diff --git a/htdocs/core/class/translate.class.php b/htdocs/core/class/translate.class.php index ec0900a8ae7..4e3fa70483a 100644 --- a/htdocs/core/class/translate.class.php +++ b/htdocs/core/class/translate.class.php @@ -759,10 +759,28 @@ class Translate * @param string $param5 chaine de param5 * @return string Translated string */ + public function tr($key, $param1 = '', $param2 = '', $param3 = '', $param4 = '', $param5 = '') + { + return $this->transnoentitiesnoconv($key, $param1, $param2, $param3, $param4, $param5); + } + + /** + * Return translated value of a text string. Alias of tr() for backward compatibility. + * If there is no match for this text, we look in alternative file and if still not found, + * it is returned as is. + * No conversion to encoding charset of lang object is done. + * Parameters of this method must not contains any HTML tags. + * + * @param string $key Key to translate + * @param string $param1 chaine de param1 + * @param string $param2 chaine de param2 + * @param string $param3 chaine de param3 + * @param string $param4 chaine de param4 + * @param string $param5 chaine de param5 + * @return string Translated string + */ public function transnoentitiesnoconv($key, $param1 = '', $param2 = '', $param3 = '', $param4 = '', $param5 = '') { - global $conf; - if (!empty($this->tab_translate[$key])) { // Translation is available $str = $this->tab_translate[$key]; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 64d1f2137fa..f2268767734 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -2100,7 +2100,7 @@ function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $noescapeta // In a future, we should not need this $tmp = (string) $stringtoescape; - /* + // We protect the 6 special entities that we don't want to decode. $tmp = str_ireplace('<', '__DONOTDECODELT', $tmp); $tmp = str_ireplace('>', '__DONOTDECODEGT', $tmp); @@ -2118,7 +2118,7 @@ function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $noescapeta $tmp = str_ireplace('__DONOTDECODEQUOT', '"', $tmp); $tmp = str_ireplace('__DONOTDECODEAPOS', '&apos', $tmp); $tmp = str_ireplace('__DONOTDECODE39', ''', $tmp); - */ + $tmp = str_ireplace(''', '__SIMPLEQUOTE', $tmp); // HTML 4 } if (!$keepb) { @@ -2176,19 +2176,12 @@ function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $noescapeta } while ($diff); } + $tmp = str_ireplace('"', '__DOUBLEQUOT', $tmp); $tmp = str_ireplace('<', '__LESSTAN', $tmp); $tmp = str_ireplace('>', '__GREATERTHAN', $tmp); - } else { - // var_dump($tmp); - //$tmp = str_ireplace('<', '__LESSTHAN', $tmp); - //$tmp = str_ireplace('>', '__GREATERTHAN', $tmp); } - // Warning: htmlentities encode HTML tags like , but forget < > "es; ' ' & - // So we do it ourself afterfor < at > - //$tmp = str_ireplace('<', '&lt', $tmp); - //$tmp = str_ireplace('>', '&gt', $tmp); - //var_dump("eeeeeeeeeeeeeeeeeeeee"); - //var_dump($tmp); + + // Warning: htmlentities encode HTML tags like , but not < > "es; ' ' & that remains untouched. $result = htmlentities($tmp, ENT_COMPAT, 'UTF-8'); // Convert & into & and more... //print $result; @@ -2211,6 +2204,7 @@ function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $noescapeta $result = str_ireplace('__SIMPLEQUOTE', ''', $result); + $result = str_ireplace('__DOUBLEQUOT', '"', $result); $result = str_ireplace('__LESSTAN', '<', $result); $result = str_ireplace('__GREATERTHAN', '>', $result); @@ -8534,7 +8528,8 @@ function dol_htmlwithnojs($stringtoencode, $nouseofiframesandbox = 0, $check = ' // See options at https://tidy.sourceforge.net/docs/quickref.html $config = array( 'clean' => false, - 'quote-marks' => false, // do not replace " that are used for real text content (not a string symbol for html attribute) into " + // Best will be to set 'quote-marks' to false to not replace " that are used for real text content (not a string symbol for html attribute) into " + 'quote-marks' => false, 'doctype' => 'strict', 'show-body-only' => true, "indent-attributes" => false, diff --git a/htdocs/core/lib/website.lib.php b/htdocs/core/lib/website.lib.php index c44bb31b429..86737d3defc 100644 --- a/htdocs/core/lib/website.lib.php +++ b/htdocs/core/lib/website.lib.php @@ -1354,7 +1354,9 @@ function getImageFromHtmlContent($htmlContent, $imageNumber = 1) } // Load HTML content into object - $dom->loadHTML($htmlContent); + // We add the @ to avoid verbose warnings logsin the error.log file. For example: + // "PHP message: PHP Warning: DOMDocument::loadHTML(): Tag section invalid in Entity, line: ...", etc. + @$dom->loadHTML($htmlContent); // Re-enable HTML load errors libxml_clear_errors(); diff --git a/htdocs/modulebuilder/template/admin/setup.php b/htdocs/modulebuilder/template/admin/setup.php index 9dc2b682c20..d7d87fe8f1e 100644 --- a/htdocs/modulebuilder/template/admin/setup.php +++ b/htdocs/modulebuilder/template/admin/setup.php @@ -352,8 +352,6 @@ echo ''.$langs->trans("MyModuleSetupPage").'< if (!empty($formSetup->items)) { print $formSetup->generateOutput(true); print '
'; -} else { - print '
'.$langs->trans("NothingToSetup"); } diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index bcd37702167..bcaf7d9b74b 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -629,12 +629,15 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // Show links to link elements $tmparray = $form->showLinkToObjectBlock($object, array(), array('myobject'), 1); - $linktoelem = $tmparray['linktoelem']; - $htmltoenteralink = $tmparray['htmltoenteralink']; - print $htmltoenteralink; - - $somethingshown = $form->showLinkedObjectBlock($object, $linktoelem); - + if (is_array($tmparray)) { + $linktoelem = $tmparray['linktoelem']; + $htmltoenteralink = $tmparray['htmltoenteralink']; + print $htmltoenteralink; + $somethingshown = $form->showLinkedObjectBlock($object, $linktoelem); + } else { + // backward compatibility + $somethingshown = $form->showLinkedObjectBlock($object, $tmparray); + } print '
'; diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index c6d7b985d16..02dcc1ce6af 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -51,6 +51,10 @@ if (!defined('NOBROWSERNOTIF')) { define('NOBROWSERNOTIF', '1'); } +if (!defined('XFRAMEOPTIONS_ALLOWALL')) { + define('XFRAMEOPTIONS_ALLOWALL', '1'); +} + // For MultiCompany module. // Do not use GETPOST here, function is not defined and get of entity must be done before including main.inc.php // Because 2 entities can have the same ref. diff --git a/htdocs/public/payment/paymentko.php b/htdocs/public/payment/paymentko.php index b1d8bad0cce..f8460f8a799 100644 --- a/htdocs/public/payment/paymentko.php +++ b/htdocs/public/payment/paymentko.php @@ -40,6 +40,10 @@ if (!defined('NOBROWSERNOTIF')) { define('NOBROWSERNOTIF', '1'); } +if (!defined('XFRAMEOPTIONS_ALLOWALL')) { + define('XFRAMEOPTIONS_ALLOWALL', '1'); +} + // For MultiCompany module. // Do not use GETPOST here, function is not defined and this test must be done before including main.inc.php // Because 2 entities can have the same ref. diff --git a/htdocs/public/payment/paymentok.php b/htdocs/public/payment/paymentok.php index a5f9028f31f..b70871bdf2d 100644 --- a/htdocs/public/payment/paymentok.php +++ b/htdocs/public/payment/paymentok.php @@ -43,6 +43,10 @@ if (!defined('NOBROWSERNOTIF')) { define('NOBROWSERNOTIF', '1'); } +if (!defined('XFRAMEOPTIONS_ALLOWALL')) { + define('XFRAMEOPTIONS_ALLOWALL', '1'); +} + // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php // Because 2 entities can have the same ref. diff --git a/htdocs/website/index.php b/htdocs/website/index.php index fc11f5ec7ff..b69a1697d3f 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -3224,6 +3224,24 @@ if (!GETPOST('hide_websitemenu')) { $examplewithapache .= "#ErrorLog /var/log/apache2/".$websitekey."_error_log\n"; $examplewithapache .= "#TransferLog /var/log/apache2/".$websitekey."_access_log\n"; + $examplewithapache .= "\n"; + $examplewithapache .= "# If you need include the payment page into a frame of the website,\n"; + $examplewithapache .= "# you need to make a proxy redirection of URLs required for the payment to your backoffice pages\n"; + $examplewithapache .= "#SSLProxyEngine On\n"; + $examplewithapache .= "#SSLProxyVerify none\n"; + $examplewithapache .= "#SSLProxyCheckPeerCN off\n"; + $examplewithapache .= "#SSLProxyCheckPeerName off\n"; + $examplewithapache .= "#ProxyPreserveHost Off\n"; + $examplewithapache .= '#ProxyPass "/public/payment/" "'.$urlwithroot.'/public/payment/'."\n"; + $examplewithapache .= '#ProxyPassReverse "/public/payment/" "'.$urlwithroot.'/public/payment/'."\n"; + $examplewithapache .= '#ProxyPass "/includes/" "'.$urlwithroot.'/includes/'."\n"; + $examplewithapache .= '#ProxyPassReverse "/includes/" "'.$urlwithroot.'/includes/'."\n"; + $examplewithapache .= '#ProxyPass "/theme/" "'.$urlwithroot.'/theme/'."\n"; + $examplewithapache .= '#ProxyPassReverse "/theme/" "'.$urlwithroot.'/theme/'."\n"; + $examplewithapache .= '#ProxyPass "/core/js/" "'.$urlwithroot.'/core/js/'."\n"; + $examplewithapache .= '#ProxyPassReverse "/core/js/" "'.$urlwithroot.'/core/js/'."\n"; + $examplewithapache .= "\n"; + $examplewithapache .= "\n"; $htmltext .= '
'.$langs->trans("ExampleToUseInApacheVirtualHostConfig").':
'; diff --git a/test/phpunit/test.php b/test/phpunit/test.php index cfdfdd55d52..6e8f0c8565a 100755 --- a/test/phpunit/test.php +++ b/test/phpunit/test.php @@ -9,11 +9,21 @@ include "../../htdocs/master.inc.php"; include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; -print ">>> dol_escape_htmltag(eée < > bbbold) - should not happen\n"; -print dol_escape_htmltag("eée < > bbbold", 1); +$langs->setDefaultLang('fr'); +$langs->loadLangs(array('main', 'companies')); + +var_dump($langs->tab_translate["Preview"]); + +print $langs->tr("Preview"); print "\n"; -print ">>> dol_escape_htmltag(eée < > bbbold)\n"; -print dol_escape_htmltag("eée < > bbbold", 1); +print $langs->trans("Preview"); +print "\n"; + +print ">>> dol_escape_htmltag(eée < > bbbold ç) - should not happen\n"; +print dol_escape_htmltag("eée < > bbbold ç", 1); +print "\n"; +print ">>> dol_escape_htmltag(eée < > bbbold ç)\n"; +print dol_escape_htmltag("eée < > bbbold ç", 1); print "\n"; print '>>> dol_escape_htmltag(<script>alert("azerty")</script>)'."\n"; print dol_escape_htmltag('<script>alert("azerty")</script>', 1); @@ -22,11 +32,11 @@ print "\n"; print "\n"; // dol_escape_htmltag(dol_htmlwithnojs(dol_string_onlythesehtmltags(dol_htmlentitiesbr($s), 1, 1, 1, array())), 1, 1, 'common', 0, 1); -print ">>> dolPrintHtml(eée < > bbbold) - should not happen\n"; -print dolPrintHtml("eée < > bbbold"); +print ">>> dolPrintHtml(eée < > bbbold ç) - should not happen\n"; +print dolPrintHtml("eée < > bbbold ç"); print "\n"; -print ">>> dolPrintHtml(eée < > bbbold)\n"; -print dolPrintHtml("eée < > bbbold"); +print ">>> dolPrintHtml(eée < > bbbold ç)\n"; +print dolPrintHtml("eée < > bbbold ç"); print "\n"; print '>>> dolPrintHtml(<script>alert("azerty")</script>)'."\n"; print dolPrintHtml('<script>alert("azerty")</script>'); @@ -35,12 +45,12 @@ print "\n"; print "\n"; // dol_escape_htmltag(dol_string_onlythesehtmltags(dol_htmlentitiesbr($s), 1, 0, 0, 0, array('br', 'b', 'font', 'hr', 'span')), 1, -1, '', 0, 1); -print ">>> dolPrintHtmlForattribute(eée < > bbbold)\n"; -print dolPrintHtmlForAttribute("eée < > bbbold"); +print ">>> dolPrintHtmlForattribute(eée < > bbbold ç)\n"; +print dolPrintHTMLForAttribute("eée < > bbbold ç"); print "\n"; -print ">>> dolPrintHtmlForAttribute(eée < > bbbold)\n"; -print dolPrintHtmlForAttribute("eée < > bbbold"); +print ">>> dolPrintHTMLForAttribute(eée < > bbbold ç)\n"; +print dolPrintHTMLForAttribute("eée < > bbbold ç"); print "\n"; print '>>> dolPrintHtmlForattribute(<script>alert("azerty")</script>)'."\n"; -print dolPrintHtmlForAttribute('<script>alert("azerty")</script>'); +print dolPrintHTMLForAttribute('<script>alert("azerty")</script>'); print "\n";