diff --git a/htdocs/accountancy/admin/accountmodel.php b/htdocs/accountancy/admin/accountmodel.php index 9f873195465..201898dedd1 100644 --- a/htdocs/accountancy/admin/accountmodel.php +++ b/htdocs/accountancy/admin/accountmodel.php @@ -39,7 +39,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php'; -if (!empty($conf->accounting->enabled)) { +if (isModEnabled('accounting')) { require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php'; } @@ -126,7 +126,7 @@ $tabrowid[31] = ""; // Condition to show dictionary in setup page $tabcond = array(); -$tabcond[31] = !empty($conf->accounting->enabled); +$tabcond[31] = isModEnabled('accounting'); // List of help for fields $tabhelp = array(); diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index c0439445261..ea613ea38cd 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -111,7 +111,7 @@ $tabrowid[32] = ""; // Condition to show dictionary in setup page $tabcond = array(); -$tabcond[32] = !empty($conf->accounting->enabled); +$tabcond[32] = isModEnabled('accounting'); // List of help for fields $tabhelp = array(); @@ -875,7 +875,7 @@ function fieldListAccountingCategories($fieldlist, $obj = '', $tabname = '', $co $formadmin = new FormAdmin($db); $formcompany = new FormCompany($db); - if (!empty($conf->accounting->enabled)) { + if (isModEnabled('accounting')) { $formaccounting = new FormAccounting($db); } diff --git a/htdocs/accountancy/admin/defaultaccounts.php b/htdocs/accountancy/admin/defaultaccounts.php index 895437ab58b..afd7724713d 100644 --- a/htdocs/accountancy/admin/defaultaccounts.php +++ b/htdocs/accountancy/admin/defaultaccounts.php @@ -81,22 +81,22 @@ $list_account[] = '---Others---'; $list_account[] = 'ACCOUNTING_VAT_BUY_ACCOUNT'; $list_account[] = 'ACCOUNTING_VAT_SOLD_ACCOUNT'; $list_account[] = 'ACCOUNTING_VAT_PAY_ACCOUNT'; -if (!empty($conf->banque->enabled)) { +if (isModEnabled('banque')) { $list_account[] = 'ACCOUNTING_ACCOUNT_TRANSFER_CASH'; } -if (!empty($conf->don->enabled)) { +if (isModEnabled('don')) { $list_account[] = 'DONATION_ACCOUNTINGACCOUNT'; } -if (!empty($conf->adherent->enabled)) { +if (isModEnabled('adherent')) { $list_account[] = 'ADHERENT_SUBSCRIPTION_ACCOUNTINGACCOUNT'; } -if (!empty($conf->loan->enabled)) { +if (isModEnabled('loan')) { $list_account[] = 'LOAN_ACCOUNTING_ACCOUNT_CAPITAL'; $list_account[] = 'LOAN_ACCOUNTING_ACCOUNT_INTEREST'; $list_account[] = 'LOAN_ACCOUNTING_ACCOUNT_INSURANCE'; } $list_account[] = 'ACCOUNTING_ACCOUNT_SUSPENSE'; -if (!empty($conf->societe->enabled)) { +if (isModEnabled('societe')) { $list_account[] = '---Deposits---'; } @@ -266,7 +266,7 @@ print $formaccounting->select_account(getDolGlobalString('ACCOUNTING_ACCOUNT_CUS print ''; print ''; -if (!empty($conf->societe->enabled) && getDolGlobalString('ACCOUNTING_ACCOUNT_CUSTOMER_DEPOSIT') && getDolGlobalString('ACCOUNTING_ACCOUNT_CUSTOMER_DEPOSIT') != '-1') { +if (isModEnabled('societe') && getDolGlobalString('ACCOUNTING_ACCOUNT_CUSTOMER_DEPOSIT') && getDolGlobalString('ACCOUNTING_ACCOUNT_CUSTOMER_DEPOSIT') != '-1') { print ''; print '' . img_picto('', 'bill', 'class="pictofixedwidth"') . $langs->trans("UseAuxiliaryAccountOnCustomerDeposit") . ''; if (getDolGlobalInt('ACCOUNTING_ACCOUNT_CUSTOMER_USE_AUXILIARY_ON_DEPOSIT')) { diff --git a/htdocs/accountancy/admin/journals_list.php b/htdocs/accountancy/admin/journals_list.php index 39300579d5f..3ea90e283ce 100644 --- a/htdocs/accountancy/admin/journals_list.php +++ b/htdocs/accountancy/admin/journals_list.php @@ -123,7 +123,7 @@ $tabrowid[35] = ""; // Condition to show dictionary in setup page $tabcond = array(); -$tabcond[35] = !empty($conf->accounting->enabled); +$tabcond[35] = isModEnabled('accounting'); // List of help for fields $tabhelp = array(); diff --git a/htdocs/accountancy/bookkeeping/balance.php b/htdocs/accountancy/bookkeeping/balance.php index 7a65fa0ffaa..2e91cea39b8 100644 --- a/htdocs/accountancy/bookkeeping/balance.php +++ b/htdocs/accountancy/bookkeeping/balance.php @@ -142,7 +142,7 @@ if (!empty($search_ledger_code)) { } } -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/accountancy/bookkeeping/card.php b/htdocs/accountancy/bookkeeping/card.php index 7c8c0dca547..c2071e76cea 100644 --- a/htdocs/accountancy/bookkeeping/card.php +++ b/htdocs/accountancy/bookkeeping/card.php @@ -79,7 +79,7 @@ if (!empty($update)) { $object = new BookKeeping($db); // Security check -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index bc229dd69f7..aa5e8dfc257 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -214,7 +214,7 @@ if (empty($listofformat[$formatexportset])) { $error = 0; -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/accountancy/bookkeeping/listbyaccount.php b/htdocs/accountancy/bookkeeping/listbyaccount.php index bb864fc39e3..0bd1c06aab8 100644 --- a/htdocs/accountancy/bookkeeping/listbyaccount.php +++ b/htdocs/accountancy/bookkeeping/listbyaccount.php @@ -187,7 +187,7 @@ if ($search_date_end && empty($search_date_endyear)) { $search_date_endday = $tmparray['mday']; } -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/accountancy/class/accountingjournal.class.php b/htdocs/accountancy/class/accountingjournal.class.php index c8948b05012..3c83e03ee55 100644 --- a/htdocs/accountancy/class/accountingjournal.class.php +++ b/htdocs/accountancy/class/accountingjournal.class.php @@ -429,7 +429,7 @@ class AccountingJournal extends CommonObject { global $conf, $langs; - if (empty($conf->asset->enabled)) { + if (!isModEnabled('asset')) { return array(); } diff --git a/htdocs/accountancy/closure/index.php b/htdocs/accountancy/closure/index.php index 999e2ce5bd1..c4b5540fcc8 100644 --- a/htdocs/accountancy/closure/index.php +++ b/htdocs/accountancy/closure/index.php @@ -57,7 +57,7 @@ $search_date_end = dol_get_last_day($year_end, $month_end); $year_current = $year_start; // Security check -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/accountancy/customer/card.php b/htdocs/accountancy/customer/card.php index 296d6729301..0b3435ecb92 100644 --- a/htdocs/accountancy/customer/card.php +++ b/htdocs/accountancy/customer/card.php @@ -38,7 +38,7 @@ $codeventil = GETPOST('codeventil', 'int'); $id = GETPOST('id', 'int'); // Security check -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/accountancy/customer/index.php b/htdocs/accountancy/customer/index.php index 0eca61c72c1..06db5cedd0e 100644 --- a/htdocs/accountancy/customer/index.php +++ b/htdocs/accountancy/customer/index.php @@ -40,7 +40,7 @@ $validatemonth = GETPOST('validatemonth', 'int'); $validateyear = GETPOST('validateyear', 'int'); // Security check -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { @@ -77,7 +77,7 @@ $action = GETPOST('action', 'aZ09'); $chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version'); // Security check -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { @@ -622,7 +622,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) { // This part of code looks strange print ''; - if (!empty($conf->margin->enabled)) { + if (isModEnabled('margin')) { print "
\n"; print '
'; print ''; diff --git a/htdocs/accountancy/customer/lines.php b/htdocs/accountancy/customer/lines.php index 4a8080ab8b4..469f29ad3c7 100644 --- a/htdocs/accountancy/customer/lines.php +++ b/htdocs/accountancy/customer/lines.php @@ -85,7 +85,7 @@ if (!$sortorder) { } // Security check -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/accountancy/customer/list.php b/htdocs/accountancy/customer/list.php index b2a127e86a4..4038bb4b5bc 100644 --- a/htdocs/accountancy/customer/list.php +++ b/htdocs/accountancy/customer/list.php @@ -104,7 +104,7 @@ $accountingAccount = new AccountingAccount($db); $chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version'); // Security check -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/accountancy/expensereport/card.php b/htdocs/accountancy/expensereport/card.php index 7c2310ccce4..0255e019138 100644 --- a/htdocs/accountancy/expensereport/card.php +++ b/htdocs/accountancy/expensereport/card.php @@ -42,7 +42,7 @@ $codeventil = GETPOST('codeventil', 'int'); $id = GETPOST('id', 'int'); // Security check -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/accountancy/expensereport/index.php b/htdocs/accountancy/expensereport/index.php index 08657fe7a62..d0b25bdffd2 100644 --- a/htdocs/accountancy/expensereport/index.php +++ b/htdocs/accountancy/expensereport/index.php @@ -58,7 +58,7 @@ $year_current = $year_start; $action = GETPOST('action', 'aZ09'); // Security check -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/accountancy/expensereport/lines.php b/htdocs/accountancy/expensereport/lines.php index 005783ed7a8..926d03f9235 100644 --- a/htdocs/accountancy/expensereport/lines.php +++ b/htdocs/accountancy/expensereport/lines.php @@ -79,7 +79,7 @@ if (!$sortorder) { } // Security check -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index 880af769183..7a02d0b4564 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -97,7 +97,7 @@ $accounting = new AccountingAccount($db); $chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version'); // Security check -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php index 27ffb681ae0..f3049206389 100644 --- a/htdocs/accountancy/journal/bankjournal.php +++ b/htdocs/accountancy/journal/bankjournal.php @@ -83,7 +83,7 @@ $now = dol_now(); $action = GETPOST('action', 'aZ09'); // Security check -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/accountancy/journal/expensereportsjournal.php b/htdocs/accountancy/journal/expensereportsjournal.php index dbd1c892086..d38e49c390e 100644 --- a/htdocs/accountancy/journal/expensereportsjournal.php +++ b/htdocs/accountancy/journal/expensereportsjournal.php @@ -58,7 +58,7 @@ if ($in_bookkeeping == '') { $now = dol_now(); // Security check -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/accountancy/journal/purchasesjournal.php b/htdocs/accountancy/journal/purchasesjournal.php index e4c292d2670..70741aca5d1 100644 --- a/htdocs/accountancy/journal/purchasesjournal.php +++ b/htdocs/accountancy/journal/purchasesjournal.php @@ -61,7 +61,7 @@ $hookmanager->initHooks(array('purchasesjournal')); $parameters = array(); // Security check -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/accountancy/journal/sellsjournal.php b/htdocs/accountancy/journal/sellsjournal.php index 599eeb627b5..107dda05f4a 100644 --- a/htdocs/accountancy/journal/sellsjournal.php +++ b/htdocs/accountancy/journal/sellsjournal.php @@ -63,7 +63,7 @@ $hookmanager->initHooks(array('sellsjournal')); $parameters = array(); // Security check -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/accountancy/journal/variousjournal.php b/htdocs/accountancy/journal/variousjournal.php index af32b85d8fa..d737925f2c3 100644 --- a/htdocs/accountancy/journal/variousjournal.php +++ b/htdocs/accountancy/journal/variousjournal.php @@ -83,7 +83,7 @@ if (!is_array($journal_data)) { } // Security check -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/accountancy/supplier/card.php b/htdocs/accountancy/supplier/card.php index 05d32d0cec5..306b88d11ea 100644 --- a/htdocs/accountancy/supplier/card.php +++ b/htdocs/accountancy/supplier/card.php @@ -42,7 +42,7 @@ $codeventil = GETPOST('codeventil', 'int'); $id = GETPOST('id', 'int'); // Security check -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/accountancy/supplier/lines.php b/htdocs/accountancy/supplier/lines.php index c142361155d..1edbe83eefb 100644 --- a/htdocs/accountancy/supplier/lines.php +++ b/htdocs/accountancy/supplier/lines.php @@ -89,7 +89,7 @@ if (!$sortorder) { $formaccounting = new FormAccounting($db); // Security check -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php index f274a5432dc..d14beb84cc2 100644 --- a/htdocs/accountancy/supplier/list.php +++ b/htdocs/accountancy/supplier/list.php @@ -106,7 +106,7 @@ $accountingAccount = new AccountingAccount($db); $chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version'); // Security check -if (empty($conf->accounting->enabled)) { +if (!isModEnabled('accounting')) { accessforbidden(); } if ($user->socid > 0) { diff --git a/htdocs/adherents/agenda.php b/htdocs/adherents/agenda.php index 5aeb3a281cf..204ba1b8f20 100644 --- a/htdocs/adherents/agenda.php +++ b/htdocs/adherents/agenda.php @@ -130,7 +130,7 @@ if ($object->id > 0) { llxHeader("", $title, $help_url); - if (!empty($conf->notification->enabled)) { + if (isModEnabled('notification')) { $langs->load("mails"); } $head = member_prepare_head($object); diff --git a/htdocs/adherents/document.php b/htdocs/adherents/document.php index 3dcab7a9c4c..c8282179fe5 100644 --- a/htdocs/adherents/document.php +++ b/htdocs/adherents/document.php @@ -128,7 +128,7 @@ if ($id > 0) { $totalsize += $file['size']; } - if (!empty($conf->notification->enabled)) { + if (isModEnabled('notification')) { $langs->load("mails"); } diff --git a/htdocs/adherents/htpasswd.php b/htdocs/adherents/htpasswd.php index 60639193295..0a7073f96b0 100644 --- a/htdocs/adherents/htpasswd.php +++ b/htdocs/adherents/htpasswd.php @@ -33,7 +33,7 @@ $sortfield = GETPOST('sortfield', 'alphanohtml'); $sortorder = GETPOST('sortorder', 'aZ09'); // Security check -if (empty($conf->adherent->enabled)) { +if (!isModEnabled('adherent')) { accessforbidden(); } if (empty($user->rights->adherent->export)) { diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index 1995485eb4e..f9208daf70d 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -659,7 +659,7 @@ if ($sall) { // Filter on categories $moreforfilter = ''; -if (!empty($conf->categorie->enabled) && $user->rights->categorie->lire) { +if (isModEnabled('categorie') && $user->rights->categorie->lire) { require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; $moreforfilter .= '
'; $moreforfilter .= img_picto($langs->trans('Categories'), 'category', 'class="pictofixedlength"').$formother->select_categories(Categorie::TYPE_MEMBER, $search_categ, 'search_categ', 1); diff --git a/htdocs/adherents/partnership.php b/htdocs/adherents/partnership.php index a01e7d28ed2..bc21d4b6333 100644 --- a/htdocs/adherents/partnership.php +++ b/htdocs/adherents/partnership.php @@ -88,7 +88,7 @@ $upload_dir = $conf->partnership->multidir_output[isset($object->entity) ? $o if (getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR') != 'member') { accessforbidden('Partnership module is not activated for members'); } -if (empty($conf->partnership->enabled)) { +if (!isModEnabled('partnership')) { accessforbidden(); } if (empty($permissiontoread)) { diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index 8a480ea49ca..ad4befadad6 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -418,6 +418,11 @@ print '
'; print load_fiche_titre($langs->trans("OtherSetup"), '', 'folder'); +print 'MAIN_ALLOW_SVG_FILES_AS_IMAGES = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES).'   ('.$langs->trans("Recommended").': 0)
'; +print '
'; + +print 'MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE = '.(empty($conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE).'   ('.$langs->trans("Recommended").': 1)
'; +print '
'; //print ''.$langs->trans("PasswordEncryption").': '; print 'MAIN_SECURITY_HASH_ALGO = '.(empty($conf->global->MAIN_SECURITY_HASH_ALGO) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_HASH_ALGO)."   "; @@ -443,13 +448,7 @@ print '
'; print 'MAIN_SECURITY_ANTI_SSRF_SERVER_IP = '.(empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': List of static IPs of server separated with coma - '.$langs->trans("Note").': common loopback ip like 127.*.*.*, [::1] are already added)' : $conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP)."
"; print '
'; -print 'MAIN_ALLOW_SVG_FILES_AS_IMAGES = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES).'   ('.$langs->trans("Recommended").': 0)
'; -print '
'; - -print 'MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE = '.(empty($conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE).'   ('.$langs->trans("Recommended").': 1)
'; -print '
'; - -print 'MAIN_SECURITY_CSRF_WITH_TOKEN = '.(empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN).'   ('.$langs->trans("Recommended").': 2)'."
"; +print 'MAIN_SECURITY_CSRF_WITH_TOKEN = '.(empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN).'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 2)'."
"; print '
'; print '
'; @@ -458,15 +457,6 @@ print '
'; print load_fiche_titre($langs->trans("OtherSetup").' ('.$langs->trans("Experimental").')', '', 'folder'); -print 'MAIN_RESTRICTHTML_ONLY_VALID_HTML = '.(empty($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': 1)' : $conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML)."
"; -print '
'; - -print 'MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = '.(empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': 1)' : $conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)."
"; -print '
'; - -print 'MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL = '.(empty($conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)' : $conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL)."
"; -print '
'; - print 'MAIN_EXEC_USE_POPEN = '; if (empty($conf->global->MAIN_EXEC_USE_POPEN)) { print ''.$langs->trans("Undefined").''; @@ -483,7 +473,36 @@ if ($execmethod == 2) { print '   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 1)'; print ''; } -print "
"; +print '
'; +print '
'; + +print 'MAIN_RESTRICTHTML_ONLY_VALID_HTML = '.(empty($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': 1)' : $conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML)."
"; +print '
'; + +print 'MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = '.(empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': 1)' : $conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)."
"; +print '
'; + +print 'MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL = '.(empty($conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)' : $conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL)."
"; +print '
'; + +print 'MAIN_SECURITY_FORCECSP = '.(empty($conf->global->MAIN_SECURITY_FORCECSP) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_FORCECSP).'   ('.$langs->trans("Example").": \"default-src 'self'; img-src *;\")
"; +print '
'; + +print 'WEBSITE_MAIN_SECURITY_FORCECSP = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCECSP) ? ''.$langs->trans("Undefined").'' : $conf->global->WEBSITE_MAIN_SECURITY_FORCECSP).'   ('.$langs->trans("Example").": \"default-src 'self'; style-src: https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src: https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src: *;\")
"; +print '
'; + +print 'MAIN_SECURITY_FORCERP = '.(empty($conf->global->MAIN_SECURITY_FORCERP) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_FORCERP).'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"same-origin\")
"; +print '
'; + +print 'WEBSITE_MAIN_SECURITY_FORCERP = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCERP) ? ''.$langs->trans("Undefined").'' : $conf->global->WEBSITE_MAIN_SECURITY_FORCERP).'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"strict-origin-when-cross-origin\")
"; +print '
'; + +print 'WEBSITE_MAIN_SECURITY_FORCESTS = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCESTS) ? ''.$langs->trans("Undefined").'' : $conf->global->WEBSITE_MAIN_SECURITY_FORCESTS).'   ('.$langs->trans("Example").": \"max-age=31536000; includeSubDomains\")
"; +print '
'; + +print 'WEBSITE_MAIN_SECURITY_FORCEPP = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCEPP) ? ''.$langs->trans("Undefined").'' : $conf->global->WEBSITE_MAIN_SECURITY_FORCEPP).'   ('.$langs->trans("Example").": \"camera: 'none'; microphone: 'none';\")
"; +print '
'; + print '
'; diff --git a/htdocs/bom/class/api_boms.class.php b/htdocs/bom/class/api_boms.class.php index 91af888ffd8..3c06a658b96 100644 --- a/htdocs/bom/class/api_boms.class.php +++ b/htdocs/bom/class/api_boms.class.php @@ -2,6 +2,7 @@ /* Copyright (C) 2015 Jean-François Ferry * Copyright (C) 2019 Maxime Kohlhaas * Copyright (C) 2020 Frédéric France + * Copyright (C) 2022 Christian Humpel * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -279,6 +280,178 @@ class Boms extends DolibarrApi ); } + /** + * Get lines of an BOM + * + * @param int $id Id of BOM + * + * @url GET {id}/lines + * + * @return array + */ + public function getLines($id) + { + if (!DolibarrApiAccess::$user->rights->bom->read) { + throw new RestException(401); + } + + $result = $this->bom->fetch($id); + if (!$result) { + throw new RestException(404, 'BOM not found'); + } + + if (!DolibarrApi::_checkAccessToResource('bom_bom', $this->bom->id)) { + throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); + } + $this->bom->getLinesArray(); + $result = array(); + foreach ($this->bom->lines as $line) { + array_push($result, $this->_cleanObjectDatas($line)); + } + return $result; + } + + /** + * Add a line to given BOM + * + * @param int $id Id of BOM to update + * @param array $request_data BOMLine data + * + * @url POST {id}/lines + * + * @return int + */ + public function postLine($id, $request_data = null) + { + if (!DolibarrApiAccess::$user->rights->bom->write) { + throw new RestException(401); + } + + $result = $this->bom->fetch($id); + if (!$result) { + throw new RestException(404, 'BOM not found'); + } + + if (!DolibarrApi::_checkAccessToResource('bom_bom', $this->bom->id)) { + throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); + } + + $request_data = (object) $request_data; + + $updateRes = $this->bom->addLine( + $request_data->fk_product, + $request_data->qty, + $request_data->qty_frozen, + $request_data->disable_stock_change, + $request_data->efficiency, + $request_data->position, + $request_data->fk_bom_child, + $request_data->import_key + ); + + if ($updateRes > 0) { + return $updateRes; + } else { + throw new RestException(400, $this->bom->error); + } + } + + /** + * Update a line to given BOM + * + * @param int $id Id of BOM to update + * @param int $lineid Id of line to update + * @param array $request_data BOMLine data + * + * @url PUT {id}/lines/{lineid} + * + * @return array|bool + */ + public function putLine($id, $lineid, $request_data = null) + { + if (!DolibarrApiAccess::$user->rights->bom->write) { + throw new RestException(401); + } + + $result = $this->bom->fetch($id); + if (!$result) { + throw new RestException(404, 'BOM not found'); + } + + if (!DolibarrApi::_checkAccessToResource('bom_bom', $this->bom->id)) { + throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); + } + + $request_data = (object) $request_data; + + $updateRes = $this->bom->updateLine( + $lineid, + $request_data->qty, + $request_data->qty_frozen, + $request_data->disable_stock_change, + $request_data->efficiency, + $request_data->position, + $request_data->fk_bom_child, + $request_data->import_key + ); + + if ($updateRes > 0) { + $result = $this->get($id); + unset($result->line); + return $this->_cleanObjectDatas($result); + } + return false; + } + + /** + * Delete a line to given BOM + * + * + * @param int $id Id of BOM to update + * @param int $lineid Id of line to delete + * + * @url DELETE {id}/lines/{lineid} + * + * @return int + * + * @throws RestException 401 + * @throws RestException 404 + * @throws RestException 500 + */ + public function deleteLine($id, $lineid) + { + if (!DolibarrApiAccess::$user->rights->bom->write) { + throw new RestException(401); + } + + $result = $this->bom->fetch($id); + if (!$result) { + throw new RestException(404, 'BOM not found'); + } + + if (!DolibarrApi::_checkAccessToResource('bom_bom', $this->bom->id)) { + throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); + } + + //Check the rowid is a line of current bom object + $lineIdIsFromObject = false; + foreach ($this->bom->lines as $bl) { + if ($bl->id == $lineid) { + $lineIdIsFromObject = true; + break; + } + } + if (!$lineIdIsFromObject) { + throw new RestException(500, 'Line to delete (rowid: '.$lineid.') is not a line of BOM (id: '.$this->bom->id.')'); + } + + $updateRes = $this->bom->deleteline(DolibarrApiAccess::$user, $lineid); + if ($updateRes > 0) { + return $this->get($id); + } else { + throw new RestException(405, $this->bom->error); + } + } // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore /** diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index 8adcac855c2..e774e4ddacf 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -502,6 +502,214 @@ class BOM extends CommonObject //return $this->deleteCommon($user, $notrigger, 1); } + /** + * Add an BOM line into database (linked to BOM) + * + * @param int $fk_product Id of product + * @param float $qty Quantity + * @param int $qty_frozen Frozen quantity + * @param int $disable_stock_change Disable stock change on using in MO + * @param float $efficiency Efficiency in MO + * @param int $position Position of BOM-Line in BOM-Lines + * @param int $fk_bom_child Id of BOM Child + * @param string $import_key Import Key + * @return int <0 if KO, Id of created object if OK + */ + public function addLine($fk_product, $qty, $qty_frozen = 0, $disable_stock_change = 0, $efficiency = 1.0, $position = -1, $fk_bom_child = null, $import_key = null) + { + + global $mysoc, $conf, $langs, $user; + + $logtext = "::addLine bomid=$this->id, qty=$qty, fk_product=$fk_product, qty_frozen=$qty_frozen, disable_stock_change=$disable_stock_change, efficiency=$efficiency"; + $logtext .= ", fk_bom_child=$fk_bom_child, import_key=$import_key"; + dol_syslog(get_class($this).$logtext, LOG_DEBUG); + + if ($this->statut == self::STATUS_DRAFT) { + include_once DOL_DOCUMENT_ROOT.'/core/lib/price.lib.php'; + + // Clean parameters + if (empty($qty)) { + $qty = 0; + } + if (empty($qty_frozen)) { + $qty_frozen = 0; + } + if (empty($disable_stock_change)) { + $disable_stock_change = 0; + } + if (empty($efficiency)) { + $efficiency = 1.0; + } + if (empty($fk_bom_child)) { + $fk_bom_child = null; + } + if (empty($import_key)) { + $import_key = null; + } + if (empty($position)) { + $position = -1; + } + + $qty = price2num($qty); + $efficiency = price2num($efficiency); + $position = price2num($position); + + $this->db->begin(); + + // Rank to use + $rangMax = $this->line_max(); + $rankToUse = $position; + if ($rankToUse <= 0 or $rankToUse > $rangMax) { // New line after existing lines + $rankToUse = $rangMax + 1; + } else { // New line between the existing lines + foreach ($this->lines as $bl) { + if ($bl->position >= $rankToUse) { + $bl->position++; + $bl->update($user); + } + } + } + + // Insert line + $this->line = new BOMLine($this->db); + + $this->line->context = $this->context; + + $this->line->fk_bom = $this->id; + $this->line->fk_product = $fk_product; + $this->line->qty = $qty; + $this->line->qty_frozen = $qty_frozen; + $this->line->disable_stock_change = $disable_stock_change; + $this->line->efficiency = $efficiency; + $this->line->fk_bom_child = $fk_bom_child; + $this->line->import_key = $import_key; + $this->line->position = $rankToUse; + + $result = $this->line->create($user); + + if ($result > 0) { + $this->calculateCosts(); + $this->db->commit(); + return $result; + } else { + $this->error = $this->line->error; + dol_syslog(get_class($this)."::addLine error=".$this->error, LOG_ERR); + $this->db->rollback(); + return -2; + } + } else { + dol_syslog(get_class($this)."::addLine status of BOM must be Draft to allow use of ->addLine()", LOG_ERR); + return -3; + } + } + + /** + * Update an BOM line into database + * + * @param int $rowid Id of line to update + * @param float $qty Quantity + * @param int $qty_frozen Frozen quantity + * @param int $disable_stock_change Disable stock change on using in MO + * @param float $efficiency Efficiency in MO + * @param int $position Position of BOM-Line in BOM-Lines + * @param int $fk_bom_child Id of BOM Child + * @param string $import_key Import Key + * @return int <0 if KO, Id of updated BOM-Line if OK + */ + public function updateLine($rowid, $qty, $qty_frozen = 0, $disable_stock_change = 0, $efficiency = 1.0, $position = -1, $fk_bom_child = null, $import_key = null) + { + + global $mysoc, $conf, $langs, $user; + + $logtext = "::updateLine bomid=$this->id, qty=$qty, qty_frozen=$qty_frozen, disable_stock_change=$disable_stock_change, efficiency=$efficiency"; + $logtext .= ", fk_bom_child=$fk_bom_child, import_key=$import_key"; + dol_syslog(get_class($this).$logtext, LOG_DEBUG); + + if ($this->statut == self::STATUS_DRAFT) { + include_once DOL_DOCUMENT_ROOT.'/core/lib/price.lib.php'; + + // Clean parameters + if (empty($qty)) { + $qty = 0; + } + if (empty($qty_frozen)) { + $qty_frozen = 0; + } + if (empty($disable_stock_change)) { + $disable_stock_change = 0; + } + if (empty($efficiency)) { + $efficiency = 1.0; + } + if (empty($fk_bom_child)) { + $fk_bom_child = null; + } + if (empty($import_key)) { + $import_key = null; + } + if (empty($position)) { + $position = -1; + } + + $qty = price2num($qty); + $efficiency = price2num($efficiency); + $position = price2num($position); + + $this->db->begin(); + + //Fetch current line from the database and then clone the object and set it in $oldline property + $line = new BOMLine($this->db); + $line->fetch($rowid); + $line->fetch_optionals(); + + $staticLine = clone $line; + $line->oldcopy = $staticLine; + $this->line = $line; + $this->line->context = $this->context; + + // Rank to use + $rankToUse = (int) $position; + if ($rankToUse != $line->oldcopy->position) { // check if position have a new value + foreach ($this->lines as $bl) { + if ($bl->position >= $rankToUse AND $bl->position < ($line->oldcopy->position + 1)) { // move rank up + $bl->position++; + $bl->update($user); + } + if ($bl->position <= $rankToUse AND $bl->position > ($line->oldcopy->position)) { // move rank down + $bl->position--; + $bl->update($user); + } + } + } + + + $this->line->fk_bom = $this->id; + $this->line->qty = $qty; + $this->line->qty_frozen = $qty_frozen; + $this->line->disable_stock_change = $disable_stock_change; + $this->line->efficiency = $efficiency; + $this->line->fk_bom_child = $fk_bom_child; + $this->line->import_key = $import_key; + $this->line->position = $rankToUse; + + $result = $this->line->update($user); + + if ($result > 0) { + $this->calculateCosts(); + $this->db->commit(); + return $result; + } else { + $this->error = $this->line->error; + dol_syslog(get_class($this)."::addLine error=".$this->error, LOG_ERR); + $this->db->rollback(); + return -2; + } + } else { + dol_syslog(get_class($this)."::addLine status of BOM must be Draft to allow use of ->addLine()", LOG_ERR); + return -3; + } + } + /** * Delete a line of object in database * @@ -517,7 +725,38 @@ class BOM extends CommonObject return -2; } - return $this->deleteLineCommon($user, $idline, $notrigger); + $this->db->begin(); + + //Fetch current line from the database and then clone the object and set it in $oldline property + $line = new BOMLine($this->db); + $line->fetch($idline); + $line->fetch_optionals(); + + $staticLine = clone $line; + $line->oldcopy = $staticLine; + $this->line = $line; + $this->line->context = $this->context; + + $result = $this->line->delete($user, $notrigger); + + //Positions (rank) reordering + foreach ($this->lines as $bl) { + if ($bl->position > ($line->oldcopy->position)) { // move rank down + $bl->position--; + $bl->update($user); + } + } + + if ($result > 0) { + $this->calculateCosts(); + $this->db->commit(); + return $result; + } else { + $this->error = $this->line->error; + dol_syslog(get_class($this)."::addLine error=".$this->error, LOG_ERR); + $this->db->rollback(); + return -2; + } } /** diff --git a/htdocs/core/ajax/check_notifications.php b/htdocs/core/ajax/check_notifications.php index a5efb52e787..96a33f1f099 100644 --- a/htdocs/core/ajax/check_notifications.php +++ b/htdocs/core/ajax/check_notifications.php @@ -39,25 +39,6 @@ if (!defined('NOREQUIRETRAN')) { define('NOREQUIRETRAN', '1'); } -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session) -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', '1'); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("XFRAMEOPTIONS_ALLOWALL")) define('XFRAMEOPTIONS_ALLOWALL', '1'); // Do not add the HTTP header 'X-Frame-Options: SAMEORIGIN' but 'X-Frame-Options: ALLOWALL' - - require '../../main.inc.php'; //$time = (int) GETPOST('time', 'int'); // Use the time parameter that is always increased by time_update, even if call is late diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 8ef4fb4ede6..f2f60588b3c 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -3310,8 +3310,8 @@ function dol_print_phone($phone, $countrycode = '', $cid = 0, $socid = 0, $addli $newphone = substr($newphone, 0, 5).$separ.substr($newphone, 5, 3).$separ.substr($newphone, 8, 4); } } elseif (strtoupper($countrycode) == "MG") {//Madagascar - if (dol_strlen($phone) == 13) {//ex: +261_AB_CD_EF_GHI - $newphone = substr($newphone, 0, 4).$separ.substr($newphone, 4, 2).$separ.substr($newphone, 6, 2).$separ.substr($newphone, 8, 2).$separ.substr($newphone, 10, 3); + if (dol_strlen($phone) == 13) {//ex: +261_AB_CD_EFG_HI + $newphone = substr($newphone, 0, 4).$separ.substr($newphone, 4, 2).$separ.substr($newphone, 6, 2).$separ.substr($newphone, 8, 3).$separ.substr($newphone, 11, 2); } } elseif (strtoupper($countrycode) == "GB") {//Royaume uni if (dol_strlen($phone) == 13) {//ex: +44_ABCD_EFG_HIJ diff --git a/htdocs/core/website.inc.php b/htdocs/core/website.inc.php index 8205696751b..3bbfe225bee 100644 --- a/htdocs/core/website.inc.php +++ b/htdocs/core/website.inc.php @@ -82,10 +82,82 @@ if ($pageid > 0) { } if (!defined('USEDOLIBARRSERVER') && !defined('USEDOLIBARREDITOR')) { + // Security options + + // X-Content-Type-Options header("X-Content-Type-Options: nosniff"); + + // X-Frame-Options if (empty($websitepage->allowed_in_frames) && empty($conf->global->WEBSITE_ALLOW_FRAMES_ON_ALL_PAGES)) { header("X-Frame-Options: SAMEORIGIN"); } + + // X-XSS-Protection + //header("X-XSS-Protection: 1"); // XSS filtering protection of some browsers (note: use of Content-Security-Policy is more efficient). Disabled as deprecated. + + // Content-Security-Policy + if (!defined('WEBSITE_MAIN_SECURITY_FORCECSP')) { + // The constant WEBSITE_MAIN_SECURITY_FORCECSP should never be defined by page, but the variable used just after may be + + // A default security policy that keep usage of js external component like ckeditor, stripe, google, working + // $contentsecuritypolicy = "font-src *; img-src *; style-src * 'unsafe-inline' 'unsafe-eval'; default-src 'self' *.stripe.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.stripe.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' *.stripe.com; connect-src 'self';"; + $contentsecuritypolicy = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCECSP'); + + if (!is_object($hookmanager)) { + $hookmanager = new HookManager($db); + } + $hookmanager->initHooks(array("main")); + + $parameters = array('contentsecuritypolicy'=>$contentsecuritypolicy); + $result = $hookmanager->executeHooks('setContentSecurityPolicy', $parameters); // Note that $action and $object may have been modified by some hooks + if ($result > 0) { + $contentsecuritypolicy = $hookmanager->resPrint; // Replace CSP + } else { + $contentsecuritypolicy .= $hookmanager->resPrint; // Concat CSP + } + + if (!empty($contentsecuritypolicy)) { + // For example: to restrict to only local resources, except for css (cloudflare+google), and js (transifex + google tags) and object/iframe (youtube) + // default-src 'self'; style-src: https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src: https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src: *; + // For example, to restrict everything to itself except img that can be on other servers: + // default-src 'self'; img-src *; + // Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins: + // default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' + header("Content-Security-Policy: ".$contentsecuritypolicy); + } + } + + // Referrer-Policy + if (!defined('WEBSITE_MAIN_SECURITY_FORCERP')) { + // The constant WEBSITE_MAIN_SECURITY_FORCERP should never be defined by page, but the variable used just after may be + + // For public web sites, we use the same default value than "strict-origin-when-cross-origin" + $referrerpolicy = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCERP', "strict-origin-when-cross-origin"); + + header("Referrer-Policy: ".$referrerpolicy); + } + + // Strict-Transport-Security + if (!defined('WEBSITE_MAIN_SECURITY_FORCESTS')) { + // The constant WEBSITE_MAIN_SECURITY_FORCESTS should never be defined by page, but the variable used just after may be + + // Example: "max-age=31536000; includeSubDomains" + $sts = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCESTS'); + if (!empty($sts)) { + header("Strict-Transport-Security: ".$sts); + } + } + + // Permissions-Policy (old name was Feature-Policy) + if (!defined('WEBSITE_MAIN_SECURITY_FORCEPP')) { + // The constant WEBSITE_MAIN_SECURITY_FORCEPP should never be defined by page, but the variable used just after may be + + // Example: "camera: 'none'; microphone: 'none';" + $pp = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCEPP'); + if (!empty($pp)) { + header("Permissions-Policy: ".$pp); + } + } } // A lang was forced, so we change weblangs init diff --git a/htdocs/index.php b/htdocs/index.php index e5eb356c0ef..7d330f61ffa 100644 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -255,19 +255,19 @@ if (empty($conf->global->MAIN_DISABLE_GLOBAL_WORKBOARD)) { // Number of cheque to send if (isModEnabled('banque') && empty($conf->global->MAIN_DISABLE_BLOCK_BANK) && $user->hasRight('banque', 'lire') && !$user->socid) { if (empty($conf->global->BANK_DISABLE_CHECK_DEPOSIT)) { - include_once DOL_DOCUMENT_ROOT.'/compta/paiement/cheque/class/remisecheque.class.php'; + include_once DOL_DOCUMENT_ROOT . '/compta/paiement/cheque/class/remisecheque.class.php'; $board = new RemiseCheque($db); $dashboardlines[$board->element] = $board->load_board($user); } - if (!empty($conf->prelevement->enabled)) { - include_once DOL_DOCUMENT_ROOT.'/compta/prelevement/class/bonprelevement.class.php'; + if (isModEnabled('prelevement')) { + include_once DOL_DOCUMENT_ROOT . '/compta/prelevement/class/bonprelevement.class.php'; $board = new BonPrelevement($db); - $dashboardlines[$board->element.'_direct_debit'] = $board->load_board($user, 'direct_debit'); + $dashboardlines[$board->element . '_direct_debit'] = $board->load_board($user, 'direct_debit'); } - if (!empty($conf->paymentbybanktransfer->enabled)) { - include_once DOL_DOCUMENT_ROOT.'/compta/prelevement/class/bonprelevement.class.php'; + if (isModEnabled('paymentbybanktransfer')) { + include_once DOL_DOCUMENT_ROOT . '/compta/prelevement/class/bonprelevement.class.php'; $board = new BonPrelevement($db); - $dashboardlines[$board->element.'_credit_transfer'] = $board->load_board($user, 'credit_transfer'); + $dashboardlines[$board->element . '_credit_transfer'] = $board->load_board($user, 'credit_transfer'); } } diff --git a/htdocs/install/doctemplates/websites/website_template-style03.zip b/htdocs/install/doctemplates/websites/website_template-style03.zip index 1d6af1e04f4..f831b789e34 100644 Binary files a/htdocs/install/doctemplates/websites/website_template-style03.zip and b/htdocs/install/doctemplates/websites/website_template-style03.zip differ diff --git a/htdocs/install/doctemplates/websites/website_template-style04.png b/htdocs/install/doctemplates/websites/website_template-style04.png new file mode 100644 index 00000000000..26325e7e795 Binary files /dev/null and b/htdocs/install/doctemplates/websites/website_template-style04.png differ diff --git a/htdocs/install/doctemplates/websites/website_template-style04.zip b/htdocs/install/doctemplates/websites/website_template-style04.zip new file mode 100644 index 00000000000..322c9d34ece Binary files /dev/null and b/htdocs/install/doctemplates/websites/website_template-style04.zip differ diff --git a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql index fc6fd86420a..9aeae78de02 100644 --- a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql +++ b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql @@ -84,3 +84,5 @@ ALTER TABLE llx_societe ADD last_main_doc VARCHAR(255) NULL AFTER model_pdf; ALTER TABLE llx_ticket ADD COLUMN ip varchar(250); ALTER TABLE llx_ticket ADD email_date datetime after email_msgid; + +ALTER TABLE llx_cronjob ADD COLUMN pid integer; diff --git a/htdocs/install/mysql/tables/llx_cronjob.sql b/htdocs/install/mysql/tables/llx_cronjob.sql index 27e8a31cc9a..012801c28bb 100644 --- a/htdocs/install/mysql/tables/llx_cronjob.sql +++ b/htdocs/install/mysql/tables/llx_cronjob.sql @@ -47,6 +47,7 @@ CREATE TABLE llx_cronjob autodelete integer DEFAULT 0, -- 0=Job is kept unchanged once nbrun > maxrun or date > dateend, 2=Job must be archived (archive = status 2) once nbrun > maxrun or date > dateend status integer NOT NULL DEFAULT 1, -- 0=disabled, 1=enabled, 2=archived processing integer NOT NULL DEFAULT 0, -- 1=process currently running + pid integer, -- The cronjob PID, NULL if not in processing test varchar(255) DEFAULT '1', fk_user_author integer DEFAULT NULL, fk_user_mod integer DEFAULT NULL, diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 2415322ff1f..675d7273c51 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -1412,21 +1412,27 @@ function top_httphead($contenttype = 'text/html', $forcenocache = 0) } // Security options + + // X-Content-Type-Options header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on) + + // X-Frame-Options if (!defined('XFRAMEOPTIONS_ALLOWALL')) { header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks) } else { header("X-Frame-Options: ALLOWALL"); } + + // X-XSS-Protection //header("X-XSS-Protection: 1"); // XSS filtering protection of some browsers (note: use of Content-Security-Policy is more efficient). Disabled as deprecated. - if (!defined('FORCECSP')) { - //if (! isset($conf->global->MAIN_HTTP_CONTENT_SECURITY_POLICY)) - //{ - // // A default security policy that keep usage of js external component like ckeditor, stripe, google, working + + // Content-Security-Policy + if (!defined('MAIN_SECURITY_FORCECSP')) { + // If CSP not forced from the page + + // A default security policy that keep usage of js external component like ckeditor, stripe, google, working // $contentsecuritypolicy = "font-src *; img-src *; style-src * 'unsafe-inline' 'unsafe-eval'; default-src 'self' *.stripe.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.stripe.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' *.stripe.com; connect-src 'self';"; - //} - //else - $contentsecuritypolicy = empty($conf->global->MAIN_HTTP_CONTENT_SECURITY_POLICY) ? '' : $conf->global->MAIN_HTTP_CONTENT_SECURITY_POLICY; + $contentsecuritypolicy = getDolGlobalString('MAIN_SECURITY_FORCECSP'); if (!is_object($hookmanager)) { $hookmanager = new HookManager($db); @@ -1448,17 +1454,29 @@ function top_httphead($contenttype = 'text/html', $forcenocache = 0) // default-src https://cdn.example.net; object-src 'none' // For example, to restrict everything to itself except img that can be on other servers: // default-src 'self'; img-src *; - // Pre-existing site that uses too much inline code to fix but wants to ensure resources are loaded only over https and disable plugins: - // default-src http: https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' + // Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins: + // default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' header("Content-Security-Policy: ".$contentsecuritypolicy); } - } elseif (constant('FORCECSP')) { - header("Content-Security-Policy: ".constant('FORCECSP')); + } else { + header("Content-Security-Policy: ".constant('MAIN_SECURITY_FORCECSP')); } + + // Referrer-Policy + // Say if we must provide the referrer when we jump onto another web page. + // Default browser are 'strict-origin-when-cross-origin', we want more so we use 'same-origin' so we don't send any referrer when going into another web site + if (!defined('MAIN_SECURITY_FORCERP')) { + $referrerpolicy = getDolGlobalString('MAIN_SECURITY_FORCERP', "same-origin"); + + header("Referrer-Policy: ".$referrerpolicy); + } + if ($forcenocache) { header("Cache-Control: no-cache, no-store, must-revalidate, max-age=0"); } - header("anti-csrf-token: ".newToken()); + + // No need to add this token in header, we use instead the one into the forms. + //header("anti-csrf-token: ".newToken()); } /** diff --git a/htdocs/modulebuilder/template/myobject_agenda.php b/htdocs/modulebuilder/template/myobject_agenda.php index 740d419719a..b37da30f229 100644 --- a/htdocs/modulebuilder/template/myobject_agenda.php +++ b/htdocs/modulebuilder/template/myobject_agenda.php @@ -39,7 +39,7 @@ //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler //if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies +//if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index b7a051c1bd9..0e1815fade1 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -39,7 +39,7 @@ //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler //if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies +//if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification //if (! defined('NOSESSION')) define('NOSESSION', '1'); // Disable session diff --git a/htdocs/modulebuilder/template/myobject_document.php b/htdocs/modulebuilder/template/myobject_document.php index df201c2653b..78d20a1863a 100644 --- a/htdocs/modulebuilder/template/myobject_document.php +++ b/htdocs/modulebuilder/template/myobject_document.php @@ -39,7 +39,7 @@ //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler //if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies +//if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index 380eab1ab6b..d9af4add8ce 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -39,7 +39,7 @@ //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler //if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies +//if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification //if (! defined('NOSESSION')) define('NOSESSION', '1'); // On CLI mode, no need to use web sessions diff --git a/htdocs/modulebuilder/template/myobject_note.php b/htdocs/modulebuilder/template/myobject_note.php index 368803a78a5..fb5a773be81 100644 --- a/htdocs/modulebuilder/template/myobject_note.php +++ b/htdocs/modulebuilder/template/myobject_note.php @@ -39,7 +39,7 @@ //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler //if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies +//if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification diff --git a/htdocs/product/stock/movement_list.php b/htdocs/product/stock/movement_list.php index 98b1d48014d..ad7be8d674b 100644 --- a/htdocs/product/stock/movement_list.php +++ b/htdocs/product/stock/movement_list.php @@ -942,12 +942,17 @@ if ($action == "transfert") { if ((empty($action) || $action == 'list') && $id > 0) { print "
\n"; - if ($user->rights->stock->mouvement->creer) { - print ''.$langs->trans("CorrectStock").''; - } + $parameters = array(); + $reshook = $hookmanager->executeHooks('addMoreActionsButtons', $parameters, $object, $action); // Note that $action and $object may have been + // modified by hook + if (empty($reshook)) { + if ($user->rights->stock->mouvement->creer) { + print ''.$langs->trans("CorrectStock").''; + } - if ($user->rights->stock->mouvement->creer) { - print ''.$langs->trans("TransferStock").''; + if ($user->rights->stock->mouvement->creer) { + print ''.$langs->trans("TransferStock").''; + } } print '

'; diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index 91833e95271..c8d10444711 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -467,7 +467,7 @@ if ($usevirtualstock) { $sqlProductionToConsume .= " AND mp5.role IN ('toconsume', 'consummed')"; $sqlProductionToConsume .= " AND mm5.status IN (1,2))"; - $sqlProductionToProduce = "(SELECT GREATEST(0, ".$db->ifsql("SUM(".$db->ifsql("mp5.role = 'toproduce'", 'mp5.qty', '- mp5.qty').") IS NULL", "0", "SUM(".$db->ifsql("mp5.role = 'toconsume'", 'mp5.qty', '- mp5.qty').")").") as qty"; // We need the ifsql because if result is 0 for product p.rowid, we must return 0 and not NULL + $sqlProductionToProduce = "(SELECT GREATEST(0, ".$db->ifsql("SUM(".$db->ifsql("mp5.role = 'toproduce'", 'mp5.qty', '- mp5.qty').") IS NULL", "0", "SUM(".$db->ifsql("mp5.role = 'toproduce'", 'mp5.qty', '- mp5.qty').")").") as qty"; // We need the ifsql because if result is 0 for product p.rowid, we must return 0 and not NULL $sqlProductionToProduce .= " FROM ".MAIN_DB_PREFIX."mrp_mo as mm5,"; $sqlProductionToProduce .= " ".MAIN_DB_PREFIX."mrp_production as mp5"; $sqlProductionToProduce .= " WHERE mm5.rowid = mp5.fk_mo AND mm5.entity IN (".getEntity(!empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'mo').")"; diff --git a/htdocs/product/stock/stocktransfer/stocktransfer_agenda.php b/htdocs/product/stock/stocktransfer/stocktransfer_agenda.php index ed494bb58b5..5396e87d142 100644 --- a/htdocs/product/stock/stocktransfer/stocktransfer_agenda.php +++ b/htdocs/product/stock/stocktransfer/stocktransfer_agenda.php @@ -1,7 +1,6 @@ * Copyright (C) 2021 Gauthier VERDOL - * Copyright (C) ---Put here your own copyright and developer email--- * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -23,21 +22,7 @@ * \brief Page of StockTransfer events */ -// Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { $i--; $j--; } -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) $res = @include "../main.inc.php"; -if (!$res && file_exists("../../main.inc.php")) $res = @include "../../main.inc.php"; -if (!$res && file_exists("../../../main.inc.php")) $res = @include "../../../main.inc.php"; -if (!$res) die("Include of main fails"); - +require '../../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; diff --git a/htdocs/product/stock/stocktransfer/stocktransfer_card.php b/htdocs/product/stock/stocktransfer/stocktransfer_card.php index b009ace7275..f9f02aea384 100644 --- a/htdocs/product/stock/stocktransfer/stocktransfer_card.php +++ b/htdocs/product/stock/stocktransfer/stocktransfer_card.php @@ -22,41 +22,7 @@ * \brief Page to create/edit/view stocktransfer */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION','1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION','1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK','1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN",'1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. -//if (! defined('NOIPCHECK')) define('NOIPCHECK','1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT','auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE','aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN',1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP','none'); // Disable all Content Security Policies - - -// Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { $i--; $j--; } -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) $res = @include "../main.inc.php"; -if (!$res && file_exists("../../main.inc.php")) $res = @include "../../main.inc.php"; -if (!$res && file_exists("../../../main.inc.php")) $res = @include "../../../main.inc.php"; -if (!$res) die("Include of main fails"); - +require '../../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; diff --git a/htdocs/product/stock/stocktransfer/stocktransfer_contact.php b/htdocs/product/stock/stocktransfer/stocktransfer_contact.php index 691d2ea2f9d..393a9b6517c 100644 --- a/htdocs/product/stock/stocktransfer/stocktransfer_contact.php +++ b/htdocs/product/stock/stocktransfer/stocktransfer_contact.php @@ -25,17 +25,7 @@ * \brief Tab to manage contacts/adresses of proposal */ -if (!$res && file_exists("../main.inc.php")) $res = @include "../main.inc.php"; -if (!$res && file_exists("../../main.inc.php")) $res = @include "../../main.inc.php"; -if (!$res && file_exists("../../../main.inc.php")) $res = @include "../../../main.inc.php"; -if (!$res) die("Include of main fails"); -require_once DOL_DOCUMENT_ROOT.'/product/stock/stocktransfer/class/stocktransfer.class.php'; -require_once DOL_DOCUMENT_ROOT.'/product/stock/stocktransfer/lib/stocktransfer_stocktransfer.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; -require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; - +require '../../../main.inc.php'; // Load translation files required by the page $langs->loadLangs(array('facture', 'orders', 'sendings', 'companies', 'stocks')); diff --git a/htdocs/product/stock/stocktransfer/stocktransfer_document.php b/htdocs/product/stock/stocktransfer/stocktransfer_document.php index e259cc93365..b196601d387 100644 --- a/htdocs/product/stock/stocktransfer/stocktransfer_document.php +++ b/htdocs/product/stock/stocktransfer/stocktransfer_document.php @@ -1,7 +1,6 @@ * Copyright (C) 2021 Gauthier VERDOL - * Copyright (C) ---Put here your own copyright and developer email--- * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -23,21 +22,7 @@ * \brief Tab for documents linked to StockTransfer */ -// Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { $i--; $j--; } -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) $res = @include "../main.inc.php"; -if (!$res && file_exists("../../main.inc.php")) $res = @include "../../main.inc.php"; -if (!$res && file_exists("../../../main.inc.php")) $res = @include "../../../main.inc.php"; -if (!$res) die("Include of main fails"); - +require '../../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php'; diff --git a/htdocs/product/stock/stocktransfer/stocktransfer_list.php b/htdocs/product/stock/stocktransfer/stocktransfer_list.php index 3ef27f37557..a2c726ca83b 100644 --- a/htdocs/product/stock/stocktransfer/stocktransfer_list.php +++ b/htdocs/product/stock/stocktransfer/stocktransfer_list.php @@ -23,50 +23,12 @@ * \brief List page for stocktransfer */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session) -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', '1'); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("XFRAMEOPTIONS_ALLOWALL")) define('XFRAMEOPTIONS_ALLOWALL', '1'); // Do not add the HTTP header 'X-Frame-Options: SAMEORIGIN' but 'X-Frame-Options: ALLOWALL' - -// Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { $i--; $j--; } -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) $res = @include "../main.inc.php"; -if (!$res && file_exists("../../main.inc.php")) $res = @include "../../main.inc.php"; -if (!$res && file_exists("../../../main.inc.php")) $res = @include "../../../main.inc.php"; -if (!$res) die("Include of main fails"); - +require '../../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php'; - -// load stocktransfer libraries -require_once __DIR__.'/class/stocktransfer.class.php'; - -// for other modules -//dol_include_once('/othermodule/class/otherobject.class.php'); +require_once DOL_DOCUMENT_ROOT.'/product/stock/stocktransfer/class/stocktransfer.class.php'; // Load translation files required by the page $langs->loadLangs(array("stocks", "other")); diff --git a/htdocs/product/stock/stocktransfer/stocktransfer_note.php b/htdocs/product/stock/stocktransfer/stocktransfer_note.php index 1932b685e24..18c192fe44c 100644 --- a/htdocs/product/stock/stocktransfer/stocktransfer_note.php +++ b/htdocs/product/stock/stocktransfer/stocktransfer_note.php @@ -1,7 +1,6 @@ * Copyright (C) 2021 Gauthier VERDOL - * Copyright (C) ---Put here your own copyright and developer email--- * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -23,21 +22,7 @@ * \brief Car with notes on StockTransfer */ -// Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { $i--; $j--; } -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) $res = @include "../main.inc.php"; -if (!$res && file_exists("../../main.inc.php")) $res = @include "../../main.inc.php"; -if (!$res && file_exists("../../../main.inc.php")) $res = @include "../../../main.inc.php"; -if (!$res) die("Include of main fails"); - +require '../../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/product/stock/stocktransfer/class/stocktransfer.class.php'; require_once DOL_DOCUMENT_ROOT.'/product/stock/stocktransfer/lib/stocktransfer_stocktransfer.lib.php'; diff --git a/htdocs/public/emailing/mailing-unsubscribe.php b/htdocs/public/emailing/mailing-unsubscribe.php index 7c85d9a2fc0..cd69132d1a8 100644 --- a/htdocs/public/emailing/mailing-unsubscribe.php +++ b/htdocs/public/emailing/mailing-unsubscribe.php @@ -45,22 +45,11 @@ if (!defined('NOIPCHECK')) { if (!defined("NOSESSION")) { define("NOSESSION", '1'); } - -/** - * Header empty - * - * @return void - */ -function llxHeader() -{ +if (! defined('NOREQUIREHTML')) { + define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php } -/** - * Footer empty - * - * @return void - */ -function llxFooter() -{ +if (! defined('NOREQUIREAJAX')) { + define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library } @@ -71,9 +60,7 @@ global $user, $conf, $langs; $langs->loadLangs(array("main", "mails")); -$mtid = GETPOST('mtid'); -$email = GETPOST('email'); -$tag = GETPOST('tag'); +$tag = GETPOST('tag'); // To retreive the emailing, and recipient $unsuscrib = GETPOST('unsuscrib'); $securitykey = GETPOST('securitykey'); @@ -84,104 +71,98 @@ $securitykey = GETPOST('securitykey'); dol_syslog("public/emailing/mailing-read.php : tag=".$tag." securitykey=".$securitykey, LOG_DEBUG); -if ($securitykey != $conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY) { +if ($securitykey != getDolGlobalString('MAILING_EMAIL_UNSUBSCRIBE_KEY')) { print 'Bad security key value.'; exit; } - -if (!empty($tag) && ($unsuscrib == '1')) { - dol_syslog("public/emailing/mailing-unsubscribe.php : Launch unsubscribe requests", LOG_DEBUG); - - $sql = "SELECT mc.rowid, mc.email, mc.statut, m.entity"; - $sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles as mc, ".MAIN_DB_PREFIX."mailing as m"; - $sql .= " WHERE mc.fk_mailing = m.rowid AND mc.tag='".$db->escape($tag)."'"; - - $resql = $db->query($sql); - if (!$resql) { - dol_print_error($db); - } - - $obj = $db->fetch_object($resql); - - if (empty($obj)) { - print 'Email target not valid. Operation canceled.'; - exit; - } - if (empty($obj->email)) { - print 'Email target not valid. Operation canceled.'; - exit; - } - if ($obj->statut == 3) { - print 'Email target already set to unsubscribe. Operation canceled.'; - exit; - } - // TODO Test that mtid and email match also with the one found from $tag - /* - if ($obj->email != $email) - { - print 'Email does not match tagnot found. No need to unsubscribe.'; - exit; - } - */ - - // Update status of mail in recipient mailing list table - $statut = '3'; - $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".((int) $statut)." WHERE tag = '".$db->escape($tag)."'"; - - $resql = $db->query($sql); - if (!$resql) { - dol_print_error($db); - } - - /* - // Update status communication of thirdparty prospect (old usage) - $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=-1 WHERE rowid IN (SELECT source_id FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE tag = '".$db->escape($tag)."' AND source_type='thirdparty' AND source_id is not null)"; - - $resql=$db->query($sql); - if (! $resql) dol_print_error($db); - - // Update status communication of contact prospect (old usage) - $sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET no_email=1 WHERE rowid IN (SELECT source_id FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE tag = '".$db->escape($tag)."' AND source_type='contact' AND source_id is not null)"; - - $resql=$db->query($sql); - if (! $resql) dol_print_error($db); - */ - - // Update status communication of email (new usage) - $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe (date_creat, entity, email, unsubscribegroup, ip) VALUES ('".$db->idate(dol_now())."', ".((int) $obj->entity).", '".$db->escape($obj->email)."', '', '".$db->escape(getUserRemoteIP())."')"; - - $resql = $db->query($sql); - //if (! $resql) dol_print_error($db); No test on errors, may fail if already unsubscribed - - - header("Content-type: text/html; charset=".$conf->file->character_set_client); - - // Security options - header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on) - header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks) - - print ''; - print "\n"; - print "\n"; - print "\n"; - print ''."\n"; - print ''."\n"; - print ''."\n"; - print "".$langs->trans("MailUnsubcribe")."\n"; - print ''."\n"; - print ''; - - print "\n"; - print ''."\n"; - print '
'; - print $langs->trans("YourMailUnsubcribeOK", $obj->email)."
\n"; - print '
'; - print "\n"; - print "\n"; +if (empty($tag) || ($unsuscrib != '1')) { + print 'Bad parameters'; + exit; } + +/* + * View + */ + +$head = ''; +$replacemainarea = (empty($conf->dol_hide_leftmenu) ? '
' : '').'
'; +llxHeader($head, $langs->trans("MailUnsubcribe"), '', '', 0, 0, '', '', '', 'onlinepaymentbody', $replacemainarea); + +dol_syslog("public/emailing/mailing-unsubscribe.php : Launch unsubscribe requests", LOG_DEBUG); + +$sql = "SELECT mc.rowid, mc.email, mc.statut, m.entity"; +$sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles as mc, ".MAIN_DB_PREFIX."mailing as m"; +$sql .= " WHERE mc.fk_mailing = m.rowid AND mc.tag = '".$db->escape($tag)."'"; + +$resql = $db->query($sql); +if (!$resql) { + dol_print_error($db); +} + +$obj = $db->fetch_object($resql); + +if (empty($obj)) { + print 'Email tag not found. Operation canceled.'; + llxFooter('', 'private'); + exit; +} +if (empty($obj->email)) { + print 'Email for this tag not valid. Operation canceled.'; + llxFooter('', 'private'); + exit; +} + +if ($obj->statut == 3) { + print 'Email tag already set to unsubscribe. Operation canceled.'; + llxFooter('', 'private'); + exit; +} +// TODO Test that mtid and email match also with the one found from $tag +/* +if ($obj->email != $email) +{ + print 'Email does not match tagnot found. No need to unsubscribe.'; + exit; +} +*/ + +// Update status of mail in recipient mailing list table +$statut = '3'; +$sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".((int) $statut)." WHERE tag = '".$db->escape($tag)."'"; + +$resql = $db->query($sql); +if (!$resql) { + dol_print_error($db); +} + +/* +// Update status communication of thirdparty prospect (old usage) +$sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=-1 WHERE rowid IN (SELECT source_id FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE tag = '".$db->escape($tag)."' AND source_type='thirdparty' AND source_id is not null)"; + +$resql=$db->query($sql); +if (! $resql) dol_print_error($db); + +// Update status communication of contact prospect (old usage) +$sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET no_email=1 WHERE rowid IN (SELECT source_id FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE tag = '".$db->escape($tag)."' AND source_type='contact' AND source_id is not null)"; + +$resql=$db->query($sql); +if (! $resql) dol_print_error($db); +*/ + +// Update status communication of email (new usage) +$sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe (date_creat, entity, email, unsubscribegroup, ip) VALUES ('".$db->idate(dol_now())."', ".((int) $obj->entity).", '".$db->escape($obj->email)."', '', '".$db->escape(getUserRemoteIP())."')"; + +$resql = $db->query($sql); +//if (! $resql) dol_print_error($db); No test on errors, may fail if already unsubscribed + + +print '
'; +print $langs->trans("YourMailUnsubcribeOK", $obj->email)."
\n"; +print '
'; + + +llxFooter('', 'public'); + $db->close(); diff --git a/htdocs/recruitment/recruitmentcandidature_card.php b/htdocs/recruitment/recruitmentcandidature_card.php index 721ed4c4a2a..b1903edb71f 100644 --- a/htdocs/recruitment/recruitmentcandidature_card.php +++ b/htdocs/recruitment/recruitmentcandidature_card.php @@ -21,26 +21,6 @@ * \brief Page to create/edit/view recruitmentcandidature */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION','1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION','1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK','1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN",'1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. -//if (! defined('NOIPCHECK')) define('NOIPCHECK','1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT','auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE','aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN',1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP','none'); // Disable all Content Security Policies - - // Load Dolibarr environment require_once '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; diff --git a/htdocs/recruitment/recruitmentcandidature_list.php b/htdocs/recruitment/recruitmentcandidature_list.php index e8a52730b74..d64d2e70037 100644 --- a/htdocs/recruitment/recruitmentcandidature_list.php +++ b/htdocs/recruitment/recruitmentcandidature_list.php @@ -21,25 +21,6 @@ * \brief List page for recruitmentcandidature */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session) -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', '1'); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("XFRAMEOPTIONS_ALLOWALL")) define('XFRAMEOPTIONS_ALLOWALL', '1'); // Do not add the HTTP header 'X-Frame-Options: SAMEORIGIN' but 'X-Frame-Options: ALLOWALL' - // Load Dolibarr environment require_once '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/recruitment/lib/recruitment.lib.php'; diff --git a/htdocs/recruitment/recruitmentjobposition_applications.php b/htdocs/recruitment/recruitmentjobposition_applications.php index 16e19066be3..6a7d471046e 100644 --- a/htdocs/recruitment/recruitmentjobposition_applications.php +++ b/htdocs/recruitment/recruitmentjobposition_applications.php @@ -21,26 +21,6 @@ * \brief Page to see/add applications of a job position */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION','1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION','1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK','1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN",'1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. -//if (! defined('NOIPCHECK')) define('NOIPCHECK','1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT','auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE','aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN',1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP','none'); // Disable all Content Security Policies - - // Load Dolibarr environment $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) diff --git a/htdocs/recruitment/recruitmentjobposition_list.php b/htdocs/recruitment/recruitmentjobposition_list.php index 54f244efc5b..5435a5a2ac2 100644 --- a/htdocs/recruitment/recruitmentjobposition_list.php +++ b/htdocs/recruitment/recruitmentjobposition_list.php @@ -21,25 +21,6 @@ * \brief List page for recruitmentjobposition */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session) -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', '1'); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("XFRAMEOPTIONS_ALLOWALL")) define('XFRAMEOPTIONS_ALLOWALL', '1'); // Do not add the HTTP header 'X-Frame-Options: SAMEORIGIN' but 'X-Frame-Options: ALLOWALL' - // Load Dolibarr environment require_once '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/recruitment/lib/recruitment_recruitmentjobposition.lib.php'; diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 43cfaa16998..1c41b7ee186 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -1581,6 +1581,7 @@ class Societe extends CommonObject $lmember->phone = $this->phone; $lmember->state_id = $this->state_id; $lmember->country_id = $this->country_id; + $lmember->default_lang = $this->default_lang; $result = $lmember->update($user, 0, 1, 1, 1); // Use nosync to 1 to avoid cyclic updates if ($result < 0) { diff --git a/htdocs/support/inc.php b/htdocs/support/inc.php index e6f2afd504d..3f372e97c1e 100644 --- a/htdocs/support/inc.php +++ b/htdocs/support/inc.php @@ -235,6 +235,8 @@ function pHeader($soutitre, $next, $action = 'none') // On force contenu dans format sortie header("Content-type: text/html; charset=".$conf->file->character_set_client); + + // Security options header("X-Content-Type-Options: nosniff"); header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks) diff --git a/htdocs/webhook/target_agenda.php b/htdocs/webhook/target_agenda.php index 12b6e67c57b..ccc61d806af 100644 --- a/htdocs/webhook/target_agenda.php +++ b/htdocs/webhook/target_agenda.php @@ -1,6 +1,5 @@ - * Copyright (C) ---Put here your own copyright and developer email--- * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -22,58 +21,7 @@ * \brief Tab of events on Target */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies -//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET -//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification - -// Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} - +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; diff --git a/htdocs/webhook/target_card.php b/htdocs/webhook/target_card.php index 1e1f6522ea1..0777b984d9a 100644 --- a/htdocs/webhook/target_card.php +++ b/htdocs/webhook/target_card.php @@ -1,6 +1,5 @@ - * Copyright (C) ---Put here your own copyright and developer email--- * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -22,59 +21,7 @@ * \brief Page to create/edit/view target */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies -//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET -//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification -//if (! defined('NOSESSION')) define('NOSESSION', '1'); // Disable session - -// Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} - +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; diff --git a/htdocs/webhook/target_contact.php b/htdocs/webhook/target_contact.php index 94c906969aa..76b1a92821f 100644 --- a/htdocs/webhook/target_contact.php +++ b/htdocs/webhook/target_contact.php @@ -1,6 +1,5 @@ - * Copyright (C) ---Put here your own copyright and developer email--- * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -22,37 +21,7 @@ * \brief Tab for contacts linked to Target */ -// Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} - +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; dol_include_once('/webhook/class/target.class.php'); diff --git a/htdocs/webhook/target_list.php b/htdocs/webhook/target_list.php index e62969e62ea..e8a736f5e47 100644 --- a/htdocs/webhook/target_list.php +++ b/htdocs/webhook/target_list.php @@ -22,59 +22,7 @@ * \brief List page for target */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies -//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET -//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification -//if (! defined('NOSESSION')) define('NOSESSION', '1'); // On CLI mode, no need to use web sessions - -// Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} - +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; diff --git a/htdocs/webhook/target_note.php b/htdocs/webhook/target_note.php index bb12d0947e8..8ba98fd622d 100644 --- a/htdocs/webhook/target_note.php +++ b/htdocs/webhook/target_note.php @@ -22,58 +22,7 @@ * \brief Tab for notes on Target */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies -//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET -//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification - -// Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} - +require '../main.inc.php'; dol_include_once('/webhook/class/target.class.php'); dol_include_once('/webhook/lib/webhook_target.lib.php'); diff --git a/htdocs/website/index.php b/htdocs/website/index.php index 7d49f2b5b63..0f9595f6206 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -2745,7 +2745,7 @@ if (!GETPOST('hide_websitemenu')) { if ($website->status == $website::STATUS_VALIDATED) { print ''; } else { - print ''; + print ''; } // Regenerate all pages