From 536e99e3c9e3156db98e825384d4793488d9fa84 Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Thu, 19 Sep 2019 09:59:05 +0200 Subject: [PATCH 1/7] fix regex main.inc.php fatal --- htdocs/main.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 14b1d581986..00110bbe456 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -133,7 +133,7 @@ function testSqlAndScriptInject($val, $type) $inj += preg_match('/onmouse([a-z]*)\s*=/i', $val); // onmousexxx can be set on img or any html tag like $inj += preg_match('/ondrag([a-z]*)\s*=/i', $val); // $inj += preg_match('/ontouch([a-z]*)\s*=/i', $val); // - $inj += preg_match('/on(abort|afterprint[beforeprint|beforeunload|blur|canplay|canplaythrough|change|click|contextmenu|copy|cut)\s*=/i', $val); + $inj += preg_match('/on(abort|afterprint[beforeprint|beforeunload|blur|canplay|canplaythrough|change|click|contextmenu|copy|cut])\s*=/i', $val); $inj += preg_match('/on(dblclick|drop|durationchange|ended|error|focus|focusin|focusout|hashchange|input|invalid)\s*=/i', $val); $inj += preg_match('/on(keydown|keypress|keyup|load|loadeddata|loadedmetadata|loadstart|offline|online|pagehide|pageshow)\s*=/i', $val); $inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|resize|reset|scroll|search|seeking|select|show|stalled|submit|suspend)\s*=/i', $val); From 3b555797d1e36b0d8a17f93d1cc701c843537df9 Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Thu, 19 Sep 2019 12:32:26 +0200 Subject: [PATCH 2/7] fix regex --- htdocs/main.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 00110bbe456..abd07908641 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -133,7 +133,7 @@ function testSqlAndScriptInject($val, $type) $inj += preg_match('/onmouse([a-z]*)\s*=/i', $val); // onmousexxx can be set on img or any html tag like $inj += preg_match('/ondrag([a-z]*)\s*=/i', $val); // $inj += preg_match('/ontouch([a-z]*)\s*=/i', $val); // - $inj += preg_match('/on(abort|afterprint[beforeprint|beforeunload|blur|canplay|canplaythrough|change|click|contextmenu|copy|cut])\s*=/i', $val); + $inj += preg_match('/on(abort|afterprint|beforeprint|beforeunload|blur|canplay|canplaythrough|change|click|contextmenu|copy|cut)\s*=/i', $val); $inj += preg_match('/on(dblclick|drop|durationchange|ended|error|focus|focusin|focusout|hashchange|input|invalid)\s*=/i', $val); $inj += preg_match('/on(keydown|keypress|keyup|load|loadeddata|loadedmetadata|loadstart|offline|online|pagehide|pageshow)\s*=/i', $val); $inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|resize|reset|scroll|search|seeking|select|show|stalled|submit|suspend)\s*=/i', $val); From 575e4d11d0e48efc44baef1f4901526f007bdb04 Mon Sep 17 00:00:00 2001 From: gauthier Date: Thu, 19 Sep 2019 17:28:41 +0200 Subject: [PATCH 3/7] FIX : wrong test --- htdocs/compta/paiement_charge.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/paiement_charge.php b/htdocs/compta/paiement_charge.php index fba8723d818..018f3aafaf1 100644 --- a/htdocs/compta/paiement_charge.php +++ b/htdocs/compta/paiement_charge.php @@ -71,7 +71,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm=='yes $error++; $action = 'create'; } - if (! empty($conf->banque->enabled) && ! $_POST["accountid"] > 0) + if (! empty($conf->banque->enabled) && $_POST["accountid"] <= 0) { setEventMessages($langs->trans("ErrorFieldRequired",$langs->transnoentities("AccountToCredit")), null, 'errors'); $error++; From 26cd418320efd5d79f2e1719e797ef76905a2e1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 24 Sep 2019 10:28:27 +0200 Subject: [PATCH 4/7] Update price_parser.class.php --- htdocs/product/dynamic_price/class/price_parser.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/dynamic_price/class/price_parser.class.php b/htdocs/product/dynamic_price/class/price_parser.class.php index 1dd98c6610e..9ab7285f8f7 100644 --- a/htdocs/product/dynamic_price/class/price_parser.class.php +++ b/htdocs/product/dynamic_price/class/price_parser.class.php @@ -104,7 +104,7 @@ class PriceParser { return $langs->trans("ErrorPriceExpression".$code); } - else if (in_array($code, array(1, 2, 3, 4, 5, 8, 10, 11, 17, 21, 22))) //Errors which have 1 arg + else if (in_array($code, array(1, 2, 3, 4, 5, 8, 10, 11, 17, 21, 22, 24))) //Errors which have 1 arg { return $langs->trans("ErrorPriceExpression".$code, $info); } From ba1275332d17378067a966097eb3b6d23c8ce6e2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 25 Sep 2019 13:03:43 +0200 Subject: [PATCH 5/7] Fix thousand separator for fr_NC --- htdocs/langs/fr_NC/main.lang | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/langs/fr_NC/main.lang b/htdocs/langs/fr_NC/main.lang index 23b739d83e5..c2d48114259 100644 --- a/htdocs/langs/fr_NC/main.lang +++ b/htdocs/langs/fr_NC/main.lang @@ -3,7 +3,7 @@ DIRECTION=ltr FONTFORPDF=helvetica FONTSIZEFORPDF=10 SeparatorDecimal=, -SeparatorThousand=None +SeparatorThousand=Space FormatDateShort=%d/%m/%Y FormatDateShortInput=%d/%m/%Y FormatDateShortJava=dd/MM/yyyy From 13f5decdf7be8ba41b94377aea99bf2078272660 Mon Sep 17 00:00:00 2001 From: Marc de Lima Lucio Date: Fri, 27 Sep 2019 11:00:17 +0200 Subject: [PATCH 6/7] FIX: shipping card: missing user error messages when classifying closed or billed --- htdocs/expedition/card.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index ed6b0227f91..c8ebeb5be57 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -552,6 +552,7 @@ if (empty($reshook)) header('Location: ' . $_SERVER["PHP_SELF"] . '?id=' . $object->id); exit(); } + setEventMessages($object->error, $object->errors, 'errors'); } elseif ($action == 'classifyclosed') @@ -562,6 +563,7 @@ if (empty($reshook)) header('Location: ' . $_SERVER["PHP_SELF"] . '?id=' . $object->id); exit(); } + setEventMessages($object->error, $object->errors, 'errors'); } /* From 99cfea1ff44bade26762502cff194d06c5450dee Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 27 Sep 2019 11:34:50 +0200 Subject: [PATCH 7/7] Update paiement_charge.php --- htdocs/compta/paiement_charge.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/paiement_charge.php b/htdocs/compta/paiement_charge.php index 018f3aafaf1..bec0e7fba47 100644 --- a/htdocs/compta/paiement_charge.php +++ b/htdocs/compta/paiement_charge.php @@ -71,7 +71,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm=='yes $error++; $action = 'create'; } - if (! empty($conf->banque->enabled) && $_POST["accountid"] <= 0) + if (! empty($conf->banque->enabled) && ! ($_POST["accountid"] > 0)) { setEventMessages($langs->trans("ErrorFieldRequired",$langs->transnoentities("AccountToCredit")), null, 'errors'); $error++;