Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity
142,956 Commits 35 Branches 179 Tags 1.7 GiB
develop
Commit Graph

201 Commits

Author SHA1 Message Date
Laurent Destailleur
3e1d5b1748 Fix for MAIN_RESTRICTHTML_ONLY_VALID_HTML 2023-11-29 23:17:22 +01:00
Laurent Destailleur
d809825c21 Fix phpunit 2023-11-29 22:02:10 +01:00
Laurent Destailleur
0d61ee74c7 Fix phpunit 2023-11-29 20:32:03 +01:00
Laurent Destailleur
43f9210ab4 SEC: Add option MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY 2023-11-29 20:19:21 +01:00
Laurent Destailleur
4ecab54c28 Fix phpunit 2023-11-14 12:02:09 +01:00
Laurent Destailleur
b2ae9ea888 Fix warnings 2023-09-10 15:23:32 +02:00
Laurent Destailleur
bc71380410 Fix sql errors 2023-09-09 21:16:58 +02:00
Laurent Destailleur
33288ee66a Try to fix phpunit on dol_eval 2023-09-08 19:10:44 +02:00
Laurent Destailleur
c379420d86 Fix regression in dol_eval 2023-09-08 14:12:12 +02:00
Laurent Destailleur
e9787451a8 Disallow more use of parenthesis into dol_eval 2023-09-08 05:51:06 +02:00
Laurent Destailleur
310ef11dac FIX WAF 2023-08-13 15:45:45 +02:00
Laurent Destailleur
1c582aeb5f Merge branch '17.0' of git@github.com:Dolibarr/dolibarr.git into develop 2023-06-19 03:22:40 +02:00
Laurent Destailleur
7b84a6f49a FIX #24991 2023-06-19 03:17:24 +02:00
Laurent Destailleur
8d7e53a98c Clean code 2023-06-03 13:56:06 +02:00
Laurent Destailleur
f76405d01a Remove test output verbosity 2023-05-25 17:55:11 +02:00
Laurent Destailleur
5dae5b57a0 Merge branch 'develop' of git@github.com:Dolibarr/dolibarr.git into 
develop
 2023-05-17 12:27:46 +02:00
Alexandre Janniaux
df0adc391d FIX test/phpunit: add $name to __construct() 
Fix the following errors when running recent phpunit:

    Message:  Too few arguments to function PHPUnit\Framework\TestCase::__construct(), 0 passed in
    dolibarr/test/phpunit/DateLibTzFranceTest.php on line 63 and exactly
    1 expected Location: phar:///usr/share/webapps/bin/phpunit.phar/phpunit/Framework/TestCase.php:265

Indeed, the old constructor had an optional $name='' parameter but the
new constructor reads like this:

    public function __construct(string $name)

and the parameter is now mandatory.
 2023-05-08 16:29:31 +02:00
Laurent Destailleur
e51d0beefa Merge commit '13aeb4542924b7112c56ca7e0fe30b5174eb9adb' into develop 2023-04-25 15:43:18 +02:00
Laurent Destailleur
13aeb45429 Fix missing par $check 2023-04-25 15:31:14 +02:00
Laurent Destailleur
57371302be FIx #yogosha13798 2022-12-05 15:05:40 +01:00
Laurent Destailleur
5cfe40a4bc FIX Can use the WAF of HTML content (dol_htmlwithnojs) for output too 2022-11-28 18:42:59 +01:00
Laurent Destailleur
ba4e5ef245 Enhance phpunit 2022-11-28 16:54:34 +01:00
Laurent Destailleur
6c17c2f044 Test travis php7.1 2022-09-21 17:55:04 +02:00
Laurent Destailleur
c4a24197a7 Add phpunit for MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT 2022-08-10 23:03:42 +02:00
Laurent Destailleur
9b58b61d60 Enhance MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES #yogosha12008 2022-08-10 20:19:43 +02:00
Laurent Destailleur
046fa77a5a Merge branch '15.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/comm/propal/card.php
 2022-06-29 16:46:27 +02:00
Laurent Destailleur
cbaa8b4304 FIX False alert of WAF when there is "set" into some URL action=update. 2022-06-29 16:40:19 +02:00
Laurent Destailleur
cffec01451 Merge branch '15.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/core/lib/functions.lib.php
	test/phpunit/SecurityTest.php
 2022-05-09 22:04:36 +02:00
Laurent Destailleur
ef18456724 Fix regression in dol_eval 2022-05-09 21:56:21 +02:00
Laurent Destailleur
7e34ce7245 Merge branch '15.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/main.inc.php
 2022-04-02 15:39:15 +02:00
Laurent Destailleur
9c00115abe FIX #yogosha9754 2022-04-02 14:32:53 +02:00
Laurent Destailleur
c2a088c5ff Fix regression in phpunit 2022-03-26 12:34:52 +01:00
Laurent Destailleur
8655592aea Fix bad merge 2022-03-03 09:51:12 +01:00
Laurent Destailleur
4f17f45e99 Merge branch '15.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	test/phpunit/SecurityTest.php
 2022-03-03 02:17:53 +01:00
Laurent Destailleur
246474b39b Fix phpunit 2022-03-03 02:15:52 +01:00
Laurent Destailleur
0fed4dae13 Merge branch '15.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/core/lib/functions.lib.php
 2022-03-03 01:59:31 +01:00
Laurent Destailleur
3c3d6ab0da Fix regression. Add unit test to detect it. 2022-03-03 01:17:44 +01:00
Laurent Destailleur
72965fdb2e # WARNING: head commit changed in the meantime 
Merge branch '15.0' of git@github.com:Dolibarr/dolibarr.git into develop
 2022-03-01 19:13:28 +01:00
Laurent Destailleur
3e1580475c Fix phpunit 2022-03-01 19:05:33 +01:00
Laurent Destailleur
20a3a429ed Merge branch '15.0' of git@github.com:Dolibarr/dolibarr.git into develop 2022-03-01 18:22:39 +01:00
Laurent Destailleur
2e38caa950 phpunit 2022-03-01 18:22:09 +01:00
Laurent Destailleur
12b2a10865 Merge branch '15.0' of git@github.com:Dolibarr/dolibarr.git into develop 2022-03-01 18:15:13 +01:00
Laurent Destailleur
883f13b388 Fix regression verifCond 2022-03-01 18:14:24 +01:00
Laurent Destailleur
358f21f06e Merge branch '15.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/core/class/html.formother.class.php
	htdocs/core/customreports.php
 2022-03-01 16:48:29 +01:00
Laurent Destailleur
2a48dd349e Fix #hunterb03d4415-d4f9-48c8-9ae2-d3aa248027b5 2022-03-01 16:38:06 +01:00
Laurent Destailleur
e96061dd18 Fix phpunit SecurityTest 2022-02-22 23:46:57 +01:00
Laurent Destailleur
ef70777cf1 Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into 15.0 
Conflicts:
	htdocs/reception/card.php
 2022-01-28 15:57:09 +01:00
Laurent Destailleur
42f252b636 Add one more test 2022-01-26 12:39:41 +01:00
Laurent Destailleur
db903ad64d Fix #yogosha8457 2022-01-19 16:40:48 +01:00
Laurent Destailleur
654cd8bd1c Fix for dol_string_onlythesehtmlattributes() 2021-12-17 12:01:25 +01:00
Laurent Destailleur
a298a845f1 Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/accountancy/bookkeeping/list.php
	htdocs/core/actions_massactions.inc.php
	htdocs/core/lib/functions.lib.php
	htdocs/core/lib/memory.lib.php
	htdocs/langs/en_US/holiday.lang
	htdocs/ticket/card.php
 2021-11-30 16:24:18 +01:00
Laurent Destailleur
72493a5663 Fix typo 2021-11-27 15:13:36 +01:00
Laurent Destailleur
4f2cd2ba18 FIx #19227 2021-10-31 15:59:03 +01:00
Laurent Destailleur
d46dfd017a FIX #yogosha6944 Protection against traversal path. 2021-08-23 16:00:03 +02:00
Laurent Destailleur
b3043ab3d6 Fix phpunit 2021-08-22 01:20:25 +02:00
Laurent Destailleur
3dff7e29cc Fix #yogosha6567 2021-07-06 01:44:05 +02:00
Laurent Destailleur
0dfa7bdbcc Add option MAIN_RESTRICTHTML_ONLY_VALID_HTML 2021-07-06 00:47:43 +02:00
Laurent Destailleur
df1d1209f4 Fix phpunit 2021-07-05 22:57:27 +02:00
Laurent Destailleur
f8eadf6fe1 Fix #yogosha6561 2021-07-05 22:42:48 +02:00
Laurent Destailleur
f648185839 Fix phpcs 2021-07-05 17:34:25 +02:00
Laurent Destailleur
8b07e99e05 Fix for ' inserted by CKEditor instead of ' 2021-07-05 16:08:47 +02:00
Laurent Destailleur
796b2d201a Enhance the sanitizing. 2021-06-29 18:17:27 +02:00
Laurent Destailleur
46ae7180f8 Fix phpunit. Refused @@ char in sql. 2021-06-25 10:47:31 +02:00
Laurent Destailleur
f1c94ac659 NEW Reduce scope of dol_eval function. 2021-06-09 17:44:42 +02:00
Laurent Destailleur
c375668ab6 Clean code 2021-06-09 12:41:53 +02:00
Laurent Destailleur
fbe491c4da FIX CWE-79 huntr 2021-05-21 12:17:56 +02:00
Laurent Destailleur
ba0e95a4ff FIX huntr CWE-79 2021-05-17 23:47:16 +02:00
Laurent Destailleur
2578eb276c Fix phpunit 2021-04-19 20:25:22 +02:00
Laurent Destailleur
757a186b3c Fix phpunit 2021-03-29 23:43:07 +02:00
Laurent Destailleur
4cacca413e FIX #yogosha5757 2021-03-29 14:43:40 +02:00
Laurent Destailleur
35869f1449 Add function dol_string_onlythesehtmlattributes() and option 
MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES to enable it.
 2021-03-17 21:39:28 +01:00
Laurent Destailleur
ded3beee71 Disallow use of &# into dol_sanitizeUrl() 2021-03-14 20:37:59 +01:00
Laurent Destailleur
9aa8916a9c Disallow use of &# into dol_sanitizeUrl() 2021-03-14 20:35:55 +01:00
Laurent Destailleur
45579edd43 Enhance WAF and dol_sanitizeUrl 2021-03-14 18:57:18 +01:00
Laurent Destailleur
4965ce8768 Fix method to sanitize an URL 2021-03-14 16:14:24 +01:00
Laurent Destailleur
74a61d559f FIX sanitizing with GETPOST(alphanohtml) #yogosha5629 2021-03-14 15:39:59 +01:00
Laurent Destailleur
72766c830d FIX #Yogosha5631 2021-03-14 15:06:40 +01:00
Laurent Destailleur
95006ec94c Fix sanitizing backtopage 2021-03-14 12:58:37 +01:00
Laurent Destailleur
0a542ad9f9 Fix redirect to external website. Bad sanitizing of backtopage parameter 2021-03-14 11:38:42 +01:00
Laurent Destailleur
ff2f93815f Fix backtourl 2021-03-13 12:33:26 +01:00
Frédéric FRANCE
1b046f25cf
add new rule 2021-03-01 00:19:52 +01:00
Laurent Destailleur
f5406d487b Merge branch '13.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/compta/facture/card.php
	htdocs/core/class/html.formmail.class.php
	htdocs/core/lib/product.lib.php
	htdocs/product/stock/productlot_card.php
	test/phpunit/SecurityTest.php
 2021-02-26 12:53:06 +01:00
Laurent Destailleur
b7e2c7d87a FIX #16393 Do not sanitize <!DOCTYPE html> 2021-02-23 12:58:43 +01:00
Laurent Destailleur
21a9a69ba1 Merge branch '13.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	test/phpunit/SecurityTest.php
 2021-02-04 23:38:42 +01:00
Laurent Destailleur
4a2f26415e Fix GETPOST accept < if followed with a number 2021-02-04 23:36:41 +01:00
Laurent Destailleur
d7bf173f0d Merge branch '13.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	ChangeLog
	htdocs/core/lib/functions.lib.php
	test/phpunit/SecurityTest.php
 2021-01-26 12:12:35 +01:00
Laurent Destailleur
13378897a8 FIX Report by Ricardo Matias 
Conflicts:
	test/phpunit/SecurityTest.php
 2021-01-25 22:52:30 +01:00
Laurent Destailleur
6a12de741f FIX Report by Ricardo Matias 2021-01-25 22:46:09 +01:00
Frédéric FRANCE
177b87da0d
Merge remote-tracking branch 'upstream/develop' into codesyntax 2021-01-16 17:58:01 +01:00
Laurent Destailleur
2cecd449cf Fix phpcs 2021-01-16 16:41:59 +01:00
Laurent Destailleur
16333b911a Fix phpunit 2021-01-16 15:57:30 +01:00
Laurent Destailleur
4aaf10b4b6 Fix phpunit 2021-01-16 14:25:59 +01:00
Frédéric FRANCE
7e55a71db0
Merge remote-tracking branch 'upstream/develop' into codesyntax 2021-01-14 15:16:27 +01:00
Frédéric FRANCE
b1a1cd4be6
code syntax 2021-01-14 15:09:08 +01:00
Laurent Destailleur
958b255822 Fix #15949 by introducing 'alphawithlgt' as GETPOST possible param. 2021-01-12 21:06:02 +01:00
Laurent Destailleur
ca11ea9839 Fix phpunit 
Signed-off-by: Laurent Destailleur <eldy@destailleur.fr>
 2021-01-06 20:47:57 +01:00
Laurent Destailleur
1f6f434a9c Merge branch '12.0' of git@github.com:Dolibarr/dolibarr.git into develop 
Conflicts:
	htdocs/admin/tools/export_files.php
	test/phpunit/SecurityTest.php
 2020-12-11 15:56:19 +01:00
Laurent Destailleur
4fcd3fe493 Fix disallow -- string into filename for security purpose. Vulnerability 
reported by Yılmaz Değirmenci
 2020-12-11 15:12:42 +01:00
Laurent Destailleur
de61a7cfd3 Fix cleaning html tags with trans and with GETPOST. 2020-12-06 17:30:27 +01:00
Laurent Destailleur
34679c3bc1 Fix warning in phpunit 2020-12-04 13:22:47 +01:00