Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Debug v17

Browse Source
This commit is contained in:
Laurent Destailleur 2023-03-01 23:50:02 +01:00
parent 554915c3ee
commit 14a59483f5
7 changed files with 41 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
htdocs/admin/pdf.php
View File

@ -271,9 +271,19 @@ print '<input type="hidden" name="action" value="update">';
clearstatcache();
if (getDolGlobalString('PDF_SECURITY_ENCRYPTION')) {
print '<div class="warning">';
print 'The not supported and hidden option PDF_SECURITY_ENCRYPTION has been enabled. This means a lof of feature related to PDF will be broken, like mass PDF generation or online signature of PDF.'."\n";
print 'You should disable this option.';
print '</div>';
}
// Misc options
print load_fiche_titre($langs->trans("DictionaryPaperFormat"), '', '');
print '<div class="div-table-responsive-no-min">';
print '<table summary="more" class="noborder centpercent">';
print '<tr class="liste_titre"><td class="titlefieldmiddle">'.$langs->trans("Parameter").'</td><td width="200px">'.$langs->trans("Value").'</td></tr>';

4
htdocs/admin/system/security.php
View File

@ -574,11 +574,11 @@ print '<br>';
print '<strong>MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL</strong> = '.(empty($conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL) ? '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)</span>' : $conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL)."<br>";
print '<br>';
$examplecsprule = "frame-ancestors 'self'; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com;";
$examplecsprule = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;";
print '<strong>MAIN_SECURITY_FORCECSPRO</strong> = '.(empty($conf->global->MAIN_SECURITY_FORCECSPRO) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_SECURITY_FORCECSPRO).' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").': "'.$examplecsprule.'")</span><br>';
print '<br>';
$examplecsprule = "frame-ancestors 'self'; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com;";
$examplecsprule = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;";
print '<strong>MAIN_SECURITY_FORCECSP</strong> = '.(empty($conf->global->MAIN_SECURITY_FORCECSP) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_SECURITY_FORCECSP).' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").': "'.$examplecsprule.'")</span><br>';
print '<br>';

23
htdocs/core/ajax/onlineSign.php
View File

@ -90,7 +90,8 @@ if (empty($SECUREKEY) || !dol_verifyHash($securekeyseed.$type.$ref.(!isModEnable
top_httphead();
if ($action == "importSignature") {
if (!empty($signature) && $signature[0] == "image/png;base64") {
$issignatureok = (!empty($signature) && $signature[0] == "image/png;base64");
if ($issignatureok) {
$signature = $signature[1];
$data = base64_decode($signature);
@ -143,7 +144,6 @@ if ($action == "importSignature") {
$pdf->SetCompression(false);
}
//$pdf->Open();
$pagecount = $pdf->setSourceFile($sourcefile); // original PDF
@ -155,7 +155,7 @@ if ($action == "importSignature") {
$pdf->AddPage($s['h'] > $s['w'] ? 'P' : 'L');
$pdf->useTemplate($tppl);
} catch (Exception $e) {
dol_syslog("Error when manipulating some PDF by onlineSign: ".$e->getMessage(), LOG_ERR);
dol_syslog("Error when manipulating the PDF ".$sourcefile." by onlineSign: ".$e->getMessage(), LOG_ERR);
$response = $e->getMessage();
$error++;
}
@ -207,9 +207,6 @@ if ($action == "importSignature") {
}
if (!$error) {
$db->commit();
$response = "success";
setEventMessages("PropalSigned", null, 'warnings');
if (method_exists($object, 'call_trigger')) {
//customer is not a user !?! so could we use same user as validation ?
$user = new User($db);
@ -218,13 +215,25 @@ if ($action == "importSignature") {
$result = $object->call_trigger('PROPAL_CLOSE_SIGNED', $user);
if ($result < 0) {
$error++;
$response = "error in trigger ".$object->error;
} else {
$response = "success";
}
} else {
$response = "success";
}
} else {
$db->rollback();
$error++;
$response = "error sql";
}
if (!$error) {
$db->commit();
$response = "success";
setEventMessages("PropalSigned", null, 'warnings');
} else {
$db->rollback();
}
}
} elseif ($mode == 'contract') {
require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php';

5
htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php
View File

@ -75,7 +75,10 @@ class InterfaceWorkflowManager extends DolibarrTriggers
if (isModEnabled('commande') && !empty($conf->global->WORKFLOW_PROPAL_AUTOCREATE_ORDER)) {
$object->fetchObjectLinked();
if (!empty($object->linkedObjectsIds['commande'])) {
setEventMessages($langs->trans("OrderExists"), null, 'warnings');
if (empty($object->context['closedfromonlinesignature'])) {
$langs->load("orders");
setEventMessages($langs->trans("OrderExists"), null, 'warnings');
}
return $ret;
} else {
include_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';

8
htdocs/core/website.inc.php
View File

@ -117,8 +117,8 @@ if (!defined('USEDOLIBARRSERVER') && !defined('USEDOLIBARREDITOR')) {
// Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins:
// default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'
//
// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com;";
// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';";
// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;";
// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';";
$contentsecuritypolicy = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCECSPRO');
if (!is_object($hookmanager)) {
@ -149,8 +149,8 @@ if (!defined('USEDOLIBARRSERVER') && !defined('USEDOLIBARREDITOR')) {
// Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins:
// default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'
//
// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com;";
// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';";
// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;";
// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';";
$contentsecuritypolicy = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCECSP');
if (!is_object($hookmanager)) {

2
htdocs/includes/tcpdi/tcpdi.php
View File

@ -333,7 +333,7 @@ class TCPDI extends FPDF_TPL {
break;
}
}
} elseif ($tpl['x'] != 0 || $tpl['y'] != 0) {
} elseif (!empty($tpl['x']) || !empty($tpl['y'])) {
$tx = -$tpl['x'] * 2;
$ty = $tpl['y'] * 2;
}

8
htdocs/main.inc.php
View File

@ -1474,8 +1474,8 @@ function top_httphead($contenttype = 'text/html', $forcenocache = 0)
// Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins:
// default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'
//
// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com;";
// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';";
// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;";
// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';";
$contentsecuritypolicy = getDolGlobalString('MAIN_SECURITY_FORCECSPRO');
if (!is_object($hookmanager)) {
@ -1511,8 +1511,8 @@ function top_httphead($contenttype = 'text/html', $forcenocache = 0)
// Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins:
// default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'
//
// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com;";
// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';";
// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;";
// $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';";
$contentsecuritypolicy = getDolGlobalString('MAIN_SECURITY_FORCECSP');
if (!is_object($hookmanager)) {