lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #19336 from grandoc/new_branch_08_11_2021

Browse Source 
fixes to be pure markdown
This commit is contained in:
Laurent Destailleur 2021-11-11 14:40:19 +01:00 committed by GitHub
commit 917ceec027
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
SECURITY.md
View File

@ -12,8 +12,7 @@ This file contains some policies about the security reports on Dolibarr ERP CRM
## Reporting a Vulnerability
To report a vulnerability, please use GitHub security advisory at https://github.com/Dolibarr/dolibarr/security/advisories/new (if you have permissions) or alternatively send an email to security@dolibarr.org (for everybody)
To report a vulnerability, please use GitHub security advisory at [https://github.com/Dolibarr/dolibarr/security/advisories/new](https://github.com/Dolibarr/dolibarr/security/advisories/new) (if you have permissions) or alternatively send an email to security@dolibarr.org (for everybody)
## Hunting vulnerabilities on Dolibarr
@ -23,7 +22,7 @@ If you believe you've found a security bug in our service, we are happy to work
Any type of denial of service attacks is strictly forbidden, as well as any interference with network equipment and Dolibarr infrastructure.
We recommand to install Dolibarr ERP CRM on your own server (as most Open Source software, download and use is free: https://www.dolibarr.org/download) to get access on every side of application.
We recommand to install Dolibarr ERP CRM on your own server (as most Open Source software, download and use is free: [https://www.dolibarr.org/download](https://www.dolibarr.org/download)) to get access on every side of application.
### User Agent
@ -31,8 +30,7 @@ If you try to find bug on Dolibarr, we recommend to append to your user-agent he
### Account access
You can install the web application yourself on your own platform/server so you get full access to application and sources. Download the zip of the files to put into your own web server virtual host from https://www.dolibarr.org/download
You can install the web application yourself on your own platform/server so you get full access to application and sources. Download the zip of the files to put into your own web server virtual host from [https://www.dolibarr.org/download](https://www.dolibarr.org/download)
## Eligibility and Responsible Disclosure
@ -46,7 +44,6 @@ You must avoid tests that could cause degradation or interruption of our service
You must not leak, manipulate, or destroy any user data of third parties to find your vulnerability.
## Scope for qualified vulnerabilities
ONLY vulnerabilities discovered, when the following setup on test platform is used, are "valid":
@ -64,7 +61,6 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us
Scope is the web application (back office) and the APIs.
## Qualifying vulnerabilities for reporting
* Remote code execution (RCE)
@ -81,7 +77,6 @@ Scope is the web application (back office) and the APIs.
* Software version disclosure (for non admin users only)
* Stack traces or path disclosure (for non admin users only)
## Non-qualifying vulnerabilities for reporting
* "Self" XSS
@ -99,4 +94,3 @@ Scope is the web application (back office) and the APIs.
* Software version or private IP disclosure when logged user is admin
* Stack traces or path disclosure when logged user is admin
* Any vulnerabilities due to a configuration different than the one defined into chapter "Scope for qualified vulnerabilities".

2
htdocs/modulebuilder/template/core/boxes/README.md
View File

@ -1 +1 @@
Directory where widgets files are stored.
# Directory where widgets files are stored

8
htdocs/modulebuilder/template/core/modules/mailings/mailinglist_mymodule_myobject.modules.php
View File

@ -55,9 +55,9 @@ class mailing_mailinglist_mymodule_myobject extends MailingTargets
/**
* Affiche formulaire de filtre qui apparait dans page de selection des destinataires de mailings
* Displays the filter form that appears in the mailing recipient selection page
*
* @return string Retourne zone select
* @return string Return select zone
*/
public function formFilter()
{
@ -83,7 +83,7 @@ class mailing_mailinglist_mymodule_myobject extends MailingTargets
/**
* Renvoie url lien vers fiche de la source du destinataire du mailing
* Returns url link to file of the source of the recipient of the mailing
*
* @param int $id ID
* @return string Url lien
@ -115,7 +115,7 @@ class mailing_mailinglist_mymodule_myobject extends MailingTargets
}
$sql .= " ORDER BY email";
// Stocke destinataires dans target
// Store recipients in target
$result = $this->db->query($sql);
if ($result) {
$num = $this->db->num_rows($result);