From da11ac42ac6aeb47f0dcc72932160fbfd957c0f5 Mon Sep 17 00:00:00 2001
From: ATM john <john.botella@atm-consulting.fr>
Date: Sun, 18 Apr 2021 22:13:37 +0200
Subject: [PATCH] New check update for modules

---
 htdocs/admin/modules.php                      | 36 ++++++++++++-------
 htdocs/core/modules/DolibarrModules.class.php | 16 ++++-----
 2 files changed, 32 insertions(+), 20 deletions(-)

diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php
index 8380756bee5..eda3ae775a3 100644
--- a/htdocs/admin/modules.php
+++ b/htdocs/admin/modules.php
@@ -585,7 +585,6 @@ if ($mode == 'common' || $mode == 'commonkanban') {
 	// Show list of modules
 	$oldfamily = '';
 	$linenum = 0;
-	$numOfModuleToUpdate = 0;
 	foreach ($orders as $key => $value) {
 		$linenum++;
 		$tab = explode('_', $value);
@@ -723,6 +722,23 @@ if ($mode == 'common' || $mode == 'commonkanban') {
 			$versiontrans .= $objMod->getVersion(1);
 		}
 
+		if ($objMod->isCoreOrExternalModule() == 'external'
+			&& (
+				$action == 'checklastversion'
+				// This is a bad practice to activate a synch external access during building of a page. 1 external module can hang the application.
+				// Adding a cron job could be a good idea see DolibarrModules::checkForUpdate()
+				|| 	!empty($conf->global->CHECKLASTVERSION_EXTERNALMODULE)
+			)
+		) {
+			$checkRes = $objMod->checkForUpdate();
+			if ($checkRes > 0) {
+				setEventMessage($objMod->getName().' : '.$versiontrans.' -> '.$objMod->lastVersion);
+			}
+			elseif ($checkRes < 0) {
+				setEventMessage($objMod->getName().' '.$langs->trans('CheckVersionFail'), 'warnings');
+			}
+		}
+
 		// Define imginfo
 		$imginfo = "info";
 		if ($objMod->isCoreOrExternalModule() == 'external') {
@@ -860,7 +876,7 @@ if ($mode == 'common' || $mode == 'commonkanban') {
 
 		if ($mode == 'commonkanban') {
 			// Output Kanban
-			print $objMod->getKanbanView($codeenabledisable, $codetoconfig, $action == 'checklastversion'?1:0);
+			print $objMod->getKanbanView($codeenabledisable, $codetoconfig);
 		} else {
 			print '<tr class="oddeven">'."\n";
 			if (!empty($conf->global->MAIN_MODULES_SHOW_LINENUMBERS)) {
@@ -897,16 +913,12 @@ if ($mode == 'common' || $mode == 'commonkanban') {
 
 			// Version
 			print '<td class="center nowrap" width="120px">';
-			print $versiontrans;
-			if (!empty($conf->global->CHECKLASTVERSION_EXTERNALMODULE) || $action == 'checklastversion') {	// This is a bad practice to activate a synch external access during building of a page. 1 external module can hang the application.
-				$checkRes = $objMod->checkForUpdate();
-				if ($checkRes > 0) {
-					setEventMessage($objMod->getName().' : '.$versiontrans.' -> '.$objMod->lastVersion);
-					print '&nbsp;<span class="badge badge-success" title="'.dol_escape_htmltag($langs->trans('LastStableVersion')).'">'.$objMod->lastVersion.'</span>';
-				}
-				elseif ($checkRes < 0) {
-					setEventMessage($objMod->getName().' '.$langs->trans('CheckVersionFail'), 'warnings');
-				}
+			if ($objMod->needUpdate) {
+				$versionTitle = $langs->trans('ModuleUpdateAvailable').' : '.$objMod->lastVersion;
+				print '<span class="badge badge-warning classfortooltip" title="'.dol_escape_htmltag($versionTitle).'">'.$versiontrans.'</span>';
+			}
+			else{
+				print $versiontrans;
 			}
 			print "</td>\n";
 
diff --git a/htdocs/core/modules/DolibarrModules.class.php b/htdocs/core/modules/DolibarrModules.class.php
index 44fc64e0fd8..1cc2fbe4444 100644
--- a/htdocs/core/modules/DolibarrModules.class.php
+++ b/htdocs/core/modules/DolibarrModules.class.php
@@ -2227,14 +2227,10 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it
 	 * @param	string	$codetoconfig			HTML code to go to config page
 	 * @return 	string							HTML code of Kanban view
 	 */
-	public function getKanbanView($codeenabledisable = '', $codetoconfig = '', $checkUpdate = false)
+	public function getKanbanView($codeenabledisable = '', $codetoconfig = '')
 	{
 		global $conf, $langs;
 
-		if ($this->isCoreOrExternalModule() == 'external' && $checkUpdate) {
-			$this->checkForUpdate();
-		}
-
 		// Define imginfo
 		$imginfo = "info";
 		if ($this->isCoreOrExternalModule() == 'external') {
@@ -2317,15 +2313,19 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it
 
 	/**
 	 * check for module update
+	 * TODO : store results for $this->url_last_version and $this->needUpdate
+	 *  Add a cron task to monitor for updates
+	 *
 	 * @return int <0 if Error, 0 == no update needed,  >0 if need update
 	 */
 	function checkForUpdate(){
 		require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php';
 		if (!empty($this->url_last_version)) {
 			$lastVersion = getURLContent($this->url_last_version, 'GET', '', 1, array(), array('http', 'https'), 0);	// Accept http or https links on external remote server only
-			if (isset($lastVersion['content'])) {
-				$this->lastVersion = $lastVersion['content'];
-				if (version_compare($lastVersion['content'], $this->version) > 0) {
+			if (isset($lastVersion['content']) && strlen($lastVersion['content']) < 30) {
+				// Security warning :  be careful with remote data content, the module editor could be hacked (or evil) so limit to a-z A-Z 0-9 _ . -
+				$this->lastVersion = preg_replace("/[^a-zA-Z0-9_\.\-]+/", "", $lastVersion['content']);
+				if (version_compare($this->lastVersion, $this->version) > 0) {
 					$this->needUpdate = true;
 					return 1;
 				}else{