From 10c973f38f98e08587f2d7735f584e12ce22ebed Mon Sep 17 00:00:00 2001 From: John Botella Date: Wed, 15 Jan 2020 14:36:44 +0100 Subject: [PATCH 1/7] Fix complex export model loading --- htdocs/exports/export.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/exports/export.php b/htdocs/exports/export.php index c404fc2b264..9122c93bae4 100644 --- a/htdocs/exports/export.php +++ b/htdocs/exports/export.php @@ -373,7 +373,7 @@ if ($step == 2 && $action == 'select_model') $result = $objexport->fetch($exportmodelid); if ($result > 0) { - $fieldsarray=explode(',', $objexport->hexa); + $fieldsarray=preg_split("/,(?! [^(]*\))/", $objexport->hexa); $i=1; foreach($fieldsarray as $val) { From 3cdb84b192bd5ea8c4f6c66eabc2f19215dee08e Mon Sep 17 00:00:00 2001 From: atm-ph Date: Thu, 16 Jan 2020 09:50:57 +0100 Subject: [PATCH 2/7] Fix note started with balise --- htdocs/core/lib/functions.lib.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 3f7d9b8af09..63759ba71ed 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -5756,9 +5756,9 @@ function dol_textishtml($msg, $option = 0) elseif (preg_match('//i', $msg)) return true; elseif (preg_match('//i', $msg)) return true; - elseif (preg_match('/<(br|div|font|li|p|span|strong|table)>/i', $msg)) return true; - elseif (preg_match('/<(br|div|font|li|p|span|strong|table)\s+[^<>\/]*>/i', $msg)) return true; - elseif (preg_match('/<(br|div|font|li|p|span|strong|table)\s+[^<>\/]*\/>/i', $msg)) return true; + elseif (preg_match('/<(br|div|font|li|p|span|strong|table|s)>/i', $msg)) return true; + elseif (preg_match('/<(br|div|font|li|p|span|strong|table|s)\s+[^<>\/]*>/i', $msg)) return true; + elseif (preg_match('/<(br|div|font|li|p|span|strong|table|s)\s+[^<>\/]*\/>/i', $msg)) return true; elseif (preg_match('/]*src[^<>]*>/i', $msg)) return true; // must accept elseif (preg_match('/]*href[^<>]*>/i', $msg)) return true; // must accept elseif (preg_match('//i', $msg)) return true; From 60d4f63205a0c8d03bfdf96825f0a5b1894f5ab3 Mon Sep 17 00:00:00 2001 From: VESSILLER Date: Fri, 17 Jan 2020 13:56:01 +0100 Subject: [PATCH 3/7] FIX send expense report mail in HTML format --- htdocs/expensereport/card.php | 18 +++++++++++++----- htdocs/langs/fr_FR/trips.lang | 2 +- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php index b95dad0f200..44179745267 100644 --- a/htdocs/expensereport/card.php +++ b/htdocs/expensereport/card.php @@ -390,6 +390,7 @@ if (empty($reshook)) // CONTENT $link = $urlwithroot.'/expensereport/card.php?id='.$object->id; + $link = '' . $link . ''; $message = $langs->transnoentities("ExpenseReportWaitingForApprovalMessage", $expediteur->getFullName($langs), get_date_range($object->date_debut, $object->date_fin, '', $langs), $link); // Rebuild pdf @@ -509,6 +510,7 @@ if (empty($reshook)) // CONTENT $link = $urlwithroot.'/expensereport/card.php?id='.$object->id; + $link = '' . $link . ''; $dateRefusEx = explode(" ", $object->date_refuse); $message = $langs->transnoentities("ExpenseReportWaitingForReApprovalMessage", $dateRefusEx[0], $object->detail_refuse, $expediteur->getFullName($langs), $link); @@ -634,6 +636,7 @@ if (empty($reshook)) // CONTENT $link = $urlwithroot.'/expensereport/card.php?id='.$object->id; + $link = '' . $link . ''; $message = $langs->transnoentities("ExpenseReportApprovedMessage", $object->ref, $destinataire->getFullName($langs), $expediteur->getFullName($langs), $link); // Rebuilt pdf @@ -704,7 +707,8 @@ if (empty($reshook)) $object = new ExpenseReport($db); $object->fetch($id); - $result = $object->setDeny($user, GETPOST('detail_refuse', 'alpha')); + $detailRefuse = GETPOST('detail_refuse', 'alpha'); + $result = $object->setDeny($user, $detailRefuse); if ($result > 0) { @@ -752,7 +756,8 @@ if (empty($reshook)) // CONTENT $link = $urlwithroot.'/expensereport/card.php?id='.$object->id; - $message = $langs->transnoentities("ExpenseReportRefusedMessage", $object->ref, $destinataire->getFullName($langs), $expediteur->getFullName($langs), $_POST['detail_refuse'], $link); + $link = '' . $link . ''; + $message = $langs->transnoentities("ExpenseReportRefusedMessage", $object->ref, $destinataire->getFullName($langs), $expediteur->getFullName($langs), $detailRefuse, $link); // Rebuilt pdf /* @@ -832,7 +837,8 @@ if (empty($reshook)) if ($user->id == $object->fk_user_valid || $user->id == $object->fk_user_author) { - $result = $object->set_cancel($user, GETPOST('detail_cancel', 'alpha')); + $detailCancel = GETPOST('detail_cancel', 'alpha'); + $result = $object->set_cancel($user, $detailCancel); if ($result > 0) { @@ -880,7 +886,8 @@ if (empty($reshook)) // CONTENT $link = $urlwithroot.'/expensereport/card.php?id='.$object->id; - $message = $langs->transnoentities("ExpenseReportCanceledMessage", $object->ref, $destinataire->getFullName($langs), $expediteur->getFullName($langs), GETPOST('detail_cancel', 'alpha'), $link); + $link = '' . $link . ''; + $message = $langs->transnoentities("ExpenseReportCanceledMessage", $object->ref, $destinataire->getFullName($langs), $expediteur->getFullName($langs), $detailCancel, $link); // Rebuilt pdf /* @@ -1105,6 +1112,7 @@ if (empty($reshook)) // CONTENT $link = $urlwithroot.'/expensereport/card.php?id='.$object->id; + $link = '' . $link . ''; $message = $langs->transnoentities("ExpenseReportPaidMessage", $object->ref, $destinataire->getFullName($langs), $expediteur->getFullName($langs), $link); // Generate pdf before attachment @@ -1736,7 +1744,7 @@ else if ($action == 'cancel') { $array_input = array('text'=>$langs->trans("ConfirmCancelTrip"), array('type'=>"text",'label'=>''.$langs->trans("Comment").'','name'=>"detail_cancel",'value'=>"")); - $formconfirm=$form->formconfirm($_SEVER["PHP_SELF"]."?id=".$id, $langs->trans("Cancel"), "", "confirm_cancel", $array_input, "", 1); + $formconfirm=$form->formconfirm($_SERVER["PHP_SELF"]."?id=".$id, $langs->trans("Cancel"), "", "confirm_cancel", $array_input, "", 1); } if ($action == 'setdraft') diff --git a/htdocs/langs/fr_FR/trips.lang b/htdocs/langs/fr_FR/trips.lang index cffe2cc14e8..efb5b645a3d 100644 --- a/htdocs/langs/fr_FR/trips.lang +++ b/htdocs/langs/fr_FR/trips.lang @@ -29,7 +29,7 @@ ExpenseReportApprovedMessage=La note de frais %s a été approuvée.
- Utilis ExpenseReportRefused=Une note de frais a été refusée ExpenseReportRefusedMessage=La note de frais %s a été refusée.
- Utilisateur : %s
- Refusée par : %s
- Motif du refus : %s
Cliquez ici pour afficher la note de frais: %s ExpenseReportCanceled=Une note de frais a été annulée -ExpenseReportCanceledMessage=La note de frais %s a été annulée.
- Utilisateur : %s
- Annulée par : %s
- Motif de l'annulation :%s
Cliquez ici pour afficher la note de frais %s +ExpenseReportCanceledMessage=La note de frais %s a été annulée.
- Utilisateur : %s
- Annulée par : %s
- Motif de l'annulation : %s
Cliquez ici pour afficher la note de frais %s ExpenseReportPaid=Une note de frais a été réglée ExpenseReportPaidMessage=La note de frais %s a été réglée.
- Utilisateur : %s
- Réglée par : %s
Cliquez ici pour afficher la note de frais %s TripId=Id note de frais From f4ae8696782fb7e35c34fd749a470e8fd5cdebfe Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 19 Jan 2020 12:15:47 +0100 Subject: [PATCH 4/7] Fix error return when creating order with not enough stock --- htdocs/commande/class/commande.class.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 434d43e8ffa..7d8e2680977 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -936,6 +936,7 @@ class Commande extends CommonOrder if ($result != self::STOCK_NOT_ENOUGH_FOR_ORDER) { $this->error=$this->db->lasterror(); + $this->errors[] = $this->error; dol_print_error($this->db); } $this->db->rollback(); @@ -1412,7 +1413,8 @@ class Commande extends CommonOrder if (! empty($conf->global->STOCK_MUST_BE_ENOUGH_FOR_ORDER) && $product_type == 0 && $product->stock_reel < $qty) { $langs->load("errors"); - $this->error=$langs->trans('ErrorStockIsNotEnoughToAddProductOnOrder', $product->ref); + $this->error = $langs->trans('ErrorStockIsNotEnoughToAddProductOnOrder', $product->ref); + $this->errors[] = $this->error; dol_syslog(get_class($this)."::addline error=Product ".$product->ref.": ".$this->error, LOG_ERR); $this->db->rollback(); return self::STOCK_NOT_ENOUGH_FOR_ORDER; @@ -3053,7 +3055,8 @@ class Commande extends CommonOrder if (! empty($conf->global->STOCK_MUST_BE_ENOUGH_FOR_ORDER) && $product_type == 0 && $product->stock_reel < $qty) { $langs->load("errors"); - $this->error=$langs->trans('ErrorStockIsNotEnoughToAddProductOnOrder', $product->ref); + $this->error = $langs->trans('ErrorStockIsNotEnoughToAddProductOnOrder', $product->ref); + $this->errors[] = $this->error; dol_syslog(get_class($this)."::addline error=Product ".$product->ref.": ".$this->error, LOG_ERR); $this->db->rollback(); return self::STOCK_NOT_ENOUGH_FOR_ORDER; From 00cddc39fd33b0d6685f04143ebeec3a5a9d9622 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 19 Jan 2020 13:56:16 +0100 Subject: [PATCH 5/7] Fix remove some orphelins in llx_ecm_files --- htdocs/install/mysql/migration/repair.sql | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/install/mysql/migration/repair.sql b/htdocs/install/mysql/migration/repair.sql index 51fe48dcda2..73cb1e6592d 100755 --- a/htdocs/install/mysql/migration/repair.sql +++ b/htdocs/install/mysql/migration/repair.sql @@ -177,6 +177,8 @@ delete from llx_categorie_member where fk_categorie not in (select rowid from ll delete from llx_categorie_contact where fk_categorie not in (select rowid from llx_categorie where type = 4); delete from llx_categorie_project where fk_categorie not in (select rowid from llx_categorie where type = 6); +-- Fix: delete orphelins in ecm_files +delete from llx_ecm_files where src_object_type = 'expensereport' and src_object_id NOT IN (select rowid from llx_expensereport); -- Fix: delete orphelin deliveries. Note: deliveries are linked to shipment by llx_element_element only. No other links. delete from llx_livraisondet where fk_livraison not in (select fk_target from llx_element_element where targettype = 'delivery') AND fk_livraison not in (select fk_source from llx_element_element where sourcetype = 'delivery'); From 6a958dd45b9fbb0a47c2254253344526408edace Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 19 Jan 2020 18:51:37 +0100 Subject: [PATCH 6/7] FIX XSS vulnerability in description of list of audit events. --- htdocs/admin/tools/listevents.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/htdocs/admin/tools/listevents.php b/htdocs/admin/tools/listevents.php index d508afe63d2..29f3f8fc7fb 100644 --- a/htdocs/admin/tools/listevents.php +++ b/htdocs/admin/tools/listevents.php @@ -199,9 +199,9 @@ if ($result) $i = 0; $param=''; - if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.$contextpage; - if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.$limit; - if ($optioncss != '') $param.='&optioncss='.$optioncss; + if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.urlencode($contextpage); + if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.urlencode($limit); + if ($optioncss != '') $param.='&optioncss='.urlencode($optioncss); if ($search_code) $param.='&search_code='.urlencode($search_code); if ($search_ip) $param.='&search_ip='.urlencode($search_ip); if ($search_user) $param.='&search_user='.urlencode($search_user); @@ -303,18 +303,19 @@ if ($result) // Description print ''; $text=$langs->trans($obj->description); + $reg = array(); if (preg_match('/\((.*)\)(.*)/i', $obj->description, $reg)) { $val=explode(',', $reg[1]); $text=$langs->trans($val[0], isset($val[1])?$val[1]:'', isset($val[2])?$val[2]:'', isset($val[3])?$val[3]:'', isset($val[4])?$val[4]:''); if (! empty($reg[2])) $text.=$reg[2]; } - print $text; + print dol_string_nohtmltag($text); print ''; // More informations print ''; - $htmltext=''.$langs->trans("UserAgent").': '.($obj->user_agent?$obj->user_agent:$langs->trans("Unknown")); + $htmltext=''.$langs->trans("UserAgent").': '.($obj->user_agent ? dol_string_nohtmltag($obj->user_agent) : $langs->trans("Unknown")); print $form->textwithpicto('', $htmltext); print ''; From 041d5aeb463b9638a11ec3b0f477c104aa6b43cb Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 19 Jan 2020 18:55:22 +0100 Subject: [PATCH 7/7] FIX XSS vulnerability in description of list of audit events. --- htdocs/admin/tools/listevents.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/tools/listevents.php b/htdocs/admin/tools/listevents.php index 29f3f8fc7fb..39699d4240b 100644 --- a/htdocs/admin/tools/listevents.php +++ b/htdocs/admin/tools/listevents.php @@ -310,7 +310,7 @@ if ($result) $text=$langs->trans($val[0], isset($val[1])?$val[1]:'', isset($val[2])?$val[2]:'', isset($val[3])?$val[3]:'', isset($val[4])?$val[4]:''); if (! empty($reg[2])) $text.=$reg[2]; } - print dol_string_nohtmltag($text); + print dol_escape_htmltag($text); print ''; // More informations