diff --git a/htdocs/core/modules/modImport.class.php b/htdocs/core/modules/modImport.class.php index 63f0ca5189f..e7dbf1c4b32 100644 --- a/htdocs/core/modules/modImport.class.php +++ b/htdocs/core/modules/modImport.class.php @@ -32,7 +32,6 @@ include_once DOL_DOCUMENT_ROOT.'/core/modules/DolibarrModules.class.php'; */ class modImport extends DolibarrModules { - /** * Constructor. Define names, constants, directories, boxes, permissions * diff --git a/htdocs/core/modules/modUser.class.php b/htdocs/core/modules/modUser.class.php index de7bb6feecf..22e7425c7fa 100644 --- a/htdocs/core/modules/modUser.class.php +++ b/htdocs/core/modules/modUser.class.php @@ -32,7 +32,6 @@ include_once DOL_DOCUMENT_ROOT.'/core/modules/DolibarrModules.class.php'; */ class modUser extends DolibarrModules { - /** * Constructor. Define names, constants, directories, boxes, permissions * diff --git a/htdocs/install/check.php b/htdocs/install/check.php index c72885ef1ea..0e255969ee8 100644 --- a/htdocs/install/check.php +++ b/htdocs/install/check.php @@ -27,6 +27,7 @@ * \brief Test if file conf can be modified and if does not exists, test if install process can create it */ +define('ALLOWED_IF_UPGRADE_UNLOCK_FOUND', 1); include_once 'inc.php'; global $langs; diff --git a/htdocs/install/inc.php b/htdocs/install/inc.php index e68f0d70a96..970fd40261b 100644 --- a/htdocs/install/inc.php +++ b/htdocs/install/inc.php @@ -180,33 +180,27 @@ if (!empty($dolibarr_main_document_root_alt)) { } -// Security check (old method, when directory is renamed /install.lock) -if (preg_match('/install\.lock/i', $_SERVER["SCRIPT_FILENAME"])) { - if (!is_object($langs)) { - $langs = new Translate('..', $conf); - $langs->setDefaultLang('auto'); - } - $langs->load("install"); +// Check install.lock (for both install and upgrade) - header("X-Content-Type-Options: nosniff"); - header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks) - - print $langs->trans("YouTryInstallDisabledByDirLock"); - if (!empty($dolibarr_main_url_root)) { - print 'Click on following link, '; - print $langs->trans("ClickHereToGoToApp"); - print ''; - } - exit; -} - -$lockfile = DOL_DATA_ROOT.'/install.lock'; +$lockfile = DOL_DATA_ROOT.'/install.lock'; // To lock all /install pages +$lockfile2 = DOL_DOCUMENT_ROOT.'/install.lock'; // To lock all /install pages (recommended) +$upgradeunlockfile = DOL_DATA_ROOT.'/upgrade.unlock'; // To unlock upgrade process +$upgradeunlockfile2 = DOL_DOCUMENT_ROOT.'/upgrade.unlock'; // To unlock upgrade process if (constant('DOL_DATA_ROOT') === null) { // We don't have a configuration file yet // Try to detect any lockfile in the default documents path $lockfile = '../../documents/install.lock'; + $upgradeunlockfile = '../../documents/upgrade.unlock'; } -if (@file_exists($lockfile)) { +$islocked=false; +if (@file_exists($lockfile) || @file_exists($lockfile2)) { + if (!defined('ALLOWED_IF_UPGRADE_UNLOCK_FOUND') || (! @file_exists($upgradeunlockfile) && ! @file_exists($upgradeunlockfile2))) { + // If this is a dangerous install page (ALLOWED_IF_UPGRADE_UNLOCK_FOUND not defined) or + // if there is no upgrade unlock files, we lock the pages. + $islocked = true; + } +} +if ($islocked) { // Pages are locked if (!isset($langs) || !is_object($langs)) { $langs = new Translate('..', $conf); $langs->setDefaultLang('auto'); @@ -216,14 +210,22 @@ if (@file_exists($lockfile)) { header("X-Content-Type-Options: nosniff"); header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks) - print $langs->trans("YouTryInstallDisabledByFileLock"); + if (GETPOST('action') != 'upgrade') { + print $langs->trans("YouTryInstallDisabledByFileLock").'
'; + } else { + print $langs->trans("YouTryUpgradeDisabledByMissingFileUnLock").'
'; + } if (!empty($dolibarr_main_url_root)) { - print $langs->trans("ClickOnLinkOrRemoveManualy").'
'; + if (GETPOST('action') != 'upgrade') { + print $langs->trans("ClickOnLinkOrRemoveManualy").'
'; + } else { + print $langs->trans("ClickOnLinkOrCreateUnlockFileManualy").'
'; + } print ''; print $langs->trans("ClickHereToGoToApp"); print ''; } else { - print 'If you always reach this page, you must remove install.lock file manually.
'; + print 'If you always reach this page, you must remove the install.lock file manually.
'; } exit; } diff --git a/htdocs/install/index.php b/htdocs/install/index.php index 6810e3c509f..d62f82eaa27 100644 --- a/htdocs/install/index.php +++ b/htdocs/install/index.php @@ -23,6 +23,8 @@ * \brief Show page to select language. This is done only for a first installation. * For a reinstall this page redirect to page check.php */ + +define('ALLOWED_IF_UPGRADE_UNLOCK_FOUND', 1); include_once 'inc.php'; include_once '../core/class/html.form.class.php'; include_once '../core/class/html.formadmin.class.php'; diff --git a/htdocs/install/mysql/migration/17.0.0-18.0.0.sql b/htdocs/install/mysql/migration/17.0.0-18.0.0.sql index 5999acf05a8..c97d080db3a 100644 --- a/htdocs/install/mysql/migration/17.0.0-18.0.0.sql +++ b/htdocs/install/mysql/migration/17.0.0-18.0.0.sql @@ -37,6 +37,7 @@ -- VMYSQL4.3 ALTER TABLE llx_hrm_skillrank CHANGE COLUMN `rank` rankorder integer; -- VPGSQL8.2 ALTER TABLE llx_hrm_skillrank CHANGE COLUMN rank rankorder integer; +ALTER TABLE llx_accounting_system CHANGE COLUMN fk_pays fk_country integer; -- v18 diff --git a/htdocs/install/step5.php b/htdocs/install/step5.php index c516cc70aef..fc0dcf37799 100644 --- a/htdocs/install/step5.php +++ b/htdocs/install/step5.php @@ -24,8 +24,18 @@ * \file htdocs/install/step5.php * \ingroup install * \brief Last page of upgrade / install process + * + * This page is called with parameter action=set by step4.php or action=upgrade by upgrade2.php + * For installation: + * It creates the login admin and set the MAIN_SECURITY_SALT to a random value. + * It set the value for MAIN_VERSION_LAST_INSTALL + * It creates the install.lock and shows the final message. + * For upgrade: + * It updates the value for MAIN_VERSION_LAST_UPGRADE. + * It (re)creates the install.lock and shows the final message. */ +define('ALLOWED_IF_UPGRADE_UNLOCK_FOUND', 1); include_once 'inc.php'; if (file_exists($conffile)) { include_once $conffile; @@ -384,7 +394,7 @@ if ($action == "set") { if (empty($force_install_lockinstall) || $force_install_lockinstall == 1) { $force_install_lockinstall = 444; // For backward compatibility } - fwrite($fp, "This is a lock file to prevent use of install pages (set with permission ".$force_install_lockinstall.")"); + fwrite($fp, "This is a lock file to prevent use of install or upgrade pages (set with permission ".$force_install_lockinstall.")"); fclose($fp); @chmod($lockfile, octdec($force_install_lockinstall)); $createlock = 1; @@ -416,8 +426,9 @@ if ($action == "set") { } elseif (empty($action) || preg_match('/upgrade/i', $action)) { // If upgrade if (empty($conf->global->MAIN_VERSION_LAST_UPGRADE) || ($conf->global->MAIN_VERSION_LAST_UPGRADE == DOL_VERSION)) { - // Upgrade is finished (database is on same version than files) - print 'Configuration '.$langs->trans("SystemIsUpgraded")."
"; + // Upgrade is finished (database is on the same version than files) + print 'Configuration'; + print ' '.$langs->trans("SystemIsUpgraded")."
"; // Create install.lock file if it does not exists. // Note: it should always exists. A better solution to allow upgrade will be to add an upgrade.unlock file @@ -430,7 +441,7 @@ if ($action == "set") { if (empty($force_install_lockinstall) || $force_install_lockinstall == 1) { $force_install_lockinstall = 444; // For backward compatibility } - fwrite($fp, "This is a lock file to prevent use of install pages (set with permission ".$force_install_lockinstall.")"); + fwrite($fp, "This is a lock file to prevent use of install or upgrade pages (set with permission ".$force_install_lockinstall.")"); fclose($fp); @chmod($lockfile, octdec($force_install_lockinstall)); $createlock = 1; diff --git a/htdocs/install/upgrade.php b/htdocs/install/upgrade.php index 22ef26295aa..1cccc3cc129 100644 --- a/htdocs/install/upgrade.php +++ b/htdocs/install/upgrade.php @@ -36,6 +36,7 @@ * \brief Run migration script */ +define('ALLOWED_IF_UPGRADE_UNLOCK_FOUND', 1); include_once 'inc.php'; if (!file_exists($conffile)) { print 'Error: Dolibarr config file was not found. This may means that Dolibarr is not installed yet. Please call the page "/install/index.php" instead of "/install/upgrade.php").'; diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index 1e153109140..7f76261bcea 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -38,6 +38,7 @@ * \brief Upgrade some data */ +define('ALLOWED_IF_UPGRADE_UNLOCK_FOUND', 1); include_once 'inc.php'; if (!file_exists($conffile)) { print 'Error: Dolibarr config file was not found. This may means that Dolibarr is not installed yet. Please call the page "/install/index.php" instead of "/install/upgrade.php").'; diff --git a/htdocs/langs/en_US/install.lang b/htdocs/langs/en_US/install.lang index d0c841fe802..58e57018ac3 100644 --- a/htdocs/langs/en_US/install.lang +++ b/htdocs/langs/en_US/install.lang @@ -88,7 +88,7 @@ LoginAlreadyExists=Already exists DolibarrAdminLogin=Dolibarr admin login AdminLoginAlreadyExists=Dolibarr administrator account '%s' already exists. Go back if you want to create another one. FailedToCreateAdminLogin=Failed to create Dolibarr administrator account. -WarningRemoveInstallDir=Warning, for security reasons, once the install or upgrade is complete, you should add a file called install.lock into the Dolibarr document directory in order to prevent the accidental/malicious use of the install tools again. +WarningRemoveInstallDir=Warning, for security reasons, once the installation process is complete, you must add a file called install.lock into the Dolibarr document directory in order to prevent the accidental/malicious use of the install tools again. FunctionNotAvailableInThisPHP=Not available in this PHP ChoosedMigrateScript=Choose migration script DataMigration=Database migration (data) @@ -208,8 +208,10 @@ HideNotAvailableOptions=Hide unavailable options ErrorFoundDuringMigration=Error(s) were reported during the migration process so next step is not available. To ignore errors, you can click here, but the application or some features may not work correctly until the errors are resolved. YouTryInstallDisabledByDirLock=The application tried to self-upgrade, but the install/upgrade pages have been disabled for security (directory renamed with .lock suffix).
YouTryInstallDisabledByFileLock=The application tried to self-upgrade, but the install/upgrade pages have been disabled for security (by the existence of a lock file install.lock in the dolibarr documents directory).
+YouTryUpgradeDisabledByMissingFileUnLock=The application tried to self-upgrade, but the upgrade process is currently not allowed.
ClickHereToGoToApp=Click here to go to your application ClickOnLinkOrRemoveManualy=If an upgrade is in progress, please wait. If not, click on the following link. If you always see this same page, you must remove/rename the file install.lock in the documents directory. +ClickOnLinkOrCreateUnlockFileManualy=If an upgrade is in progress, please wait... If not, you must create a file upgrade.unlock into the Dolibarr documents directory. Loaded=Loaded FunctionTest=Function test NodoUpgradeAfterDB=No action requested by external modules after upgrade of database diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index 027305965ed..d2035edc58e 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -4867,6 +4867,7 @@ div.divphotoref > div > .photowithmargin, div.divphotoref > img.photowithmargin, { content:url(); /* content is used to best fit the container */ display: inline-block; + opacity: 0.2; } .nographyet { diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index 2493afa058b..33ceb6a1481 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -4892,6 +4892,7 @@ div.divphotoref > img.photowithmargin, div.divphotoref > a > .photowithmargin { { content:url(); /* content is used to best fit the container */ display: inline-block; + opacity: 0.2; } .nographyet {