diff --git a/htdocs/ftp/admin/ftpclient.php b/htdocs/ftp/admin/ftpclient.php index b62424eb2fe..c3d5509aa36 100644 --- a/htdocs/ftp/admin/ftpclient.php +++ b/htdocs/ftp/admin/ftpclient.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2004-2022 Laurent Destailleur * Copyright (C) 2011 Juanjo Menent * * This program is free software; you can redistribute it and/or modify @@ -27,17 +27,17 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; $langs->loadLangs(array("admin", "other")); -// Security check -if (!$user->admin) { - accessforbidden(); -} - $def = array(); $lastftpentry = 0; $action = GETPOST('action', 'aZ09'); $entry = GETPOST('numero_entry', 'alpha'); +// Security check +if (!$user->admin) { + accessforbidden(); +} + /* * Action @@ -49,8 +49,9 @@ $sql .= " WHERE name like 'FTP_SERVER_%'"; $result = $db->query($sql); if ($result) { $obj = $db->fetch_object($result); + $reg = array(); preg_match('/([0-9]+)$/i', $obj->name, $reg); - if ($reg[1]) { + if (!empty($reg[1])) { $lastftpentry = $reg[1]; } } else { @@ -63,12 +64,12 @@ if ($action == 'add' || GETPOST('modify', 'alpha')) { $error = 0; - if (!GETPOST("$ftp_name", 'alpha')) { + if (!GETPOST($ftp_name, 'alpha')) { $error = 1; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Label")), null, 'errors'); } - if (!GETPOST("$ftp_server", 'alpha')) { + if (!GETPOST($ftp_server, 'alpha')) { $error = 1; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Server")), null, 'errors'); } @@ -170,37 +171,37 @@ if (!function_exists('ftp_connect')) { print ''.$langs->trans("Example").''; print ''; - print ''; + print ''; print ''.$langs->trans("Label").''; print ''; print 'My FTP access'; print ''; - print ''; + print ''; print ''.$langs->trans("Server").''; print ''; print 'localhost'; print ''; - print ''; + print ''; print ''.$langs->trans("Port").''; print ''; print '21 for pure non crypted FTP or if option FTP_CONNECT_WITH_SSL (See Home-Setup-Other) is on (FTPS)
22 if option FTP_CONNECT_WITH_SFTP (See Home-Setup-Other) is on (SFTP)'; print ''; - print ''; + print ''; print ''.$langs->trans("User").''; print ''; print 'myftplogin'; print ''; - print ''; + print ''; print ''.$langs->trans("Password").''; print ''; print 'myftppassword'; print ''; - print ''; + print ''; print ''.$langs->trans("FTPPassiveMode").''; $defaultpassive = GETPOST("FTP_PASSIVE_".($lastftpentry + 1)); if (!GETPOSTISSET("FTP_PASSIVE_".($lastftpentry + 1))) { @@ -213,11 +214,13 @@ if (!function_exists('ftp_connect')) { print ''; ?> -
">
+
+ ">
'; + print '
'; ?>
@@ -242,10 +245,12 @@ if (!function_exists('ftp_connect')) { $idrss = $reg[0]; //print "x".join(',',$reg)."=".$obj->name."=".$idrss; - print "
"; + print '
'; + print ''; print ''; print ''; + print '
'; print ''."\n"; print ''; @@ -262,51 +267,50 @@ if (!function_exists('ftp_connect')) { print ''; print ""; - print ""; + print ""; print ""; print ''; print ""; - print ""; + print ""; print ""; print ''; print ""; - print ""; + print ""; print ""; print ''; print ""; - print ""; + print ""; print ""; print ''; print ""; - print ""; + print ""; print ""; print ''; print ""; - print ''; - print ""; - - print ""; - print ""; + print ''; print ""; print '
".$langs->trans("Name")."global->$keyforname."\" size=\"64\">
".$langs->trans("Server")."global->$keyforserver."\" size=\"64\">
".$langs->trans("Port")."global->$keyforport."\" size=\"64\">
".$langs->trans("User")."global->$keyforuser."\" size=\"24\">
".$langs->trans("Password")."global->$keyforpassword."\" size=\"24\">
".$langs->trans("FTPPassiveMode")."'.$form->selectyesno('FTP_PASSIVE_'.$idrss, $conf->global->$keyforpassive, 1).'
"; - print "trans("Modify")."\">"; - print "   "; - print "trans("Delete")."\">"; - print "'.$form->selectyesno('FTP_PASSIVE_'.$idrss, getDolGlobalString($keyforpassive), 1).'
'; + print '
'; + + print '
'; + print ''; + print "   "; + print ''; + print ''; print ""; - print '
'; + print '

'; $i++; } diff --git a/htdocs/ftp/index.php b/htdocs/ftp/index.php index 8b4b7bf31c4..626703d4b68 100644 --- a/htdocs/ftp/index.php +++ b/htdocs/ftp/index.php @@ -74,14 +74,15 @@ $s_ftp_port = 'FTP_PORT_'.$numero_ftp; $s_ftp_user = 'FTP_USER_'.$numero_ftp; $s_ftp_password = 'FTP_PASSWORD_'.$numero_ftp; $s_ftp_passive = 'FTP_PASSIVE_'.$numero_ftp; -$ftp_name = $conf->global->$s_ftp_name; -$ftp_server = $conf->global->$s_ftp_server; -$ftp_port = $conf->global->$s_ftp_port; if (empty($ftp_port)) { +$ftp_name = getDolGlobalString($s_ftp_name); +$ftp_server = getDolGlobalString($s_ftp_server); +$ftp_port = getDolGlobalString($s_ftp_port); +if (empty($ftp_port)) { $ftp_port = 21; } -$ftp_user = $conf->global->$s_ftp_user; -$ftp_password = $conf->global->$s_ftp_password; -$ftp_passive = $conf->global->$s_ftp_passive; +$ftp_user = getDolGlobalString($s_ftp_user); +$ftp_password = getDolGlobalString($s_ftp_password); +$ftp_passive = getDolGlobalString($s_ftp_passive); // For result on connection $ok = 0; @@ -696,7 +697,9 @@ function dol_ftp_connect($ftp_server, $ftp_port, $ftp_user, $ftp_password, $sect global $langs, $conf; $ok = 1; + $error = 0; $conn_id = null; + $newsectioniso = ''; $mesg=""; if (!is_numeric($ftp_port)) { @@ -707,7 +710,7 @@ function dol_ftp_connect($ftp_server, $ftp_port, $ftp_user, $ftp_password, $sect if ($ok) { $connecttimeout = (empty($conf->global->FTP_CONNECT_TIMEOUT) ? 40 : $conf->global->FTP_CONNECT_TIMEOUT); if (!empty($conf->global->FTP_CONNECT_WITH_SFTP)) { - dol_syslog('Try to connect with ssh2_ftp'); + dol_syslog('Try to connect with ssh2_connect'); $tmp_conn_id = ssh2_connect($ftp_server, $ftp_port); } elseif (!empty($conf->global->FTP_CONNECT_WITH_SSL)) { dol_syslog('Try to connect with ftp_ssl_connect'); @@ -716,7 +719,7 @@ function dol_ftp_connect($ftp_server, $ftp_port, $ftp_user, $ftp_password, $sect dol_syslog('Try to connect with ftp_connect'); $conn_id = ftp_connect($ftp_server, $ftp_port, $connecttimeout); } - if ($conn_id || $tmp_conn_id) { + if (!empty($conn_id) || !empty($tmp_conn_id)) { if ($ftp_user) { if (!empty($conf->global->FTP_CONNECT_WITH_SFTP)) { dol_syslog('Try to authenticate with ssh2_auth_password'); diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index d8baf0883c5..091c6fb1266 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -573,7 +573,7 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt( $sessiontokenforthisurl = (empty($_SESSION['token']) ? '' : $_SESSION['token']); // TODO Get the sessiontokenforthisurl into an array of session token (one array per base URL so we can use the CSRF per page and we keep ability for several tabs per url in a browser) if (GETPOSTISSET('token') && GETPOST('token') != 'notrequired' && GETPOST('token', 'alpha') != $sessiontokenforthisurl) { - dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (invalid token), so we disable POST and some GET parameters - referer=".$_SERVER['HTTP_REFERER'].", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha'), LOG_WARNING); + dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (invalid token), so we disable POST and some GET parameters - referer=".(empty($_SERVER['HTTP_REFERER'])?'':$_SERVER['HTTP_REFERER']).", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha'), LOG_WARNING); //dol_syslog("_SESSION['token']=".$sessiontokenforthisurl, LOG_DEBUG); // Do not output anything on standard output because this create problems when using the BACK button on browsers. So we just set a message into session. setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings');