lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into correctstockbatch

Browse Source
This commit is contained in:
Frédéric FRANCE 2022-08-19 20:12:06 +02:00
commit c6a0605940
70 changed files with 728 additions and 678 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/accountancy/admin/accountmodel.php
View File

@ -39,7 +39,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php';
if (!empty($conf->accounting->enabled)) {
if (isModEnabled('accounting')) {
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php';
}
@ -126,7 +126,7 @@ $tabrowid[31] = "";
// Condition to show dictionary in setup page
$tabcond = array();
$tabcond[31] = !empty($conf->accounting->enabled);
$tabcond[31] = isModEnabled('accounting');
// List of help for fields
$tabhelp = array();

4
htdocs/accountancy/admin/categories_list.php
View File

@ -111,7 +111,7 @@ $tabrowid[32] = "";
// Condition to show dictionary in setup page
$tabcond = array();
$tabcond[32] = !empty($conf->accounting->enabled);
$tabcond[32] = isModEnabled('accounting');
// List of help for fields
$tabhelp = array();
@ -875,7 +875,7 @@ function fieldListAccountingCategories($fieldlist, $obj = '', $tabname = '', $co
$formadmin = new FormAdmin($db);
$formcompany = new FormCompany($db);
if (!empty($conf->accounting->enabled)) {
if (isModEnabled('accounting')) {
$formaccounting = new FormAccounting($db);
}

12
htdocs/accountancy/admin/defaultaccounts.php
View File

@ -81,22 +81,22 @@ $list_account[] = '---Others---';
$list_account[] = 'ACCOUNTING_VAT_BUY_ACCOUNT';
$list_account[] = 'ACCOUNTING_VAT_SOLD_ACCOUNT';
$list_account[] = 'ACCOUNTING_VAT_PAY_ACCOUNT';
if (!empty($conf->banque->enabled)) {
if (isModEnabled('banque')) {
$list_account[] = 'ACCOUNTING_ACCOUNT_TRANSFER_CASH';
}
if (!empty($conf->don->enabled)) {
if (isModEnabled('don')) {
$list_account[] = 'DONATION_ACCOUNTINGACCOUNT';
}
if (!empty($conf->adherent->enabled)) {
if (isModEnabled('adherent')) {
$list_account[] = 'ADHERENT_SUBSCRIPTION_ACCOUNTINGACCOUNT';
}
if (!empty($conf->loan->enabled)) {
if (isModEnabled('loan')) {
$list_account[] = 'LOAN_ACCOUNTING_ACCOUNT_CAPITAL';
$list_account[] = 'LOAN_ACCOUNTING_ACCOUNT_INTEREST';
$list_account[] = 'LOAN_ACCOUNTING_ACCOUNT_INSURANCE';
}
$list_account[] = 'ACCOUNTING_ACCOUNT_SUSPENSE';
if (!empty($conf->societe->enabled)) {
if (isModEnabled('societe')) {
$list_account[] = '---Deposits---';
}
@ -266,7 +266,7 @@ print $formaccounting->select_account(getDolGlobalString('ACCOUNTING_ACCOUNT_CUS
print '</td>';
print '</tr>';
if (!empty($conf->societe->enabled) && getDolGlobalString('ACCOUNTING_ACCOUNT_CUSTOMER_DEPOSIT') && getDolGlobalString('ACCOUNTING_ACCOUNT_CUSTOMER_DEPOSIT') != '-1') {
if (isModEnabled('societe') && getDolGlobalString('ACCOUNTING_ACCOUNT_CUSTOMER_DEPOSIT') && getDolGlobalString('ACCOUNTING_ACCOUNT_CUSTOMER_DEPOSIT') != '-1') {
print '<tr class="oddeven">';
print '<td>' . img_picto('', 'bill', 'class="pictofixedwidth"') . $langs->trans("UseAuxiliaryAccountOnCustomerDeposit") . '</td>';
if (getDolGlobalInt('ACCOUNTING_ACCOUNT_CUSTOMER_USE_AUXILIARY_ON_DEPOSIT')) {

2
htdocs/accountancy/admin/journals_list.php
View File

@ -123,7 +123,7 @@ $tabrowid[35] = "";
// Condition to show dictionary in setup page
$tabcond = array();
$tabcond[35] = !empty($conf->accounting->enabled);
$tabcond[35] = isModEnabled('accounting');
// List of help for fields
$tabhelp = array();

2
htdocs/accountancy/bookkeeping/balance.php
View File

@ -142,7 +142,7 @@ if (!empty($search_ledger_code)) {
}
}
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

2
htdocs/accountancy/bookkeeping/card.php
View File

@ -79,7 +79,7 @@ if (!empty($update)) {
$object = new BookKeeping($db);
// Security check
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

2
htdocs/accountancy/bookkeeping/list.php
View File

@ -214,7 +214,7 @@ if (empty($listofformat[$formatexportset])) {
$error = 0;
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

2
htdocs/accountancy/bookkeeping/listbyaccount.php
View File

@ -187,7 +187,7 @@ if ($search_date_end && empty($search_date_endyear)) {
$search_date_endday = $tmparray['mday'];
}
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

2
htdocs/accountancy/class/accountingjournal.class.php
View File

@ -429,7 +429,7 @@ class AccountingJournal extends CommonObject
{
global $conf, $langs;
if (empty($conf->asset->enabled)) {
if (!isModEnabled('asset')) {
return array();
}

2
htdocs/accountancy/closure/index.php
View File

@ -57,7 +57,7 @@ $search_date_end = dol_get_last_day($year_end, $month_end);
$year_current = $year_start;
// Security check
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

2
htdocs/accountancy/customer/card.php
View File

@ -38,7 +38,7 @@ $codeventil = GETPOST('codeventil', 'int');
$id = GETPOST('id', 'int');
// Security check
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

6
htdocs/accountancy/customer/index.php
View File

@ -40,7 +40,7 @@ $validatemonth = GETPOST('validatemonth', 'int');
$validateyear = GETPOST('validateyear', 'int');
// Security check
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {
@ -77,7 +77,7 @@ $action = GETPOST('action', 'aZ09');
$chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version');
// Security check
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {
@ -622,7 +622,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) { // This part of code looks strange
print '</div>';
if (!empty($conf->margin->enabled)) {
if (isModEnabled('margin')) {
print "<br>\n";
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';

2
htdocs/accountancy/customer/lines.php
View File

@ -85,7 +85,7 @@ if (!$sortorder) {
}
// Security check
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

2
htdocs/accountancy/customer/list.php
View File

@ -104,7 +104,7 @@ $accountingAccount = new AccountingAccount($db);
$chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version');
// Security check
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

2
htdocs/accountancy/expensereport/card.php
View File

@ -42,7 +42,7 @@ $codeventil = GETPOST('codeventil', 'int');
$id = GETPOST('id', 'int');
// Security check
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

2
htdocs/accountancy/expensereport/index.php
View File

@ -58,7 +58,7 @@ $year_current = $year_start;
$action = GETPOST('action', 'aZ09');
// Security check
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

2
htdocs/accountancy/expensereport/lines.php
View File

@ -79,7 +79,7 @@ if (!$sortorder) {
}
// Security check
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

2
htdocs/accountancy/expensereport/list.php
View File

@ -97,7 +97,7 @@ $accounting = new AccountingAccount($db);
$chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version');
// Security check
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

2
htdocs/accountancy/journal/bankjournal.php
View File

@ -83,7 +83,7 @@ $now = dol_now();
$action = GETPOST('action', 'aZ09');
// Security check
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

2
htdocs/accountancy/journal/expensereportsjournal.php
View File

@ -58,7 +58,7 @@ if ($in_bookkeeping == '') {
$now = dol_now();
// Security check
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

2
htdocs/accountancy/journal/purchasesjournal.php
View File

@ -61,7 +61,7 @@ $hookmanager->initHooks(array('purchasesjournal'));
$parameters = array();
// Security check
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

2
htdocs/accountancy/journal/sellsjournal.php
View File

@ -63,7 +63,7 @@ $hookmanager->initHooks(array('sellsjournal'));
$parameters = array();
// Security check
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

2
htdocs/accountancy/journal/variousjournal.php
View File

@ -83,7 +83,7 @@ if (!is_array($journal_data)) {
}
// Security check
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

2
htdocs/accountancy/supplier/card.php
View File

@ -42,7 +42,7 @@ $codeventil = GETPOST('codeventil', 'int');
$id = GETPOST('id', 'int');
// Security check
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

2
htdocs/accountancy/supplier/lines.php
View File

@ -89,7 +89,7 @@ if (!$sortorder) {
$formaccounting = new FormAccounting($db);
// Security check
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

2
htdocs/accountancy/supplier/list.php
View File

@ -106,7 +106,7 @@ $accountingAccount = new AccountingAccount($db);
$chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version');
// Security check
if (empty($conf->accounting->enabled)) {
if (!isModEnabled('accounting')) {
accessforbidden();
}
if ($user->socid > 0) {

2
htdocs/adherents/agenda.php
View File

@ -130,7 +130,7 @@ if ($object->id > 0) {
llxHeader("", $title, $help_url);
if (!empty($conf->notification->enabled)) {
if (isModEnabled('notification')) {
$langs->load("mails");
}
$head = member_prepare_head($object);

2
htdocs/adherents/document.php
View File

@ -128,7 +128,7 @@ if ($id > 0) {
$totalsize += $file['size'];
}
if (!empty($conf->notification->enabled)) {
if (isModEnabled('notification')) {
$langs->load("mails");
}

2
htdocs/adherents/htpasswd.php
View File

@ -33,7 +33,7 @@ $sortfield = GETPOST('sortfield', 'alphanohtml');
$sortorder = GETPOST('sortorder', 'aZ09');
// Security check
if (empty($conf->adherent->enabled)) {
if (!isModEnabled('adherent')) {
accessforbidden();
}
if (empty($user->rights->adherent->export)) {

2
htdocs/adherents/list.php
View File

@ -659,7 +659,7 @@ if ($sall) {
// Filter on categories
$moreforfilter = '';
if (!empty($conf->categorie->enabled) && $user->rights->categorie->lire) {
if (isModEnabled('categorie') && $user->rights->categorie->lire) {
require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
$moreforfilter .= '<div class="divsearchfield">';
$moreforfilter .= img_picto($langs->trans('Categories'), 'category', 'class="pictofixedlength"').$formother->select_categories(Categorie::TYPE_MEMBER, $search_categ, 'search_categ', 1);

2
htdocs/adherents/partnership.php
View File

@ -88,7 +88,7 @@ $upload_dir = $conf->partnership->multidir_output[isset($object->entity) ? $o
if (getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR') != 'member') {
accessforbidden('Partnership module is not activated for members');
}
if (empty($conf->partnership->enabled)) {
if (!isModEnabled('partnership')) {
accessforbidden();
}
if (empty($permissiontoread)) {

53
htdocs/admin/system/security.php
View File

@ -418,6 +418,11 @@ print '<br>';
print load_fiche_titre($langs->trans("OtherSetup"), '', 'folder');
print '<strong>MAIN_ALLOW_SVG_FILES_AS_IMAGES</strong> = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES).' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': 0)</span><br>';
print '<br>';
print '<strong>MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE</strong> = '.(empty($conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE).' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': 1)</span><br>';
print '<br>';
//print '<strong>'.$langs->trans("PasswordEncryption").'</strong>: ';
print '<strong>MAIN_SECURITY_HASH_ALGO</strong> = '.(empty($conf->global->MAIN_SECURITY_HASH_ALGO) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_SECURITY_HASH_ALGO)." &nbsp; ";
@ -443,13 +448,7 @@ print '<br>';
print '<strong>MAIN_SECURITY_ANTI_SSRF_SERVER_IP</strong> = '.(empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span> &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': List of static IPs of server separated with coma - '.$langs->trans("Note").': common loopback ip like 127.*.*.*, [::1] are already added)</span>' : $conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP)."<br>";
print '<br>';
print '<strong>MAIN_ALLOW_SVG_FILES_AS_IMAGES</strong> = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES).' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': 0)</span><br>';
print '<br>';
print '<strong>MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE</strong> = '.(empty($conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE).' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': 1)</span><br>';
print '<br>';
print '<strong>MAIN_SECURITY_CSRF_WITH_TOKEN</strong> = '.(empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN).' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': 2)</span>'."<br>";
print '<strong>MAIN_SECURITY_CSRF_WITH_TOKEN</strong> = '.(empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN).' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 2)</span>'."<br>";
print '<br>';
print '<br>';
@ -458,15 +457,6 @@ print '<br>';
print load_fiche_titre($langs->trans("OtherSetup").' ('.$langs->trans("Experimental").')', '', 'folder');
print '<strong>MAIN_RESTRICTHTML_ONLY_VALID_HTML</strong> = '.(empty($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML) ? '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': 1)</span>' : $conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML)."<br>";
print '<br>';
print '<strong>MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES</strong> = '.(empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES) ? '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': 1)</span>' : $conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)."<br>";
print '<br>';
print '<strong>MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL</strong> = '.(empty($conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL) ? '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)</span>' : $conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL)."<br>";
print '<br>';
print '<strong>MAIN_EXEC_USE_POPEN</strong> = ';
if (empty($conf->global->MAIN_EXEC_USE_POPEN)) {
print '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>';
@ -483,7 +473,36 @@ if ($execmethod == 2) {
print ' &nbsp; ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 1)';
print '</span>';
}
print "<br>";
print '<br>';
print '<br>';
print '<strong>MAIN_RESTRICTHTML_ONLY_VALID_HTML</strong> = '.(empty($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML) ? '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': 1)</span>' : $conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML)."<br>";
print '<br>';
print '<strong>MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES</strong> = '.(empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES) ? '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': 1)</span>' : $conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)."<br>";
print '<br>';
print '<strong>MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL</strong> = '.(empty($conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL) ? '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)</span>' : $conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL)."<br>";
print '<br>';
print '<strong>MAIN_SECURITY_FORCECSP</strong> = '.(empty($conf->global->MAIN_SECURITY_FORCECSP) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_SECURITY_FORCECSP).' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").": \"default-src 'self'; img-src *;\")</span><br>";
print '<br>';
print '<strong>WEBSITE_MAIN_SECURITY_FORCECSP</strong> = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCECSP) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->WEBSITE_MAIN_SECURITY_FORCECSP).' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").": \"default-src 'self'; style-src: https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src: https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src: *;\")</span><br>";
print '<br>';
print '<strong>MAIN_SECURITY_FORCERP</strong> = '.(empty($conf->global->MAIN_SECURITY_FORCERP) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_SECURITY_FORCERP).' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"same-origin\")</span><br>";
print '<br>';
print '<strong>WEBSITE_MAIN_SECURITY_FORCERP</strong> = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCERP) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->WEBSITE_MAIN_SECURITY_FORCERP).' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"strict-origin-when-cross-origin\")</span><br>";
print '<br>';
print '<strong>WEBSITE_MAIN_SECURITY_FORCESTS</strong> = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCESTS) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->WEBSITE_MAIN_SECURITY_FORCESTS).' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").": \"max-age=31536000; includeSubDomains\")</span><br>";
print '<br>';
print '<strong>WEBSITE_MAIN_SECURITY_FORCEPP</strong> = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCEPP) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->WEBSITE_MAIN_SECURITY_FORCEPP).' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").": \"camera: 'none'; microphone: 'none';\")</span><br>";
print '<br>';
print '<br>';

173
htdocs/bom/class/api_boms.class.php
View File

@ -2,6 +2,7 @@
/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
* Copyright (C) 2019 Maxime Kohlhaas <maxime@atm-consulting.fr>
* Copyright (C) 2020 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2022 Christian Humpel <christian.humpel@live.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -279,6 +280,178 @@ class Boms extends DolibarrApi
);
}
/**
* Get lines of an BOM
*
* @param int $id Id of BOM
*
* @url GET {id}/lines
*
* @return array
*/
public function getLines($id)
{
if (!DolibarrApiAccess::$user->rights->bom->read) {
throw new RestException(401);
}
$result = $this->bom->fetch($id);
if (!$result) {
throw new RestException(404, 'BOM not found');
}
if (!DolibarrApi::_checkAccessToResource('bom_bom', $this->bom->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
$this->bom->getLinesArray();
$result = array();
foreach ($this->bom->lines as $line) {
array_push($result, $this->_cleanObjectDatas($line));
}
return $result;
}
/**
* Add a line to given BOM
*
* @param int $id Id of BOM to update
* @param array $request_data BOMLine data
*
* @url POST {id}/lines
*
* @return int
*/
public function postLine($id, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->bom->write) {
throw new RestException(401);
}
$result = $this->bom->fetch($id);
if (!$result) {
throw new RestException(404, 'BOM not found');
}
if (!DolibarrApi::_checkAccessToResource('bom_bom', $this->bom->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
$request_data = (object) $request_data;
$updateRes = $this->bom->addLine(
$request_data->fk_product,
$request_data->qty,
$request_data->qty_frozen,
$request_data->disable_stock_change,
$request_data->efficiency,
$request_data->position,
$request_data->fk_bom_child,
$request_data->import_key
);
if ($updateRes > 0) {
return $updateRes;
} else {
throw new RestException(400, $this->bom->error);
}
}
/**
* Update a line to given BOM
*
* @param int $id Id of BOM to update
* @param int $lineid Id of line to update
* @param array $request_data BOMLine data
*
* @url PUT {id}/lines/{lineid}
*
* @return array|bool
*/
public function putLine($id, $lineid, $request_data = null)
{
if (!DolibarrApiAccess::$user->rights->bom->write) {
throw new RestException(401);
}
$result = $this->bom->fetch($id);
if (!$result) {
throw new RestException(404, 'BOM not found');
}
if (!DolibarrApi::_checkAccessToResource('bom_bom', $this->bom->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
$request_data = (object) $request_data;
$updateRes = $this->bom->updateLine(
$lineid,
$request_data->qty,
$request_data->qty_frozen,
$request_data->disable_stock_change,
$request_data->efficiency,
$request_data->position,
$request_data->fk_bom_child,
$request_data->import_key
);
if ($updateRes > 0) {
$result = $this->get($id);
unset($result->line);
return $this->_cleanObjectDatas($result);
}
return false;
}
/**
* Delete a line to given BOM
*
*
* @param int $id Id of BOM to update
* @param int $lineid Id of line to delete
*
* @url DELETE {id}/lines/{lineid}
*
* @return int
*
* @throws RestException 401
* @throws RestException 404
* @throws RestException 500
*/
public function deleteLine($id, $lineid)
{
if (!DolibarrApiAccess::$user->rights->bom->write) {
throw new RestException(401);
}
$result = $this->bom->fetch($id);
if (!$result) {
throw new RestException(404, 'BOM not found');
}
if (!DolibarrApi::_checkAccessToResource('bom_bom', $this->bom->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
//Check the rowid is a line of current bom object
$lineIdIsFromObject = false;
foreach ($this->bom->lines as $bl) {
if ($bl->id == $lineid) {
$lineIdIsFromObject = true;
break;
}
}
if (!$lineIdIsFromObject) {
throw new RestException(500, 'Line to delete (rowid: '.$lineid.') is not a line of BOM (id: '.$this->bom->id.')');
}
$updateRes = $this->bom->deleteline(DolibarrApiAccess::$user, $lineid);
if ($updateRes > 0) {
return $this->get($id);
} else {
throw new RestException(405, $this->bom->error);
}
}
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
/**

241
htdocs/bom/class/bom.class.php
View File

@ -502,6 +502,214 @@ class BOM extends CommonObject
//return $this->deleteCommon($user, $notrigger, 1);
}
/**
* Add an BOM line into database (linked to BOM)
*
* @param int $fk_product Id of product
* @param float $qty Quantity
* @param int $qty_frozen Frozen quantity
* @param int $disable_stock_change Disable stock change on using in MO
* @param float $efficiency Efficiency in MO
* @param int $position Position of BOM-Line in BOM-Lines
* @param int $fk_bom_child Id of BOM Child
* @param string $import_key Import Key
* @return int <0 if KO, Id of created object if OK
*/
public function addLine($fk_product, $qty, $qty_frozen = 0, $disable_stock_change = 0, $efficiency = 1.0, $position = -1, $fk_bom_child = null, $import_key = null)
{
global $mysoc, $conf, $langs, $user;
$logtext = "::addLine bomid=$this->id, qty=$qty, fk_product=$fk_product, qty_frozen=$qty_frozen, disable_stock_change=$disable_stock_change, efficiency=$efficiency";
$logtext .= ", fk_bom_child=$fk_bom_child, import_key=$import_key";
dol_syslog(get_class($this).$logtext, LOG_DEBUG);
if ($this->statut == self::STATUS_DRAFT) {
include_once DOL_DOCUMENT_ROOT.'/core/lib/price.lib.php';
// Clean parameters
if (empty($qty)) {
$qty = 0;
}
if (empty($qty_frozen)) {
$qty_frozen = 0;
}
if (empty($disable_stock_change)) {
$disable_stock_change = 0;
}
if (empty($efficiency)) {
$efficiency = 1.0;
}
if (empty($fk_bom_child)) {
$fk_bom_child = null;
}
if (empty($import_key)) {
$import_key = null;
}
if (empty($position)) {
$position = -1;
}
$qty = price2num($qty);
$efficiency = price2num($efficiency);
$position = price2num($position);
$this->db->begin();
// Rank to use
$rangMax = $this->line_max();
$rankToUse = $position;
if ($rankToUse <= 0 or $rankToUse > $rangMax) { // New line after existing lines
$rankToUse = $rangMax + 1;
} else { // New line between the existing lines
foreach ($this->lines as $bl) {
if ($bl->position >= $rankToUse) {
$bl->position++;
$bl->update($user);
}
}
}
// Insert line
$this->line = new BOMLine($this->db);
$this->line->context = $this->context;
$this->line->fk_bom = $this->id;
$this->line->fk_product = $fk_product;
$this->line->qty = $qty;
$this->line->qty_frozen = $qty_frozen;
$this->line->disable_stock_change = $disable_stock_change;
$this->line->efficiency = $efficiency;
$this->line->fk_bom_child = $fk_bom_child;
$this->line->import_key = $import_key;
$this->line->position = $rankToUse;
$result = $this->line->create($user);
if ($result > 0) {
$this->calculateCosts();
$this->db->commit();
return $result;
} else {
$this->error = $this->line->error;
dol_syslog(get_class($this)."::addLine error=".$this->error, LOG_ERR);
$this->db->rollback();
return -2;
}
} else {
dol_syslog(get_class($this)."::addLine status of BOM must be Draft to allow use of ->addLine()", LOG_ERR);
return -3;
}
}
/**
* Update an BOM line into database
*
* @param int $rowid Id of line to update
* @param float $qty Quantity
* @param int $qty_frozen Frozen quantity
* @param int $disable_stock_change Disable stock change on using in MO
* @param float $efficiency Efficiency in MO
* @param int $position Position of BOM-Line in BOM-Lines
* @param int $fk_bom_child Id of BOM Child
* @param string $import_key Import Key
* @return int <0 if KO, Id of updated BOM-Line if OK
*/
public function updateLine($rowid, $qty, $qty_frozen = 0, $disable_stock_change = 0, $efficiency = 1.0, $position = -1, $fk_bom_child = null, $import_key = null)
{
global $mysoc, $conf, $langs, $user;
$logtext = "::updateLine bomid=$this->id, qty=$qty, qty_frozen=$qty_frozen, disable_stock_change=$disable_stock_change, efficiency=$efficiency";
$logtext .= ", fk_bom_child=$fk_bom_child, import_key=$import_key";
dol_syslog(get_class($this).$logtext, LOG_DEBUG);
if ($this->statut == self::STATUS_DRAFT) {
include_once DOL_DOCUMENT_ROOT.'/core/lib/price.lib.php';
// Clean parameters
if (empty($qty)) {
$qty = 0;
}
if (empty($qty_frozen)) {
$qty_frozen = 0;
}
if (empty($disable_stock_change)) {
$disable_stock_change = 0;
}
if (empty($efficiency)) {
$efficiency = 1.0;
}
if (empty($fk_bom_child)) {
$fk_bom_child = null;
}
if (empty($import_key)) {
$import_key = null;
}
if (empty($position)) {
$position = -1;
}
$qty = price2num($qty);
$efficiency = price2num($efficiency);
$position = price2num($position);
$this->db->begin();
//Fetch current line from the database and then clone the object and set it in $oldline property
$line = new BOMLine($this->db);
$line->fetch($rowid);
$line->fetch_optionals();
$staticLine = clone $line;
$line->oldcopy = $staticLine;
$this->line = $line;
$this->line->context = $this->context;
// Rank to use
$rankToUse = (int) $position;
if ($rankToUse != $line->oldcopy->position) { // check if position have a new value
foreach ($this->lines as $bl) {
if ($bl->position >= $rankToUse AND $bl->position < ($line->oldcopy->position + 1)) { // move rank up
$bl->position++;
$bl->update($user);
}
if ($bl->position <= $rankToUse AND $bl->position > ($line->oldcopy->position)) { // move rank down
$bl->position--;
$bl->update($user);
}
}
}
$this->line->fk_bom = $this->id;
$this->line->qty = $qty;
$this->line->qty_frozen = $qty_frozen;
$this->line->disable_stock_change = $disable_stock_change;
$this->line->efficiency = $efficiency;
$this->line->fk_bom_child = $fk_bom_child;
$this->line->import_key = $import_key;
$this->line->position = $rankToUse;
$result = $this->line->update($user);
if ($result > 0) {
$this->calculateCosts();
$this->db->commit();
return $result;
} else {
$this->error = $this->line->error;
dol_syslog(get_class($this)."::addLine error=".$this->error, LOG_ERR);
$this->db->rollback();
return -2;
}
} else {
dol_syslog(get_class($this)."::addLine status of BOM must be Draft to allow use of ->addLine()", LOG_ERR);
return -3;
}
}
/**
* Delete a line of object in database
*
@ -517,7 +725,38 @@ class BOM extends CommonObject
return -2;
}
return $this->deleteLineCommon($user, $idline, $notrigger);
$this->db->begin();
//Fetch current line from the database and then clone the object and set it in $oldline property
$line = new BOMLine($this->db);
$line->fetch($idline);
$line->fetch_optionals();
$staticLine = clone $line;
$line->oldcopy = $staticLine;
$this->line = $line;
$this->line->context = $this->context;
$result = $this->line->delete($user, $notrigger);
//Positions (rank) reordering
foreach ($this->lines as $bl) {
if ($bl->position > ($line->oldcopy->position)) { // move rank down
$bl->position--;
$bl->update($user);
}
}
if ($result > 0) {
$this->calculateCosts();
$this->db->commit();
return $result;
} else {
$this->error = $this->line->error;
dol_syslog(get_class($this)."::addLine error=".$this->error, LOG_ERR);
$this->db->rollback();
return -2;
}
}
/**

19
htdocs/core/ajax/check_notifications.php
View File

@ -39,25 +39,6 @@ if (!defined('NOREQUIRETRAN')) {
define('NOREQUIRETRAN', '1');
}
//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user
//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc
//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs
//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters
//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters
//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on).
//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on)
//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data
//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value
//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler
//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', '1'); // The main.inc.php does not make a redirect if not logged, instead show simple error message
//if (! defined("XFRAMEOPTIONS_ALLOWALL")) define('XFRAMEOPTIONS_ALLOWALL', '1'); // Do not add the HTTP header 'X-Frame-Options: SAMEORIGIN' but 'X-Frame-Options: ALLOWALL'
require '../../main.inc.php';
//$time = (int) GETPOST('time', 'int'); // Use the time parameter that is always increased by time_update, even if call is late

4
htdocs/core/lib/functions.lib.php
View File

@ -3310,8 +3310,8 @@ function dol_print_phone($phone, $countrycode = '', $cid = 0, $socid = 0, $addli
$newphone = substr($newphone, 0, 5).$separ.substr($newphone, 5, 3).$separ.substr($newphone, 8, 4);
}
} elseif (strtoupper($countrycode) == "MG") {//Madagascar
if (dol_strlen($phone) == 13) {//ex: +261_AB_CD_EF_GHI
$newphone = substr($newphone, 0, 4).$separ.substr($newphone, 4, 2).$separ.substr($newphone, 6, 2).$separ.substr($newphone, 8, 2).$separ.substr($newphone, 10, 3);
if (dol_strlen($phone) == 13) {//ex: +261_AB_CD_EFG_HI
$newphone = substr($newphone, 0, 4).$separ.substr($newphone, 4, 2).$separ.substr($newphone, 6, 2).$separ.substr($newphone, 8, 3).$separ.substr($newphone, 11, 2);
}
} elseif (strtoupper($countrycode) == "GB") {//Royaume uni
if (dol_strlen($phone) == 13) {//ex: +44_ABCD_EFG_HIJ

72
htdocs/core/website.inc.php
View File

@ -82,10 +82,82 @@ if ($pageid > 0) {
}
if (!defined('USEDOLIBARRSERVER') && !defined('USEDOLIBARREDITOR')) {
// Security options
// X-Content-Type-Options
header("X-Content-Type-Options: nosniff");
// X-Frame-Options
if (empty($websitepage->allowed_in_frames) && empty($conf->global->WEBSITE_ALLOW_FRAMES_ON_ALL_PAGES)) {
header("X-Frame-Options: SAMEORIGIN");
}
// X-XSS-Protection
//header("X-XSS-Protection: 1"); // XSS filtering protection of some browsers (note: use of Content-Security-Policy is more efficient). Disabled as deprecated.
// Content-Security-Policy
if (!defined('WEBSITE_MAIN_SECURITY_FORCECSP')) {
// The constant WEBSITE_MAIN_SECURITY_FORCECSP should never be defined by page, but the variable used just after may be
// A default security policy that keep usage of js external component like ckeditor, stripe, google, working
// $contentsecuritypolicy = "font-src *; img-src *; style-src * 'unsafe-inline' 'unsafe-eval'; default-src 'self' *.stripe.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.stripe.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' *.stripe.com; connect-src 'self';";
$contentsecuritypolicy = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCECSP');
if (!is_object($hookmanager)) {
$hookmanager = new HookManager($db);
}
$hookmanager->initHooks(array("main"));
$parameters = array('contentsecuritypolicy'=>$contentsecuritypolicy);
$result = $hookmanager->executeHooks('setContentSecurityPolicy', $parameters); // Note that $action and $object may have been modified by some hooks
if ($result > 0) {
$contentsecuritypolicy = $hookmanager->resPrint; // Replace CSP
} else {
$contentsecuritypolicy .= $hookmanager->resPrint; // Concat CSP
}
if (!empty($contentsecuritypolicy)) {
// For example: to restrict to only local resources, except for css (cloudflare+google), and js (transifex + google tags) and object/iframe (youtube)
// default-src 'self'; style-src: https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src: https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src: *;
// For example, to restrict everything to itself except img that can be on other servers:
// default-src 'self'; img-src *;
// Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins:
// default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'
header("Content-Security-Policy: ".$contentsecuritypolicy);
}
}
// Referrer-Policy
if (!defined('WEBSITE_MAIN_SECURITY_FORCERP')) {
// The constant WEBSITE_MAIN_SECURITY_FORCERP should never be defined by page, but the variable used just after may be
// For public web sites, we use the same default value than "strict-origin-when-cross-origin"
$referrerpolicy = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCERP', "strict-origin-when-cross-origin");
header("Referrer-Policy: ".$referrerpolicy);
}
// Strict-Transport-Security
if (!defined('WEBSITE_MAIN_SECURITY_FORCESTS')) {
// The constant WEBSITE_MAIN_SECURITY_FORCESTS should never be defined by page, but the variable used just after may be
// Example: "max-age=31536000; includeSubDomains"
$sts = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCESTS');
if (!empty($sts)) {
header("Strict-Transport-Security: ".$sts);
}
}
// Permissions-Policy (old name was Feature-Policy)
if (!defined('WEBSITE_MAIN_SECURITY_FORCEPP')) {
// The constant WEBSITE_MAIN_SECURITY_FORCEPP should never be defined by page, but the variable used just after may be
// Example: "camera: 'none'; microphone: 'none';"
$pp = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCEPP');
if (!empty($pp)) {
header("Permissions-Policy: ".$pp);
}
}
}
// A lang was forced, so we change weblangs init

14
htdocs/index.php
View File

@ -255,19 +255,19 @@ if (empty($conf->global->MAIN_DISABLE_GLOBAL_WORKBOARD)) {
// Number of cheque to send
if (isModEnabled('banque') && empty($conf->global->MAIN_DISABLE_BLOCK_BANK) && $user->hasRight('banque', 'lire') && !$user->socid) {
if (empty($conf->global->BANK_DISABLE_CHECK_DEPOSIT)) {
include_once DOL_DOCUMENT_ROOT.'/compta/paiement/cheque/class/remisecheque.class.php';
include_once DOL_DOCUMENT_ROOT . '/compta/paiement/cheque/class/remisecheque.class.php';
$board = new RemiseCheque($db);
$dashboardlines[$board->element] = $board->load_board($user);
}
if (!empty($conf->prelevement->enabled)) {
include_once DOL_DOCUMENT_ROOT.'/compta/prelevement/class/bonprelevement.class.php';
if (isModEnabled('prelevement')) {
include_once DOL_DOCUMENT_ROOT . '/compta/prelevement/class/bonprelevement.class.php';
$board = new BonPrelevement($db);
$dashboardlines[$board->element.'_direct_debit'] = $board->load_board($user, 'direct_debit');
$dashboardlines[$board->element . '_direct_debit'] = $board->load_board($user, 'direct_debit');
}
if (!empty($conf->paymentbybanktransfer->enabled)) {
include_once DOL_DOCUMENT_ROOT.'/compta/prelevement/class/bonprelevement.class.php';
if (isModEnabled('paymentbybanktransfer')) {
include_once DOL_DOCUMENT_ROOT . '/compta/prelevement/class/bonprelevement.class.php';
$board = new BonPrelevement($db);
$dashboardlines[$board->element.'_credit_transfer'] = $board->load_board($user, 'credit_transfer');
$dashboardlines[$board->element . '_credit_transfer'] = $board->load_board($user, 'credit_transfer');
}
}

BIN
htdocs/install/doctemplates/websites/website_template-style03.zip
View File

Binary file not shown.

BIN
htdocs/install/doctemplates/websites/website_template-style04.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 481 KiB

BIN
htdocs/install/doctemplates/websites/website_template-style04.zip Normal file
View File

Binary file not shown.

2
htdocs/install/mysql/migration/16.0.0-17.0.0.sql
View File

@ -84,3 +84,5 @@ ALTER TABLE llx_societe ADD last_main_doc VARCHAR(255) NULL AFTER model_pdf;
ALTER TABLE llx_ticket ADD COLUMN ip varchar(250);
ALTER TABLE llx_ticket ADD email_date datetime after email_msgid;
ALTER TABLE llx_cronjob ADD COLUMN pid integer;

1
htdocs/install/mysql/tables/llx_cronjob.sql
View File

@ -47,6 +47,7 @@ CREATE TABLE llx_cronjob
autodelete integer DEFAULT 0, -- 0=Job is kept unchanged once nbrun > maxrun or date > dateend, 2=Job must be archived (archive = status 2) once nbrun > maxrun or date > dateend
status integer NOT NULL DEFAULT 1, -- 0=disabled, 1=enabled, 2=archived
processing integer NOT NULL DEFAULT 0, -- 1=process currently running
pid integer, -- The cronjob PID, NULL if not in processing
test varchar(255) DEFAULT '1',
fk_user_author integer DEFAULT NULL,
fk_user_mod integer DEFAULT NULL,

42
htdocs/main.inc.php
View File

@ -1412,21 +1412,27 @@ function top_httphead($contenttype = 'text/html', $forcenocache = 0)
}
// Security options
// X-Content-Type-Options
header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on)
// X-Frame-Options
if (!defined('XFRAMEOPTIONS_ALLOWALL')) {
header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)
} else {
header("X-Frame-Options: ALLOWALL");
}
// X-XSS-Protection
//header("X-XSS-Protection: 1"); // XSS filtering protection of some browsers (note: use of Content-Security-Policy is more efficient). Disabled as deprecated.
if (!defined('FORCECSP')) {
//if (! isset($conf->global->MAIN_HTTP_CONTENT_SECURITY_POLICY))
//{
// // A default security policy that keep usage of js external component like ckeditor, stripe, google, working
// Content-Security-Policy
if (!defined('MAIN_SECURITY_FORCECSP')) {
// If CSP not forced from the page
// A default security policy that keep usage of js external component like ckeditor, stripe, google, working
// $contentsecuritypolicy = "font-src *; img-src *; style-src * 'unsafe-inline' 'unsafe-eval'; default-src 'self' *.stripe.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.stripe.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' *.stripe.com; connect-src 'self';";
//}
//else
$contentsecuritypolicy = empty($conf->global->MAIN_HTTP_CONTENT_SECURITY_POLICY) ? '' : $conf->global->MAIN_HTTP_CONTENT_SECURITY_POLICY;
$contentsecuritypolicy = getDolGlobalString('MAIN_SECURITY_FORCECSP');
if (!is_object($hookmanager)) {
$hookmanager = new HookManager($db);
@ -1448,17 +1454,29 @@ function top_httphead($contenttype = 'text/html', $forcenocache = 0)
// default-src https://cdn.example.net; object-src 'none'
// For example, to restrict everything to itself except img that can be on other servers:
// default-src 'self'; img-src *;
// Pre-existing site that uses too much inline code to fix but wants to ensure resources are loaded only over https and disable plugins:
// default-src http: https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
// Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins:
// default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'
header("Content-Security-Policy: ".$contentsecuritypolicy);
}
} elseif (constant('FORCECSP')) {
header("Content-Security-Policy: ".constant('FORCECSP'));
} else {
header("Content-Security-Policy: ".constant('MAIN_SECURITY_FORCECSP'));
}
// Referrer-Policy
// Say if we must provide the referrer when we jump onto another web page.
// Default browser are 'strict-origin-when-cross-origin', we want more so we use 'same-origin' so we don't send any referrer when going into another web site
if (!defined('MAIN_SECURITY_FORCERP')) {
$referrerpolicy = getDolGlobalString('MAIN_SECURITY_FORCERP', "same-origin");
header("Referrer-Policy: ".$referrerpolicy);
}
if ($forcenocache) {
header("Cache-Control: no-cache, no-store, must-revalidate, max-age=0");
}
header("anti-csrf-token: ".newToken());
// No need to add this token in header, we use instead the one into the forms.
//header("anti-csrf-token: ".newToken());
}
/**

2
htdocs/modulebuilder/template/myobject_agenda.php
View File

@ -39,7 +39,7 @@
//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value
//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler
//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message
//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies
//if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies
//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET
//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification

2
htdocs/modulebuilder/template/myobject_card.php
View File

@ -39,7 +39,7 @@
//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value
//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler
//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message
//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies
//if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies
//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET
//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification
//if (! defined('NOSESSION')) define('NOSESSION', '1'); // Disable session

2
htdocs/modulebuilder/template/myobject_document.php
View File

@ -39,7 +39,7 @@
//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value
//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler
//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message
//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies
//if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies
//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET
//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification

2
htdocs/modulebuilder/template/myobject_list.php
View File

@ -39,7 +39,7 @@
//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value
//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler
//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message
//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies
//if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies
//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET
//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification
//if (! defined('NOSESSION')) define('NOSESSION', '1'); // On CLI mode, no need to use web sessions

2
htdocs/modulebuilder/template/myobject_note.php
View File

@ -39,7 +39,7 @@
//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value
//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler
//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message
//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies
//if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies
//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET
//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification

15
htdocs/product/stock/movement_list.php
View File

@ -942,12 +942,17 @@ if ($action == "transfert") {
if ((empty($action) || $action == 'list') && $id > 0) {
print "<div class=\"tabsAction\">\n";
if ($user->rights->stock->mouvement->creer) {
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$id.'&action=correction">'.$langs->trans("CorrectStock").'</a>';
}
$parameters = array();
$reshook = $hookmanager->executeHooks('addMoreActionsButtons', $parameters, $object, $action); // Note that $action and $object may have been
// modified by hook
if (empty($reshook)) {
if ($user->rights->stock->mouvement->creer) {
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$id.'&action=correction">'.$langs->trans("CorrectStock").'</a>';
}
if ($user->rights->stock->mouvement->creer) {
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$id.'&action=transfert">'.$langs->trans("TransferStock").'</a>';
if ($user->rights->stock->mouvement->creer) {
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$id.'&action=transfert">'.$langs->trans("TransferStock").'</a>';
}
}
print '</div><br>';

2
htdocs/product/stock/replenish.php
View File

@ -467,7 +467,7 @@ if ($usevirtualstock) {
$sqlProductionToConsume .= " AND mp5.role IN ('toconsume', 'consummed')";
$sqlProductionToConsume .= " AND mm5.status IN (1,2))";
$sqlProductionToProduce = "(SELECT GREATEST(0, ".$db->ifsql("SUM(".$db->ifsql("mp5.role = 'toproduce'", 'mp5.qty', '- mp5.qty').") IS NULL", "0", "SUM(".$db->ifsql("mp5.role = 'toconsume'", 'mp5.qty', '- mp5.qty').")").") as qty"; // We need the ifsql because if result is 0 for product p.rowid, we must return 0 and not NULL
$sqlProductionToProduce = "(SELECT GREATEST(0, ".$db->ifsql("SUM(".$db->ifsql("mp5.role = 'toproduce'", 'mp5.qty', '- mp5.qty').") IS NULL", "0", "SUM(".$db->ifsql("mp5.role = 'toproduce'", 'mp5.qty', '- mp5.qty').")").") as qty"; // We need the ifsql because if result is 0 for product p.rowid, we must return 0 and not NULL
$sqlProductionToProduce .= " FROM ".MAIN_DB_PREFIX."mrp_mo as mm5,";
$sqlProductionToProduce .= " ".MAIN_DB_PREFIX."mrp_production as mp5";
$sqlProductionToProduce .= " WHERE mm5.rowid = mp5.fk_mo AND mm5.entity IN (".getEntity(!empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'mo').")";

17
htdocs/product/stock/stocktransfer/stocktransfer_agenda.php
View File

@ -1,7 +1,6 @@
<?php
/* Copyright (C) 2017 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2021 Gauthier VERDOL <gauthier.verdol@atm-consulting.fr>
* Copyright (C) ---Put here your own copyright and developer email---
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -23,21 +22,7 @@
* \brief Page of StockTransfer events
*/
// Load Dolibarr environment
$res = 0;
// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined)
if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php";
// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME
$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1;
while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { $i--; $j--; }
if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php";
if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php";
// Try main.inc.php using relative path
if (!$res && file_exists("../main.inc.php")) $res = @include "../main.inc.php";
if (!$res && file_exists("../../main.inc.php")) $res = @include "../../main.inc.php";
if (!$res && file_exists("../../../main.inc.php")) $res = @include "../../../main.inc.php";
if (!$res) die("Include of main fails");
require '../../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';

36
htdocs/product/stock/stocktransfer/stocktransfer_card.php
View File

@ -22,41 +22,7 @@
* \brief Page to create/edit/view stocktransfer
*/
//if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Do not create database handler $db
//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Do not load object $user
//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); // Do not load object $mysoc
//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); // Do not load object $langs
//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION','1'); // Do not check injection attack on GET parameters
//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION','1'); // Do not check injection attack on POST parameters
//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on).
//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on)
//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK','1'); // Do not check style html tag into posted data
//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no need to load and show top and left menu
//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); // If we don't need to load the html.form.class.php
//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1'); // Do not load ajax.lib.php library
//if (! defined("NOLOGIN")) define("NOLOGIN",'1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too.
//if (! defined('NOIPCHECK')) define('NOIPCHECK','1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT','auto'); // Force lang to a particular value
//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE','aloginmodule'); // Force authentication handler
//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN',1); // The main.inc.php does not make a redirect if not logged, instead show simple error message
//if (! defined("FORCECSP")) define('FORCECSP','none'); // Disable all Content Security Policies
// Load Dolibarr environment
$res = 0;
// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined)
if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php";
// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME
$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1;
while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { $i--; $j--; }
if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php";
if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php";
// Try main.inc.php using relative path
if (!$res && file_exists("../main.inc.php")) $res = @include "../main.inc.php";
if (!$res && file_exists("../../main.inc.php")) $res = @include "../../main.inc.php";
if (!$res && file_exists("../../../main.inc.php")) $res = @include "../../../main.inc.php";
if (!$res) die("Include of main fails");
require '../../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php';

12
htdocs/product/stock/stocktransfer/stocktransfer_contact.php
View File

@ -25,17 +25,7 @@
* \brief Tab to manage contacts/adresses of proposal
*/
if (!$res && file_exists("../main.inc.php")) $res = @include "../main.inc.php";
if (!$res && file_exists("../../main.inc.php")) $res = @include "../../main.inc.php";
if (!$res && file_exists("../../../main.inc.php")) $res = @include "../../../main.inc.php";
if (!$res) die("Include of main fails");
require_once DOL_DOCUMENT_ROOT.'/product/stock/stocktransfer/class/stocktransfer.class.php';
require_once DOL_DOCUMENT_ROOT.'/product/stock/stocktransfer/lib/stocktransfer_stocktransfer.lib.php';
require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
require '../../../main.inc.php';
// Load translation files required by the page
$langs->loadLangs(array('facture', 'orders', 'sendings', 'companies', 'stocks'));

17
htdocs/product/stock/stocktransfer/stocktransfer_document.php
View File

@ -1,7 +1,6 @@
<?php
/* Copyright (C) 2007-2017 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2021 Gauthier VERDOL <gauthier.verdol@atm-consulting.fr>
* Copyright (C) ---Put here your own copyright and developer email---
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -23,21 +22,7 @@
* \brief Tab for documents linked to StockTransfer
*/
// Load Dolibarr environment
$res = 0;
// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined)
if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php";
// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME
$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1;
while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { $i--; $j--; }
if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php";
if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php";
// Try main.inc.php using relative path
if (!$res && file_exists("../main.inc.php")) $res = @include "../main.inc.php";
if (!$res && file_exists("../../main.inc.php")) $res = @include "../../main.inc.php";
if (!$res && file_exists("../../../main.inc.php")) $res = @include "../../../main.inc.php";
if (!$res) die("Include of main fails");
require '../../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';

42
htdocs/product/stock/stocktransfer/stocktransfer_list.php
View File

@ -23,50 +23,12 @@
* \brief List page for stocktransfer
*/
//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db
//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user
//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc
//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs
//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters
//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters
//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on).
//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on)
//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data
//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value
//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler
//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', '1'); // The main.inc.php does not make a redirect if not logged, instead show simple error message
//if (! defined("XFRAMEOPTIONS_ALLOWALL")) define('XFRAMEOPTIONS_ALLOWALL', '1'); // Do not add the HTTP header 'X-Frame-Options: SAMEORIGIN' but 'X-Frame-Options: ALLOWALL'
// Load Dolibarr environment
$res = 0;
// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined)
if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php";
// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME
$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1;
while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { $i--; $j--; }
if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php";
if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php";
// Try main.inc.php using relative path
if (!$res && file_exists("../main.inc.php")) $res = @include "../main.inc.php";
if (!$res && file_exists("../../main.inc.php")) $res = @include "../../main.inc.php";
if (!$res && file_exists("../../../main.inc.php")) $res = @include "../../../main.inc.php";
if (!$res) die("Include of main fails");
require '../../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php';
// load stocktransfer libraries
require_once __DIR__.'/class/stocktransfer.class.php';
// for other modules
//dol_include_once('/othermodule/class/otherobject.class.php');
require_once DOL_DOCUMENT_ROOT.'/product/stock/stocktransfer/class/stocktransfer.class.php';
// Load translation files required by the page
$langs->loadLangs(array("stocks", "other"));

17
htdocs/product/stock/stocktransfer/stocktransfer_note.php
View File

@ -1,7 +1,6 @@
<?php
/* Copyright (C) 2007-2017 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2021 Gauthier VERDOL <gauthier.verdol@atm-consulting.fr>
* Copyright (C) ---Put here your own copyright and developer email---
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -23,21 +22,7 @@
* \brief Car with notes on StockTransfer
*/
// Load Dolibarr environment
$res = 0;
// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined)
if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php";
// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME
$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1;
while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { $i--; $j--; }
if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php";
if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php";
// Try main.inc.php using relative path
if (!$res && file_exists("../main.inc.php")) $res = @include "../main.inc.php";
if (!$res && file_exists("../../main.inc.php")) $res = @include "../../main.inc.php";
if (!$res && file_exists("../../../main.inc.php")) $res = @include "../../../main.inc.php";
if (!$res) die("Include of main fails");
require '../../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/product/stock/stocktransfer/class/stocktransfer.class.php';
require_once DOL_DOCUMENT_ROOT.'/product/stock/stocktransfer/lib/stocktransfer_stocktransfer.lib.php';

205
htdocs/public/emailing/mailing-unsubscribe.php
View File

@ -45,22 +45,11 @@ if (!defined('NOIPCHECK')) {
if (!defined("NOSESSION")) {
define("NOSESSION", '1');
}
/**
* Header empty
*
* @return void
*/
function llxHeader()
{
if (! defined('NOREQUIREHTML')) {
define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
}
/**
* Footer empty
*
* @return void
*/
function llxFooter()
{
if (! defined('NOREQUIREAJAX')) {
define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
}
@ -71,9 +60,7 @@ global $user, $conf, $langs;
$langs->loadLangs(array("main", "mails"));
$mtid = GETPOST('mtid');
$email = GETPOST('email');
$tag = GETPOST('tag');
$tag = GETPOST('tag'); // To retreive the emailing, and recipient
$unsuscrib = GETPOST('unsuscrib');
$securitykey = GETPOST('securitykey');
@ -84,104 +71,98 @@ $securitykey = GETPOST('securitykey');
dol_syslog("public/emailing/mailing-read.php : tag=".$tag." securitykey=".$securitykey, LOG_DEBUG);
if ($securitykey != $conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY) {
if ($securitykey != getDolGlobalString('MAILING_EMAIL_UNSUBSCRIBE_KEY')) {
print 'Bad security key value.';
exit;
}
if (!empty($tag) && ($unsuscrib == '1')) {
dol_syslog("public/emailing/mailing-unsubscribe.php : Launch unsubscribe requests", LOG_DEBUG);
$sql = "SELECT mc.rowid, mc.email, mc.statut, m.entity";
$sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles as mc, ".MAIN_DB_PREFIX."mailing as m";
$sql .= " WHERE mc.fk_mailing = m.rowid AND mc.tag='".$db->escape($tag)."'";
$resql = $db->query($sql);
if (!$resql) {
dol_print_error($db);
}
$obj = $db->fetch_object($resql);
if (empty($obj)) {
print 'Email target not valid. Operation canceled.';
exit;
}
if (empty($obj->email)) {
print 'Email target not valid. Operation canceled.';
exit;
}
if ($obj->statut == 3) {
print 'Email target already set to unsubscribe. Operation canceled.';
exit;
}
// TODO Test that mtid and email match also with the one found from $tag
/*
if ($obj->email != $email)
{
print 'Email does not match tagnot found. No need to unsubscribe.';
exit;
}
*/
// Update status of mail in recipient mailing list table
$statut = '3';
$sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".((int) $statut)." WHERE tag = '".$db->escape($tag)."'";
$resql = $db->query($sql);
if (!$resql) {
dol_print_error($db);
}
/*
// Update status communication of thirdparty prospect (old usage)
$sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=-1 WHERE rowid IN (SELECT source_id FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE tag = '".$db->escape($tag)."' AND source_type='thirdparty' AND source_id is not null)";
$resql=$db->query($sql);
if (! $resql) dol_print_error($db);
// Update status communication of contact prospect (old usage)
$sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET no_email=1 WHERE rowid IN (SELECT source_id FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE tag = '".$db->escape($tag)."' AND source_type='contact' AND source_id is not null)";
$resql=$db->query($sql);
if (! $resql) dol_print_error($db);
*/
// Update status communication of email (new usage)
$sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe (date_creat, entity, email, unsubscribegroup, ip) VALUES ('".$db->idate(dol_now())."', ".((int) $obj->entity).", '".$db->escape($obj->email)."', '', '".$db->escape(getUserRemoteIP())."')";
$resql = $db->query($sql);
//if (! $resql) dol_print_error($db); No test on errors, may fail if already unsubscribed
header("Content-type: text/html; charset=".$conf->file->character_set_client);
// Security options
header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on)
header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)
print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">';
print "\n";
print "<html>\n";
print "<head>\n";
print '<meta name="robots" content="noindex,nofollow">'."\n";
print '<meta name="keywords" content="dolibarr,emailing">'."\n";
print '<meta name="description" content="Dolibarr EMailing unsubcribe page">'."\n";
print "<title>".$langs->trans("MailUnsubcribe")."</title>\n";
print '<link rel="stylesheet" type="text/css" href="'.DOL_URL_ROOT.$conf->css.'?lang='.$langs->defaultlang.'">'."\n";
print '<style type="text/css">';
print '.CTableRow1 { margin: 1px; padding: 3px; font: 12px verdana,arial; background: #e6E6eE; color: #000000; -moz-border-radius-topleft:6px; -moz-border-radius-topright:6px; -moz-border-radius-bottomleft:6px; -moz-border-radius-bottomright:6px;}';
print '.CTableRow2 { margin: 1px; padding: 3px; font: 12px verdana,arial; background: #FFFFFF; color: #000000; -moz-border-radius-topleft:6px; -moz-border-radius-topright:6px; -moz-border-radius-bottomleft:6px; -moz-border-radius-bottomright:6px;}';
print '</style>';
print "</head>\n";
print '<body style="margin: 20px;">'."\n";
print '<table><tr><td style="text_align:center;">';
print $langs->trans("YourMailUnsubcribeOK", $obj->email)."<br>\n";
print '</td></tr></table>';
print "</body>\n";
print "</html>\n";
if (empty($tag) || ($unsuscrib != '1')) {
print 'Bad parameters';
exit;
}
/*
* View
*/
$head = '';
$replacemainarea = (empty($conf->dol_hide_leftmenu) ? '<div>' : '').'<div>';
llxHeader($head, $langs->trans("MailUnsubcribe"), '', '', 0, 0, '', '', '', 'onlinepaymentbody', $replacemainarea);
dol_syslog("public/emailing/mailing-unsubscribe.php : Launch unsubscribe requests", LOG_DEBUG);
$sql = "SELECT mc.rowid, mc.email, mc.statut, m.entity";
$sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles as mc, ".MAIN_DB_PREFIX."mailing as m";
$sql .= " WHERE mc.fk_mailing = m.rowid AND mc.tag = '".$db->escape($tag)."'";
$resql = $db->query($sql);
if (!$resql) {
dol_print_error($db);
}
$obj = $db->fetch_object($resql);
if (empty($obj)) {
print 'Email tag not found. Operation canceled.';
llxFooter('', 'private');
exit;
}
if (empty($obj->email)) {
print 'Email for this tag not valid. Operation canceled.';
llxFooter('', 'private');
exit;
}
if ($obj->statut == 3) {
print 'Email tag already set to unsubscribe. Operation canceled.';
llxFooter('', 'private');
exit;
}
// TODO Test that mtid and email match also with the one found from $tag
/*
if ($obj->email != $email)
{
print 'Email does not match tagnot found. No need to unsubscribe.';
exit;
}
*/
// Update status of mail in recipient mailing list table
$statut = '3';
$sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".((int) $statut)." WHERE tag = '".$db->escape($tag)."'";
$resql = $db->query($sql);
if (!$resql) {
dol_print_error($db);
}
/*
// Update status communication of thirdparty prospect (old usage)
$sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=-1 WHERE rowid IN (SELECT source_id FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE tag = '".$db->escape($tag)."' AND source_type='thirdparty' AND source_id is not null)";
$resql=$db->query($sql);
if (! $resql) dol_print_error($db);
// Update status communication of contact prospect (old usage)
$sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET no_email=1 WHERE rowid IN (SELECT source_id FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE tag = '".$db->escape($tag)."' AND source_type='contact' AND source_id is not null)";
$resql=$db->query($sql);
if (! $resql) dol_print_error($db);
*/
// Update status communication of email (new usage)
$sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe (date_creat, entity, email, unsubscribegroup, ip) VALUES ('".$db->idate(dol_now())."', ".((int) $obj->entity).", '".$db->escape($obj->email)."', '', '".$db->escape(getUserRemoteIP())."')";
$resql = $db->query($sql);
//if (! $resql) dol_print_error($db); No test on errors, may fail if already unsubscribed
print '<table><tr><td style="text_align:center;">';
print $langs->trans("YourMailUnsubcribeOK", $obj->email)."<br>\n";
print '</td></tr></table>';
llxFooter('', 'public');
$db->close();

20
htdocs/recruitment/recruitmentcandidature_card.php
View File

@ -21,26 +21,6 @@
* \brief Page to create/edit/view recruitmentcandidature
*/
//if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Do not create database handler $db
//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Do not load object $user
//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); // Do not load object $mysoc
//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); // Do not load object $langs
//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION','1'); // Do not check injection attack on GET parameters
//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION','1'); // Do not check injection attack on POST parameters
//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on).
//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on)
//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK','1'); // Do not check style html tag into posted data
//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no need to load and show top and left menu
//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); // If we don't need to load the html.form.class.php
//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1'); // Do not load ajax.lib.php library
//if (! defined("NOLOGIN")) define("NOLOGIN",'1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too.
//if (! defined('NOIPCHECK')) define('NOIPCHECK','1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT','auto'); // Force lang to a particular value
//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE','aloginmodule'); // Force authentication handler
//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN',1); // The main.inc.php does not make a redirect if not logged, instead show simple error message
//if (! defined("FORCECSP")) define('FORCECSP','none'); // Disable all Content Security Policies
// Load Dolibarr environment
require_once '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';

19
htdocs/recruitment/recruitmentcandidature_list.php
View File

@ -21,25 +21,6 @@
* \brief List page for recruitmentcandidature
*/
//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db
//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user
//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc
//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs
//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters
//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters
//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on).
//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on)
//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data
//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value
//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler
//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', '1'); // The main.inc.php does not make a redirect if not logged, instead show simple error message
//if (! defined("XFRAMEOPTIONS_ALLOWALL")) define('XFRAMEOPTIONS_ALLOWALL', '1'); // Do not add the HTTP header 'X-Frame-Options: SAMEORIGIN' but 'X-Frame-Options: ALLOWALL'
// Load Dolibarr environment
require_once '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/recruitment/lib/recruitment.lib.php';

20
htdocs/recruitment/recruitmentjobposition_applications.php
View File

@ -21,26 +21,6 @@
* \brief Page to see/add applications of a job position
*/
//if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Do not create database handler $db
//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Do not load object $user
//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); // Do not load object $mysoc
//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); // Do not load object $langs
//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION','1'); // Do not check injection attack on GET parameters
//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION','1'); // Do not check injection attack on POST parameters
//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on).
//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on)
//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK','1'); // Do not check style html tag into posted data
//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no need to load and show top and left menu
//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); // If we don't need to load the html.form.class.php
//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1'); // Do not load ajax.lib.php library
//if (! defined("NOLOGIN")) define("NOLOGIN",'1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too.
//if (! defined('NOIPCHECK')) define('NOIPCHECK','1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT','auto'); // Force lang to a particular value
//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE','aloginmodule'); // Force authentication handler
//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN',1); // The main.inc.php does not make a redirect if not logged, instead show simple error message
//if (! defined("FORCECSP")) define('FORCECSP','none'); // Disable all Content Security Policies
// Load Dolibarr environment
$res = 0;
// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined)

19
htdocs/recruitment/recruitmentjobposition_list.php
View File

@ -21,25 +21,6 @@
* \brief List page for recruitmentjobposition
*/
//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db
//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user
//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc
//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs
//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters
//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters
//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on).
//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on)
//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data
//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value
//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler
//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', '1'); // The main.inc.php does not make a redirect if not logged, instead show simple error message
//if (! defined("XFRAMEOPTIONS_ALLOWALL")) define('XFRAMEOPTIONS_ALLOWALL', '1'); // Do not add the HTTP header 'X-Frame-Options: SAMEORIGIN' but 'X-Frame-Options: ALLOWALL'
// Load Dolibarr environment
require_once '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/recruitment/lib/recruitment_recruitmentjobposition.lib.php';

1
htdocs/societe/class/societe.class.php
View File

@ -1581,6 +1581,7 @@ class Societe extends CommonObject
$lmember->phone = $this->phone;
$lmember->state_id = $this->state_id;
$lmember->country_id = $this->country_id;
$lmember->default_lang = $this->default_lang;
$result = $lmember->update($user, 0, 1, 1, 1); // Use nosync to 1 to avoid cyclic updates
if ($result < 0) {

2
htdocs/support/inc.php
View File

@ -235,6 +235,8 @@ function pHeader($soutitre, $next, $action = 'none')
// On force contenu dans format sortie
header("Content-type: text/html; charset=".$conf->file->character_set_client);
// Security options
header("X-Content-Type-Options: nosniff");
header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)

54
htdocs/webhook/target_agenda.php
View File

@ -1,6 +1,5 @@
<?php
/* Copyright (C) 2017 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) ---Put here your own copyright and developer email---
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -22,58 +21,7 @@
* \brief Tab of events on Target
*/
//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db
//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user
//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc
//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs
//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters
//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters
//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on).
//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on)
//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data
//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too.
//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value
//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler
//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message
//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies
//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET
//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification
// Load Dolibarr environment
$res = 0;
// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined)
if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) {
$res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php";
}
// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME
$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1;
while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) {
$i--; $j--;
}
if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) {
$res = @include substr($tmp, 0, ($i + 1))."/main.inc.php";
}
if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) {
$res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php";
}
// Try main.inc.php using relative path
if (!$res && file_exists("../main.inc.php")) {
$res = @include "../main.inc.php";
}
if (!$res && file_exists("../../main.inc.php")) {
$res = @include "../../main.inc.php";
}
if (!$res && file_exists("../../../main.inc.php")) {
$res = @include "../../../main.inc.php";
}
if (!$res) {
die("Include of main fails");
}
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';

55
htdocs/webhook/target_card.php
View File

@ -1,6 +1,5 @@
<?php
/* Copyright (C) 2017 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) ---Put here your own copyright and developer email---
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -22,59 +21,7 @@
* \brief Page to create/edit/view target
*/
//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db
//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user
//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc
//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs
//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters
//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters
//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token).
//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on)
//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data
//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too.
//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value
//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler
//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message
//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies
//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET
//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification
//if (! defined('NOSESSION')) define('NOSESSION', '1'); // Disable session
// Load Dolibarr environment
$res = 0;
// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined)
if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) {
$res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php";
}
// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME
$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1;
while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) {
$i--; $j--;
}
if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) {
$res = @include substr($tmp, 0, ($i + 1))."/main.inc.php";
}
if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) {
$res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php";
}
// Try main.inc.php using relative path
if (!$res && file_exists("../main.inc.php")) {
$res = @include "../main.inc.php";
}
if (!$res && file_exists("../../main.inc.php")) {
$res = @include "../../main.inc.php";
}
if (!$res && file_exists("../../../main.inc.php")) {
$res = @include "../../../main.inc.php";
}
if (!$res) {
die("Include of main fails");
}
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php';

33
htdocs/webhook/target_contact.php
View File

@ -1,6 +1,5 @@
<?php
/* Copyright (C) 2007-2017 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) ---Put here your own copyright and developer email---
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -22,37 +21,7 @@
* \brief Tab for contacts linked to Target
*/
// Load Dolibarr environment
$res = 0;
// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined)
if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) {
$res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php";
}
// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME
$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1;
while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) {
$i--; $j--;
}
if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) {
$res = @include substr($tmp, 0, ($i + 1))."/main.inc.php";
}
if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) {
$res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php";
}
// Try main.inc.php using relative path
if (!$res && file_exists("../main.inc.php")) {
$res = @include "../main.inc.php";
}
if (!$res && file_exists("../../main.inc.php")) {
$res = @include "../../main.inc.php";
}
if (!$res && file_exists("../../../main.inc.php")) {
$res = @include "../../../main.inc.php";
}
if (!$res) {
die("Include of main fails");
}
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
dol_include_once('/webhook/class/target.class.php');

54
htdocs/webhook/target_list.php
View File

@ -22,59 +22,7 @@
* \brief List page for target
*/
//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db
//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user
//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc
//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs
//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters
//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters
//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on).
//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on)
//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data
//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too.
//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value
//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler
//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message
//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies
//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET
//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification
//if (! defined('NOSESSION')) define('NOSESSION', '1'); // On CLI mode, no need to use web sessions
// Load Dolibarr environment
$res = 0;
// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined)
if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) {
$res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php";
}
// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME
$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1;
while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) {
$i--; $j--;
}
if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) {
$res = @include substr($tmp, 0, ($i + 1))."/main.inc.php";
}
if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) {
$res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php";
}
// Try main.inc.php using relative path
if (!$res && file_exists("../main.inc.php")) {
$res = @include "../main.inc.php";
}
if (!$res && file_exists("../../main.inc.php")) {
$res = @include "../../main.inc.php";
}
if (!$res && file_exists("../../../main.inc.php")) {
$res = @include "../../../main.inc.php";
}
if (!$res) {
die("Include of main fails");
}
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';

53
htdocs/webhook/target_note.php
View File

@ -22,58 +22,7 @@
* \brief Tab for notes on Target
*/
//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db
//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user
//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc
//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs
//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters
//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters
//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on).
//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on)
//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data
//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too.
//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value
//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler
//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message
//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies
//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET
//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification
// Load Dolibarr environment
$res = 0;
// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined)
if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) {
$res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php";
}
// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME
$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1;
while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) {
$i--; $j--;
}
if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) {
$res = @include substr($tmp, 0, ($i + 1))."/main.inc.php";
}
if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) {
$res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php";
}
// Try main.inc.php using relative path
if (!$res && file_exists("../main.inc.php")) {
$res = @include "../main.inc.php";
}
if (!$res && file_exists("../../main.inc.php")) {
$res = @include "../../main.inc.php";
}
if (!$res && file_exists("../../../main.inc.php")) {
$res = @include "../../../main.inc.php";
}
if (!$res) {
die("Include of main fails");
}
require '../main.inc.php';
dol_include_once('/webhook/class/target.class.php');
dol_include_once('/webhook/lib/webhook_target.lib.php');

2
htdocs/website/index.php
View File

@ -2745,7 +2745,7 @@ if (!GETPOST('hide_websitemenu')) {
if ($website->status == $website::STATUS_VALIDATED) {
print '<input type="submit" class="buttonDelete bordertransp" name="deletesite" value="'.$langs->trans("Delete").'" disabled="disabled" title="'.dol_escape_htmltag($langs->trans("WebsiteMustBeDisabled")).'">';
} else {
print '<input type="submit" class="buttonDelete bordertransp" name="deletesite" value="'.$langs->trans("Delete").'"'.($atleastonepage ? ' disabled="disabled"' : '').'>';
print '<input type="submit" class="buttonDelete bordertransp" name="deletesite" value="'.$langs->trans("Delete").'">';
}
// Regenerate all pages