From 6d749046a16b340cb0898be83b7d3a47b4ece148 Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Thu, 16 Nov 2023 14:56:09 +0100 Subject: [PATCH 1/5] Fix SQL migration 18-19 (#26626) --- htdocs/install/mysql/migration/18.0.0-19.0.0.sql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/install/mysql/migration/18.0.0-19.0.0.sql b/htdocs/install/mysql/migration/18.0.0-19.0.0.sql index f52557edc86bc..c44fddf9eea67 100644 --- a/htdocs/install/mysql/migration/18.0.0-19.0.0.sql +++ b/htdocs/install/mysql/migration/18.0.0-19.0.0.sql @@ -192,7 +192,7 @@ CREATE TABLE llx_mrp_production_extrafields ALTER TABLE llx_mrp_production_extrafields ADD INDEX idx_mrp_production_fk_object(fk_object); -ALTER TABLE llx_salary ADD COLUM ref_ext varchar(255); -ALTER TABLE llx_salary ADD COLUM note_public text; +ALTER TABLE llx_salary ADD COLUMN ref_ext varchar(255); +ALTER TABLE llx_salary ADD COLUMN note_public text; ALTER TABLE llx_commande_fournisseur_dispatch ADD COLUMN element_type varchar(50) DEFAULT 'supplier_order' NOT NULL; From 13f2ae60ef98db33945b693ed62e3e380cbd2507 Mon Sep 17 00:00:00 2001 From: Pascal Hubrecht Date: Thu, 16 Nov 2023 15:00:42 +0100 Subject: [PATCH 2/5] fix duplicate index in llx_expensereport (#26614) --- htdocs/install/mysql/migration/18.0.0-19.0.0.sql | 2 ++ htdocs/install/mysql/tables/llx_expensereport.key.sql | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/install/mysql/migration/18.0.0-19.0.0.sql b/htdocs/install/mysql/migration/18.0.0-19.0.0.sql index c44fddf9eea67..e55631138bcdb 100644 --- a/htdocs/install/mysql/migration/18.0.0-19.0.0.sql +++ b/htdocs/install/mysql/migration/18.0.0-19.0.0.sql @@ -196,3 +196,5 @@ ALTER TABLE llx_salary ADD COLUMN ref_ext varchar(255); ALTER TABLE llx_salary ADD COLUMN note_public text; ALTER TABLE llx_commande_fournisseur_dispatch ADD COLUMN element_type varchar(50) DEFAULT 'supplier_order' NOT NULL; + +ALTER TABLE llx_expensereport DROP INDEX idx_expensereport_fk_refuse, ADD INDEX idx_expensereport_fk_refuse(fk_user_refuse); diff --git a/htdocs/install/mysql/tables/llx_expensereport.key.sql b/htdocs/install/mysql/tables/llx_expensereport.key.sql index cd88299708521..329bb9089ff95 100644 --- a/htdocs/install/mysql/tables/llx_expensereport.key.sql +++ b/htdocs/install/mysql/tables/llx_expensereport.key.sql @@ -27,7 +27,7 @@ ALTER TABLE llx_expensereport ADD INDEX idx_expensereport_fk_statut (fk_statut); ALTER TABLE llx_expensereport ADD INDEX idx_expensereport_fk_user_author (fk_user_author); ALTER TABLE llx_expensereport ADD INDEX idx_expensereport_fk_user_valid (fk_user_valid); ALTER TABLE llx_expensereport ADD INDEX idx_expensereport_fk_user_approve (fk_user_approve); -ALTER TABLE llx_expensereport ADD INDEX idx_expensereport_fk_refuse (fk_user_approve); +ALTER TABLE llx_expensereport ADD INDEX idx_expensereport_fk_refuse (fk_user_refuse); --ALTER TABLE llx_expensereport ADD CONSTRAINT fk_expensereport_fk_user_author FOREIGN KEY (fk_user_author) REFERENCES llx_user (rowid); --ALTER TABLE llx_expensereport ADD CONSTRAINT fk_expensereport_fk_user_valid FOREIGN KEY (fk_user_valid) REFERENCES llx_user (rowid); From 68d996b482c9b57954751e840479b32fd0c591cb Mon Sep 17 00:00:00 2001 From: Lucas Marcouiller <45882981+Hystepik@users.noreply.github.com> Date: Thu, 16 Nov 2023 15:01:46 +0100 Subject: [PATCH 3/5] fix some phpstan errors (#26608) Co-authored-by: Hystepik --- htdocs/core/class/commonobject.class.php | 2 +- .../modules/contract/doc/pdf_strato.modules.php | 2 ++ htdocs/core/triggers/dolibarrtriggers.class.php | 16 ++++++++++++++++ ...face_20_modWorkflow_WorkflowManager.class.php | 2 +- .../class/actions_datapolicy.class.php | 2 +- htdocs/hrm/position_card.php | 1 + 6 files changed, 22 insertions(+), 3 deletions(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 2bb9df4724e4f..d8ba9353af95d 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -10450,7 +10450,7 @@ public function deleteEcmFiles($mode = 0) $project_result = $this->fetch_projet(); if ($project_result >= 0) { - $element = 'projet/'.dol_sanitizeFileName($object->project->ref).'/'; + $element = 'projet/'.dol_sanitizeFileName($this->project->ref).'/'; } default: $element = $this->element; diff --git a/htdocs/core/modules/contract/doc/pdf_strato.modules.php b/htdocs/core/modules/contract/doc/pdf_strato.modules.php index 719f135cec828..1861def1283b2 100644 --- a/htdocs/core/modules/contract/doc/pdf_strato.modules.php +++ b/htdocs/core/modules/contract/doc/pdf_strato.modules.php @@ -590,6 +590,8 @@ protected function _pagehead(&$pdf, $object, $showaddress, $outputlangs, $output // phpcs:enable global $conf, $langs, $hookmanager; + $top_shift = $this->_pagehead($pdf, $object, 1, $outputlangs, (is_object($outputlangsbis) ? $outputlangsbis : null)); + $ltrdirection = 'L'; if ($outputlangs->trans("DIRECTION") == 'rtl') { $ltrdirection = 'R'; diff --git a/htdocs/core/triggers/dolibarrtriggers.class.php b/htdocs/core/triggers/dolibarrtriggers.class.php index 6690d2a2a40d1..d5da87dc1211b 100644 --- a/htdocs/core/triggers/dolibarrtriggers.class.php +++ b/htdocs/core/triggers/dolibarrtriggers.class.php @@ -143,6 +143,22 @@ public function getVersion() } } + /** + * setErrorsFromObject + * + * @param CommonObject $object commonobject + * @return void + */ + public function setErrorsFromObject($object) + { + if (!empty($object->error)) { + $this->errors = array_merge($this->errors, array($object->error)); + } + if (!empty($object->errors)) { + $this->errors = array_merge($this->errors, $object->errors); + } + } + /** * Function called when a Dolibarrr business event is done. * All functions "runTrigger" are triggered if file is inside directory htdocs/core/triggers or htdocs/module/code/triggers (and declared) diff --git a/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php b/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php index 861eeda8a931a..685973068a27b 100644 --- a/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php +++ b/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php @@ -534,7 +534,7 @@ public function runTrigger($action, $object, User $user, Translate $langs, Conf if (isModEnabled('ficheinter') && isModEnabled('ticket') && !empty($conf->workflow->enabled) && !empty($conf->global->WORKFLOW_TICKET_CREATE_INTERVENTION)) { $fichinter = new Fichinter($this->db); $fichinter->socid = (int) $object->fk_soc; - $fichinter->fk_project = $projectid; + $fichinter->fk_project = (int) $object->fk_project; $fichinter->fk_contrat = (int) $object->fk_contract; $fichinter->author = $user->id; $fichinter->model_pdf = (!empty($conf->global->FICHEINTER_ADDON_PDF)) ? $conf->global->FICHEINTER_ADDON_PDF : 'soleil'; diff --git a/htdocs/datapolicy/class/actions_datapolicy.class.php b/htdocs/datapolicy/class/actions_datapolicy.class.php index e15867ae59049..b6f1fd7695055 100644 --- a/htdocs/datapolicy/class/actions_datapolicy.class.php +++ b/htdocs/datapolicy/class/actions_datapolicy.class.php @@ -205,7 +205,7 @@ public function addMoreMassActions($parameters, &$object, &$action, $hookmanager /* print_r($parameters); print_r($object); echo "action: " . $action; */ if (in_array($parameters['currentcontext'], array('somecontext1', 'somecontext2'))) { // do something only for the context 'somecontext1' or 'somecontext2' - $this->resprints = ''; + $this->resprints = ''; } if (!$error) { diff --git a/htdocs/hrm/position_card.php b/htdocs/hrm/position_card.php index 15e01079200b2..76f21e7d244ed 100644 --- a/htdocs/hrm/position_card.php +++ b/htdocs/hrm/position_card.php @@ -193,6 +193,7 @@ function displayPositionCard(&$object) global $user, $langs, $db, $conf, $extrafields, $hookmanager, $action, $permissiontoadd, $permissiontodelete; $id = $object->id; + $ref = $object->ref; /* * View From 631a5ea066d594178468487123a48ea2e156d5ee Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Thu, 16 Nov 2023 15:32:50 +0100 Subject: [PATCH 4/5] Invoice - payment list - Manage Checkbox on left column (#26604) --- htdocs/compta/paiement/list.php | 50 +++++++++++++++++++++++++++------ 1 file changed, 41 insertions(+), 9 deletions(-) diff --git a/htdocs/compta/paiement/list.php b/htdocs/compta/paiement/list.php index 360bc46a6f329..6e7e3090b1ec6 100644 --- a/htdocs/compta/paiement/list.php +++ b/htdocs/compta/paiement/list.php @@ -368,7 +368,7 @@ } $varpage = empty($contextpage) ? $_SERVER["PHP_SELF"] : $contextpage; -$selectedfields = $form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage); // This also change content of $arrayfields +$selectedfields = $form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage, getDolGlobalString('MAIN_CHECKBOX_LEFT_COLUMN', '')); // This also change content of $arrayfields $massactionbutton = ''; if ($massactionbutton) { $selectedfields .= $form->showCheckAddButtons('checkforselect', 1); @@ -378,8 +378,18 @@ print '
'; print ''; +// Fields title search +// -------------------------------------------------------------------- print ''; +// Action column +if (getDolGlobalString('MAIN_CHECKBOX_LEFT_COLUMN')) { + print ''; +} + // Filters: Lines (placeholder) if (!empty($conf->global->MAIN_VIEW_LINE_NUMBER_IN_LIST)) { print ''; +// Action column +if (empty($conf->global->MAIN_CHECKBOX_LEFT_COLUMN)) { + print ''; +} print ""; +// Fields title label +// -------------------------------------------------------------------- print ''; +if (getDolGlobalString('MAIN_CHECKBOX_LEFT_COLUMN')) { + print_liste_field_titre($selectedfields, $_SERVER["PHP_SELF"], "", '', '', 'align="center"', $sortfield, $sortorder, 'maxwidthsearch '); +} if (!empty($conf->global->MAIN_VIEW_LINE_NUMBER_IN_LIST)) { print_liste_field_titre('#', $_SERVER['PHP_SELF'], '', '', $param, '', $sortfield, $sortorder); } @@ -500,7 +519,10 @@ $reshook = $hookmanager->executeHooks('printFieldListTitle', $parameters); // Note that $action and $object may have been modified by hook print $hookmanager->resPrint; -print_liste_field_titre($selectedfields, $_SERVER["PHP_SELF"], '', '', '', 'align="center"', $sortfield, $sortorder, 'maxwidthsearch '); +if (!getDolGlobalString('MAIN_CHECKBOX_LEFT_COLUMN')) { + print_liste_field_titre($selectedfields, $_SERVER["PHP_SELF"], "", '', '', 'align="center"', $sortfield, $sortorder, 'maxwidthsearch '); +} + print ""; $checkedCount = 0; @@ -525,6 +547,14 @@ print ''; + // Action column + if (getDolGlobalString('MAIN_CHECKBOX_LEFT_COLUMN')) { + print ''; + if (!$i) { + $totalarray['nbfield']++; + } + } + // No if (!empty($conf->global->MAIN_VIEW_LINE_NUMBER_IN_LIST)) { print ''; @@ -643,10 +673,12 @@ } } - // Buttons - print ''; - if (!$i) { - $totalarray['nbfield']++; + // Action column + if (!getDolGlobalString('MAIN_CHECKBOX_LEFT_COLUMN')) { + print ''; + if (!$i) { + $totalarray['nbfield']++; + } } print ''; From e47811a710cddd8991ae95ea54bd7f6cf66f26b2 Mon Sep 17 00:00:00 2001 From: MDW Date: Thu, 16 Nov 2023 15:33:55 +0100 Subject: [PATCH 5/5] QUAL Improve spelling in documentation strings/text (#26611) --- .github/CONTRIBUTING.md | 16 +++++----- .github/ISSUE_TEMPLATE/bug_report.yml | 2 +- .../github_ci_php71_pgsql.yml.disabled | 2 +- .../github_ci_php81_mysql.yml.disabled | 2 +- README-FR.md | 24 +++++++------- README.md | 4 +-- SECURITY.md | 32 +++++++++---------- build/docker/README.md | 2 +- htdocs/emailcollector/README.md | 2 +- htdocs/modulebuilder/template/README.md | 2 +- 10 files changed, 44 insertions(+), 44 deletions(-) diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 90ab6c01ccdb1..b87be10d64e9c 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -7,12 +7,12 @@ Bug reports and feature requests *Note*: **GitHub Issues is not a support forum.** If you have questions about Dolibarr / need help using the software, please use [the forums](https://www.dolibarr.org/forum.php). Forums exist in different languages. Issues are managed on [GitHub](https://github.com/Dolibarr/dolibarr/issues). -Default **language here is english**. So please prepare your contributions in english. +Default **language here is English**. So please prepare your contributions in English. 1. Please [use the search engine](https://help.github.com/articles/searching-issues) to check if nobody's already reported your problem. 2. [Create an issue](https://help.github.com/articles/creating-an-issue). Choose an appropriate title. Prepend appropriately with Bug or Feature Request. 3. Tell us the version you are using! (look at /htdocs/admin/system/dolibarr.php? and check if you are using the latest version) -4. Write a report with as much detail as possible (Use [screenshots](https://help.github.com/articles/issue-attachments) or even screencasts and provide logging and debugging informations whenever possible). +4. Write a report with as much detail as possible (Use [screenshots](https://help.github.com/articles/issue-attachments) or even screencasts and provide logging and debugging information whenever possible). 5. Delete unnecessary submissions. 6. **Check your Message at Preview before sending.** @@ -45,12 +45,12 @@ The rule N - 2 is just a tip if you don't know which version to choose to get th and number of potential beneficiaries of the correction. ### General rules -Please don't edit the ChangeLog file. File will be generated from all commit messages during release process by the project manager. +Please don't edit the ChangeLog file. This file is generated from all commit messages during release process by the project manager. ### Commits Use clear commit messages with the following structure: -``` +```plaintext [KEYWORD] [ISSUENUM] DESC LONGDESC @@ -68,12 +68,12 @@ where #### Keyword In uppercase if you want to have the log comment appears into the generated ChangeLog file. -The keyword can be ommitted if your commit does not fit in any of the following categories: +The keyword can be omitted if your commit does not fit in any of the following categories: - Fix/FIX: for a bug fix - Close/CLOSE: for closing a referenced feature request -- New/NEW: for an unreferenced new feature (Opening a feature request and using close is prefered) -- Perf/PERF: for performance enhancement +- New/NEW: for an unreferenced new feature (Opening a feature request and using close is preferred) +- Perf/PERF: for a performance enhancement - Qual/QUAL: for quality code enhancement or re-engineering #### Issuenum @@ -150,7 +150,7 @@ All other translations are managed online at [Transifex](https://www.transifex.c Translations done on transifex are available in the next major release. -Note: Sometimes, the source text (english) is modified. In such a case, the translation is reset. Transifex assume that if the original source +Note: Sometimes, the source text (English) is modified. In such a case, the translation is reset. Transifex assume that if the original source has changed, the translation is surely no more correct so must be done again. But old translation is not lost and you can use the tab "History" to retrieve all old translation of a source text, and restore the translation in one click with no need to retranslate it if there is no need to. diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index d7dc3d584e383..3795b1b7222bd 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -68,4 +68,4 @@ body: id: files attributes: label: Attached files - description: Screenshots, screencasts, dolibarr.log, debugging informations + description: Screenshots, screencasts, dolibarr.log, debugging information diff --git a/.github/workflows/github_ci_php71_pgsql.yml.disabled b/.github/workflows/github_ci_php71_pgsql.yml.disabled index 856e2eb18a503..d324d1c148158 100644 --- a/.github/workflows/github_ci_php71_pgsql.yml.disabled +++ b/.github/workflows/github_ci_php71_pgsql.yml.disabled @@ -235,7 +235,7 @@ jobs: sudo cat /etc/apache2/sites-enabled/000-default.conf sudo service apache2 restart curl -I localhost - - name: Chech Apache availability + - name: Check Apache availability run: | echo "Checking webserver availability by a wget -O - --debug http://127.0.0.1" # Ensure we stop on error with set -e diff --git a/.github/workflows/github_ci_php81_mysql.yml.disabled b/.github/workflows/github_ci_php81_mysql.yml.disabled index c1f78f2033ada..047fcd63fb5e1 100644 --- a/.github/workflows/github_ci_php81_mysql.yml.disabled +++ b/.github/workflows/github_ci_php81_mysql.yml.disabled @@ -190,7 +190,7 @@ jobs: sudo cat /etc/apache2/sites-enabled/000-default.conf sudo service apache2 restart curl -I localhost - - name: Chech Apache availability + - name: Check Apache availability run: | echo "Checking webserver availability by a wget -O - --debug http://127.0.0.1" # Ensure we stop on error with set -e diff --git a/README-FR.md b/README-FR.md index 74be3f1754c15..105c2ac6ef980 100644 --- a/README-FR.md +++ b/README-FR.md @@ -70,7 +70,7 @@ Note: *Le processus de migration peut être lancé manuellement et plusieurs foi ## CE QUI EST NOUVEAU -See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) file. +Voir le fichier [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog). ## CE QUE DOLIBARR PEUT FAIRE @@ -88,11 +88,11 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) - Gestion de contrats de services - Gestion de stock et inventaires - Gestion des expéditions -- Gestion des demandes de congès +- Gestion des demandes de congés - Gestion des notes de frais - Gestion de recrutement - GED (Gestion Electronique de Documents) -- EMailings de masse +- E-Mailings de masse - Réalisation de sondages - Gestion d'adhérents - Point de vente/Caisse enregistreuse @@ -107,17 +107,17 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) - Support des codes barres - Calcul des marges - Connectivité LDAP -- Intégratn de ClickToDial +- Intégration de ClickToDial - Intégration RSS -- Intégation Skype -- Intégration de système de paiements (Paypal, Stripe, Paybox...) +- Intégration Skype +- Intégration de système de paiements (PayPal, Stripe, Paybox...) - … ### Divers - Multi-langue. - Multi-utilisateurs avec différents niveaux de permissions par module. -- Multi-devise. +- Multidevise. - Peux être multi-société par ajout du module externe multi-société. - Plusieurs thèmes visuels. - Application simple à utiliser. @@ -127,7 +127,7 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) - Génération PDF et ODT des éléments (factures, propositions commerciales, commandes, bons expéditions, etc...) - Code simple et facilement personnalisable (pas de framework lourd; mécanisme de hook et triggers). - Support natif de nombreuses fonctions spécifiques aux pays comme: - - La tax espagnole TE et ISPF + - La taxe espagnole TE et ISPF - Gestion de la TVA NPR (non perçue récupérable - pour les utilisateurs français des DOM-TOM) - La loi française Finance 2016 et logiciels de caisse - La double taxe canadienne @@ -139,7 +139,7 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) ### Extension -Dolibarr peut aussi être étendu à volonté avec l'ajout de module/applications externes développées par des développeus tiers, disponible sur [DoliStore](https://www.dolistore.com). +Dolibarr peut aussi être étendu à volonté avec l'ajout de modules/applications externes développées par des développeurs tiers, disponible sur [DoliStore](https://www.dolistore.com). ## CE QUE DOLIBARR NE PEUT PAS (ENCORE) FAIRE @@ -168,15 +168,15 @@ Voir le fichier [COPYRIGHT](https://github.com/Dolibarr/dolibarr/blob/develop/CO ## ACTUALITES ET RESEAUX SOCIAUX -Suivez le projet Dolibarr project sur les réseaux francophones +Suivez le projet Dolibarr sur les réseaux francophones - [Facebook](https://www.facebook.com/dolibarr.fr) -- [Twitter](https://www.twitter.com/dolibarr_france) +- [X](https://www.twitter.com/dolibarr_france) ou sur les réseaux anglophones - [Facebook](https://www.facebook.com/dolibarr) -- [Twitter](https://www.twitter.com/dolibarr) +- [X](https://www.twitter.com/dolibarr) - [LinkedIn](https://www.linkedin.com/company/association-dolibarr) - [YouTube](https://www.youtube.com/user/DolibarrERPCRM) - [GitHub](https://github.com/Dolibarr/dolibarr) diff --git a/README.md b/README.md index 761b952983b92..4645176a3f58f 100644 --- a/README.md +++ b/README.md @@ -98,7 +98,7 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) Product Management -- Products and/or Services catalog +- Products and/or Services catalogue - Stock / Warehouse management + Inventory - Barcodes - Batches / Lots / Serials @@ -239,7 +239,7 @@ See [COPYRIGHT](https://github.com/Dolibarr/dolibarr/blob/develop/COPYRIGHT) fil Follow Dolibarr project on: - [Facebook](https://www.facebook.com/dolibarr) -- [Twitter](https://www.twitter.com/dolibarr) +- [X](https://x.com/dolibarr) - [LinkedIn](https://www.linkedin.com/company/association-dolibarr) - [Reddit](https://www.reddit.com/r/Dolibarr_ERP_CRM/) - [YouTube](https://www.youtube.com/user/DolibarrERPCRM) diff --git a/SECURITY.md b/SECURITY.md index a64518800a40f..953059e625ff4 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -20,9 +20,9 @@ We believe that the future of software is online SaaS. This means software are m If you believe you've found a security bug in our service, we are happy to work with you to resolve the issue promptly and ensure you are fairly rewarded for your discovery. -Any type of denial of service attacks is strictly forbidden, as well as any interference with network equipment and Dolibarr infrastructure. +Any type of denial-of-service attack is strictly forbidden, as well as any interference with network equipment and Dolibarr infrastructure. -We recommand to install Dolibarr ERP CRM on your own server (as most Open Source software, download and use is free: [https://www.dolibarr.org/download](https://www.dolibarr.org/download)) to get access on every side of application. +We recommend to install Dolibarr ERP CRM on your own server (as most Open Source software, download and use is free: [https://www.dolibarr.org/download](https://www.dolibarr.org/download)) to get access on every side of application. ### User Agent @@ -30,7 +30,7 @@ If you try to find bug on Dolibarr, we recommend to append to your user-agent he ### Account access -You can install the web application yourself on your own platform/server so you get full access to application and sources. Download the zip of the files to put into your own web server virtual host from [https://www.dolibarr.org/download](https://www.dolibarr.org/download) +You can install the web application yourself on your own platform/server so you get full access to application and sources. Download the zip of the files to put in your own web server virtual host from [https://www.dolibarr.org/download](https://www.dolibarr.org/download) ## Eligibility and Responsible Disclosure @@ -38,7 +38,7 @@ We are happy to thank everyone who submits valid reports which help us improve t You must be the first reporter of the vulnerability (duplicate reports are closed). -You must avoid tests that could cause degradation or interruption of our service (refrain from using automated tools, and limit yourself about requests per second), that's why we recommand to install software on your own platform. +You must avoid tests that could cause degradation or interruption of our service (refrain from using automated tools, and limit yourself about requests per second), that's why we recommend to install software on your own platform. You must not leak, manipulate, or destroy any user data of third parties to find your vulnerability. @@ -48,27 +48,27 @@ Reports are processed around once a month. ONLY vulnerabilities discovered, when the following setup on test platform is used, are "valid": -* The version to analyze must be the last version available into "develop" branch or into last stable "vX.Y" released version. Reports on vulnerabilities already fixed (so already reported) into the develop branch will not be validated. -* $dolibarr_main_prod must be set to 1 into conf.php -* $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value) +* The version to analyze must be the last version available in the "develop" branch or in the last stable "vX.Y" released version. Reports on vulnerabilities already fixed (so already reported) in the develop branch will not be validated. +* $dolibarr_main_prod must be set to 1 in conf.php +* $dolibarr_nocsrfcheck must be kept to the value 0 in conf.php (this is the default value) * $dolibarr_main_force_https must be set to something else than 0. -* The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 3 into backoffice menu Home - Setup - Other (this protection should be set to 3 soon by default). CSRF attacks are accepted but +* The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 3 in the backoffice menu Home - Setup - Other (this protection should be set to 3 soon by default). CSRF attacks are accepted but double check that you have set MAIN_SECURITY_CSRF_WITH_TOKEN to value 3. -* ONLY security reports on modules provided by default and with the "stable" status are valid (troubles into "experimental", "developement" or external modules are not valid vulnerabilities). +* ONLY security reports on modules provided by default and with the "stable" status are valid (troubles in "experimental", "development" or external modules are not valid vulnerabilities). * The root of web server must link to htdocs and the documents directory must be outside of the web server root (this is the default when using the default installer but may differs with external installer). * The web server setup must be done so that only the documents directory is in write mode. The root directory called htdocs must be read-only. * The modules DebugBar and ModuleBuilder must NOT be enabled. (by default, these modules are not enabled. They are developer tools) -* Ability for a high level user to edit web site pages into the CMS by including HTML or Javascript is an expected feature. Vulnerabilities into the website module are validated only if HTML or Javascript injection can be done by a non allowed user. -* Fail2ban rules for rate limit on the login page,password forgotten page, api calls and all public pages (/public/*) must be installed as recommendend into the section "About - Admin tools - Section Access limits and mitigation". +* Ability for a high-level user to edit web site pages in the CMS by including HTML or JavaScript is an expected feature. Vulnerabilities in the website module are validated only if HTML or JavaScript injection can be done by a non-allowed user. +* Fail2ban rules for rate limit on the login page, forgotten password page, API calls and all public pages (/public/*) must be installed as recommended in the section "About - Admin tools - Section Access limits and mitigation". -Scope is the web application (back office) and the APIs. +Scope is the web application (backoffice) and the APIs. ## Examples of vulnerabilities that are Qualified for reporting. * Remote code execution (RCE) * Local files access and manipulation (LFI, RFI, XXE, SSRF, XSPA) * Code injections (JS, SQL, PHP). HTML are covered only for fields that are not description, notes or comments fields (where rich content is allowed on purpose). -* Cross-Site Scripting (XSS), except from setup page of module "External web site" (allowing any content here, editable by admin user only, is accepted on purpose) and except into module "Web site" when permission to edit website content is allowed (injecting any data in this case is allowed too). +* Cross-Site Scripting (XSS), except from setup page of module "External web site" (allowing any content here, editable by admin user only, is accepted on purpose) and except in the module "Web site" when permission to edit website content is allowed (injecting any data in this case is allowed too). * Cross-Site Requests Forgery (CSRF) with real security impact (when using GET URLs, CSRF are qualified only for creating, updating or deleting data from pages restricted to admin users) * Open redirect * Broken authentication & session management @@ -76,8 +76,8 @@ Scope is the web application (back office) and the APIs. * Cross-Origin Resource Sharing (CORS) with real security impact * Horizontal and vertical privilege escalation * "HTTP Host Header" XSS -* Software version disclosure (for non admin users only) -* Stack traces or path disclosure (for non admin users only) +* Software version disclosure (for non-admin users only) +* Stack traces or path disclosure (for non-admin users only) ## Examples of vulnerabilities that are Non-qualified for reporting. @@ -95,5 +95,5 @@ Scope is the web application (back office) and the APIs. * Reports on features flagged as "experimental" or "development" * Software version or private IP disclosure when logged-in user is admin * Stack traces or path disclosure when logged-in user is admin -* Any vulnerabilities due to a configuration different than the one defined into chapter "Scope for qualified vulnerabilities". +* Any vulnerabilities due to a configuration different than the one defined in chapter "Scope for qualified vulnerabilities". * Brute force attacks on login page, password forgotten page or any public pages (/public/*) are not qualified if the fail2ban recommended fail2ban rules were not installed. diff --git a/build/docker/README.md b/build/docker/README.md index fbf9b05851ca4..6daf6d6bd5c13 100644 --- a/build/docker/README.md +++ b/build/docker/README.md @@ -1,7 +1,7 @@ # How to use it ? The docker-compose.yml file is a sample of a config file to use to build and run Dolibarr in the current workspace with Docker. -This docker image is intended for developpement usage. +This docker image is intended for development usage. For production usage you should consider other contributor reference like https://hub.docker.com/r/tuxgasy/dolibarr Before build/run, define the variable HOST_USER_ID as following: diff --git a/htdocs/emailcollector/README.md b/htdocs/emailcollector/README.md index 4c307183f1995..beb1b69c66fee 100644 --- a/htdocs/emailcollector/README.md +++ b/htdocs/emailcollector/README.md @@ -1,6 +1,6 @@ EMailCollector ============== -This module provides a sheduled job that scan regularly one or several IMAP email boxes, with filtering rules, to automatically record data in your application, like +This module provides a scheduled job that scan regularly one or several IMAP email boxes, with filtering rules, to automatically record data in your application, like * recording the email in the history of events (event is automatically linked to its related objects if possible, for example when a customer reply to an email sent from the application, the answer is automatically linked to the good objects) * and/or creating a lead diff --git a/htdocs/modulebuilder/template/README.md b/htdocs/modulebuilder/template/README.md index 03cf25d74f45b..2e63e69bd0ba5 100644 --- a/htdocs/modulebuilder/template/README.md +++ b/htdocs/modulebuilder/template/README.md @@ -17,7 +17,7 @@ Translations can be completed manually by editing files into directories *langs*
'; + $searchpicto = $form->showFilterButtons('left'); + print $searchpicto; + print ''; @@ -457,13 +467,22 @@ $reshook = $hookmanager->executeHooks('printFieldListOption', $parameters); // Note that $action and $object may have been modified by hook print $hookmanager->resPrint; -print ''; -print $form->showFilterAndCheckAddButtons(0); -print ''; + $searchpicto = $form->showFilterButtons(); + print $searchpicto; + print '
'.(($offset * $limit) + $i).'