lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
117,307 Commits 43 Branches 150 Tags 886 MiB
5bbfdbb775
Commit Graph

285 Commits

Author SHA1 Message Date
stickler-ci
8d88217434 Fixing style errors. 2020-08-04 14:48:15 +00:00
Ferran Marcet
70ad2fcee0 Fix: User can see events that are not assigned to it 2020-08-04 16:45:57 +02:00
Ferran Marcet
7a077a2d99 Fix: User can see events that are not assigned to it 2020-08-04 16:45:04 +02:00
stickler-ci
9926eac192 Fixing style errors. 2020-08-03 09:26:36 +00:00
Ferran Marcet
63b15dd1b6 Fix: User can see events that are not assigned to it 2020-08-03 11:17:30 +02:00
Laurent Destailleur
fd95551940 Fix upload of file in import module 
Conflicts:
	htdocs/core/lib/security.lib.php
 2020-07-09 21:52:27 +02:00
Laurent Destailleur
9bb0ef04f5 Fix upload of file in import module 2020-06-29 18:07:51 +02:00
Laurent Destailleur
146c521efd Merge branch '12.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/core/lib/security.lib.php
	htdocs/filefunc.inc.php
 2020-06-29 18:06:42 +02:00
Laurent Destailleur
5b3670f300 FIX SQL syntax error when editing extrafields 
Conflicts:
	htdocs/core/lib/security.lib.php
 2020-06-29 14:28:53 +02:00
Laurent Destailleur
7c5b0be6a3 FIX SQL syntax error when editing extrafields 2020-06-29 13:48:00 +02:00
Laurent Destailleur
a5893db106 FIX upload documents into manual ECM was reported a permission error 2020-06-28 22:05:55 +02:00
lvessiller
c689b91539 FIX upload file in import module 2020-06-25 16:59:48 +02:00
Laurent Destailleur
c36c8ed447 Merge branch '12.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/core/actions_linkedfiles.inc.php
 2020-06-17 15:28:19 +02:00
Laurent Destailleur
1a7f0741b5 Merge branch '11.0' of git@github.com:Dolibarr/dolibarr.git into 12.0 
Conflicts:
	htdocs/compta/paiement/class/paiement.class.php
	htdocs/core/actions_linkedfiles.inc.php
	htdocs/fourn/class/paiementfourn.class.php
 2020-06-17 14:53:24 +02:00
Laurent Destailleur
6660923e94 FIX Privilege escalation reported by wizlynx WLX-2020-011 2020-06-17 13:29:43 +02:00
Laurent Destailleur
7ce7905d31 Fix check for mrp 2020-06-07 23:03:58 +02:00
Laurent Destailleur
87a60a501f Security on disabling a web page 2020-06-07 23:00:38 +02:00
Frédéric FRANCE
174ddc5fd4
prepare new rule 2020-05-23 21:07:47 +02:00
Frédéric FRANCE
b41ac00b98
add new rule 2020-05-21 15:05:19 +02:00
Frédéric FRANCE
ee6fadd0d5
add new rule 2020-05-21 01:41:27 +02:00
Laurent Destailleur
1bf677f537 Can set status of a websitepage 2020-05-14 18:14:55 +02:00
Scrutinizer Auto-Fixer
f413ce6aac Scrutinizer Auto-Fixes 
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
 2020-03-12 11:45:44 +00:00
Laurent Destailleur
fefb3fdde7 Fix permissions on restricArea for external modules 2020-03-08 18:26:41 +01:00
Laurent Destailleur
096a568e83 Merge branch '11.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/core/class/extrafields.class.php
 2020-02-23 23:42:23 +01:00
Laurent Destailleur
3075e40f8c Merge branch '10.0' of git@github.com:Dolibarr/dolibarr.git into 11.0 
Conflicts:
	htdocs/comm/remx.php
	htdocs/core/boxes/box_contacts.php
	htdocs/core/lib/functions.lib.php
	htdocs/core/lib/security.lib.php
 2020-02-23 23:37:46 +01:00
Regis Houssin
0ab0bb2e7d FIX wrong test 2020-02-14 19:26:28 +01:00
Regis Houssin
52506ddd05 FIX can be a string or integer 2020-02-13 09:25:36 +01:00
Regis Houssin
f19f706c38 FIX better check 2020-02-13 07:55:52 +01:00
Laurent Destailleur
7931734ecb Merge branch '11.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/core/modules/modUser.class.php
 2020-02-12 20:30:20 +01:00
Laurent Destailleur
e74df397eb FIX #13094 2020-02-12 17:28:18 +01:00
Regis Houssin
275b5d1f77 FIX #10309 2020-02-11 07:32:29 +01:00
Laurent Destailleur
c3beb854a2 Definition of $fields for member and subscriptions 2020-02-08 13:44:31 +01:00
Laurent Destailleur
54414f7bb0 WIP Generic report 2020-02-07 11:53:09 +01:00
Laurent Destailleur
f752551914 WIP Generic stats page 2020-01-31 14:53:47 +01:00
Scrutinizer Auto-Fixer
057ab6a059 Scrutinizer Auto-Fixes 
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
 2019-11-26 11:52:04 +00:00
Laurent Destailleur
bc5270ce76 Merge branch '10.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/fourn/facture/card.php
 2019-11-24 18:15:25 +01:00
Laurent Destailleur
cf0311dd6a FIX Hook getAccessForbiddenMessage was missing parameters 2019-11-22 16:13:22 +01:00
Frédéric FRANCE
e93aaa2a75
replace deprecated user->societe_id by user->socid 2019-10-31 20:46:31 +01:00
Frédéric FRANCE
e2afcfb999
clean indent 2019-10-27 11:53:20 +01:00
Alexandre SPANGARO
02dbc11f98 Move Gnu.org to https 2019-09-23 21:55:30 +02:00
Laurent Destailleur
b9ee95314a SEC restrictedArea protects also the 'update' action 2019-08-02 17:12:59 +02:00
Laurent Destailleur
2be5e9615d Fix look and field v10 2019-06-12 19:03:22 +02:00
Laurent Destailleur
e81663ec34 Fix cropping of image files for BOM module was ko 2019-06-12 19:00:34 +02:00
Laurent Destailleur
210b2f37dc Fix error message 2019-06-04 19:18:20 +02:00
Laurent Destailleur
79a3e41418 Hook 'getAccessForbiddenMessage' 2019-06-04 12:48:06 +02:00
Laurent Destailleur
9e91826dea Can set length of random password 2019-04-22 14:12:58 +02:00
Laurent Destailleur
d31b632d96 Merge branch '9.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/core/lib/security.lib.php
 2019-03-15 11:06:49 +01:00
Laurent Destailleur
074ba0729a Merge branch '8.0' of git@github.com:Dolibarr/dolibarr.git into 9.0 2019-03-15 11:00:52 +01:00
Laurent Destailleur
84bff41543 Merge branch '7.0' of git@github.com:Dolibarr/dolibarr.git into 8.0 2019-03-15 11:00:24 +01:00
Laurent Destailleur
6c2cad3d48 Merge branch '6.0' of git@github.com:Dolibarr/dolibarr.git into 7.0 
Conflicts:
	htdocs/core/lib/security.lib.php
 2019-03-15 11:00:00 +01:00
Laurent Destailleur
e326c4d579 Look and feel v10 2019-03-15 10:48:10 +01:00
gauthier
8375b47e74 FIX : in fact expensereport must be in $check array 2019-03-15 10:21:50 +01:00
gauthier
3fb6978bc8 FIX : no need to test anything to display documents tabs on expense report 2019-03-14 17:36:49 +01:00
Laurent Destailleur
fac329e637 Clean code 2019-03-11 01:01:15 +01:00
Frédéric FRANCE
b10558bacd
Merge remote-tracking branch 'upstream/develop' into nospaceaftercomma 2019-01-27 23:23:38 +01:00
Laurent Destailleur
4f9f0fd7b5
Merge branch 'develop' into elseif 2019-01-27 17:54:06 +01:00
Frédéric FRANCE
f0cdf300d1
Squiz.Functions.FunctionDeclarationArgumentSpacing 2019-01-27 15:20:16 +01:00
Frédéric FRANCE
7ee086b402
PSR2 space after comma in function call 2019-01-27 11:55:16 +01:00
Frédéric FRANCE
6e91b3cefc
PSR2 usage of else if is discouraged 2019-01-27 10:49:34 +01:00
Laurent Destailleur
fd192f10c4
Merge pull request #10341 from hregis/8.0_bug 
FIX security broken with Multicompany
 2019-01-26 14:28:13 +01:00
Regis Houssin
d5b66eeffb FIX $user is already in parameters 2019-01-19 18:12:48 +01:00
Regis Houssin
c4b9bdd569 FIX remove var_dump 2019-01-16 19:15:02 +01:00
Regis Houssin
45a7e03562 FIX a user can always read its own card 2019-01-16 19:13:21 +01:00
Laurent Destailleur
e7943ae844 Merge branch '9.0' of git@github.com:Dolibarr/dolibarr.git into develop 2019-01-16 16:48:52 +01:00
Laurent Destailleur
d3828130ab Merge branch '8.0' of git@github.com:Dolibarr/dolibarr.git into 9.0 
Conflicts:
	htdocs/adherents/class/adherent.class.php
 2019-01-16 16:48:21 +01:00
Regis Houssin
7c9d85d091 FIX problem with multicompany transverse mode 
Signed-off-by: Regis Houssin <regis.houssin@inodbox.com>
 2019-01-15 12:18:04 +01:00
Laurent Destailleur
6d093b03f6 Code comment 2018-12-04 18:07:02 +01:00
Regis Houssin
9589f69574 Merge branch 'develop' of https://github.com/Dolibarr/dolibarr.git into 
develop_email

Conflicts:
	htdocs/core/modules/facture/doc/doc_generic_invoice_odt.modules.php
 2018-10-30 18:29:28 +01:00
Laurent Destailleur
68f6ebd0ff Merge branch '8.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/commande/class/commande.class.php
	htdocs/core/lib/security.lib.php
	htdocs/modulebuilder/template/myobject_card.php
 2018-10-30 14:47:39 +01:00
Laurent Destailleur
0266db7aa8 FIX deletion on draft is allowed if we are allwoed to create 2018-10-29 18:19:40 +01:00
Regis Houssin
569d59d251 FIX change my deprecated email 2018-10-27 14:43:12 +02:00
Laurent Destailleur
d9eeb43118 FIX translation no visible for access forbidden 2018-09-09 11:59:38 +02:00
Laurent Destailleur
12c43d7722 Merge branch '8.0' of git@github.com:Dolibarr/dolibarr.git into develop 2018-07-03 12:33:17 +02:00
Regis Houssin
df718cca5c Fix: better sql request with multicompany transverse mode 2018-07-02 10:09:56 +02:00
Regis Houssin
f998f64db0 Works on use new list engine instead template for canvas 
Conflicts:
	htdocs/product/list.php
 2018-06-30 10:52:26 +02:00
Laurent Destailleur
ef395fc36b Fix scrutinizer bugs 2018-05-16 15:23:52 +02:00
Laurent Destailleur
63b9384ef6 No transmormation of data objectid before calling trigger 2018-05-10 12:34:23 +02:00
Laurent Destailleur
c094a6c43e Reorder permissions 2018-05-10 12:29:58 +02:00
Laurent Destailleur
9077f18dd6
Update security.lib.php 2018-05-10 11:37:22 +02:00
Laurent Destailleur
8837193545
Merge branch 'develop' into permissions_hook 2018-05-10 11:36:08 +02:00
Laurent Destailleur
bc9eaaab84
Update security.lib.php 2018-05-10 11:34:20 +02:00
Laurent Destailleur
7be804dcf5
Update security.lib.php 2018-05-10 11:32:08 +02:00
Laurent Destailleur
0891766a3e
Update security.lib.php 2018-05-10 11:31:27 +02:00
Laurent Destailleur
ea4c48047a
All new hooks must be addreplace hooks 2018-05-10 11:30:27 +02:00
altatof
a8ecce9e6d add hook for more permissions control 2018-05-05 14:31:17 +02:00
Laurent Destailleur
124abd39b6 Code comment 2018-05-01 20:31:57 +02:00
Laurent Destailleur
3cad7c6998 Merge branch '7.0' of git@github.com:Dolibarr/dolibarr.git into develop 2018-05-01 12:51:46 +02:00
jfefe
7cedf55c27 FIX : missing english name for object 
'product' is used by API to check perms and return a 401 error even if user has correct
permissions
 2018-04-27 20:54:48 +02:00
Laurent Destailleur
0f16ccbc4a Enhance dol_encode/dol_decode function 2018-04-19 12:03:42 +02:00
Laurent Destailleur
863cab362f NEW Cat set the encryption algorithm for extrafields of type password 2018-02-23 14:38:41 +01:00
Laurent Destailleur
109c447171 Merge branch '7.0' of git@github.com:Dolibarr/dolibarr.git into develop 2018-02-12 03:21:37 +01:00
Laurent Destailleur
c03ceb2205 Merge branch '6.0' of git@github.com:Dolibarr/dolibarr.git into 7.0 2018-02-12 02:56:51 +01:00
Laurent Destailleur
f88874c1f7 Code comment 2018-02-12 02:53:08 +01:00
Laurent Destailleur
ae1641f4b9
Merge pull request #8063 from Alabate/develop 
NEW : Add password_hash as hash algorithm
 2018-01-26 18:01:13 +01:00
Laurent Destailleur
9cdb7f0f27 Code comment 2018-01-24 14:37:26 +01:00
Laurent Destailleur
26ba0a9ec2 Merge branch '6.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/cashdesk/index.php
	htdocs/compta/index.php
	htdocs/core/lib/security.lib.php
	htdocs/societe/list.php
 2018-01-16 20:23:32 +01:00
Laurent Destailleur
94b1d59f2b Fix missing check on object entity 2018-01-16 19:52:14 +01:00
Aurélien Labate
b86a5d5623 FIX add password_hash compatibility test for PHP < 5.5 2018-01-15 11:02:08 +01:00
Aurélien Labate
8088d92bbb NEW Add password_hash as hash algorithm 2018-01-15 00:33:25 +01:00
KHELIFA
7d824b3ef2 Fix: Access rights for resource in multi-entities 2018-01-04 15:05:11 +01:00
Laurent Destailleur
1351a43a30 FIX Maxi debug of permission for users external or restricted to sales 
representatives
 2017-12-18 16:13:05 +01:00
Laurent Destailleur
dbd96d1ac7 Merge branch '6.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/core/actions_sendmails.inc.php
	htdocs/loan/card.php
	htdocs/loan/class/loan.class.php
 2017-12-10 21:46:23 +01:00
Laurent Destailleur
f18edd5787
Update security.lib.php 2017-12-10 21:08:13 +01:00
patrick Delcroix
033016da7f fix: unable to remove salaries, plus correct default rights management 2017-12-10 20:02:26 +01:00
Laurent Destailleur
6796c08cb8 Debug/rewrite Blockedlog 2017-11-30 14:21:55 +01:00
Laurent Destailleur
e78406e120 Debug cronjob 2017-11-03 20:04:18 +01:00
Laurent Destailleur
69b131b919 Merge branch '6.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/comm/propal/card.php
	htdocs/societe/class/api_thirdparties.class.php
 2017-10-18 11:28:20 +02:00
Laurent Destailleur
aa1ff189e1 Fix var not correctly initialized when using api + multicompany 2017-10-17 12:58:26 +02:00
Laurent Destailleur
777486d74c Keep usage of function dol_hash to encrypt a non encrypted data 2017-10-06 13:13:51 +02:00
Regis Houssin
8d3ad9ddc8 Merge branch 'develop' of https://github.com/Dolibarr/dolibarr.git into develop_ldap 2017-10-04 08:43:07 +02:00
BENKE Charlene
41ba7af9fe unable to delete salaries 
compta/salaries/cards ask for a salarie/payement/delete right to delete
 2017-10-02 18:49:25 +02:00
Laurent Destailleur
b7810d95b9 Fix permissions 2017-09-30 20:43:15 +02:00
Regis Houssin
46cc23c568 Fix: $this->pass is empty if DATABASE_PWD_ENCRYPTED is used 2017-09-30 10:41:35 +02:00
Laurent Destailleur
4052e15565 Merge branch '5.0' of git@github.com:Dolibarr/dolibarr.git into 6.0 
Conflicts:
	htdocs/comm/action/card.php
 2017-08-26 21:58:29 +02:00
Regis Houssin
982fca541d Fix: (Agenda) Allowed if link to third party is empty 2017-08-24 08:33:40 +02:00
Regis Houssin
9410466d72 Fix: better check and security 2017-06-15 21:51:31 +02:00
Laurent Destailleur
ba3a74576c Merge 5.0 2017-06-12 18:22:51 +02:00
Laurent Destailleur
2916444f6c Fix check on module product for external user 2017-06-12 15:30:00 +02:00
Laurent Destailleur
7f18dfee0d Merge branch '5.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	dev/skeletons/build_class_from_table.php
	dev/skeletons/skeleton_card.php
	htdocs/compta/facture/class/facture.class.php
	htdocs/core/lib/functions.lib.php
	htdocs/filefunc.inc.php
	htdocs/projet/card.php
 2017-06-03 01:55:05 +02:00
Laurent Destailleur
976c8e0752 Fix security to test access on a task 2017-06-01 19:53:54 +02:00
Laurent Destailleur
76e1438fe6 FIX REST api to get project when user has permission to read all. 2017-06-01 17:29:47 +02:00
Laurent Destailleur
06b37d0e82 Work on dol_check_secure_access_document to support write question 2017-05-19 20:17:33 +02:00
Laurent Destailleur
68e333879f Fix var not sanitized 2017-05-16 13:27:32 +02:00
Regis Houssin
017d73792c Fix: add md5 password for OpenLdap 2017-03-13 15:00:44 +01:00
Laurent Destailleur
8ccc57e70f Fix compatibility with multicompany 2017-03-02 11:46:31 +01:00
Laurent Destailleur
76280f8ae2 Fix #6365 2017-02-03 11:42:49 +01:00
Laurent Destailleur
d7c2bdba38 Fix: link was useless with a nofollow tag. 2017-01-29 16:42:59 +01:00
Laurent Destailleur
2615e02e1e Update doc 2015-10-22 13:18:51 +02:00
Laurent Destailleur
3db021addf Fix Use correct boolean type. 
Complete doxygen
 2015-08-26 11:24:31 +02:00
Laurent Destailleur
e992a959cd Fix dbt_select 2015-07-16 10:59:00 +02:00
Laurent Destailleur
01aad8516d Merge remote-tracking branch 'origin/3.7' into develop 
Conflicts:
	htdocs/adherents/list.php
	htdocs/compta/dons/card.php
	htdocs/compta/dons/class/don.class.php
	htdocs/contact/list.php
	htdocs/contrat/list.php
	htdocs/core/class/html.form.class.php
	htdocs/core/lib/security.lib.php
	htdocs/main.inc.php
	htdocs/product/stock/massstockmove.php
	htdocs/public/test/test_arrays.php
	htdocs/public/test/test_forms.php
	htdocs/societe/societe.php
 2015-05-31 03:30:38 +02:00
Laurent Destailleur
11d4a945b0 Merge remote-tracking branch 'origin/3.6' into 3.7 
Conflicts:
	htdocs/adherents/liste.php
	htdocs/comm/propal.php
	htdocs/compta/facture.php
	htdocs/contact/list.php
	htdocs/contrat/liste.php
	htdocs/product/liste.php
 2015-05-25 18:08:23 +02:00
Alexis Algoud
bc672c2c23 FIX event for restricted user was restricted if company null 2015-05-21 11:49:10 +02:00
Laurent Destailleur
b327b5fb9d Save regressions 2015-05-13 09:32:54 +02:00
jfefe
46ce77c571 Refactor function to use it into API 
New function checkUserAccessToObject() is a piece of restrictedArea() function.
 2015-05-03 14:41:51 +02:00
Laurent Destailleur
13590a876b Fix: A little clean of dol_hash usage. 2014-10-18 16:08:15 +02:00
Laurent Destailleur
cbbe909bc5 Fix: Pb in management of "or" ("|") for permission check. 2014-10-12 15:22:07 +02:00
Laurent Destailleur
166853dd56 Fix: miscellaneous bugs 2014-10-03 12:15:21 +02:00
Marcos García de La Fuente
7e7958cf73 Removed SQL errors as they are logged by the database handler 2014-06-12 13:49:05 +02:00
Laurent Destailleur
1557d8973f Fix: [ bug #1403 ] suppression d'une fiche produit impossible 2014-05-26 23:12:47 +02:00
Laurent Destailleur
f95c87f1d6 Fix: [ bug #1374 ] Salaries module requires "Special costs" module to 
work but it does not enable it
 2014-05-10 18:57:04 +02:00
Raphaël Doursenaud
f8f502d013 Removed closing php tag 
http://php.net/manual/en/language.basic-syntax.phptags.php
 2014-05-03 18:18:44 +02:00
Laurent Destailleur
7ac193bb80 Merge remote-tracking branch 'origin/3.5' into develop 
Conflicts:
	htdocs/core/lib/company.lib.php
	htdocs/opensurvey/public/choix_autre.php
 2014-04-02 11:41:55 +02:00
Laurent Destailleur
46e46507ec Merge remote-tracking branch 'origin/3.4' into 3.5 
Conflicts:
	htdocs/comm/action/index.php
	htdocs/compta/bank/class/account.class.php
	htdocs/compta/bank/index.php
 2014-04-02 11:33:47 +02:00
Marcos García de La Fuente
09e02f807f Even better improvement 2014-03-22 19:01:19 +01:00
Marcos García de La Fuente
e2f51d0df2 Removed duplicate line 2014-03-22 19:00:37 +01:00
Marcos García de La Fuente
c8c77dbdcf Fix: Agenda and Banks module were not working with multicompany module 2014-03-22 18:59:48 +01:00
philippe
e2b29bb108 fix english misspelling 2014-03-05 09:57:36 +01:00
Laurent Destailleur
4d379e572a Fix: Bugs into permissions for module category 2014-01-07 15:35:26 +01:00
Laurent Destailleur
89c772459f Fix: Bugs into permissions for module category 2014-01-07 14:55:03 +01:00