lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
120,612 Commits 43 Branches 150 Tags 886 MiB
f8d3c28e68
Commit Graph

313 Commits

Author SHA1 Message Date
Laurent Destailleur
e97f021380 Fix #yogosha11295 2022-06-19 19:02:16 +02:00
Laurent Destailleur
dd392143e1 Fix conf->projet conf->project 2022-06-14 17:53:17 +02:00
Laurent Destailleur
259a292704 Merge branch '15.0' of git@github.com:Dolibarr/dolibarr.git into develop 2022-05-24 16:33:24 +02:00
Laurent Destailleur
34199cf0fb Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into 15.0 
Conflicts:
	htdocs/comm/propal/card.php
	htdocs/core/modules/modRecruitment.class.php
 2022-05-24 16:31:45 +02:00
Laurent Destailleur
c1ef208c0f Merge branch '13.0' of git@github.com:Dolibarr/dolibarr.git into 14.0 
Conflicts:
	htdocs/adherents/subscription.php
	htdocs/core/lib/security.lib.php
	htdocs/expensereport/card.php
 2022-05-24 16:27:26 +02:00
Maxime Kohlhaas
c3fb7647c5 Fix delete customer payment 2022-05-22 02:30:35 +02:00
Laurent Destailleur
cb15a21e41 Merge branch '15.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/core/class/commonobject.class.php
	htdocs/core/tpl/originproductline.tpl.php
	htdocs/fourn/facture/card.php
	htdocs/install/mysql/migration/14.0.0-15.0.0.sql
	htdocs/user/card.php
 2022-04-11 21:22:27 +02:00
Laurent Destailleur
3ac268c200 Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into 15.0 
Conflicts:
	htdocs/core/lib/security.lib.php
	htdocs/holiday/card.php
	htdocs/user/card.php
 2022-04-11 21:14:51 +02:00
Adrien Raze
41ee9739db FIX: Add 'recruitment' into check array 2022-04-07 17:16:02 +02:00
Laurent Destailleur
7c253c7e28 Clean code 2022-03-01 19:05:00 +01:00
Laurent Destailleur
762de973eb Fix sql injection 2022-03-01 18:43:16 +01:00
Vincent Dieltiens
af0000d568 Fixes expensereport downloads 2022-02-15 10:13:28 +01:00
Laurent Destailleur
52493b60fb Fix #yogosha8316 2022-01-13 15:52:41 +01:00
Laurent Destailleur
865b05aad2 Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into develop 2022-01-10 19:29:37 +01:00
Laurent Destailleur
5d5a219b95 FIX #19770 2022-01-10 19:23:46 +01:00
Laurent Destailleur
55562eb1d8 Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/core/class/html.formadmin.class.php
 2021-12-21 14:36:38 +01:00
Laurent Destailleur
084f298836 Fix regression. The entity for bank is in table itself not into a parent 2021-12-21 14:34:47 +01:00
Laurent Destailleur
fbce09f21b Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/accountancy/customer/index.php
	htdocs/compta/facture/card.php
	htdocs/reception/card.php
 2021-12-19 00:36:22 +01:00
jpb
ac8538a812 add info for acces right 2021-12-13 16:53:34 +01:00
Laurent Destailleur
9fbe0dee9b Fix trans 2021-12-10 12:36:51 +01:00
Laurent Destailleur
6b9636c3b8 FIX deletion of direct debit or credit transfer 2021-12-09 12:54:18 +01:00
Regis Houssin
9e5a20545d FIX dolGetLdapPasswordHash use your own random salt 2021-11-12 13:23:11 +01:00
Regis Houssin
968ffbcef0 FIX add ldap hash algo 2021-11-12 13:06:41 +01:00
Regis Houssin
084a3f48c1 Merge branch 'develop' of git@github.com:Dolibarr/dolibarr.git into 
fix_add_ldap_hash_type_select
 2021-11-12 10:10:04 +01:00
Laurent Destailleur
7dcd98b9bb
Merge pull request #19234 from hregis/fix_see_ldap_connected_server 
FIX show connected server if we have a primary and secondary ldap server
 2021-11-01 02:46:28 +01:00
Laurent Destailleur
bea85db413 Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into develop 2021-10-31 17:20:09 +01:00
Laurent Destailleur
682ad98918
Update security.lib.php 2021-10-31 17:06:37 +01:00
Regis Houssin
ae6d16c830 FIX mhash function is deprecated since php 8.1.0 2021-10-28 13:36:53 +02:00
stickler-ci
6fd08bc5ef Fixing style errors. 2021-10-26 14:56:56 +00:00
atm-greg
406089ef0c FIX restrictedArea for payment delete 2021-10-26 16:47:16 +02:00
Scrutinizer Auto-Fixer
5567310e44 Scrutinizer Auto-Fixes 
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
 2021-10-25 20:07:31 +00:00
Laurent Destailleur
02632e9e88 Fix need write permission on object to link/remove resource 2021-10-25 16:32:37 +02:00
Frédéric FRANCE
cc374e9eb1
fix warnings in ticket list 2021-10-24 10:02:12 +02:00
Frédéric FRANCE
cad2cf9b6f
fix warnings 2021-10-23 07:20:30 +02:00
Frédéric FRANCE
9bd31d2b85
fix warnings 2021-10-23 07:13:08 +02:00
Laurent Destailleur
81882f8243
Merge pull request #19065 from javieralapps4up/develop 
Access forbidden when the password of other users is changed
 2021-10-22 22:52:55 +02:00
Frédéric FRANCE
fafabe3be2
fix multiple warnings 2021-10-22 22:22:55 +02:00
Frédéric FRANCE
46c4f28478
fix multiple warnings 2021-10-22 22:15:59 +02:00
javieralapps4up
f50dfe8571
Update security.lib.php 2021-10-21 18:20:06 +02:00
javieralapps4up
5d854dcce1
FIX #19064 
Access forbidden when the password of other users is changed

Steps to reproduce the behavior

User with lire and password (user) perms, but no creer.

When this user saves or cancels the edition of the password of another user, he is sent to the prohibited page
 2021-10-21 18:17:43 +02:00
Alexandre SPANGARO
3f26ab195b HTML5 - <font> tag is deprecated, replace by <span> 2021-10-05 09:46:48 +02:00
ksar
f2b39b3eeb
FIX #18767 : Adherent delete 
Adherent Delete was not working due to the fact that 
$features = 'adherent';
$feature2 = 'cotisation';
And $user->rights->$feature->$subfeature->supprimer does not exist

Also I used the double declaration of salaries.
 2021-09-21 11:27:41 +02:00
lmarcouiller
a5e670291e Fix permission for salaries module 2021-09-08 15:36:51 +02:00
Laurent Destailleur
23829ae637 Cast numeric into on sql request 2021-08-23 18:56:46 +02:00
Laurent Destailleur
d4b5ee6c85 Fix cast into variable into sql request. 2021-08-23 17:41:11 +02:00
Laurent Destailleur
9c626bede4 Fix dol_hash for sha256 2021-07-30 18:43:35 +02:00
Laurent Destailleur
a0418fc17d FIX CWE-269 huntr - download of files of project 2021-05-21 18:53:09 +02:00
Laurent Destailleur
11fa523070 FIX CWE-269 2021-05-21 15:54:11 +02:00
Laurent Destailleur
b6dbe45242 Fix permissions on page to move position of file 2021-05-18 01:58:54 +02:00
Laurent Destailleur
aa05788d62 Merge branch '13.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	ChangeLog
	htdocs/compta/bank/class/account.class.php
	htdocs/core/class/extrafields.class.php
	htdocs/core/lib/security.lib.php
	htdocs/core/modules/societe/mod_codeclient_elephant.php
	htdocs/filefunc.inc.php
	test/phpunit/CodingPhpTest.php
 2021-05-11 20:34:46 +02:00
Laurent Destailleur
6591c3f50e
Merge pull request #17538 from AlexisLaurier/fix/restrictedAreaPaymentFournDelete 
bug fix - deletion of invoice supplier payment
 2021-05-11 19:27:05 +02:00
Alexis LAURIER
d04c741a3b add payment_fourn delete proper check into security.lib 2021-05-08 09:12:17 +02:00
Laurent Destailleur
655056ed31 Debug v14 2021-04-29 12:10:55 +02:00
Alexandre SPANGARO
8d72448f43 Add right supplier_order 2021-04-12 09:47:16 +02:00
Laurent Destailleur
489cff46a3 FIX #yogosha5828 2021-04-08 00:37:17 +02:00
Laurent Destailleur
5ce9bc5801 FIX #yogosha5748 2021-04-02 23:23:44 +02:00
Laurent Destailleur
3857daed94 Fix remove log 2021-03-23 18:08:44 +01:00
Laurent Destailleur
5ff9038e4e Fix permissions on BOMs 2021-03-23 18:02:52 +01:00
Laurent Destailleur
15440917b1 Fix #ygosha5698 2021-03-22 11:30:18 +01:00
Laurent Destailleur
78aec3daae Removed option MAIN_EXTERNAL_USERS_CAN_SEE_SUBSIDIARY_COMPANIES. The 
implmentation did not make any test on subsidiaries. It has same effect
than being an internal user.
 2021-03-19 00:00:06 +01:00
stickler-ci
345fe648b3 Fixing style errors. 2021-03-11 15:37:27 +00:00
Laurent Destailleur
c596eb91a8
Merge branch 'develop' into abb120358 2021-03-11 16:35:21 +01:00
Bahfir Abbes
0158cbb893
Update security.lib.php 2021-03-11 04:02:30 +01:00
Frédéric FRANCE
a4e25359e7
add missing rule 2021-03-01 20:37:16 +01:00
Frédéric FRANCE
554e449e40
code syntax core directory 2021-02-23 22:03:23 +01:00
Laurent Destailleur
5340c30db3 FIX missing security test on payment page 
FIX sql error on group by on payment list
 2021-02-19 12:35:26 +01:00
abb
d82c62c40d New:Constant MAIN_SHOW_SOCIETE2EXTERN to allow access to any thirdparty for external users 2021-02-12 23:53:45 +01:00
Laurent Destailleur
0849ce288c Fix phpcs 2021-02-10 14:04:06 +01:00
LAURIER Alexis
0ae0eb5758
fix regression of #16118 - entity not check 
Entity is not anymore check for user having permission $user->rights->societe->client->voir on the current entity. Then we can open object from any entity with current permissions and the entity field of objects are not anymore checked.
 2021-02-09 20:13:13 +01:00
Laurent Destailleur
daf88944f8 FIX #16118 Timezone problem on some fields 2021-02-02 00:19:41 +01:00
Laurent Destailleur
f06d920460 FIX #15583 2020-12-03 16:22:03 +01:00
Scrutinizer Auto-Fixer
7f52920716 Scrutinizer Auto-Fixes 
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
 2020-10-31 13:32:18 +00:00
Laurent Destailleur
b5703350da Fix escape 2020-09-19 22:41:05 +02:00
Laurent Destailleur
f62d52f89a Fix tooltip for linkto object. 
Fix security of ajax selectobject.php
 2020-09-19 00:44:47 +02:00
Scrutinizer Auto-Fixer
b78ff67d7e Scrutinizer Auto-Fixes 
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
 2020-09-07 08:18:17 +00:00
Laurent Destailleur
bd65e5612f Fix duplicate id 2020-08-17 20:06:01 +02:00
Laurent Destailleur
c63d54631c Merge branch '11.0' of git@github.com:Dolibarr/dolibarr.git into 12.0 
Conflicts:
	htdocs/categories/class/categorie.class.php
 2020-08-17 19:59:17 +02:00
Laurent Destailleur
487d26c7db Merge branch '10.0' of git@github.com:Dolibarr/dolibarr.git into 11.0 
Conflicts:
	htdocs/categories/class/categorie.class.php
	htdocs/core/class/html.formfile.class.php
	htdocs/core/lib/functions.lib.php
 2020-08-17 19:54:23 +02:00
stickler-ci
8d88217434 Fixing style errors. 2020-08-04 14:48:15 +00:00
Ferran Marcet
70ad2fcee0 Fix: User can see events that are not assigned to it 2020-08-04 16:45:57 +02:00
Ferran Marcet
7a077a2d99 Fix: User can see events that are not assigned to it 2020-08-04 16:45:04 +02:00
stickler-ci
9926eac192 Fixing style errors. 2020-08-03 09:26:36 +00:00
Ferran Marcet
63b15dd1b6 Fix: User can see events that are not assigned to it 2020-08-03 11:17:30 +02:00
Laurent Destailleur
fd95551940 Fix upload of file in import module 
Conflicts:
	htdocs/core/lib/security.lib.php
 2020-07-09 21:52:27 +02:00
Laurent Destailleur
9bb0ef04f5 Fix upload of file in import module 2020-06-29 18:07:51 +02:00
Laurent Destailleur
146c521efd Merge branch '12.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/core/lib/security.lib.php
	htdocs/filefunc.inc.php
 2020-06-29 18:06:42 +02:00
Laurent Destailleur
5b3670f300 FIX SQL syntax error when editing extrafields 
Conflicts:
	htdocs/core/lib/security.lib.php
 2020-06-29 14:28:53 +02:00
Laurent Destailleur
7c5b0be6a3 FIX SQL syntax error when editing extrafields 2020-06-29 13:48:00 +02:00
Laurent Destailleur
a5893db106 FIX upload documents into manual ECM was reported a permission error 2020-06-28 22:05:55 +02:00
lvessiller
c689b91539 FIX upload file in import module 2020-06-25 16:59:48 +02:00
Laurent Destailleur
c36c8ed447 Merge branch '12.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/core/actions_linkedfiles.inc.php
 2020-06-17 15:28:19 +02:00
Laurent Destailleur
1a7f0741b5 Merge branch '11.0' of git@github.com:Dolibarr/dolibarr.git into 12.0 
Conflicts:
	htdocs/compta/paiement/class/paiement.class.php
	htdocs/core/actions_linkedfiles.inc.php
	htdocs/fourn/class/paiementfourn.class.php
 2020-06-17 14:53:24 +02:00
Laurent Destailleur
6660923e94 FIX Privilege escalation reported by wizlynx WLX-2020-011 2020-06-17 13:29:43 +02:00
Laurent Destailleur
7ce7905d31 Fix check for mrp 2020-06-07 23:03:58 +02:00
Laurent Destailleur
87a60a501f Security on disabling a web page 2020-06-07 23:00:38 +02:00
Frédéric FRANCE
174ddc5fd4
prepare new rule 2020-05-23 21:07:47 +02:00
Frédéric FRANCE
b41ac00b98
add new rule 2020-05-21 15:05:19 +02:00
Frédéric FRANCE
ee6fadd0d5
add new rule 2020-05-21 01:41:27 +02:00
Laurent Destailleur
1bf677f537 Can set status of a websitepage 2020-05-14 18:14:55 +02:00
Scrutinizer Auto-Fixer
f413ce6aac Scrutinizer Auto-Fixes 
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
 2020-03-12 11:45:44 +00:00