Merge branch 'develop' of git@github.com:Dolibarr/dolibarr.git into develop

2015-01-12 18:16:41 +01:00 · 2015-01-12 18:16:41 +01:00 · 34a1ea4bb8
commit 34a1ea4bb8
parent 1d2c8bbd4d f8b58605c6
5 changed files with 227 additions and 110 deletions
--- a/htdocs/admin/security_file.php
+++ b/htdocs/admin/security_file.php
@ -0,0 +1,214 @@
+<?php
+/* Copyright (C) 2004-2013 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@capnetworks.com>
+ * Copyright (C) 2013      Juanjo Menent 		<jmenent@2byte.es>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ *	    \file       htdocs/admin/security_file.php
+ *      \ingroup    core
+ *      \brief      Security options setup
+ */
+
+require '../main.inc.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
+
+$langs->load("users");
+$langs->load("admin");
+$langs->load("other");
+
+if (! $user->admin)
+	accessforbidden();
+
+$action=GETPOST('action','alpha');
+
+$upload_dir=$conf->admin->dir_temp;
+
+
+/*
+ * Actions
+ */
+
+if (GETPOST('sendit') && ! empty($conf->global->MAIN_UPLOAD_DOC))
+{
+    require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
+
+    dol_add_file_process($upload_dir, 0, 0, 'userfile');
+}
+
+if (preg_match('/set_(.*)/',$action,$reg))
+{
+	$code=$reg[1];
+	$value=(GETPOST($code) ? GETPOST($code) : 1);
+	if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0)
+	{
+		Header("Location: ".$_SERVER["PHP_SELF"]);
+		exit;
+	}
+	else
+	{
+		dol_print_error($db);
+	}
+}
+
+else if (preg_match('/del_(.*)/',$action,$reg))
+{
+	$code=$reg[1];
+	if (dolibarr_del_const($db, $code, $conf->entity) > 0)
+	{
+		Header("Location: ".$_SERVER["PHP_SELF"]);
+		exit;
+	}
+	else
+	{
+		dol_print_error($db);
+	}
+}
+
+else if ($action == 'updateform')
+{
+	$res3=dolibarr_set_const($db, 'MAIN_UPLOAD_DOC',$_POST["MAIN_UPLOAD_DOC"],'chaine',0,'',$conf->entity);
+    $res4=dolibarr_set_const($db, "MAIN_UMASK", $_POST["MAIN_UMASK"],'chaine',0,'',$conf->entity);
+    $res5=dolibarr_set_const($db, "MAIN_ANTIVIRUS_COMMAND", $_POST["MAIN_ANTIVIRUS_COMMAND"],'chaine',0,'',$conf->entity);
+    $res6=dolibarr_set_const($db, "MAIN_ANTIVIRUS_PARAM", $_POST["MAIN_ANTIVIRUS_PARAM"],'chaine',0,'',$conf->entity);
+	if ($res3 && $res4 && $res5 && $res6) setEventMessage($langs->trans("RecordModifiedSuccessfully"));
+}
+
+
+
+// Delete file
+else if ($action == 'delete')
+{
+	$langs->load("other");
+	$file = $conf->admin->dir_temp . '/' . GETPOST('urlfile');	// Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
+	$ret=dol_delete_file($file);
+	if ($ret) setEventMessage($langs->trans("FileWasRemoved", GETPOST('urlfile')));
+	else setEventMessage($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile')), 'errors');
+	Header('Location: '.$_SERVER["PHP_SELF"]);
+	exit;
+}
+
+/*
+ * View
+ */
+
+$form = new Form($db);
+
+llxHeader('',$langs->trans("Files"));
+
+print_fiche_titre($langs->trans("SecuritySetup"),'','setup');
+
+//print $langs->trans("FilesDesc")."<br>\n";
+//print "<br>\n";
+
+
+
+print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
+print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
+print '<input type="hidden" name="action" value="updateform">';
+
+$head=security_prepare_head();
+
+dol_fiche_head($head, 'file', $langs->trans("Security"));
+
+
+// Upload options
+$var=false;
+
+print '<table class="noborder" width="100%">';
+print '<tr class="liste_titre">';
+print '<td colspan="2">'.$langs->trans("Parameters").'</td>';
+print '<td>'.$langs->trans("Value").'</td>';
+print '</tr>';
+
+print '<tr '.$bc[$var].'>';
+print '<td colspan="2">'.$langs->trans("MaxSizeForUploadedFiles").'.';
+$max=@ini_get('upload_max_filesize');
+if ($max) print ' '.$langs->trans("MustBeLowerThanPHPLimit",$max*1024,$langs->trans("Kb")).'.';
+else print ' '.$langs->trans("NoMaxSizeByPHPLimit").'.';
+print '</td>';
+print '<td class="nowrap">';
+print '<input class="flat" name="MAIN_UPLOAD_DOC" type="text" size="6" value="'.htmlentities($conf->global->MAIN_UPLOAD_DOC).'"> '.$langs->trans("Kb");
+print '</td>';
+print '</tr>';
+
+$var=!$var;
+print '<tr '.$bc[$var].'>';
+print '<td>'.$langs->trans("UMask").'</td><td align="right">';
+print $form->textwithpicto('',$langs->trans("UMaskExplanation"));
+print '</td>';
+print '<td class="nowrap">';
+print '<input class="flat" name="MAIN_UMASK" type="text" size="6" value="'.htmlentities($conf->global->MAIN_UMASK).'">';
+print '</td>';
+print '</tr>';
+
+// Use anti virus
+$var=!$var;
+print "<tr ".$bc[$var].">";
+print '<td colspan="2">'.$langs->trans("AntiVirusCommand").'<br>';
+print $langs->trans("AntiVirusCommandExample");
+// Check command in inside safe_mode
+print '</td>';
+print '<td>';
+if (ini_get('safe_mode') && ! empty($conf->global->MAIN_ANTIVIRUS_COMMAND))
+{
+    $langs->load("errors");
+    $basedir=preg_replace('/"/','',dirname($conf->global->MAIN_ANTIVIRUS_COMMAND));
+    $listdir=explode(';',ini_get('safe_mode_exec_dir'));
+    if (! in_array($basedir,$listdir))
+    {
+        print img_warning($langs->trans('WarningSafeModeOnCheckExecDir'));
+        dol_syslog("safe_mode is on, basedir is ".$basedir.", safe_mode_exec_dir is ".ini_get('safe_mode_exec_dir'), LOG_WARNING);
+    }
+}
+print '<input type="text" name="MAIN_ANTIVIRUS_COMMAND" size="72" value="'.(! empty($conf->global->MAIN_ANTIVIRUS_COMMAND)?dol_htmlentities($conf->global->MAIN_ANTIVIRUS_COMMAND):'').'">';
+print "</td>";
+print '</tr>';
+
+// Use anti virus
+$var=!$var;
+print "<tr ".$bc[$var].">";
+print '<td colspan="2">'.$langs->trans("AntiVirusParam").'<br>';
+print $langs->trans("AntiVirusParamExample");
+print '</td>';
+print '<td>';
+print '<input type="text" name="MAIN_ANTIVIRUS_PARAM" size="72" value="'.(! empty($conf->global->MAIN_ANTIVIRUS_PARAM)?dol_htmlentities($conf->global->MAIN_ANTIVIRUS_PARAM):'').'">';
+print "</td>";
+print '</tr>';
+
+print '</table>';
+
+dol_fiche_end();
+
+print '<div class="center"><input type="submit" class="button" name="button" value="'.$langs->trans("Modify").'"></div>';
+
+print '</form>';
+
+
+
+// Form to test upload
+print '<br>';
+$formfile=new FormFile($db);
+$formfile->form_attach_new_file($_SERVER['PHP_SELF'], $langs->trans("FormToTestFileUploadForm"), 0, 0, 1, 50, '', '', 1, '', 0);
+
+// List of document
+$filearray=dol_dir_list($upload_dir, "files", 0, '', '', 'name', SORT_ASC, 1);
+$formfile->list_of_documents($filearray, '', 'admin_temp', '');
+
+llxFooter();
+$db->close();
--- a/htdocs/admin/security_other.php
+++ b/htdocs/admin/security_other.php
@ -37,20 +37,12 @@ if (! $user->admin)

 $action=GETPOST('action','alpha');

-$upload_dir=$conf->admin->dir_temp;


 /*
 * Actions
 */

-if (GETPOST('sendit') && ! empty($conf->global->MAIN_UPLOAD_DOC))
-{
-    require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
-
-    dol_add_file_process($upload_dir, 0, 0, 'userfile');
-}
-
 if (preg_match('/set_(.*)/',$action,$reg))
 {
 	$code=$reg[1];
@ -84,27 +76,11 @@ else if ($action == 'updateform')
 {
 	$res1=dolibarr_set_const($db, "MAIN_APPLICATION_TITLE", $_POST["MAIN_APPLICATION_TITLE"],'chaine',0,'',$conf->entity);
    $res2=dolibarr_set_const($db, "MAIN_SESSION_TIMEOUT", $_POST["MAIN_SESSION_TIMEOUT"],'chaine',0,'',$conf->entity);
-	$res3=dolibarr_set_const($db, 'MAIN_UPLOAD_DOC',$_POST["MAIN_UPLOAD_DOC"],'chaine',0,'',$conf->entity);
-    $res4=dolibarr_set_const($db, "MAIN_UMASK", $_POST["MAIN_UMASK"],'chaine',0,'',$conf->entity);
-    $res5=dolibarr_set_const($db, "MAIN_ANTIVIRUS_COMMAND", $_POST["MAIN_ANTIVIRUS_COMMAND"],'chaine',0,'',$conf->entity);
-    $res6=dolibarr_set_const($db, "MAIN_ANTIVIRUS_PARAM", $_POST["MAIN_ANTIVIRUS_PARAM"],'chaine',0,'',$conf->entity);
-	if ($res1 && $res2 && $res3 && $res4 && $res5 && $res6) setEventMessage($langs->trans("RecordModifiedSuccessfully"));
+	if ($res1 && $res2) setEventMessage($langs->trans("RecordModifiedSuccessfully"));
 }



-// Delete file
-else if ($action == 'delete')
-{
-	$langs->load("other");
-	$file = $conf->admin->dir_temp . '/' . GETPOST('urlfile');	// Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
-	$ret=dol_delete_file($file);
-	if ($ret) setEventMessage($langs->trans("FileWasRemoved", GETPOST('urlfile')));
-	else setEventMessage($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile')), 'errors');
-	Header('Location: '.$_SERVER["PHP_SELF"]);
-	exit;
-}
-
 /*
 * View
 */
@ -230,74 +206,6 @@ print '</tr>';

 print '</table>';

-print '<br>';
-
-// Upload options
-$var=false;
-
-print '<table class="noborder" width="100%">';
-print '<tr class="liste_titre">';
-print '<td colspan="2">'.$langs->trans("Parameters").'</td>';
-print '<td>'.$langs->trans("Value").'</td>';
-print '</tr>';
-
-print '<tr '.$bc[$var].'>';
-print '<td colspan="2">'.$langs->trans("MaxSizeForUploadedFiles").'.';
-$max=@ini_get('upload_max_filesize');
-if ($max) print ' '.$langs->trans("MustBeLowerThanPHPLimit",$max*1024,$langs->trans("Kb")).'.';
-else print ' '.$langs->trans("NoMaxSizeByPHPLimit").'.';
-print '</td>';
-print '<td class="nowrap">';
-print '<input class="flat" name="MAIN_UPLOAD_DOC" type="text" size="6" value="'.htmlentities($conf->global->MAIN_UPLOAD_DOC).'"> '.$langs->trans("Kb");
-print '</td>';
-print '</tr>';
-
-$var=!$var;
-print '<tr '.$bc[$var].'>';
-print '<td>'.$langs->trans("UMask").'</td><td align="right">';
-print $form->textwithpicto('',$langs->trans("UMaskExplanation"));
-print '</td>';
-print '<td class="nowrap">';
-print '<input class="flat" name="MAIN_UMASK" type="text" size="6" value="'.htmlentities($conf->global->MAIN_UMASK).'">';
-print '</td>';
-print '</tr>';
-
-// Use anti virus
-$var=!$var;
-print "<tr ".$bc[$var].">";
-print '<td colspan="2">'.$langs->trans("AntiVirusCommand").'<br>';
-print $langs->trans("AntiVirusCommandExample");
-// Check command in inside safe_mode
-print '</td>';
-print '<td>';
-if (ini_get('safe_mode') && ! empty($conf->global->MAIN_ANTIVIRUS_COMMAND))
-{
-    $langs->load("errors");
-    $basedir=preg_replace('/"/','',dirname($conf->global->MAIN_ANTIVIRUS_COMMAND));
-    $listdir=explode(';',ini_get('safe_mode_exec_dir'));
-    if (! in_array($basedir,$listdir))
-    {
-        print img_warning($langs->trans('WarningSafeModeOnCheckExecDir'));
-        dol_syslog("safe_mode is on, basedir is ".$basedir.", safe_mode_exec_dir is ".ini_get('safe_mode_exec_dir'), LOG_WARNING);
-    }
-}
-print '<input type="text" name="MAIN_ANTIVIRUS_COMMAND" size="72" value="'.(! empty($conf->global->MAIN_ANTIVIRUS_COMMAND)?dol_htmlentities($conf->global->MAIN_ANTIVIRUS_COMMAND):'').'">';
-print "</td>";
-print '</tr>';
-
-// Use anti virus
-$var=!$var;
-print "<tr ".$bc[$var].">";
-print '<td colspan="2">'.$langs->trans("AntiVirusParam").'<br>';
-print $langs->trans("AntiVirusParamExample");
-print '</td>';
-print '<td>';
-print '<input type="text" name="MAIN_ANTIVIRUS_PARAM" size="72" value="'.(! empty($conf->global->MAIN_ANTIVIRUS_PARAM)?dol_htmlentities($conf->global->MAIN_ANTIVIRUS_PARAM):'').'">';
-print "</td>";
-print '</tr>';
-
-print '</table>';
-
 dol_fiche_end();

 print '<div class="center"><input type="submit" class="button" name="button" value="'.$langs->trans("Modify").'"></div>';
@ -305,15 +213,5 @@ print '<div class="center"><input type="submit" class="button" name="button" val
 print '</form>';


-
-// Form to test upload
-print '<br>';
-$formfile=new FormFile($db);
-$formfile->form_attach_new_file($_SERVER['PHP_SELF'], $langs->trans("FormToTestFileUploadForm"), 0, 0, 1, 50, '', '', 1, '', 0);
-
-// List of document
-$filearray=dol_dir_list($upload_dir, "files", 0, '', '', 'name', SORT_ASC, 1);
-$formfile->list_of_documents($filearray, '', 'admin_temp', '');
-
 llxFooter();
 $db->close();
--- a/htdocs/core/lib/admin.lib.php
+++ b/htdocs/core/lib/admin.lib.php
@ -516,11 +516,6 @@ function security_prepare_head()
    $h = 0;
    $head = array();

-    $head[$h][0] = DOL_URL_ROOT."/admin/proxy.php";
-    $head[$h][1] = $langs->trans("ExternalAccess");
-    $head[$h][2] = 'proxy';
-    $h++;
-
    $head[$h][0] = DOL_URL_ROOT."/admin/security_other.php";
    $head[$h][1] = $langs->trans("Miscellaneous");
    $head[$h][2] = 'misc';
@ -531,6 +526,16 @@ function security_prepare_head()
    $head[$h][2] = 'passwords';
    $h++;

+    $head[$h][0] = DOL_URL_ROOT."/admin/security_file.php";
+    $head[$h][1] = $langs->trans("Files");
+    $head[$h][2] = 'file';
+    $h++;
+
+    $head[$h][0] = DOL_URL_ROOT."/admin/proxy.php";
+    $head[$h][1] = $langs->trans("ExternalAccess");
+    $head[$h][2] = 'proxy';
+    $h++;
+
    $head[$h][0] = DOL_URL_ROOT."/admin/events.php";
    $head[$h][1] = $langs->trans("Audit");
    $head[$h][2] = 'audit';
--- a/htdocs/core/menus/init_menu_auguria.sql
+++ b/htdocs/core/menus/init_menu_auguria.sql
@ -27,7 +27,7 @@ insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, left
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$leftmenu=="setup"', __HANDLER__, 'left', 104__+MAX_llx_menu__, 'home', '', 100__+MAX_llx_menu__, '/admin/boxes.php?leftmenu=setup', 'Boxes', 1, 'admin', '', '', 2, 6, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$leftmenu=="setup"', __HANDLER__, 'left', 105__+MAX_llx_menu__, 'home', '', 100__+MAX_llx_menu__, '/admin/menus.php?leftmenu=setup', 'Menus', 1, 'admin', '', '', 2, 3, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$leftmenu=="setup"', __HANDLER__, 'left', 106__+MAX_llx_menu__, 'home', '', 100__+MAX_llx_menu__, '/admin/delais.php?leftmenu=setup', 'Alerts', 1, 'admin', '', '', 2, 7, __ENTITY__);
-insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$leftmenu=="setup"', __HANDLER__, 'left', 108__+MAX_llx_menu__, 'home', '', 100__+MAX_llx_menu__, '/admin/proxy.php?leftmenu=setup', 'Security', 1, 'admin', '', '', 2, 8, __ENTITY__);
+insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$leftmenu=="setup"', __HANDLER__, 'left', 108__+MAX_llx_menu__, 'home', '', 100__+MAX_llx_menu__, '/admin/security_other.php?leftmenu=setup', 'Security', 1, 'admin', '', '', 2, 8, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$leftmenu=="setup"', __HANDLER__, 'left', 110__+MAX_llx_menu__, 'home', '', 100__+MAX_llx_menu__, '/admin/limits.php?leftmenu=setup', 'MenuLimits', 1, 'admin', '', '', 2, 9, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$leftmenu=="setup"', __HANDLER__, 'left', 107__+MAX_llx_menu__, 'home', '', 100__+MAX_llx_menu__, '/admin/pdf.php?leftmenu=setup', 'PDF', 1, 'admin', '', '', 2, 10, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$leftmenu=="setup"', __HANDLER__, 'left', 109__+MAX_llx_menu__, 'home', '', 100__+MAX_llx_menu__, '/admin/mails.php?leftmenu=setup', 'Emails', 1, 'admin', '', '', 2, 11, __ENTITY__);
--- a/htdocs/core/menus/standard/eldy.lib.php
+++ b/htdocs/core/menus/standard/eldy.lib.php
@ -487,7 +487,7 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu
 					}
 					$newmenu->add("/admin/boxes.php?mainmenu=home", $langs->trans("Boxes"),1);
 					$newmenu->add("/admin/delais.php?mainmenu=home",$langs->trans("Alerts"),1);
-					$newmenu->add("/admin/proxy.php?mainmenu=home", $langs->trans("Security"),1);
+					$newmenu->add("/admin/security_other.php?mainmenu=home", $langs->trans("Security"),1);
 					$newmenu->add("/admin/limits.php?mainmenu=home", $langs->trans("MenuLimits"),1);
 					$newmenu->add("/admin/pdf.php?mainmenu=home", $langs->trans("PDF"),1);
 					$newmenu->add("/admin/mails.php?mainmenu=home", $langs->trans("Emails"),1);