diff --git a/SECURITY.md b/SECURITY.md index 8ef569d6da0..bcc1bd7d9e0 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -49,7 +49,7 @@ You must not leak, manipulate, or destroy any user data of third parties to find ## Scope for qualified vulnerabilities -ONLY vulnerabilities discovered, when the following setup on test platform is used, are "validated": +ONLY vulnerabilities discovered, when the following setup on test platform is used, are "valid": * $dolibarr_main_prod must be set to 1 into conf.php * $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value) @@ -57,7 +57,7 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us * The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be set to 1 soon by default) * The module DebugBar must NOT be enabled (by default, this module is not enabled. This is a developer tool) * The module ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool) -* ONLY security reports on modules provided by default and with the "stable" status are allowed (troubles into "experimental", "developement" or external modules are not valid vulnerabilities). +* ONLY security reports on modules provided by default and with the "stable" status are valid (troubles into "experimental", "developement" or external modules are not valid vulnerabilities). * The root of web server must link to htdocs and the documents directory must be outside of the web server root (this is the default when using the default installer but may differs with external installer). * The web server setup must be done so only the documents directory is in write mode. The root directory called htdocs must be readonly. * CSRF attacks are accepted for all when using a POST URL, but when using GET URL, they are validated only for creating or updating data resctricted to the admin user. diff --git a/htdocs/admin/ihm.php b/htdocs/admin/ihm.php index ad2cd408471..bebb9f7d0bd 100644 --- a/htdocs/admin/ihm.php +++ b/htdocs/admin/ihm.php @@ -156,7 +156,8 @@ if ($action == 'update') dolibarr_set_const($db, "MAIN_SIZE_SHORTLIST_LIMIT", GETPOST("main_size_shortliste_limit", 'int'), 'chaine', 0, '', $conf->entity); //dolibarr_set_const($db, "MAIN_DISABLE_JAVASCRIPT", GETPOST("MAIN_DISABLE_JAVASCRIPT", 'aZ09'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_BUTTON_HIDE_UNAUTHORIZED", GETPOST("MAIN_BUTTON_HIDE_UNAUTHORIZED", 'aZ09'), 'chaine', 0, '', $conf->entity); + //dolibarr_set_const($db, "MAIN_BUTTON_HIDE_UNAUTHORIZED", GETPOST("MAIN_BUTTON_HIDE_UNAUTHORIZED", 'aZ09'), 'chaine', 0, '', $conf->entity); + //dolibarr_set_const($db, "MAIN_MENU_HIDE_UNAUTHORIZED", GETPOST("MAIN_MENU_HIDE_UNAUTHORIZED", 'aZ09'), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_START_WEEK", GETPOST("MAIN_START_WEEK", 'int'), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_DEFAULT_WORKING_DAYS", GETPOST("MAIN_DEFAULT_WORKING_DAYS", 'alphanohtml'), 'chaine', 0, '', $conf->entity); @@ -241,30 +242,33 @@ print ''; clearstatcache(); print '
'; +print '
'; print ''; print ''; print ''; // Default language -print ''; print ''; // Multilingual GUI -print ''; print ''; print '
'.img_picto('', 'language').' '.$langs->trans("Language").'
'.$langs->trans("DefaultLanguage").''; +print '
'.$langs->trans("DefaultLanguage").''; print $formadmin->select_language($conf->global->MAIN_LANG_DEFAULT, 'MAIN_LANG_DEFAULT', 1, null, '', 0, 0, 'minwidth300', 2); print ''; print '
'.$langs->trans("EnableMultilangInterface").''; +print '
'.$langs->trans("EnableMultilangInterface").''; print ajax_constantonoff("MAIN_MULTILANGS", array(), $conf->entity, 0, 0, 1, 0); print '

'."\n"; +print '
'; // Themes and themes options showSkins(null, 1); print '
'; // Other +print '
'; print ''; print ''; print ''; */ // First day for weeks -print ''; print ''; print ''; // DefaultWorkingDays -print ''; print ''; print ''; // DefaultWorkingHours -print ''; print ''; print ''; // Firstname/Name -print ''; print ''; print ''; +// Hide unauthorized menus +print ''; +print ''; +print ''; + // Hide unauthorized button -print ''; print ''; print ''; @@ -337,7 +350,7 @@ print ''; // Hide version link /* -print ''; print ''; @@ -345,7 +358,7 @@ print ''; */ // Show bugtrack link -print ''; @@ -354,7 +367,7 @@ print ''; // Hide wiki link on login page $pictohelp = ''; -print ''; @@ -365,7 +378,7 @@ print ''; $substitutionarray = getCommonSubstitutionArray($langs, 0, array('object', 'objectamount')); complete_substitutions_array($substitutionarray, $langs); -print ''."\n"; print '
'.$langs->trans("Miscellaneous").' '; @@ -299,37 +303,46 @@ print '
'.$langs->trans("WeekStartOnDay").''; +print '
'.$langs->trans("WeekStartOnDay").''; print $formother->select_dayofweek((isset($conf->global->MAIN_START_WEEK) ? $conf->global->MAIN_START_WEEK : '1'), 'MAIN_START_WEEK', 0); print ' 
'.$langs->trans("DefaultWorkingDays").''; +print '
'.$langs->trans("DefaultWorkingDays").''; print ''; print ' 
'.$langs->trans("DefaultWorkingHours").''; +print '
'.$langs->trans("DefaultWorkingHours").''; print ''; print ' 
'.$langs->trans("FirstnameNamePosition").''; +print '
'.$langs->trans("FirstnameNamePosition").''; $array = array(0=>$langs->trans("Firstname").' '.$langs->trans("Lastname"), 1=>$langs->trans("Lastname").' '.$langs->trans("Firstname")); print $form->selectarray('MAIN_FIRSTNAME_NAME_POSITION', $array, (isset($conf->global->MAIN_FIRSTNAME_NAME_POSITION) ? $conf->global->MAIN_FIRSTNAME_NAME_POSITION : 0)); print ' 
'.$langs->trans("HideUnauthorizedMenu").''; +//print $form->selectyesno('MAIN_MENU_HIDE_UNAUTHORIZED', isset($conf->global->MAIN_MENU_HIDE_UNAUTHORIZED) ? $conf->global->MAIN_MENU_HIDE_UNAUTHORIZED : 0, 1); +print ajax_constantonoff("MAIN_MENU_HIDE_UNAUTHORIZED", array(), $conf->entity, 0, 0, 1, 0); +print ' 
'.$langs->trans("ButtonHideUnauthorized").''; -print $form->selectyesno('MAIN_BUTTON_HIDE_UNAUTHORIZED', isset($conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED) ? $conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED : 0, 1); +print '
'.$langs->trans("ButtonHideUnauthorized").''; +//print $form->selectyesno('MAIN_BUTTON_HIDE_UNAUTHORIZED', isset($conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED) ? $conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED : 0, 1); +print ajax_constantonoff("MAIN_BUTTON_HIDE_UNAUTHORIZED", array(), $conf->entity, 0, 0, 1, 0); print ' 
'.$langs->trans("HideVersionLink").''; +print '
'.$langs->trans("HideVersionLink").''; print $form->selectyesno('MAIN_HIDE_VERSION',$conf->global->MAIN_HIDE_VERSION,1); print ' 
'.$langs->trans("ShowBugTrackLink", $langs->transnoentitiesnoconv("FindBug")).''; +print '
'.$langs->trans("ShowBugTrackLink", $langs->transnoentitiesnoconv("FindBug")).''; print ajax_constantonoff("MAIN_BUGTRACK_ENABLELINK", array(), $conf->entity, 0, 0, 1, 0); //print $form->selectyesno('MAIN_BUGTRACK_ENABLELINK', $conf->global->MAIN_BUGTRACK_ENABLELINK, 1); print '
'.$langs->trans("DisableLinkToHelp", $pictohelp).''; +print '
'.str_replace('{picto}', $pictohelp, $langs->trans("DisableLinkToHelp", '{picto}')).''; print ajax_constantonoff("MAIN_HELP_DISABLELINK", array(), $conf->entity, 0, 0, 1, 0); //print $form->selectyesno('MAIN_HELP_DISABLELINK', isset($conf->global->MAIN_HELP_DISABLELINK) ? $conf->global->MAIN_HELP_DISABLELINK : 0, 1); print '
'; +print '
'; $texthelp = $langs->trans("FollowingConstantsWillBeSubstituted").'
'; foreach ($substitutionarray as $key => $val) { @@ -381,18 +394,19 @@ $doleditor->Create(); print '
'."\n"; +print '
'; print '
'; // Other print '
'; print ''; -print ''; +print ''; print ''; print ''; // Hide helpcenter link on login page -print ''; print ''; diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index 83b3c0514aa..f5822669bba 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -518,7 +518,7 @@ if (!empty($conf->use_javascript_ajax)) // If javascript on } // Birthdays - $s .= '
'.$langs->trans("AgendaShowBirthdayEvents").'  
'; + $s .= '
 
'; // Calendars from hooks $parameters = array(); $object = null; diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 5b8c708b1b2..00c74544d17 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -967,7 +967,7 @@ while ($i < min($num, $limit)) if (!empty($conf->socialnetworks->enabled)) { foreach ($socialnetworks as $key => $value) { if ($value['active'] && !empty($arrayfields['p.'.$key]['checked'])) { - print ''; + print ''; if (!$i) $totalarray['nbfield']++; } } diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index dec15e4db83..f34f39740bd 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -816,9 +816,10 @@ abstract class CommonObject $outsocialnetwork = ''; if (is_array($this->socialnetworks) && count($this->socialnetworks) > 0) { + $socialnetworksdict = getArrayOfSocialNetworks(); foreach ($this->socialnetworks as $key => $value) { if ($value) { - $outsocialnetwork .= dol_print_socialnetworks($value, $this->id, $object->id, $key); + $outsocialnetwork .= dol_print_socialnetworks($value, $this->id, $object->id, $key, $socialnetworksdict); } $outdone++; } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 8b9edcd89ba..23c8d559e8a 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -2440,13 +2440,14 @@ function getArrayOfSocialNetworks() /** * Show social network link * - * @param string $value Skype to show (only skype, without 'Name of recipient' before) - * @param int $cid Id of contact if known - * @param int $socid Id of third party if known - * @param string $type 'skype','facebook',... - * @return string HTML Link + * @param string $value Skype to show (only skype, without 'Name of recipient' before) + * @param int $cid Id of contact if known + * @param int $socid Id of third party if known + * @param string $type 'skype','facebook',... + * @param array $dictsocialnetworks socialnetworks availables + * @return string HTML Link */ -function dol_print_socialnetworks($value, $cid, $socid, $type) +function dol_print_socialnetworks($value, $cid, $socid, $type, $dictsocialnetworks = array()) { global $conf, $user, $langs; @@ -2454,13 +2455,11 @@ function dol_print_socialnetworks($value, $cid, $socid, $type) if (empty($value)) return ' '; - if (!empty($type)) - { + if (!empty($type)) { $htmllink = '
'; - $htmllink .= img_picto($langs->trans(strtoupper($type)), $type.'.png', '', false, 0, 0, '', 'paddingright', 0); - $htmllink .= $value; - if ($type == 'skype') - { + $htmllink .= img_picto($langs->trans(dol_ucfirst($type)), $type.'.png', '', false, 0, 0, '', 'paddingright', 0); + if ($type == 'skype') { + $htmllink .= $value; $htmllink .= ' '; $htmllink .= ''; $htmllink .= ''; $htmllink .= ''; - } - if (($cid || $socid) && !empty($conf->agenda->enabled) && $user->rights->agenda->myactions->create && $type == 'skype') - { - $addlink = 'AC_SKYPE'; - $link = ''; - if (!empty($conf->global->AGENDA_ADDACTIONFORSKYPE)) $link = ''.img_object($langs->trans("AddAction"), "calendar").''; - $htmllink .= ($link ? ' '.$link : ''); + if (($cid || $socid) && !empty($conf->agenda->enabled) && $user->rights->agenda->myactions->create) { + $addlink = 'AC_SKYPE'; + $link = ''; + if (!empty($conf->global->AGENDA_ADDACTIONFORSKYPE)) $link = ''.img_object($langs->trans("AddAction"), "calendar").''; + $htmllink .= ($link ? ' '.$link : ''); + } + } else { + if (!empty($dictsocialnetworks[$type]['url'])) { + $link = str_replace('{socialid}', $value, $dictsocialnetworks[$type]['url']); + $htmllink .= ' '.$value.''; + } else { + $htmllink .= $value; + } } $htmllink .= '
'; } else { diff --git a/htdocs/core/lib/usergroups.lib.php b/htdocs/core/lib/usergroups.lib.php index 9277ebbd81b..913112e04e6 100644 --- a/htdocs/core/lib/usergroups.lib.php +++ b/htdocs/core/lib/usergroups.lib.php @@ -315,6 +315,7 @@ function showSkins($fuser, $edit = 0, $foruserprofile = false) if ($foruserprofile) $colspan = 4; $thumbsbyrow = 6; + print '
'; print '
'.$langs->trans("LoginPage").'
'.$langs->trans("LoginPage").' 
'.$langs->trans("DisableLinkToHelpCenter").''; +print '
'.$langs->trans("DisableLinkToHelpCenter").''; print ajax_constantonoff("MAIN_HELPCENTER_DISABLELINK", array(), $conf->entity, 0, 0, 0, 0); print ' '.dol_print_socialnetworks($arraysocialnetworks[$key], $obj->rowid, $obj->socid, $key).''.dol_print_socialnetworks($arraysocialnetworks[$key], $obj->rowid, $obj->socid, $key, $socialnetworks).'
'; // Title @@ -911,4 +912,5 @@ function showSkins($fuser, $edit = 0, $foruserprofile = false) } else { } print '
'; + print '
'; } diff --git a/htdocs/core/tpl/login.tpl.php b/htdocs/core/tpl/login.tpl.php index bf0e4f57743..2d0b9ad57c1 100644 --- a/htdocs/core/tpl/login.tpl.php +++ b/htdocs/core/tpl/login.tpl.php @@ -149,8 +149,7 @@ if ($disablenofollow) echo '';
global->MAIN_OPTIMIZEFORTEXTBROWSER)) { ?> - - + " name="username" class="flat input-icon-user minwidth150" value="" tabindex="1" autofocus="autofocus" />
@@ -160,8 +159,7 @@ if ($disablenofollow) echo '';
global->MAIN_OPTIMIZEFORTEXTBROWSER)) { ?> - - + " name="password" class="flat input-icon-password minwidth150" type="password" value="" tabindex="2" autocomplete="global->MAIN_LOGIN_ENABLE_PASSWORD_AUTOCOMPLETE) ? 'off' : 'on'; ?>" />
@@ -190,19 +188,16 @@ if ($captcha) { ?>
-
+
- - - - - - -
diff --git a/htdocs/core/tpl/passwordforgotten.tpl.php b/htdocs/core/tpl/passwordforgotten.tpl.php index d7d7e2f7ef3..f11e01c7d13 100644 --- a/htdocs/core/tpl/passwordforgotten.tpl.php +++ b/htdocs/core/tpl/passwordforgotten.tpl.php @@ -107,8 +107,7 @@ if ($disablenofollow) echo '';
- - + " id="username" name="username" class="flat input-icon-user minwidth150" value="" tabindex="1" />
@@ -135,22 +134,20 @@ if (!empty($morelogincontent)) { $php_self = preg_replace('/[&\?]time=(\d+)/', '', $php_self); // Remove param time if (preg_match('/\?/', $php_self)) $php_self .= '&time='.dol_print_date(dol_now(), 'dayhourlog'); else $php_self .= '?time='.dol_print_date(dol_now(), 'dayhourlog'); + // TODO: provide accessible captcha variants ?>
-
+
- - - - - -
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index b0a302fb80e..00b7014eb71 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -406,7 +406,7 @@ UrlGenerationParameters=Parameters to secure URLs SecurityTokenIsUnique=Use a unique securekey parameter for each URL EnterRefToBuildUrl=Enter reference for object %s GetSecuredUrl=Get calculated URL -ButtonHideUnauthorized=Hide buttons for non-admin users for unauthorized actions instead of showing greyed disabled buttons +ButtonHideUnauthorized=Hide unauthorized action buttons also for internal users (just greyed otherwise) OldVATRates=Old VAT rate NewVATRates=New VAT rate PriceBaseTypeToChange=Modify on prices with base reference value defined on @@ -1689,7 +1689,7 @@ NotTopTreeMenuPersonalized=Personalized menus not linked to a top menu entry NewMenu=New menu MenuHandler=Menu handler MenuModule=Source module -HideUnauthorizedMenu= Hide unauthorized menus (gray) +HideUnauthorizedMenu=Hide unauthorized menus also for internal users (just greyed otherwise) DetailId=Id menu DetailMenuHandler=Menu handler where to show new menu DetailMenuModule=Module name if menu entry come from a module diff --git a/htdocs/mrp/class/api_mos.class.php b/htdocs/mrp/class/api_mos.class.php index 1d37e73adad..281ec0fb731 100644 --- a/htdocs/mrp/class/api_mos.class.php +++ b/htdocs/mrp/class/api_mos.class.php @@ -107,32 +107,43 @@ class Mos extends DolibarrApi // If the internal user must only see his customers, force searching by him $search_sale = 0; - if ($restrictonsocid && !DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) $search_sale = DolibarrApiAccess::$user->id; + if ($restrictonsocid && !DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) { + $search_sale = DolibarrApiAccess::$user->id; + } $sql = "SELECT t.rowid"; - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) + if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { + $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) + } $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." as t"; - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale + if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { + $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale + } $sql .= " WHERE 1 = 1"; // Example of use $mode //if ($mode == 1) $sql.= " AND s.client IN (1, 3)"; //if ($mode == 2) $sql.= " AND s.client IN (2, 3)"; - if ($tmpobject->ismultientitymanaged) $sql .= ' AND t.entity IN ('.getEntity($tmpobject->element).')'; - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= " AND t.fk_soc = sc.fk_soc"; - if ($restrictonsocid && $socid) $sql .= " AND t.fk_soc = ".$socid; - if ($restrictonsocid && $search_sale > 0) $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale + if ($tmpobject->ismultientitymanaged) { + $sql .= ' AND t.entity IN ('.getEntity($tmpobject->element).')'; + } + if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { + $sql .= " AND t.fk_soc = sc.fk_soc"; + } + if ($restrictonsocid && $socid) { + $sql .= " AND t.fk_soc = ".$socid; + } + if ($restrictonsocid && $search_sale > 0) { + $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale + } // Insert sale filter - if ($restrictonsocid && $search_sale > 0) - { + if ($restrictonsocid && $search_sale > 0) { $sql .= " AND sc.fk_user = ".$search_sale; } - if ($sqlfilters) - { - if (!DolibarrApi::_checkFilters($sqlfilters)) - { + if ($sqlfilters) { + if (!DolibarrApi::_checkFilters($sqlfilters)) { throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); } $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; @@ -141,8 +152,7 @@ class Mos extends DolibarrApi $sql .= $this->db->order($sortfield, $sortorder); if ($limit) { - if ($page < 0) - { + if ($page < 0) { $page = 0; } $offset = $limit * $page; @@ -151,12 +161,10 @@ class Mos extends DolibarrApi } $result = $this->db->query($sql); - if ($result) - { + if ($result) { $num = $this->db->num_rows($result); $i = 0; - while ($i < $num) - { + while ($i < $num) { $obj = $this->db->fetch_object($result); $tmp_object = new Mo($this->db); if ($tmp_object->fetch($obj->rowid)) { @@ -164,8 +172,7 @@ class Mos extends DolibarrApi } $i++; } - } - else { + } else { throw new RestException(503, 'Error when retrieve MO list'); } if (!count($obj_ret)) { @@ -221,11 +228,13 @@ class Mos extends DolibarrApi } foreach ($request_data as $field => $value) { - if ($field == 'id') continue; + if ($field == 'id') { + continue; + } $this->mo->$field = $value; } - if ($this->mo->update($id, DolibarrApiAccess::$user) > 0) { + if ($this->mo->update(DolibarrApiAccess::$user) > 0) { return $this->get($id); } else { throw new RestException(500, $this->mo->error); @@ -252,8 +261,7 @@ class Mos extends DolibarrApi throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); } - if (!$this->mo->delete(DolibarrApiAccess::$user)) - { + if (!$this->mo->delete(DolibarrApiAccess::$user)) { throw new RestException(500, 'Error when deleting MO : '.$this->mo->error); } @@ -317,8 +325,7 @@ class Mos extends DolibarrApi // If object has lines, remove $db property if (isset($object->lines) && is_array($object->lines) && count($object->lines) > 0) { $nboflines = count($object->lines); - for ($i = 0; $i < $nboflines; $i++) - { + for ($i = 0; $i < $nboflines; $i++) { $this->_cleanObjectDatas($object->lines[$i]); unset($object->lines[$i]->lines); @@ -341,9 +348,12 @@ class Mos extends DolibarrApi { $myobject = array(); foreach ($this->mo->fields as $field => $propfield) { - if (in_array($field, array('rowid', 'entity', 'date_creation', 'tms', 'fk_user_creat')) || $propfield['notnull'] != 1) continue; // Not a mandatory field - if (!isset($data[$field])) + if (in_array($field, array('rowid', 'entity', 'date_creation', 'tms', 'fk_user_creat')) || $propfield['notnull'] != 1) { + continue; // Not a mandatory field + } + if (!isset($data[$field])) { throw new RestException(400, "$field field missing"); + } $myobject[$field] = $data[$field]; } return $myobject; diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index a0203c24cf1..1b104ce95dd 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -1220,6 +1220,7 @@ table[summary="list_of_modules"] .fa-cog { .width50 { width: 50px; } .width75 { width: 75px; } .width100 { width: 100px; } +.width125 { width: 125px; } .width150 { width: 150px; } .width200 { width: 200px; } .maxwidth25 { max-width: 25px; } diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index 4f85b78a872..ad0b03366db 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -1213,6 +1213,7 @@ table[summary="list_of_modules"] .fa-cog { .width50 { width: 50px; } .width75 { width: 75px; } .width100 { width: 100px; } +.width125 { width: 125px; } .width150 { width: 150px; } .width200 { width: 200px; } .maxwidth25 { max-width: 25px; } diff --git a/htdocs/webservices/admin/index.php b/htdocs/webservices/admin/index.php index 015551693bd..2c14d2d07f5 100644 --- a/htdocs/webservices/admin/index.php +++ b/htdocs/webservices/admin/index.php @@ -62,13 +62,16 @@ if ($actionsave) llxHeader(); $linkback = ''.$langs->trans("BackToModuleList").''; + print load_fiche_titre($langs->trans("WebServicesSetup"), $linkback, 'title_setup'); print ''.$langs->trans("WebServicesDesc")."
\n"; print "
\n"; -print '
'; +print ''; print ''; +print ''; + print ''; print ''; @@ -78,7 +81,7 @@ print ""; print ""; print ""; -print ''; +print ''; print ''; print '
".$langs->trans("Value")." 
'.$langs->trans("KeyForWebServicesAccess").''; if (!empty($conf->use_javascript_ajax))