lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
117,307 Commits 43 Branches 150 Tags 886 MiB
5bbfdbb775
Commit Graph

285 Commits

Author SHA1 Message Date
stickler-ci
6fd08bc5ef Fixing style errors. 2021-10-26 14:56:56 +00:00
atm-greg
406089ef0c FIX restrictedArea for payment delete 2021-10-26 16:47:16 +02:00
Scrutinizer Auto-Fixer
5567310e44 Scrutinizer Auto-Fixes 
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
 2021-10-25 20:07:31 +00:00
Laurent Destailleur
02632e9e88 Fix need write permission on object to link/remove resource 2021-10-25 16:32:37 +02:00
Frédéric FRANCE
cc374e9eb1
fix warnings in ticket list 2021-10-24 10:02:12 +02:00
Frédéric FRANCE
cad2cf9b6f
fix warnings 2021-10-23 07:20:30 +02:00
Frédéric FRANCE
9bd31d2b85
fix warnings 2021-10-23 07:13:08 +02:00
Laurent Destailleur
81882f8243
Merge pull request #19065 from javieralapps4up/develop 
Access forbidden when the password of other users is changed
 2021-10-22 22:52:55 +02:00
Frédéric FRANCE
fafabe3be2
fix multiple warnings 2021-10-22 22:22:55 +02:00
Frédéric FRANCE
46c4f28478
fix multiple warnings 2021-10-22 22:15:59 +02:00
javieralapps4up
f50dfe8571
Update security.lib.php 2021-10-21 18:20:06 +02:00
javieralapps4up
5d854dcce1
FIX #19064 
Access forbidden when the password of other users is changed

Steps to reproduce the behavior

User with lire and password (user) perms, but no creer.

When this user saves or cancels the edition of the password of another user, he is sent to the prohibited page
 2021-10-21 18:17:43 +02:00
Alexandre SPANGARO
3f26ab195b HTML5 - <font> tag is deprecated, replace by <span> 2021-10-05 09:46:48 +02:00
ksar
f2b39b3eeb
FIX #18767 : Adherent delete 
Adherent Delete was not working due to the fact that 
$features = 'adherent';
$feature2 = 'cotisation';
And $user->rights->$feature->$subfeature->supprimer does not exist

Also I used the double declaration of salaries.
 2021-09-21 11:27:41 +02:00
lmarcouiller
a5e670291e Fix permission for salaries module 2021-09-08 15:36:51 +02:00
Laurent Destailleur
23829ae637 Cast numeric into on sql request 2021-08-23 18:56:46 +02:00
Laurent Destailleur
d4b5ee6c85 Fix cast into variable into sql request. 2021-08-23 17:41:11 +02:00
Laurent Destailleur
9c626bede4 Fix dol_hash for sha256 2021-07-30 18:43:35 +02:00
Laurent Destailleur
a0418fc17d FIX CWE-269 huntr - download of files of project 2021-05-21 18:53:09 +02:00
Laurent Destailleur
11fa523070 FIX CWE-269 2021-05-21 15:54:11 +02:00
Laurent Destailleur
b6dbe45242 Fix permissions on page to move position of file 2021-05-18 01:58:54 +02:00
Laurent Destailleur
aa05788d62 Merge branch '13.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	ChangeLog
	htdocs/compta/bank/class/account.class.php
	htdocs/core/class/extrafields.class.php
	htdocs/core/lib/security.lib.php
	htdocs/core/modules/societe/mod_codeclient_elephant.php
	htdocs/filefunc.inc.php
	test/phpunit/CodingPhpTest.php
 2021-05-11 20:34:46 +02:00
Laurent Destailleur
6591c3f50e
Merge pull request #17538 from AlexisLaurier/fix/restrictedAreaPaymentFournDelete 
bug fix - deletion of invoice supplier payment
 2021-05-11 19:27:05 +02:00
Alexis LAURIER
d04c741a3b add payment_fourn delete proper check into security.lib 2021-05-08 09:12:17 +02:00
Laurent Destailleur
655056ed31 Debug v14 2021-04-29 12:10:55 +02:00
Alexandre SPANGARO
8d72448f43 Add right supplier_order 2021-04-12 09:47:16 +02:00
Laurent Destailleur
489cff46a3 FIX #yogosha5828 2021-04-08 00:37:17 +02:00
Laurent Destailleur
5ce9bc5801 FIX #yogosha5748 2021-04-02 23:23:44 +02:00
Laurent Destailleur
3857daed94 Fix remove log 2021-03-23 18:08:44 +01:00
Laurent Destailleur
5ff9038e4e Fix permissions on BOMs 2021-03-23 18:02:52 +01:00
Laurent Destailleur
15440917b1 Fix #ygosha5698 2021-03-22 11:30:18 +01:00
Laurent Destailleur
78aec3daae Removed option MAIN_EXTERNAL_USERS_CAN_SEE_SUBSIDIARY_COMPANIES. The 
implmentation did not make any test on subsidiaries. It has same effect
than being an internal user.
 2021-03-19 00:00:06 +01:00
stickler-ci
345fe648b3 Fixing style errors. 2021-03-11 15:37:27 +00:00
Laurent Destailleur
c596eb91a8
Merge branch 'develop' into abb120358 2021-03-11 16:35:21 +01:00
Bahfir Abbes
0158cbb893
Update security.lib.php 2021-03-11 04:02:30 +01:00
Frédéric FRANCE
a4e25359e7
add missing rule 2021-03-01 20:37:16 +01:00
Frédéric FRANCE
554e449e40
code syntax core directory 2021-02-23 22:03:23 +01:00
Laurent Destailleur
5340c30db3 FIX missing security test on payment page 
FIX sql error on group by on payment list
 2021-02-19 12:35:26 +01:00
abb
d82c62c40d New:Constant MAIN_SHOW_SOCIETE2EXTERN to allow access to any thirdparty for external users 2021-02-12 23:53:45 +01:00
Laurent Destailleur
0849ce288c Fix phpcs 2021-02-10 14:04:06 +01:00
LAURIER Alexis
0ae0eb5758
fix regression of #16118 - entity not check 
Entity is not anymore check for user having permission $user->rights->societe->client->voir on the current entity. Then we can open object from any entity with current permissions and the entity field of objects are not anymore checked.
 2021-02-09 20:13:13 +01:00
Laurent Destailleur
daf88944f8 FIX #16118 Timezone problem on some fields 2021-02-02 00:19:41 +01:00
Laurent Destailleur
f06d920460 FIX #15583 2020-12-03 16:22:03 +01:00
Scrutinizer Auto-Fixer
7f52920716 Scrutinizer Auto-Fixes 
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
 2020-10-31 13:32:18 +00:00
Laurent Destailleur
b5703350da Fix escape 2020-09-19 22:41:05 +02:00
Laurent Destailleur
f62d52f89a Fix tooltip for linkto object. 
Fix security of ajax selectobject.php
 2020-09-19 00:44:47 +02:00
Scrutinizer Auto-Fixer
b78ff67d7e Scrutinizer Auto-Fixes 
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
 2020-09-07 08:18:17 +00:00
Laurent Destailleur
bd65e5612f Fix duplicate id 2020-08-17 20:06:01 +02:00
Laurent Destailleur
c63d54631c Merge branch '11.0' of git@github.com:Dolibarr/dolibarr.git into 12.0 
Conflicts:
	htdocs/categories/class/categorie.class.php
 2020-08-17 19:59:17 +02:00
Laurent Destailleur
487d26c7db Merge branch '10.0' of git@github.com:Dolibarr/dolibarr.git into 11.0 
Conflicts:
	htdocs/categories/class/categorie.class.php
	htdocs/core/class/html.formfile.class.php
	htdocs/core/lib/functions.lib.php
 2020-08-17 19:54:23 +02:00
stickler-ci
8d88217434 Fixing style errors. 2020-08-04 14:48:15 +00:00
Ferran Marcet
70ad2fcee0 Fix: User can see events that are not assigned to it 2020-08-04 16:45:57 +02:00
Ferran Marcet
7a077a2d99 Fix: User can see events that are not assigned to it 2020-08-04 16:45:04 +02:00
stickler-ci
9926eac192 Fixing style errors. 2020-08-03 09:26:36 +00:00
Ferran Marcet
63b15dd1b6 Fix: User can see events that are not assigned to it 2020-08-03 11:17:30 +02:00
Laurent Destailleur
fd95551940 Fix upload of file in import module 
Conflicts:
	htdocs/core/lib/security.lib.php
 2020-07-09 21:52:27 +02:00
Laurent Destailleur
9bb0ef04f5 Fix upload of file in import module 2020-06-29 18:07:51 +02:00
Laurent Destailleur
146c521efd Merge branch '12.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/core/lib/security.lib.php
	htdocs/filefunc.inc.php
 2020-06-29 18:06:42 +02:00
Laurent Destailleur
5b3670f300 FIX SQL syntax error when editing extrafields 
Conflicts:
	htdocs/core/lib/security.lib.php
 2020-06-29 14:28:53 +02:00
Laurent Destailleur
7c5b0be6a3 FIX SQL syntax error when editing extrafields 2020-06-29 13:48:00 +02:00
Laurent Destailleur
a5893db106 FIX upload documents into manual ECM was reported a permission error 2020-06-28 22:05:55 +02:00
lvessiller
c689b91539 FIX upload file in import module 2020-06-25 16:59:48 +02:00
Laurent Destailleur
c36c8ed447 Merge branch '12.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/core/actions_linkedfiles.inc.php
 2020-06-17 15:28:19 +02:00
Laurent Destailleur
1a7f0741b5 Merge branch '11.0' of git@github.com:Dolibarr/dolibarr.git into 12.0 
Conflicts:
	htdocs/compta/paiement/class/paiement.class.php
	htdocs/core/actions_linkedfiles.inc.php
	htdocs/fourn/class/paiementfourn.class.php
 2020-06-17 14:53:24 +02:00
Laurent Destailleur
6660923e94 FIX Privilege escalation reported by wizlynx WLX-2020-011 2020-06-17 13:29:43 +02:00
Laurent Destailleur
7ce7905d31 Fix check for mrp 2020-06-07 23:03:58 +02:00
Laurent Destailleur
87a60a501f Security on disabling a web page 2020-06-07 23:00:38 +02:00
Frédéric FRANCE
174ddc5fd4
prepare new rule 2020-05-23 21:07:47 +02:00
Frédéric FRANCE
b41ac00b98
add new rule 2020-05-21 15:05:19 +02:00
Frédéric FRANCE
ee6fadd0d5
add new rule 2020-05-21 01:41:27 +02:00
Laurent Destailleur
1bf677f537 Can set status of a websitepage 2020-05-14 18:14:55 +02:00
Scrutinizer Auto-Fixer
f413ce6aac Scrutinizer Auto-Fixes 
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
 2020-03-12 11:45:44 +00:00
Laurent Destailleur
fefb3fdde7 Fix permissions on restricArea for external modules 2020-03-08 18:26:41 +01:00
Laurent Destailleur
096a568e83 Merge branch '11.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/core/class/extrafields.class.php
 2020-02-23 23:42:23 +01:00
Laurent Destailleur
3075e40f8c Merge branch '10.0' of git@github.com:Dolibarr/dolibarr.git into 11.0 
Conflicts:
	htdocs/comm/remx.php
	htdocs/core/boxes/box_contacts.php
	htdocs/core/lib/functions.lib.php
	htdocs/core/lib/security.lib.php
 2020-02-23 23:37:46 +01:00
Regis Houssin
0ab0bb2e7d FIX wrong test 2020-02-14 19:26:28 +01:00
Regis Houssin
52506ddd05 FIX can be a string or integer 2020-02-13 09:25:36 +01:00
Regis Houssin
f19f706c38 FIX better check 2020-02-13 07:55:52 +01:00
Laurent Destailleur
7931734ecb Merge branch '11.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/core/modules/modUser.class.php
 2020-02-12 20:30:20 +01:00
Laurent Destailleur
e74df397eb FIX #13094 2020-02-12 17:28:18 +01:00
Regis Houssin
275b5d1f77 FIX #10309 2020-02-11 07:32:29 +01:00
Laurent Destailleur
c3beb854a2 Definition of $fields for member and subscriptions 2020-02-08 13:44:31 +01:00
Laurent Destailleur
54414f7bb0 WIP Generic report 2020-02-07 11:53:09 +01:00
Laurent Destailleur
f752551914 WIP Generic stats page 2020-01-31 14:53:47 +01:00
Scrutinizer Auto-Fixer
057ab6a059 Scrutinizer Auto-Fixes 
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
 2019-11-26 11:52:04 +00:00
Laurent Destailleur
bc5270ce76 Merge branch '10.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/fourn/facture/card.php
 2019-11-24 18:15:25 +01:00
Laurent Destailleur
cf0311dd6a FIX Hook getAccessForbiddenMessage was missing parameters 2019-11-22 16:13:22 +01:00
Frédéric FRANCE
e93aaa2a75
replace deprecated user->societe_id by user->socid 2019-10-31 20:46:31 +01:00
Frédéric FRANCE
e2afcfb999
clean indent 2019-10-27 11:53:20 +01:00
Alexandre SPANGARO
02dbc11f98 Move Gnu.org to https 2019-09-23 21:55:30 +02:00
Laurent Destailleur
b9ee95314a SEC restrictedArea protects also the 'update' action 2019-08-02 17:12:59 +02:00
Laurent Destailleur
2be5e9615d Fix look and field v10 2019-06-12 19:03:22 +02:00
Laurent Destailleur
e81663ec34 Fix cropping of image files for BOM module was ko 2019-06-12 19:00:34 +02:00
Laurent Destailleur
210b2f37dc Fix error message 2019-06-04 19:18:20 +02:00
Laurent Destailleur
79a3e41418 Hook 'getAccessForbiddenMessage' 2019-06-04 12:48:06 +02:00
Laurent Destailleur
9e91826dea Can set length of random password 2019-04-22 14:12:58 +02:00
Laurent Destailleur
d31b632d96 Merge branch '9.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/core/lib/security.lib.php
 2019-03-15 11:06:49 +01:00
Laurent Destailleur
074ba0729a Merge branch '8.0' of git@github.com:Dolibarr/dolibarr.git into 9.0 2019-03-15 11:00:52 +01:00
Laurent Destailleur
84bff41543 Merge branch '7.0' of git@github.com:Dolibarr/dolibarr.git into 8.0 2019-03-15 11:00:24 +01:00
Laurent Destailleur
6c2cad3d48 Merge branch '6.0' of git@github.com:Dolibarr/dolibarr.git into 7.0 
Conflicts:
	htdocs/core/lib/security.lib.php
 2019-03-15 11:00:00 +01:00