diff --git a/htdocs/admin/pdf.php b/htdocs/admin/pdf.php index d8cc8d554a2..a015e2319b0 100644 --- a/htdocs/admin/pdf.php +++ b/htdocs/admin/pdf.php @@ -271,9 +271,19 @@ print ''; clearstatcache(); +if (getDolGlobalString('PDF_SECURITY_ENCRYPTION')) { + print '
'; + print 'The not supported and hidden option PDF_SECURITY_ENCRYPTION has been enabled. This means a lof of feature related to PDF will be broken, like mass PDF generation or online signature of PDF.'."\n"; + print 'You should disable this option.'; + print '
'; +} + + + // Misc options print load_fiche_titre($langs->trans("DictionaryPaperFormat"), '', ''); + print '
'; print ''; print ''; diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index c185878e658..03aa1b19d76 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -574,11 +574,11 @@ print '
'; print 'MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL = '.(empty($conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)' : $conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL)."
"; print '
'; -$examplecsprule = "frame-ancestors 'self'; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com;"; +$examplecsprule = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;"; print 'MAIN_SECURITY_FORCECSPRO = '.(empty($conf->global->MAIN_SECURITY_FORCECSPRO) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_FORCECSPRO).'   ('.$langs->trans("Example").': "'.$examplecsprule.'")
'; print '
'; -$examplecsprule = "frame-ancestors 'self'; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com;"; +$examplecsprule = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;"; print 'MAIN_SECURITY_FORCECSP = '.(empty($conf->global->MAIN_SECURITY_FORCECSP) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_FORCECSP).'   ('.$langs->trans("Example").': "'.$examplecsprule.'")
'; print '
'; diff --git a/htdocs/core/ajax/onlineSign.php b/htdocs/core/ajax/onlineSign.php index c2823407ac6..89aa597661c 100644 --- a/htdocs/core/ajax/onlineSign.php +++ b/htdocs/core/ajax/onlineSign.php @@ -90,7 +90,8 @@ if (empty($SECUREKEY) || !dol_verifyHash($securekeyseed.$type.$ref.(!isModEnable top_httphead(); if ($action == "importSignature") { - if (!empty($signature) && $signature[0] == "image/png;base64") { + $issignatureok = (!empty($signature) && $signature[0] == "image/png;base64"); + if ($issignatureok) { $signature = $signature[1]; $data = base64_decode($signature); @@ -143,7 +144,6 @@ if ($action == "importSignature") { $pdf->SetCompression(false); } - //$pdf->Open(); $pagecount = $pdf->setSourceFile($sourcefile); // original PDF @@ -155,7 +155,7 @@ if ($action == "importSignature") { $pdf->AddPage($s['h'] > $s['w'] ? 'P' : 'L'); $pdf->useTemplate($tppl); } catch (Exception $e) { - dol_syslog("Error when manipulating some PDF by onlineSign: ".$e->getMessage(), LOG_ERR); + dol_syslog("Error when manipulating the PDF ".$sourcefile." by onlineSign: ".$e->getMessage(), LOG_ERR); $response = $e->getMessage(); $error++; } @@ -207,9 +207,6 @@ if ($action == "importSignature") { } if (!$error) { - $db->commit(); - $response = "success"; - setEventMessages("PropalSigned", null, 'warnings'); if (method_exists($object, 'call_trigger')) { //customer is not a user !?! so could we use same user as validation ? $user = new User($db); @@ -218,13 +215,25 @@ if ($action == "importSignature") { $result = $object->call_trigger('PROPAL_CLOSE_SIGNED', $user); if ($result < 0) { $error++; + $response = "error in trigger ".$object->error; + } else { + $response = "success"; } + } else { + $response = "success"; } } else { - $db->rollback(); $error++; $response = "error sql"; } + + if (!$error) { + $db->commit(); + $response = "success"; + setEventMessages("PropalSigned", null, 'warnings'); + } else { + $db->rollback(); + } } } elseif ($mode == 'contract') { require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php'; diff --git a/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php b/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php index b6bd9bb73a8..f85a26697b7 100644 --- a/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php +++ b/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php @@ -75,7 +75,10 @@ class InterfaceWorkflowManager extends DolibarrTriggers if (isModEnabled('commande') && !empty($conf->global->WORKFLOW_PROPAL_AUTOCREATE_ORDER)) { $object->fetchObjectLinked(); if (!empty($object->linkedObjectsIds['commande'])) { - setEventMessages($langs->trans("OrderExists"), null, 'warnings'); + if (empty($object->context['closedfromonlinesignature'])) { + $langs->load("orders"); + setEventMessages($langs->trans("OrderExists"), null, 'warnings'); + } return $ret; } else { include_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php'; diff --git a/htdocs/core/website.inc.php b/htdocs/core/website.inc.php index b934f333b1a..d9fe10c8868 100644 --- a/htdocs/core/website.inc.php +++ b/htdocs/core/website.inc.php @@ -117,8 +117,8 @@ if (!defined('USEDOLIBARRSERVER') && !defined('USEDOLIBARREDITOR')) { // Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins: // default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' // - // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com;"; - // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';"; + // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;"; + // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';"; $contentsecuritypolicy = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCECSPRO'); if (!is_object($hookmanager)) { @@ -149,8 +149,8 @@ if (!defined('USEDOLIBARRSERVER') && !defined('USEDOLIBARREDITOR')) { // Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins: // default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' // - // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com;"; - // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';"; + // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;"; + // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';"; $contentsecuritypolicy = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCECSP'); if (!is_object($hookmanager)) { diff --git a/htdocs/includes/tcpdi/tcpdi.php b/htdocs/includes/tcpdi/tcpdi.php index aaa1d70c095..9e87ac2f221 100644 --- a/htdocs/includes/tcpdi/tcpdi.php +++ b/htdocs/includes/tcpdi/tcpdi.php @@ -333,7 +333,7 @@ class TCPDI extends FPDF_TPL { break; } } - } elseif ($tpl['x'] != 0 || $tpl['y'] != 0) { + } elseif (!empty($tpl['x']) || !empty($tpl['y'])) { $tx = -$tpl['x'] * 2; $ty = $tpl['y'] * 2; } diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 20b73126656..b9469cf55ea 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -1474,8 +1474,8 @@ function top_httphead($contenttype = 'text/html', $forcenocache = 0) // Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins: // default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' // - // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com;"; - // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';"; + // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;"; + // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';"; $contentsecuritypolicy = getDolGlobalString('MAIN_SECURITY_FORCECSPRO'); if (!is_object($hookmanager)) { @@ -1511,8 +1511,8 @@ function top_httphead($contenttype = 'text/html', $forcenocache = 0) // Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins: // default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' // - // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com;"; - // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';"; + // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;"; + // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';"; $contentsecuritypolicy = getDolGlobalString('MAIN_SECURITY_FORCECSP'); if (!is_object($hookmanager)) {
'.$langs->trans("Parameter").''.$langs->trans("Value").'