From d9682df682254fa2096774b4ac00d535533d6e45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 10 Dec 2020 17:37:44 +0100 Subject: [PATCH 01/11] hide also topmenu if disabled --- htdocs/core/js/lib_foot.js.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/htdocs/core/js/lib_foot.js.php b/htdocs/core/js/lib_foot.js.php index d04379210a6..8419f76bfc1 100644 --- a/htdocs/core/js/lib_foot.js.php +++ b/htdocs/core/js/lib_foot.js.php @@ -196,3 +196,7 @@ print ' } }); });'."\n"; +// hide topmenus disabled +if (!empty($conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED) && (!$user->admin)) { + print '$("li:has(.tmenudisabled)").hide();'; +} From 8882759e7af40641826cbc893c37f18dcf10c79e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Fri, 11 Dec 2020 17:55:08 +0100 Subject: [PATCH 02/11] hide topmenu option in config/display --- htdocs/admin/ihm.php | 14 ++++++++++++-- htdocs/core/js/lib_foot.js.php | 4 ---- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/htdocs/admin/ihm.php b/htdocs/admin/ihm.php index ad2cd408471..417fccafdb6 100644 --- a/htdocs/admin/ihm.php +++ b/htdocs/admin/ihm.php @@ -156,7 +156,8 @@ if ($action == 'update') dolibarr_set_const($db, "MAIN_SIZE_SHORTLIST_LIMIT", GETPOST("main_size_shortliste_limit", 'int'), 'chaine', 0, '', $conf->entity); //dolibarr_set_const($db, "MAIN_DISABLE_JAVASCRIPT", GETPOST("MAIN_DISABLE_JAVASCRIPT", 'aZ09'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_BUTTON_HIDE_UNAUTHORIZED", GETPOST("MAIN_BUTTON_HIDE_UNAUTHORIZED", 'aZ09'), 'chaine', 0, '', $conf->entity); + //dolibarr_set_const($db, "MAIN_BUTTON_HIDE_UNAUTHORIZED", GETPOST("MAIN_BUTTON_HIDE_UNAUTHORIZED", 'aZ09'), 'chaine', 0, '', $conf->entity); + //dolibarr_set_const($db, "MAIN_MENU_HIDE_UNAUTHORIZED", GETPOST("MAIN_MENU_HIDE_UNAUTHORIZED", 'aZ09'), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_START_WEEK", GETPOST("MAIN_START_WEEK", 'int'), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_DEFAULT_WORKING_DAYS", GETPOST("MAIN_DEFAULT_WORKING_DAYS", 'alphanohtml'), 'chaine', 0, '', $conf->entity); @@ -327,9 +328,18 @@ print ''; print ' '; print ''; +// Hide unauthorized menus +print ''.$langs->trans("HideUnauthorizedMenu").''; +//print $form->selectyesno('MAIN_MENU_HIDE_UNAUTHORIZED', isset($conf->global->MAIN_MENU_HIDE_UNAUTHORIZED) ? $conf->global->MAIN_MENU_HIDE_UNAUTHORIZED : 0, 1); +print ajax_constantonoff("MAIN_MENU_HIDE_UNAUTHORIZED", array(), $conf->entity, 0, 0, 1, 0); +print ''; +print ' '; +print ''; + // Hide unauthorized button print ''.$langs->trans("ButtonHideUnauthorized").''; -print $form->selectyesno('MAIN_BUTTON_HIDE_UNAUTHORIZED', isset($conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED) ? $conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED : 0, 1); +//print $form->selectyesno('MAIN_BUTTON_HIDE_UNAUTHORIZED', isset($conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED) ? $conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED : 0, 1); +print ajax_constantonoff("MAIN_BUTTON_HIDE_UNAUTHORIZED", array(), $conf->entity, 0, 0, 1, 0); print ''; print ' '; print ''; diff --git a/htdocs/core/js/lib_foot.js.php b/htdocs/core/js/lib_foot.js.php index 8419f76bfc1..d04379210a6 100644 --- a/htdocs/core/js/lib_foot.js.php +++ b/htdocs/core/js/lib_foot.js.php @@ -196,7 +196,3 @@ print ' } }); });'."\n"; -// hide topmenus disabled -if (!empty($conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED) && (!$user->admin)) { - print '$("li:has(.tmenudisabled)").hide();'; -} From e9288ce0dacf013f4a03a92ad42f7d5bca85cdb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Fri, 11 Dec 2020 17:58:43 +0100 Subject: [PATCH 03/11] fix translation --- htdocs/admin/ihm.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/ihm.php b/htdocs/admin/ihm.php index 417fccafdb6..ba223efb103 100644 --- a/htdocs/admin/ihm.php +++ b/htdocs/admin/ihm.php @@ -364,7 +364,7 @@ print ''; // Hide wiki link on login page $pictohelp = ''; -print ''.$langs->trans("DisableLinkToHelp", $pictohelp).''; +print ''.str_replace('{picto}', $pictohelp, $langs->trans("DisableLinkToHelp", '{picto}')).''; print ajax_constantonoff("MAIN_HELP_DISABLELINK", array(), $conf->entity, 0, 0, 1, 0); //print $form->selectyesno('MAIN_HELP_DISABLELINK', isset($conf->global->MAIN_HELP_DISABLELINK) ? $conf->global->MAIN_HELP_DISABLELINK : 0, 1); print ''; From 0b3a5dc7968c9abfab97e9394ab96958ddc71634 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Fri, 11 Dec 2020 18:09:37 +0100 Subject: [PATCH 04/11] fix style --- htdocs/admin/ihm.php | 4 ++++ htdocs/core/lib/usergroups.lib.php | 2 ++ 2 files changed, 6 insertions(+) diff --git a/htdocs/admin/ihm.php b/htdocs/admin/ihm.php index ba223efb103..3652c04518d 100644 --- a/htdocs/admin/ihm.php +++ b/htdocs/admin/ihm.php @@ -242,6 +242,7 @@ print ''; clearstatcache(); print '
'; +print '
'; print ''; print ''; print ''; @@ -260,12 +261,14 @@ print ''; print ''; print '
'.img_picto('', 'language').' '.$langs->trans("Language").'

'."\n"; +print '
'; // Themes and themes options showSkins(null, 1); print '
'; // Other +print '
'; print ''; print ''; print ''."\n"; print '
'.$langs->trans("Miscellaneous").' '; @@ -391,6 +394,7 @@ $doleditor->Create(); print '
'."\n"; +print '
'; print '
'; diff --git a/htdocs/core/lib/usergroups.lib.php b/htdocs/core/lib/usergroups.lib.php index 9277ebbd81b..913112e04e6 100644 --- a/htdocs/core/lib/usergroups.lib.php +++ b/htdocs/core/lib/usergroups.lib.php @@ -315,6 +315,7 @@ function showSkins($fuser, $edit = 0, $foruserprofile = false) if ($foruserprofile) $colspan = 4; $thumbsbyrow = 6; + print '
'; print ''; // Title @@ -911,4 +912,5 @@ function showSkins($fuser, $edit = 0, $foruserprofile = false) } else { } print '
'; + print '
'; } From 5ac677e2ab9d13e28286cb8ef0ac03166186594a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Fri, 11 Dec 2020 19:02:13 +0100 Subject: [PATCH 05/11] fix mos api update --- htdocs/mrp/class/api_mos.class.php | 68 +++++++++++++++++------------- 1 file changed, 39 insertions(+), 29 deletions(-) diff --git a/htdocs/mrp/class/api_mos.class.php b/htdocs/mrp/class/api_mos.class.php index 1d37e73adad..281ec0fb731 100644 --- a/htdocs/mrp/class/api_mos.class.php +++ b/htdocs/mrp/class/api_mos.class.php @@ -107,32 +107,43 @@ class Mos extends DolibarrApi // If the internal user must only see his customers, force searching by him $search_sale = 0; - if ($restrictonsocid && !DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) $search_sale = DolibarrApiAccess::$user->id; + if ($restrictonsocid && !DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) { + $search_sale = DolibarrApiAccess::$user->id; + } $sql = "SELECT t.rowid"; - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) + if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { + $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) + } $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." as t"; - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale + if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { + $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale + } $sql .= " WHERE 1 = 1"; // Example of use $mode //if ($mode == 1) $sql.= " AND s.client IN (1, 3)"; //if ($mode == 2) $sql.= " AND s.client IN (2, 3)"; - if ($tmpobject->ismultientitymanaged) $sql .= ' AND t.entity IN ('.getEntity($tmpobject->element).')'; - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= " AND t.fk_soc = sc.fk_soc"; - if ($restrictonsocid && $socid) $sql .= " AND t.fk_soc = ".$socid; - if ($restrictonsocid && $search_sale > 0) $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale + if ($tmpobject->ismultientitymanaged) { + $sql .= ' AND t.entity IN ('.getEntity($tmpobject->element).')'; + } + if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { + $sql .= " AND t.fk_soc = sc.fk_soc"; + } + if ($restrictonsocid && $socid) { + $sql .= " AND t.fk_soc = ".$socid; + } + if ($restrictonsocid && $search_sale > 0) { + $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale + } // Insert sale filter - if ($restrictonsocid && $search_sale > 0) - { + if ($restrictonsocid && $search_sale > 0) { $sql .= " AND sc.fk_user = ".$search_sale; } - if ($sqlfilters) - { - if (!DolibarrApi::_checkFilters($sqlfilters)) - { + if ($sqlfilters) { + if (!DolibarrApi::_checkFilters($sqlfilters)) { throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); } $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; @@ -141,8 +152,7 @@ class Mos extends DolibarrApi $sql .= $this->db->order($sortfield, $sortorder); if ($limit) { - if ($page < 0) - { + if ($page < 0) { $page = 0; } $offset = $limit * $page; @@ -151,12 +161,10 @@ class Mos extends DolibarrApi } $result = $this->db->query($sql); - if ($result) - { + if ($result) { $num = $this->db->num_rows($result); $i = 0; - while ($i < $num) - { + while ($i < $num) { $obj = $this->db->fetch_object($result); $tmp_object = new Mo($this->db); if ($tmp_object->fetch($obj->rowid)) { @@ -164,8 +172,7 @@ class Mos extends DolibarrApi } $i++; } - } - else { + } else { throw new RestException(503, 'Error when retrieve MO list'); } if (!count($obj_ret)) { @@ -221,11 +228,13 @@ class Mos extends DolibarrApi } foreach ($request_data as $field => $value) { - if ($field == 'id') continue; + if ($field == 'id') { + continue; + } $this->mo->$field = $value; } - if ($this->mo->update($id, DolibarrApiAccess::$user) > 0) { + if ($this->mo->update(DolibarrApiAccess::$user) > 0) { return $this->get($id); } else { throw new RestException(500, $this->mo->error); @@ -252,8 +261,7 @@ class Mos extends DolibarrApi throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); } - if (!$this->mo->delete(DolibarrApiAccess::$user)) - { + if (!$this->mo->delete(DolibarrApiAccess::$user)) { throw new RestException(500, 'Error when deleting MO : '.$this->mo->error); } @@ -317,8 +325,7 @@ class Mos extends DolibarrApi // If object has lines, remove $db property if (isset($object->lines) && is_array($object->lines) && count($object->lines) > 0) { $nboflines = count($object->lines); - for ($i = 0; $i < $nboflines; $i++) - { + for ($i = 0; $i < $nboflines; $i++) { $this->_cleanObjectDatas($object->lines[$i]); unset($object->lines[$i]->lines); @@ -341,9 +348,12 @@ class Mos extends DolibarrApi { $myobject = array(); foreach ($this->mo->fields as $field => $propfield) { - if (in_array($field, array('rowid', 'entity', 'date_creation', 'tms', 'fk_user_creat')) || $propfield['notnull'] != 1) continue; // Not a mandatory field - if (!isset($data[$field])) + if (in_array($field, array('rowid', 'entity', 'date_creation', 'tms', 'fk_user_creat')) || $propfield['notnull'] != 1) { + continue; // Not a mandatory field + } + if (!isset($data[$field])) { throw new RestException(400, "$field field missing"); + } $myobject[$field] = $data[$field]; } return $myobject; From 4664ac1a1c677025280d68b6596a62d2f5b1e29a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sat, 12 Dec 2020 17:00:23 +0100 Subject: [PATCH 06/11] socialnetworks links --- htdocs/contact/list.php | 2 +- htdocs/core/class/commonobject.class.php | 3 +- htdocs/core/lib/functions.lib.php | 41 +++++++++++++----------- 3 files changed, 26 insertions(+), 20 deletions(-) diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 5b8c708b1b2..00c74544d17 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -967,7 +967,7 @@ while ($i < min($num, $limit)) if (!empty($conf->socialnetworks->enabled)) { foreach ($socialnetworks as $key => $value) { if ($value['active'] && !empty($arrayfields['p.'.$key]['checked'])) { - print ''.dol_print_socialnetworks($arraysocialnetworks[$key], $obj->rowid, $obj->socid, $key).''; + print ''.dol_print_socialnetworks($arraysocialnetworks[$key], $obj->rowid, $obj->socid, $key, $socialnetworks).''; if (!$i) $totalarray['nbfield']++; } } diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index dec15e4db83..f34f39740bd 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -816,9 +816,10 @@ abstract class CommonObject $outsocialnetwork = ''; if (is_array($this->socialnetworks) && count($this->socialnetworks) > 0) { + $socialnetworksdict = getArrayOfSocialNetworks(); foreach ($this->socialnetworks as $key => $value) { if ($value) { - $outsocialnetwork .= dol_print_socialnetworks($value, $this->id, $object->id, $key); + $outsocialnetwork .= dol_print_socialnetworks($value, $this->id, $object->id, $key, $socialnetworksdict); } $outdone++; } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 8b9edcd89ba..8a48cdf0906 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -2440,13 +2440,14 @@ function getArrayOfSocialNetworks() /** * Show social network link * - * @param string $value Skype to show (only skype, without 'Name of recipient' before) - * @param int $cid Id of contact if known - * @param int $socid Id of third party if known - * @param string $type 'skype','facebook',... - * @return string HTML Link + * @param string $value Skype to show (only skype, without 'Name of recipient' before) + * @param int $cid Id of contact if known + * @param int $socid Id of third party if known + * @param string $type 'skype','facebook',... + * @param array $dictsocialnetworks socialnetworks availables + * @return string HTML Link */ -function dol_print_socialnetworks($value, $cid, $socid, $type) +function dol_print_socialnetworks($value, $cid, $socid, $type, $dictsocialnetworks = array()) { global $conf, $user, $langs; @@ -2454,13 +2455,11 @@ function dol_print_socialnetworks($value, $cid, $socid, $type) if (empty($value)) return ' '; - if (!empty($type)) - { + if (!empty($type)) { $htmllink = '
'; $htmllink .= img_picto($langs->trans(strtoupper($type)), $type.'.png', '', false, 0, 0, '', 'paddingright', 0); - $htmllink .= $value; - if ($type == 'skype') - { + if ($type == 'skype') { + $htmllink .= $value; $htmllink .= ' '; $htmllink .= ''; $htmllink .= ''; $htmllink .= ''; - } - if (($cid || $socid) && !empty($conf->agenda->enabled) && $user->rights->agenda->myactions->create && $type == 'skype') - { - $addlink = 'AC_SKYPE'; - $link = ''; - if (!empty($conf->global->AGENDA_ADDACTIONFORSKYPE)) $link = ''.img_object($langs->trans("AddAction"), "calendar").''; - $htmllink .= ($link ? ' '.$link : ''); + if (($cid || $socid) && !empty($conf->agenda->enabled) && $user->rights->agenda->myactions->create) { + $addlink = 'AC_SKYPE'; + $link = ''; + if (!empty($conf->global->AGENDA_ADDACTIONFORSKYPE)) $link = ''.img_object($langs->trans("AddAction"), "calendar").''; + $htmllink .= ($link ? ' '.$link : ''); + } + } else { + if (!empty($dictsocialnetworks[$type]['url'])) { + $link = str_replace('{socialid}', $value, $dictsocialnetworks[$type]['url']); + $htmllink .= ' '.$value.''; + } else { + $htmllink .= $value; + } } $htmllink .= '
'; } else { From d523ed9f85fc2f5a9d203619a018c6686b42fa29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sat, 12 Dec 2020 17:01:25 +0100 Subject: [PATCH 07/11] socialnetworks links --- htdocs/core/boxes/box_scheduled_jobs.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/htdocs/core/boxes/box_scheduled_jobs.php b/htdocs/core/boxes/box_scheduled_jobs.php index 17c62ab7c7d..d8efa1b9dbc 100644 --- a/htdocs/core/boxes/box_scheduled_jobs.php +++ b/htdocs/core/boxes/box_scheduled_jobs.php @@ -100,7 +100,6 @@ class box_scheduled_jobs extends ModeleBoxes $objp = $this->db->fetch_object($result); if (dol_eval($objp->test, 1, 1)) { - $nextrun = $this->db->jdate($objp->datenextrun); if (empty($nextrun)) $nextrun = $this->db->jdate($objp->datestart); @@ -140,7 +139,7 @@ class box_scheduled_jobs extends ModeleBoxes ); } - foreach($resultarray as $line => $value) { + foreach ($resultarray as $line => $value) { $this->info_box_contents[$line][] = array( 'td' => 'class="left"', 'text' => $resultarray[$line][0] From 46bf871127ffe2d06e558ff60b1bda3b3e90efa0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sat, 12 Dec 2020 17:23:42 +0100 Subject: [PATCH 08/11] target --- htdocs/core/lib/functions.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 8a48cdf0906..a14ddbde754 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -2479,7 +2479,7 @@ function dol_print_socialnetworks($value, $cid, $socid, $type, $dictsocialnetwor } else { if (!empty($dictsocialnetworks[$type]['url'])) { $link = str_replace('{socialid}', $value, $dictsocialnetworks[$type]['url']); - $htmllink .= ' '.$value.''; + $htmllink .= ' '.$value.''; } else { $htmllink .= $value; } From 643b507a96fbe766f29a05be77c1da832b64767e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sat, 12 Dec 2020 17:31:10 +0100 Subject: [PATCH 09/11] ucfirst --- htdocs/core/lib/functions.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index a14ddbde754..23c8d559e8a 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -2457,7 +2457,7 @@ function dol_print_socialnetworks($value, $cid, $socid, $type, $dictsocialnetwor if (!empty($type)) { $htmllink = '
'; - $htmllink .= img_picto($langs->trans(strtoupper($type)), $type.'.png', '', false, 0, 0, '', 'paddingright', 0); + $htmllink .= img_picto($langs->trans(dol_ucfirst($type)), $type.'.png', '', false, 0, 0, '', 'paddingright', 0); if ($type == 'skype') { $htmllink .= $value; $htmllink .= ' '; From fa05982a8b9a6528827abc54fd5fe9a981b53494 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 12 Dec 2020 18:37:51 +0100 Subject: [PATCH 10/11] Fix CSS v13 --- SECURITY.md | 4 ++-- htdocs/core/tpl/login.tpl.php | 25 +++++++++-------------- htdocs/core/tpl/passwordforgotten.tpl.php | 23 +++++++++------------ htdocs/theme/eldy/global.inc.php | 1 + htdocs/theme/md/style.css.php | 1 + htdocs/webservices/admin/index.php | 7 +++++-- 6 files changed, 29 insertions(+), 32 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 8ef569d6da0..bcc1bd7d9e0 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -49,7 +49,7 @@ You must not leak, manipulate, or destroy any user data of third parties to find ## Scope for qualified vulnerabilities -ONLY vulnerabilities discovered, when the following setup on test platform is used, are "validated": +ONLY vulnerabilities discovered, when the following setup on test platform is used, are "valid": * $dolibarr_main_prod must be set to 1 into conf.php * $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value) @@ -57,7 +57,7 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us * The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be set to 1 soon by default) * The module DebugBar must NOT be enabled (by default, this module is not enabled. This is a developer tool) * The module ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool) -* ONLY security reports on modules provided by default and with the "stable" status are allowed (troubles into "experimental", "developement" or external modules are not valid vulnerabilities). +* ONLY security reports on modules provided by default and with the "stable" status are valid (troubles into "experimental", "developement" or external modules are not valid vulnerabilities). * The root of web server must link to htdocs and the documents directory must be outside of the web server root (this is the default when using the default installer but may differs with external installer). * The web server setup must be done so only the documents directory is in write mode. The root directory called htdocs must be readonly. * CSRF attacks are accepted for all when using a POST URL, but when using GET URL, they are validated only for creating or updating data resctricted to the admin user. diff --git a/htdocs/core/tpl/login.tpl.php b/htdocs/core/tpl/login.tpl.php index bf0e4f57743..2d0b9ad57c1 100644 --- a/htdocs/core/tpl/login.tpl.php +++ b/htdocs/core/tpl/login.tpl.php @@ -149,8 +149,7 @@ if ($disablenofollow) echo '';
global->MAIN_OPTIMIZEFORTEXTBROWSER)) { ?> - - + " name="username" class="flat input-icon-user minwidth150" value="" tabindex="1" autofocus="autofocus" />
@@ -160,8 +159,7 @@ if ($disablenofollow) echo '';
global->MAIN_OPTIMIZEFORTEXTBROWSER)) { ?> - - + " name="password" class="flat input-icon-password minwidth150" type="password" value="" tabindex="2" autocomplete="global->MAIN_LOGIN_ENABLE_PASSWORD_AUTOCOMPLETE) ? 'off' : 'on'; ?>" />
@@ -190,19 +188,16 @@ if ($captcha) { ?>
-
+
- - - - - - -
diff --git a/htdocs/core/tpl/passwordforgotten.tpl.php b/htdocs/core/tpl/passwordforgotten.tpl.php index d7d7e2f7ef3..f11e01c7d13 100644 --- a/htdocs/core/tpl/passwordforgotten.tpl.php +++ b/htdocs/core/tpl/passwordforgotten.tpl.php @@ -107,8 +107,7 @@ if ($disablenofollow) echo '';
- - + " id="username" name="username" class="flat input-icon-user minwidth150" value="" tabindex="1" />
@@ -135,22 +134,20 @@ if (!empty($morelogincontent)) { $php_self = preg_replace('/[&\?]time=(\d+)/', '', $php_self); // Remove param time if (preg_match('/\?/', $php_self)) $php_self .= '&time='.dol_print_date(dol_now(), 'dayhourlog'); else $php_self .= '?time='.dol_print_date(dol_now(), 'dayhourlog'); + // TODO: provide accessible captcha variants ?>
-
+
- - - - - -
diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index a0203c24cf1..1b104ce95dd 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -1220,6 +1220,7 @@ table[summary="list_of_modules"] .fa-cog { .width50 { width: 50px; } .width75 { width: 75px; } .width100 { width: 100px; } +.width125 { width: 125px; } .width150 { width: 150px; } .width200 { width: 200px; } .maxwidth25 { max-width: 25px; } diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index 4f85b78a872..ad0b03366db 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -1213,6 +1213,7 @@ table[summary="list_of_modules"] .fa-cog { .width50 { width: 50px; } .width75 { width: 75px; } .width100 { width: 100px; } +.width125 { width: 125px; } .width150 { width: 150px; } .width200 { width: 200px; } .maxwidth25 { max-width: 25px; } diff --git a/htdocs/webservices/admin/index.php b/htdocs/webservices/admin/index.php index 015551693bd..2c14d2d07f5 100644 --- a/htdocs/webservices/admin/index.php +++ b/htdocs/webservices/admin/index.php @@ -62,13 +62,16 @@ if ($actionsave) llxHeader(); $linkback = ''.$langs->trans("BackToModuleList").''; + print load_fiche_titre($langs->trans("WebServicesSetup"), $linkback, 'title_setup'); print ''.$langs->trans("WebServicesDesc")."
\n"; print "
\n"; -print '
'; +print ''; print ''; +print ''; + print ''; print ''; @@ -78,7 +81,7 @@ print ""; print ""; print ""; -print ''; +print ''; print ''; print ''; // Default language -print ''; print ''; // Multilingual GUI -print ''; print ''; @@ -303,28 +303,28 @@ print ''; */ // First day for weeks -print ''; print ''; print ''; // DefaultWorkingDays -print ''; print ''; print ''; // DefaultWorkingHours -print ''; print ''; print ''; // Firstname/Name -print ''; @@ -332,7 +332,7 @@ print ''; print ''; // Hide unauthorized menus -print ''; @@ -340,7 +340,7 @@ print ''; print ''; // Hide unauthorized button -print ''; @@ -350,7 +350,7 @@ print ''; // Hide version link /* -print ''; print ''; @@ -358,7 +358,7 @@ print ''; */ // Show bugtrack link -print ''; @@ -367,7 +367,7 @@ print ''; // Hide wiki link on login page $pictohelp = ''; -print ''; @@ -378,7 +378,7 @@ print ''; $substitutionarray = getCommonSubstitutionArray($langs, 0, array('object', 'objectamount')); complete_substitutions_array($substitutionarray, $langs); -print '
".$langs->trans("Value")." 
'.$langs->trans("KeyForWebServicesAccess").''; if (!empty($conf->use_javascript_ajax)) From a5d2e04dea46cd38b3711ea403cfd89b7cac0d8b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 12 Dec 2020 19:09:07 +0100 Subject: [PATCH 11/11] Debug v13 --- htdocs/admin/ihm.php | 28 ++++++++++++++-------------- htdocs/comm/action/index.php | 2 +- htdocs/langs/en_US/admin.lang | 4 ++-- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/htdocs/admin/ihm.php b/htdocs/admin/ihm.php index 3652c04518d..bebb9f7d0bd 100644 --- a/htdocs/admin/ihm.php +++ b/htdocs/admin/ihm.php @@ -248,14 +248,14 @@ print '
'.img_picto('', 'language').' '.$langs->trans print '
'.$langs->trans("DefaultLanguage").''; +print '
'.$langs->trans("DefaultLanguage").''; print $formadmin->select_language($conf->global->MAIN_LANG_DEFAULT, 'MAIN_LANG_DEFAULT', 1, null, '', 0, 0, 'minwidth300', 2); print ''; print '
'.$langs->trans("EnableMultilangInterface").''; +print '
'.$langs->trans("EnableMultilangInterface").''; print ajax_constantonoff("MAIN_MULTILANGS", array(), $conf->entity, 0, 0, 1, 0); print '
'.$langs->trans("WeekStartOnDay").''; +print '
'.$langs->trans("WeekStartOnDay").''; print $formother->select_dayofweek((isset($conf->global->MAIN_START_WEEK) ? $conf->global->MAIN_START_WEEK : '1'), 'MAIN_START_WEEK', 0); print ' 
'.$langs->trans("DefaultWorkingDays").''; +print '
'.$langs->trans("DefaultWorkingDays").''; print ''; print ' 
'.$langs->trans("DefaultWorkingHours").''; +print '
'.$langs->trans("DefaultWorkingHours").''; print ''; print ' 
'.$langs->trans("FirstnameNamePosition").''; +print '
'.$langs->trans("FirstnameNamePosition").''; $array = array(0=>$langs->trans("Firstname").' '.$langs->trans("Lastname"), 1=>$langs->trans("Lastname").' '.$langs->trans("Firstname")); print $form->selectarray('MAIN_FIRSTNAME_NAME_POSITION', $array, (isset($conf->global->MAIN_FIRSTNAME_NAME_POSITION) ? $conf->global->MAIN_FIRSTNAME_NAME_POSITION : 0)); print ' 
'.$langs->trans("HideUnauthorizedMenu").''; +print '
'.$langs->trans("HideUnauthorizedMenu").''; //print $form->selectyesno('MAIN_MENU_HIDE_UNAUTHORIZED', isset($conf->global->MAIN_MENU_HIDE_UNAUTHORIZED) ? $conf->global->MAIN_MENU_HIDE_UNAUTHORIZED : 0, 1); print ajax_constantonoff("MAIN_MENU_HIDE_UNAUTHORIZED", array(), $conf->entity, 0, 0, 1, 0); print ' 
'.$langs->trans("ButtonHideUnauthorized").''; +print '
'.$langs->trans("ButtonHideUnauthorized").''; //print $form->selectyesno('MAIN_BUTTON_HIDE_UNAUTHORIZED', isset($conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED) ? $conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED : 0, 1); print ajax_constantonoff("MAIN_BUTTON_HIDE_UNAUTHORIZED", array(), $conf->entity, 0, 0, 1, 0); print '
'.$langs->trans("HideVersionLink").''; +print '
'.$langs->trans("HideVersionLink").''; print $form->selectyesno('MAIN_HIDE_VERSION',$conf->global->MAIN_HIDE_VERSION,1); print ' 
'.$langs->trans("ShowBugTrackLink", $langs->transnoentitiesnoconv("FindBug")).''; +print '
'.$langs->trans("ShowBugTrackLink", $langs->transnoentitiesnoconv("FindBug")).''; print ajax_constantonoff("MAIN_BUGTRACK_ENABLELINK", array(), $conf->entity, 0, 0, 1, 0); //print $form->selectyesno('MAIN_BUGTRACK_ENABLELINK', $conf->global->MAIN_BUGTRACK_ENABLELINK, 1); print '
'.str_replace('{picto}', $pictohelp, $langs->trans("DisableLinkToHelp", '{picto}')).''; +print '
'.str_replace('{picto}', $pictohelp, $langs->trans("DisableLinkToHelp", '{picto}')).''; print ajax_constantonoff("MAIN_HELP_DISABLELINK", array(), $conf->entity, 0, 0, 1, 0); //print $form->selectyesno('MAIN_HELP_DISABLELINK', isset($conf->global->MAIN_HELP_DISABLELINK) ? $conf->global->MAIN_HELP_DISABLELINK : 0, 1); print '
'; +print '
'; $texthelp = $langs->trans("FollowingConstantsWillBeSubstituted").'
'; foreach ($substitutionarray as $key => $val) { @@ -401,12 +401,12 @@ print '
'; // Other print '
'; print ''; -print ''; +print ''; print ''; print ''; // Hide helpcenter link on login page -print ''; print ''; diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index 83b3c0514aa..f5822669bba 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -518,7 +518,7 @@ if (!empty($conf->use_javascript_ajax)) // If javascript on } // Birthdays - $s .= '
'.$langs->trans("AgendaShowBirthdayEvents").'  
'; + $s .= '
 
'; // Calendars from hooks $parameters = array(); $object = null; diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index b0a302fb80e..00b7014eb71 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -406,7 +406,7 @@ UrlGenerationParameters=Parameters to secure URLs SecurityTokenIsUnique=Use a unique securekey parameter for each URL EnterRefToBuildUrl=Enter reference for object %s GetSecuredUrl=Get calculated URL -ButtonHideUnauthorized=Hide buttons for non-admin users for unauthorized actions instead of showing greyed disabled buttons +ButtonHideUnauthorized=Hide unauthorized action buttons also for internal users (just greyed otherwise) OldVATRates=Old VAT rate NewVATRates=New VAT rate PriceBaseTypeToChange=Modify on prices with base reference value defined on @@ -1689,7 +1689,7 @@ NotTopTreeMenuPersonalized=Personalized menus not linked to a top menu entry NewMenu=New menu MenuHandler=Menu handler MenuModule=Source module -HideUnauthorizedMenu= Hide unauthorized menus (gray) +HideUnauthorizedMenu=Hide unauthorized menus also for internal users (just greyed otherwise) DetailId=Id menu DetailMenuHandler=Menu handler where to show new menu DetailMenuModule=Module name if menu entry come from a module
'.$langs->trans("LoginPage").'
'.$langs->trans("LoginPage").' 
'.$langs->trans("DisableLinkToHelpCenter").''; +print '
'.$langs->trans("DisableLinkToHelpCenter").''; print ajax_constantonoff("MAIN_HELPCENTER_DISABLELINK", array(), $conf->entity, 0, 0, 0, 0); print '