From 9ecf353342c2e0e5abffbf1ba0fdc6a06df16bf1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 20 Dec 2022 17:57:19 +0100 Subject: [PATCH 1/8] fix warnings --- htdocs/adherents/card.php | 42 +++++++++++------------ htdocs/adherents/class/adherent.class.php | 6 ++-- htdocs/adherents/subscription.php | 2 +- htdocs/public/members/new.php | 2 +- 4 files changed, 26 insertions(+), 26 deletions(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 56e7868ec5a..b70274c10cc 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -6,7 +6,7 @@ * Copyright (C) 2012 Marcos García * Copyright (C) 2012-2020 Philippe Grand * Copyright (C) 2015-2018 Alexandre Spangaro - * Copyright (C) 2018-2021 Frédéric France + * Copyright (C) 2018-2022 Frédéric France * Copyright (C) 2021 Waël Almoman * * This program is free software; you can redistribute it and/or modify @@ -305,23 +305,23 @@ if (empty($reshook)) { $object->phone = trim(GETPOST("phone", 'alpha')); $object->phone_perso = trim(GETPOST("phone_perso", 'alpha')); $object->phone_mobile = trim(GETPOST("phone_mobile", 'alpha')); - $object->email = preg_replace('/\s+/', '', GETPOST("member_email", 'alpha')); - $object->url = trim(GETPOST('member_url', 'custom', 0, FILTER_SANITIZE_URL)); + $object->email = preg_replace('/\s+/', '', GETPOST("member_email", 'alpha')); + $object->url = trim(GETPOST('member_url', 'custom', 0, FILTER_SANITIZE_URL)); $object->socialnetworks = array(); foreach ($socialnetworks as $key => $value) { if (GETPOSTISSET($key) && GETPOST($key, 'alphanohtml') != '') { $object->socialnetworks[$key] = trim(GETPOST($key, 'alphanohtml')); } } - //$object->skype = trim(GETPOST("skype", 'alpha')); - //$object->twitter = trim(GETPOST("twitter", 'alpha')); - //$object->facebook = trim(GETPOST("facebook", 'alpha')); - //$object->linkedin = trim(GETPOST("linkedin", 'alpha')); - $object->birth = $birthdate; + //$object->skype = trim(GETPOST("skype", 'alpha')); + //$object->twitter = trim(GETPOST("twitter", 'alpha')); + //$object->facebook = trim(GETPOST("facebook", 'alpha')); + //$object->linkedin = trim(GETPOST("linkedin", 'alpha')); + $object->birth = $birthdate; $object->default_lang = GETPOST('default_lang', 'alpha'); - $object->typeid = GETPOST("typeid", 'int'); - //$object->note = trim(GETPOST("comment","alpha")); - $object->morphy = GETPOST("morphy", 'alpha'); + $object->typeid = GETPOST("typeid", 'int'); + //$object->note = trim(GETPOST("comment","alpha")); + $object->morphy = GETPOST("morphy", 'alpha'); if (GETPOST('deletephoto', 'alpha')) { $object->photo = ''; @@ -330,8 +330,8 @@ if (empty($reshook)) { } // Get status and public property - $object->statut = GETPOST("statut", 'alpha'); - $object->public = GETPOST("public", 'alpha'); + $object->statut = GETPOST("statut", 'alpha'); + $object->public = GETPOST("public", 'alpha'); // Fill array 'array_options' with data from add form $ret = $extrafields->setOptionalsFromPost(null, $object, '@GETPOSTISSET'); @@ -454,7 +454,7 @@ if (empty($reshook)) { // $facebook=GETPOST("member_facebook", 'alpha'); // $linkedin=GETPOST("member_linkedin", 'alpha'); $email = preg_replace('/\s+/', '', GETPOST("member_email", 'alpha')); - $url = trim(GETPOST('url', 'custom', 0, FILTER_SANITIZE_URL)); + $url = trim(GETPOST('url', 'custom', 0, FILTER_SANITIZE_URL)); $login = GETPOST("member_login", 'alphanohtml'); $pass = GETPOST("password", 'none'); // For password, we use 'none' $photo = GETPOST("photo", 'alphanohtml'); @@ -1524,7 +1524,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if (!empty($labeltouse) && is_object($arraydefaultmessage) && $arraydefaultmessage->id > 0) { $subject = $arraydefaultmessage->topic; - $msg = $arraydefaultmessage->content; + $msg = $arraydefaultmessage->content; } $substitutionarray = getCommonSubstitutionArray($outputlangs, 0, null, $object); @@ -1533,10 +1533,10 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { $texttosend = make_substitutions(dol_concatdesc($msg, $adht->getMailOnValid()), $substitutionarray, $outputlangs); $tmp = $langs->trans("SendingAnEMailToMember"); - $tmp .= '
'.$langs->trans("MailFrom").': '.$conf->global->ADHERENT_MAIL_FROM.', '; + $tmp .= '
'.$langs->trans("MailFrom").': '.getDolGlobalString('ADHERENT_MAIL_FROM').', '; $tmp .= '
'.$langs->trans("MailRecipient").': '.$object->email.''; $helpcontent = ''; - $helpcontent .= ''.$langs->trans("MailFrom").': '.$conf->global->ADHERENT_MAIL_FROM.'
'."\n"; + $helpcontent .= ''.$langs->trans("MailFrom").': '.getDolGlobalString('ADHERENT_MAIL_FROM').'
'."\n"; $helpcontent .= ''.$langs->trans("MailRecipient").': '.$object->email.'
'."\n"; $helpcontent .= ''.$langs->trans("Subject").':
'."\n"; $helpcontent .= $subjecttosend."\n"; @@ -1596,10 +1596,10 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { $texttosend = make_substitutions(dol_concatdesc($msg, $adht->getMailOnResiliate()), $substitutionarray, $outputlangs); $tmp = $langs->trans("SendingAnEMailToMember"); - $tmp .= '
('.$langs->trans("MailFrom").': '.$conf->global->ADHERENT_MAIL_FROM.', '; + $tmp .= '
('.$langs->trans("MailFrom").': '.getDolGlobalString('ADHERENT_MAIL_FROM').', '; $tmp .= $langs->trans("MailRecipient").': '.$object->email.')'; $helpcontent = ''; - $helpcontent .= ''.$langs->trans("MailFrom").': '.$conf->global->ADHERENT_MAIL_FROM.'
'."\n"; + $helpcontent .= ''.$langs->trans("MailFrom").': '.getDolGlobalString('ADHERENT_MAIL_FROM').'
'."\n"; $helpcontent .= ''.$langs->trans("MailRecipient").': '.$object->email.'
'."\n"; $helpcontent .= ''.$langs->trans("Subject").':
'."\n"; $helpcontent .= $subjecttosend."\n"; @@ -1656,10 +1656,10 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { $texttosend = make_substitutions(dol_concatdesc($msg, $adht->getMailOnExclude()), $substitutionarray, $outputlangs); $tmp = $langs->trans("SendingAnEMailToMember"); - $tmp .= '
('.$langs->trans("MailFrom").': '.$conf->global->ADHERENT_MAIL_FROM.', '; + $tmp .= '
('.$langs->trans("MailFrom").': '.getDolGlobalString('ADHERENT_MAIL_FROM').', '; $tmp .= $langs->trans("MailRecipient").': '.$object->email.')'; $helpcontent = ''; - $helpcontent .= ''.$langs->trans("MailFrom").': '.$conf->global->ADHERENT_MAIL_FROM.'
'."\n"; + $helpcontent .= ''.$langs->trans("MailFrom").': '.getDolGlobalString('ADHERENT_MAIL_FROM').'
'."\n"; $helpcontent .= ''.$langs->trans("MailRecipient").': '.$object->email.'
'."\n"; $helpcontent .= ''.$langs->trans("Subject").':
'."\n"; $helpcontent .= $subjecttosend."\n"; diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 4c68b3e91ec..ad3de63930a 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -425,8 +425,8 @@ class Adherent extends CommonObject // Envoi mail confirmation $from = $conf->email_from; - if (!empty($conf->global->ADHERENT_MAIL_FROM)) { - $from = $conf->global->ADHERENT_MAIL_FROM; + if (!empty(getDolGlobalString('ADHERENT_MAIL_FROM'))) { + $from = getDolGlobalString('ADHERENT_MAIL_FROM'); } $trackid = 'mem'.$this->id; @@ -3015,7 +3015,7 @@ class Adherent extends CommonObject $subject = make_substitutions($arraydefaultmessage->topic, $substitutionarray, $outputlangs); $msg = make_substitutions($arraydefaultmessage->content, $substitutionarray, $outputlangs); - $from = $conf->global->ADHERENT_MAIL_FROM; + $from = getDolGlobalString('ADHERENT_MAIL_FROM'); $to = $adherent->email; $trackid = 'mem'.$adherent->id; diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index 93b57a630e1..aa505691fda 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -1142,7 +1142,7 @@ if ($rowid > 0) { $tmp = 'global->ADHERENT_DEFAULT_SENDINFOBYMAIL) ? ' checked' : '')).'>'; $helpcontent = ''; - $helpcontent .= ''.$langs->trans("MailFrom").': '.$conf->global->ADHERENT_MAIL_FROM.'
'."\n"; + $helpcontent .= ''.$langs->trans("MailFrom").': '.getDolGlobalString('ADHERENT_MAIL_FROM').'
'."\n"; $helpcontent .= ''.$langs->trans("MailRecipient").': '.$object->email.'
'."\n"; $helpcontent .= ''.$langs->trans("MailTopic").':
'."\n"; if ($subjecttosend) { diff --git a/htdocs/public/members/new.php b/htdocs/public/members/new.php index 5f5e560c87d..562000c0651 100644 --- a/htdocs/public/members/new.php +++ b/htdocs/public/members/new.php @@ -404,7 +404,7 @@ if (empty($reshook) && $action == 'add') { } $to = $adh->makeSubstitution($conf->global->MAIN_INFO_SOCIETE_MAIL); - $from = $conf->global->ADHERENT_MAIL_FROM; + $from = getDolGlobalString('ADHERENT_MAIL_FROM'); $mailfile = new CMailFile( '['.$appli.'] '.$conf->global->ADHERENT_AUTOREGISTER_NOTIF_MAIL_SUBJECT, $to, From 0c78b779897d9ebaa46aed55434e05b8934b204d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 20 Dec 2022 18:05:07 +0100 Subject: [PATCH 2/8] fix warnings --- htdocs/adherents/card.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index b70274c10cc..784982866af 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -659,7 +659,7 @@ if (empty($reshook)) { $outputlangs->loadLangs(array("main", "members", "companies", "install", "other")); // Get email content from template $arraydefaultmessage = null; - $labeltouse = $conf->global->ADHERENT_EMAIL_TEMPLATE_MEMBER_VALIDATION; + $labeltouse = getDolGlobalString('ADHERENT_EMAIL_TEMPLATE_MEMBER_VALIDATION'); if (!empty($labeltouse)) { $arraydefaultmessage = $formmail->getEMailTemplate($db, 'member', $user, $outputlangs, 0, 1, $labeltouse); @@ -731,7 +731,7 @@ if (empty($reshook)) { $outputlangs->loadLangs(array("main", "members", "companies", "install", "other")); // Get email content from template $arraydefaultmessage = null; - $labeltouse = $conf->global->ADHERENT_EMAIL_TEMPLATE_CANCELATION; + $labeltouse = getDolGlobalString('ADHERENT_EMAIL_TEMPLATE_CANCELATION'); if (!empty($labeltouse)) { $arraydefaultmessage = $formmail->getEMailTemplate($db, 'member', $user, $outputlangs, 0, 1, $labeltouse); @@ -802,7 +802,7 @@ if (empty($reshook)) { $outputlangs->loadLangs(array("main", "members", "companies", "install", "other")); // Get email content from template $arraydefaultmessage = null; - $labeltouse = $conf->global->ADHERENT_EMAIL_TEMPLATE_EXCLUSION; + $labeltouse = getDolGlobalString('ADHERENT_EMAIL_TEMPLATE_EXCLUSION'); if (!empty($labeltouse)) { $arraydefaultmessage = $formmail->getEMailTemplate($db, 'member', $user, $outputlangs, 0, 1, $labeltouse); @@ -1639,7 +1639,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { $outputlangs->loadLangs(array("main", "members")); // Get email content from template $arraydefaultmessage = null; - $labeltouse = $conf->global->ADHERENT_EMAIL_TEMPLATE_EXCLUSION; + $labeltouse = getDolGlobalString('ADHERENT_EMAIL_TEMPLATE_EXCLUSION'); if (!empty($labeltouse)) { $arraydefaultmessage = $formmail->getEMailTemplate($db, 'member', $user, $outputlangs, 0, 1, $labeltouse); From 5a5794b64a5be9dc7a6c3d537d2c2c6010bb1a30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 20 Dec 2022 18:22:10 +0100 Subject: [PATCH 3/8] fix warnings --- htdocs/admin/system/security.php | 35 +++++++++++++++----------------- htdocs/takepos/css/pos.css.php | 4 ++-- 2 files changed, 18 insertions(+), 21 deletions(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index f8f47baebf9..1d633d01f6e 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -487,7 +487,7 @@ if (empty($conf->api->enabled) && empty($conf->webservices->enabled)) { print '
'; } if (!empty($conf->api->enabled)) { - print 'API_ENDPOINT_RULES = '.(empty($conf->global->API_ENDPOINT_RULES) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Example").': login:0,users:0,setup:1,status:1,tickets:1,...)' : $conf->global->API_ENDPOINT_RULES)."
\n"; + print 'API_ENDPOINT_RULES = '.getDolGlobalString('API_ENDPOINT_RULES', ''.$langs->trans("Undefined").'   ('.$langs->trans("Example").': login:0,users:0,setup:1,status:1,tickets:1,...)')."
\n"; print '
'; } } @@ -501,19 +501,19 @@ print '
'; print load_fiche_titre($langs->trans("OtherSetup"), '', 'folder'); -print 'MAIN_ALLOW_SVG_FILES_AS_IMAGES = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES).'   ('.$langs->trans("Recommended").': 0)
'; +print 'MAIN_ALLOW_SVG_FILES_AS_IMAGES = '.getDolGlobalString('MAIN_ALLOW_SVG_FILES_AS_IMAGES', '0').'   ('.$langs->trans("Recommended").': 0)
'; print '
'; -print 'MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE = '.(empty($conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE).'   ('.$langs->trans("Recommended").': 1)
'; +print 'MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE = '.getDolGlobalString('MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE', ''.$langs->trans("Undefined").'').'   ('.$langs->trans("Recommended").': 1)
'; print '
'; //print ''.$langs->trans("PasswordEncryption").': '; -print 'MAIN_SECURITY_HASH_ALGO = '.(empty($conf->global->MAIN_SECURITY_HASH_ALGO) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_HASH_ALGO)."   "; +print 'MAIN_SECURITY_HASH_ALGO = '.getDolGlobalString('MAIN_SECURITY_HASH_ALGO', ''.$langs->trans("Undefined").'')."   "; if (empty($conf->global->MAIN_SECURITY_HASH_ALGO)) { print '     If unset: \'md5\''; } if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') { - print '
MAIN_SECURITY_SALT = '.(empty($conf->global->MAIN_SECURITY_SALT) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_SALT).'
'; + print '
MAIN_SECURITY_SALT = '.getDolGlobalString('MAIN_SECURITY_SALT', ''.$langs->trans("Undefined").'').'
'; } else { print '('.$langs->trans("Recommended").': password_hash)'; print '
'; @@ -528,10 +528,10 @@ if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') { } print '
'; -print 'MAIN_SECURITY_ANTI_SSRF_SERVER_IP = '.(empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': List of static IPs of server separated with coma - '.$langs->trans("Note").': common loopback ip like 127.*.*.*, [::1] are already added)' : $conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP)."
"; +print 'MAIN_SECURITY_ANTI_SSRF_SERVER_IP = '.getDolGlobalString('MAIN_SECURITY_ANTI_SSRF_SERVER_IP', ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': List of static IPs of server separated with coma - '.$langs->trans("Note").': common loopback ip like 127.*.*.*, [::1] are already added)')."
"; print '
'; -print 'MAIN_SECURITY_CSRF_WITH_TOKEN = '.(empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN).'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 2)'."
"; +print 'MAIN_SECURITY_CSRF_WITH_TOKEN = '.getDolGlobalString('MAIN_SECURITY_CSRF_WITH_TOKEN', ''.$langs->trans("Undefined").'').'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 2)'."
"; print '
'; print '
'; @@ -559,31 +559,31 @@ if ($execmethod == 2) { print '
'; print '
'; -print 'MAIN_RESTRICTHTML_ONLY_VALID_HTML = '.(empty($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': 1)' : $conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML)."
"; +print 'MAIN_RESTRICTHTML_ONLY_VALID_HTML = '.getDolGlobalString('MAIN_RESTRICTHTML_ONLY_VALID_HTML', ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': 1)')."
"; print '
'; -print 'MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = '.(empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': 1)' : $conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)."
"; +print 'MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = '.getDolGlobalString('MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES', ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': 1)')."
"; print '
'; -print 'MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL = '.(empty($conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)' : $conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL)."
"; +print 'MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL = '.getDolGlobalString('MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL', ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)')."
"; print '
'; -print 'MAIN_SECURITY_FORCECSP = '.(empty($conf->global->MAIN_SECURITY_FORCECSP) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_FORCECSP).'   ('.$langs->trans("Example").": \"frame-ancestors 'self'; default-src 'self'; img-src *;\")
"; +print 'MAIN_SECURITY_FORCECSP = '.getDolGlobalString('MAIN_SECURITY_FORCECSP', ''.$langs->trans("Undefined").'').'   ('.$langs->trans("Example").": \"frame-ancestors 'self'; default-src 'self'; img-src *;\")
"; print '
'; -print 'MAIN_SECURITY_FORCERP = '.(empty($conf->global->MAIN_SECURITY_FORCERP) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_FORCERP).'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"same-origin\" so browser doesn't send any referrer when going into another web site domain)
"; +print 'MAIN_SECURITY_FORCERP = '.getDolGlobalString('MAIN_SECURITY_FORCERP', ''.$langs->trans("Undefined").'').'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"same-origin\" so browser doesn't send any referrer when going into another web site domain)
"; print '
'; -print 'WEBSITE_MAIN_SECURITY_FORCECSP = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCECSP) ? ''.$langs->trans("Undefined").'' : $conf->global->WEBSITE_MAIN_SECURITY_FORCECSP).'   ('.$langs->trans("Example").": \"frame-ancestors 'self'; default-src 'self'; style-src https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src *;\")
"; +print 'WEBSITE_MAIN_SECURITY_FORCECSP = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCECSP', ''.$langs->trans("Undefined").'').'   ('.$langs->trans("Example").": \"frame-ancestors 'self'; default-src 'self'; style-src https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src *;\")
"; print '
'; -print 'WEBSITE_MAIN_SECURITY_FORCERP = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCERP) ? ''.$langs->trans("Undefined").'' : $conf->global->WEBSITE_MAIN_SECURITY_FORCERP).'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"strict-origin-when-cross-origin\")
"; +print 'WEBSITE_MAIN_SECURITY_FORCERP = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCERP', ''.$langs->trans("Undefined").'').'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"strict-origin-when-cross-origin\")
"; print '
'; -print 'WEBSITE_MAIN_SECURITY_FORCESTS = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCESTS) ? ''.$langs->trans("Undefined").'' : $conf->global->WEBSITE_MAIN_SECURITY_FORCESTS).'   ('.$langs->trans("Example").": \"max-age=31536000; includeSubDomains\")
"; +print 'WEBSITE_MAIN_SECURITY_FORCESTS = '.getDolGlobalString('>WEBSITE_MAIN_SECURITY_FORCESTS', ''.$langs->trans("Undefined").'').'   ('.$langs->trans("Example").": \"max-age=31536000; includeSubDomains\")
"; print '
'; -print 'WEBSITE_MAIN_SECURITY_FORCEPP = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCEPP) ? ''.$langs->trans("Undefined").'' : $conf->global->WEBSITE_MAIN_SECURITY_FORCEPP).'   ('.$langs->trans("Example").": \"camera: 'none'; microphone: 'none';\")
"; +print 'WEBSITE_MAIN_SECURITY_FORCEPP = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCEPP', ''.$langs->trans("Undefined").'').'   ('.$langs->trans("Example").": \"camera: 'none'; microphone: 'none';\")
"; print '
'; print '
'; @@ -605,9 +605,6 @@ $urlexamplebase = 'https://github.com/Dolibarr/dolibarr/blob/develop/dev/setup/a print '- You can also protect the application using a HTTP Basic authentication layer (see apache2 virtualhost example on GitHub)
'; - - - // End of page llxFooter(); $db->close(); diff --git a/htdocs/takepos/css/pos.css.php b/htdocs/takepos/css/pos.css.php index 921ec1bea40..b1aa9b29804 100644 --- a/htdocs/takepos/css/pos.css.php +++ b/htdocs/takepos/css/pos.css.php @@ -342,9 +342,9 @@ div.paymentbordline ?> overflow-x: hidden; overfloy-y: scroll; - + ?> overflow: visible; Date: Tue, 20 Dec 2022 17:27:12 +0000 Subject: [PATCH 4/8] Fixing style errors. --- htdocs/takepos/css/pos.css.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/takepos/css/pos.css.php b/htdocs/takepos/css/pos.css.php index b1aa9b29804..5a773fc3347 100644 --- a/htdocs/takepos/css/pos.css.php +++ b/htdocs/takepos/css/pos.css.php @@ -342,7 +342,7 @@ div.paymentbordline ?> overflow-x: hidden; overfloy-y: scroll; - overflow: visible; From 172aa02eff8efcdc06db6c80aefab42cb0abfa11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 20 Dec 2022 18:30:53 +0100 Subject: [PATCH 5/8] fix typo in url --- htdocs/admin/system/security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index 1d633d01f6e..f2f60af751f 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -598,7 +598,7 @@ print ''; print '
'; $urlexamplebase = 'https://github.com/Dolibarr/dolibarr/blob/develop/dev/setup/fail2ban/filter.d/'; print '- Login process (see fail2ban example on GitHub)
'; -print '- '.DOL_URL_ROOT.'/passwordforgotten.php (see fail2ban example on GitHub)
'; +print '- '.DOL_URL_ROOT.'/passwordforgotten.php (see fail2ban example on GitHub)
'; print '- '.DOL_URL_ROOT.'/public/* (see fail2ban example on GitHub)
'; print '
'; $urlexamplebase = 'https://github.com/Dolibarr/dolibarr/blob/develop/dev/setup/apache/'; From 3680f20465624c9fa4d70dd22d1f7ad976341fdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 21 Dec 2022 08:41:19 +0100 Subject: [PATCH 6/8] use user->hasRight --- .../actions_adherentcard_default.class.php | 2 +- .../default/tpl/adherentcard_view.tpl.php | 4 ++-- htdocs/adherents/class/api_members.class.php | 16 ++++++++-------- .../adherents/class/api_memberstypes.class.php | 10 +++++----- .../class/api_subscriptions.class.php | 8 ++++---- htdocs/adherents/htpasswd.php | 2 +- htdocs/adherents/subscription.php | 6 +++--- htdocs/adherents/subscription/card.php | 18 +++++++++--------- htdocs/adherents/subscription/info.php | 2 +- htdocs/adherents/subscription/list.php | 4 ++-- htdocs/adherents/tpl/linkedobjectblock.tpl.php | 2 +- htdocs/adherents/type.php | 8 ++++---- htdocs/adherents/type_translation.php | 6 +++--- htdocs/adherents/vcard.php | 10 +++++----- 14 files changed, 49 insertions(+), 49 deletions(-) diff --git a/htdocs/adherents/canvas/default/actions_adherentcard_default.class.php b/htdocs/adherents/canvas/default/actions_adherentcard_default.class.php index c79143ab345..18b778fc346 100644 --- a/htdocs/adherents/canvas/default/actions_adherentcard_default.class.php +++ b/htdocs/adherents/canvas/default/actions_adherentcard_default.class.php @@ -112,7 +112,7 @@ class ActionsAdherentCardDefault extends ActionsAdherentCardCommon $this->tpl['actionsdone'] = show_actions_done($conf, $langs, $db, $objsoc, $this->object, 1); } else { // Confirm delete contact - if ($action == 'delete' && $user->rights->adherent->supprimer) { + if ($action == 'delete' && $user->hasRight('adherent', 'supprimer')) { $this->tpl['action_delete'] = $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$this->object->id, $langs->trans("DeleteAdherent"), $langs->trans("ConfirmDeleteAdherent"), "confirm_delete", '', 0, 1); } } diff --git a/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php b/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php index 14da758457f..a3b3789d492 100644 --- a/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php +++ b/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php @@ -132,8 +132,8 @@ if (empty($user->socid)) { echo ''.$langs->trans("CreateDolibarrLogin").''; } - if ($user->rights->adherent->supprimer) { - print dolGetButtonAction($langs->trans("Delete"), '', 'delete', $_SERVER["PHP_SELF"].'?id='.$this->control->tpl['id'].'&action=delete&token='.newToken().'&canvas='.$canvas, 'delete', $user->rights->adherent->supprimer); + if ($user->hasRight('adherent', 'supprimer')) { + print dolGetButtonAction($langs->trans("Delete"), '', 'delete', $_SERVER["PHP_SELF"].'?id='.$this->control->tpl['id'].'&action=delete&token='.newToken().'&canvas='.$canvas, 'delete', $user->hasRight('adherent', 'supprimer')); } echo '
'; diff --git a/htdocs/adherents/class/api_members.class.php b/htdocs/adherents/class/api_members.class.php index 51ef1153a57..1e1f8db1bbf 100644 --- a/htdocs/adherents/class/api_members.class.php +++ b/htdocs/adherents/class/api_members.class.php @@ -62,7 +62,7 @@ class Members extends DolibarrApi */ public function get($id) { - if (!DolibarrApiAccess::$user->rights->adherent->lire) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) { throw new RestException(401); } @@ -99,7 +99,7 @@ class Members extends DolibarrApi */ public function getByThirdparty($thirdparty) { - if (!DolibarrApiAccess::$user->rights->adherent->lire) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) { throw new RestException(401); } @@ -132,7 +132,7 @@ class Members extends DolibarrApi */ public function getByThirdpartyEmail($email) { - if (!DolibarrApiAccess::$user->rights->adherent->lire) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) { throw new RestException(401); } @@ -171,7 +171,7 @@ class Members extends DolibarrApi */ public function getByThirdpartyBarcode($barcode) { - if (!DolibarrApiAccess::$user->rights->adherent->lire) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) { throw new RestException(401); } @@ -217,7 +217,7 @@ class Members extends DolibarrApi $obj_ret = array(); - if (!DolibarrApiAccess::$user->rights->adherent->lire) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) { throw new RestException(401); } @@ -370,7 +370,7 @@ class Members extends DolibarrApi */ public function delete($id) { - if (!DolibarrApiAccess::$user->rights->adherent->supprimer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'supprimer')) { throw new RestException(401); } $member = new Adherent($this->db); @@ -464,7 +464,7 @@ class Members extends DolibarrApi { $obj_ret = array(); - if (!DolibarrApiAccess::$user->rights->adherent->cotisation->lire) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'cotisation', 'lire')) { throw new RestException(401); } @@ -495,7 +495,7 @@ class Members extends DolibarrApi */ public function createSubscription($id, $start_date, $end_date, $amount, $label = '') { - if (!DolibarrApiAccess::$user->rights->adherent->cotisation->creer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'cotisation', 'creer')) { throw new RestException(401); } diff --git a/htdocs/adherents/class/api_memberstypes.class.php b/htdocs/adherents/class/api_memberstypes.class.php index 95c514bfedf..e7c039d1038 100644 --- a/htdocs/adherents/class/api_memberstypes.class.php +++ b/htdocs/adherents/class/api_memberstypes.class.php @@ -55,7 +55,7 @@ class MembersTypes extends DolibarrApi */ public function get($id) { - if (!DolibarrApiAccess::$user->rights->adherent->lire) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) { throw new RestException(401); } @@ -92,7 +92,7 @@ class MembersTypes extends DolibarrApi $obj_ret = array(); - if (!DolibarrApiAccess::$user->rights->adherent->lire) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) { throw new RestException(401); } @@ -151,7 +151,7 @@ class MembersTypes extends DolibarrApi */ public function post($request_data = null) { - if (!DolibarrApiAccess::$user->rights->adherent->configurer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'configurer')) { throw new RestException(401); } // Check mandatory fields @@ -176,7 +176,7 @@ class MembersTypes extends DolibarrApi */ public function put($id, $request_data = null) { - if (!DolibarrApiAccess::$user->rights->adherent->configurer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'configurer')) { throw new RestException(401); } @@ -216,7 +216,7 @@ class MembersTypes extends DolibarrApi */ public function delete($id) { - if (!DolibarrApiAccess::$user->rights->adherent->configurer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'configurer')) { throw new RestException(401); } $membertype = new AdherentType($this->db); diff --git a/htdocs/adherents/class/api_subscriptions.class.php b/htdocs/adherents/class/api_subscriptions.class.php index 67484a723fd..dd01ca94027 100644 --- a/htdocs/adherents/class/api_subscriptions.class.php +++ b/htdocs/adherents/class/api_subscriptions.class.php @@ -58,7 +58,7 @@ class Subscriptions extends DolibarrApi */ public function get($id) { - if (!DolibarrApiAccess::$user->rights->adherent->cotisation->lire) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'cotisation', 'lire')) { throw new RestException(401); } @@ -91,7 +91,7 @@ class Subscriptions extends DolibarrApi $obj_ret = array(); - if (!DolibarrApiAccess::$user->rights->adherent->cotisation->lire) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'cotisation', 'lire')) { throw new RestException(401); } @@ -148,7 +148,7 @@ class Subscriptions extends DolibarrApi */ public function post($request_data = null) { - if (!DolibarrApiAccess::$user->rights->adherent->cotisation->creer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'cotisation', 'creer')) { throw new RestException(401); } // Check mandatory fields @@ -206,7 +206,7 @@ class Subscriptions extends DolibarrApi public function delete($id) { // The right to delete a subscription comes with the right to create one. - if (!DolibarrApiAccess::$user->rights->adherent->cotisation->creer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'cotisation', 'creer')) { throw new RestException(401); } $subscription = new Subscription($this->db); diff --git a/htdocs/adherents/htpasswd.php b/htdocs/adherents/htpasswd.php index a97a0a74d28..a36f8092add 100644 --- a/htdocs/adherents/htpasswd.php +++ b/htdocs/adherents/htpasswd.php @@ -37,7 +37,7 @@ $sortorder = GETPOST('sortorder', 'aZ09'); if (!isModEnabled('adherent')) { accessforbidden(); } -if (empty($user->rights->adherent->export)) { +if (!$user->hasRight('adherent', 'export')) { accessforbidden(); } diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index aa505691fda..154a1bffd1f 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -201,7 +201,7 @@ if (empty($reshook) && $action == 'setsocid') { } } -if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !$cancel) { +if ($user->hasRight('adherent', 'cotisation', 'creer') && $action == 'subscription' && !$cancel) { $error = 0; $langs->load("banks"); @@ -674,7 +674,7 @@ if ($rowid > 0) { */ // Button to create a new subscription if member no draft (-1) neither resiliated (0) neither excluded (-2) - if ($user->rights->adherent->cotisation->creer) { + if ($user->hasRight('adherent', 'cotisation', 'creer')) { if ($action != 'addsubscription' && $action != 'create_thirdparty') { print '
'; @@ -814,7 +814,7 @@ if ($rowid > 0) { /* * Add new subscription form */ - if (($action == 'addsubscription' || $action == 'create_thirdparty') && $user->rights->adherent->cotisation->creer) { + if (($action == 'addsubscription' || $action == 'create_thirdparty') && $user->hasRight('adherent', 'cotisation', 'creer')) { print '
'; print load_fiche_titre($langs->trans("NewCotisation")); diff --git a/htdocs/adherents/subscription/card.php b/htdocs/adherents/subscription/card.php index 83f1a01441c..15b33d0018a 100644 --- a/htdocs/adherents/subscription/card.php +++ b/htdocs/adherents/subscription/card.php @@ -49,13 +49,13 @@ $note = GETPOST('note', 'alpha'); $typeid = (int) GETPOST('typeid', 'int'); $amount = price2num(GETPOST('amount', 'alpha'), 'MT'); -if (empty($user->rights->adherent->cotisation->lire)) { +if (!$user->hasRight('adherent', 'cotisation', 'lire')) { accessforbidden(); } -$permissionnote = $user->rights->adherent->cotisation->creer; // Used by the include of actions_setnotes.inc.php -$permissiondellink = $user->rights->adherent->cotisation->creer; // Used by the include of actions_dellink.inc.php -$permissiontoedit = $user->rights->adherent->cotisation->creer; // Used by the include of actions_lineupdonw.inc.php +$permissionnote = $user->hasRight('adherent', 'cotisation', 'creer'); // Used by the include of actions_setnotes.inc.php +$permissiondellink = $user->hasRight('adherent', 'cotisation', 'creer'); // Used by the include of actions_dellink.inc.php +$permissiontoedit = $user->hasRight('adherent', 'cotisation', 'creer'); // Used by the include of actions_lineupdonw.inc.php $hookmanager->initHooks(array('subscriptioncard', 'globalcard')); @@ -78,7 +78,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_dellink.inc.php'; // Must be include, n //include DOL_DOCUMENT_ROOT.'/core/actions_lineupdown.inc.php'; // Must be include, not include_once -if ($user->rights->adherent->cotisation->creer && $action == 'update' && !$cancel) { +if ($user->hasRight('adherent', 'cotisation', 'creer') && $action == 'update' && !$cancel) { // Load current object $result = $object->fetch($rowid); if ($result > 0) { @@ -140,7 +140,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'update' && !$cance } } -if ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->adherent->cotisation->creer) { +if ($action == 'confirm_delete' && $confirm == 'yes' && $user->hasRight('adherent', 'cotisation', 'creer')) { $result = $object->fetch($rowid); $result = $object->delete($user); if ($result > 0) { @@ -166,7 +166,7 @@ llxHeader('', $langs->trans("SubscriptionCard"), $help_url); dol_htmloutput_errors($errmsg); -if ($user->rights->adherent->cotisation->creer && $action == 'edit') { +if ($user->hasRight('adherent', 'cotisation', 'creer') && $action == 'edit') { /******************************************** * * Subscription card in edit mode @@ -350,7 +350,7 @@ if ($rowid && $action != 'edit') { */ print '
'; - if ($user->rights->adherent->cotisation->creer) { + if ($user->hasRight('adherent', 'cotisation', 'creer')) { if (!empty($bankline->rappro)) { print '
'.$langs->trans("Modify")."
"; } else { @@ -359,7 +359,7 @@ if ($rowid && $action != 'edit') { } // Delete - if ($user->rights->adherent->cotisation->creer) { + if ($user->hasRight('adherent', 'cotisation', 'creer')) { print '
'.$langs->trans("Delete")."
\n"; } diff --git a/htdocs/adherents/subscription/info.php b/htdocs/adherents/subscription/info.php index 5faf1d31760..14afbafca50 100644 --- a/htdocs/adherents/subscription/info.php +++ b/htdocs/adherents/subscription/info.php @@ -32,7 +32,7 @@ require_once DOL_DOCUMENT_ROOT.'/adherents/class/subscription.class.php'; // Load translation files required by the page $langs->loadLangs(array("companies", "members", "bills", "users")); -if (empty($user->rights->adherent->lire)) { +if (!$user->hasRight('adherent', 'lire')) { accessforbidden(); } diff --git a/htdocs/adherents/subscription/list.php b/htdocs/adherents/subscription/list.php index 1523bd4ee90..a3d2bda0ba4 100644 --- a/htdocs/adherents/subscription/list.php +++ b/htdocs/adherents/subscription/list.php @@ -291,14 +291,14 @@ $arrayofmassactions = array( //'presend'=>img_picto('', 'email', 'class="pictofixedwidth"').$langs->trans("SendByMail"), //'builddoc'=>img_picto('', 'pdf', 'class="pictofixedwidth"').$langs->trans("PDFMerge"), ); -//if ($user->rights->adherent->supprimer) $arrayofmassactions['predelete'] = img_picto('', 'delete', 'class="pictofixedwidth"').$langs->trans("Delete"); +//if ($user->hasRight('adherent', 'supprimer')) $arrayofmassactions['predelete'] = img_picto('', 'delete', 'class="pictofixedwidth"').$langs->trans("Delete"); if (in_array($massaction, array('presend', 'predelete'))) { $arrayofmassactions = array(); } $massactionbutton = $form->selectMassAction('', $arrayofmassactions); $newcardbutton = ''; -if ($user->rights->adherent->cotisation->creer) { +if ($user->hasRight('adherent', 'cotisation', 'creer')) { $newcardbutton .= dolGetButtonTitle($langs->trans('NewSubscription'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/adherents/list.php?status=-1,1'); } diff --git a/htdocs/adherents/tpl/linkedobjectblock.tpl.php b/htdocs/adherents/tpl/linkedobjectblock.tpl.php index 5928b706a8e..d4efa349202 100644 --- a/htdocs/adherents/tpl/linkedobjectblock.tpl.php +++ b/htdocs/adherents/tpl/linkedobjectblock.tpl.php @@ -39,7 +39,7 @@ foreach ($linkedObjectBlock as $key => $objectlink) { echo ''; echo ''.dol_print_date($objectlink->dateh, 'day').''; echo ''; - if ($user->rights->adherent->lire) { + if ($user->hasRight('adherent', 'lire')) { $total = $total + $objectlink->amount; echo price($objectlink->amount); } diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index 962624db428..ea95b7eef1a 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -171,7 +171,7 @@ if ($action == 'add' && $user->hasRight('adherent', 'configurer')) { } } -if ($action == 'update' && $user->rights->adherent->configurer) { +if ($action == 'update' && $user->hasRight('adherent', 'configurer')) { $object->fetch($rowid); $object->oldcopy = dol_clone($object); @@ -207,7 +207,7 @@ if ($action == 'update' && $user->rights->adherent->configurer) { exit; } -if ($action == 'confirm_delete' && !empty($user->rights->adherent->configurer)) { +if ($action == 'confirm_delete' && $user->hasRight('adherent', 'configurer')) { $object->fetch($rowid); $res = $object->delete(); @@ -257,7 +257,7 @@ if (!$rowid && $action != 'create' && $action != 'edit') { } $newcardbutton = ''; - if ($user->rights->adherent->configurer) { + if ($user->hasRight('adherent', 'configurer')) { $newcardbutton .= dolGetButtonTitle($langs->trans('NewMemberType'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/adherents/type.php?action=create'); } @@ -323,7 +323,7 @@ if (!$rowid && $action != 'create' && $action != 'edit') { print ''.yn($objp->caneditamount).''; print ''.yn($objp->vote).''; print ''.$membertype->getLibStatut(5).''; - if ($user->rights->adherent->configurer) { + if ($user->hasRight('adherent', 'configurer')) { print 'rowid.'">'.img_edit().''; } else { print ' '; diff --git a/htdocs/adherents/type_translation.php b/htdocs/adherents/type_translation.php index 9539250cb44..85b346b4225 100644 --- a/htdocs/adherents/type_translation.php +++ b/htdocs/adherents/type_translation.php @@ -71,7 +71,7 @@ if ($action == 'delete' && GETPOST('langtodelete', 'alpha')) { } // Add translation -if ($action == 'vadd' && $cancel != $langs->trans("Cancel") && $user->rights->adherent->configurer) { +if ($action == 'vadd' && $cancel != $langs->trans("Cancel") && $user->hasRight('adherent', 'configurer')) { $object = new AdherentType($db); $object->fetch($id); $current_lang = $langs->getDefaultLang(); @@ -99,7 +99,7 @@ if ($action == 'vadd' && $cancel != $langs->trans("Cancel") && $user->rights->ad } // Edit translation -if ($action == 'vedit' && $cancel != $langs->trans("Cancel") && $user->rights->adherent->configurer) { +if ($action == 'vedit' && $cancel != $langs->trans("Cancel") && $user->hasRight('adherent', 'configurer')) { $object = new AdherentType($db); $object->fetch($id); $current_lang = $langs->getDefaultLang(); @@ -125,7 +125,7 @@ if ($action == 'vedit' && $cancel != $langs->trans("Cancel") && $user->rights->a } // Delete translation -if ($action == 'vdelete' && $cancel != $langs->trans("Cancel") && $user->rights->adherent->configurer) { +if ($action == 'vdelete' && $cancel != $langs->trans("Cancel") && $user->hasRight('adherent', 'configurer')) { $object = new AdherentType($db); $object->fetch($id); $langtodelete = GETPOST('langdel', 'alpha'); diff --git a/htdocs/adherents/vcard.php b/htdocs/adherents/vcard.php index 1b5a0e5d0fe..9f6c5adcaeb 100644 --- a/htdocs/adherents/vcard.php +++ b/htdocs/adherents/vcard.php @@ -35,7 +35,7 @@ $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alphanohtml'); $object = new adherent($db); - +global $user; // Fetch object if ($id > 0 || !empty($ref)) { // Load member @@ -46,10 +46,10 @@ if ($id > 0 || !empty($ref)) { // Define variables to know what current user can do on properties of user linked to edited member if ($object->user_id) { // $User is the user who edits, $object->user_id is the id of the related user in the edited member - $caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer) - || (($user->id != $object->user_id) && $user->rights->user->user->creer)); - $caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password) - || (($user->id != $object->user_id) && $user->rights->user->user->password)); + $caneditfielduser = ((($user->id == $object->user_id) && $user->hasRight('user', 'self', 'creer')) + || (($user->id != $object->user_id) && $user->hasRight('user', 'user', 'creer'))); + $caneditpassworduser = ((($user->id == $object->user_id) && $user->hasRight('user', 'self', 'password')) + || (($user->id != $object->user_id) && $user->hasRight('user', 'user', 'password'))); } } From 6bb8badfdfb2b035ad8bc2a40a932ef2195aebae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 21 Dec 2022 08:50:13 +0100 Subject: [PATCH 7/8] use user->hasRight --- .../canvas/default/tpl/adherentcard_view.tpl.php | 2 +- htdocs/adherents/card.php | 4 ++-- htdocs/adherents/ldap.php | 6 +++--- htdocs/adherents/list.php | 2 +- htdocs/adherents/partnership.php | 14 +++++++------- htdocs/adherents/subscription.php | 4 ++-- htdocs/adherents/vcard.php | 4 ++-- 7 files changed, 18 insertions(+), 18 deletions(-) diff --git a/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php b/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php index a3b3789d492..1ad9e4ff3d4 100644 --- a/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php +++ b/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php @@ -128,7 +128,7 @@ if (empty($user->socid)) { echo ''.$langs->trans('Modify').''; } - if (!$this->control->tpl['user_id'] && $user->rights->user->user->creer) { + if (!$this->control->tpl['user_id'] && $user->hasRight('user', 'user', 'creer')) { echo ''.$langs->trans("CreateDolibarrLogin").''; } diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 784982866af..273f79b8ac8 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -342,7 +342,7 @@ if (empty($reshook)) { // Check if we need to also synchronize user information $nosyncuser = 0; if ($object->user_id) { // If linked to a user - if ($user->id != $object->user_id && empty($user->rights->user->user->creer)) { + if ($user->id != $object->user_id && !$user->hasRight('user', 'user', 'creer')) { $nosyncuser = 1; // Disable synchronizing } } @@ -350,7 +350,7 @@ if (empty($reshook)) { // Check if we need to also synchronize password information $nosyncuserpass = 0; if ($object->user_id) { // If linked to a user - if ($user->id != $object->user_id && empty($user->rights->user->user->password)) { + if ($user->id != $object->user_id && !$user->hasRight('user', 'user', 'password')) { $nosyncuserpass = 1; // Disable synchronizing } } diff --git a/htdocs/adherents/ldap.php b/htdocs/adherents/ldap.php index 7f09bccb3d3..83b7e5f3764 100644 --- a/htdocs/adherents/ldap.php +++ b/htdocs/adherents/ldap.php @@ -51,14 +51,14 @@ if ($id > 0 || !empty($ref)) { $result = $object->fetch($id, $ref); // Define variables to know what current user can do on users - $canadduser = (!empty($user->admin) || !empty($user->rights->user->user->creer)); + $canadduser = (!empty($user->admin) || $user->hasRight('user', 'user', 'creer')); // Define variables to know what current user can do on properties of user linked to edited member if ($object->user_id) { // $User is the user who edits, $object->user_id is the id of the related user in the edited member $caneditfielduser = ((($user->id == $object->user_id) && !empty($user->rights->user->self->creer)) - || (($user->id != $object->user_id) && !empty($user->rights->user->user->creer))); + || (($user->id != $object->user_id) && $user->hasRight('user', 'user', 'creer'))); $caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password) - || (($user->id != $object->user_id) && !empty($user->rights->user->user->password))); + || (($user->id != $object->user_id) && $user->hasRight('user', 'user', 'password'))); } } diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index c2b81860210..a1d929ec3e9 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -262,7 +262,7 @@ if (empty($reshook)) { } // Create external user - if ($massaction == 'createexternaluser' && $user->hasRight('adherent', 'creer') && $user->rights->user->user->creer) { + if ($massaction == 'createexternaluser' && $user->hasRight('adherent', 'creer') && $user->hasRight('user', 'user', 'creer')) { $tmpmember = new Adherent($db); $error = 0; $nbcreated = 0; diff --git a/htdocs/adherents/partnership.php b/htdocs/adherents/partnership.php index 805a3137226..3664187b34e 100644 --- a/htdocs/adherents/partnership.php +++ b/htdocs/adherents/partnership.php @@ -76,13 +76,13 @@ foreach ($object->fields as $key => $val) { // Load object include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. -$permissiontoread = $user->rights->partnership->read; -$permissiontoadd = $user->rights->partnership->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php -$permissiontodelete = $user->rights->partnership->delete || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT); -$permissionnote = $user->rights->partnership->write; // Used by the include of actions_setnotes.inc.php -$permissiondellink = $user->rights->partnership->write; // Used by the include of actions_dellink.inc.php -$usercanclose = $user->rights->partnership->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php -$upload_dir = $conf->partnership->multidir_output[isset($object->entity) ? $object->entity : 1]; +$permissiontoread = $user->hasRight('partnership', 'read'); +$permissiontoadd = $user->hasRight('partnership', 'write'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php +$permissiontodelete = $user->hasRight('partnership', 'delete') || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT); +$permissionnote = $user->hasRight('partnership', 'write'); // Used by the include of actions_setnotes.inc.php +$permissiondellink = $user->hasRight('partnership', 'write'); // Used by the include of actions_dellink.inc.php +$usercanclose = $user->hasRight('partnership', 'write'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php +$upload_dir = $conf->partnership->multidir_output[isset($object->entity) ? $object->entity : 1]; if (getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR') != 'member') { diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index 154a1bffd1f..8c423d53029 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -151,9 +151,9 @@ if (empty($reshook) && $action == 'confirm_create_thirdparty' && $confirm == 'ye } } -if (empty($reshook) && $action == 'setuserid' && ($user->rights->user->self->creer || $user->rights->user->user->creer)) { +if (empty($reshook) && $action == 'setuserid' && ($user->rights->user->self->creer || $user->hasRight('user', 'user', 'creer'))) { $error = 0; - if (empty($user->rights->user->user->creer)) { // If can edit only itself user, we can link to itself only + if (!$user->hasRight('user', 'user', 'creer')) { // If can edit only itself user, we can link to itself only if (GETPOST("userid", 'int') != $user->id && GETPOST("userid", 'int') != $object->user_id) { $error++; setEventMessages($langs->trans("ErrorUserPermissionAllowsToLinksToItselfOnly"), null, 'errors'); diff --git a/htdocs/adherents/vcard.php b/htdocs/adherents/vcard.php index 9f6c5adcaeb..9f11b5be2bf 100644 --- a/htdocs/adherents/vcard.php +++ b/htdocs/adherents/vcard.php @@ -35,14 +35,14 @@ $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alphanohtml'); $object = new adherent($db); -global $user; + // Fetch object if ($id > 0 || !empty($ref)) { // Load member $result = $object->fetch($id, $ref); // Define variables to know what current user can do on users - $canadduser = ($user->admin || $user->rights->user->user->creer); + $canadduser = ($user->admin || $user->hasRight('user', 'user', 'creer')); // Define variables to know what current user can do on properties of user linked to edited member if ($object->user_id) { // $User is the user who edits, $object->user_id is the id of the related user in the edited member From b1b46556beae7a7da19b99205f6948ab9ad344a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 21 Dec 2022 09:17:07 +0100 Subject: [PATCH 8/8] fix stickler --- htdocs/admin/system/security.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index f2f60af751f..dd21524e7c2 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -574,7 +574,8 @@ print '
'; print 'MAIN_SECURITY_FORCERP = '.getDolGlobalString('MAIN_SECURITY_FORCERP', ''.$langs->trans("Undefined").'').'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"same-origin\" so browser doesn't send any referrer when going into another web site domain)
"; print '
'; -print 'WEBSITE_MAIN_SECURITY_FORCECSP = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCECSP', ''.$langs->trans("Undefined").'').'   ('.$langs->trans("Example").": \"frame-ancestors 'self'; default-src 'self'; style-src https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src *;\")
"; +print 'WEBSITE_MAIN_SECURITY_FORCECSP = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCECSP', ''.$langs->trans("Undefined").''); +print '   ('.$langs->trans("Example").": \"frame-ancestors 'self'; default-src 'self'; style-src https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src *;\")
"; print '
'; print 'WEBSITE_MAIN_SECURITY_FORCERP = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCERP', ''.$langs->trans("Undefined").'').'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"strict-origin-when-cross-origin\")
";