From 4be4f975b00db33cc4d7ffed32ce419a5ae34991 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 21 May 2020 01:03:03 +0200 Subject: [PATCH] add new rule --- htdocs/index.php | 4 +- htdocs/main.inc.php | 85 +++++++++++++------------------------------ htdocs/master.inc.php | 16 +++----- htdocs/viewimage.php | 25 ++++--------- 4 files changed, 40 insertions(+), 90 deletions(-) diff --git a/htdocs/index.php b/htdocs/index.php index 7f6e462839b..38fde99682c 100644 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -301,9 +301,7 @@ if (empty($user->socid) && empty($conf->global->MAIN_DISABLE_GLOBAL_BOXSTATS)) $board = new $class($db); $board->load_state_board($user); $boardloaded[$class] = $board; - } - else - { + } else { $board = $boardloaded[$class]; } diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 49c48e34ec1..733ded3e447 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -131,17 +131,13 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type) if (analyseVarsForSqlAndScriptsInjection($key, $type) && analyseVarsForSqlAndScriptsInjection($value, $type)) { //$var[$key] = $value; // This is useless - } - else - { + } else { print 'Access refused by SQL/Script injection protection in main.inc.php (type='.htmlentities($type).' key='.htmlentities($key).' value='.htmlentities($value).' page='.htmlentities($_SERVER["REQUEST_URI"]).')'; exit; } } return true; - } - else - { + } else { return (testSqlAndScriptInject($var, $type) <= 0); } } @@ -271,13 +267,11 @@ if (!empty($conf->file->main_force_https) && (empty($_SERVER["HTTPS"]) || $_SERV $newurl = preg_replace('/^http:/i', 'https:', $_SERVER["SCRIPT_URI"]); } } - else // Check HTTPS environment variable (Apache/mod_ssl only) - { + else { + // Check HTTPS environment variable (Apache/mod_ssl only) $newurl = preg_replace('/^http:/i', 'https:', DOL_MAIN_URL_ROOT).$_SERVER["REQUEST_URI"]; } - } - else - { + } else { // Check HTTPS environment variable (Apache/mod_ssl only) $newurl = $conf->file->main_force_https.$_SERVER["REQUEST_URI"]; } @@ -288,9 +282,7 @@ if (!empty($conf->file->main_force_https) && (empty($_SERVER["HTTPS"]) || $_SERV dol_syslog("main.inc: dolibarr_main_force_https is on, we make a redirect to ".$newurl); header("Location: ".$newurl); exit; - } - else - { + } else { dol_syslog("main.inc: dolibarr_main_force_https is on but we failed to forge new https url so no redirect is done", LOG_WARNING); } } @@ -432,9 +424,7 @@ if (!defined('NOLOGIN')) if (defined('MAIN_AUTHENTICATION_MODE')) { $dolibarr_main_authentication = constant('MAIN_AUTHENTICATION_MODE'); - } - else - { + } else { // Authentication mode if (empty($dolibarr_main_authentication)) $dolibarr_main_authentication = 'http,dolibarr'; // Authentication mode: forceuser @@ -658,9 +648,7 @@ if (!defined('NOLOGIN')) header('Location: '.DOL_URL_ROOT.'/index.php'.(count($paramsurl) ? '?'.implode('&', $paramsurl) : '')); exit; } - } - else - { + } else { // We are already into an authenticated session $login = $_SESSION["dol_login"]; $entity = $_SESSION["dol_entity"]; @@ -710,9 +698,7 @@ if (!defined('NOLOGIN')) if (GETPOST('lang', 'aZ09')) $paramsurl[] = 'lang='.GETPOST('lang', 'aZ09'); header('Location: '.DOL_URL_ROOT.'/index.php'.(count($paramsurl) ? '?'.implode('&', $paramsurl) : '')); exit; - } - else - { + } else { // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('main')); @@ -814,9 +800,7 @@ if (!defined('NOLOGIN')) session_destroy(); dol_print_error($db, 'Error in some triggers USER_LOGIN or in some hooks afterLogin'); exit; - } - else - { + } else { $db->commit(); } @@ -986,9 +970,7 @@ if (empty($conf->browser->firefox)) define('ROWS_7', 7); define('ROWS_8', 8); define('ROWS_9', 9); -} -else -{ +} else { define('ROWS_1', 0); define('ROWS_2', 1); define('ROWS_3', 2); @@ -1008,9 +990,8 @@ if (!defined('NOREQUIREMENU')) if (empty($user->socid)) // If internal user or not defined { $conf->standard_menu = (empty($conf->global->MAIN_MENU_STANDARD_FORCED) ? (empty($conf->global->MAIN_MENU_STANDARD) ? 'eldy_menu.php' : $conf->global->MAIN_MENU_STANDARD) : $conf->global->MAIN_MENU_STANDARD_FORCED); - } - else // If external user - { + } else { + // If external user $conf->standard_menu = (empty($conf->global->MAIN_MENUFRONT_STANDARD_FORCED) ? (empty($conf->global->MAIN_MENUFRONT_STANDARD) ? 'eldy_menu.php' : $conf->global->MAIN_MENUFRONT_STANDARD) : $conf->global->MAIN_MENUFRONT_STANDARD_FORCED); } @@ -1333,9 +1314,7 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr if (preg_match('/^(http|\/\/)/i', $cssfile)) { $urltofile = $cssfile; - } - else - { + } else { $urltofile = dol_buildpath($cssfile, 1); } print ''."\n".''."\n"; @@ -1505,9 +1482,7 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr if (preg_match('/^(http|\/\/)/i', $jsfile)) { print ''."\n"; - } - else - { + } else { print ''."\n"; } } @@ -1606,9 +1581,7 @@ function top_menu($head, $title = '', $target = '', $disablejs = 0, $disablehead $logouttext .= ''; $logouttext .= img_picto($langs->trans('Logout'), 'sign-out', '', false, 0, 0, '', 'atoplogin'); $logouttext .= ''; - } - else - { + } else { $logouthtmltext .= $langs->trans("NoLogoutProcessWithAuthMode", $_SESSION["dol_authmode"]); $logouttext .= img_picto($langs->trans('Logout'), 'sign-out', '', false, 0, 0, '', 'atoplogin opacitymedium'); } @@ -1625,11 +1598,10 @@ function top_menu($head, $title = '', $target = '', $disablejs = 0, $disablehead { if ($result == 0) $toprightmenu .= $hookmanager->resPrint; // add - else + else { $toprightmenu = $hookmanager->resPrint; // replace - } - else - { + } + } else { $toprightmenu .= $result; // For backward compatibility } @@ -2362,8 +2334,9 @@ function main_area($title = '') print ''."\n"; print ''; print ''."\n"; print ''."\n"; print ''."\n"; @@ -2398,9 +2371,7 @@ function getHelpParamFor($helppagename, $langs) $helpbaseurl = '%s'; $helppage = $helppagename; $mode = 'local'; - } - else - { + } else { // If WIKI URL $reg = array(); if (preg_match('/^es/i', $langs->defaultlang)) @@ -2538,10 +2509,8 @@ if (!function_exists("llxFooter")) { $title = img_warning().' '.$langs->trans('CoreErrorTitle'); print ajax_dialog($title, $langs->trans('CoreErrorMessage')); - } - // html version - else - { + } else { + // html version $msg = img_warning().' '.$langs->trans('CoreErrorMessage'); print '
'.$msg.'
'; } @@ -2683,9 +2652,7 @@ if (!function_exists("llxFooter")) \n"; include_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; diff --git a/htdocs/master.inc.php b/htdocs/master.inc.php index 4005e6a2ed5..1ef1f9c1f50 100644 --- a/htdocs/master.inc.php +++ b/htdocs/master.inc.php @@ -60,14 +60,14 @@ if (defined('TEST_DB_FORCE_TYPE')) $conf->db->type = constant('TEST_DB_FORCE_TYP // Set properties specific to conf file $conf->file->main_limit_users = $dolibarr_main_limit_users; -$conf->file->mailing_limit_sendbyweb = $dolibarr_mailing_limit_sendbyweb; -$conf->file->mailing_limit_sendbycli = $dolibarr_mailing_limit_sendbycli; +$conf->file->mailing_limit_sendbyweb = $dolibarr_mailing_limit_sendbyweb; +$conf->file->mailing_limit_sendbycli = $dolibarr_mailing_limit_sendbycli; $conf->file->main_authentication = empty($dolibarr_main_authentication) ? '' : $dolibarr_main_authentication; // Identification mode $conf->file->main_force_https = empty($dolibarr_main_force_https) ? '' : $dolibarr_main_force_https; // Force https -$conf->file->strict_mode = empty($dolibarr_strict_mode) ? '' : $dolibarr_strict_mode; // Force php strict mode (for debug) +$conf->file->strict_mode = empty($dolibarr_strict_mode) ? '' : $dolibarr_strict_mode; // Force php strict mode (for debug) $conf->file->instance_unique_id = empty($dolibarr_main_instance_unique_id) ? (empty($dolibarr_main_cookie_cryptkey) ? '' : $dolibarr_main_cookie_cryptkey) : $dolibarr_main_instance_unique_id; // Unique id of instance $conf->file->dol_document_root = array('main' => (string) DOL_DOCUMENT_ROOT); // Define array of document root directories ('/home/htdocs') -$conf->file->dol_url_root = array('main' => (string) DOL_URL_ROOT); // Define array of url root path ('' or '/dolibarr') +$conf->file->dol_url_root = array('main' => (string) DOL_URL_ROOT); // Define array of url root path ('' or '/dolibarr') if (!empty($dolibarr_main_document_root_alt)) { // dolibarr_main_document_root_alt can contains several directories @@ -132,9 +132,7 @@ if (!defined('NOREQUIREDB')) $langs->setDefaultLang('auto'); $langs->load("website"); print $langs->trans("SorryWebsiteIsCurrentlyOffLine"); - } - else - { + } else { print "SorryWebsiteIsCurrentlyOffLine"; } print ''; @@ -225,9 +223,7 @@ if (!empty($conf->global->MAIN_ONLY_LOGIN_ALLOWED)) print 'You are logged with user "'.$_SESSION["dol_login"].'" and only administrator user "'.$conf->global->MAIN_ONLY_LOGIN_ALLOWED.'" is allowed to connect for the moment.'."\n"; $nexturl = DOL_URL_ROOT.'/user/logout.php'; print 'Please try later or click here to disconnect and change login user...'."\n"; - } - else - { + } else { print 'Sorry, your application is offline. Only administrator user "'.$conf->global->MAIN_ONLY_LOGIN_ALLOWED.'" is allowed to connect for the moment.'."\n"; $nexturl = DOL_URL_ROOT.'/'; print 'Please try later or click here to change login user...'."\n"; diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index b2534ee92dd..9970026a524 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -155,20 +155,14 @@ if (!empty($hashp)) // We remove first level of directory $original_file = (($tmp[1] ? $tmp[1].'/' : '').$ecmfile->filename); // this is relative to module dir //var_dump($original_file); exit; - } - else - { + } else { accessforbidden('Bad link. File is from another module part.', 0, 0, 1); } - } - else - { + } else { $modulepart = $moduleparttocheck; $original_file = (($tmp[1] ? $tmp[1].'/' : '').$ecmfile->filename); // this is relative to module dir } - } - else - { + } else { $langs->load("errors"); accessforbidden($langs->trans("ErrorFileNotFoundWithSharedLink"), 0, 0, 1); } @@ -208,9 +202,7 @@ elseif (isset($_GET["publictakepos"])) if (! empty($conf->global->TAKEPOS_AUTO_ORDER)) { $accessallowed = 1; // Only if TakePOS Public Auto Order is enabled and received publictakepos variable } -} -else -{ +} else { // Basic protection (against external users only) if ($user->socid > 0) { @@ -290,9 +282,8 @@ if ($modulepart == 'barcode') { $result = $module->buildBarCode($code, $encoding, $readable); } -} -else // Open and return file -{ +} else { + // Open and return file clearstatcache(); $filename = basename($fullpath_original_file); @@ -314,9 +305,7 @@ else // Open and return file { top_httphead($type); header('Content-Disposition: inline; filename="'.basename($fullpath_original_file).'"'); - } - else - { + } else { top_httphead('image/png'); header('Content-Disposition: inline; filename="'.basename($fullpath_original_file).'"'); }
'; - if ($conf->global->MAIN_SHOW_LOGO && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER) && !empty($conf->global->MAIN_INFO_SOCIETE_LOGO)) + if ($conf->global->MAIN_SHOW_LOGO && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER) && !empty($conf->global->MAIN_INFO_SOCIETE_LOGO)) { print ''; + } print '
'.dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_NOM).'
'.dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_ADDRESS).'
'.dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_ZIP).' '.dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_TOWN).'