lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source
This commit is contained in:
Laurent Destailleur 2022-11-29 10:05:30 +01:00
commit c87ba4c141
15 changed files with 52 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/admin/security_other.php
View File

@ -196,7 +196,7 @@ print '<tr class="oddeven">';
print '<td>'.$langs->trans("MaxNumberOfPostOnPublicPagesByIP").'</td><td class="right">';
print '</td>';
print '<td class="nowrap">';
print '<input class="flat right width50" name="MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS" type="text" value="'.getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000).'">';
print '<input class="flat right width50" name="MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS" type="text" value="'.getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000).'"> '.strtolower($langs->trans("Posts"));
print '</td>';
print '</tr>';
@ -204,7 +204,7 @@ print '<tr class="oddeven">';
print '<td>'.$langs->trans("MaxNumberOfAttachementOnForms").'</td><td class="right">';
print '</td>';
print '<td class="nowrap">';
print '<input class="flat right width50" name="MAIN_SECURITY_MAX_ATTACHMENT_ON_FORMS" type="text" value="'.getDolGlobalInt("MAIN_SECURITY_MAX_ATTACHMENT_ON_FORMS", 10).'">';
print '<input class="flat right width50" name="MAIN_SECURITY_MAX_ATTACHMENT_ON_FORMS" type="text" value="'.getDolGlobalInt("MAIN_SECURITY_MAX_ATTACHMENT_ON_FORMS", 10).'"> '.strtolower($langs->trans("Files"));
print '</td>';
print '</tr>';

2
htdocs/install/mysql/migration/16.0.0-17.0.0.sql
View File

@ -384,3 +384,5 @@ ALTER TABLE llx_prelevement_demande ADD COLUMN fk_salary INTEGER NULL AFTER fk_f
ALTER TABLE llx_user ADD COLUMN birth_place varchar(64);
ALTER TABLE llx_opensurvey_user_studs ADD COLUMN date_creation datetime NOT NULL;
ALTER TABLE llx_opensurvey_comments ADD COLUMN date_creation datetime NOT NULL;

1
htdocs/install/mysql/tables/llx_opensurvey_comments-opensurvey.sql
View File

@ -21,5 +21,6 @@ CREATE TABLE llx_opensurvey_comments (
comment text NOT NULL,
tms timestamp DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
usercomment text
date_creation datetime NOT NULL,
) ENGINE=innodb;

1
htdocs/install/mysql/tables/llx_opensurvey_user_studs-opensurvey.sql
View File

@ -21,4 +21,5 @@ CREATE TABLE llx_opensurvey_user_studs (
id_sondage VARCHAR(16) NOT NULL,
reponses VARCHAR(100) NOT NULL, -- Not used for 'F' surveys
tms timestamp DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
date_creation datetime NOT NULL,
) ENGINE=innodb;

4
htdocs/langs/en_US/admin.lang
View File

@ -2320,7 +2320,7 @@ UsePassword=Use a password
UseOauth=Use a OAUTH token
Images=Images
MaxNumberOfImagesInGetPost=Max number of images allowed in a HTML field submitted in a form
MaxNumberOfPostOnPublicPagesByIP=Max number of posts on public pages with the same IP address
MaxNumberOfPostOnPublicPagesByIP=Max number of posts on public pages with the same IP address in a month
CIDLookupURL=The module brings an URL that can be used by an external tool to get the name of a thirdparty or contact from its phone number. URL to use is:
ScriptIsEmpty=The script is empty
ShowHideTheNRequests=Show/hide the %s SQL request(s)
@ -2343,4 +2343,4 @@ DesktopsAndSmartphones=Desktops et smartphones
AllowOnlineSign=Allow online signing
AllowExternalDownload=Allow external download (without login, using a shared link)
DeadlineDayVATSubmission=Deadline day for vat submission on the next month
MaxNumberOfAttachementOnForm=Max number of joinded files in form
MaxNumberOfAttachementOnForms=Max number of joinded files in form

2
htdocs/langs/fr_FR/admin.lang
View File

@ -2315,7 +2315,7 @@ UseOauth=Utiliser un token OAUTH
Images=Images
Posts=publications
MaxNumberOfImagesInGetPost=Nombre maximum d'images autorisées dans un champ HTML soumis dans un formulaire
MaxNumberOfPostOnPublicPagesByIP=Nombre maximum de publications sur des pages publiques avec une adresse IP
MaxNumberOfPostOnPublicPagesByIP=Nombre maximum de publications par mois sur des pages publiques avec une adresse IP
CIDLookupURL=Le module apporte une URL qui peut être utilisée par un outil externe pour obtenir le nom d'un tiers ou d'un contact à partir de son numéro de téléphone. L'URL à utiliser est :
ScriptIsEmpty=Le script est manquant
ShowHideTheNRequests=Afficher/Cacher les %s requête(s) SQL.

5
htdocs/opensurvey/class/opensurveysondage.class.php
View File

@ -576,8 +576,9 @@ class Opensurveysondage extends CommonObject
*/
public function addComment($comment, $comment_user, $user_ip = '')
{
$sql = "INSERT INTO ".MAIN_DB_PREFIX."opensurvey_comments (id_sondage, comment, usercomment, ip)";
$sql .= " VALUES ('".$this->db->escape($this->id_sondage)."','".$this->db->escape($comment)."','".$this->db->escape($comment_user)."'".($user_ip ? ",'".$this->db->escape($user_ip)."'" : '').")";
$now = dol_now();
$sql = "INSERT INTO ".MAIN_DB_PREFIX."opensurvey_comments (id_sondage, comment, usercomment, date_creation, ip)";
$sql .= " VALUES ('".$this->db->escape($this->id_sondage)."','".$this->db->escape($comment)."','".$this->db->escape($comment_user)."','".$this->db->idate($now)."'".($user_ip ? ",'".$this->db->escape($user_ip)."'" : '').")";
$resql = $this->db->query($sql);
if (!$resql) {

5
htdocs/public/eventorganization/attendee_new.php
View File

@ -56,6 +56,7 @@ require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/paymentterm.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
global $dolibarr_main_url_root;
@ -285,13 +286,15 @@ if (empty($reshook) && $action == 'add' && (!empty($conference->id) && $conferen
$confattendee->ip = getUserRemoteIP();
$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
$now = dol_now();
$minmonthpost = dol_time_plus_duree($now, -1, "m");
// Calculate nb of post for IP
$nb_post_ip = 0;
if ($nb_post_max > 0) { // Calculate only if there is a limit to check
$sql = "SELECT COUNT(ref) as nb_attendee";
$sql .= " FROM ".MAIN_DB_PREFIX."eventorganization_conferenceorboothattendee";
$sql .= " WHERE ip = '".$db->escape($confattendee->ip)."'";
$sql .= " AND date_creation > '".$db->idate($minmonthpost)."'";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);

5
htdocs/public/members/new.php
View File

@ -73,6 +73,7 @@ require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/cunits.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
// Init vars
$errmsg = '';
@ -287,13 +288,15 @@ if (empty($reshook) && $action == 'add') {
$adh->ip = getUserRemoteIP();
$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
$now = dol_now();
$minmonthpost = dol_time_plus_duree($now, -1, "m");
// Calculate nb of post for IP
$nb_post_ip = 0;
if ($nb_post_max > 0) { // Calculate only if there is a limit to check
$sql = "SELECT COUNT(ref) as nb_adh";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent";
$sql .= " WHERE ip = '".$db->escape($adh->ip)."'";
$sql .= " AND datec > '".$db->idate($minmonthpost)."'";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);

14
htdocs/public/opensurvey/studs.php
View File

@ -41,6 +41,7 @@ require_once DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php";
require_once DOL_DOCUMENT_ROOT."/core/lib/files.lib.php";
require_once DOL_DOCUMENT_ROOT."/opensurvey/class/opensurveysondage.class.php";
require_once DOL_DOCUMENT_ROOT."/opensurvey/lib/opensurvey.lib.php";
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
// Init vars
@ -99,13 +100,15 @@ if (GETPOST('ajoutcomment', 'alpha')) {
$user_ip = getUserRemoteIP();
$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
$now = dol_now();
$minmonthpost = dol_time_plus_duree($now, -1, "m");
// Calculate nb of post for IP
$nb_post_ip = 0;
if ($nb_post_max > 0) { // Calculate only if there is a limit to check
$sql = "SELECT COUNT(id_comment) as nb_comments";
$sql .= " FROM ".MAIN_DB_PREFIX."opensurvey_comments";
$sql .= " WHERE ip = '".$db->escape($user_ip)."'";
$sql .= " AND date_creation > '".$db->idate($minmonthpost)."'";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
@ -153,13 +156,15 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) { // bo
$user_ip = getUserRemoteIP();
$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
$now = dol_now();
$minmonthpost = dol_time_plus_duree($now, -1, "m");
// Calculate nb of post for IP
$nb_post_ip = 0;
if ($nb_post_max > 0) { // Calculate only if there is a limit to check
$sql = "SELECT COUNT(id_users) as nb_records";
$sql .= " FROM ".MAIN_DB_PREFIX."opensurvey_user_studs";
$sql .= " WHERE ip = '".$db->escape($user_ip)."'";
$sql .= " AND date_creation > '".$db->idate($minmonthpost)."'";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
@ -193,8 +198,9 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) { // bo
setEventMessages($langs->trans("AlreadyTooMuchPostOnThisIPAdress"), null, 'errors');
$error++;
} else {
$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'opensurvey_user_studs (nom, id_sondage, reponses, ip)';
$sql .= " VALUES ('".$db->escape($nom)."', '".$db->escape($numsondage)."','".$db->escape($nouveauchoix)."', '".$db->escape($user_ip)."')";
$now = dol_now();
$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'opensurvey_user_studs (nom, id_sondage, reponses, ip, date_creation)';
$sql .= " VALUES ('".$db->escape($nom)."', '".$db->escape($numsondage)."','".$db->escape($nouveauchoix)."', '".$db->escape($user_ip)."', '".$db->idate($now)."')";
$resql = $db->query($sql);
if ($resql) {

5
htdocs/public/partnership/new.php
View File

@ -59,6 +59,7 @@ require_once DOL_DOCUMENT_ROOT.'/partnership/class/partnership.class.php';
require_once DOL_DOCUMENT_ROOT.'/partnership/class/partnership_type.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
// Init vars
$errmsg = '';
@ -226,13 +227,15 @@ if (empty($reshook) && $action == 'add') {
$partnership->ip = getUserRemoteIP();
$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
$now = dol_now();
$minmonthpost = dol_time_plus_duree($now, -1, "m");
// Calculate nb of post for IP
$nb_post_ip = 0;
if ($nb_post_max > 0) { // Calculate only if there is a limit to check
$sql = "SELECT COUNT(ref) as nb_partnerships";
$sql .= " FROM ".MAIN_DB_PREFIX."partnership";
$sql .= " WHERE ip = '".$db->escape($partnership->ip)."'";
$sql .= " AND date_creation > '".$db->idate($minmonthpost)."'";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);

5
htdocs/public/project/new.php
View File

@ -57,6 +57,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/json.lib.php';
require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
// Init vars
$errmsg = '';
@ -298,12 +299,14 @@ if (empty($reshook) && $action == 'add') {
$proj->ip = getUserRemoteIP();
$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
// Calculate nb of post for IP
$now = dol_now();
$minmonthpost = dol_time_plus_duree($now, -1, "m");
$nb_post_ip = 0;
if ($nb_post_max > 0) { // Calculate only if there is a limit to check
$sql = "SELECT COUNT(rowid) as nb_projets";
$sql .= " FROM ".MAIN_DB_PREFIX."projet";
$sql .= " WHERE ip = '".$db->escape($proj->ip)."'";
$sql .= " AND datec > '".$db->idate($minmonthpost)."'";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);

5
htdocs/public/project/suggestbooth.php
View File

@ -56,6 +56,7 @@ require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/paymentterm.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
global $dolibarr_main_url_root;
@ -362,7 +363,10 @@ if (empty($reshook) && $action == 'add') {
$conforbooth->datec = dol_now();
$conforbooth->tms = dol_now();
$conforbooth->ip = getUserRemoteIP();
$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
$now = dol_now();
$minmonthpost = dol_time_plus_duree($now, -1, "m");
// Calculate nb of post for IP
$nb_post_ip = 0;
@ -370,6 +374,7 @@ if (empty($reshook) && $action == 'add') {
$sql = "SELECT COUNT(ref) as nb_confs";
$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm";
$sql .= " WHERE ip = '".$db->escape($conforbooth->ip)."'";
$sql .= " AND datec > '".$db->idate($minmonthpost)."'";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);

5
htdocs/public/project/suggestconference.php
View File

@ -56,6 +56,7 @@ require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/paymentterm.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
global $dolibarr_main_url_root;
@ -360,7 +361,10 @@ if (empty($reshook) && $action == 'add') {
$conforbooth->firstname = $contact->firstname;
$conforbooth->lastname = $contact->lastname;
$conforbooth->ip = getUserRemoteIP();
$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
$now = dol_now();
$minmonthpost = dol_time_plus_duree($now, -1, "m");
// Calculate nb of post for IP
$nb_post_ip = 0;
@ -368,6 +372,7 @@ if (empty($reshook) && $action == 'add') {
$sql = "SELECT COUNT(ref) as nb_confs";
$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm";
$sql .= " WHERE ip = '".$db->escape($conforbooth->ip)."'";
$sql .= " AND datec > '".$db->idate($minmonthpost)."'";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);

4
htdocs/public/ticket/create_ticket.php
View File

@ -60,6 +60,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/ticket.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php';
require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
@ -247,6 +248,8 @@ if (empty($reshook)) {
$object->ip = getUserRemoteIP();
$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
$now = dol_now();
$minmonthpost = dol_time_plus_duree($now, -1, "m");
// Calculate nb of post for IP
$nb_post_ip = 0;
@ -254,6 +257,7 @@ if (empty($reshook)) {
$sql = "SELECT COUNT(ref) as nb_tickets";
$sql .= " FROM ".MAIN_DB_PREFIX."ticket";
$sql .= " WHERE ip = '".$db->escape($object->ip)."'";
$sql .= " AND datec > '".$db->idate($minmonthpost)."'";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);