Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Debug v16

Browse Source
This commit is contained in:
Laurent Destailleur 2022-07-25 13:12:08 +02:00
parent 41bb01339a
commit d307e5b022
3 changed files with 48 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
htdocs/ftp/admin/ftpclient.php
View File

@ -1,5 +1,5 @@
<?php
/* Copyright (C) 2004-2016 Laurent Destailleur <eldy@users.sourceforge.net>
/* Copyright (C) 2004-2022 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
@ -27,17 +27,17 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
$langs->loadLangs(array("admin", "other"));
// Security check
if (!$user->admin) {
accessforbidden();
}
$def = array();
$lastftpentry = 0;
$action = GETPOST('action', 'aZ09');
$entry = GETPOST('numero_entry', 'alpha');
// Security check
if (!$user->admin) {
accessforbidden();
}
/*
* Action
@ -49,8 +49,9 @@ $sql .= " WHERE name like 'FTP_SERVER_%'";
$result = $db->query($sql);
if ($result) {
$obj = $db->fetch_object($result);
$reg = array();
preg_match('/([0-9]+)$/i', $obj->name, $reg);
if ($reg[1]) {
if (!empty($reg[1])) {
$lastftpentry = $reg[1];
}
} else {
@ -63,12 +64,12 @@ if ($action == 'add' || GETPOST('modify', 'alpha')) {
$error = 0;
if (!GETPOST("$ftp_name", 'alpha')) {
if (!GETPOST($ftp_name, 'alpha')) {
$error = 1;
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Label")), null, 'errors');
}
if (!GETPOST("$ftp_server", 'alpha')) {
if (!GETPOST($ftp_server, 'alpha')) {
$error = 1;
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Server")), null, 'errors');
}
@ -170,37 +171,37 @@ if (!function_exists('ftp_connect')) {
print '<td>'.$langs->trans("Example").'</td>';
print '</tr>';
print '<tr class="pair">';
print '<tr class="oddeven">';
print '<td>'.$langs->trans("Label").'</td>';
print '<td><input type="text" name="FTP_NAME_'.($lastftpentry + 1).'" value="'.GETPOST("FTP_NAME_".($lastftpentry + 1)).'" size="64"></td>';
print '<td>My FTP access</td>';
print '</tr>';
print '<tr class="impair">';
print '<tr class="oddeven">';
print '<td>'.$langs->trans("Server").'</td>';
print '<td><input type="text" name="FTP_SERVER_'.($lastftpentry + 1).'" value="'.GETPOST("FTP_SERVER_".($lastftpentry + 1)).'" size="64"></td>';
print '<td>localhost</td>';
print '</tr>';
print '<tr class="pair">';
print '<tr class="oddeven">';
print '<td width="100">'.$langs->trans("Port").'</td>';
print '<td><input type="text" name="FTP_PORT_'.($lastftpentry + 1).'" value="'.GETPOST("FTP_PORT_".($lastftpentry + 1)).'" size="64"></td>';
print '<td>21 for pure non crypted FTP or if option FTP_CONNECT_WITH_SSL (See Home-Setup-Other) is on (FTPS)<br>22 if option FTP_CONNECT_WITH_SFTP (See Home-Setup-Other) is on (SFTP)</td>';
print '</tr>';
print '<tr class="impair">';
print '<tr class="oddeven">';
print '<td>'.$langs->trans("User").'</td>';
print '<td><input type="text" name="FTP_USER_'.($lastftpentry + 1).'" value="'.GETPOST("FTP_USER_".($lastftpentry + 1)).'" class="minwidth175"></td>';
print '<td>myftplogin</td>';
print '</tr>';
print '<tr class="pair">';
print '<tr class="oddeven">';
print '<td>'.$langs->trans("Password").'</td>';
print '<td><input type="password" name="FTP_PASSWORD_'.($lastftpentry + 1).'" value="'.GETPOST("FTP_PASSWORD_".($lastftpentry + 1)).'" class="minwidth175"></td>';
print '<td>myftppassword</td>';
print '</tr>';
print '<tr class="impair">';
print '<tr class="oddeven">';
print '<td>'.$langs->trans("FTPPassiveMode").'</td>';
$defaultpassive = GETPOST("FTP_PASSIVE_".($lastftpentry + 1));
if (!GETPOSTISSET("FTP_PASSIVE_".($lastftpentry + 1))) {
@ -213,11 +214,13 @@ if (!function_exists('ftp_connect')) {
print '</table>';
?>
<br><div class="center"><input type="submit" class="button" value="<?php echo $langs->trans("Add") ?>"></div>
<div class="center">
<input type="submit" class="button" value="<?php echo $langs->trans("Add") ?>"></div>
<input type="hidden" name="action" value="add">
<input type="hidden" name="numero_entry" value="<?php echo ($lastftpentry + 1) ?>">
<?php
print '</form>';
print '<br>';
?>
<br>
@ -242,10 +245,12 @@ if (!function_exists('ftp_connect')) {
$idrss = $reg[0];
//print "x".join(',',$reg)."=".$obj->name."=".$idrss;
print "<form name=\"externalrssconfig\" action=\"".$_SERVER["PHP_SELF"]."\" method=\"post\">";
print '<br>';
print '<form name="externalrssconfig" action="'.$_SERVER["PHP_SELF"].'" method="post">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="numero_entry" value="'.$idrss.'">';
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">'."\n";
print '<tr class="liste_titre">';
@ -262,51 +267,50 @@ if (!function_exists('ftp_connect')) {
print '<tr class="oddeven">';
print "<td>".$langs->trans("Name")."</td>";
print "<td><input type=\"text\" class=\"flat\" name=\"FTP_NAME_".$idrss."\" value=\"".$conf->global->$keyforname."\" size=\"64\"></td>";
print "<td><input type=\"text\" class=\"flat\" name=\"FTP_NAME_".$idrss."\" value=\"".getDolGlobalString($keyforname)."\" size=\"64\"></td>";
print "</tr>";
print '<tr class="oddeven">';
print "<td>".$langs->trans("Server")."</td>";
print "<td><input type=\"text\" class=\"flat\" name=\"FTP_SERVER_".$idrss."\" value=\"".$conf->global->$keyforserver."\" size=\"64\"></td>";
print "<td><input type=\"text\" class=\"flat\" name=\"FTP_SERVER_".$idrss."\" value=\"".getDolGlobalString($keyforserver)."\" size=\"64\"></td>";
print "</tr>";
print '<tr class="oddeven">';
print "<td width=\"100\">".$langs->trans("Port")."</td>";
print "<td><input type=\"text\" class=\"flat\" name=\"FTP_PORT_".$idrss."\" value=\"".$conf->global->$keyforport."\" size=\"64\"></td>";
print "<td><input type=\"text\" class=\"flat\" name=\"FTP_PORT_".$idrss."\" value=\"".getDolGlobalString($keyforport)."\" size=\"64\"></td>";
print "</tr>";
print '<tr class="oddeven">';
print "<td width=\"100\">".$langs->trans("User")."</td>";
print "<td><input type=\"text\" class=\"flat\" name=\"FTP_USER_".$idrss."\" value=\"".$conf->global->$keyforuser."\" size=\"24\"></td>";
print "<td><input type=\"text\" class=\"flat\" name=\"FTP_USER_".$idrss."\" value=\"".getDolGlobalString($keyforuser)."\" size=\"24\"></td>";
print "</tr>";
print '<tr class="oddeven">';
print "<td width=\"100\">".$langs->trans("Password")."</td>";
print "<td><input type=\"password\" class=\"flat\" name=\"FTP_PASSWORD_".$idrss."\" value=\"".$conf->global->$keyforpassword."\" size=\"24\"></td>";
print "<td><input type=\"password\" class=\"flat\" name=\"FTP_PASSWORD_".$idrss."\" value=\"".getDolGlobalString($keyforpassword)."\" size=\"24\"></td>";
print "</tr>";
print '<tr class="oddeven">';
print "<td width=\"100\">".$langs->trans("FTPPassiveMode")."</td>";
print '<td>'.$form->selectyesno('FTP_PASSIVE_'.$idrss, $conf->global->$keyforpassive, 1).'</td>';
print "</tr>";
print "<tr>";
print "<td colspan=\"2\" class=\"center\">";
print "<input type=\"submit\" class=\"button\" name=\"modify\" value=\"".$langs->trans("Modify")."\">";
print " &nbsp; ";
print "<input type=\"submit\" class=\"button\" name=\"delete\" value=\"".$langs->trans("Delete")."\">";
print "</td>";
print '<td>'.$form->selectyesno('FTP_PASSIVE_'.$idrss, getDolGlobalString($keyforpassive), 1).'</td>';
print "</tr>";
print '</table>';
print '</div>';
print '<div class="center">';
print '<input type="submit" class="button" name="modify" value="'.$langs->trans("Modify").'">';
print " &nbsp; ";
print '<input type="submit" class="button" name="delete" value="'.$langs->trans("Delete").'">';
print '</center>';
print "</form>";
print '<br>';
print '<br><br>';
$i++;
}

19
htdocs/ftp/index.php
View File

@ -74,14 +74,15 @@ $s_ftp_port = 'FTP_PORT_'.$numero_ftp;
$s_ftp_user = 'FTP_USER_'.$numero_ftp;
$s_ftp_password = 'FTP_PASSWORD_'.$numero_ftp;
$s_ftp_passive = 'FTP_PASSIVE_'.$numero_ftp;
$ftp_name = $conf->global->$s_ftp_name;
$ftp_server = $conf->global->$s_ftp_server;
$ftp_port = $conf->global->$s_ftp_port; if (empty($ftp_port)) {
$ftp_name = getDolGlobalString($s_ftp_name);
$ftp_server = getDolGlobalString($s_ftp_server);
$ftp_port = getDolGlobalString($s_ftp_port);
if (empty($ftp_port)) {
$ftp_port = 21;
}
$ftp_user = $conf->global->$s_ftp_user;
$ftp_password = $conf->global->$s_ftp_password;
$ftp_passive = $conf->global->$s_ftp_passive;
$ftp_user = getDolGlobalString($s_ftp_user);
$ftp_password = getDolGlobalString($s_ftp_password);
$ftp_passive = getDolGlobalString($s_ftp_passive);
// For result on connection
$ok = 0;
@ -696,7 +697,9 @@ function dol_ftp_connect($ftp_server, $ftp_port, $ftp_user, $ftp_password, $sect
global $langs, $conf;
$ok = 1;
$error = 0;
$conn_id = null;
$newsectioniso = '';
$mesg="";
if (!is_numeric($ftp_port)) {
@ -707,7 +710,7 @@ function dol_ftp_connect($ftp_server, $ftp_port, $ftp_user, $ftp_password, $sect
if ($ok) {
$connecttimeout = (empty($conf->global->FTP_CONNECT_TIMEOUT) ? 40 : $conf->global->FTP_CONNECT_TIMEOUT);
if (!empty($conf->global->FTP_CONNECT_WITH_SFTP)) {
dol_syslog('Try to connect with ssh2_ftp');
dol_syslog('Try to connect with ssh2_connect');
$tmp_conn_id = ssh2_connect($ftp_server, $ftp_port);
} elseif (!empty($conf->global->FTP_CONNECT_WITH_SSL)) {
dol_syslog('Try to connect with ftp_ssl_connect');
@ -716,7 +719,7 @@ function dol_ftp_connect($ftp_server, $ftp_port, $ftp_user, $ftp_password, $sect
dol_syslog('Try to connect with ftp_connect');
$conn_id = ftp_connect($ftp_server, $ftp_port, $connecttimeout);
}
if ($conn_id || $tmp_conn_id) {
if (!empty($conn_id) || !empty($tmp_conn_id)) {
if ($ftp_user) {
if (!empty($conf->global->FTP_CONNECT_WITH_SFTP)) {
dol_syslog('Try to authenticate with ssh2_auth_password');

2
htdocs/main.inc.php
View File

@ -573,7 +573,7 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt(
$sessiontokenforthisurl = (empty($_SESSION['token']) ? '' : $_SESSION['token']);
// TODO Get the sessiontokenforthisurl into an array of session token (one array per base URL so we can use the CSRF per page and we keep ability for several tabs per url in a browser)
if (GETPOSTISSET('token') && GETPOST('token') != 'notrequired' && GETPOST('token', 'alpha') != $sessiontokenforthisurl) {
dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (invalid token), so we disable POST and some GET parameters - referer=".$_SERVER['HTTP_REFERER'].", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha'), LOG_WARNING);
dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (invalid token), so we disable POST and some GET parameters - referer=".(empty($_SERVER['HTTP_REFERER'])?'':$_SERVER['HTTP_REFERER']).", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha'), LOG_WARNING);
//dol_syslog("_SESSION['token']=".$sessiontokenforthisurl, LOG_DEBUG);
// Do not output anything on standard output because this create problems when using the BACK button on browsers. So we just set a message into session.
setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings');