From d6ae62478c8841fdfe58971494818b599f396d4f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 1 Aug 2019 15:42:44 +0200 Subject: [PATCH] FIX #10984 FIX reposition on "Build backup" button FIX Fatal error on dol_htmloutput_mesg with corrupted array --- htdocs/admin/tools/dolibarr_export.php | 11 ++++----- htdocs/admin/tools/export.php | 33 +++++++++++++------------- htdocs/core/js/lib_foot.js.php | 3 ++- htdocs/core/lib/functions.lib.php | 15 ++++++++---- 4 files changed, 35 insertions(+), 27 deletions(-) diff --git a/htdocs/admin/tools/dolibarr_export.php b/htdocs/admin/tools/dolibarr_export.php index e63aec50dca..c06314daa9a 100644 --- a/htdocs/admin/tools/dolibarr_export.php +++ b/htdocs/admin/tools/dolibarr_export.php @@ -446,8 +446,10 @@ print "\n";
-
" id="buttonGo" />
+
+ " id="buttonGo"> + +

'.$langs->trans("BackupResult").': '; print $_SESSION["commandbackupresult"]; @@ -598,9 +600,6 @@ print '
'; - - - admin) accessforbidden(); if ($file && ! $what) { //print DOL_URL_ROOT.'/dolibarr_export.php'; - header("Location: ".DOL_URL_ROOT.'/admin/tools/dolibarr_export.php?msg='.urlencode($langs->trans("ErrorFieldRequired", $langs->transnoentities("ExportMethod")))); + header("Location: ".DOL_URL_ROOT.'/admin/tools/dolibarr_export.php?msg='.urlencode($langs->trans("ErrorFieldRequired", $langs->transnoentities("ExportMethod"))).(GETPOST('page_y', 'int')?'&page_y='.GETPOST('page_y', 'int'):'')); exit; } @@ -122,25 +122,15 @@ $utils = new Utils($db); // MYSQL if ($what == 'mysql') { - $cmddump=GETPOST("mysqldump"); // Do not sanitize here with 'alpha', will be sanitize later by dol_sanitizePathName and escapeshellarg $cmddump=dol_sanitizePathName($cmddump); if (! empty($dolibarr_main_restrict_os_commands)) { $arrayofallowedcommand=explode(',', $dolibarr_main_restrict_os_commands); - $ok=0; dol_syslog("Command are restricted to ".$dolibarr_main_restrict_os_commands.". We check that one of this command is inside ".$cmddump); - foreach($arrayofallowedcommand as $allowedcommand) - { - $basenamecmddump=basename($cmddump); - if (preg_match('/^'.preg_quote($allowedcommand, '/').'$/', $basenamecmddump)) // the provided command $cmddump must be an allowed command - { - $ok=1; - break; - } - } - if (! $ok) + $basenamecmddump=basename($cmddump); + if (! in_array($basenamecmddump, $arrayofallowedcommand)) // the provided command $cmddump must be an allowed command { $errormsg=$langs->trans('CommandIsNotInsideAllowedCommands'); } @@ -176,6 +166,18 @@ if ($what == 'postgresql') $cmddump=GETPOST("postgresqldump"); // Do not sanitize here with 'alpha', will be sanitize later by dol_sanitizePathName and escapeshellarg $cmddump=dol_sanitizePathName($cmddump); + /* Not required, the command is output on screen but not ran for pgsql + if (! empty($dolibarr_main_restrict_os_commands)) + { + $arrayofallowedcommand=explode(',', $dolibarr_main_restrict_os_commands); + dol_syslog("Command are restricted to ".$dolibarr_main_restrict_os_commands.". We check that one of this command is inside ".$cmddump); + $basenamecmddump=basename($cmddump); + if (! in_array($basenamecmddump, $arrayofallowedcommand)) // the provided command $cmddump must be an allowed command + { + $errormsg=$langs->trans('CommandIsNotInsideAllowedCommands'); + } + } */ + if (! $errormsg && $cmddump) { dolibarr_set_const($db, 'SYSTEMTOOLS_POSTGRESQLDUMP', $cmddump, 'chaine', 0, '', $conf->entity); @@ -193,7 +195,6 @@ if ($what == 'postgresql') } - if ($errormsg) { setEventMessages($langs->trans("Error")." : ".$errormsg, null, 'errors'); @@ -230,8 +231,8 @@ $result=$formfile->list_of_documents($filearray,null,'systemtools','',1,'backup/ print '
'; */ -// Redirect t backup page -header("Location: dolibarr_export.php"); +// Redirect to backup page +header("Location: dolibarr_export.php".(GETPOST('page_y', 'int')?'?page_y='.GETPOST('page_y', 'int'):'')); $time_end = time(); diff --git a/htdocs/core/js/lib_foot.js.php b/htdocs/core/js/lib_foot.js.php index 14c69259b98..79ad6d19115 100644 --- a/htdocs/core/js/lib_foot.js.php +++ b/htdocs/core/js/lib_foot.js.php @@ -148,6 +148,7 @@ print ' /* Set handler to add page_y param on output (click on href links or submit button) */ jQuery(".reposition").click(function() { var page_y = $(document).scrollTop(); + if (page_y > 0) { if (this.href) @@ -157,7 +158,7 @@ print ' } else { - console.log("We click on tag with .reposition class but element is not an html tag, so we try to update form field page_y with value "+page_y); + console.log("We click on tag with .reposition class but element is not an html tag, so we try to update input form field page_y with value "+page_y); jQuery("input[type=hidden][name=page_y]").val(page_y); } } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 9aa6177adf4..20dd423dd4c 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -6554,10 +6554,17 @@ function dol_htmloutput_mesg($mesgstring = '', $mesgarray = array(), $style = 'o $newmesgarray=array(); foreach($mesgarray as $val) { - $tmpmesgstring=preg_replace('/<\/div>
/', '
', $val); - $tmpmesgstring=preg_replace('/
/', '', $tmpmesgstring); - $tmpmesgstring=preg_replace('/<\/div>/', '', $tmpmesgstring); - $newmesgarray[]=$tmpmesgstring; + if (is_string($val)) + { + $tmpmesgstring=preg_replace('/<\/div>
/', '
', $val); + $tmpmesgstring=preg_replace('/
/', '', $tmpmesgstring); + $tmpmesgstring=preg_replace('/<\/div>/', '', $tmpmesgstring); + $newmesgarray[]=$tmpmesgstring; + } + else + { + dol_syslog("Error call of dol_htmloutput_mesg with an array with a value that is not a string", LOG_WARNING); + } } $mesgarray=$newmesgarray; }