Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into develop

htdocs/admin/tools/dolibarr_export.php

@@ -136,7 +136,7 @@ $title = $langs->trans("Backup");
 print load_fiche_titre($title, '', 'title_setup');
 //print_barre_liste($langs->trans("Backup"), '', '', '', '', '', $langs->trans("BackupDesc",DOL_DATA_ROOT), 0, 0, 'title_setup');
 
-print '<div class="center opacitymedium">';
+print '<div class="center">';
 print $langs->trans("BackupDesc", DOL_DATA_ROOT);
 print '</div>';
 print '<br>';
@@ -147,8 +147,11 @@ print '<input type="hidden" name="token" value="'.newToken().'" />';
 print '<input type="hidden" name="export_type" value="server" />';
 print '<fieldset id="fieldsetexport"><legend class="legendforfieldsetstep" style="font-size: 3em">1</legend>';
 
+print '<span class="opacitymedium">';
 print $langs->trans("BackupDesc3", $dolibarr_main_db_name).'<br>';
 //print $langs->trans("BackupDescY").'<br>';
+print '</span>';
+
 print '<br>';
 
 print '<div id="backupdatabaseleft" class="fichehalfleft" >';
@@ -157,7 +160,7 @@ $title = $langs->trans("BackupDumpWizard");
 
 print load_fiche_titre($title);
 
-print '<table width="100%" class="'.(!empty($useinecm) ? 'nobordernopadding' : 'liste').' nohover">';
+print '<table class="'.(!empty($useinecm) ? 'nobordernopadding' : 'liste noborderbottom').' nohover centpercent">';
 print '<tr class="liste_titre">';
 print '<td class="liste_titre">';
 print $langs->trans("DatabaseName").' : <b>'.$dolibarr_main_db_name.'</b><br>';
@@ -554,8 +557,10 @@ print '<input type="hidden" name="page_y" value="" />';
 
 print '<fieldset><legend class="legendforfieldsetstep" style="font-size: 3em">2</legend>';
 
+print '<span class="opacitymedium">';
 print $langs->trans("BackupDesc2", DOL_DATA_ROOT).'<br>';
 print $langs->trans("BackupDescX").'<br><br>';
+print '</span>';
 
 print '<div id="backupfilesleft" class="fichehalfleft">';
 

htdocs/admin/tools/dolibarr_import.php

@@ -1,5 +1,5 @@
 <?php
-/* Copyright (C) 2006-2012	Laurent Destailleur	<eldy@users.sourceforge.net>
+/* Copyright (C) 2006-2021	Laurent Destailleur	<eldy@users.sourceforge.net>
  * Copyright (C) 2006-2012	Regis Houssin		<regis.houssin@inodbox.com>
  *
  * This program is free software; you can redistribute it and/or modify
@@ -22,6 +22,10 @@
  * 		\brief      Page to import database
  */
 
+if (! defined('CSRFCHECK_WITH_TOKEN')) {
+	define('CSRFCHECK_WITH_TOKEN', '1');		// Force use of CSRF protection with tokens even for GET
+}
+
 require '../../main.inc.php';
 
 // Load translation files required by the page
@@ -72,7 +76,7 @@ jQuery(document).ready(function() {
 
 print load_fiche_titre($langs->trans("Restore"), '', 'title_setup');
 
-print '<div class="center opacitymedium">';
+print '<div class="center">';
 print $langs->trans("RestoreDesc", DOL_DATA_ROOT);
 print '</div>';
 print '<br>';
@@ -81,7 +85,9 @@ print '<br>';
 <fieldset>
 <legend style="font-size: 3em">1</legend>
 <?php
+print '<span class="opacitymedium">';
 print $langs->trans("RestoreDesc2", DOL_DATA_ROOT).'<br><br>';
+print '</span>';
 ?>
 </fieldset>
 
@@ -90,7 +96,9 @@ print $langs->trans("RestoreDesc2", DOL_DATA_ROOT).'<br><br>';
 <fieldset>
 <legend style="font-size: 3em">2</legend>
 <?php
+print '<span class="opacitymedium">';
 print $langs->trans("RestoreDesc3", $dolibarr_main_db_name).'<br><br>';
+print '</span>';
 ?>
 
 <?php print $langs->trans("DatabaseName").' : <b>'.$dolibarr_main_db_name.'</b>'; ?><br><br>

htdocs/admin/tools/export_files.php

@@ -22,6 +22,10 @@
  *		\brief      Page to export documents into a compressed file
  */
 
+if (! defined('CSRFCHECK_WITH_TOKEN')) {
+	define('CSRFCHECK_WITH_TOKEN', '1');		// Force use of CSRF protection with tokens even for GET
+}
+
 require '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';

htdocs/admin/tools/listsessions.php

@@ -22,9 +22,14 @@
  *      \brief      List of PHP sessions
  */
 
+if (! defined('CSRFCHECK_WITH_TOKEN')) {
+	define('CSRFCHECK_WITH_TOKEN', '1');		// Force use of CSRF protection with tokens even for GET
+}
+
 require '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
 
+
 // Load translation files required by the page
 $langs->loadLangs(array("companies", "install", "users", "other"));
 
@@ -185,14 +190,14 @@ print '<div class="tabsAction">';
 
 
 if (empty($conf->global->MAIN_ONLY_LOGIN_ALLOWED)) {
-	print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?action=lock">'.$langs->trans("LockNewSessions").'</a>';
+	print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?action=lock&token='.newToken().'">'.$langs->trans("LockNewSessions").'</a>';
 } else {
-	print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?action=confirm_unlock">'.$langs->trans("UnlockNewSessions").'</a>';
+	print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?action=confirm_unlock&token='.newToken().'">'.$langs->trans("UnlockNewSessions").'</a>';
 }
 
 if ($savehandler == 'files') {
 	if (count($listofsessions)) {
-		print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?action=purge">'.$langs->trans("PurgeSessions").'</a>';
+		print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?action=purge&token='.newToken().'">'.$langs->trans("PurgeSessions").'</a>';
 	}
 }
 

htdocs/admin/tools/purge.php

@@ -21,15 +21,15 @@
  *		\brief      Page to purge files (temporary or not)
  */
 
+if (! defined('CSRFCHECK_WITH_TOKEN')) {
+	define('CSRFCHECK_WITH_TOKEN', '1');		// Force use of CSRF protection with tokens even for GET
+}
+
 require '../../main.inc.php';
 include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 
 $langs->load("admin");
 
-if (!$user->admin) {
-	accessforbidden();
-}
-
 $action = GETPOST('action', 'aZ09');
 $confirm = GETPOST('confirm', 'alpha');
 $choice = GETPOST('choice', 'aZ09');
@@ -42,10 +42,15 @@ if (!empty($conf->syslog->enabled)) {
 	$filelog = preg_replace('/DOL_DATA_ROOT/i', DOL_DATA_ROOT, $filelog);
 }
 
+if (!$user->admin) {
+	accessforbidden();
+}
+
 
 /*
  *	Actions
  */
+
 if ($action == 'purge' && !preg_match('/^confirm/i', $choice) && ($choice != 'allfiles' || $confirm == 'yes')) {
 	// Increase limit of time. Works only if we are not in safe mode
 	$ExecTimeLimit = 600;

htdocs/admin/tools/update.php

@@ -22,6 +22,10 @@
  *		\brief      Page to make a Dolibarr online upgrade
  */
 
+if (! defined('CSRFCHECK_WITH_TOKEN')) {
+	define('CSRFCHECK_WITH_TOKEN', '1');		// Force use of CSRF protection with tokens even for GET
+}
+
 require '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
@@ -100,7 +104,7 @@ if (function_exists('curl_init')) {
 			print $langs->trans("LastStableVersion").' : <b>'.$langs->trans("UpdateServerOffline").'</b><br>';
 		}
 	} else {
-		print $langs->trans("LastStableVersion").' : <a href="'.$_SERVER["PHP_SELF"].'?action=getlastversion" class="button">'.$langs->trans("Check").'</a><br>';
+		print $langs->trans("LastStableVersion").' : <a href="'.$_SERVER["PHP_SELF"].'?action=getlastversion&token='.newToken().'" class="button smallpaddingimp">'.$langs->trans("Check").'</a><br>';
 	}
 }
 
@@ -113,14 +117,14 @@ print '<hr>';
 print $langs->trans("ThisIsProcessToFollow").'<br>';
 print '<b>'.$langs->trans("StepNb", 1).'</b>: ';
 $fullurl = '<a href="'.$urldolibarr.'" target="_blank">'.$urldolibarr.'</a>';
-print $langs->trans("DownloadPackageFromWebSite", $fullurl).'<br>';
+print str_replace('{s}', $fullurl, $langs->trans("DownloadPackageFromWebSite", '{s}')).'<br>';
 print '<b>'.$langs->trans("StepNb", 2).'</b>: ';
-print $langs->trans("UnpackPackageInDolibarrRoot", $dolibarrroot).'<br>';
+print str_replace('{s}', $dolibarrroot, $langs->trans("UnpackPackageInDolibarrRoot", '{s}')).'<br>';
 print '<b>'.$langs->trans("StepNb", 3).'</b>: ';
 print $langs->trans("RemoveLock", $dolibarrdataroot.'/install.lock').'<br>';
 print '<b>'.$langs->trans("StepNb", 4).'</b>: ';
 $fullurl = '<a href="'.DOL_URL_ROOT.'/install/" target="_blank">'.DOL_URL_ROOT.'/install/</a>';
-print $langs->trans("CallUpdatePage", $fullurl).'<br>';
+print str_replace('{s}', $fullurl, $langs->trans("CallUpdatePage", '{s}')).'<br>';
 print '<b>'.$langs->trans("StepNb", 5).'</b>: ';
 print $langs->trans("RestoreLock", $dolibarrdataroot.'/install.lock').'<br>';
 
@@ -133,8 +137,9 @@ print '<br>';
 
 print $langs->trans("AddExtensionThemeModuleOrOther").'<br>';
 print '<hr>';
-
-print $langs->trans("GoModuleSetupArea", DOL_URL_ROOT.'/admin/modules.php?mode=deploy', $langs->transnoentities("Home").' - '.$langs->transnoentities("Setup").' - '.$langs->transnoentities("Modules"));
+$texttoshow = $langs->trans("GoModuleSetupArea", DOL_URL_ROOT.'/admin/modules.php?mode=deploy', '{s2}');
+$texttoshow = str_replace('{s2}', img_picto('', 'tools', 'class="pictofixedwidth"').$langs->transnoentities("Home").' - '.$langs->transnoentities("Setup").' - '.$langs->transnoentities("Modules"), $texttoshow);
+print $texttoshow;
 
 // End of page
 llxFooter();

htdocs/compta/prelevement/create.php

@@ -232,7 +232,7 @@ if ($nb) {
 	if ($pricetowithdraw) {
 		$title = print $langs->trans('BankToReceiveWithdraw').': ';
 		if ($type == 'bank-transfer') {
-			$title .= $langs->trans('BankToPayCreditTransfer').': ';
+			$title = $langs->trans('BankToPayCreditTransfer').': ';
 		}
 		print $title;
 		$form->select_comptes($conf->global->PRELEVEMENT_ID_BANKACCOUNT, 'id_bankaccount', 0, "courant=1");