lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' of github.com:Dolibarr/dolibarr into develop_NEW_Service_DefaultWorkstation

Browse Source
This commit is contained in:
atm-lena 2022-07-12 11:51:13 +02:00
commit 8aa094a631
8 changed files with 47 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/class/rssparser.class.php
View File

@ -49,6 +49,8 @@ class RssParser
private $_lastfetchdate; // Last successful fetch
private $_rssarray = array();
private $current_namespace;
// For parsing with xmlparser
public $stack = array(); // parser stack
private $_CONTENT_CONSTRUCTS = array('content', 'summary', 'info', 'title', 'tagline', 'copyright');

22
htdocs/core/lib/admin.lib.php
View File

@ -324,10 +324,11 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle
$keyforsql = md5($sqlfile);
foreach ($arraysql as $i => $sql) {
if ($sql) {
// Test if sql is allowed
// Test if th SQL is allowed SQL
if ($onlysqltoimportwebsite) {
$newsql = str_replace(array("\'"), '__BACKSLASHQUOTE__', $sql);
// Remove all strings contents
$newsql = str_replace(array("\'"), '__BACKSLASHQUOTE__', $sql); // Replace the \' seque,ce
// Remove all strings contents including the ' so we can analyse SQL instruction only later
$l = strlen($newsql);
$is = 0;
$quoteopen = 0;
@ -348,11 +349,12 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle
$newsqlclean = str_replace(array("null"), '__000__', $newsqlclean);
//print $newsqlclean."<br>\n";
// A very small control. This can still by bypassed by adding a second SQL request concatenated
$qualified = 0;
// A very small control. This can still by bypassed by adding a second SQL request concatenated
if (preg_match('/^--/', $newsqlclean)) {
$qualified = 1;
} elseif (preg_match('/^UPDATE llx_website SET fk_default_home = \d+\+\d+ WHERE rowid = \d+;$/', $newsqlclean)) {
} elseif (preg_match('/^UPDATE llx_website SET \w+ = \d+\+\d+ WHERE rowid = \d+;$/', $newsqlclean)) {
$qualified = 1;
} elseif (preg_match('/^INSERT INTO llx_website_page\([a-z0-9_\s,]+\) VALUES\([0-9_\s,\+]+\);$/', $newsqlclean)) {
// Insert must match
@ -360,11 +362,18 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle
$qualified = 1;
}
// Another check to allow some legitimate original urls
if (!$qualified) {
if (preg_match('/^UPDATE llx_website SET \w+ = \'[a-zA-Z,\s]*\' WHERE rowid = \d+;$/', $sql)) {
$qualified = 1;
}
}
if (!$qualified) {
$error++;
//print 'Request '.($i + 1)." contains non allowed instructions.<br>\n";
//print "newsqlclean = ".$newsqlclean."<br>\n";
dol_syslog('Admin.lib::run_sql Request '.($i + 1)." contains non allowed instructions.", LOG_DEBUG);
dol_syslog('Admin.lib::run_sql Request '.($i + 1)." contains non allowed instructions.", LOG_WARNING);
dol_syslog('$newsqlclean='.$newsqlclean, LOG_DEBUG);
break;
}
@ -424,6 +433,7 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle
$error++;
break;
}
$from = '__'.$cursor.'__';
$to = $listofinsertedrowid[$cursor];
$newsql = str_replace($from, $to, $newsql);

14
htdocs/core/lib/files.lib.php
View File

@ -755,10 +755,11 @@ function dol_copy($srcfile, $destfile, $newmask = 0, $overwriteifexists = 1)
* @param int $overwriteifexists Overwrite file if exists (1 by default)
* @param array $arrayreplacement Array to use to replace filenames with another one during the copy (works only on file names, not on directory names).
* @param int $excludesubdir 0=Do not exclude subdirectories, 1=Exclude subdirectories, 2=Exclude subdirectories if name is not a 2 chars (used for country codes subdirectories).
* @param array $excludefileext Exclude some file extensions
* @return int <0 if error, 0 if nothing done (all files already exists and overwriteifexists=0), >0 if OK
* @see dol_copy()
*/
function dolCopyDir($srcfile, $destfile, $newmask, $overwriteifexists, $arrayreplacement = null, $excludesubdir = 0)
function dolCopyDir($srcfile, $destfile, $newmask, $overwriteifexists, $arrayreplacement = null, $excludesubdir = 0, $excludefileext = null)
{
global $conf;
@ -802,10 +803,19 @@ function dolCopyDir($srcfile, $destfile, $newmask, $overwriteifexists, $arrayrep
}
}
//var_dump("xxx dolCopyDir $srcfile/$file, $destfile/$file, $newmask, $overwriteifexists");
$tmpresult = dolCopyDir($srcfile."/".$file, $destfile."/".$newfile, $newmask, $overwriteifexists, $arrayreplacement, $excludesubdir);
$tmpresult = dolCopyDir($srcfile."/".$file, $destfile."/".$newfile, $newmask, $overwriteifexists, $arrayreplacement, $excludesubdir, $excludefileext);
}
} else {
$newfile = $file;
if (is_array($excludefileext)) {
$extension = pathinfo($file, PATHINFO_EXTENSION);
if (in_array($extension, $excludefileext)) {
//print "We exclude the file ".$file." because its extension is inside list ".join(', ', $excludefileext); exit;
continue;
}
}
// Replace destination filename with a new one
if (is_array($arrayreplacement)) {
foreach ($arrayreplacement as $key => $val) {

BIN
htdocs/install/doctemplates/websites/website_template-corporate.zip
View File

Binary file not shown.

BIN
htdocs/install/doctemplates/websites/website_template-stellar.zip
View File

Binary file not shown.

14
htdocs/website/class/website.class.php
View File

@ -977,8 +977,8 @@ class Website extends CommonObject
$srcdir = $conf->website->dir_output.'/'.$website->ref;
$destdir = $conf->website->dir_temp.'/'.$website->ref.'/containers';
dol_syslog("Copy content from ".$srcdir." into ".$destdir);
dolCopyDir($srcdir, $destdir, 0, 1, $arrayreplacementinfilename, 2);
dol_syslog("Copy pages from ".$srcdir." into ".$destdir);
dolCopyDir($srcdir, $destdir, 0, 1, $arrayreplacementinfilename, 2, array('old', 'back'));
// Copy files into medias/image
$srcdir = DOL_DATA_ROOT.'/medias/image/'.$website->ref;
@ -1103,7 +1103,7 @@ class Website extends CommonObject
}
$line = "\n-- For Dolibarr v14+ --;\n";
$line .= "UPDATE llx_website SET lang = '".$this->db->escape($this->fk_default_lang)."' WHERE rowid = __WEBSITE_ID__;\n";
$line .= "UPDATE llx_website SET lang = '".$this->db->escape($this->lang)."' WHERE rowid = __WEBSITE_ID__;\n";
$line .= "UPDATE llx_website SET otherlang = '".$this->db->escape($this->otherlang)."' WHERE rowid = __WEBSITE_ID__;\n";
$line .= "\n";
fputs($fp, $line);
@ -1146,7 +1146,7 @@ class Website extends CommonObject
$object = $this;
if (empty($object->ref)) {
$this->error = 'Function importWebSite called on object not loaded (object->ref is empty)';
return -1;
return -2;
}
dol_delete_dir_recursive($conf->website->dir_temp."/".$object->ref);
@ -1155,14 +1155,14 @@ class Website extends CommonObject
$filename = basename($pathtofile);
if (!preg_match('/^website_(.*)-(.*)$/', $filename, $reg)) {
$this->errors[] = 'Bad format for filename '.$filename.'. Must be website_XXX-VERSION.';
return -1;
return -3;
}
$result = dol_uncompress($pathtofile, $conf->website->dir_temp.'/'.$object->ref);
if (!empty($result['error'])) {
$this->errors[] = 'Failed to unzip file '.$pathtofile.'.';
return -1;
return -4;
}
$arrayreplacement = array();
@ -1211,7 +1211,7 @@ class Website extends CommonObject
// Load sql record
$runsql = run_sql($sqlfile, 1, '', 0, '', 'none', 0, 1, 0, 0, 1); // The maxrowid of table is searched into this function two
if ($runsql <= 0) {
$this->errors[] = 'Failed to load sql file '.$sqlfile;
$this->errors[] = 'Failed to load sql file '.$sqlfile.' (ret='.((int) $runsql).')';
$error++;
}

4
htdocs/website/class/websitepage.class.php
View File

@ -612,6 +612,8 @@ class WebsitePage extends CommonObject
*/
public function delete(User $user, $notrigger = false)
{
global $conf;
$error = 0;
// Delete all child tables
@ -630,7 +632,7 @@ class WebsitePage extends CommonObject
}
if (!$error) {
$result = $this->deleteCommon($user, $trigger);
$result = $this->deleteCommon($user, $notrigger);
if ($result <= 0) {
$error++;
}

11
htdocs/website/index.php
View File

@ -2307,6 +2307,7 @@ if ($action == 'importsiteconfirm' && $usercanedit) {
if (!$error) {
$result = $object->importWebSite($fileofzip);
if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');
$action = 'importsite';
@ -4318,8 +4319,10 @@ if ($action == 'replacesite' || $action == 'replacesiteconfirm' || $massaction =
$massactionbutton .= '</div>';
$varpage = empty($contextpage) ? $_SERVER["PHP_SELF"] : $contextpage;
//$selectedfields = $form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage); // This also change content of $arrayfields
$selectedfields .= $form->showCheckAddButtons('checkforselect', 1);
//$selectedfields = $form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage, getDolGlobalString('MAIN_CHECKBOX_LEFT_COLUMN', '')); // This also change content of $arrayfields
$selectedfields = '';
$selectedfields .= (count($arrayofmassactions) ? $form->showCheckAddButtons('checkforselect', 1) : '');
print_barre_liste($langs->trans("Results"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'generic', 0, '', '', $limit, 1, 1, 1);
@ -4369,7 +4372,7 @@ if ($action == 'replacesite' || $action == 'replacesiteconfirm' || $massaction =
$totalnbwords = 0;
foreach ($listofpages['list'] as $answerrecord) {
if (get_class($answerrecord) == 'WebsitePage') {
if (is_object($answerrecord) && get_class($answerrecord) == 'WebsitePage') {
print '<tr>';
// Type of container
@ -4686,7 +4689,7 @@ if ($action == 'preview' || $action == 'createfromclone' || $action == 'createpa
try {
$res = include $filephp;
if (empty($res)) {
print "ERROR: Failed to include file '".$filephp."'. Try to edit and save page.";
print "ERROR: Failed to include file '".$filephp."'. Try to edit and re-save page ith this ID.";
}
} catch (Exception $e) {
print $e->getMessage();