diff --git a/htdocs/conf/conf.php.example b/htdocs/conf/conf.php.example index 356e76ba374..7475cf54ddb 100644 --- a/htdocs/conf/conf.php.example +++ b/htdocs/conf/conf.php.example @@ -238,6 +238,15 @@ $dolibarr_main_prod='0'; // $dolibarr_main_restrict_os_commands='mysqldump, mysql, pg_dump, pgrestore'; +// $dolibarr_main_restrict_ip +// To restrict access to backoffice to some ip addresses only. +// Note: Pages that does not need login (like public pages, web site) are not protected with this. +// Default value: '' +// Examples: +// $dolibarr_main_restrict_ip='127.0.0.1, 192.168.0.1'; +// +$dolibarr_main_restrict_ip=''; + // dolibarr_nocsrfcheck // This parameter can be used to disable CSRF protection. // This might be required if you access Dolibarr behind a proxy that make @@ -284,16 +293,6 @@ $dolibarr_nocsrfcheck='0'; // Examples: // $dolibarr_strict_mode=0; -// dolibarr_pdf_force_fpdf -// Set this to 1 to use the libray FPDF instead of TCPDF. FPDF is not embedded with Dolibarr, -// so you also have to uncomment line $dolibarr_lib_FPDF_PATH to provide path to FPDF library. -// Warning: FPDF does not support all features supported by TCPDF used by default. So using -// this library instead of TCPF will break some features like transparent logo, cyrillic, arab, -// and asiatic languages, total number of pages, ... -// Default value: 0 -// Examples: -// $dolibarr_pdf_force_fpdf=1; - //################################# diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index d1adfaf9734..8def2194fb3 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -548,9 +548,10 @@ abstract class CommonObject * * @param string $modulepart Module related to document * @param int $initsharekey Init the share key if it was not yet defined + * @param int $relativelink 0=Return full external link, 1=Return link relative to root of file * @return string Link or empty string if there is no download link */ - function getLastMainDocLink($modulepart, $initsharekey=0) + function getLastMainDocLink($modulepart, $initsharekey=0, $relativelink=0) { global $user, $dolibarr_main_url_root; @@ -621,10 +622,17 @@ abstract class CommonObject if (! empty($ecmfile->share)) $paramlink.=($paramlink?'&':'').'hashp='.$ecmfile->share; // Hash for public share if ($forcedownload) $paramlink.=($paramlink?'&':'').'attachment=1'; - $fulllink=$urlwithroot.'/document.php'.($paramlink?'?'.$paramlink:''); + if ($relativelink) + { + $linktoreturn='document.php'.($paramlink?'?'.$paramlink:''); + } + else + { + $linktoreturn=$urlwithroot.'/document.php'.($paramlink?'?'.$paramlink:''); + } // Here $ecmfile->share is defined - return $fulllink; + return $linktoreturn; } diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 2439a9fd6e0..df49c541b41 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -293,6 +293,25 @@ if (! empty($conf->file->main_force_https) && (empty($_SERVER["HTTPS"]) || $_SER } } +if (! defined('NOLOGIN') && ! defined('NOIPCHECK') && ! empty($dolibarr_main_restrict_ip)) +{ + $listofip=explode(',', $dolibarr_main_restrict_ip); + $found = false; + foreach($listofip as $ip) + { + $ip=trim($ip); + if ($ip == $_SERVER['REMOTE_ADDR']) + { + $found = true; + break; + } + } + if (! $found) + { + print 'Access refused by IP protection'; + exit; + } +} // Loading of additional presentation includes if (! defined('NOREQUIREHTML')) require_once DOL_DOCUMENT_ROOT .'/core/class/html.form.class.php'; // Need 660ko memory (800ko in 2.2) diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index 68cefa714c3..bc1e9fc7d51 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -30,6 +30,7 @@ //if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION','1'); // Do not check anti CSRF attack test //if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); // Do not check anti CSRF attack test done when option MAIN_SECURITY_CSRF_WITH_TOKEN is on. //if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK','1'); // Do not check style html tag into posted data +//if (! defined('NOIPCHECK')) define('NOIPCHECK','1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Do not check anti POST attack test //if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no need to load and show top and left menu //if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); // If we don't need to load the html.form.class.php diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index ef384edb818..23a748a12dc 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -30,6 +30,7 @@ //if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION','1'); // Do not check anti CSRF attack test //if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); // Do not check anti CSRF attack test done when option MAIN_SECURITY_CSRF_WITH_TOKEN is on. //if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK','1'); // Do not check style html tag into posted data +//if (! defined('NOIPCHECK')) define('NOIPCHECK','1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Do not check anti POST attack test //if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no need to load and show top and left menu //if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); // If we don't need to load the html.form.class.php @@ -253,19 +254,19 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) $result = $db->query($sql); $nbtotalofrecords = $db->num_rows($result); } -// if total resultset is smaller then paging size (filtering), goto and load page 0 -if (($page * $limit) > $nbtotalofrecords) +// if total resultset is smaller then paging size (filtering), goto and load page 0 +if (($page * $limit) > $nbtotalofrecords) { $page = 0; - $offset = 0; + $offset = 0; } // if total resultset is smaller the limit, no need to do paging. if (is_numeric($nbtotalofrecords) && $limit > $nbtotalofrecords) { $resql = $result; $num = $nbtotalofrecords; -} -else +} +else { $sql.= $db->plimit($limit+1, $offset);