From 94ccb44673c6485c7695ef11caf8817a903a73d2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 12 May 2018 11:02:44 +0200 Subject: [PATCH 1/4] Fix bad url wor external subscription page --- htdocs/adherents/admin/website.php | 8 +++++++- htdocs/admin/agenda_xcal.php | 4 +--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/htdocs/adherents/admin/website.php b/htdocs/adherents/admin/website.php index 0a560c402fd..b35df5f0083 100644 --- a/htdocs/adherents/admin/website.php +++ b/htdocs/adherents/admin/website.php @@ -241,7 +241,13 @@ if (! empty($conf->global->MEMBER_ENABLE_PUBLIC)) } else { $entity_qr=''; } - print ''.DOL_MAIN_URL_ROOT.'/public/members/new.php'.$entity_qr.''; + + // Define $urlwithroot + $urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root)); + $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file + //$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current + + print ''.$urlwithroot.'/public/members/new.php'.$entity_qr.''; } diff --git a/htdocs/admin/agenda_xcal.php b/htdocs/admin/agenda_xcal.php index ac19eb24c03..ab0effc2c45 100644 --- a/htdocs/admin/agenda_xcal.php +++ b/htdocs/admin/agenda_xcal.php @@ -32,9 +32,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php'; if (!$user->admin) accessforbidden(); -$langs->load("admin"); -$langs->load("other"); -$langs->load("agenda"); +$langs->loadLangs(array("admin","other","agenda")); $def = array(); $actionsave=GETPOST('save','alpha'); From 63ed5dcccce62c78100b9a566bad25772b8e2c10 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 12 May 2018 11:23:40 +0200 Subject: [PATCH 2/4] Fix securekey for new online payment form --- htdocs/comm/mailing/card.php | 2 +- htdocs/public/members/new.php | 37 ++++++++++++++------------- htdocs/public/members/public_card.php | 5 ++-- htdocs/public/members/public_list.php | 5 ++-- 4 files changed, 26 insertions(+), 23 deletions(-) diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php index 5ded0c16b5e..bb68f85ea16 100644 --- a/htdocs/comm/mailing/card.php +++ b/htdocs/comm/mailing/card.php @@ -244,7 +244,7 @@ if (empty($reshook)) $substitutionarray['__SECUREKEYPAYMENT_CONTRACTLINE__']=dol_hash($conf->global->PAYMENT_SECURITY_TOKEN . 'contractline' . $obj->source_id, 2); } } - /* For backward compatibility */ + /* For backward compatibility, deprecated */ if (! empty($conf->paypal->enabled) && ! empty($conf->global->PAYPAL_SECURITY_TOKEN)) { $substitutionarray['__SECUREKEYPAYPAL__']=dol_hash($conf->global->PAYPAL_SECURITY_TOKEN, 2); diff --git a/htdocs/public/members/new.php b/htdocs/public/members/new.php index b6d87ce9ac2..b92e84b8352 100644 --- a/htdocs/public/members/new.php +++ b/htdocs/public/members/new.php @@ -35,8 +35,9 @@ * MEMBER_NEWFORM_FORCECOUNTRYCODE Force country */ -define("NOLOGIN",1); // This means this output page does not require to be logged. -define("NOCSRFCHECK",1); // We accept to go on this page from external web site. +if (! defined('NOLOGIN')) define("NOLOGIN",1); // This means this output page does not require to be logged. +if (! defined('NOCSRFCHECK')) define("NOCSRFCHECK",1); // We accept to go on this page from external web site. +if (! defined('NOIPCHECK')) define('NOIPCHECK','1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php @@ -356,7 +357,7 @@ if ($action == 'add') if ($conf->global->MEMBER_NEWFORM_PAYONLINE == 'all') { $urlback=DOL_MAIN_URL_ROOT.'/public/payment/newpayment.php?from=membernewform&source=membersubscription&ref='.urlencode($adh->ref); - if (price2num(GETPOST('amount'))) $urlback.='&amount='.price2num(GETPOST('amount')); + if (price2num(GETPOST('amount','alpha'))) $urlback.='&amount='.price2num(GETPOST('amount','alpha')); if (GETPOST('email')) $urlback.='&email='.urlencode(GETPOST('email')); if (! empty($conf->global->PAYMENT_SECURITY_TOKEN)) { @@ -373,51 +374,51 @@ if ($action == 'add') else if ($conf->global->MEMBER_NEWFORM_PAYONLINE == 'paybox') { $urlback=DOL_MAIN_URL_ROOT.'/public/paybox/newpayment.php?from=membernewform&source=membersubscription&ref='.urlencode($adh->ref); - if (price2num(GETPOST('amount'))) $urlback.='&amount='.price2num(GETPOST('amount')); + if (price2num(GETPOST('amount','alpha'))) $urlback.='&amount='.price2num(GETPOST('amount','alpha')); if (GETPOST('email')) $urlback.='&email='.urlencode(GETPOST('email')); - if (! empty($conf->global->PAYBOX_SECURITY_TOKEN)) + if (! empty($conf->global->PAYMENT_SECURITY_TOKEN)) { - if (! empty($conf->global->PAYBOX_SECURITY_TOKEN_UNIQUE)) + if (! empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) { - $urlback.='&securekey='.urlencode(dol_hash($conf->global->PAYBOX_SECURITY_TOKEN . 'membersubscription' . $adh->ref, 2)); + $urlback.='&securekey='.urlencode(dol_hash($conf->global->PAYMENT_SECURITY_TOKEN . 'membersubscription' . $adh->ref, 2)); } else { - $urlback.='&securekey='.urlencode($conf->global->PAYBOX_SECURITY_TOKEN); + $urlback.='&securekey='.urlencode($conf->global->PAYMENT_SECURITY_TOKEN); } } } else if ($conf->global->MEMBER_NEWFORM_PAYONLINE == 'paypal') { $urlback=DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?from=membernewform&source=membersubscription&ref='.urlencode($adh->ref); - if (price2num(GETPOST('amount'))) $urlback.='&amount='.price2num(GETPOST('amount')); + if (price2num(GETPOST('amount','alpha'))) $urlback.='&amount='.price2num(GETPOST('amount','alpha')); if (GETPOST('email')) $urlback.='&email='.urlencode(GETPOST('email')); - if (! empty($conf->global->PAYPAL_SECURITY_TOKEN)) + if (! empty($conf->global->PAYMENT_SECURITY_TOKEN)) { - if (! empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) + if (! empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) { - $urlback.='&securekey='.urlencode(dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'membersubscription' . $adh->ref, 2)); + $urlback.='&securekey='.urlencode(dol_hash($conf->global->PAYMENT_SECURITY_TOKEN . 'membersubscription' . $adh->ref, 2)); } else { - $urlback.='&securekey='.urlencode($conf->global->PAYPAL_SECURITY_TOKEN); + $urlback.='&securekey='.urlencode($conf->global->PAYMENT_SECURITY_TOKEN); } } } else if ($conf->global->MEMBER_NEWFORM_PAYONLINE == 'stripe') { $urlback=DOL_MAIN_URL_ROOT.'/public/stripe/newpayment.php?from=membernewform&source=membersubscription&ref='.$adh->ref; - if (price2num(GETPOST('amount'))) $urlback.='&amount='.price2num(GETPOST('amount')); + if (price2num(GETPOST('amount','alpha'))) $urlback.='&amount='.price2num(GETPOST('amount','alpha')); if (GETPOST('email')) $urlback.='&email='.urlencode(GETPOST('email')); - if (! empty($conf->global->STRIPE_SECURITY_TOKEN)) + if (! empty($conf->global->PAYMENT_SECURITY_TOKEN)) { - if (! empty($conf->global->STRIPE_SECURITY_TOKEN_UNIQUE)) + if (! empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) { - $urlback.='&securekey='.urlencode(dol_hash($conf->global->STRIPE_SECURITY_TOKEN . 'membersubscription' . $adh->ref, 2)); + $urlback.='&securekey='.urlencode(dol_hash($conf->global->PAYMENT_SECURITY_TOKEN . 'membersubscription' . $adh->ref, 2)); } else { - $urlback.='&securekey='.urlencode($conf->global->STRIPE_SECURITY_TOKEN); + $urlback.='&securekey='.urlencode($conf->global->PAYMENT_SECURITY_TOKEN); } } } diff --git a/htdocs/public/members/public_card.php b/htdocs/public/members/public_card.php index f3027eb0149..5dee0eb49a3 100644 --- a/htdocs/public/members/public_card.php +++ b/htdocs/public/members/public_card.php @@ -24,8 +24,9 @@ * \brief File to show a public card of a member */ -define("NOLOGIN",1); // This means this output page does not require to be logged. -define("NOCSRFCHECK",1); // We accept to go on this page from external web site. +if (! defined('NOLOGIN')) define("NOLOGIN",1); // This means this output page does not require to be logged. +if (! defined('NOCSRFCHECK')) define("NOCSRFCHECK",1); // We accept to go on this page from external web site. +if (! defined('NOIPCHECK')) define('NOIPCHECK','1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php diff --git a/htdocs/public/members/public_list.php b/htdocs/public/members/public_list.php index b3438e8be02..1f9a4406028 100644 --- a/htdocs/public/members/public_list.php +++ b/htdocs/public/members/public_list.php @@ -24,8 +24,9 @@ * \brief File sample to list members */ -define("NOLOGIN",1); // This means this output page does not require to be logged. -define("NOCSRFCHECK",1); // We accept to go on this page from external web site. +if (! defined('NOLOGIN')) define("NOLOGIN",1); // This means this output page does not require to be logged. +if (! defined('NOCSRFCHECK')) define("NOCSRFCHECK",1); // We accept to go on this page from external web site. +if (! defined('NOIPCHECK')) define('NOIPCHECK','1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php From b84baece3c980e5a0008f24c851eb715b38ff476 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 12 May 2018 11:32:00 +0200 Subject: [PATCH 3/4] Code comment --- htdocs/modulebuilder/template/myobject_card.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index 5b2a1213c0f..48a039e4edf 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -31,11 +31,11 @@ //if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). //if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) //if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK','1'); // Do not check style html tag into posted data -//if (! defined('NOIPCHECK')) define('NOIPCHECK','1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no need to load and show top and left menu //if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); // If we don't need to load the html.form.class.php //if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN",'1'); // If this page is public (can be called outside logged session) +//if (! defined("NOLOGIN")) define("NOLOGIN",'1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. +//if (! defined('NOIPCHECK')) define('NOIPCHECK','1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT','auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE','aloginmodule'); // Force authentication handler //if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN',1); // The main.inc.php does not make a redirect if not logged, instead show simple error message From 53b5733fb4a515f97ded7c7d5267856e2290cc83 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 12 May 2018 13:40:53 +0200 Subject: [PATCH 4/4] Fix test --- htdocs/core/class/html.form.class.php | 4 ++-- htdocs/public/test/test_forms.php | 9 +++++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index fa606639bcc..9cba6ed839e 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -4775,7 +4775,7 @@ class Form * - local date in user area, if set_time is '' (so if set_time is '', output may differs when done from two different location) * - Empty (fields empty), if set_time is -1 (in this case, parameter empty must also have value 1) * - * @param timestamp $set_time Pre-selected date (must be a local PHP server timestamp), -1 to keep date not preselected, '' to use current date (emptydate must be 0). + * @param timestamp $set_time Pre-selected date (must be a local PHP server timestamp), -1 to keep date not preselected, '' to use current date with 00:00 hour (Parameter 'empty' must be 0 or 2). * @param string $prefix Prefix for fields name * @param int $h 1 or 2=Show also hours (2=hours on a new line), -1 has same effect but hour and minutes are prefilled with 23:59 if date is empty, 3 show hour always empty * @param int $m 1=Show also minutes, -1 has same effect but hour and minutes are prefilled with 23:59 if date is empty, 3 show minutes always empty @@ -4813,7 +4813,7 @@ class Form } // Analysis of the pre-selection date - if (preg_match('/^([0-9]+)\-([0-9]+)\-([0-9]+)\s?([0-9]+)?:?([0-9]+)?/',$set_time,$reg)) + if (preg_match('/^([0-9]+)\-([0-9]+)\-([0-9]+)\s?([0-9]+)?:?([0-9]+)?/',$set_time,$reg)) // deprecated usage { // Date format 'YYYY-MM-DD' or 'YYYY-MM-DD HH:MM:SS' $syear = (! empty($reg[1])?$reg[1]:''); diff --git a/htdocs/public/test/test_forms.php b/htdocs/public/test/test_forms.php index a53f812611a..0250bb2c39f 100644 --- a/htdocs/public/test/test_forms.php +++ b/htdocs/public/test/test_forms.php @@ -28,11 +28,16 @@ This page is a sample of page using Dolibarr HTML widget methods. It is designed $form=new Form($db); // Test1: form->select_date using tzuser date -print "Test 1: We must have here current hour for user (must match hour on browser). Note: Check your are logged so user TZ and DST are known."; +print "Test 1a: We must have here current date and hour for user (must match hour on browser). Note: Check your are logged so user TZ and DST are known."; $offsettz=(empty($_SESSION['dol_tz'])?0:$_SESSION['dol_tz'])*60*60; $offsetdst=(empty($_SESSION['dol_dst'])?0:$_SESSION['dol_dst'])*60*60; print " (dol_tz=".$offsettz." dol_dst=".$dol_dst.")
\n"; -$form->select_date('', 'test1', 1, 1, 0); +$form->select_date(dol_now(), 'test1a', 1, 1, 0); + +print '

'."\n"; + +print "Test 1b: We must have here current date with hours to 00:00.
"; +$form->select_date('', 'test1b', 1, 1, 0); print '

'."\n";