From fa05982a8b9a6528827abc54fd5fe9a981b53494 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 12 Dec 2020 18:37:51 +0100 Subject: [PATCH] Fix CSS v13 --- SECURITY.md | 4 ++-- htdocs/core/tpl/login.tpl.php | 25 +++++++++-------------- htdocs/core/tpl/passwordforgotten.tpl.php | 23 +++++++++------------ htdocs/theme/eldy/global.inc.php | 1 + htdocs/theme/md/style.css.php | 1 + htdocs/webservices/admin/index.php | 7 +++++-- 6 files changed, 29 insertions(+), 32 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 8ef569d6da0..bcc1bd7d9e0 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -49,7 +49,7 @@ You must not leak, manipulate, or destroy any user data of third parties to find ## Scope for qualified vulnerabilities -ONLY vulnerabilities discovered, when the following setup on test platform is used, are "validated": +ONLY vulnerabilities discovered, when the following setup on test platform is used, are "valid": * $dolibarr_main_prod must be set to 1 into conf.php * $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value) @@ -57,7 +57,7 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us * The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be set to 1 soon by default) * The module DebugBar must NOT be enabled (by default, this module is not enabled. This is a developer tool) * The module ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool) -* ONLY security reports on modules provided by default and with the "stable" status are allowed (troubles into "experimental", "developement" or external modules are not valid vulnerabilities). +* ONLY security reports on modules provided by default and with the "stable" status are valid (troubles into "experimental", "developement" or external modules are not valid vulnerabilities). * The root of web server must link to htdocs and the documents directory must be outside of the web server root (this is the default when using the default installer but may differs with external installer). * The web server setup must be done so only the documents directory is in write mode. The root directory called htdocs must be readonly. * CSRF attacks are accepted for all when using a POST URL, but when using GET URL, they are validated only for creating or updating data resctricted to the admin user. diff --git a/htdocs/core/tpl/login.tpl.php b/htdocs/core/tpl/login.tpl.php index bf0e4f57743..2d0b9ad57c1 100644 --- a/htdocs/core/tpl/login.tpl.php +++ b/htdocs/core/tpl/login.tpl.php @@ -149,8 +149,7 @@ if ($disablenofollow) echo '';
global->MAIN_OPTIMIZEFORTEXTBROWSER)) { ?> - - + " name="username" class="flat input-icon-user minwidth150" value="" tabindex="1" autofocus="autofocus" />
@@ -160,8 +159,7 @@ if ($disablenofollow) echo '';
global->MAIN_OPTIMIZEFORTEXTBROWSER)) { ?> - - + " name="password" class="flat input-icon-password minwidth150" type="password" value="" tabindex="2" autocomplete="global->MAIN_LOGIN_ENABLE_PASSWORD_AUTOCOMPLETE) ? 'off' : 'on'; ?>" />
@@ -190,19 +188,16 @@ if ($captcha) { ?>
-
+
- - - - - - -
diff --git a/htdocs/core/tpl/passwordforgotten.tpl.php b/htdocs/core/tpl/passwordforgotten.tpl.php index d7d7e2f7ef3..f11e01c7d13 100644 --- a/htdocs/core/tpl/passwordforgotten.tpl.php +++ b/htdocs/core/tpl/passwordforgotten.tpl.php @@ -107,8 +107,7 @@ if ($disablenofollow) echo '';
- - + " id="username" name="username" class="flat input-icon-user minwidth150" value="" tabindex="1" />
@@ -135,22 +134,20 @@ if (!empty($morelogincontent)) { $php_self = preg_replace('/[&\?]time=(\d+)/', '', $php_self); // Remove param time if (preg_match('/\?/', $php_self)) $php_self .= '&time='.dol_print_date(dol_now(), 'dayhourlog'); else $php_self .= '?time='.dol_print_date(dol_now(), 'dayhourlog'); + // TODO: provide accessible captcha variants ?>
-
+
- - - - - -
diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index a0203c24cf1..1b104ce95dd 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -1220,6 +1220,7 @@ table[summary="list_of_modules"] .fa-cog { .width50 { width: 50px; } .width75 { width: 75px; } .width100 { width: 100px; } +.width125 { width: 125px; } .width150 { width: 150px; } .width200 { width: 200px; } .maxwidth25 { max-width: 25px; } diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index 4f85b78a872..ad0b03366db 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -1213,6 +1213,7 @@ table[summary="list_of_modules"] .fa-cog { .width50 { width: 50px; } .width75 { width: 75px; } .width100 { width: 100px; } +.width125 { width: 125px; } .width150 { width: 150px; } .width200 { width: 200px; } .maxwidth25 { max-width: 25px; } diff --git a/htdocs/webservices/admin/index.php b/htdocs/webservices/admin/index.php index 015551693bd..2c14d2d07f5 100644 --- a/htdocs/webservices/admin/index.php +++ b/htdocs/webservices/admin/index.php @@ -62,13 +62,16 @@ if ($actionsave) llxHeader(); $linkback = ''.$langs->trans("BackToModuleList").''; + print load_fiche_titre($langs->trans("WebServicesSetup"), $linkback, 'title_setup'); print ''.$langs->trans("WebServicesDesc")."
\n"; print "
\n"; -print '
'; +print ''; print ''; +print ''; + print ''; print ''; @@ -78,7 +81,7 @@ print ""; print ""; print ""; -print ''; +print ''; print ''; print '
".$langs->trans("Value")." 
'.$langs->trans("KeyForWebServicesAccess").''; if (!empty($conf->use_javascript_ajax))