Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Debug import FIX #yogosha11618

Browse Source
This commit is contained in:
Laurent Destailleur 2022-06-30 22:52:08 +02:00
parent f0848d9f9f
commit 6e153b9b75
8 changed files with 121 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
htdocs/core/modules/import/import_csv.modules.php
View File

@ -470,9 +470,9 @@ class ImportCsv extends ModeleImports
$newval = $classinstance->id;
} else {
if (!empty($objimport->array_import_convertvalue[0][$val]['dict'])) {
$this->errors[$error]['lib'] = $langs->trans('ErrorFieldValueNotIn', $key, $newval, 'code', $langs->transnoentitiesnoconv($objimport->array_import_convertvalue[0][$val]['dict']));
$this->errors[$error]['lib'] = $langs->trans('ErrorFieldValueNotIn', num2Alpha($key - 1), $newval, 'code', $langs->transnoentitiesnoconv($objimport->array_import_convertvalue[0][$val]['dict']));
} elseif (!empty($objimport->array_import_convertvalue[0][$val]['element'])) {
$this->errors[$error]['lib'] = $langs->trans('ErrorFieldRefNotIn', $key, $newval, $langs->transnoentitiesnoconv($objimport->array_import_convertvalue[0][$val]['element']));
$this->errors[$error]['lib'] = $langs->trans('ErrorFieldRefNotIn', num2Alpha($key - 1), $newval, $langs->transnoentitiesnoconv($objimport->array_import_convertvalue[0][$val]['element']));
} else {
$this->errors[$error]['lib'] = 'ErrorBadDefinitionOfImportProfile';
}
@ -512,7 +512,7 @@ class ImportCsv extends ModeleImports
$newval = $classinstance->id;
} else {
if (!empty($objimport->array_import_convertvalue[0][$val]['dict'])) {
$this->errors[$error]['lib'] = $langs->trans('ErrorFieldValueNotIn', $key, $newval, 'scale', $langs->transnoentitiesnoconv($objimport->array_import_convertvalue[0][$val]['dict']));
$this->errors[$error]['lib'] = $langs->trans('ErrorFieldValueNotIn', num2Alpha($key - 1), $newval, 'scale', $langs->transnoentitiesnoconv($objimport->array_import_convertvalue[0][$val]['dict']));
} else {
$this->errors[$error]['lib'] = 'ErrorFieldValueNotIn';
}
@ -549,7 +549,7 @@ class ImportCsv extends ModeleImports
$newval = $scaleorid ? $scaleorid : 0;
} else {
if (!empty($objimport->array_import_convertvalue[0][$val]['dict'])) {
$this->errors[$error]['lib'] = $langs->trans('ErrorFieldValueNotIn', $key, $newval, 'scale', $langs->transnoentitiesnoconv($objimport->array_import_convertvalue[0][$val]['dict']));
$this->errors[$error]['lib'] = $langs->trans('ErrorFieldValueNotIn', num2Alpha($key - 1), $newval, 'scale', $langs->transnoentitiesnoconv($objimport->array_import_convertvalue[0][$val]['dict']));
} else {
$this->errors[$error]['lib'] = 'ErrorFieldValueNotIn';
}
@ -697,7 +697,7 @@ class ImportCsv extends ModeleImports
if (!empty($filter)) {
$tableforerror .= ':'.$filter;
}
$this->errors[$error]['lib'] = $langs->transnoentitiesnoconv('ErrorFieldValueNotIn', $key, $newval, $field, $tableforerror);
$this->errors[$error]['lib'] = $langs->transnoentitiesnoconv('ErrorFieldValueNotIn', num2Alpha($key - 1), $newval, $field, $tableforerror);
$this->errors[$error]['type'] = 'FOREIGNKEY';
$errorforthistable++;
$error++;
@ -705,13 +705,22 @@ class ImportCsv extends ModeleImports
} elseif (!preg_match('/'.$objimport->array_import_regex[0][$val].'/i', $newval)) {
// If test is just a static regex
//if ($key == 19) print "xxx".$newval."zzz".$objimport->array_import_regex[0][$val]."<br>";
$this->errors[$error]['lib'] = $langs->transnoentitiesnoconv('ErrorWrongValueForField', $key, $newval, $objimport->array_import_regex[0][$val]);
$this->errors[$error]['lib'] = $langs->transnoentitiesnoconv('ErrorWrongValueForField', num2Alpha($key - 1), $newval, $objimport->array_import_regex[0][$val]);
$this->errors[$error]['type'] = 'REGEX';
$errorforthistable++;
$error++;
}
}
// Check HTML injection
$inj = testSqlAndScriptInject($newval, 0);
if ($inj) {
$this->errors[$error]['lib'] = $langs->transnoentitiesnoconv('ErrorHtmlInjectionForField', num2Alpha($key - 1), dol_trunc($newval, 100));
$this->errors[$error]['type'] = 'HTMLINJECTION';
$errorforthistable++;
$error++;
}
// Other tests
// ...
}

9
htdocs/core/modules/import/import_xlsx.modules.php
View File

@ -756,6 +756,15 @@ class ImportXlsx extends ModeleImports
}
}
// Check HTML injection
$inj = testSqlAndScriptInject($newval, 0);
if ($inj) {
$this->errors[$error]['lib'] = $langs->transnoentitiesnoconv('ErrorHtmlInjectionForField', $key, dol_trunc($newval, 100));
$this->errors[$error]['type'] = 'HTMLINJECTION';
$errorforthistable++;
$error++;
}
// Other tests
// ...
}

14
htdocs/core/modules/modAdherent.class.php
View File

@ -286,8 +286,8 @@ class modAdherent extends DolibarrModules
$this->export_label[$r] = 'MembersAndSubscriptions';
$this->export_permission[$r] = array(array("adherent", "export"));
$this->export_fields_array[$r] = array(
'a.rowid'=>'Id', 'a.civility'=>"UserTitle", 'a.lastname'=>"Lastname", 'a.firstname'=>"Firstname", 'a.login'=>"Login", 'a.gender'=>"Gender", 'a.morphy'=>'MemberNature',
'a.societe'=>'Company', 'a.address'=>"Address", 'a.zip'=>"Zip", 'a.town'=>"Town", 'd.nom'=>"State", 'co.code'=>"CountryCode", 'co.label'=>"Country",
'a.rowid'=>'MemberId', 'a.ref'=>'MemberRef', 'a.civility'=>"UserTitle", 'a.lastname'=>"Lastname", 'a.firstname'=>"Firstname", 'a.login'=>"Login", 'a.gender'=>"Gender", 'a.morphy'=>'MemberNature',
'a.societe'=>'Company', 'a.address'=>"Address", 'a.zip'=>"Zip", 'a.town'=>"Town", 'd.code_departement'=>'StateCode', 'd.nom'=>"State", 'co.code'=>"CountryCode", 'co.label'=>"Country",
'a.phone'=>"PhonePro", 'a.phone_perso'=>"PhonePerso", 'a.phone_mobile'=>"PhoneMobile", 'a.email'=>"Email", 'a.birth'=>"Birthday", 'a.statut'=>"Status",
'a.photo'=>"Photo", 'a.note_public'=>"NotePublic", 'a.note_private'=>"NotePrivate", 'a.datec'=>'DateCreation', 'a.datevalid'=>'DateValidation',
'a.tms'=>'DateLastModification', 'a.datefin'=>'DateEndSubscription', 'ta.rowid'=>'MemberTypeId', 'ta.libelle'=>'MemberTypeLabel',
@ -301,7 +301,7 @@ class modAdherent extends DolibarrModules
'c.rowid'=>'Numeric', 'c.dateadh'=>'Date', 'c.datef'=>'Date', 'c.subscription'=>'Numeric'
);
$this->export_entities_array[$r] = array(
'a.rowid'=>'member', 'a.civility'=>"member", 'a.lastname'=>"member", 'a.firstname'=>"member", 'a.login'=>"member", 'a.gender'=>'member', 'a.morphy'=>'member',
'a.rowid'=>'member', 'a.ref'=>'member', 'a.civility'=>"member", 'a.lastname'=>"member", 'a.firstname'=>"member", 'a.login'=>"member", 'a.gender'=>'member', 'a.morphy'=>'member',
'a.societe'=>'member', 'a.address'=>"member", 'a.zip'=>"member", 'a.town'=>"member", 'd.nom'=>"member", 'co.code'=>"member", 'co.label'=>"member",
'a.phone'=>"member", 'a.phone_perso'=>"member", 'a.phone_mobile'=>"member", 'a.email'=>"member", 'a.birth'=>"member", 'a.statut'=>"member",
'a.photo'=>"member", 'a.note_public'=>"member", 'a.note_private'=>"member", 'a.datec'=>'member', 'a.datevalid'=>'member', 'a.tms'=>'member',
@ -338,10 +338,10 @@ class modAdherent extends DolibarrModules
$this->import_tables_array[$r] = array('a'=>MAIN_DB_PREFIX.'adherent', 'extra'=>MAIN_DB_PREFIX.'adherent_extrafields');
$this->import_tables_creator_array[$r] = array('a'=>'fk_user_author'); // Fields to store import user id
$this->import_fields_array[$r] = array(
'a.ref' => 'Member Ref*',
'a.ref' => 'MemberRef*',
'a.civility'=>"UserTitle", 'a.lastname'=>"Lastname*", 'a.firstname'=>"Firstname", 'a.gender'=>"Gender", 'a.login'=>"Login*", "a.pass"=>"Password",
"a.fk_adherent_type"=>"MemberType*", 'a.morphy'=>'MemberNature*', 'a.societe'=>'Company', 'a.address'=>"Address", 'a.zip'=>"Zip", 'a.town'=>"Town",
'a.state_id'=>'StateId', 'a.country'=>"CountryId", 'a.phone'=>"PhonePro", 'a.phone_perso'=>"PhonePerso", 'a.phone_mobile'=>"PhoneMobile",
"a.fk_adherent_type"=>"MemberTypeId*", 'a.morphy'=>'MemberNature*', 'a.societe'=>'Company', 'a.address'=>"Address", 'a.zip'=>"Zip", 'a.town'=>"Town",
'a.state_id'=>'StateId|StateCode', 'a.country'=>"CountryId|CountryCode", 'a.phone'=>"PhonePro", 'a.phone_perso'=>"PhonePerso", 'a.phone_mobile'=>"PhoneMobile",
'a.email'=>"Email", 'a.birth'=>"Birthday", 'a.statut'=>"Status*", 'a.photo'=>"Photo", 'a.note_public'=>"NotePublic", 'a.note_private'=>"NotePrivate",
'a.datec'=>'DateCreation', 'a.datefin'=>'DateEndSubscription'
);
@ -397,7 +397,7 @@ class modAdherent extends DolibarrModules
if (!empty($conf->societe->enabled)) {
$this->import_examplevalues_array[$r]['a.fk_soc'] = "rowid or name";
}
$this->import_updatekeys_array[$r] = array('a.ref'=>'Member Ref', 'a.login'=>'Login');
$this->import_updatekeys_array[$r] = array('a.ref'=>'MemberRef', 'a.login'=>'Login');
// Cronjobs
$arraydate = dol_getdate(dol_now());

163
htdocs/imports/import.php
View File

@ -876,9 +876,9 @@ if ($step == 4 && $datatoimport) {
$isrequired = preg_match('/\*$/', $label);
if (!empty($isrequired)) {
$newlabel = substr($label, 0, -1);
$fieldstarget_tmp[$key] = array("label"=>$newlabel,"required"=>true);
$fieldstarget_tmp[$key] = array("label"=>$newlabel, "required"=>true);
} else {
$fieldstarget_tmp[$key] = array("label"=>$label,"required"=>false);
$fieldstarget_tmp[$key] = array("label"=>$label, "required"=>false);
}
if (!empty($array_match_database_to_file[$key])) {
$fieldstarget_tmp[$key]["imported"] = true;
@ -1089,9 +1089,14 @@ if ($step == 4 && $datatoimport) {
$optionsall = array();
foreach ($fieldstarget as $code => $line) {
//var_dump($line);
$labeltoshow = $langs->transnoentities($line["label"]);
$optionsall[$code] = array('labelkey'=>$line['label'], 'label'=>$labeltoshow, 'required'=>(empty($line["required"]) ? 0 : 1), 'position'=>!empty($line['position']) ? $line['position'] : 0);
// TODO Get type from an new array into module descriptor.
$tmparray = explode('|', $line["label"]); // If label of field is several translation keys separated with |
$labeltoshow = '';
foreach ($tmparray as $tmpkey => $tmpval) {
$labeltoshow .= ($labeltoshow ? ' '.$langs->trans('or').' ' : '').$langs->transnoentities($tmpval);
}
$optionsall[$code] = array('labelkey'=>$line['label'], 'labelkeyarray'=>$tmparray, 'label'=>$labeltoshow, 'required'=>(empty($line["required"]) ? 0 : 1), 'position'=>!empty($line['position']) ? $line['position'] : 0);
// TODO Get type from a new array into module descriptor.
//$picto = 'email';
$picto = '';
if ($picto) {
@ -1129,9 +1134,6 @@ if ($step == 4 && $datatoimport) {
print '<tr style="height:'.$height.'" class="trimport oddevenimport">';
$entity = (!empty($objimport->array_import_entities[0][$code]) ? $objimport->array_import_entities[0][$code] : $objimport->array_import_icon[0]);
$tablealias = preg_replace('/(\..*)$/i', '', $code);
$tablename = !empty($objimport->array_import_tables[0][$tablealias]) ? $objimport->array_import_tables[0][$tablealias] : "";
$entityicon = !empty($entitytoicon[$entity]) ? $entitytoicon[$entity] : $entity; // $entityicon must string name of picto of the field like 'project', 'company', 'contact', 'modulename', ...
$entitylang = $entitytolang[$entity] ? $entitytolang[$entity] : $objimport->array_import_label[0]; // $entitylang must be a translation key to describe object the field is related to, like 'Company', 'Contact', 'MyModyle', ...
@ -1161,6 +1163,48 @@ if ($step == 4 && $datatoimport) {
$label .= $tmpval['label'];
$label .= $tmpval['required'] ? '*</strong>' : '';
$tablealias = preg_replace('/(\..*)$/i', '', $tmpcode);
$tablename = !empty($objimport->array_import_tables[0][$tablealias]) ? $objimport->array_import_tables[0][$tablealias] : "";
$htmltext = '';
$filecolumn = ($i + 1);
// Source field info
if (empty($objimport->array_import_convertvalue[0][$tmpcode])) { // If source file does not need convertion
$filecolumntoshow = num2Alpha($i);
} else {
if ($objimport->array_import_convertvalue[0][$tmpcode]['rule'] == 'fetchidfromref') {
$htmltext .= $langs->trans("DataComeFromIdFoundFromRef", $filecolumn, $langs->transnoentitiesnoconv($entitylang)).'<br>';
}
if ($objimport->array_import_convertvalue[0][$tmpcode]['rule'] == 'fetchidfromcodeid') {
$htmltext .= $langs->trans("DataComeFromIdFoundFromCodeId", $filecolumn, $langs->transnoentitiesnoconv($objimport->array_import_convertvalue[0][$code]['dict'])).'<br>';
}
}
// Source required
$example = !empty($objimport->array_import_examplevalues[0][$tmpcode])?$objimport->array_import_examplevalues[0][$tmpcode]:"";
// Example
if (empty($objimport->array_import_convertvalue[0][$tmpcode])) { // If source file does not need convertion
if ($example) {
$htmltext .= $langs->trans("SourceExample").': <b>'.str_replace('"', '', $example).'</b><br>';
}
} else {
if ($objimport->array_import_convertvalue[0][$tmpcode]['rule'] == 'fetchidfromref') {
$htmltext .= $langs->trans("SourceExample").': <b>'.$langs->transnoentitiesnoconv("ExampleAnyRefFoundIntoElement", $entitylang).($example ? ' ('.$langs->transnoentitiesnoconv("Example").': '.$example.')' : '').'</b><br>';
} elseif ($objimport->array_import_convertvalue[0][$tmpcode]['rule'] == 'fetchidfromcodeid') {
$htmltext .= $langs->trans("SourceExample").': <b>'.$langs->trans("ExampleAnyCodeOrIdFoundIntoDictionary", $langs->transnoentitiesnoconv($objimport->array_import_convertvalue[0][$code]['dict'])).($example ? ' ('.$langs->transnoentitiesnoconv("Example").': '.$example.')' : '').'</b><br>';
} elseif ($example) {
$htmltext .= $langs->trans("SourceExample").': <b>'.str_replace('"', '', $example).'</b><br>';
}
}
// Format control rule
if (!empty($objimport->array_import_regex[0][$tmpcode])) {
$htmltext .= $langs->trans("FormatControlRule").': <b>'.str_replace('"', '', $objimport->array_import_regex[0][$tmpcode]).'</b><br>';
}
$htmltext .= $langs->trans("Table")."->".$langs->trans("Field").': &nbsp; <b>'.$tablename."->".preg_replace('/^.*\./', '', $tmpcode)."</b>";
$labelhtml = $label.' '.$form->textwithpicto('', $htmltext, 1, 'help', '', 1);
$selectforline .= '<option value="'.$tmpcode.'"';
if ($modetoautofillmapping == 'orderoftargets') {
// The mode where we fill the preselected value of combo one by one in order of available targets fields in the declaration in descriptor file.
@ -1169,8 +1213,9 @@ if ($step == 4 && $datatoimport) {
}
} elseif ($modetoautofillmapping == 'guess') {
// The mode where we try to guess which value to preselect from the name in first column of source file.
// $line['example1'] is the label of the column found on first line
$regs = array();
if (preg_match('/^(.+)\((.+)\)$/', $line['example1'], $regs)) {
if (preg_match('/^(.+)\((.+\..+)\)$/', $line['example1'], $regs)) { // If text is "Label (x.abc)"
$tmpstring1 = $regs[1];
$tmpstring2 = $regs[2];
} else {
@ -1181,18 +1226,23 @@ if ($step == 4 && $datatoimport) {
$tmpstring2 = strtolower(str_replace('*', '', trim($tmpstring2)));
// $tmpstring1 and $tmpstring2 are string from input file.
//var_dump($tmpstring1.' '.$tmpstring2.' '.$tmpval['label'].' '.$tmpval['labelkey']);
if ($tmpstring1 && ($tmpstring1 == $tmpcode || $tmpstring1 == strtolower($tmpval['label'])
|| $tmpstring1 == strtolower(dol_string_unaccent($tmpval['label'])) || $tmpstring1 == strtolower($tmpval['labelkey']))) {
if (empty($codeselectedarray[$code])) {
$selectforline .= ' selected';
$codeselectedarray[$code] = 1;
}
} elseif ($tmpstring2 && ($tmpstring2 == $tmpcode || $tmpstring2 == strtolower($tmpval['label'])
|| $tmpstring2 == strtolower(dol_string_unaccent($tmpval['label'])) || $tmpstring2 == strtolower($tmpval['labelkey']))) {
if (empty($codeselectedarray[$code])) {
$selectforline .= ' selected';
$codeselectedarray[$code] = 1;
foreach ($tmpval['labelkeyarray'] as $tmpval2) {
$labeltarget = $langs->transnoentities($tmpval2);
//var_dump($tmpstring1.' - '.$tmpstring2.' - '.$tmpval['labelkey'].' - '.$tmpval['label'].' - '.$tmpval2.' - '.$labeltarget);
if ($tmpstring1 && ($tmpstring1 == $tmpcode || $tmpstring1 == strtolower($labeltarget)
|| $tmpstring1 == strtolower(dol_string_unaccent($labeltarget)) || $tmpstring1 == strtolower($tmpval2))) {
if (empty($codeselectedarray[$code])) {
$selectforline .= ' selected';
$codeselectedarray[$code] = 1;
break;
}
} elseif ($tmpstring2 && ($tmpstring2 == $tmpcode || $tmpstring2 == strtolower($labeltarget)
|| $tmpstring2 == strtolower(dol_string_unaccent($labeltarget)) || $tmpstring2 == strtolower($tmpval2))) {
if (empty($codeselectedarray[$code])) {
$selectforline .= ' selected';
$codeselectedarray[$code] = 1;
break;
}
}
}
} elseif ($modetoautofillmapping == 'session' && !empty($_SESSION['dol_array_match_file_to_database_select'])) {
@ -1203,7 +1253,7 @@ if ($step == 4 && $datatoimport) {
}
$selectforline .= ' data-debug="'.$tmpcode.'-'.$code.'-'.$j.'-'.(!empty($tmpselectioninsession[($i+1)]) ? $tmpselectioninsession[($i+1)] : "").'"';
}
$selectforline .= ' data-html="'.dol_escape_htmltag($label).'"';
$selectforline .= ' data-html="'.dol_escape_htmltag($labelhtml).'"';
$selectforline .= '>';
$selectforline .= $label;
$selectforline .= '</options>';
@ -1216,62 +1266,17 @@ if ($step == 4 && $datatoimport) {
print '</td>';
// Tooltip at end of line
print '<td class="nowraponall" style="font-weight:normal; text-align:right">';
$filecolumn = ($i + 1);
// Source field info
$htmltext = '<b><u>'.$langs->trans("FieldSource").'</u></b><br>';
if ($filecolumn > count($fieldssource)) {
$htmltext .= $langs->trans("DataComeFromNoWhere").'<br>';
} else {
if (empty($objimport->array_import_convertvalue[0][$code])) { // If source file does not need convertion
$filecolumntoshow = num2Alpha($i);
$htmltext .= $langs->trans("DataComeFromFileFieldNb", $filecolumntoshow).'<br>';
} else {
if ($objimport->array_import_convertvalue[0][$code]['rule'] == 'fetchidfromref') {
$htmltext .= $langs->trans("DataComeFromIdFoundFromRef", $filecolumn, $langs->transnoentitiesnoconv($entitylang)).'<br>';
}
if ($objimport->array_import_convertvalue[0][$code]['rule'] == 'fetchidfromcodeid') {
$htmltext .= $langs->trans("DataComeFromIdFoundFromCodeId", $filecolumn, $langs->transnoentitiesnoconv($objimport->array_import_convertvalue[0][$code]['dict'])).'<br>';
}
}
}
// Source required
$example = !empty($objimport->array_import_examplevalues[0][$code])?$objimport->array_import_examplevalues[0][$code]:"";
// Example
if (empty($objimport->array_import_convertvalue[0][$code])) { // If source file does not need convertion
if ($example) {
$htmltext .= $langs->trans("SourceExample").': <b>'.$example.'</b><br>';
}
} else {
if ($objimport->array_import_convertvalue[0][$code]['rule'] == 'fetchidfromref') {
$htmltext .= $langs->trans("SourceExample").': <b>'.$langs->transnoentitiesnoconv("ExampleAnyRefFoundIntoElement", $entitylang).($example ? ' ('.$langs->transnoentitiesnoconv("Example").': '.$example.')' : '').'</b><br>';
} elseif ($objimport->array_import_convertvalue[0][$code]['rule'] == 'fetchidfromcodeid') {
$htmltext .= $langs->trans("SourceExample").': <b>'.$langs->trans("ExampleAnyCodeOrIdFoundIntoDictionary", $langs->transnoentitiesnoconv($objimport->array_import_convertvalue[0][$code]['dict'])).($example ? ' ('.$langs->transnoentitiesnoconv("Example").': '.$example.')' : '').'</b><br>';
} elseif ($example) {
$htmltext .= $langs->trans("SourceExample").': <b>'.$example.'</b><br>';
}
}
// Format control rule
if (!empty($objimport->array_import_regex[0][$code])) {
$htmltext .= $langs->trans("FormatControlRule").': <b>'.$objimport->array_import_regex[0][$code].'</b><br>';
}
$htmltext .= '<br>';
// Target field info
$htmltext .= '<b><u>'.$langs->trans("FieldTarget").'</u></b><br>';
//$htmltext .= $langs->trans("SourceRequired").': <b>'.yn($line["label"]).'</b><br>';
if (empty($objimport->array_import_convertvalue[0][$code])) { // If source file does not need convertion
$htmltext .= $langs->trans("DataIsInsertedInto").'<br>';
} else {
if ($objimport->array_import_convertvalue[0][$code]['rule'] == 'fetchidfromref') {
$htmltext .= $langs->trans("DataIDSourceIsInsertedInto").'<br>';
}
if ($objimport->array_import_convertvalue[0][$code]['rule'] == 'fetchidfromcodeid') {
$htmltext .= $langs->trans("DataCodeIDSourceIsInsertedInto").'<br>';
}
}
$htmltext .= $langs->trans("FieldTitle").": <b>".$langs->trans($fieldstarget[$arraykeysfieldtarget[$code-1]]["label"])."</b><br>";
$htmltext .= $langs->trans("Table")." -> ".$langs->trans("Field").': <b>'.$tablename." -> ".preg_replace('/^.*\./', '', $code)."</b><br>";
print $form->textwithpicto($more, $htmltext);
$filecolumntoshow = num2Alpha($i);
$htmltext .= $langs->trans("DataComeFromFileFieldNb", $filecolumntoshow).'<br>';
print $form->textwithpicto('', $htmltext);
print '</td>';
print '</tr>';
$i++;
}
@ -1926,9 +1931,9 @@ if ($step == 5 && $datatoimport) {
print $langs->trans("TooMuchErrors", (count($arrayoferrors) - $nboferrors))."<br>";
break;
}
print '* '.$langs->trans("Line").' '.$key.'<br>';
print '* '.$langs->trans("Line").' '.dol_escape_htmltag($key).'<br>';
foreach ($val as $i => $err) {
print ' &nbsp; &nbsp; > '.$err['lib'].'<br>';
print ' &nbsp; &nbsp; > '.dol_escape_htmltag($err['lib']).'<br>';
}
}
print '</td></tr></table>';
@ -1946,9 +1951,9 @@ if ($step == 5 && $datatoimport) {
print $langs->trans("TooMuchWarnings", (count($arrayofwarnings) - $nbofwarnings))."<br>";
break;
}
print ' * '.$langs->trans("Line").' '.$key.'<br>';
print ' * '.$langs->trans("Line").' '.dol_escape_htmltag($key).'<br>';
foreach ($val as $i => $err) {
print ' &nbsp; &nbsp; > '.$err['lib'].'<br>';
print ' &nbsp; &nbsp; > '.dol_escape_htmltag($err['lib']).'<br>';
}
}
print '</td></tr></table>';

3
htdocs/langs/en_US/companies.lang
View File

@ -60,13 +60,14 @@ NatureOfThirdParty=Nature of Third party
NatureOfContact=Nature of Contact
Address=Address
State=State/Province
StateId=State ID
StateCode=State/Province code
StateShort=State
Region=Region
Region-State=Region - State
Country=Country
CountryCode=Country code
CountryId=Country id
CountryId=Country ID
Phone=Phone
PhoneShort=Phone
Skype=Skype

1
htdocs/langs/en_US/errors.lang
View File

@ -92,6 +92,7 @@ ErrorModuleRequireJavascript=Javascript must not be disabled to have this featur
ErrorPasswordsMustMatch=Both typed passwords must match each other
ErrorContactEMail=A technical error occured. Please, contact administrator to following email <b>%s</b> and provide the error code <b>%s</b> in your message, or add a screen copy of this page.
ErrorWrongValueForField=Field <b>%s</b>: '<b>%s</b>' does not match regex rule <b>%s</b>
ErrorHtmlInjectionForField=Field <b>%s</b>: The value '<b>%s</b>' contains a malicious data not allowed
ErrorFieldValueNotIn=Field <b>%s</b>: '<b>%s</b>' is not a value found in field <b>%s</b> of <b>%s</b>
ErrorFieldRefNotIn=Field <b>%s</b>: '<b>%s</b>' is not a <b>%s</b> existing ref
ErrorsOnXLines=%s errors found

3
htdocs/langs/en_US/members.lang
View File

@ -35,7 +35,8 @@ DateEndSubscription=End date of membership
EndSubscription=End of membership
SubscriptionId=Contribution ID
WithoutSubscription=Without contribution
MemberId=Member id
MemberId=Member Id
MemberRef=Member Ref
NewMember=New member
MemberType=Member type
MemberTypeId=Member type id

2
htdocs/main.inc.php
View File

@ -183,7 +183,7 @@ function testSqlAndScriptInject($val, $type)
$inj += preg_match('/javascript\s*:/i', $val);
$inj += preg_match('/vbscript\s*:/i', $val);
// For XSS Injection done by adding javascript closing html tags like with onmousemove, etc... (closing a src or href tag with not cleaned param)
if ($type == 1) {
if ($type == 1 || $type == 3) {
$val = str_replace('enclosure="', 'enclosure=X', $val); // We accept enclosure=" for the export/import module
$inj += preg_match('/"/i', $val); // We refused " in GET parameters value.
}