From 7e2eca661bd289ff76138c2fa6ed081b9133197f Mon Sep 17 00:00:00 2001 From: Marc de Lima Lucio Date: Tue, 18 Dec 2018 09:40:58 +0100 Subject: [PATCH 01/18] FIX: contact/adress tab: when changing company ajax combo, the first contact change is not taken into account --- htdocs/core/class/html.form.class.php | 4 ++-- htdocs/core/class/html.formcompany.class.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index bc9aa55f6f6..1dc334560ec 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -1355,7 +1355,7 @@ class Form $out .= ajax_combobox($htmlid, $events, $conf->global->CONTACT_USE_SEARCH_TO_SELECT); } - if ($htmlname != 'none' || $options_only) $out.= ''; if ($showempty == 1) $out.= ''; if ($showempty == 2) $out.= ''; $num = $this->db->num_rows($resql); @@ -1417,7 +1417,7 @@ class Form { $out.= ''; } - if ($htmlname != 'none' || $options_only) + if ($htmlname != 'none' && ! $options_only) { $out.= ''; } diff --git a/htdocs/core/class/html.formcompany.class.php b/htdocs/core/class/html.formcompany.class.php index 63babef655e..317f5fe1af6 100644 --- a/htdocs/core/class/html.formcompany.class.php +++ b/htdocs/core/class/html.formcompany.class.php @@ -589,8 +589,8 @@ class FormCompany runJsCodeForEvent'.$htmlname.'(values); } }); - /* Clean contact */ - $("div#s2id_contactid>a>span").html(\'\'); + + $(this).trigger("blur"); }); // Function used to execute events when search_htmlname change From 96144e18f11db066333bec03cb2df4dd0576e0ac Mon Sep 17 00:00:00 2001 From: ATM-Nicolas Date: Tue, 18 Dec 2018 15:27:32 +0100 Subject: [PATCH 02/18] FIX : Function updatePrice with wrong parameters --- htdocs/product/price.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/price.php b/htdocs/product/price.php index 259f7d24c0a..a56ae34fc84 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -1440,7 +1440,7 @@ if ((empty($conf->global->PRODUIT_CUSTOMER_PRICES) || $action=='showlog_default_ // Il doit au moins y avoir la ligne de prix initial. // On l'ajoute donc pour remettre a niveau (pb vieilles versions) - $object->updatePrice($object->price, $object->price_base_type, $user, $newprice_min); + $object->updatePrice($object->price, $object->price_base_type, $user, $object->tva_tx, $object->price_min); $result = $db->query($sql); $num = $db->num_rows($result); From 707af49025f7fcceda13dee05ca9893ca051b5bf Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 19 Dec 2018 12:07:26 +0100 Subject: [PATCH 03/18] FIX Missing last month on vat report per month --- htdocs/compta/tva/index.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/compta/tva/index.php b/htdocs/compta/tva/index.php index 2fdd1591ead..5c346ca9ced 100644 --- a/htdocs/compta/tva/index.php +++ b/htdocs/compta/tva/index.php @@ -256,7 +256,8 @@ $mend = $tmp['mon']; //var_dump($m); $total=0; $subtotalcoll=0; $subtotalpaye=0; $subtotal=0; $i=0; $mcursor=0; -while ((($y < $yend) || ($y == $yend && $m < $mend)) && $mcursor < 1000) // $mcursor is to avoid too large loop + +while ((($y < $yend) || ($y == $yend && $m <= $mend)) && $mcursor < 1000) // $mcursor is to avoid too large loop { //$m = $conf->global->SOCIETE_FISCAL_MONTH_START + ($mcursor % 12); if ($m == 13) $y++; From 9b215e117a592bcbe3547496a15fcfb59eb762f7 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 21 Dec 2018 11:23:44 +0100 Subject: [PATCH 04/18] FIX check if "entity" is already defined in "$param" --- htdocs/core/class/html.formfile.class.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index 2444dc293fd..c7288aa63d3 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -300,8 +300,10 @@ class FormFile return $this->getDocumentsLink($modulepart, $modulesubdir, $filedir); } - // Add entity in $param - $param.= 'entity='.(!empty($object->entity)?$object->entity:$conf->entity); + // Add entity in $param if not already exists + if (!preg_match('/entity\=[0-9]+/', $param)) { + $param.= 'entity='.(!empty($object->entity)?$object->entity:$conf->entity); + } $printer=0; if (in_array($modulepart,array('facture','supplier_proposal','propal','proposal','order','commande','expedition', 'commande_fournisseur', 'expensereport'))) // The direct print feature is implemented only for such elements From 09ce84ca93ba746cc12c7f50dad5f9b48ad331d0 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 21 Dec 2018 16:38:02 +0100 Subject: [PATCH 05/18] FIX avoid Class 'AdherentType' not found --- .../triggers/interface_50_modLdap_Ldapsynchro.class.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php b/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php index 1e9c2c2ec31..500f6bfa966 100644 --- a/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php +++ b/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php @@ -436,9 +436,10 @@ class InterfaceLdapsynchro extends DolibarrTriggers // For member type if (! empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && (string) $conf->global->LDAP_MEMBER_TYPE_ACTIVE == '1') { - $membertype=new AdherentType($this->db); if ($object->typeid > 0) { + require_once DOL_DOCUMENT_ROOT."/adherents/class/adherent_type.class.php"; + $membertype=new AdherentType($this->db); $membertype->fetch($object->typeid); $membertype->listMembersForMemberType(); @@ -555,6 +556,8 @@ class InterfaceLdapsynchro extends DolibarrTriggers // For member type if (! empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && (string) $conf->global->LDAP_MEMBER_TYPE_ACTIVE == '1') { + require_once DOL_DOCUMENT_ROOT."/adherents/class/adherent_type.class.php"; + /* * Change member info */ @@ -679,6 +682,8 @@ class InterfaceLdapsynchro extends DolibarrTriggers { if ($object->typeid > 0) { + require_once DOL_DOCUMENT_ROOT."/adherents/class/adherent_type.class.php"; + /* * Remove member in member type */ From 33564ddafc9b3567714320a07458b3445f79f296 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 22 Dec 2018 11:57:23 +0100 Subject: [PATCH 06/18] Fix css --- htdocs/core/class/html.form.class.php | 10 ++++++---- htdocs/core/tpl/objectline_create.tpl.php | 2 +- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 8ba38b81edb..b63e380c2c1 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -2491,9 +2491,10 @@ class Form * @param array $ajaxoptions Options for ajax_autocompleter * @param int $hidelabel Hide label (0=no, 1=yes) * @param int $alsoproductwithnosupplierprice 1=Add also product without supplier prices + * @param string $morecss More CSS * @return void */ - function select_produits_fournisseurs($socid, $selected='', $htmlname='productid', $filtertype='', $filtre='', $ajaxoptions=array(), $hidelabel=0, $alsoproductwithnosupplierprice=0) + function select_produits_fournisseurs($socid, $selected='', $htmlname='productid', $filtertype='', $filtre='', $ajaxoptions=array(), $hidelabel=0, $alsoproductwithnosupplierprice=0, $morecss='') { // phpcs:enable global $langs,$conf; @@ -2518,7 +2519,7 @@ class Form } else { - print $this->select_produits_fournisseurs_list($socid,$selected,$htmlname,$filtertype,$filtre,'',-1,0,0,$alsoproductwithnosupplierprice); + print $this->select_produits_fournisseurs_list($socid, $selected, $htmlname, $filtertype, $filtre, '', -1, 0, 0, $alsoproductwithnosupplierprice, $morecss); } } @@ -2536,9 +2537,10 @@ class Form * @param int $outputmode 0=HTML select string, 1=Array * @param int $limit Limit of line number * @param int $alsoproductwithnosupplierprice 1=Add also product without supplier prices + * @param string $morecss Add more CSS * @return array Array of keys for json */ - function select_produits_fournisseurs_list($socid,$selected='',$htmlname='productid',$filtertype='',$filtre='',$filterkey='',$statut=-1,$outputmode=0,$limit=100,$alsoproductwithnosupplierprice=0) + function select_produits_fournisseurs_list($socid,$selected='',$htmlname='productid',$filtertype='',$filtre='',$filterkey='',$statut=-1,$outputmode=0,$limit=100,$alsoproductwithnosupplierprice=0,$morecss='') { // phpcs:enable global $langs,$conf,$db; @@ -2593,7 +2595,7 @@ class Form $num = $this->db->num_rows($result); //$out.=''; + $out.=''; echo ''; From 0f06e39d23636bd1e4039ac61a743c79725c798b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 22 Dec 2018 16:55:31 +0100 Subject: [PATCH 07/18] FIX CVE-2018-19992 --- htdocs/adherents/card.php | 6 +++--- htdocs/adherents/type.php | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index c29743b60c4..0d7869d12db 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -951,14 +951,14 @@ else // Address print ''.$langs->trans("Address").''; - print ''; + print ''; print ''; // Zip / Town print ''.$langs->trans("Zip").' / '.$langs->trans("Town").''; - print $formcompany->select_ziptown((GETPOST('zipcode','alpha')?GETPOST('zipcode','alpha'):$object->zip),'zipcode',array('town','selectcountry_id','state_id'),6); + print $formcompany->select_ziptown((GETPOST('zipcode','alphanohtml')?GETPOST('zipcode','alphanohtml'):$object->zip),'zipcode',array('town','selectcountry_id','state_id'),6); print ' '; - print $formcompany->select_ziptown((GETPOST('town','alpha')?GETPOST('town','alpha'):$object->town),'town',array('zipcode','selectcountry_id','state_id')); + print $formcompany->select_ziptown((GETPOST('town','alphanohtml')?GETPOST('town','alphanohtml'):$object->town),'town',array('zipcode','selectcountry_id','state_id')); print ''; // Country diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index 56363599c10..81375220a85 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -42,7 +42,7 @@ $backtopage = GETPOST('backtopage','alpha'); $search_lastname = GETPOST('search_lastname','alpha'); $search_login = GETPOST('search_login','alpha'); $search_email = GETPOST('search_email','alpha'); -$type = GETPOST('type','alpha'); +$type = GETPOST('type','intcomma'); $status = GETPOST('status','alpha'); $limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit; @@ -59,8 +59,8 @@ if (! $sortfield) { $sortfield="d.lastname"; } $label=GETPOST("label","alpha"); $subscription=GETPOST("subscription","int"); $vote=GETPOST("vote","int"); -$comment=GETPOST("comment"); -$mail_valid=GETPOST("mail_valid"); +$comment=GETPOST("comment",'alphanohtml'); +$mail_valid=GETPOST("mail_valid",'none'); // Security check $result=restrictedArea($user,'adherent',$rowid,'adherent_type'); From fc3fcc5455d9a610b85723e89e8be43a41ad1378 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 22 Dec 2018 16:59:30 +0100 Subject: [PATCH 08/18] FIX CVE-2018-19993 --- htdocs/public/notice.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/htdocs/public/notice.php b/htdocs/public/notice.php index 623baa2020a..6a55411ae3b 100644 --- a/htdocs/public/notice.php +++ b/htdocs/public/notice.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2016-2018 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,13 +19,13 @@ * \file htdocs/public/notice.php * \brief Dolibarr page to show a notice. * Default notice is a message to say network connection is off. - * You can also call this page with URL: + * You can also call this page with URL: * /public/notice.php?lang=xx_XX&transkey=translation_key (key must be inside file main.lang, error.lang or other.lang) * /public/notice.php?transphrase=url_encoded_sentence_to_show */ define('NOCSRFCHECK',1); -define('NOLOGIN',1); +define('NOLOGIN',1); require '../main.inc.php'; @@ -34,7 +34,7 @@ require '../main.inc.php'; * View */ -if (! GETPOST('transkey') && ! GETPOST('transphrase')) +if (! GETPOST('transkey','alphanohtml') && ! GETPOST('transphrase','alphanohtml')) { print 'Sorry, it seems your internet connexion is off.
'; print 'You need to be connected to network to use this software.
'; @@ -43,8 +43,8 @@ else { $langs->load("error"); $langs->load("other"); - - if (GETPOST('transphrase')) print GETPOST('transphrase'); - if (GETPOST('transkey')) print $langs->trans(GETPOST('transkey')); + + if (GETPOST('transphrase','alphanohtml')) print GETPOST('transphrase','alphanohtml'); + if (GETPOST('transkey','alphanohtml')) print $langs->trans(GETPOST('transkey','alphanohtml')); } From 850b939ffd2c7a4443649331b923d5e0da2d6446 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 22 Dec 2018 17:03:50 +0100 Subject: [PATCH 09/18] FIX CVE-2018-19994 --- htdocs/product/class/product.class.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index c30376622a4..66f7e288efa 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -859,9 +859,9 @@ class Product extends CommonObject $sql.= ", barcode = ". (empty($this->barcode)?"null":"'".$this->db->escape($this->barcode)."'"); $sql.= ", fk_barcode_type = ". (empty($this->barcode_type)?"null":$this->db->escape($this->barcode_type)); - $sql.= ", tosell = " . $this->status; - $sql.= ", tobuy = " . $this->status_buy; - $sql.= ", tobatch = " . ((empty($this->status_batch) || $this->status_batch < 0) ? '0' : $this->status_batch); + $sql.= ", tosell = " . (int) $this->status; + $sql.= ", tobuy = " . (int) $this->status_buy; + $sql.= ", tobatch = " . ((empty($this->status_batch) || $this->status_batch < 0) ? '0' : (int) $this->status_batch); $sql.= ", finished = " . ((! isset($this->finished) || $this->finished < 0) ? "null" : (int) $this->finished); $sql.= ", weight = " . ($this->weight!='' ? "'".$this->db->escape($this->weight)."'" : 'null'); $sql.= ", weight_units = " . ($this->weight_units!='' ? "'".$this->db->escape($this->weight_units)."'": 'null'); @@ -880,18 +880,18 @@ class Product extends CommonObject $sql.= ", description = '" . $this->db->escape($this->description) ."'"; $sql.= ", url = " . ($this->url?"'".$this->db->escape($this->url)."'":'null'); $sql.= ", customcode = '" . $this->db->escape($this->customcode) ."'"; - $sql.= ", fk_country = " . ($this->country_id > 0 ? $this->country_id : 'null'); + $sql.= ", fk_country = " . ($this->country_id > 0 ? (int) $this->country_id : 'null'); $sql.= ", note = ".(isset($this->note) ? "'" .$this->db->escape($this->note)."'" : 'null'); $sql.= ", duration = '" . $this->db->escape($this->duration_value . $this->duration_unit) ."'"; $sql.= ", accountancy_code_buy = '" . $this->db->escape($this->accountancy_code_buy)."'"; $sql.= ", accountancy_code_sell= '" . $this->db->escape($this->accountancy_code_sell)."'"; $sql.= ", accountancy_code_sell_intra= '" . $this->db->escape($this->accountancy_code_sell_intra)."'"; $sql.= ", accountancy_code_sell_export= '" . $this->db->escape($this->accountancy_code_sell_export)."'"; - $sql.= ", desiredstock = " . ((isset($this->desiredstock) && $this->desiredstock != '') ? $this->desiredstock : "null"); + $sql.= ", desiredstock = " . ((isset($this->desiredstock) && $this->desiredstock != '') ? (int) $this->desiredstock : "null"); $sql.= ", cost_price = " . ($this->cost_price != '' ? $this->db->escape($this->cost_price) : 'null'); - $sql.= ", fk_unit= " . (!$this->fk_unit ? 'NULL' : $this->fk_unit); + $sql.= ", fk_unit= " . ((! $this->fk_unit) ? 'NULL' : (int) $this->fk_unit); $sql.= ", price_autogen = " . (!$this->price_autogen ? 0 : 1); - $sql.= ", fk_price_expression = ".($this->fk_price_expression != 0 ? $this->fk_price_expression : 'NULL'); + $sql.= ", fk_price_expression = ".($this->fk_price_expression != 0 ? (int) $this->fk_price_expression : 'NULL'); $sql.= ", fk_user_modif = ".($user->id > 0 ? $user->id : 'NULL'); // stock field is not here because it is a denormalized value from product_stock. $sql.= " WHERE rowid = " . $id; From 4b8be6ed64763327018ac1c076f81ddffa87855e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 22 Dec 2018 17:08:55 +0100 Subject: [PATCH 10/18] FIX CVE-2018-19995 --- htdocs/user/card.php | 52 ++++++++++++++++++++++---------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/htdocs/user/card.php b/htdocs/user/card.php index b6886d32dbf..6743078c9d2 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -191,31 +191,31 @@ if (empty($reshook)) { $birth = dol_mktime(0, 0, 0, GETPOST('birthmonth'), GETPOST('birthday'), GETPOST('birthyear')); $object->birth = $birth; $object->admin = GETPOST("admin", 'alpha'); - $object->address = GETPOST('address', 'alpha'); - $object->zip = GETPOST('zipcode', 'alpha'); - $object->town = GETPOST('town', 'alpha'); + $object->address = GETPOST('address', 'alphanohtml'); + $object->zip = GETPOST('zipcode', 'alphanohtml'); + $object->town = GETPOST('town', 'alphanohtml'); $object->country_id = GETPOST('country_id', 'int'); $object->state_id = GETPOST('state_id', 'int'); - $object->office_phone = GETPOST("office_phone", 'alpha'); - $object->office_fax = GETPOST("office_fax", 'alpha'); - $object->user_mobile = GETPOST("user_mobile"); - $object->skype = GETPOST("skype", 'alpha'); + $object->office_phone = GETPOST("office_phone", 'alphanohtml'); + $object->office_fax = GETPOST("office_fax", 'alphanohtml'); + $object->user_mobile = GETPOST("user_mobile", 'alphanohtml'); + $object->skype = GETPOST("skype", 'alphanohtml'); $object->email = preg_replace('/\s+/', '', GETPOST("email", 'alpha')); $object->job = GETPOST("job", 'alpha'); - $object->signature = GETPOST("signature"); - $object->accountancy_code = GETPOST("accountancy_code"); - $object->note = GETPOST("note"); - $object->ldap_sid = GETPOST("ldap_sid"); - $object->fk_user = GETPOST("fk_user") > 0 ? GETPOST("fk_user") : 0; - $object->employee = GETPOST('employee'); + $object->signature = GETPOST("signature", 'none'); + $object->accountancy_code = GETPOST("accountancy_code", 'alphanohtml'); + $object->note = GETPOST("note", 'none'); + $object->ldap_sid = GETPOST("ldap_sid", 'alphanohtml'); + $object->fk_user = GETPOST("fk_user", 'int') > 0 ? GETPOST("fk_user", 'int') : 0; + $object->employee = GETPOST('employee', 'alphanohtml'); - $object->thm = GETPOST("thm") != '' ? GETPOST("thm") : ''; - $object->tjm = GETPOST("tjm") != '' ? GETPOST("tjm") : ''; - $object->salary = GETPOST("salary") != '' ? GETPOST("salary") : ''; - $object->salaryextra = GETPOST("salaryextra") != '' ? GETPOST("salaryextra") : ''; - $object->weeklyhours = GETPOST("weeklyhours") != '' ? GETPOST("weeklyhours") : ''; + $object->thm = GETPOST("thm", 'alphanohtml') != '' ? GETPOST("thm", 'alphanohtml') : ''; + $object->tjm = GETPOST("tjm", 'alphanohtml') != '' ? GETPOST("tjm", 'alphanohtml') : ''; + $object->salary = GETPOST("salary", 'alphanohtml') != '' ? GETPOST("salary", 'alphanohtml') : ''; + $object->salaryextra = GETPOST("salaryextra", 'alphanohtml') != '' ? GETPOST("salaryextra", 'alphanohtml') : ''; + $object->weeklyhours = GETPOST("weeklyhours", 'alphanohtml') != '' ? GETPOST("weeklyhours", 'alphanohtml') : ''; - $object->color = GETPOST("color") != '' ? GETPOST("color") : ''; + $object->color = GETPOST("color", 'alphanohtml') != '' ? GETPOST("color", 'alphanohtml') : ''; $dateemployment = dol_mktime(0, 0, 0, GETPOST('dateemploymentmonth'), GETPOST('dateemploymentday'), GETPOST('dateemploymentyear')); $object->dateemployment = $dateemployment; @@ -335,14 +335,14 @@ if (empty($reshook)) { $object->pass = GETPOST("password",'none'); $object->api_key = (GETPOST("api_key", 'alpha')) ? GETPOST("api_key", 'alpha') : $object->api_key; if (! empty($user->admin)) $object->admin = GETPOST("admin"); // admin flag can only be set/unset by an admin user. A test is also done later when forging sql request - $object->address = GETPOST('address', 'alpha'); - $object->zip = GETPOST('zipcode', 'alpha'); - $object->town = GETPOST('town', 'alpha'); + $object->address = GETPOST('address', 'alphanohtml'); + $object->zip = GETPOST('zipcode', 'alphanohtml'); + $object->town = GETPOST('town', 'alphanohtml'); $object->country_id = GETPOST('country_id', 'int'); $object->state_id = GETPOST('state_id', 'int'); - $object->office_phone = GETPOST("office_phone", 'alpha'); - $object->office_fax = GETPOST("office_fax", 'alpha'); - $object->user_mobile = GETPOST("user_mobile"); + $object->office_phone = GETPOST("office_phone", 'alphanohtml'); + $object->office_fax = GETPOST("office_fax", 'alphanohtml'); + $object->user_mobile = GETPOST("user_mobile", 'alphanohtml'); $object->skype = GETPOST("skype", 'alpha'); $object->email = preg_replace('/\s+/', '', GETPOST("email", 'alpha')); $object->job = GETPOST("job", 'alpha'); @@ -350,7 +350,7 @@ if (empty($reshook)) { $object->accountancy_code = GETPOST("accountancy_code",'alpha'); $object->openid = GETPOST("openid",'alpha'); $object->fk_user = GETPOST("fk_user",'int') > 0 ? GETPOST("fk_user",'int') : 0; - $object->employee = GETPOST('employee'); + $object->employee = GETPOST('employee','alphanothtml'); $object->thm = GETPOST("thm",'alphanohtml') != '' ? GETPOST("thm",'alphanohtml') : ''; $object->tjm = GETPOST("tjm",'alphanohtml') != '' ? GETPOST("tjm",'alphanohtml') : ''; From bacd5110fbdc81a35030fdc322775fa15ea85924 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 22 Dec 2018 17:08:55 +0100 Subject: [PATCH 11/18] FIX CVE-2018-19995 and CVE-2018-19998 --- htdocs/user/card.php | 52 ++++++++++++++++++++++---------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/htdocs/user/card.php b/htdocs/user/card.php index b6886d32dbf..6743078c9d2 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -191,31 +191,31 @@ if (empty($reshook)) { $birth = dol_mktime(0, 0, 0, GETPOST('birthmonth'), GETPOST('birthday'), GETPOST('birthyear')); $object->birth = $birth; $object->admin = GETPOST("admin", 'alpha'); - $object->address = GETPOST('address', 'alpha'); - $object->zip = GETPOST('zipcode', 'alpha'); - $object->town = GETPOST('town', 'alpha'); + $object->address = GETPOST('address', 'alphanohtml'); + $object->zip = GETPOST('zipcode', 'alphanohtml'); + $object->town = GETPOST('town', 'alphanohtml'); $object->country_id = GETPOST('country_id', 'int'); $object->state_id = GETPOST('state_id', 'int'); - $object->office_phone = GETPOST("office_phone", 'alpha'); - $object->office_fax = GETPOST("office_fax", 'alpha'); - $object->user_mobile = GETPOST("user_mobile"); - $object->skype = GETPOST("skype", 'alpha'); + $object->office_phone = GETPOST("office_phone", 'alphanohtml'); + $object->office_fax = GETPOST("office_fax", 'alphanohtml'); + $object->user_mobile = GETPOST("user_mobile", 'alphanohtml'); + $object->skype = GETPOST("skype", 'alphanohtml'); $object->email = preg_replace('/\s+/', '', GETPOST("email", 'alpha')); $object->job = GETPOST("job", 'alpha'); - $object->signature = GETPOST("signature"); - $object->accountancy_code = GETPOST("accountancy_code"); - $object->note = GETPOST("note"); - $object->ldap_sid = GETPOST("ldap_sid"); - $object->fk_user = GETPOST("fk_user") > 0 ? GETPOST("fk_user") : 0; - $object->employee = GETPOST('employee'); + $object->signature = GETPOST("signature", 'none'); + $object->accountancy_code = GETPOST("accountancy_code", 'alphanohtml'); + $object->note = GETPOST("note", 'none'); + $object->ldap_sid = GETPOST("ldap_sid", 'alphanohtml'); + $object->fk_user = GETPOST("fk_user", 'int') > 0 ? GETPOST("fk_user", 'int') : 0; + $object->employee = GETPOST('employee', 'alphanohtml'); - $object->thm = GETPOST("thm") != '' ? GETPOST("thm") : ''; - $object->tjm = GETPOST("tjm") != '' ? GETPOST("tjm") : ''; - $object->salary = GETPOST("salary") != '' ? GETPOST("salary") : ''; - $object->salaryextra = GETPOST("salaryextra") != '' ? GETPOST("salaryextra") : ''; - $object->weeklyhours = GETPOST("weeklyhours") != '' ? GETPOST("weeklyhours") : ''; + $object->thm = GETPOST("thm", 'alphanohtml') != '' ? GETPOST("thm", 'alphanohtml') : ''; + $object->tjm = GETPOST("tjm", 'alphanohtml') != '' ? GETPOST("tjm", 'alphanohtml') : ''; + $object->salary = GETPOST("salary", 'alphanohtml') != '' ? GETPOST("salary", 'alphanohtml') : ''; + $object->salaryextra = GETPOST("salaryextra", 'alphanohtml') != '' ? GETPOST("salaryextra", 'alphanohtml') : ''; + $object->weeklyhours = GETPOST("weeklyhours", 'alphanohtml') != '' ? GETPOST("weeklyhours", 'alphanohtml') : ''; - $object->color = GETPOST("color") != '' ? GETPOST("color") : ''; + $object->color = GETPOST("color", 'alphanohtml') != '' ? GETPOST("color", 'alphanohtml') : ''; $dateemployment = dol_mktime(0, 0, 0, GETPOST('dateemploymentmonth'), GETPOST('dateemploymentday'), GETPOST('dateemploymentyear')); $object->dateemployment = $dateemployment; @@ -335,14 +335,14 @@ if (empty($reshook)) { $object->pass = GETPOST("password",'none'); $object->api_key = (GETPOST("api_key", 'alpha')) ? GETPOST("api_key", 'alpha') : $object->api_key; if (! empty($user->admin)) $object->admin = GETPOST("admin"); // admin flag can only be set/unset by an admin user. A test is also done later when forging sql request - $object->address = GETPOST('address', 'alpha'); - $object->zip = GETPOST('zipcode', 'alpha'); - $object->town = GETPOST('town', 'alpha'); + $object->address = GETPOST('address', 'alphanohtml'); + $object->zip = GETPOST('zipcode', 'alphanohtml'); + $object->town = GETPOST('town', 'alphanohtml'); $object->country_id = GETPOST('country_id', 'int'); $object->state_id = GETPOST('state_id', 'int'); - $object->office_phone = GETPOST("office_phone", 'alpha'); - $object->office_fax = GETPOST("office_fax", 'alpha'); - $object->user_mobile = GETPOST("user_mobile"); + $object->office_phone = GETPOST("office_phone", 'alphanohtml'); + $object->office_fax = GETPOST("office_fax", 'alphanohtml'); + $object->user_mobile = GETPOST("user_mobile", 'alphanohtml'); $object->skype = GETPOST("skype", 'alpha'); $object->email = preg_replace('/\s+/', '', GETPOST("email", 'alpha')); $object->job = GETPOST("job", 'alpha'); @@ -350,7 +350,7 @@ if (empty($reshook)) { $object->accountancy_code = GETPOST("accountancy_code",'alpha'); $object->openid = GETPOST("openid",'alpha'); $object->fk_user = GETPOST("fk_user",'int') > 0 ? GETPOST("fk_user",'int') : 0; - $object->employee = GETPOST('employee'); + $object->employee = GETPOST('employee','alphanothtml'); $object->thm = GETPOST("thm",'alphanohtml') != '' ? GETPOST("thm",'alphanohtml') : ''; $object->tjm = GETPOST("tjm",'alphanohtml') != '' ? GETPOST("tjm",'alphanohtml') : ''; From 2b088a73c121a52e006c0d76ea4da7ffeb7b4f4a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 22 Dec 2018 17:16:08 +0100 Subject: [PATCH 12/18] FIX CVE-2018-19998 --- htdocs/user/card.php | 2 +- htdocs/user/class/user.class.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 6743078c9d2..f0b3fb819f2 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -350,7 +350,7 @@ if (empty($reshook)) { $object->accountancy_code = GETPOST("accountancy_code",'alpha'); $object->openid = GETPOST("openid",'alpha'); $object->fk_user = GETPOST("fk_user",'int') > 0 ? GETPOST("fk_user",'int') : 0; - $object->employee = GETPOST('employee','alphanothtml'); + $object->employee = GETPOST('employee','int'); $object->thm = GETPOST("thm",'alphanohtml') != '' ? GETPOST("thm",'alphanohtml') : ''; $object->tjm = GETPOST("tjm",'alphanohtml') != '' ? GETPOST("tjm",'alphanohtml') : ''; diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 161cea20e77..ef2b828f6e5 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -1405,12 +1405,12 @@ class User extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."user SET"; $sql.= " lastname = '".$this->db->escape($this->lastname)."'"; $sql.= ", firstname = '".$this->db->escape($this->firstname)."'"; - $sql.= ", employee = ".$this->employee; + $sql.= ", employee = ".(int) $this->employee; $sql.= ", login = '".$this->db->escape($this->login)."'"; $sql.= ", api_key = ".($this->api_key ? "'".$this->db->escape($this->api_key)."'" : "null"); $sql.= ", gender = ".($this->gender != -1 ? "'".$this->db->escape($this->gender)."'" : "null"); // 'man' or 'woman' $sql.= ", birth=".(strval($this->birth)!='' ? "'".$this->db->idate($this->birth)."'" : 'null'); - if (! empty($user->admin)) $sql.= ", admin = ".$this->admin; // admin flag can be set/unset only by an admin user + if (! empty($user->admin)) $sql.= ", admin = ".(int) $this->admin; // admin flag can be set/unset only by an admin user $sql.= ", address = '".$this->db->escape($this->address)."'"; $sql.= ", zip = '".$this->db->escape($this->zip)."'"; $sql.= ", town = '".$this->db->escape($this->town)."'"; @@ -1502,7 +1502,7 @@ class User extends CommonObject $adh->zip=$this->zip; $adh->state_id=$this->state_id; $adh->country_id=$this->country_id; - + $adh->email=$this->email; $adh->skype=$this->skype; $adh->phone=$this->office_phone; From f8b0e535fae484348da17099e3747b0823ce52f6 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 22 Dec 2018 17:30:22 +0100 Subject: [PATCH 13/18] Code comment --- htdocs/main.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 0e586e6f4a4..ca182c7b337 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -352,7 +352,7 @@ if ((! empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && ($conf->global->MAIN_V // Creation of a token against CSRF vulnerabilities if (! defined('NOTOKENRENEWAL')) { - // roulement des jetons car cree a chaque appel + // Rolling token at each call ($_SESSION['token'] contains token of previous page) if (isset($_SESSION['newtoken'])) $_SESSION['token'] = $_SESSION['newtoken']; // Save in $_SESSION['newtoken'] what will be next token. Into forms, we will add param token = $_SESSION['newtoken'] From b3b7a12a1623dc914f2aaecb39dbfedaecd82108 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 22 Dec 2018 18:56:29 +0100 Subject: [PATCH 14/18] FIX Look and feel v9 --- htdocs/user/hierarchy.php | 36 ++++++++++++++++++++++++++++-------- htdocs/user/list.php | 28 ++++++++++++++-------------- 2 files changed, 42 insertions(+), 22 deletions(-) diff --git a/htdocs/user/hierarchy.php b/htdocs/user/hierarchy.php index 7882bfb24e2..65723b4d65d 100644 --- a/htdocs/user/hierarchy.php +++ b/htdocs/user/hierarchy.php @@ -52,6 +52,10 @@ if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter','a $search_statut=""; } +// Define value to know what current user can do on users +$canadduser=(! empty($user->admin) || $user->rights->user->user->creer); + + /* * View @@ -62,12 +66,7 @@ $form = new Form($db); $arrayofjs=array('/includes/jquery/plugins/jquerytreeview/jquery.treeview.js', '/includes/jquery/plugins/jquerytreeview/lib/jquery.cookie.js'); $arrayofcss=array('/includes/jquery/plugins/jquerytreeview/jquery.treeview.css'); -llxHeader('',$langs->trans("ListOfUsers"). ' ('.$langs->trans("HierarchicView").')','','',0,0,$arrayofjs,$arrayofcss); - -$morehtmlright = ''.$langs->trans("ViewList").''; - -print load_fiche_titre($langs->trans("ListOfUsers"). ' ('.$langs->trans("HierarchicView").')', $morehtmlright); - +llxHeader('',$langs->trans("ListOfUsers"). ' - '.$langs->trans("HierarchicView"),'','',0,0,$arrayofjs,$arrayofcss); // Load hierarchy of users @@ -138,9 +137,30 @@ foreach($fulltree as $key => $val) //var_dump($data); -print '
'."\n"; +$title = $langs->trans("ListOfUsers"). ' - '.$langs->trans("HierarchicView"); -$param="search_statut=".$search_statut; +$param="search_statut=".urlencode($search_statut); + +$newcardbutton=''; +if ($canadduser) +{ + $newcardbutton = ''.$langs->trans('NewUser').''; + $newcardbutton.= ''; + $newcardbutton.= ''; +} + +$morehtmlright = ''.$langs->trans("ViewList").''; + +print load_fiche_titre($title, $morehtmlright.' '.$newcardbutton); + +print ''."\n"; +if ($optioncss != '') print ''; +print ''; +print ''; +print ''; +print ''; +print ''; +print ''; print ''; diff --git a/htdocs/user/list.php b/htdocs/user/list.php index d69dfce5f83..dcede3a5576 100644 --- a/htdocs/user/list.php +++ b/htdocs/user/list.php @@ -266,21 +266,21 @@ if ($num == 1 && ! empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && llxHeader('',$langs->trans("ListOfUsers")); $param=''; -if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.$contextpage; -if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.$limit; +if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.urlencode($contextpage); +if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.urlencode($limit); if ($sall != '') $param.='&sall='.urlencode($sall); -if ($search_user != '') $param.="&search_user=".$search_user; -if ($search_login != '') $param.="&search_login=".$search_login; -if ($search_lastname != '') $param.="&search_lastname=".$search_lastname; -if ($search_firstname != '') $param.="&search_firstname=".$search_firstname; -if ($search_gender != '') $param.="&search_gender=".$search_gender; -if ($search_employee != '') $param.="&search_employee=".$search_employee; -if ($search_accountancy_code != '') $param.="&search_accountancy_code=".$search_accountancy_code; -if ($search_email != '') $param.="&search_email=".$search_email; -if ($search_supervisor > 0) $param.="&search_supervisor=".$search_supervisor; -if ($search_statut != '') $param.="&search_statut=".$search_statut; -if ($optioncss != '') $param.='&optioncss='.$optioncss; -if ($mode != '') $param.='&mode='.$mode; +if ($search_user != '') $param.="&search_user=".urlencode($search_user); +if ($search_login != '') $param.="&search_login=".urlencode($search_login); +if ($search_lastname != '') $param.="&search_lastname=".urlencode($search_lastname); +if ($search_firstname != '') $param.="&search_firstname=".urlencode($search_firstname); +if ($search_gender != '') $param.="&search_gender=".urlencode($search_gender); +if ($search_employee != '') $param.="&search_employee=".urlencode($search_employee); +if ($search_accountancy_code != '') $param.="&search_accountancy_code=".urlencode($search_accountancy_code); +if ($search_email != '') $param.="&search_email=".urlencode($search_email); +if ($search_supervisor > 0) $param.="&search_supervisor=".urlencode($search_supervisor); +if ($search_statut != '') $param.="&search_statut=".urlencode($search_statut); +if ($optioncss != '') $param.='&optioncss='.urlencode($optioncss); +if ($mode != '') $param.='&mode='.urlencode($mode); if ($search_categ > 0) $param.="&search_categ=".urlencode($search_categ); // Add $param from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php'; From 6557dcfb81966c9f497c36d2e60b08f96d501e81 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 23 Dec 2018 00:24:10 +0100 Subject: [PATCH 15/18] CSS --- htdocs/core/class/html.formactions.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.formactions.class.php b/htdocs/core/class/html.formactions.class.php index 0eba0a51e1d..066c2a25a23 100644 --- a/htdocs/core/class/html.formactions.class.php +++ b/htdocs/core/class/html.formactions.class.php @@ -243,7 +243,7 @@ class FormActions print ''; // Ref - print ''; + print ''; // Onwer print ''; + print ''; } print '
'.$ref.''.$ref.''; if (! empty($action->userownerid)) From 7b61fc8fd1319987ece0e1e141ad8705f45cb173 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 23 Dec 2018 14:03:19 +0100 Subject: [PATCH 16/18] Fix setup of dav module --- htdocs/admin/dav.php | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/htdocs/admin/dav.php b/htdocs/admin/dav.php index e882a56e2b8..6f82c4f94a9 100644 --- a/htdocs/admin/dav.php +++ b/htdocs/admin/dav.php @@ -83,7 +83,16 @@ if ($action == 'edit') print '
'; print $form->textwithpicto($langs->trans($key), $langs->trans($key.'Tooltip')); - print '
'; + if ($key == 'DAV_ALLOW_PUBLIC_DIR' || $key == 'DAV_ALLOW_ECM_DIR') + { + print $form->selectyesno($key, $conf->global->$key, 1); + } + else + { + print ''; + } + print '
'; @@ -104,7 +113,16 @@ else { print ''; print $form->textwithpicto($langs->trans($key),$langs->trans($key.'Tooltip')); - print '' . $conf->global->$key . ''; + print ''; + if ($key == 'DAV_ALLOW_PUBLIC_DIR' || $key == 'DAV_ALLOW_ECM_DIR') + { + print yn($conf->global->$key); + } + else + { + print $conf->global->$key; + } + print ''; } print ''; From e7b3c9164586242ef08ab8273a0a53a8b9824ba2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 26 Dec 2018 19:10:22 +0100 Subject: [PATCH 17/18] Fix dump file --- dev/initdemo/mysqldump_dolibarr_9.0.0.sql | 167 ------------------ .../mysql/tables/llx_ticket_msg.key.sql | 2 +- 2 files changed, 1 insertion(+), 168 deletions(-) diff --git a/dev/initdemo/mysqldump_dolibarr_9.0.0.sql b/dev/initdemo/mysqldump_dolibarr_9.0.0.sql index fc2be863791..03017dc1c11 100644 --- a/dev/initdemo/mysqldump_dolibarr_9.0.0.sql +++ b/dev/initdemo/mysqldump_dolibarr_9.0.0.sql @@ -13005,36 +13005,6 @@ INSERT INTO `llx_ticket_extrafields` VALUES (1,'2018-06-04 19:36:42',1,NULL,NULL /*!40000 ALTER TABLE `llx_ticket_extrafields` ENABLE KEYS */; UNLOCK TABLES; --- --- Table structure for table `llx_ticket_logs` --- - -DROP TABLE IF EXISTS `llx_ticket_logs`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `llx_ticket_logs` ( - `rowid` int(11) NOT NULL AUTO_INCREMENT, - `entity` int(11) DEFAULT '1', - `fk_track_id` varchar(128) DEFAULT NULL, - `fk_user_create` int(11) DEFAULT NULL, - `datec` datetime DEFAULT NULL, - `message` text, - PRIMARY KEY (`rowid`), - KEY `fk_ticket_logs_fk_track_id` (`fk_track_id`), - CONSTRAINT `fk_ticket_logs_fk_track_id` FOREIGN KEY (`fk_track_id`) REFERENCES `llx_ticket` (`track_id`) -) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `llx_ticket_logs` --- - -LOCK TABLES `llx_ticket_logs` WRITE; -/*!40000 ALTER TABLE `llx_ticket_logs` DISABLE KEYS */; -INSERT INTO `llx_ticket_logs` VALUES (1,1,'d42iybp7p6d1cvqi',12,'2018-10-01 03:20:18','Ticket read by Alice Adminson'); -/*!40000 ALTER TABLE `llx_ticket_logs` ENABLE KEYS */; -UNLOCK TABLES; - -- -- Table structure for table `llx_ticket_msg` -- @@ -13066,143 +13036,6 @@ INSERT INTO `llx_ticket_msg` VALUES (1,1,'d42iybp7p6d1cvqi',12,'2018-10-01 03:18 /*!40000 ALTER TABLE `llx_ticket_msg` ENABLE KEYS */; UNLOCK TABLES; --- --- Table structure for table `llx_ticketsup` --- - -DROP TABLE IF EXISTS `llx_ticketsup`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `llx_ticketsup` ( - `rowid` int(11) NOT NULL AUTO_INCREMENT, - `entity` int(11) DEFAULT '1', - `ref` varchar(128) NOT NULL, - `track_id` varchar(128) NOT NULL, - `fk_soc` int(11) DEFAULT '0', - `fk_project` int(11) DEFAULT '0', - `origin_email` varchar(128) DEFAULT NULL, - `fk_user_create` int(11) DEFAULT NULL, - `fk_user_assign` int(11) DEFAULT NULL, - `subject` varchar(255) DEFAULT NULL, - `message` text, - `fk_statut` int(11) DEFAULT NULL, - `resolution` int(11) DEFAULT NULL, - `progress` varchar(100) DEFAULT NULL, - `timing` varchar(20) DEFAULT NULL, - `type_code` varchar(32) DEFAULT NULL, - `category_code` varchar(32) DEFAULT NULL, - `severity_code` varchar(32) DEFAULT NULL, - `datec` datetime DEFAULT NULL, - `date_read` datetime DEFAULT NULL, - `date_close` datetime DEFAULT NULL, - `tms` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - `notify_tiers_at_create` int(11) DEFAULT NULL, - PRIMARY KEY (`rowid`), - UNIQUE KEY `uk_ticketsup_track_id` (`track_id`), - KEY `id_ticketsup_track_id` (`track_id`) -) ENGINE=InnoDB AUTO_INCREMENT=27 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `llx_ticketsup` --- - -LOCK TABLES `llx_ticketsup` WRITE; -/*!40000 ALTER TABLE `llx_ticketsup` DISABLE KEYS */; -INSERT INTO `llx_ticketsup` VALUES (16,1,'TS1803-0001','bmhki5neaa7bszvy',64,12,NULL,12,11,'hfghfgbvcbcv','hgfhfghf
\r\ngdgdgdhghfghf',3,NULL,'100','NORMAL','COM','OTHER','NORMAL','2018-03-13 15:19:47','2018-03-18 21:55:12','2018-04-10 18:00:15','2018-05-01 10:32:20',1),(17,1,'TS1803-0002','ltvd8zthmu5b7v42',148,NULL,NULL,12,NULL,'hfghf','jghjhg',6,NULL,'0',NULL,'COM','OTHER','NORMAL','2018-03-16 13:30:33','2018-03-18 22:00:39',NULL,'2018-03-18 18:27:03',1),(20,1,'TS1803-0005','o9997psaapahwrxi',NULL,NULL,NULL,12,NULL,'khjkhj','mmmmm',1,NULL,'0',NULL,'COM','OTHER','NORMAL','2018-03-18 22:55:56','2018-03-19 14:57:36',NULL,'2018-03-19 10:57:36',0),(21,1,'TS1803-0006','hh2ludsvj32lp8sq',NULL,NULL,NULL,12,NULL,'gdfg','gdfgfd',0,NULL,'0',NULL,'COM','OTHER','NORMAL','2018-03-18 22:56:20',NULL,NULL,'2018-03-18 18:56:20',1),(22,1,'TS1803-0007','4e8iy89hes9a5w8d',NULL,NULL,NULL,12,NULL,'ffffffff','fsdf',0,NULL,'0','NORMAL','COM','OTHER','NORMAL','2018-03-18 23:00:41',NULL,NULL,'2018-04-12 19:41:47',1),(23,1,'TS1804-0008','jbm8vxsqw19817fm',79,NULL,'aaa@aaa.com',NULL,NULL,'ssss','mmm',0,NULL,'0',NULL,'COM','OTHER','NORMAL','2018-04-12 23:20:40',NULL,NULL,'2018-04-12 21:20:40',1),(24,1,'TS1804-0009','q32naisayppjgr5b',NULL,NULL,'f@f.com',NULL,NULL,'sss','mmm',0,NULL,'0',NULL,'COM','OTHER','NORMAL','2018-04-12 23:23:34',NULL,NULL,'2018-04-12 21:23:34',1),(25,1,'TS1804-0010','dst5xryjb55jjxs6',NULL,NULL,'f@f.com',NULL,NULL,'sss','mmm',0,NULL,'0',NULL,'COM','OTHER','NORMAL','2018-04-12 23:31:01',NULL,NULL,'2018-04-12 21:31:01',1),(26,1,'TS1804-0011','qh9ar34ut2shp5rq',151,NULL,'testldr6@dolicloud.com',NULL,NULL,'ppppp','gdgdgdfg',0,NULL,'0',NULL,'COM','OTHER','NORMAL','2018-04-19 15:05:23',NULL,NULL,'2018-04-19 13:05:23',1); -/*!40000 ALTER TABLE `llx_ticketsup` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `llx_ticketsup_extrafields` --- - -DROP TABLE IF EXISTS `llx_ticketsup_extrafields`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `llx_ticketsup_extrafields` ( - `rowid` int(11) NOT NULL AUTO_INCREMENT, - `tms` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - `fk_object` int(11) NOT NULL, - `import_key` varchar(14) DEFAULT NULL, - `aaa` varchar(255) DEFAULT NULL, - `listeonly` varchar(255) DEFAULT NULL, - `bbb` varchar(255) DEFAULT NULL, - PRIMARY KEY (`rowid`) -) ENGINE=InnoDB AUTO_INCREMENT=57 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `llx_ticketsup_extrafields` --- - -LOCK TABLES `llx_ticketsup_extrafields` WRITE; -/*!40000 ALTER TABLE `llx_ticketsup_extrafields` DISABLE KEYS */; -INSERT INTO `llx_ticketsup_extrafields` VALUES (15,'2018-04-12 21:20:40',23,NULL,'aaaa',NULL,NULL),(16,'2018-04-12 21:23:34',24,NULL,'aaa',NULL,NULL),(17,'2018-04-12 21:31:01',25,NULL,'aaa',NULL,NULL),(20,'2018-04-13 10:42:15',22,NULL,'fffppgggffooppmmpp',NULL,NULL),(26,'2018-04-19 13:05:23',26,NULL,'aaa',NULL,NULL),(56,'2018-04-30 08:32:50',16,NULL,'ljklj',NULL,NULL); -/*!40000 ALTER TABLE `llx_ticketsup_extrafields` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `llx_ticketsup_logs` --- - -DROP TABLE IF EXISTS `llx_ticketsup_logs`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `llx_ticketsup_logs` ( - `rowid` int(11) NOT NULL AUTO_INCREMENT, - `entity` int(11) DEFAULT '1', - `fk_track_id` varchar(128) DEFAULT NULL, - `fk_user_create` int(11) DEFAULT NULL, - `datec` datetime DEFAULT NULL, - `message` text, - PRIMARY KEY (`rowid`), - KEY `fk_ticketsup_logs_fk_track_id` (`fk_track_id`), - CONSTRAINT `fk_ticketsup_logs_fk_track_id` FOREIGN KEY (`fk_track_id`) REFERENCES `llx_ticketsup` (`track_id`) -) ENGINE=InnoDB AUTO_INCREMENT=82 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `llx_ticketsup_logs` --- - -LOCK TABLES `llx_ticketsup_logs` WRITE; -/*!40000 ALTER TABLE `llx_ticketsup_logs` DISABLE KEYS */; -INSERT INTO `llx_ticketsup_logs` VALUES (14,1,'bmhki5neaa7bszvy',12,'2018-03-16 13:31:15','Change classification : from Other to Other'),(15,1,'bmhki5neaa7bszvy',12,'2018-03-16 13:31:22','Change classification : from Commercial question to Issue or problem'),(16,1,'bmhki5neaa7bszvy',12,'2018-03-18 14:59:27','Ticket assigned to David Doe'),(17,1,'bmhki5neaa7bszvy',12,'2018-03-18 14:59:36','Ticket assigned to hgfhfg hgfh'),(18,1,'bmhki5neaa7bszvy',12,'2018-03-18 14:59:47','Ticket assigned to Sam Scientol'),(19,1,'bmhki5neaa7bszvy',12,'2018-03-18 15:01:20','Ticket assigned to Zack Zeceo'),(20,1,'bmhki5neaa7bszvy',12,'2018-03-18 21:30:49','Ticket read by Alice Adminson'),(22,1,'bmhki5neaa7bszvy',12,'2018-03-18 21:37:42','Status changed : Read to Not read'),(23,1,'bmhki5neaa7bszvy',12,'2018-03-18 21:37:55','Ticket read by Alice Adminson'),(24,1,'bmhki5neaa7bszvy',12,'2018-03-18 21:38:03','Status changed : Read to Not read'),(25,1,'bmhki5neaa7bszvy',12,'2018-03-18 21:38:25','Ticket read by Alice Adminson'),(26,1,'bmhki5neaa7bszvy',12,'2018-03-18 21:38:29','Status changed : Read to Not read'),(27,1,'bmhki5neaa7bszvy',12,'2018-03-18 21:38:45','Ticket read by Alice Adminson'),(28,1,'bmhki5neaa7bszvy',12,'2018-03-18 21:43:30','Status changed : Read to Not read'),(29,1,'bmhki5neaa7bszvy',12,'2018-03-18 21:44:19','Status changed : Not read to Read'),(30,1,'bmhki5neaa7bszvy',12,'2018-03-18 21:44:21','Status changed : Read to Not read'),(31,1,'bmhki5neaa7bszvy',12,'2018-03-18 21:44:25','Ticket read by Alice Adminson'),(32,1,'bmhki5neaa7bszvy',12,'2018-03-18 21:44:29','Status changed : Read to Not read'),(33,1,'bmhki5neaa7bszvy',12,'2018-03-18 21:44:31','Status changed : Not read to Read'),(34,1,'bmhki5neaa7bszvy',12,'2018-03-18 21:44:40','Status changed : Read to Not read'),(35,1,'bmhki5neaa7bszvy',12,'2018-03-18 21:48:06','Ticket read by Alice Adminson'),(36,1,'bmhki5neaa7bszvy',12,'2018-03-18 21:48:10','Status changed : Read to Not read'),(37,1,'bmhki5neaa7bszvy',12,'2018-03-18 21:55:06','Ticket read by Alice Adminson'),(38,1,'bmhki5neaa7bszvy',12,'2018-03-18 21:55:12','Ticket read by Alice Adminson'),(39,1,'ltvd8zthmu5b7v42',12,'2018-03-18 22:00:39','Ticket read by Alice Adminson'),(40,1,'ltvd8zthmu5b7v42',12,'2018-03-18 22:25:01','Status changed : Answered to Assigned'),(41,1,'ltvd8zthmu5b7v42',12,'2018-03-18 22:25:08','Status changed : Assigned to Answered'),(42,1,'ltvd8zthmu5b7v42',12,'2018-03-18 22:25:16','Status changed : Answered to In progress'),(43,1,'ltvd8zthmu5b7v42',12,'2018-03-18 22:27:03','Status changed : In progress to Waiting'),(44,1,'o9997psaapahwrxi',12,'2018-03-19 14:57:35','Ticket read by Alice Adminson'),(45,1,'o9997psaapahwrxi',12,'2018-03-19 14:57:36','Ticket read by Alice Adminson'),(46,1,'bmhki5neaa7bszvy',12,'2018-04-10 17:58:28','Status changed : Lu to En cours'),(47,1,'bmhki5neaa7bszvy',12,'2018-04-10 17:58:44','Ticket clôt par Alice Adminson'),(48,1,'bmhki5neaa7bszvy',12,'2018-04-10 18:00:15','Ticket clôt par Alice Adminson'),(49,1,'bmhki5neaa7bszvy',12,'2018-04-13 12:11:32','Ticket ré-ouvert'),(50,1,'bmhki5neaa7bszvy',12,'2018-04-15 11:45:53','Status changed : assigné to Unread'),(51,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:01:24','Change classification : from to '),(52,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:01:26','Change classification : from to '),(53,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:02:03','Change classification : from to '),(54,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:02:27','Change classification : from to '),(55,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:09:03','Change classification : from to '),(56,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:09:34','Change classification : from to '),(57,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:15:04','Change classification : from to '),(58,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:15:54','Change classification : from to '),(59,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:17:47','Change classification : from to '),(60,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:18:04','Change classification : from to '),(61,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:18:28','Change classification : from to '),(62,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:18:39','Change classification : from to '),(63,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:19:00','Change classification : from to '),(64,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:19:06','Change classification : from to '),(65,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:19:09','Change classification : from to '),(66,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:19:13','Change classification : from to '),(67,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:24:52','Change classification : from to '),(68,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:24:58','Change classification : from to '),(69,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:26:41','Change classification : from to '),(70,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:27:03','Change classification : from to '),(71,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:27:06','Change classification : from to '),(72,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:27:30','Initial message modified \n hgfhfghf\n+ gdgdgd\n'),(73,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:28:13','Initial message modified \n hgfhfghf\n gdgdgd\n'),(74,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:28:28','Initial message modified \n hgfhfghf\n gdgdgd\n'),(75,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:28:47','Initial message modified \n hgfhfghf\n gdgdgd\n'),(76,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:28:55','Initial message modified \n hgfhfghf\n- gdgdgd\n+ gdgdgdhghfghf\n'),(77,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:28:58','Change classification : from to '),(78,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:29:55','Change classification : from to '),(79,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:32:42','Change classification : from to '),(80,1,'bmhki5neaa7bszvy',12,'2018-04-30 10:32:50','Change classification : from to '),(81,1,'bmhki5neaa7bszvy',12,'2018-05-01 12:32:20','Status changed : Unread to Answered'); -/*!40000 ALTER TABLE `llx_ticketsup_logs` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `llx_ticketsup_msg` --- - -DROP TABLE IF EXISTS `llx_ticketsup_msg`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `llx_ticketsup_msg` ( - `rowid` int(11) NOT NULL AUTO_INCREMENT, - `entity` int(11) DEFAULT '1', - `fk_track_id` varchar(128) DEFAULT NULL, - `fk_user_action` int(11) DEFAULT NULL, - `datec` datetime DEFAULT NULL, - `message` text, - `private` int(11) DEFAULT '0', - PRIMARY KEY (`rowid`), - KEY `fk_ticketsup_msg_fk_track_id` (`fk_track_id`), - CONSTRAINT `fk_ticketsup_msg_fk_track_id` FOREIGN KEY (`fk_track_id`) REFERENCES `llx_ticketsup` (`track_id`) -) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `llx_ticketsup_msg` --- - -LOCK TABLES `llx_ticketsup_msg` WRITE; -/*!40000 ALTER TABLE `llx_ticketsup_msg` DISABLE KEYS */; -INSERT INTO `llx_ticketsup_msg` VALUES (1,1,'bmhki5neaa7bszvy',12,'2018-03-16 13:30:57','gdfd',0),(2,1,'ltvd8zthmu5b7v42',12,'2018-03-18 22:24:18','fdsfds',0),(3,1,'ltvd8zthmu5b7v42',12,'2018-03-18 22:24:39','hfghfg',0); -/*!40000 ALTER TABLE `llx_ticketsup_msg` ENABLE KEYS */; -UNLOCK TABLES; - -- -- Table structure for table `llx_tva` -- diff --git a/htdocs/install/mysql/tables/llx_ticket_msg.key.sql b/htdocs/install/mysql/tables/llx_ticket_msg.key.sql index 6998b798c84..f6ff6fc5e88 100755 --- a/htdocs/install/mysql/tables/llx_ticket_msg.key.sql +++ b/htdocs/install/mysql/tables/llx_ticket_msg.key.sql @@ -14,4 +14,4 @@ -- You should have received a copy of the GNU General Public License -- along with this program. If not, see . -ALTER TABLE llx_ticket_msg ADD CONSTRAINT fk_ticket_msg_fk_track_id FOREIGN KEY (fk_track_id) REFERENCES llx_ticket (track_id); +--ALTER TABLE llx_ticket_msg ADD CONSTRAINT fk_ticket_msg_fk_track_id FOREIGN KEY (fk_track_id) REFERENCES llx_ticket (track_id); From def732246db1ff5ac9a04d26a60597fc4d44933a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 26 Dec 2018 19:16:05 +0100 Subject: [PATCH 18/18] Clean dump --- dev/initdemo/mysqldump_dolibarr_9.0.0.sql | 94 ----------------------- dev/initdemo/savedemo.sh | 5 ++ 2 files changed, 5 insertions(+), 94 deletions(-) diff --git a/dev/initdemo/mysqldump_dolibarr_9.0.0.sql b/dev/initdemo/mysqldump_dolibarr_9.0.0.sql index 03017dc1c11..c2fc6e39c9f 100644 --- a/dev/initdemo/mysqldump_dolibarr_9.0.0.sql +++ b/dev/initdemo/mysqldump_dolibarr_9.0.0.sql @@ -4242,100 +4242,6 @@ INSERT INTO `llx_c_ticket_type` VALUES (1,1,'COM','10','Commercial question',1,1 /*!40000 ALTER TABLE `llx_c_ticket_type` ENABLE KEYS */; UNLOCK TABLES; --- --- Table structure for table `llx_c_ticketsup_category` --- - -DROP TABLE IF EXISTS `llx_c_ticketsup_category`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `llx_c_ticketsup_category` ( - `rowid` int(11) NOT NULL AUTO_INCREMENT, - `entity` int(11) DEFAULT '1', - `code` varchar(32) NOT NULL, - `pos` varchar(32) NOT NULL, - `label` varchar(128) NOT NULL, - `active` int(11) DEFAULT '1', - `use_default` int(11) DEFAULT '1', - `description` varchar(255) DEFAULT NULL, - PRIMARY KEY (`rowid`), - UNIQUE KEY `uk_code` (`code`,`entity`) -) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `llx_c_ticketsup_category` --- - -LOCK TABLES `llx_c_ticketsup_category` WRITE; -/*!40000 ALTER TABLE `llx_c_ticketsup_category` DISABLE KEYS */; -INSERT INTO `llx_c_ticketsup_category` VALUES (1,1,'OTHER','10','Other',1,1,NULL); -/*!40000 ALTER TABLE `llx_c_ticketsup_category` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `llx_c_ticketsup_severity` --- - -DROP TABLE IF EXISTS `llx_c_ticketsup_severity`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `llx_c_ticketsup_severity` ( - `rowid` int(11) NOT NULL AUTO_INCREMENT, - `entity` int(11) DEFAULT '1', - `code` varchar(32) NOT NULL, - `pos` varchar(32) NOT NULL, - `label` varchar(128) NOT NULL, - `color` varchar(10) NOT NULL, - `active` int(11) DEFAULT '1', - `use_default` int(11) DEFAULT '1', - `description` varchar(255) DEFAULT NULL, - PRIMARY KEY (`rowid`), - UNIQUE KEY `uk_code` (`code`,`entity`) -) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `llx_c_ticketsup_severity` --- - -LOCK TABLES `llx_c_ticketsup_severity` WRITE; -/*!40000 ALTER TABLE `llx_c_ticketsup_severity` DISABLE KEYS */; -INSERT INTO `llx_c_ticketsup_severity` VALUES (1,1,'LOW','10','Low','',1,0,NULL),(2,1,'NORMAL','20','Normal','',1,1,NULL),(3,1,'HIGH','30','High','',1,0,NULL),(4,1,'BLOCKING','40','Critical / blocking','',1,0,NULL); -/*!40000 ALTER TABLE `llx_c_ticketsup_severity` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `llx_c_ticketsup_type` --- - -DROP TABLE IF EXISTS `llx_c_ticketsup_type`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `llx_c_ticketsup_type` ( - `rowid` int(11) NOT NULL AUTO_INCREMENT, - `entity` int(11) DEFAULT '1', - `code` varchar(32) NOT NULL, - `pos` varchar(32) NOT NULL, - `label` varchar(128) NOT NULL, - `active` int(11) DEFAULT '1', - `use_default` int(11) DEFAULT '1', - `description` varchar(255) DEFAULT NULL, - PRIMARY KEY (`rowid`), - UNIQUE KEY `uk_code` (`code`,`entity`) -) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `llx_c_ticketsup_type` --- - -LOCK TABLES `llx_c_ticketsup_type` WRITE; -/*!40000 ALTER TABLE `llx_c_ticketsup_type` DISABLE KEYS */; -INSERT INTO `llx_c_ticketsup_type` VALUES (1,1,'COM','10','Commercial question',1,1,NULL),(2,1,'ISSUE','20','Issue or problem',1,0,NULL),(3,1,'REQUEST','25','Change or enhancement request',1,0,NULL),(4,1,'PROJECT','30','Project',1,0,NULL),(5,1,'OTHER','40','Other',1,0,NULL); -/*!40000 ALTER TABLE `llx_c_ticketsup_type` ENABLE KEYS */; -UNLOCK TABLES; - -- -- Table structure for table `llx_c_tva` -- diff --git a/dev/initdemo/savedemo.sh b/dev/initdemo/savedemo.sh index e94169ff155..1e051b4cded 100755 --- a/dev/initdemo/savedemo.sh +++ b/dev/initdemo/savedemo.sh @@ -191,6 +191,9 @@ export list=" --ignore-table=$base.llx_c_dolicloud_plans --ignore-table=$base.llx_c_pays --ignore-table=$base.llx_c_source + --ignore-table=$base.llx_c_ticketsup_category + --ignore-table=$base.llx_c_ticketsup_severity + --ignore-table=$base.llx_c_ticketsup_type --ignore-table=$base.llx_cabinetmed_c_banques --ignore-table=$base.llx_cabinetmed_c_ccam --ignore-table=$base.llx_cabinetmed_c_examconclusion @@ -248,6 +251,8 @@ export list=" --ignore-table=$base.llx_residence --ignore-table=$base.llx_residence_building --ignore-table=$base.llx_residence_building_links + --ignore-table=$base.llx_societe_rib2 + --ignore-table=$base.llx_ticketsup --ignore-table=$base.llx_ultimatepdf --ignore-table=$base.llx_update_modules --ignore-table=$base.llx_ventilation_achat