From c45c24f80c39bbf733c6acf36d7c04cf7883b91a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 8 Nov 2016 23:03:58 +0100 Subject: [PATCH 1/4] FIX Must use external link into a forged email content. --- htdocs/langs/en_US/members.lang | 2 +- htdocs/langs/en_US/users.lang | 2 +- htdocs/user/class/user.class.php | 24 +++++++++++++++++------- 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/htdocs/langs/en_US/members.lang b/htdocs/langs/en_US/members.lang index 527a5bd7db3..498985a5e3a 100644 --- a/htdocs/langs/en_US/members.lang +++ b/htdocs/langs/en_US/members.lang @@ -13,7 +13,7 @@ ListOfValidatedPublicMembers=List of validated public members ErrorThisMemberIsNotPublic=This member is not public ErrorMemberIsAlreadyLinkedToThisThirdParty=Another member (name: %s, login: %s) is already linked to a third party %s. Remove this link first because a third party can't be linked to only a member (and vice versa). ErrorUserPermissionAllowsToLinksToItselfOnly=For security reasons, you must be granted permissions to edit all users to be able to link a member to a user that is not yours. -ThisIsContentOfYourCard=This is details of your card +ThisIsContentOfYourCard=Hi.

This is a remind of the information we get about you. Feel free to contact us if something looks wrong.

CardContent=Content of your member card SetLinkToUser=Link to a Dolibarr user SetLinkToThirdParty=Link to a Dolibarr third party diff --git a/htdocs/langs/en_US/users.lang b/htdocs/langs/en_US/users.lang index a723053fa43..6f6dc24d037 100644 --- a/htdocs/langs/en_US/users.lang +++ b/htdocs/langs/en_US/users.lang @@ -8,7 +8,7 @@ EditPassword=Edit password SendNewPassword=Regenerate and send password ReinitPassword=Regenerate password PasswordChangedTo=Password changed to: %s -SubjectNewPassword=Your new password for Dolibarr +SubjectNewPassword=Your new password for %s GroupRights=Group permissions UserRights=User permissions UserGUISetup=User display setup diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 5b79447736e..fb27aef9d2e 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -1645,38 +1645,48 @@ class User extends CommonObject $outputlangs->load("users"); $outputlangs->load("other"); - $subject = $outputlangs->transnoentitiesnoconv("SubjectNewPassword"); + $appli=constant('DOL_APPLICATION_TITLE'); + if (!empty($conf->global->MAIN_APPLICATION_TITLE)) $appli=$conf->global->MAIN_APPLICATION_TITLE; + + $subject = $outputlangs->transnoentitiesnoconv("SubjectNewPassword", $appli); // Define $urlwithroot //$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root)); - //$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file - $urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current + $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file + //$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current if (! $changelater) { + $url = $urlwithroot.'/'; + $mesg.= $outputlangs->transnoentitiesnoconv("RequestToResetPasswordReceived").".\n"; $mesg.= $outputlangs->transnoentitiesnoconv("NewKeyIs")." :\n\n"; $mesg.= $outputlangs->transnoentitiesnoconv("Login")." = ".$this->login."\n"; $mesg.= $outputlangs->transnoentitiesnoconv("Password")." = ".$password."\n\n"; $mesg.= "\n"; - $url = $urlwithroot.'/'; - $mesg.= $outputlangs->transnoentitiesnoconv("ClickHereToGoTo", $conf->global->MAIN_APPLICATION_TITLE).': '.$url."\n\n"; + + $mesg.= $outputlangs->transnoentitiesnoconv("ClickHereToGoTo", $appli).': '.$url."\n\n"; $mesg.= "--\n"; $mesg.= $user->getFullName($outputlangs); // Username that make then sending + + dol_syslog(get_class($this)."::send_password changelater is off, url=".$url); } else { + $url = $urlwithroot.'/user/passwordforgotten.php?action=validatenewpassword&username='.$this->login."&passwordhash=".dol_hash($password); + $mesg.= $outputlangs->transnoentitiesnoconv("RequestToResetPasswordReceived")."\n"; $mesg.= $outputlangs->transnoentitiesnoconv("NewKeyWillBe")." :\n\n"; $mesg.= $outputlangs->transnoentitiesnoconv("Login")." = ".$this->login."\n"; $mesg.= $outputlangs->transnoentitiesnoconv("Password")." = ".$password."\n\n"; $mesg.= "\n"; $mesg.= $outputlangs->transnoentitiesnoconv("YouMustClickToChange")." :\n"; - $url = $urlwithroot.'/user/passwordforgotten.php?action=validatenewpassword&username='.$this->login."&passwordhash=".dol_hash($password); $mesg.= $url."\n\n"; $mesg.= $outputlangs->transnoentitiesnoconv("ForgetIfNothing")."\n\n"; - dol_syslog(get_class($this)."::send_password url=".$url); + + dol_syslog(get_class($this)."::send_password changelater is on, url=".$url); } + $mailfile = new CMailFile( $subject, $this->email, From e30622cbd890b44067b9e8a0bc2f10808ed3e215 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Nov 2016 00:10:02 +0100 Subject: [PATCH 2/4] FIX Bcc must not appears to recipient when using SMTPs lib --- htdocs/core/class/CMailFile.class.php | 4 ++-- htdocs/core/class/smtps.class.php | 32 +++++++++++++++++++-------- 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/htdocs/core/class/CMailFile.class.php b/htdocs/core/class/CMailFile.class.php index 03f7e39bde8..94ee2a5fd1e 100644 --- a/htdocs/core/class/CMailFile.class.php +++ b/htdocs/core/class/CMailFile.class.php @@ -527,7 +527,7 @@ class CMailFile if (! empty($conf->global->MAIN_MAIL_DEBUG)) $this->dump_mail(); if (! empty($bounce)) $res = mail($dest,$this->encodetorfc2822($this->subject),$this->message,$this->headers, $bounce); - else $res = mail($dest,$this->encodetorfc2822($this->subject),$this->message,$this->headers); + else $res = mail($dest, $this->encodetorfc2822($this->subject), $this->message, $this->headers); if (! $res) { @@ -840,7 +840,7 @@ class CMailFile // Receiver if (isset($this->addr_cc) && $this->addr_cc) $out.= "Cc: ".$this->getValidAddress($this->addr_cc,2).$this->eol2; - if (isset($this->addr_bcc) && $this->addr_bcc) $out.= "Bcc: ".$this->getValidAddress($this->addr_bcc,2).$this->eol2; + if (isset($this->addr_bcc) && $this->addr_bcc) $out.= "Bcc: ".$this->getValidAddress($this->addr_bcc,2).$this->eol2; // Question: bcc must not be into header, only into SMTP command "RCPT TO". Does php mail support this ? // Delivery receipt if (isset($this->deliveryreceipt) && $this->deliveryreceipt == 1) $out.= "Disposition-Notification-To: ".$this->getValidAddress($this->addr_from,2).$this->eol2; diff --git a/htdocs/core/class/smtps.class.php b/htdocs/core/class/smtps.class.php index 83e30a05413..7f2eb4a633f 100644 --- a/htdocs/core/class/smtps.class.php +++ b/htdocs/core/class/smtps.class.php @@ -484,14 +484,20 @@ class SMTPs // and send it out "single file" foreach ( $this->get_RCPT_list() as $_address ) { - /* + /* Note: + * BCC email addresses must be listed in the RCPT TO command list, + * but the BCC header should not be printed under the DATA command. + * http://stackoverflow.com/questions/2750211/sending-bcc-emails-using-a-smtp-server + */ + + /* * TODO - * After each 'RCPT TO:' is sent, we need to make sure it was kosher, - * if not, the whole message will fail - * If any email address fails, we will need to RESET the connection, - * mark the last address as "bad" and start the address loop over again. - * If any address fails, the entire message fails. - */ + * After each 'RCPT TO:' is sent, we need to make sure it was kosher, + * if not, the whole message will fail + * If any email address fails, we will need to RESET the connection, + * mark the last address as "bad" and start the address loop over again. + * If any address fails, the entire message fails. + */ $this->socket_send_str('RCPT TO: <' . $_address . '>', '250'); } @@ -1020,7 +1026,7 @@ class SMTPs /** * Returns an array of addresses for a specific type; TO, CC or BCC * - * @param string $_which Which collection of adresses to return + * @param string $_which Which collection of addresses to return ('to', 'cc', 'bcc') * @return string|false Array of emaill address */ function get_email_list($_which = null) @@ -1169,9 +1175,17 @@ class SMTPs if ( $this->getCC() ) $_header .= 'Cc: ' . $this->getCC() . "\r\n"; + /* Note: + * BCC email addresses must be listed in the RCPT TO command list, + * but the BCC header should not be printed under the DATA command. + * So it is included into the function sendMsg() but not here. + * http://stackoverflow.com/questions/2750211/sending-bcc-emails-using-a-smtp-server + */ + /* if ( $this->getBCC() ) $_header .= 'Bcc: ' . $this->getBCC() . "\r\n"; - + */ + $host=$this->getHost(); $host=preg_replace('@tcp://@i','',$host); // Remove prefix $host=preg_replace('@ssl://@i','',$host); // Remove prefix From ff4eddb8dc53ff16a62f53b6a7a4ed1aac2dd4fa Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Nov 2016 17:37:58 +0100 Subject: [PATCH 3/4] Fix warning on project late --- htdocs/projet/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index 692b3038909..6e7ccc26dd5 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -574,7 +574,7 @@ if ($resql) $projectstatic->user_author_id = $obj->fk_user_creat; $projectstatic->public = $obj->public; $projectstatic->ref = $obj->ref; - $projectstatic->datee = $obj->date_end; + $projectstatic->datee = $db->jdate($obj->date_end); $projectstatic->statut = $obj->fk_statut; $projectstatic->opp_status = $obj->fk_opp_status; From 71a573df619d1e5736d18b4f81951286e1beb81f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Nov 2016 17:46:30 +0100 Subject: [PATCH 4/4] FIX Pb in management of date end of projects --- htdocs/projet/card.php | 1 + htdocs/projet/class/project.class.php | 14 +++++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index 633633aad7f..adc55131a10 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -785,6 +785,7 @@ else // Date end print ''.$langs->trans("DateEnd").''; print dol_print_date($object->date_end,'day'); + if ($object->hasDelay()) print img_warning($langs->trans('Late')); print ''; if (! empty($conf->global->PROJECT_USE_OPPORTUNITIES)) diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index 38135a898e0..1de78f46021 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -237,7 +237,15 @@ class Project extends CommonObject $this->description = trim($this->description); if ($this->opp_amount < 0) $this->opp_amount=''; if ($this->opp_percent < 0) $this->opp_percent=''; - + if ($this->date_end && $this->date_end < $this->date_start) + { + $this->error = $langs->trans("ErrorDateEndLowerThanDateStart"); + $this->errors[] = $this->error; + $this->db->rollback(); + dol_syslog(get_class($this)."::update error -3 " . $this->error, LOG_ERR); + return -3; + } + if (dol_strlen(trim($this->ref)) > 0) { $this->db->begin(); @@ -1721,11 +1729,11 @@ class Project extends CommonObject global $conf; if (! ($this->statut == 1)) return false; - if (! $this->datee) return false; + if (! $this->datee && ! $this->date_end) return false; $now = dol_now(); - return $this->datee < ($now - $conf->projet->warning_delay); + return ($this->datee ? $this->datee : $this->date_end) < ($now - $conf->projet->warning_delay); }