Merge branch '21.0' of git@github.com:Dolibarr/dolibarr.git into develop

htdocs/core/class/translate.class.php

@@ -759,10 +759,28 @@ class Translate
 	 *  @param  string	$param5     chaine de param5
 	 *  @return string      		Translated string
 	 */
+	public function tr($key, $param1 = '', $param2 = '', $param3 = '', $param4 = '', $param5 = '')
+	{
+		return $this->transnoentitiesnoconv($key, $param1, $param2, $param3, $param4, $param5);
+	}
+
+	/**
+	 *  Return translated value of a text string. Alias of tr() for backward compatibility.
+	 * 				 If there is no match for this text, we look in alternative file and if still not found,
+	 * 				 it is returned as is.
+	 *               No conversion to encoding charset of lang object is done.
+	 *               Parameters of this method must not contains any HTML tags.
+	 *
+	 *  @param	string	$key        Key to translate
+	 *  @param  string	$param1     chaine de param1
+	 *  @param  string	$param2     chaine de param2
+	 *  @param  string	$param3     chaine de param3
+	 *  @param  string	$param4     chaine de param4
+	 *  @param  string	$param5     chaine de param5
+	 *  @return string      		Translated string
+	 */
 	public function transnoentitiesnoconv($key, $param1 = '', $param2 = '', $param3 = '', $param4 = '', $param5 = '')
 	{
-		global $conf;
-
 		if (!empty($this->tab_translate[$key])) {	// Translation is available
 			$str = $this->tab_translate[$key];
 

htdocs/core/lib/functions.lib.php

@@ -2100,7 +2100,7 @@ function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $noescapeta
 		// In a future, we should not need this
 
 		$tmp = (string) $stringtoescape;
-		/*
+
 		// We protect the 6 special entities that we don't want to decode.
 		$tmp = str_ireplace('&lt', '__DONOTDECODELT', $tmp);
 		$tmp = str_ireplace('&gt', '__DONOTDECODEGT', $tmp);
@@ -2118,7 +2118,7 @@ function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $noescapeta
 		$tmp = str_ireplace('__DONOTDECODEQUOT', '&quot', $tmp);
 		$tmp = str_ireplace('__DONOTDECODEAPOS', '&apos', $tmp);
 		$tmp = str_ireplace('__DONOTDECODE39', '&#39', $tmp);
-		*/
+
 		$tmp = str_ireplace(''', '__SIMPLEQUOTE', $tmp);	// HTML 4
 	}
 	if (!$keepb) {
@@ -2176,19 +2176,12 @@ function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $noescapeta
 				} while ($diff);
 			}
 
+			$tmp = str_ireplace('&quot', '__DOUBLEQUOT', $tmp);
 			$tmp = str_ireplace('&lt', '__LESSTAN', $tmp);
 			$tmp = str_ireplace('&gt', '__GREATERTHAN', $tmp);
-		} else {
-			//	var_dump($tmp);
-			//$tmp = str_ireplace('&lt', '__LESSTHAN', $tmp);
-			//$tmp = str_ireplace('&gt', '__GREATERTHAN', $tmp);
 		}
-		// Warning: htmlentities encode HTML tags like <abc>, but forget &lt; &gt; &quotes; &apos; &#39; &amp;
-		// So we do it ourself afterfor &lt; at &gt;
-		//$tmp = str_ireplace('&lt', '&amp;lt', $tmp);
-		//$tmp = str_ireplace('&gt', '&amp;gt', $tmp);
-		//var_dump("eeeeeeeeeeeeeeeeeeeee");
-		//var_dump($tmp);
+
+		// Warning: htmlentities encode HTML tags like <abc>, but not &lt; &gt; &quotes; &apos; &#39; &amp; that remains untouched.
 		$result = htmlentities($tmp, ENT_COMPAT, 'UTF-8');	// Convert & into &amp; and more...
 
 		//print $result;
@@ -2211,6 +2204,7 @@ function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $noescapeta
 
 		$result = str_ireplace('__SIMPLEQUOTE', '&#39;', $result);
 
+		$result = str_ireplace('__DOUBLEQUOT', '&quot', $result);
 		$result = str_ireplace('__LESSTAN', '&lt', $result);
 		$result = str_ireplace('__GREATERTHAN', '&gt', $result);
 
@@ -8534,7 +8528,8 @@ function dol_htmlwithnojs($stringtoencode, $nouseofiframesandbox = 0, $check = '
 						// See options at https://tidy.sourceforge.net/docs/quickref.html
 						$config = array(
 							'clean' => false,
-							'quote-marks' => false,		// do not replace " that are used for real text content (not a string symbol for html attribute) into &quot;
+							// Best will be to set 'quote-marks' to false to not replace " that are used for real text content (not a string symbol for html attribute) into &quot;
+							'quote-marks' => false,
 							'doctype'     => 'strict',
 							'show-body-only' => true,
 							"indent-attributes" => false,

htdocs/core/lib/website.lib.php

@@ -1354,7 +1354,9 @@ function getImageFromHtmlContent($htmlContent, $imageNumber = 1)
 	}
 
 	// Load HTML content into object
-	$dom->loadHTML($htmlContent);
+	// We add the @ to avoid verbose warnings logsin the error.log file. For example:
+	// "PHP message: PHP Warning:  DOMDocument::loadHTML(): Tag section invalid in Entity, line: ...", etc.
+	@$dom->loadHTML($htmlContent);
 
 	// Re-enable HTML load errors
 	libxml_clear_errors();

htdocs/modulebuilder/template/admin/setup.php

@@ -352,8 +352,6 @@ echo '<span class="opacitymedium">'.$langs->trans("MyModuleSetupPage").'</span><
 if (!empty($formSetup->items)) {
 	print $formSetup->generateOutput(true);
 	print '<br>';
-} else {
-	print '<br>'.$langs->trans("NothingToSetup");
 }
 
 

htdocs/modulebuilder/template/myobject_card.php

@@ -629,12 +629,15 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
 
 		// Show links to link elements
 		$tmparray = $form->showLinkToObjectBlock($object, array(), array('myobject'), 1);
-		$linktoelem = $tmparray['linktoelem'];
-		$htmltoenteralink = $tmparray['htmltoenteralink'];
-		print $htmltoenteralink;
-
-		$somethingshown = $form->showLinkedObjectBlock($object, $linktoelem);
-
+		if (is_array($tmparray)) {
+			$linktoelem = $tmparray['linktoelem'];
+			$htmltoenteralink = $tmparray['htmltoenteralink'];
+			print $htmltoenteralink;
+			$somethingshown = $form->showLinkedObjectBlock($object, $linktoelem);
+		} else {
+			// backward compatibility
+			$somethingshown = $form->showLinkedObjectBlock($object, $tmparray);
+		}
 
 		print '</div><div class="fichehalfright">';
 

htdocs/public/payment/newpayment.php

@@ -51,6 +51,10 @@ if (!defined('NOBROWSERNOTIF')) {
 	define('NOBROWSERNOTIF', '1');
 }
 
+if (!defined('XFRAMEOPTIONS_ALLOWALL')) {
+		define('XFRAMEOPTIONS_ALLOWALL', '1');
+}
+
 // For MultiCompany module.
 // Do not use GETPOST here, function is not defined and get of entity must be done before including main.inc.php
 // Because 2 entities can have the same ref.

htdocs/public/payment/paymentko.php

@@ -40,6 +40,10 @@ if (!defined('NOBROWSERNOTIF')) {
 	define('NOBROWSERNOTIF', '1');
 }
 
+if (!defined('XFRAMEOPTIONS_ALLOWALL')) {
+		define('XFRAMEOPTIONS_ALLOWALL', '1');
+}
+
 // For MultiCompany module.
 // Do not use GETPOST here, function is not defined and this test must be done before including main.inc.php
 // Because 2 entities can have the same ref.

htdocs/public/payment/paymentok.php

@@ -43,6 +43,10 @@ if (!defined('NOBROWSERNOTIF')) {
 	define('NOBROWSERNOTIF', '1');
 }
 
+if (!defined('XFRAMEOPTIONS_ALLOWALL')) {
+		define('XFRAMEOPTIONS_ALLOWALL', '1');
+}
+
 // For MultiCompany module.
 // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
 // Because 2 entities can have the same ref.

htdocs/website/index.php

@@ -3224,6 +3224,24 @@ if (!GETPOST('hide_websitemenu')) {
 			$examplewithapache .= "#ErrorLog /var/log/apache2/".$websitekey."_error_log\n";
 			$examplewithapache .= "#TransferLog /var/log/apache2/".$websitekey."_access_log\n";
 
+			$examplewithapache .= "\n";
+			$examplewithapache .= "# If you need include the payment page into a frame of the website,\n";
+			$examplewithapache .= "# you need to make a proxy redirection of URLs required for the payment to your backoffice pages\n";
+			$examplewithapache .= "#SSLProxyEngine On\n";
+			$examplewithapache .= "#SSLProxyVerify none\n";
+			$examplewithapache .= "#SSLProxyCheckPeerCN off\n";
+			$examplewithapache .= "#SSLProxyCheckPeerName off\n";
+			$examplewithapache .= "#ProxyPreserveHost Off\n";
+			$examplewithapache .= '#ProxyPass "/public/payment/" "'.$urlwithroot.'/public/payment/'."\n";
+			$examplewithapache .= '#ProxyPassReverse "/public/payment/" "'.$urlwithroot.'/public/payment/'."\n";
+			$examplewithapache .= '#ProxyPass "/includes/" "'.$urlwithroot.'/includes/'."\n";
+			$examplewithapache .= '#ProxyPassReverse "/includes/" "'.$urlwithroot.'/includes/'."\n";
+			$examplewithapache .= '#ProxyPass "/theme/" "'.$urlwithroot.'/theme/'."\n";
+			$examplewithapache .= '#ProxyPassReverse "/theme/" "'.$urlwithroot.'/theme/'."\n";
+			$examplewithapache .= '#ProxyPass "/core/js/" "'.$urlwithroot.'/core/js/'."\n";
+			$examplewithapache .= '#ProxyPassReverse "/core/js/" "'.$urlwithroot.'/core/js/'."\n";
+			$examplewithapache .= "\n";
+
 			$examplewithapache .= "</VirtualHost>\n";
 
 			$htmltext .= '<br>'.$langs->trans("ExampleToUseInApacheVirtualHostConfig").':<br>';

test/phpunit/test.php

@@ -9,11 +9,21 @@
 include "../../htdocs/master.inc.php";
 include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 
-print ">>> dol_escape_htmltag(eée < > bb<b>bold) - should not happen</b>\n";
-print dol_escape_htmltag("eée < > bb<b>bold</b>", 1);
+$langs->setDefaultLang('fr');
+$langs->loadLangs(array('main', 'companies'));
+
+var_dump($langs->tab_translate["Preview"]);
+
+print $langs->tr("Preview");
 print "\n";
-print ">>> dol_escape_htmltag(eée &lt; &gt; bb<b>bold)</b>\n";
-print dol_escape_htmltag("eée &lt; &gt; bb<b>bold</b>", 1);
+print $langs->trans("Preview");
+print "\n";
+
+print ">>> dol_escape_htmltag(eée < > bb<b>bold ç) - should not happen</b>\n";
+print dol_escape_htmltag("eée < > bb<b>bold</b> ç", 1);
+print "\n";
+print ">>> dol_escape_htmltag(eée &lt; &gt; bb<b>bold ç)</b>\n";
+print dol_escape_htmltag("eée &lt; &gt; bb<b>bold</b> ç", 1);
 print "\n";
 print '>>> dol_escape_htmltag(&lt;script&gt;alert("azerty")&lt;/script&gt;)'."\n";
 print dol_escape_htmltag('&lt;script&gt;alert("azerty")&lt;/script&gt;', 1);
@@ -22,11 +32,11 @@ print "\n";
 print "\n";
 
 // dol_escape_htmltag(dol_htmlwithnojs(dol_string_onlythesehtmltags(dol_htmlentitiesbr($s), 1, 1, 1, array())), 1, 1, 'common', 0, 1);
-print ">>> dolPrintHtml(eée < > bb<b>bold</b>) - should not happen\n";
-print dolPrintHtml("eée < > bb<b>bold</b>");
+print ">>> dolPrintHtml(eée < > bb<b>bold</b> ç) - should not happen\n";
+print dolPrintHtml("eée < > bb<b>bold</b> ç");
 print "\n";
-print ">>> dolPrintHtml(eée &lt; &gt; bb<b>bold</b>)\n";
-print dolPrintHtml("eée &lt; &gt; bb<b>bold</b>");
+print ">>> dolPrintHtml(eée &lt; &gt; bb<b>bold</b> ç)\n";
+print dolPrintHtml("eée &lt; &gt; bb<b>bold</b> ç");
 print "\n";
 print '>>> dolPrintHtml(&lt;script&gt;alert("azerty")&lt;/script&gt;)'."\n";
 print dolPrintHtml('&lt;script&gt;alert("azerty")&lt;/script&gt;');
@@ -35,12 +45,12 @@ print "\n";
 print "\n";
 
 // dol_escape_htmltag(dol_string_onlythesehtmltags(dol_htmlentitiesbr($s), 1, 0, 0, 0, array('br', 'b', 'font', 'hr', 'span')), 1, -1, '', 0, 1);
-print ">>> dolPrintHtmlForattribute(eée < > bb<b>bold</b>)\n";
-print dolPrintHtmlForAttribute("eée < > bb<b>bold</b>");
+print ">>> dolPrintHtmlForattribute(eée < > bb<b>bold</b> ç)\n";
+print dolPrintHTMLForAttribute("eée < > bb<b>bold</b> ç");
 print "\n";
-print ">>> dolPrintHtmlForAttribute(eée &lt; &gt; bb<b>bold</b>)\n";
-print dolPrintHtmlForAttribute("eée &lt; &gt; bb<b>bold</b>");
+print ">>> dolPrintHTMLForAttribute(eée &lt; &gt; bb<b>bold</b> ç)\n";
+print dolPrintHTMLForAttribute("eée &lt; &gt; bb<b>bold</b> ç");
 print "\n";
 print '>>> dolPrintHtmlForattribute(&lt;script&gt;alert("azerty")&lt;/script&gt;)'."\n";
-print dolPrintHtmlForAttribute('&lt;script&gt;alert("azerty")&lt;/script&gt;');
+print dolPrintHTMLForAttribute('&lt;script&gt;alert("azerty")&lt;/script&gt;');
 print "\n";