lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
21,204 Commits 43 Branches 150 Tags 886 MiB
2.8
Commit Graph

520 Commits

Author SHA1 Message Date
Laurent Destailleur
8dc1e4ec30 Doc 2009-07-06 13:20:52 +00:00
Regis Houssin
32915db864 Security: just one token 2009-07-03 09:04:29 +00:00
Laurent Destailleur
b9971792ff Perf: Several speed optimizing after using the Google Page Speed plugin for firebug 2009-06-15 14:26:34 +00:00
Laurent Destailleur
f5a2f6eaaa Fix: Pb with the token post protection 2009-06-15 12:15:51 +00:00
Laurent Destailleur
28dd72e17a New: Prepare correct management of timezones 
Fix: Bad support of timeouts.
 2009-06-14 16:25:23 +00:00
Laurent Destailleur
25b608c9f6 Fix: Restore the picto title in gif format because the png transparency is not supported on IE6 (54% of users). 2009-06-14 12:38:45 +00:00
Laurent Destailleur
7b68ed8cd5 Qual: Removed deprecated source code 2009-06-10 19:51:00 +00:00
Laurent Destailleur
8732364f01 Qual: Now module services and products are two completely separated modules. 2009-06-08 18:14:37 +00:00
Laurent Destailleur
3c591db844 Restore changes after 27 may due to from savannah Crash. 2009-06-03 23:05:52 +00:00
Laurent Destailleur
b309cd1380 Fix: W3C 2009-05-27 14:32:19 +00:00
Regis Houssin
fa55e65e54 Fix: Disables token renewal in Ajax request 2009-05-26 17:01:18 +00:00
Laurent Destailleur
003208bc96 Disable the CSRF protection if we are in a development instance (to be able to do test and send post from tools). 2009-05-24 19:04:25 +00:00
Laurent Destailleur
e86917a148 Renamed conf->cookie_cryptkey into conf->file->cookie_cryptkey. The goal is to have all parameters defined inside file conf.php to be in $conf->file->xxx. Excep for database that are stored in $conf->db (historic reasons). This make code easier to understand and to know origine of a value (file or database). 2009-05-24 00:19:06 +00:00
Regis Houssin
f45caf216f Add: just used cookie for remind last user and last entity 
Look: use cookie for view logo of last used entity
 2009-05-23 17:44:36 +00:00
Regis Houssin
1420692e53 Add: view last user and last entity in login page if cookie is enabled 2009-05-23 15:35:02 +00:00
Regis Houssin
23ce17b308 Add: entity cookie just used for the login page 2009-05-22 15:38:09 +00:00
Regis Houssin
6f163a94a8 Add: entity cookie just used for the login page 2009-05-22 15:24:32 +00:00
Laurent Destailleur
8e167d3f80 Qual: Now creation of session is done before the loading of conf. This make code much easier to understand. 2009-05-22 00:20:45 +00:00
Laurent Destailleur
fb0e668fc0 Qual: Now creation of session is done before the loading of conf. This make code much easier to understand. 2009-05-21 22:28:05 +00:00
Laurent Destailleur
e4090f63b1 Session name DOLSESSID_databasename is replace with DOLSESSID_dolibarrwebinstance. This remove a key read in conf.class.php used to name session because, to make code simpler, we will need to create session before the conf is loaded. This is also most secure because it is possible to use 2 dolibarr instances even if database names are same on two different mysql server. 
Add also comments on code to remember to simplify things.
 2009-05-21 21:37:45 +00:00
Laurent Destailleur
9d57b9ec71 Add message to avoid to search 2009-05-21 17:45:13 +00:00
Laurent Destailleur
9a38002c46 Session name DOLSESSID_databasename is replace with DOLSESSID_dolibarrwebinstance. This remove a key read in conf.class.php used to name session because, to make code simpler, we will need to create session before the conf is loaded. This is also most secure because it is possible to use 2 dolibarr instances even if database names are same on two different mysql server. 
Add also comments on code to remember to simplify things.
 2009-05-21 13:37:18 +00:00
Regis Houssin
ee350b7352 Fix: ouverture d'une session temporaire de securite pour stocker une de cryptage alatoire pour 
encryption du cookie
 2009-05-20 18:23:02 +00:00
Regis Houssin
3786711822 Fix: ouverture d'une session temporaire de securite pour stocker une de cryptage alatoire pour 
encryption du cookie
 2009-05-20 18:18:25 +00:00
Regis Houssin
1437913f39 Fix: remplace rand par mt_rand plus performant 2009-05-19 21:51:08 +00:00
Regis Houssin
572a89e1d3 Fix: protection faille CSRF 2009-05-19 21:08:17 +00:00
Regis Houssin
63cbd5a24e Fix: protection faille CSRF 2009-05-19 20:59:20 +00:00
Regis Houssin
91624baceb Add: a color picker 
Add: define a background color/image in mailing
 2009-05-19 13:27:44 +00:00
Regis Houssin
53d214fbea Fix: just use exit 2009-05-18 14:41:32 +00:00
Laurent Destailleur
0c74892580 New: Better link to help wiki 2009-05-18 11:40:33 +00:00
Laurent Destailleur
7125e40f8e Another try to make the CSRF test before the master.inc.php 2009-05-17 22:40:24 +00:00
Regis Houssin
e5d222b6cc Fix: rgression sur l'utilisation des niveau du jeton, on test sur les 2 niveaux car 
comportement alatoire avec certaines fonctions
 2009-05-17 08:01:54 +00:00
Regis Houssin
9f86fcc443 Fix: niveau alatoire du jeton sur le confirm_form, on le scurise que si il contient 
des donnes POST
 2009-05-16 16:51:09 +00:00
Regis Houssin
36c58c62fc Fix: ajout de log sur le refus du jeton 2009-05-16 16:12:09 +00:00
Regis Houssin
1d719e2317 Fix: ajout debug 2009-05-16 16:00:44 +00:00
Regis Houssin
c1c1f8a4d2 Fix: ajout d'un niveau supplmentaire du cache du jeton 2009-05-16 15:45:26 +00:00
Regis Houssin
7285270f1c Fix: DOL_MAIN_URL_ROOT est dfini dans master.inc.php 2009-05-16 12:31:17 +00:00
Regis Houssin
2306a4c305 Fix: obsolete 2009-05-16 07:24:20 +00:00
Regis Houssin
3723bb350a Fix: on supprime le GET ET POST si la requete ne vient pas du serveur 2009-05-16 07:16:12 +00:00
Laurent Destailleur
3c49c6e5b7 Sec: Make CSRF test at the beginning. No functionnal code must be done if there is a security risk, so use just a return. Add test on a constant to remove test for some pages because this break a lot of features. 2009-05-16 06:31:59 +00:00
Regis Houssin
d3621e4593 Fix: ajout d'un jeton alatoire dans les requetes POST 2009-05-15 13:59:49 +00:00
Regis Houssin
1ea80f4f57 Fix: protection faille CSRF !!! 2009-05-15 12:59:39 +00:00
Regis Houssin
d73aac6e4e Fix: creation et verification d'un jeton alatoire afin de valider une requete POST, voici la ligne ajouter dans une requete POST 
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 2009-05-15 12:48:13 +00:00
Regis Houssin
df37827eb7 Todo: faille CSRF -- creation d'un jeton alatoire pour valider les requetes POST 2009-05-15 12:13:23 +00:00
Laurent Destailleur
5615a164fd Use a more specific picto for documentation help 2009-05-10 05:44:35 +00:00
Regis Houssin
f43d69faef Todo: utiliser $user->datelastlogin pour un cryptage alatoire 2009-05-08 21:17:02 +00:00
Regis Houssin
149e232bd3 Add: /core/cookie.class.php for create and encrypt/decrypt cookie value with personnal key 
configured in conf.php with $dolibarr_main_cookie_cryptkey
 2009-05-08 19:46:07 +00:00
Regis Houssin
865f6198e8 Add: /core/cookie.class.php for create and encrypt/decrypt cookie value with personnal key 
configured in conf.php with $dolibarr_main_cookie_cryptkey
 2009-05-08 19:46:07 +00:00
Laurent Destailleur
b38fb205f6 Fix: Ajax popup now works on IE. 2009-05-08 19:27:39 +00:00
Laurent Destailleur
e007bc6079 Fix: Do no load language file with user choice if lang code is forced on URL 2009-05-08 15:40:33 +00:00
Laurent Destailleur
326cd8b227 All data from conf file are stored into conf->file->xxx 
Multicompany should be ok to logon with no breaking sessions when disabled
 2009-05-08 01:23:33 +00:00
Regis Houssin
81a5393e70 Todo: il faut qu'on trouve une autre solution, il n'y a que comme ca que la multicompany a un fonctionnement correct... 2009-05-07 16:11:57 +00:00
Regis Houssin
f1a5c6fae3 Fix: seul le superadmin peut changer la config de syslog 2009-05-07 09:06:57 +00:00
Laurent Destailleur
1e37d24bf4 Can make a link between a member and a user 2009-05-06 23:30:49 +00:00
Laurent Destailleur
672f75a4d7 Can disable prototype and scriptaculous 2009-04-27 19:50:39 +00:00
Regis Houssin
b33020c86a Fix: entity cookie connection 2009-04-23 15:48:58 +00:00
Regis Houssin
908e408750 Fix: create session and cookie for multi-company 2009-04-23 13:39:39 +00:00
Regis Houssin
260f762e97 Fix: create session and cookie for multi-company 2009-04-23 13:19:28 +00:00
Laurent Destailleur
47f255ea15 Fix: Correct broken install 2009-04-17 18:26:21 +00:00
Regis Houssin
c52636bd38 New: early development of multi-company module 2009-04-17 07:45:00 +00:00
Regis Houssin
94a5df6a2d New: early development of multi-company module 2009-04-15 20:09:43 +00:00
Laurent Destailleur
cd78a8db7b Minor changes 2009-03-13 13:12:43 +00:00
Laurent Destailleur
0cd67ded54 New: Some pages can link to wiki help pages 2009-03-09 11:54:06 +00:00
Laurent Destailleur
2da5a733eb New: Some pages can link to wiki help pages 2009-03-09 11:28:15 +00:00
Laurent Destailleur
77d3821645 New: Some pages can link to wiki help pages 2009-03-09 11:28:12 +00:00
Laurent Destailleur
f3cfea66e1 New: Some pages can link to wiki help pages 2009-03-09 10:51:42 +00:00
Laurent Destailleur
61e2282cb1 Qual: Removed deprecated code 2009-03-02 18:25:51 +00:00
Laurent Destailleur
6a0877fe6a New: Can use absolute url path for help link 2009-02-24 21:54:18 +00:00
Laurent Destailleur
4333e8cb2a Changes to support deposit invoices 2009-02-24 02:41:21 +00:00
Laurent Destailleur
75b738eff9 Added XDebug tools 2009-02-21 01:04:35 +00:00
Laurent Destailleur
0823322ba1 Qual: All call to dolibarr_ functions are made on dol_ functions. 2009-02-20 22:53:15 +00:00
Laurent Destailleur
e83b22b29b Added XDebug tools 2009-02-20 20:28:16 +00:00
Laurent Destailleur
04607575ac Fix: infinite loop if documents directory not writable 2009-02-02 18:33:44 +00:00
Laurent Destailleur
4017a39162 Fix: Do not load language file before user lang has been set. 2009-01-30 22:18:07 +00:00
Laurent Destailleur
df0ef9efe5 New: Can add a bookmark on all dolibarr pages. 2009-01-23 00:47:23 +00:00
Laurent Destailleur
0befb92a12 Removed PHP warnings with E_ALL level 2009-01-21 14:09:42 +00:00
Laurent Destailleur
bdfecdc751 Removed PHP warnings with E_ALL level 2009-01-21 13:06:34 +00:00
Laurent Destailleur
e0a2b51866 Add version of CVS file inside html output. This make debug easier. 2009-01-12 22:18:09 +00:00
Laurent Destailleur
4d7e695d86 Can switch between graph on account or all acounts. 2009-01-12 19:36:40 +00:00
Laurent Destailleur
fa9aee5de4 Fix: Better support of option dolibarr_main_force_https 2008-12-23 20:36:13 +00:00
Laurent Destailleur
aeb1488a56 Reduce memory usage 2008-12-15 20:55:44 +00:00
Laurent Destailleur
d9b7bff2fd Add log inside install pages. 2008-12-15 01:04:32 +00:00
Laurent Destailleur
67e2efcb43 Comment in english 2008-12-13 12:33:00 +00:00
Laurent Destailleur
2444f40202 Fix: search forms not shown 2008-12-10 15:17:04 +00:00
Laurent Destailleur
0cf484630e A better demo home page 2008-12-10 15:02:08 +00:00
Laurent Destailleur
d3283a798a Qual: Replace ereg_replace(",","." by price2num 2008-12-09 21:02:58 +00:00
Laurent Destailleur
51dc0dd01f Add fast search form in menu for member module 2008-12-08 15:07:11 +00:00
Laurent Destailleur
7dcd991215 Change to allow modules to add new tabs 2008-12-07 22:29:44 +00:00
Laurent Destailleur
8b263e4b16 Can use several root directories. 2008-12-07 19:19:32 +00:00
Laurent Destailleur
ce89518810 Add list of disabled modules in login info 2008-12-02 14:22:21 +00:00
Laurent Destailleur
fc887d1c9d Can disable modules for session from url 2008-11-27 23:24:50 +00:00
Laurent Destailleur
dc46ba4000 Removed duplicate code. 
Prepare dynamic disabling of modules
 2008-11-27 23:02:49 +00:00
Laurent Destailleur
658203982c Fix: Info on login 2008-11-09 23:57:33 +00:00
Laurent Destailleur
a679f5fff8 Fix: Use of MAIN_APPLICATION_TITLE parameter 2008-11-06 19:55:31 +00:00
Laurent Destailleur
7deb33c52d Maxi debug for UTF8 support 2008-10-28 20:05:23 +00:00
Regis Houssin
77ea9a7914 Fix: slash en trop 2008-10-27 22:12:06 +00:00
Laurent Destailleur
055c4411ff Dolibarr and cashdesk module shares the same cookie 2008-10-26 12:59:56 +00:00
Laurent Destailleur
1533547259 Can set application title 2008-10-23 16:55:42 +00:00
Laurent Destailleur
5758db39d3 New: Add filter on date for services 2008-10-20 22:10:38 +00:00
Laurent Destailleur
a3384961e4 Fix: Social contributions payments appeared with empty label in list. Now it's link to social contribution card. 2008-10-18 14:01:55 +00:00