lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
19,831 Commits 43 Branches 150 Tags 886 MiB
c19df2514d
Commit Graph

494 Commits

Author SHA1 Message Date
Regis Houssin
63cbd5a24e Fix: protection faille CSRF 2009-05-19 20:59:20 +00:00
Regis Houssin
91624baceb Add: a color picker 
Add: define a background color/image in mailing
 2009-05-19 13:27:44 +00:00
Regis Houssin
53d214fbea Fix: just use exit 2009-05-18 14:41:32 +00:00
Laurent Destailleur
0c74892580 New: Better link to help wiki 2009-05-18 11:40:33 +00:00
Laurent Destailleur
7125e40f8e Another try to make the CSRF test before the master.inc.php 2009-05-17 22:40:24 +00:00
Regis Houssin
e5d222b6cc Fix: régression sur l'utilisation des niveau du jeton, on test sur les 2 niveaux car 
comportement aléatoire avec certaines fonctions
 2009-05-17 08:01:54 +00:00
Regis Houssin
9f86fcc443 Fix: niveau aléatoire du jeton sur le confirm_form, on le sécurise que si il contient 
des données POST
 2009-05-16 16:51:09 +00:00
Regis Houssin
36c58c62fc Fix: ajout de log sur le refus du jeton 2009-05-16 16:12:09 +00:00
Regis Houssin
1d719e2317 Fix: ajout debug 2009-05-16 16:00:44 +00:00
Regis Houssin
c1c1f8a4d2 Fix: ajout d'un niveau supplémentaire du cache du jeton 2009-05-16 15:45:26 +00:00
Regis Houssin
7285270f1c Fix: DOL_MAIN_URL_ROOT est défini dans master.inc.php 2009-05-16 12:31:17 +00:00
Regis Houssin
2306a4c305 Fix: obsolete 2009-05-16 07:24:20 +00:00
Regis Houssin
3723bb350a Fix: on supprime le GET ET POST si la requete ne vient pas du serveur 2009-05-16 07:16:12 +00:00
Laurent Destailleur
3c49c6e5b7 Sec: Make CSRF test at the beginning. No functionnal code must be done if there is a security risk, so use just a return. Add test on a constant to remove test for some pages because this break a lot of features. 2009-05-16 06:31:59 +00:00
Regis Houssin
d3621e4593 Fix: ajout d'un jeton aléatoire dans les requetes POST 2009-05-15 13:59:49 +00:00
Regis Houssin
1ea80f4f57 Fix: protection faille CSRF !!! 2009-05-15 12:59:39 +00:00
Regis Houssin
d73aac6e4e Fix: creation et verification d'un jeton aléatoire afin de valider une requete POST, voici la ligne à ajouter dans une requete POST 
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 2009-05-15 12:48:13 +00:00
Regis Houssin
df37827eb7 Todo: faille CSRF -- creation d'un jeton aléatoire pour valider les requetes POST 2009-05-15 12:13:23 +00:00
Laurent Destailleur
5615a164fd Use a more specific picto for documentation help 2009-05-10 05:44:35 +00:00
Regis Houssin
f43d69faef Todo: utiliser $user->datelastlogin pour un cryptage aléatoire 2009-05-08 21:17:02 +00:00
Regis Houssin
149e232bd3 Add: /core/cookie.class.php for create and encrypt/decrypt cookie value with personnal key 
configured in conf.php with $dolibarr_main_cookie_cryptkey
 2009-05-08 19:46:07 +00:00
Regis Houssin
865f6198e8 Add: /core/cookie.class.php for create and encrypt/decrypt cookie value with personnal key 
configured in conf.php with $dolibarr_main_cookie_cryptkey
 2009-05-08 19:46:07 +00:00
Laurent Destailleur
b38fb205f6 Fix: Ajax popup now works on IE. 2009-05-08 19:27:39 +00:00
Laurent Destailleur
e007bc6079 Fix: Do no load language file with user choice if lang code is forced on URL 2009-05-08 15:40:33 +00:00
Laurent Destailleur
326cd8b227 All data from conf file are stored into conf->file->xxx 
Multicompany should be ok to logon with no breaking sessions when disabled
 2009-05-08 01:23:33 +00:00
Regis Houssin
81a5393e70 Todo: il faut qu'on trouve une autre solution, il n'y a que comme ca que la multicompany a un fonctionnement correct... 2009-05-07 16:11:57 +00:00
Regis Houssin
f1a5c6fae3 Fix: seul le superadmin peut changer la config de syslog 2009-05-07 09:06:57 +00:00
Laurent Destailleur
1e37d24bf4 Can make a link between a member and a user 2009-05-06 23:30:49 +00:00
Laurent Destailleur
672f75a4d7 Can disable prototype and scriptaculous 2009-04-27 19:50:39 +00:00
Regis Houssin
b33020c86a Fix: entity cookie connection 2009-04-23 15:48:58 +00:00
Regis Houssin
908e408750 Fix: create session and cookie for multi-company 2009-04-23 13:39:39 +00:00
Regis Houssin
260f762e97 Fix: create session and cookie for multi-company 2009-04-23 13:19:28 +00:00
Laurent Destailleur
47f255ea15 Fix: Correct broken install 2009-04-17 18:26:21 +00:00
Regis Houssin
c52636bd38 New: early development of multi-company module 2009-04-17 07:45:00 +00:00
Regis Houssin
94a5df6a2d New: early development of multi-company module 2009-04-15 20:09:43 +00:00
Laurent Destailleur
cd78a8db7b Minor changes 2009-03-13 13:12:43 +00:00
Laurent Destailleur
0cd67ded54 New: Some pages can link to wiki help pages 2009-03-09 11:54:06 +00:00
Laurent Destailleur
2da5a733eb New: Some pages can link to wiki help pages 2009-03-09 11:28:15 +00:00
Laurent Destailleur
77d3821645 New: Some pages can link to wiki help pages 2009-03-09 11:28:12 +00:00
Laurent Destailleur
f3cfea66e1 New: Some pages can link to wiki help pages 2009-03-09 10:51:42 +00:00
Laurent Destailleur
61e2282cb1 Qual: Removed deprecated code 2009-03-02 18:25:51 +00:00
Laurent Destailleur
6a0877fe6a New: Can use absolute url path for help link 2009-02-24 21:54:18 +00:00
Laurent Destailleur
4333e8cb2a Changes to support deposit invoices 2009-02-24 02:41:21 +00:00
Laurent Destailleur
75b738eff9 Added XDebug tools 2009-02-21 01:04:35 +00:00
Laurent Destailleur
0823322ba1 Qual: All call to dolibarr_ functions are made on dol_ functions. 2009-02-20 22:53:15 +00:00
Laurent Destailleur
e83b22b29b Added XDebug tools 2009-02-20 20:28:16 +00:00
Laurent Destailleur
04607575ac Fix: infinite loop if documents directory not writable 2009-02-02 18:33:44 +00:00
Laurent Destailleur
4017a39162 Fix: Do not load language file before user lang has been set. 2009-01-30 22:18:07 +00:00
Laurent Destailleur
df0ef9efe5 New: Can add a bookmark on all dolibarr pages. 2009-01-23 00:47:23 +00:00
Laurent Destailleur
0befb92a12 Removed PHP warnings with E_ALL level 2009-01-21 14:09:42 +00:00
Laurent Destailleur
bdfecdc751 Removed PHP warnings with E_ALL level 2009-01-21 13:06:34 +00:00
Laurent Destailleur
e0a2b51866 Add version of CVS file inside html output. This make debug easier. 2009-01-12 22:18:09 +00:00
Laurent Destailleur
4d7e695d86 Can switch between graph on account or all acounts. 2009-01-12 19:36:40 +00:00
Laurent Destailleur
fa9aee5de4 Fix: Better support of option dolibarr_main_force_https 2008-12-23 20:36:13 +00:00
Laurent Destailleur
aeb1488a56 Reduce memory usage 2008-12-15 20:55:44 +00:00
Laurent Destailleur
d9b7bff2fd Add log inside install pages. 2008-12-15 01:04:32 +00:00
Laurent Destailleur
67e2efcb43 Comment in english 2008-12-13 12:33:00 +00:00
Laurent Destailleur
2444f40202 Fix: search forms not shown 2008-12-10 15:17:04 +00:00
Laurent Destailleur
0cf484630e A better demo home page 2008-12-10 15:02:08 +00:00
Laurent Destailleur
d3283a798a Qual: Replace ereg_replace(",","." by price2num 2008-12-09 21:02:58 +00:00
Laurent Destailleur
51dc0dd01f Add fast search form in menu for member module 2008-12-08 15:07:11 +00:00
Laurent Destailleur
7dcd991215 Change to allow modules to add new tabs 2008-12-07 22:29:44 +00:00
Laurent Destailleur
8b263e4b16 Can use several root directories. 2008-12-07 19:19:32 +00:00
Laurent Destailleur
ce89518810 Add list of disabled modules in login info 2008-12-02 14:22:21 +00:00
Laurent Destailleur
fc887d1c9d Can disable modules for session from url 2008-11-27 23:24:50 +00:00
Laurent Destailleur
dc46ba4000 Removed duplicate code. 
Prepare dynamic disabling of modules
 2008-11-27 23:02:49 +00:00
Laurent Destailleur
658203982c Fix: Info on login 2008-11-09 23:57:33 +00:00
Laurent Destailleur
a679f5fff8 Fix: Use of MAIN_APPLICATION_TITLE parameter 2008-11-06 19:55:31 +00:00
Laurent Destailleur
7deb33c52d Maxi debug for UTF8 support 2008-10-28 20:05:23 +00:00
Regis Houssin
77ea9a7914 Fix: slash en trop 2008-10-27 22:12:06 +00:00
Laurent Destailleur
055c4411ff Dolibarr and cashdesk module shares the same cookie 2008-10-26 12:59:56 +00:00
Laurent Destailleur
1533547259 Can set application title 2008-10-23 16:55:42 +00:00
Laurent Destailleur
5758db39d3 New: Add filter on date for services 2008-10-20 22:10:38 +00:00
Laurent Destailleur
a3384961e4 Fix: Social contributions payments appeared with empty label in list. Now it's link to social contribution card. 2008-10-18 14:01:55 +00:00
Laurent Destailleur
80ca284557 New: Can set session timeout. 2008-10-12 11:41:13 +00:00
Laurent Destailleur
db74ae5c7e Qual: Removed duplicated code 2008-10-10 23:05:27 +00:00
Laurent Destailleur
49317dc29c Remove deprecated code 2008-10-10 20:39:16 +00:00
Laurent Destailleur
2f61274a76 New: Input of action is easier. 2008-10-06 21:31:05 +00:00
Laurent Destailleur
cf3345a2d5 Add patch http://www.matelli.fr/showcases/patchs-dolibarr/patch-dolibarr-fix-sql-injection-check-in-array.html 2008-09-30 00:10:49 +00:00
Laurent Destailleur
6caef066c4 Fix: wiki link 2008-09-10 11:14:18 +00:00
Laurent Destailleur
342853591f Lang: Translation more clear 2008-08-07 06:33:35 +00:00
Laurent Destailleur
6d81c0172b Fix: Unused parameter 2008-07-15 18:09:22 +00:00
Laurent Destailleur
8d81502150 Removed specific code 2008-06-18 23:00:49 +00:00
Laurent Destailleur
dddf28b0ed Fix: Removed this boring cut of area using div and use table instead. This solve also pb with firefox 3. 2008-06-18 22:56:02 +00:00
Laurent Destailleur
0a655c9370 New: Add list of attached files in email forms 2008-05-23 19:43:28 +00:00
Laurent Destailleur
be99f4e646 Removed an include not used. 2008-05-18 19:31:57 +00:00
Laurent Destailleur
a41e3453b9 Call to default.css is no more required 2008-05-18 19:08:28 +00:00
Laurent Destailleur
cb47f20a71 New: Now the box are draggable only if catch is done on the "drag picture" 2008-05-18 16:11:54 +00:00
Regis Houssin
9ee4c9215f Fix: chemin invalide de la classe pwc 2008-05-18 14:11:19 +00:00
Laurent Destailleur
a14623066c New: Added css declaration of ajax popup in themes 2008-05-18 12:25:51 +00:00
Laurent Destailleur
2e29ea0edc Fix: Canvas works correctly 2008-05-13 21:54:32 +00:00
Laurent Destailleur
fe0100bab0 Fix: auguria works on firefox and ie6. Can't test on ie7 2008-05-13 18:24:41 +00:00
Laurent Destailleur
b80d6be81f Add protection on upload if file already exists 2008-05-04 15:19:04 +00:00
Laurent Destailleur
98ebbf7571 Fix: Better support of login method http 2008-05-02 01:10:00 +00:00
Laurent Destailleur
41b82cf921 Doxygen 2008-04-10 00:01:50 +00:00
Laurent Destailleur
92c1054ca3 New: Audit feature can low log unsuccessful try to login and add ip in report 2008-04-09 21:38:39 +00:00
Laurent Destailleur
d5ccb222e8 Reorganize functions 2008-04-09 18:13:45 +00:00
Laurent Destailleur
68c09f00ec New: Add option dolibarr_main_force_https 2008-04-06 20:17:11 +00:00
Laurent Destailleur
e4ac9de490 Fix: Can change main html title of pages 2008-03-31 05:16:52 +00:00
Laurent Destailleur
0ac4706f24 New: Add private/public property on contact. This allow to add your own address database in Dolibarr. 2008-03-30 22:25:39 +00:00