From 85aa9f7481ecba95bbedcf9eb0d66253a4deb7a9 Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Wed, 16 Nov 2022 09:32:14 +0100 Subject: [PATCH 1/4] FIX: base64_decode shloud be forbiden in dol_eval --- htdocs/core/lib/functions.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 479b8b30977..9f63a420430 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -8133,7 +8133,7 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1) } // We block using of php exec or php file functions - $forbiddenphpstrings = array("exec(", "passthru(", "shell_exec(", "system(", "proc_open(", "popen(", "eval(", "dol_eval(", "executeCLI("); + $forbiddenphpstrings = array("exec(", "passthru(", "shell_exec(", "system(", "proc_open(", "popen(", "eval(", "dol_eval(", "executeCLI(", "base64_decode("); $forbiddenphpstrings = array_merge($forbiddenphpstrings, array("fopen(", "file_put_contents(", "fputs(", "fputscsv(", "fwrite(", "fpassthru(", "unlink(", "mkdir(", "rmdir(", "symlink(", "touch(", "umask(")); $forbiddenphpstrings = array_merge($forbiddenphpstrings, array('function(', '$$', 'call_user_func(')); $forbiddenphpstrings = array_merge($forbiddenphpstrings, array('_ENV', '_SESSION', '_COOKIE', '_GET', '_POST', '_REQUEST')); From 19273c8da15896418880d4698dd76f58859e9775 Mon Sep 17 00:00:00 2001 From: josett225 <57623859+josett225@users.noreply.github.com> Date: Sun, 20 Nov 2022 05:33:31 +0100 Subject: [PATCH 2/4] Fix PaymentBankTransfer Line page management with Select and Input --- htdocs/compta/prelevement/list.php | 3 +++ htdocs/compta/prelevement/orders_list.php | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/htdocs/compta/prelevement/list.php b/htdocs/compta/prelevement/list.php index a7bab4281c2..6bf12933eab 100644 --- a/htdocs/compta/prelevement/list.php +++ b/htdocs/compta/prelevement/list.php @@ -191,6 +191,9 @@ if ($result) { print ''; print ''; print ''; + if ($type != '') { + print ''; + } $title = $langs->trans("WithdrawalsLines"); if ($type == 'bank-transfer') { diff --git a/htdocs/compta/prelevement/orders_list.php b/htdocs/compta/prelevement/orders_list.php index 6737ea258ea..6c614cc8a20 100644 --- a/htdocs/compta/prelevement/orders_list.php +++ b/htdocs/compta/prelevement/orders_list.php @@ -158,7 +158,9 @@ if ($result) { print ''; print ''; print ''; - + if ($type != '') { + print ''; + } $titlekey = "WithdrawalsReceipts"; $title = $langs->trans("WithdrawalsReceipts"); if ($type == 'bank-transfer') { From e38ef6bc8c598ad0e6b576fbf77e8b4fed8febb6 Mon Sep 17 00:00:00 2001 From: josett225 <57623859+josett225@users.noreply.github.com> Date: Tue, 22 Nov 2022 21:03:28 +0100 Subject: [PATCH 3/4] Update create.php --- htdocs/compta/prelevement/create.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/htdocs/compta/prelevement/create.php b/htdocs/compta/prelevement/create.php index 4cf238b65f5..3319f3ac98c 100644 --- a/htdocs/compta/prelevement/create.php +++ b/htdocs/compta/prelevement/create.php @@ -386,7 +386,10 @@ if ($resql) { if (!empty($limit)) { print ''; } - + if ($type != '') { + print ''; + } + $title = $langs->trans("InvoiceWaitingWithdraw"); if ($type == 'bank-transfer') { $title = $langs->trans("InvoiceWaitingPaymentByBankTransfer"); From 76fdf0006d75404bc3e63d5d141e45af5090fe4f Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Tue, 22 Nov 2022 20:17:37 +0000 Subject: [PATCH 4/4] Fixing style errors. --- htdocs/compta/prelevement/create.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/prelevement/create.php b/htdocs/compta/prelevement/create.php index 3319f3ac98c..9bee65b5261 100644 --- a/htdocs/compta/prelevement/create.php +++ b/htdocs/compta/prelevement/create.php @@ -389,7 +389,7 @@ if ($resql) { if ($type != '') { print ''; } - + $title = $langs->trans("InvoiceWaitingWithdraw"); if ($type == 'bank-transfer') { $title = $langs->trans("InvoiceWaitingPaymentByBankTransfer");