Merge branch 'support/3.0' into support/3.1

# Conflicts: # dictionaries/cs.dictionary.itop.core.php # dictionaries/da.dictionary.itop.core.php # dictionaries/de.dictionary.itop.core.php # dictionaries/es_cr.dictionary.itop.core.php # dictionaries/hu.dictionary.itop.core.php # dictionaries/it.dictionary.itop.core.php # dictionaries/ja.dictionary.itop.core.php # dictionaries/nl.dictionary.itop.core.php # dictionaries/pl.dictionary.itop.core.php # dictionaries/pt_br.dictionary.itop.core.php # dictionaries/ru.dictionary.itop.core.php # dictionaries/sk.dictionary.itop.core.php # dictionaries/tr.dictionary.itop.core.php # lib/composer/autoload_classmap.php # lib/composer/autoload_static.php # sources/Application/Helper/ExportHelper.php
2026-02-13 07:24:13 +01:00 · 2023-11-21 10:10:54 +01:00
parent a2181b3478 083a0b79bf
commit 47e7c35c2b
25 changed files with 70 additions and 18 deletions
--- a/core/csvbulkexport.class.inc.php
+++ b/core/csvbulkexport.class.inc.php
@@ -12,6 +12,7 @@ use Combodo\iTop\Application\UI\Base\Component\Input\SelectUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Component\Panel\PanelUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Layout\MultiColumn\Column\ColumnUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Layout\MultiColumn\MultiColumnUIBlockFactory;
+use Combodo\iTop\Application\Helper\ExportHelper;

 /**
 * Bulk export: CSV export
@@ -114,6 +115,7 @@ class CSVBulkExport extends TabularBulkExport

 			case 'csv_options':
 				$oPanel = PanelUIBlockFactory::MakeNeutral(Dict::S('Core:BulkExport:CSVOptions'));
+				$oPanel->AddSubBlock(ExportHelper::GetAlertForExcelMaliciousInjection());

 				$oMulticolumn = MultiColumnUIBlockFactory::MakeStandard();
 				$oPanel->AddSubBlock($oMulticolumn);
--- a/core/excelbulkexport.class.inc.php
+++ b/core/excelbulkexport.class.inc.php
@@ -10,6 +10,7 @@ use Combodo\iTop\Application\UI\Base\Component\Input\InputUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Component\Panel\PanelUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Layout\MultiColumn\Column\ColumnUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Layout\MultiColumn\MultiColumnUIBlockFactory;
+use Combodo\iTop\Application\Helper\ExportHelper;

 require_once(APPROOT.'application/xlsxwriter.class.php');

@@ -82,6 +83,7 @@ class ExcelBulkExport extends TabularBulkExport

 			case 'xlsx_options':
 				$oPanel = PanelUIBlockFactory::MakeNeutral(Dict::S('Core:BulkExport:XLSXOptions'));
+				$oPanel->AddSubBlock(ExportHelper::GetAlertForExcelMaliciousInjection());

 				$oMulticolumn = MultiColumnUIBlockFactory::MakeStandard();
 				$oPanel->AddSubBlock($oMulticolumn);
--- a/datamodels/2.x/itop-portal-base/portal/src/Controller/ManageBrickController.php
+++ b/datamodels/2.x/itop-portal-base/portal/src/Controller/ManageBrickController.php
@@ -50,6 +50,7 @@ use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use UnaryExpression;
 use URLButtonItem;
+use utils;

 /**
 * Class ManageBrickController
@@ -260,6 +261,7 @@ class ManageBrickController extends BrickController
 			'oBrick' => $oBrick,
 			'sBrickId' => $sBrickId,
 			'sToken' => $oExporter->SaveState(),
+            'sWikiUrl' => 'https://www.itophub.io/wiki/page?id='.utils::GetItopVersionWikiSyntax().'%3Auser%3Alists#excel_export',
 		);

 		return $this->render(static::EXCEL_EXPORT_TEMPLATE_PATH, $aData);
--- a/datamodels/2.x/itop-portal-base/portal/templates/bricks/manage/popup-export-excel.html.twig
+++ b/datamodels/2.x/itop-portal-base/portal/templates/bricks/manage/popup-export-excel.html.twig
@@ -11,6 +11,7 @@
    </div>

    <div id="export-feedback">
+        <p id="export-excel-warning" class="alert alert-warning" role="alert">{{ 'UI:Bulk:Export:MaliciousInjection:Alert:Message'|dict_format(sWikiUrl)|raw }}</p>
        <p class="export-message" style="text-align:center;">{{ 'ExcelExport:PreparingExport'|dict_s }}</p>
        <div class="progress">
            <div class="progress-bar" role="progressbar" style="width: 0%"
--- a/dictionaries/fr.dictionary.itop.core.php
+++ b/dictionaries/fr.dictionary.itop.core.php
@@ -984,7 +984,7 @@ Plusieurs champs peuvent ainsi être modifiés lors d\'une "mise à jour" en app
 	'Core:BulkExport:DateTimeFormatDefault_Example' => 'Format par défaut (%1$s), ex. %2$s',
 	'Core:BulkExport:DateTimeFormatCustom_Format' => 'Format spécial: %1$s',
 	'Core:BulkExport:PDF:PageNumber' => 'Page %1$s',
-	'Core:DateTime:Placeholder_d' => 'JJ', // Day of the month: 2 digits (with leading zero)
+    'Core:DateTime:Placeholder_d' => 'JJ', // Day of the month: 2 digits (with leading zero)
 	'Core:DateTime:Placeholder_j' => 'J', // Day of the month: 1 or 2 digits (without leading zero)
 	'Core:DateTime:Placeholder_m' => 'MM', // Month on 2 digits i.e. 01-12
 	'Core:DateTime:Placeholder_n' => 'M', // Month on 1 or 2 digits 1-12
--- a/dictionaries/ui/application/bulk/cs.dictionary.itop.bulk.php
+++ b/dictionaries/ui/application/bulk/cs.dictionary.itop.bulk.php
@@ -20,5 +20,6 @@ Dict::Add('CS CZ', 'Czech', 'Čeština', array(

 	// Bulk modify
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
-
+	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
 ));
--- a/dictionaries/ui/application/bulk/da.dictionary.itop.bulk.php
+++ b/dictionaries/ui/application/bulk/da.dictionary.itop.bulk.php
@@ -20,5 +20,6 @@ Dict::Add('DA DA', 'Danish', 'Dansk', array(

 	// Bulk modify
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
-
+	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
 ));
--- a/dictionaries/ui/application/bulk/de.dictionary.itop.bulk.php
+++ b/dictionaries/ui/application/bulk/de.dictionary.itop.bulk.php
@@ -20,5 +20,6 @@ Dict::Add('DE DE', 'German', 'Deutsch', array(

 	// Bulk modify
 	'UI:Bulk:modify:IncompatibleAttribute' => 'Dieses Attribut kann in einer Massenänderung nicht bearbeitet werden.',
-
+	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
 ));
--- a/dictionaries/ui/application/bulk/en.dictionary.itop.bulk.php
+++ b/dictionaries/ui/application/bulk/en.dictionary.itop.bulk.php
@@ -21,5 +21,6 @@ Dict::Add('EN US', 'English', 'English', array(

 	// Bulk modify
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context',
-
+	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>',
 ));
--- a/dictionaries/ui/application/bulk/es_cr.dictionary.itop.bulk.php
+++ b/dictionaries/ui/application/bulk/es_cr.dictionary.itop.bulk.php
@@ -20,5 +20,6 @@ Dict::Add('ES CR', 'Spanish', 'Español, Castellano', array(

 	// Bulk modify
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
-
+	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
 ));
--- a/dictionaries/ui/application/bulk/fr.dictionary.itop.bulk.php
+++ b/dictionaries/ui/application/bulk/fr.dictionary.itop.bulk.php
@@ -20,5 +20,6 @@ Dict::Add('FR FR', 'French', 'Français', array(

 	// Bulk modify
 	'UI:Bulk:modify:IncompatibleAttribute' => 'Cet attribut ne peut être édité dans une modification en masse',
-
+	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Avertissement sur la sécurité d\'Excel',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'L\'ouverture d\'un fichier contenant des données non fiables dans Microsoft Excel peut entraîner l\'injection de formules. Assurez-vous que vos paramètres Excel sont configurés pour traiter les fichiers en toute sécurité. <a href="%1$s">Pour en savoir plus, consultez notre documentation.</a>',
 ));
--- a/dictionaries/ui/application/bulk/hu.dictionary.itop.bulk.php
+++ b/dictionaries/ui/application/bulk/hu.dictionary.itop.bulk.php
@@ -20,5 +20,6 @@ Dict::Add('HU HU', 'Hungarian', 'Magyar', array(

 	// Bulk modify
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
-
+	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
 ));
--- a/dictionaries/ui/application/bulk/it.dictionary.itop.bulk.php
+++ b/dictionaries/ui/application/bulk/it.dictionary.itop.bulk.php
@@ -20,5 +20,6 @@ Dict::Add('IT IT', 'Italian', 'Italiano', array(

 	// Bulk modify
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
-
+	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
 ));
--- a/dictionaries/ui/application/bulk/ja.dictionary.itop.bulk.php
+++ b/dictionaries/ui/application/bulk/ja.dictionary.itop.bulk.php
@@ -20,5 +20,6 @@ Dict::Add('JA JP', 'Japanese', '日本語', array(

 	// Bulk modify
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
-
+	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
 ));
--- a/dictionaries/ui/application/bulk/nl.dictionary.itop.bulk.php
+++ b/dictionaries/ui/application/bulk/nl.dictionary.itop.bulk.php
@@ -20,5 +20,6 @@ Dict::Add('NL NL', 'Dutch', 'Nederlands', array(

 	// Bulk modify
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
-
+	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
 ));
--- a/dictionaries/ui/application/bulk/pl.dictionary.itop.bulk.php
+++ b/dictionaries/ui/application/bulk/pl.dictionary.itop.bulk.php
@@ -20,5 +20,6 @@ Dict::Add('PL PL', 'Polish', 'Polski', array(

 	// Bulk modify
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
-
+	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
 ));
--- a/dictionaries/ui/application/bulk/pt_br.dictionary.itop.bulk.php
+++ b/dictionaries/ui/application/bulk/pt_br.dictionary.itop.bulk.php
@@ -20,5 +20,6 @@ Dict::Add('PT BR', 'Brazilian', 'Brazilian', array(

 	// Bulk modify
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
-
+	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
 ));
--- a/dictionaries/ui/application/bulk/ru.dictionary.itop.bulk.php
+++ b/dictionaries/ui/application/bulk/ru.dictionary.itop.bulk.php
@@ -20,5 +20,6 @@ Dict::Add('RU RU', 'Russian', 'Русский', array(

 	// Bulk modify
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
-
+	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
 ));
--- a/dictionaries/ui/application/bulk/sk.dictionary.itop.bulk.php
+++ b/dictionaries/ui/application/bulk/sk.dictionary.itop.bulk.php
@@ -20,5 +20,6 @@ Dict::Add('SK SK', 'Slovak', 'Slovenčina', array(

 	// Bulk modify
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
-
+	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
 ));
--- a/dictionaries/ui/application/bulk/tr.dictionary.itop.bulk.php
+++ b/dictionaries/ui/application/bulk/tr.dictionary.itop.bulk.php
@@ -20,5 +20,6 @@ Dict::Add('TR TR', 'Turkish', 'Türkçe', array(

 	// Bulk modify
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
-
+	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
 ));
--- a/dictionaries/ui/application/bulk/zh_cn.dictionary.itop.bulk.php
+++ b/dictionaries/ui/application/bulk/zh_cn.dictionary.itop.bulk.php
@@ -20,5 +20,6 @@ Dict::Add('ZH CN', 'Chinese', '简体中文', array(

 	// Bulk modify
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
-
+	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
 ));
--- a/dictionaries/zh_cn.dictionary.itop.core.php
+++ b/dictionaries/zh_cn.dictionary.itop.core.php
@@ -1027,7 +1027,7 @@ The hyperlink is displayed in the tooltip appearing on the “Lock” symbol of
 	'Core:BulkExport:DateTimeFormatDefault_Example' => '默认格式 (%1$s), e.g. %2$s',
 	'Core:BulkExport:DateTimeFormatCustom_Format' => '自定义格式: %1$s',
 	'Core:BulkExport:PDF:PageNumber' => '第 %1$s 页',
-	'Core:DateTime:Placeholder_d' => 'DD', // Day of the month: 2 digits (with leading zero)
+    'Core:DateTime:Placeholder_d' => 'DD', // Day of the month: 2 digits (with leading zero)
 	'Core:DateTime:Placeholder_j' => 'D', // Day of the month: 1 or 2 digits (without leading zero)
 	'Core:DateTime:Placeholder_m' => 'MM', // Month on 2 digits i.e. 01-12
 	'Core:DateTime:Placeholder_n' => 'M', // Month on 1 or 2 digits 1-12
--- a/lib/composer/autoload_classmap.php
+++ b/lib/composer/autoload_classmap.php
@@ -190,6 +190,7 @@ return array(
    'CheckableExpression' => $baseDir . '/core/oql/oqlquery.class.inc.php',
    'Combodo\\iTop\\Application\\Branding' => $baseDir . '/sources/Application/Branding.php',
    'Combodo\\iTop\\Application\\EventRegister\\ApplicationEvents' => $baseDir . '/sources/Application/EventRegister/ApplicationEvents.php',
+    'Combodo\\iTop\\Application\\Helper\\ExportHelper' => $baseDir . '/sources/Application/Helper/ExportHelper.php',
    'Combodo\\iTop\\Application\\Helper\\FormHelper' => $baseDir . '/sources/Application/Helper/FormHelper.php',
    'Combodo\\iTop\\Application\\Helper\\Session' => $baseDir . '/sources/Application/Helper/Session.php',
    'Combodo\\iTop\\Application\\Helper\\WebResourcesHelper' => $baseDir . '/sources/Application/Helper/WebResourcesHelper.php',
--- a/lib/composer/autoload_static.php
+++ b/lib/composer/autoload_static.php
@@ -554,6 +554,7 @@ class ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f
        'CheckableExpression' => __DIR__ . '/../..' . '/core/oql/oqlquery.class.inc.php',
        'Combodo\\iTop\\Application\\Branding' => __DIR__ . '/../..' . '/sources/Application/Branding.php',
        'Combodo\\iTop\\Application\\EventRegister\\ApplicationEvents' => __DIR__ . '/../..' . '/sources/Application/EventRegister/ApplicationEvents.php',
+        'Combodo\\iTop\\Application\\Helper\\ExportHelper' => __DIR__ . '/../..' . '/sources/Application/Helper/ExportHelper.php',
        'Combodo\\iTop\\Application\\Helper\\FormHelper' => __DIR__ . '/../..' . '/sources/Application/Helper/FormHelper.php',
        'Combodo\\iTop\\Application\\Helper\\Session' => __DIR__ . '/../..' . '/sources/Application/Helper/Session.php',
        'Combodo\\iTop\\Application\\Helper\\WebResourcesHelper' => __DIR__ . '/../..' . '/sources/Application/Helper/WebResourcesHelper.php',
--- a/sources/Application/Helper/ExportHelper.php
+++ b/sources/Application/Helper/ExportHelper.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace Combodo\iTop\Application\Helper;
+use Combodo\iTop\Application\UI\Base\Component\Alert\AlertUIBlockFactory;
+use Dict;
+use utils;
+
+/**
+ * Class
+ * ExportHelper
+ *
+ * @internal
+ * @author Stephen Abello <stephen.abello@combodo.com>
+ * @since 2.7.9 3.0.4 3.1.1 3.2.0
+ * @package Combodo\iTop\Application\Helper
+ */
+class ExportHelper
+{
+	public static function GetAlertForExcelMaliciousInjection()
+	{
+		$sWikiUrl =  'https://www.itophub.io/wiki/page?id='.utils::GetItopVersionWikiSyntax().'%3Auser%3Alists#excel_export';
+		$oAlert = AlertUIBlockFactory::MakeForWarning(Dict::S('UI:Bulk:Export:MaliciousInjection:Alert:Title'), Dict::Format('UI:Bulk:Export:MaliciousInjection:Alert:Message', $sWikiUrl), 'ibo-excel-malicious-injection-alert');
+		$oAlert->EnableSaveCollapsibleState(true)
+			->SetIsClosable(false);
+		return $oAlert;
+	}
+}