lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
21,996 Commits 43 Branches 150 Tags 886 MiB
2.9
Commit Graph

543 Commits

Author SHA1 Message Date
Laurent Destailleur
7036c67414 New: First change to test how to optimize for smartphone. 2009-09-15 01:22:19 +00:00
Laurent Destailleur
5d9e35a3ed Fix: CSRF protection is enabled only if MAIN_SECURITY_CSRF is set. 2009-09-14 01:56:24 +00:00
Laurent Destailleur
070b160450 New: Add option MAIN_ONLY_LOGIN_ALLOWED to lock login to any user that is not value of constant. 
For example MAIN_ONLY_LOGIN_ALLOWED=admin will lock login to any login except admin.
This make possible to make maintenance works.
A page to add/remove this constant will be added later in system-tools
 2009-08-30 01:39:40 +00:00
Laurent Destailleur
534c8d8dbf Fix: Can't add product line to supplier order. 2009-08-28 22:46:40 +00:00
Laurent Destailleur
756ca4499a Qual: Ajax code is simpler and now works with IE6 2009-08-27 23:31:50 +00:00
Laurent Destailleur
c296965865 Fix: Some ajax features was broken 2009-08-27 22:20:01 +00:00
Laurent Destailleur
d2e3e207a6 Work on import module 2009-08-23 00:15:30 +00:00
Laurent Destailleur
000e40eb80 Perf: Some speed enhancements 2009-08-22 16:07:46 +00:00
Laurent Destailleur
c7e3ffbadb Typo fix 2009-08-21 20:22:46 +00:00
Laurent Destailleur
2b26eb5b4a Add a print icon to show a page to print without menus. 2009-08-19 20:57:15 +00:00
Laurent Destailleur
061a90ec1d New: Can add parameter &optioncss=print on url to have a page ready to print (menu removed) 2009-08-19 16:51:55 +00:00
Laurent Destailleur
944345b625 New: Can add parameter &optioncss=print on url to have a page ready to print (menu removed) 2009-08-19 16:26:12 +00:00
Laurent Destailleur
f52a4182a4 Fix: Pb with popu calendar in EI8 and security options of IE6 2009-08-13 12:32:22 +00:00
Laurent Destailleur
c11cef6d47 Add help link to online wiki 2009-08-12 12:59:14 +00:00
Laurent Destailleur
b1bb20c1bf New: First try to support right to left languages (ar_AR) 2009-08-11 12:28:30 +00:00
Laurent Destailleur
13a3de8d90 Fix: "Now" link works when date popup is not used. 
New: Add option to hide help in menu.
 2009-08-09 19:25:17 +00:00
Laurent Destailleur
e5475f0b28 Add hidden option MAIN_US_MINI_JS to use minified version of large javascript 2009-08-09 11:37:32 +00:00
Laurent Destailleur
6b8d5ae8a2 Add hidden option MAIN_US_MINI_JS to use minified version of large javascript 2009-08-09 11:22:19 +00:00
Laurent Destailleur
863b83c4db Look: Try an enhancement in background in eldy theme 
Look: Link to online help is more clear.
 2009-08-09 00:35:17 +00:00
Laurent Destailleur
b1ff004e6f Enhancement of install/upgrade process: If database version differs from programs version, the install page is automatically called. 2009-08-08 16:26:06 +00:00
Laurent Destailleur
1d600dd2f8 Qual: Usage of smarty templates by some modules is now cleaner. 2009-08-02 17:13:59 +00:00
Laurent Destailleur
378b96d504 Removed deprecated option. Use the conf->module->enabled instead. 2009-08-02 16:47:06 +00:00
Laurent Destailleur
5652291f8b Fix: W3C 2009-07-07 15:34:55 +00:00
Laurent Destailleur
8dc1e4ec30 Doc 2009-07-06 13:20:52 +00:00
Regis Houssin
32915db864 Security: just one token 2009-07-03 09:04:29 +00:00
Laurent Destailleur
b9971792ff Perf: Several speed optimizing after using the Google Page Speed plugin for firebug 2009-06-15 14:26:34 +00:00
Laurent Destailleur
f5a2f6eaaa Fix: Pb with the token post protection 2009-06-15 12:15:51 +00:00
Laurent Destailleur
28dd72e17a New: Prepare correct management of timezones 
Fix: Bad support of timeouts.
 2009-06-14 16:25:23 +00:00
Laurent Destailleur
25b608c9f6 Fix: Restore the picto title in gif format because the png transparency is not supported on IE6 (54% of users). 2009-06-14 12:38:45 +00:00
Laurent Destailleur
7b68ed8cd5 Qual: Removed deprecated source code 2009-06-10 19:51:00 +00:00
Laurent Destailleur
8732364f01 Qual: Now module services and products are two completely separated modules. 2009-06-08 18:14:37 +00:00
Laurent Destailleur
3c591db844 Restore changes after 27 may due to from savannah Crash. 2009-06-03 23:05:52 +00:00
Laurent Destailleur
b309cd1380 Fix: W3C 2009-05-27 14:32:19 +00:00
Regis Houssin
fa55e65e54 Fix: Disables token renewal in Ajax request 2009-05-26 17:01:18 +00:00
Laurent Destailleur
003208bc96 Disable the CSRF protection if we are in a development instance (to be able to do test and send post from tools). 2009-05-24 19:04:25 +00:00
Laurent Destailleur
e86917a148 Renamed conf->cookie_cryptkey into conf->file->cookie_cryptkey. The goal is to have all parameters defined inside file conf.php to be in $conf->file->xxx. Excep for database that are stored in $conf->db (historic reasons). This make code easier to understand and to know origine of a value (file or database). 2009-05-24 00:19:06 +00:00
Regis Houssin
f45caf216f Add: just used cookie for remind last user and last entity 
Look: use cookie for view logo of last used entity
 2009-05-23 17:44:36 +00:00
Regis Houssin
1420692e53 Add: view last user and last entity in login page if cookie is enabled 2009-05-23 15:35:02 +00:00
Regis Houssin
23ce17b308 Add: entity cookie just used for the login page 2009-05-22 15:38:09 +00:00
Regis Houssin
6f163a94a8 Add: entity cookie just used for the login page 2009-05-22 15:24:32 +00:00
Laurent Destailleur
8e167d3f80 Qual: Now creation of session is done before the loading of conf. This make code much easier to understand. 2009-05-22 00:20:45 +00:00
Laurent Destailleur
fb0e668fc0 Qual: Now creation of session is done before the loading of conf. This make code much easier to understand. 2009-05-21 22:28:05 +00:00
Laurent Destailleur
e4090f63b1 Session name DOLSESSID_databasename is replace with DOLSESSID_dolibarrwebinstance. This remove a key read in conf.class.php used to name session because, to make code simpler, we will need to create session before the conf is loaded. This is also most secure because it is possible to use 2 dolibarr instances even if database names are same on two different mysql server. 
Add also comments on code to remember to simplify things.
 2009-05-21 21:37:45 +00:00
Laurent Destailleur
9d57b9ec71 Add message to avoid to search 2009-05-21 17:45:13 +00:00
Laurent Destailleur
9a38002c46 Session name DOLSESSID_databasename is replace with DOLSESSID_dolibarrwebinstance. This remove a key read in conf.class.php used to name session because, to make code simpler, we will need to create session before the conf is loaded. This is also most secure because it is possible to use 2 dolibarr instances even if database names are same on two different mysql server. 
Add also comments on code to remember to simplify things.
 2009-05-21 13:37:18 +00:00
Regis Houssin
ee350b7352 Fix: ouverture d'une session temporaire de securite pour stocker une de cryptage alatoire pour 
encryption du cookie
 2009-05-20 18:23:02 +00:00
Regis Houssin
3786711822 Fix: ouverture d'une session temporaire de securite pour stocker une de cryptage alatoire pour 
encryption du cookie
 2009-05-20 18:18:25 +00:00
Regis Houssin
1437913f39 Fix: remplace rand par mt_rand plus performant 2009-05-19 21:51:08 +00:00
Regis Houssin
572a89e1d3 Fix: protection faille CSRF 2009-05-19 21:08:17 +00:00
Regis Houssin
63cbd5a24e Fix: protection faille CSRF 2009-05-19 20:59:20 +00:00
Regis Houssin
91624baceb Add: a color picker 
Add: define a background color/image in mailing
 2009-05-19 13:27:44 +00:00
Regis Houssin
53d214fbea Fix: just use exit 2009-05-18 14:41:32 +00:00
Laurent Destailleur
0c74892580 New: Better link to help wiki 2009-05-18 11:40:33 +00:00
Laurent Destailleur
7125e40f8e Another try to make the CSRF test before the master.inc.php 2009-05-17 22:40:24 +00:00
Regis Houssin
e5d222b6cc Fix: rgression sur l'utilisation des niveau du jeton, on test sur les 2 niveaux car 
comportement alatoire avec certaines fonctions
 2009-05-17 08:01:54 +00:00
Regis Houssin
9f86fcc443 Fix: niveau alatoire du jeton sur le confirm_form, on le scurise que si il contient 
des donnes POST
 2009-05-16 16:51:09 +00:00
Regis Houssin
36c58c62fc Fix: ajout de log sur le refus du jeton 2009-05-16 16:12:09 +00:00
Regis Houssin
1d719e2317 Fix: ajout debug 2009-05-16 16:00:44 +00:00
Regis Houssin
c1c1f8a4d2 Fix: ajout d'un niveau supplmentaire du cache du jeton 2009-05-16 15:45:26 +00:00
Regis Houssin
7285270f1c Fix: DOL_MAIN_URL_ROOT est dfini dans master.inc.php 2009-05-16 12:31:17 +00:00
Regis Houssin
2306a4c305 Fix: obsolete 2009-05-16 07:24:20 +00:00
Regis Houssin
3723bb350a Fix: on supprime le GET ET POST si la requete ne vient pas du serveur 2009-05-16 07:16:12 +00:00
Laurent Destailleur
3c49c6e5b7 Sec: Make CSRF test at the beginning. No functionnal code must be done if there is a security risk, so use just a return. Add test on a constant to remove test for some pages because this break a lot of features. 2009-05-16 06:31:59 +00:00
Regis Houssin
d3621e4593 Fix: ajout d'un jeton alatoire dans les requetes POST 2009-05-15 13:59:49 +00:00
Regis Houssin
1ea80f4f57 Fix: protection faille CSRF !!! 2009-05-15 12:59:39 +00:00
Regis Houssin
d73aac6e4e Fix: creation et verification d'un jeton alatoire afin de valider une requete POST, voici la ligne ajouter dans une requete POST 
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 2009-05-15 12:48:13 +00:00
Regis Houssin
df37827eb7 Todo: faille CSRF -- creation d'un jeton alatoire pour valider les requetes POST 2009-05-15 12:13:23 +00:00
Laurent Destailleur
5615a164fd Use a more specific picto for documentation help 2009-05-10 05:44:35 +00:00
Regis Houssin
f43d69faef Todo: utiliser $user->datelastlogin pour un cryptage alatoire 2009-05-08 21:17:02 +00:00
Regis Houssin
149e232bd3 Add: /core/cookie.class.php for create and encrypt/decrypt cookie value with personnal key 
configured in conf.php with $dolibarr_main_cookie_cryptkey
 2009-05-08 19:46:07 +00:00
Regis Houssin
865f6198e8 Add: /core/cookie.class.php for create and encrypt/decrypt cookie value with personnal key 
configured in conf.php with $dolibarr_main_cookie_cryptkey
 2009-05-08 19:46:07 +00:00
Laurent Destailleur
b38fb205f6 Fix: Ajax popup now works on IE. 2009-05-08 19:27:39 +00:00
Laurent Destailleur
e007bc6079 Fix: Do no load language file with user choice if lang code is forced on URL 2009-05-08 15:40:33 +00:00
Laurent Destailleur
326cd8b227 All data from conf file are stored into conf->file->xxx 
Multicompany should be ok to logon with no breaking sessions when disabled
 2009-05-08 01:23:33 +00:00
Regis Houssin
81a5393e70 Todo: il faut qu'on trouve une autre solution, il n'y a que comme ca que la multicompany a un fonctionnement correct... 2009-05-07 16:11:57 +00:00
Regis Houssin
f1a5c6fae3 Fix: seul le superadmin peut changer la config de syslog 2009-05-07 09:06:57 +00:00
Laurent Destailleur
1e37d24bf4 Can make a link between a member and a user 2009-05-06 23:30:49 +00:00
Laurent Destailleur
672f75a4d7 Can disable prototype and scriptaculous 2009-04-27 19:50:39 +00:00
Regis Houssin
b33020c86a Fix: entity cookie connection 2009-04-23 15:48:58 +00:00
Regis Houssin
908e408750 Fix: create session and cookie for multi-company 2009-04-23 13:39:39 +00:00
Regis Houssin
260f762e97 Fix: create session and cookie for multi-company 2009-04-23 13:19:28 +00:00
Laurent Destailleur
47f255ea15 Fix: Correct broken install 2009-04-17 18:26:21 +00:00
Regis Houssin
c52636bd38 New: early development of multi-company module 2009-04-17 07:45:00 +00:00
Regis Houssin
94a5df6a2d New: early development of multi-company module 2009-04-15 20:09:43 +00:00
Laurent Destailleur
cd78a8db7b Minor changes 2009-03-13 13:12:43 +00:00
Laurent Destailleur
0cd67ded54 New: Some pages can link to wiki help pages 2009-03-09 11:54:06 +00:00
Laurent Destailleur
2da5a733eb New: Some pages can link to wiki help pages 2009-03-09 11:28:15 +00:00
Laurent Destailleur
77d3821645 New: Some pages can link to wiki help pages 2009-03-09 11:28:12 +00:00
Laurent Destailleur
f3cfea66e1 New: Some pages can link to wiki help pages 2009-03-09 10:51:42 +00:00
Laurent Destailleur
61e2282cb1 Qual: Removed deprecated code 2009-03-02 18:25:51 +00:00
Laurent Destailleur
6a0877fe6a New: Can use absolute url path for help link 2009-02-24 21:54:18 +00:00
Laurent Destailleur
4333e8cb2a Changes to support deposit invoices 2009-02-24 02:41:21 +00:00
Laurent Destailleur
75b738eff9 Added XDebug tools 2009-02-21 01:04:35 +00:00
Laurent Destailleur
0823322ba1 Qual: All call to dolibarr_ functions are made on dol_ functions. 2009-02-20 22:53:15 +00:00
Laurent Destailleur
e83b22b29b Added XDebug tools 2009-02-20 20:28:16 +00:00
Laurent Destailleur
04607575ac Fix: infinite loop if documents directory not writable 2009-02-02 18:33:44 +00:00
Laurent Destailleur
4017a39162 Fix: Do not load language file before user lang has been set. 2009-01-30 22:18:07 +00:00
Laurent Destailleur
df0ef9efe5 New: Can add a bookmark on all dolibarr pages. 2009-01-23 00:47:23 +00:00
Laurent Destailleur
0befb92a12 Removed PHP warnings with E_ALL level 2009-01-21 14:09:42 +00:00
Laurent Destailleur
bdfecdc751 Removed PHP warnings with E_ALL level 2009-01-21 13:06:34 +00:00