are disabled on this PHP"); @@ -52,11 +60,10 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest) return; } - $login=''; - $resultFetchUser=''; - - if (!empty($_POST["username"]) || $usertotest) + if ($usertotest) { + dol_syslog("functions_ldap::check_user_password_ldap usertotest=".$usertotest." passwordtotest=".preg_replace('/./','*',$passwordtotest)." entitytotest=".$entitytotest); + // If test username/password asked, we define $test=false and $login var if ok, set $_SESSION["dol_loginmesg"] if ko $ldaphost=$dolibarr_main_auth_ldap_host; $ldapport=$dolibarr_main_auth_ldap_port; @@ -80,7 +87,6 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest) $ldap->searchUser=$ldapadminlogin; $ldap->searchPassword=$ldapadminpass; - dol_syslog("functions_ldap::check_user_password_ldap usertotest=".$usertotest); if ($ldapdebug) { dol_syslog("functions_ldap::check_user_password_ldap Server:".join(',',$ldap->server).", Port:".$ldap->serverPort.", Protocol:".$ldap->ldapProtocolVersion.", Type:".$ldap->serverType); @@ -146,52 +152,56 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest) $login=$usertotest; // ldap2dolibarr synchronisation - if ($login && ! empty($conf->ldap->enabled) && $conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr') + if ($login && ! empty($conf->ldap->enabled) && $conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr') // ldap2dolibarr synchronisation { - dol_syslog("functions_ldap::check_user_password_ldap Sync ldap2dolibarr"); + dol_syslog("functions_ldap::check_user_password_ldap Sync ldap2dolibarr"); - // On charge les attributs du user ldap - if ($ldapdebug) print "DEBUG: login ldap = ".$login."
\n"; - $resultFetchLdapUser = $ldap->fetch($login,$userSearchFilter); + // On charge les attributs du user ldap + if ($ldapdebug) print "DEBUG: login ldap = ".$login."
\n"; + $resultFetchLdapUser = $ldap->fetch($login,$userSearchFilter); - if ($ldapdebug) print "DEBUG: UACF = ".join(',',$ldap->uacf)."
\n"; - if ($ldapdebug) print "DEBUG: pwdLastSet = ".dol_print_date($ldap->pwdlastset,'day')."
\n"; - if ($ldapdebug) print "DEBUG: badPasswordTime = ".dol_print_date($ldap->badpwdtime,'day')."
\n"; + if ($ldapdebug) print "DEBUG: UACF = ".join(',',$ldap->uacf)."
\n"; + if ($ldapdebug) print "DEBUG: pwdLastSet = ".dol_print_date($ldap->pwdlastset,'day')."
\n"; + if ($ldapdebug) print "DEBUG: badPasswordTime = ".dol_print_date($ldap->badpwdtime,'day')."
\n"; - // On recherche le user dolibarr en fonction de son SID ldap - $sid = $ldap->getObjectSid($login); - if ($ldapdebug) print "DEBUG: sid = ".$sid."
\n"; + // On recherche le user dolibarr en fonction de son SID ldap + $sid = $ldap->getObjectSid($login); + if ($ldapdebug) print "DEBUG: sid = ".$sid."
\n"; - $user=new User($db); - $resultFetchUser=$user->fetch('',$login,$sid); - if ($resultFetchUser > 0) - { - dol_syslog("functions_ldap::check_user_password_ldap Sync user found id=".$user->id); - // On verifie si le login a change et on met a jour les attributs dolibarr - - if ($conf->multicompany->enabled) + $usertmp=new User($db); + $resultFetchUser=$usertmp->fetch('',$login,$sid); + if ($resultFetchUser > 0) { - global $mc; + dol_syslog("functions_ldap::check_user_password_ldap Sync user found user id=".$usertmp->id); + // On verifie si le login a change et on met a jour les attributs dolibarr - $ret=$mc->checkRight($user->id, $entitytotest, $user); // The module multicompany check here user belong to at least one group into company. This is a bugged behaviour, so you must hack module to make thing working. - if ($ret < 0) + if ($usertmp->login != $ldap->login && $ldap->login) { - dol_syslog("Failed to checkRight by module multicompany for user id = ".$user->id." into entity ".$entitytotest); - $login=false; // force error of authentication + $usertmp->login = $ldap->login; + $usertmp->update($usertmp); + // TODO Que faire si update echoue car on update avec un login deja existant. } + + //$resultUpdate = $usertmp->update_ldap2dolibarr($ldap); } - - - if ($user->login != $ldap->login && $ldap->login) - { - $user->login = $ldap->login; - $user->update($user); - // TODO Que faire si update echoue car on update avec un login deja existant. - } - - //$resultUpdate = $user->update_ldap2dolibarr($ldap); - } + unset($usertmp); } + + if (! empty($conf->multicompany->enabled)) // We must check entity (even if sync is not active) + { + global $mc; + + $usertmp=new User($db); + $usertmp->fetch('',$login); + $ret=$mc->checkRight($usertmp->id, $entitytotest); + if ($ret < 0) + { + dol_syslog("functions_ldap::check_user_password_ldap Authentification ko entity '".$entitytotest."' not allowed for user '".$usertmp->id."'"); + $login=''; // force authentication failure + } + unset($usertmp); + } + } if ($result == 1) { diff --git a/htdocs/core/modules/modAgenda.class.php b/htdocs/core/modules/modAgenda.class.php index c633734b227..9573ca5f018 100644 --- a/htdocs/core/modules/modAgenda.class.php +++ b/htdocs/core/modules/modAgenda.class.php @@ -367,24 +367,24 @@ class modAgenda extends DolibarrModules $this->export_code[$r]=$this->rights_class.'_'.$r; $this->export_label[$r]="ExportDataset_event1"; $this->export_permission[$r]=array(array("agenda","export")); - $this->export_fields_array[$r]=array('ac.id'=>"ActionId",'ac.ref_ext'=>"ExternalRef",'ac.datec'=>"ActionDateCreation",'ac.datep'=>"DateActionBegin", - 'ac.datep2'=>"DateActionEnd",'ac.label'=>"Title",'ac.note'=>"Note",'ac.percent'=>"Percent",'ac.durationp'=>"durationp", + $this->export_fields_array[$r]=array('ac.id'=>"IdAgenda",'ac.ref_ext'=>"ExternalRef",'ac.datec'=>"DateCreation",'ac.datep'=>"DateActionBegin", + 'ac.datep2'=>"DateActionEnd",'ac.label'=>"Title",'ac.note'=>"Note",'ac.percent'=>"Percent",'ac.durationp'=>"Duration", 'cac.libelle'=>"ActionType", 's.rowid'=>"IdCompany",'s.nom'=>'CompanyName','s.address'=>'Address','s.zip'=>'Zip','s.town'=>'Town', - 'co.code'=>'CountryCode','s.phone'=>'Phone','s.siren'=>'ProfId1','s.siret'=>'ProfId2','s.ape'=>'ProfId3','s.idprof4'=>'ProfId4', + 'co.code'=>'CountryCode','s.phone'=>'Phone','s.siren'=>'ProfId1','s.siret'=>'ProfId2','s.ape'=>'ProfId3','s.idprof4'=>'ProfId4','s.idprof5'=>'ProfId5','s.idprof6'=>'ProfId6', 's.code_compta'=>'CustomerAccountancyCode','s.code_compta_fournisseur'=>'SupplierAccountancyCode','s.tva_intra'=>'VATIntra'); $this->export_TypeFields_array[$r]=array('ac.ref_ext'=>"Text",'ac.datec'=>"Date",'ac.datep'=>"Date", 'ac.datep2'=>"Date",'ac.label'=>"Text",'ac.note'=>"Text",'ac.percent'=>"Number", 'ac.durationp'=>"Duree", - 'cac.libelle'=>"List:c_actioncomm:libelle:rowid", + 'cac.libelle'=>"List:c_actioncomm:libelle:id", 's.nom'=>'Text','s.address'=>'Text','s.zip'=>'Text','s.town'=>'Text', - 'co.code'=>'Text','s.phone'=>'Text','s.siren'=>'Text','s.siret'=>'Text','s.ape'=>'Text','s.idprof4'=>'Text', + 'co.code'=>'Text','s.phone'=>'Text','s.siren'=>'Text','s.siret'=>'Text','s.ape'=>'Text','s.idprof4'=>'Text','s.idprof5'=>'Text','s.idprof6'=>'Text', 's.code_compta'=>'Text','s.code_compta_fournisseur'=>'Text','s.tva_intra'=>'Text'); $this->export_entities_array[$r]=array('ac.id'=>"action",'ac.ref_ext'=>"action",'ac.datec'=>"action",'ac.datep'=>"action", 'ac.datep2'=>"action",'ac.label'=>"action",'ac.note'=>"action",'ac.percent'=>"action",'ac.durationp'=>"action", 'cac.libelle'=>"action", 's.rowid'=>"company",'s.nom'=>'company','s.address'=>'company','s.zip'=>'company','s.town'=>'company', - 'co.code'=>'company','s.phone'=>'company','s.siren'=>'company','s.siret'=>'company','s.ape'=>'company','s.idprof4'=>'company', + 'co.code'=>'company','s.phone'=>'company','s.siren'=>'company','s.siret'=>'company','s.ape'=>'company','s.idprof4'=>'company','s.idprof5'=>'company','s.idprof6'=>'company', 's.code_compta'=>'company','s.code_compta_fournisseur'=>'company','s.tva_intra'=>'company',); $this->export_sql_start[$r]='SELECT DISTINCT '; diff --git a/htdocs/exports/export.php b/htdocs/exports/export.php index 45e78b2ecd3..d76350e878f 100644 --- a/htdocs/exports/export.php +++ b/htdocs/exports/export.php @@ -95,7 +95,7 @@ $entitytolang = array( 'project' => 'Projects', 'projecttask' => 'Tasks', 'task_time' => 'TaskTimeSpent', - 'action' => 'Action' + 'action' => 'Event' ); $array_selected=isset($_SESSION["export_selected_fields"])?$_SESSION["export_selected_fields"]:array(); diff --git a/htdocs/langs/en_US/agenda.lang b/htdocs/langs/en_US/agenda.lang index 13de82c602f..48c284e2022 100644 --- a/htdocs/langs/en_US/agenda.lang +++ b/htdocs/langs/en_US/agenda.lang @@ -91,3 +91,5 @@ WorkingTimeRange=Working time range WorkingDaysRange=Working days range AddEvent=Create event MyAvailability=My availability +ActionType=Event type +DateActionBegin=Start event date \ No newline at end of file diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang index e53f0df5585..ddf581de1c0 100644 --- a/htdocs/langs/en_US/main.lang +++ b/htdocs/langs/en_US/main.lang @@ -347,6 +347,7 @@ Status=Status Favorite=Favorite ShortInfo=Info. Ref=Ref. +ExternalRef=Ref. extern RefSupplier=Ref. supplier RefPayment=Ref. payment CommercialProposalsShort=Commercial proposals diff --git a/test/phpunit/FunctionsLibTest.php b/test/phpunit/FunctionsLibTest.php index 68ebd5d1703..746a41d3c96 100755 --- a/test/phpunit/FunctionsLibTest.php +++ b/test/phpunit/FunctionsLibTest.php @@ -204,6 +204,9 @@ class FunctionsLibTest extends PHPUnit_Framework_TestCase $input='

abc

'; $after=dol_textishtml($input); $this->assertTrue($after); + $input=''; + $after=dol_textishtml($input); + $this->assertTrue($after,'Failure on test of img tag'); // False $input='xxx < br>';