Fix #yogosha4510

This commit is contained in:
Laurent Destailleur 2021-04-07 23:43:10 +02:00
parent 6c4f5b851d
commit 59c8e70fd2
7 changed files with 16 additions and 14 deletions

View File

@ -897,7 +897,7 @@ if ($mode == 'common' || $mode == 'commonkanban') {
if (!empty($conf->global->CHECKLASTVERSION_EXTERNALMODULE)) { // This is a bad practice to activate a synch external access during building of a page. 1 external module can hang the application.
require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php';
if (!empty($objMod->url_last_version)) {
$newversion = getURLContent($objMod->url_last_version);
$newversion = getURLContent($objMod->url_last_version, 'GET', '', 1, array(), array('http', 'https'), 0); // Accept http or https links on external remote server only
if (isset($newversion['content'])) {
if (version_compare($newversion['content'], $versiontrans) > 0) {
print "&nbsp;<span class='butAction' title='".$langs->trans('LastStableVersion')."'>".$newversion['content']."</span>";

View File

@ -92,8 +92,6 @@ if (empty($xmlremote) && !empty($conf->global->$param)) {
if (empty($xmlremote)) {
$xmlremote = 'https://www.dolibarr.org/files/stable/signatures/filelist-'.DOL_VERSION.'.xml';
}
if ($xmlremote && !preg_match('/^https?:\/\//', $xmlremote)) {
}
if ($xmlremote && !preg_match('/^https?:\/\//', $xmlremote)) {
$langs->load("errors");
setEventMessages($langs->trans("ErrorURLMustStartWithHttp", $xmlremote), '', 'errors');

View File

@ -1647,8 +1647,8 @@ class Setup extends DolibarrApi
$file_list = array('missing' => array(), 'updated' => array());
// Local file to compare to
$xmlshortfile = GETPOST('xmlshortfile') ?GETPOST('xmlshortfile') : '/install/filelist-'.DOL_VERSION.'.xml';
$xmlfile = DOL_DOCUMENT_ROOT.$xmlshortfile;
$xmlshortfile = dol_sanitizeFileName(GETPOST('xmlshortfile', 'alpha') ? GETPOST('xmlshortfile', 'alpha') : 'filelist-'.DOL_VERSION.(empty($conf->global->MAIN_FILECHECK_LOCAL_SUFFIX) ? '' : $conf->global->MAIN_FILECHECK_LOCAL_SUFFIX).'.xml'.(empty($conf->global->MAIN_FILECHECK_LOCAL_EXT) ? '' : $conf->global->MAIN_FILECHECK_LOCAL_EXT));
$xmlfile = DOL_DOCUMENT_ROOT.'/install/'.$xmlshortfile;
// Remote file to compare to
$xmlremote = ($target == 'default' ? '' : $target);
if (empty($xmlremote) && !empty($conf->global->MAIN_FILECHECK_URL)) {
@ -1661,6 +1661,10 @@ class Setup extends DolibarrApi
if (empty($xmlremote)) {
$xmlremote = 'https://www.dolibarr.org/files/stable/signatures/filelist-'.DOL_VERSION.'.xml';
}
if ($xmlremote && !preg_match('/^https?:\/\//', $xmlremote)) {
$langs->load("errors");
throw new RestException(500, $langs->trans("ErrorURLMustStartWithHttp", $xmlremote));
}
if ($target == 'local') {
if (dol_is_file($xmlfile)) {
@ -1669,7 +1673,7 @@ class Setup extends DolibarrApi
throw new RestException(500, $langs->trans('XmlNotFound').': '.$xmlfile);
}
} else {
$xmlarray = getURLContent($xmlremote);
$xmlarray = getURLContent($xmlremote, 'GET', '', 1, array(), array('http', 'https'), 0); // Accept http or https links on external remote server only
// Return array('content'=>response,'curl_error_no'=>errno,'curl_error_msg'=>errmsg...)
if (!$xmlarray['curl_error_no'] && $xmlarray['http_code'] != '400' && $xmlarray['http_code'] != '404') {

View File

@ -405,7 +405,7 @@ class SimpleOpenID
$url = $conf->global->MAIN_AUTHENTICATION_OPENID_URL;
}
$response = getURLContent($url);
$response = getURLContent($url, 'GET', '', 1, array(), array('http', 'https'));
list($servers, $delegates) = $this->HTML2OpenIDServer($response);
if (count($servers) == 0) {
@ -525,7 +525,7 @@ class SimpleOpenID
dol_syslog(get_class($this).'::sendDiscoveryRequestToGetXRDS get XRDS');
$addheaders = array('Accept: application/xrds+xml');
$response = getURLContent($url, 'GET', '', 1, $addheaders);
$response = getURLContent($url, 'GET', '', 1, $addheaders, array('http', 'https'), 0);
/* response should like this:
<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">

View File

@ -1023,7 +1023,7 @@ function getAllImages($object, $objectpage, $urltograb, &$tmp, &$action, $modify
if (empty($alreadygrabbed[$urltograbbis])) {
if ($grabimages) {
$tmpgeturl = getURLContent($urltograbbis);
$tmpgeturl = getURLContent($urltograbbis, 'GET', '', 1, array(), array('http', 'https'), 0);
if ($tmpgeturl['curl_error_no']) {
$error++;
setEventMessages('Error getting '.$urltograbbis.': '.$tmpgeturl['curl_error_msg'], null, 'errors');
@ -1094,7 +1094,7 @@ function getAllImages($object, $objectpage, $urltograb, &$tmp, &$action, $modify
if (empty($alreadygrabbed[$urltograbbis])) {
if ($grabimages) {
$tmpgeturl = getURLContent($urltograbbis);
$tmpgeturl = getURLContent($urltograbbis, 'GET', '', 1, array(), array('http', 'https'), 0);
if ($tmpgeturl['curl_error_no']) {
$error++;
setEventMessages('Error getting '.$urltograbbis.': '.$tmpgeturl['curl_error_msg'], null, 'errors');

View File

@ -487,7 +487,7 @@ class PriceGlobalVariableUpdater
if ($this->type == 0) {
// Call JSON request
include_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php';
$tmpresult = getURLContent($url);
$tmpresult = getURLContent($url, 'GET', '', 1, array(), array('http', 'https'), 0);
$code = $tmpresult['http_code'];
$result = $tmpresult['content'];

View File

@ -680,7 +680,7 @@ if ($action == 'addcontainer' && $usercanedit) {
}
if (!$error) {
$tmp = getURLContent($urltograb);
$tmp = getURLContent($urltograb, 'GET', '', 1, array(), array('http', 'https'), 0);
if ($tmp['curl_error_no']) {
$error++;
setEventMessages('Error getting '.$urltograb.': '.$tmp['curl_error_msg'], null, 'errors');
@ -795,7 +795,7 @@ if ($action == 'addcontainer' && $usercanedit) {
}
/*
$tmpgeturl = getURLContent($urltograbbis);
$tmpgeturl = getURLContent($urltograbbis, 'GET', '', 1, array(), array('http', 'https'), 0);
if ($tmpgeturl['curl_error_no'])
{
$error++;
@ -860,7 +860,7 @@ if ($action == 'addcontainer' && $usercanedit) {
continue;
}
$tmpgeturl = getURLContent($urltograbbis);
$tmpgeturl = getURLContent($urltograbbis, 'GET', '', 1, array(), array('http', 'https'), 0);
if ($tmpgeturl['curl_error_no']) {
$errorforsubresource++;
setEventMessages('Error getting link tag url '.$urltograbbis.': '.$tmpgeturl['curl_error_msg'], null, 'errors');