From 7c3659d5ba9a81ae63b36bd7bbea48603d150890 Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Fri, 18 Sep 2020 18:26:31 +0200 Subject: [PATCH 01/31] :wrench: Remove versionned PHPStorm files Those files were duplicates of the .editorconfig file .editorconfig was pushed with ecd8f40c0f1c692f94e2f79d11be842e2d41eec4 for 2.7.0 and should be the only source of the IDE / editor configuration This generic format is implemented in PHPStorm since v2019.2 (see https://blog.jetbrains.com/idea/2019/06/managing-code-style-on-a-directory-level-with-editorconfig/) To check if your IDE / editor supports it, check https://editorconfig.org/ --- .gitignore | 5 - .idea/codeStyles/Project.xml | 74 -------- .idea/codeStyles/codeStyleConfig.xml | 5 - .idea/encodings.xml | 6 - .idea/inspectionProfiles/Combodo.xml | 171 ------------------ .idea/inspectionProfiles/Project_Default.xml | 19 -- .../inspectionProfiles/profiles_settings.xml | 6 - 7 files changed, 286 deletions(-) delete mode 100644 .idea/codeStyles/Project.xml delete mode 100644 .idea/codeStyles/codeStyleConfig.xml delete mode 100644 .idea/encodings.xml delete mode 100644 .idea/inspectionProfiles/Combodo.xml delete mode 100644 .idea/inspectionProfiles/Project_Default.xml delete mode 100644 .idea/inspectionProfiles/profiles_settings.xml diff --git a/.gitignore b/.gitignore index 3f995a7f3..92eb71a34 100644 --- a/.gitignore +++ b/.gitignore @@ -40,11 +40,6 @@ test/vendor/* # Jetbrains /.idea/** -!/.idea/encodings.xml -!/.idea/codeStyles -!/.idea/codeStyles/* -!/.idea/inspectionProfiles -!/.idea/inspectionProfiles/* # doc. generation /.doc/vendor diff --git a/.idea/codeStyles/Project.xml b/.idea/codeStyles/Project.xml deleted file mode 100644 index 6af43b87d..000000000 --- a/.idea/codeStyles/Project.xml +++ /dev/null @@ -1,74 +0,0 @@ - - - - \ No newline at end of file diff --git a/.idea/codeStyles/codeStyleConfig.xml b/.idea/codeStyles/codeStyleConfig.xml deleted file mode 100644 index d68e1e434..000000000 --- a/.idea/codeStyles/codeStyleConfig.xml +++ /dev/null @@ -1,5 +0,0 @@ - - - - \ No newline at end of file diff --git a/.idea/encodings.xml b/.idea/encodings.xml deleted file mode 100644 index c2bae49d7..000000000 --- a/.idea/encodings.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - - - - \ No newline at end of file diff --git a/.idea/inspectionProfiles/Combodo.xml b/.idea/inspectionProfiles/Combodo.xml deleted file mode 100644 index 763f7a53d..000000000 --- a/.idea/inspectionProfiles/Combodo.xml +++ /dev/null @@ -1,171 +0,0 @@ - - - - \ No newline at end of file diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml deleted file mode 100644 index b9013fdbd..000000000 --- a/.idea/inspectionProfiles/Project_Default.xml +++ /dev/null @@ -1,19 +0,0 @@ - - - - \ No newline at end of file diff --git a/.idea/inspectionProfiles/profiles_settings.xml b/.idea/inspectionProfiles/profiles_settings.xml deleted file mode 100644 index 7f3af8c75..000000000 --- a/.idea/inspectionProfiles/profiles_settings.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - - \ No newline at end of file From c6df0b6d7dd7d0e2888201526ee4370926eeb4f1 Mon Sep 17 00:00:00 2001 From: Eric Date: Tue, 22 Sep 2020 11:03:59 +0200 Subject: [PATCH 02/31] =?UTF-8?q?N=C2=B03311=20-=20Stop=20capturing=20outp?= =?UTF-8?q?ut=20before=20sending=20backup=20file=20(avoid=20memory=20probl?= =?UTF-8?q?em)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- datamodels/2.x/itop-backup/ajax.backup.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/datamodels/2.x/itop-backup/ajax.backup.php b/datamodels/2.x/itop-backup/ajax.backup.php index 7196242c3..528a48916 100644 --- a/datamodels/2.x/itop-backup/ajax.backup.php +++ b/datamodels/2.x/itop-backup/ajax.backup.php @@ -213,6 +213,9 @@ JS break; case 'download': + while (ob_get_level() > 0) { + ob_end_clean(); + } $sFile = utils::ReadParam('file', '', false, 'raw_data'); $oBackup = new DBBackupScheduled(); $sBackupDir = APPROOT.'data/backups/'; From 1453558f3e761b02d559247395e58172096b7d48 Mon Sep 17 00:00:00 2001 From: Eric Date: Tue, 22 Sep 2020 11:39:19 +0200 Subject: [PATCH 03/31] =?UTF-8?q?N=C2=B03317=20-=20Add=20http=20headers?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/ajaxwebpage.class.inc.php | 4 +++- application/csvpage.class.inc.php | 4 +++- application/itopwebpage.class.inc.php | 4 +++- application/loginwebpage.class.inc.php | 4 +++- application/webpage.class.inc.php | 5 +++-- application/xmlpage.class.inc.php | 4 +++- .../itop-hub-connector/hubconnectorpage.class.inc.php | 6 ++++-- pages/UI.php | 1 + pages/UniversalSearch.php | 1 + pages/run_query.php | 1 + pages/schema.php | 1 + webservices/export-v2.php | 9 +++++++++ 12 files changed, 35 insertions(+), 9 deletions(-) diff --git a/application/ajaxwebpage.class.inc.php b/application/ajaxwebpage.class.inc.php index 82ddaf0d1..ce991285f 100644 --- a/application/ajaxwebpage.class.inc.php +++ b/application/ajaxwebpage.class.inc.php @@ -41,7 +41,9 @@ class ajax_page extends WebPage implements iTabbedPage parent::__construct($s_title, $bPrintable); $this->m_sReadyScript = ""; //$this->add_header("Content-type: text/html; charset=utf-8"); - $this->add_header("Cache-control: no-cache"); + $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); + $this->add_header('Pragma: no-cache'); + $this->add_header('Expires: 0'); $this->m_oTabs = new TabManager(); $this->sContentType = 'text/html'; $this->sContentDisposition = 'inline'; diff --git a/application/csvpage.class.inc.php b/application/csvpage.class.inc.php index 8ff526b77..0924cc38b 100644 --- a/application/csvpage.class.inc.php +++ b/application/csvpage.class.inc.php @@ -33,7 +33,9 @@ class CSVPage extends WebPage { parent::__construct($s_title); $this->add_header("Content-type: text/plain; charset=".self::PAGES_CHARSET); - $this->add_header("Cache-control: no-cache"); + $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); + $this->add_header('Pragma: no-cache'); + $this->add_header('Expires: 0'); //$this->add_header("Content-Transfer-Encoding: binary"); } diff --git a/application/itopwebpage.class.inc.php b/application/itopwebpage.class.inc.php index 576779140..030b0cbbb 100644 --- a/application/itopwebpage.class.inc.php +++ b/application/itopwebpage.class.inc.php @@ -71,7 +71,9 @@ class iTopWebPage extends NiceWebPage implements iTabbedPage $this->m_aMessages = array(); $this->SetRootUrl(utils::GetAbsoluteUrlAppRoot()); $this->add_header("Content-type: text/html; charset=".self::PAGES_CHARSET); - $this->add_header("Cache-control: no-cache"); + $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); + $this->add_header('Pragma: no-cache'); + $this->add_header('Expires: 0'); $this->add_linked_stylesheet("../css/jquery.treeview.css"); $this->add_linked_stylesheet("../css/jquery.autocomplete.css"); $this->add_linked_stylesheet("../css/jquery-ui-timepicker-addon.css"); diff --git a/application/loginwebpage.class.inc.php b/application/loginwebpage.class.inc.php index 363406000..8294a153e 100644 --- a/application/loginwebpage.class.inc.php +++ b/application/loginwebpage.class.inc.php @@ -85,7 +85,9 @@ class LoginWebPage extends NiceWebPage parent::__construct($sTitle); $this->SetStyleSheet(); - $this->add_header("Cache-control: no-cache"); + $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); + $this->add_header('Pragma: no-cache'); + $this->add_header('Expires: 0'); } public function SetStyleSheet() diff --git a/application/webpage.class.inc.php b/application/webpage.class.inc.php index d6bb972de..746ba9083 100644 --- a/application/webpage.class.inc.php +++ b/application/webpage.class.inc.php @@ -487,8 +487,9 @@ class WebPage implements Page */ public function no_cache() { - $this->add_header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 - $this->add_header("Expires: Fri, 17 Jul 1970 05:00:00 GMT"); // Date in the past + $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); + $this->add_header('Pragma: no-cache'); + $this->add_header('Expires: 0'); } /** diff --git a/application/xmlpage.class.inc.php b/application/xmlpage.class.inc.php index 3e08316a4..3d81c5b49 100644 --- a/application/xmlpage.class.inc.php +++ b/application/xmlpage.class.inc.php @@ -43,7 +43,9 @@ class XMLPage extends WebPage $this->m_bPassThrough = $bPassThrough; $this->m_bHeaderSent = false; $this->add_header("Content-type: text/xml; charset=".self::PAGES_CHARSET); - $this->add_header("Cache-control: no-cache"); + $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); + $this->add_header('Pragma: no-cache'); + $this->add_header('Expires: 0'); $this->add_header("Content-location: export.xml"); } diff --git a/datamodels/2.x/itop-hub-connector/hubconnectorpage.class.inc.php b/datamodels/2.x/itop-hub-connector/hubconnectorpage.class.inc.php index f1782e9e6..e068d01d0 100644 --- a/datamodels/2.x/itop-hub-connector/hubconnectorpage.class.inc.php +++ b/datamodels/2.x/itop-hub-connector/hubconnectorpage.class.inc.php @@ -5,8 +5,10 @@ class HubConnectorPage extends NiceWebPage public function __construct($sTitle) { parent::__construct($sTitle); - - $this->add_header("Cache-control: no-cache"); + + $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); + $this->add_header('Pragma: no-cache'); + $this->add_header('Expires: 0'); $sImagesDir = utils::GetAbsoluteUrlAppRoot().'images'; $sModuleImagesDir = utils::GetAbsoluteUrlModulesRoot().'itop-hub-connector/images'; diff --git a/pages/UI.php b/pages/UI.php index 96222f666..3c908983c 100644 --- a/pages/UI.php +++ b/pages/UI.php @@ -1962,6 +1962,7 @@ EOF /////////////////////////////////////////////////////////////////////////////////////////// default: // Menu node rendering (templates) + $oP->add_header('X-Frame-Options: deny'); ApplicationMenu::LoadAdditionalMenus(); $oMenuNode = ApplicationMenu::GetMenuNode(ApplicationMenu::GetMenuIndexById(ApplicationMenu::GetActiveNodeId())); if (is_object($oMenuNode)) diff --git a/pages/UniversalSearch.php b/pages/UniversalSearch.php index cfcacc935..2232fa510 100644 --- a/pages/UniversalSearch.php +++ b/pages/UniversalSearch.php @@ -31,6 +31,7 @@ ApplicationMenu::CheckMenuIdEnabled('UniversalSearchMenu'); $oAppContext = new ApplicationContext(); $oP = new iTopWebPage(Dict::S('UI:UniversalSearchTitle')); +$oP->add_header('X-Frame-Options: deny'); $oP->add_linked_script("../js/json.js"); $oP->add_linked_script("../js/forms-json-utils.js"); $oP->add_linked_script("../js/wizardhelper.js"); diff --git a/pages/run_query.php b/pages/run_query.php index a8154c242..174ab5150 100644 --- a/pages/run_query.php +++ b/pages/run_query.php @@ -93,6 +93,7 @@ $oAppContext = new ApplicationContext(); $oP = new iTopWebPage(Dict::S('UI:RunQuery:Title')); $oP->SetBreadCrumbEntry('ui-tool-runquery', Dict::S('Menu:RunQueriesMenu'), Dict::S('Menu:RunQueriesMenu+'), '', utils::GetAbsoluteUrlAppRoot().'images/wrench.png'); +$oP->add_header('X-Frame-Options: deny'); // Main program $sExpression = utils::ReadParam('expression', '', false, 'raw_data'); diff --git a/pages/schema.php b/pages/schema.php index 0254e86af..db2927fc1 100644 --- a/pages/schema.php +++ b/pages/schema.php @@ -1119,6 +1119,7 @@ $operation = utils::ReadParam('operation', ''); $oPage = new iTopWebPage(Dict::S('UI:Schema:Title')); $oPage->no_cache(); +$oPage->add_header('X-Frame-Options: deny'); $oPage->SetBreadCrumbEntry('ui-tool-datamodel', Dict::S('Menu:DataModelMenu'), Dict::S('Menu:DataModelMenu+'), '', utils::GetAbsoluteUrlAppRoot().'images/wrench.png'); diff --git a/webservices/export-v2.php b/webservices/export-v2.php index 1fd7d6f01..af116e231 100644 --- a/webservices/export-v2.php +++ b/webservices/export-v2.php @@ -44,6 +44,7 @@ function ReportErrorAndExit($sErrorMessage) else { $oP = new WebPage("iTop - Export"); + $oP->add_header('X-Frame-Options: deny'); $oP->p('ERROR: '.$sErrorMessage); $oP->output(); exit(-1); @@ -63,6 +64,7 @@ function ReportErrorAndUsage($sErrorMessage) else { $oP = new WebPage("iTop - Export"); + $oP->add_header('X-Frame-Options: deny'); $oP->p('ERROR: '.$sErrorMessage); Usage($oP); $oP->output(); @@ -344,6 +346,7 @@ function InteractiveShell($sExpression, $sQueryId, $sFormat, $sFileName, $sMode) if ($sMode == 'dialog') { $oP = new ajax_page(''); + $oP->add_header('X-Frame-Options: deny'); $oP->add('
'); $sExportBtnLabel = json_encode(Dict::S('UI:Button:Export')); $sJSTitle = json_encode(htmlentities(utils::ReadParam('dialog_title', '', false, 'raw_data'), ENT_QUOTES, 'UTF-8')); @@ -369,6 +372,7 @@ EOF else { $oP = new iTopWebPage('iTop Export'); + $oP->add_header('X-Frame-Options: deny'); $oP->SetBreadCrumbEntry('ui-tool-export', Dict::S('Menu:ExportMenu'), Dict::S('Menu:ExportMenu+'), '', utils::GetAbsoluteUrlAppRoot().'images/wrench.png'); } @@ -729,6 +733,7 @@ try if($oExporter instanceof HTMLBulkExport) { $oP = new NiceWebPage('iTop export'); + $oP->add_header('X-Frame-Options: deny'); $oP->add_ready_script("$('table.listResults').tablesorter({widgets: ['MyZebra']});"); $oP->add_linked_stylesheet(utils::GetAbsoluteUrlAppRoot().'css/font-awesome/css/all.min.css'); $oP->add_linked_stylesheet(utils::GetAbsoluteUrlAppRoot().'css/font-awesome/css/v4-shims.min.css'); @@ -736,6 +741,7 @@ try else { $oP = new WebPage('iTop export'); + $oP->add_header('X-Frame-Options: deny'); $oP->add_style("table br { mso-data-placement:same-cell; }"); // Trick for Excel: keep line breaks inside the same cell ! } $oP->add_style("body { overflow: auto; }"); @@ -743,6 +749,7 @@ try else { $oP = new ajax_page('iTop export'); + $oP->add_header('X-Frame-Options: deny'); $oP->SetContentType($oExporter->GetMimeType()); } DoExport($oP, $oExporter, false); @@ -752,6 +759,7 @@ try catch (BulkExportMissingParameterException $e) { $oP = new ajax_page('iTop Export'); + $oP->add_header('X-Frame-Options: deny'); $oP->add($e->getMessage()); Usage($oP); $oP->output(); @@ -759,6 +767,7 @@ catch (BulkExportMissingParameterException $e) catch (Exception $e) { $oP = new WebPage('iTop Export'); + $oP->add_header('X-Frame-Options: deny'); $oP->add('Error: '.$e->getMessage()); IssueLog::Error($e->getMessage()."\n".$e->getTraceAsString()); $oP->output(); From 58961cd4ec0429f4038e13d46b26c368d6c4089c Mon Sep 17 00:00:00 2001 From: Eric Date: Tue, 22 Sep 2020 11:57:43 +0200 Subject: [PATCH 04/31] =?UTF-8?q?N=C2=B03318=20-=20don't=20display=20error?= =?UTF-8?q?=20details?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../portal/src/EventListener/ExceptionListener.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/datamodels/2.x/itop-portal-base/portal/src/EventListener/ExceptionListener.php b/datamodels/2.x/itop-portal-base/portal/src/EventListener/ExceptionListener.php index 0dd8638bd..633acea61 100644 --- a/datamodels/2.x/itop-portal-base/portal/src/EventListener/ExceptionListener.php +++ b/datamodels/2.x/itop-portal-base/portal/src/EventListener/ExceptionListener.php @@ -93,7 +93,7 @@ class ExceptionListener implements ContainerAwareInterface 'exception' => $oFlattenException, 'code' => $iStatusCode, 'error_title' => $sErrorTitle, - 'error_message' => $sErrorMessage, + 'error_message' => '', ); // Generate the response From 0c90b701ea1f34457517aa7d1ec953bdf34eb23b Mon Sep 17 00:00:00 2001 From: Eric Date: Tue, 22 Sep 2020 12:45:19 +0200 Subject: [PATCH 05/31] =?UTF-8?q?N=C2=B03283=20-=20Spelling=20mistake?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../fr.dict.itop-change-mgmt-itil.php | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/datamodels/2.x/itop-change-mgmt-itil/fr.dict.itop-change-mgmt-itil.php b/datamodels/2.x/itop-change-mgmt-itil/fr.dict.itop-change-mgmt-itil.php index 4008350df..68c09c732 100755 --- a/datamodels/2.x/itop-change-mgmt-itil/fr.dict.itop-change-mgmt-itil.php +++ b/datamodels/2.x/itop-change-mgmt-itil/fr.dict.itop-change-mgmt-itil.php @@ -146,11 +146,11 @@ Dict::Add('FR FR', 'French', 'Français', array( 'Class:Change/Stimulus:ev_assign+' => '', 'Class:Change/Stimulus:ev_reopen' => 'Réouvrir', 'Class:Change/Stimulus:ev_reopen+' => '', - 'Class:Change/Stimulus:ev_plan' => 'Plannifier', + 'Class:Change/Stimulus:ev_plan' => 'Planifier', 'Class:Change/Stimulus:ev_plan+' => '', 'Class:Change/Stimulus:ev_approve' => 'Approuver', 'Class:Change/Stimulus:ev_approve+' => '', - 'Class:Change/Stimulus:ev_replan' => 'Replannifier', + 'Class:Change/Stimulus:ev_replan' => 'Replanifier', 'Class:Change/Stimulus:ev_replan+' => '', 'Class:Change/Stimulus:ev_notapprove' => 'Ne pas approuver', 'Class:Change/Stimulus:ev_notapprove+' => '', @@ -177,11 +177,11 @@ Dict::Add('FR FR', 'French', 'Français', array( 'Class:RoutineChange/Stimulus:ev_assign+' => '', 'Class:RoutineChange/Stimulus:ev_reopen' => 'Réouvrir', 'Class:RoutineChange/Stimulus:ev_reopen+' => '', - 'Class:RoutineChange/Stimulus:ev_plan' => 'Plannifier', + 'Class:RoutineChange/Stimulus:ev_plan' => 'Planifier', 'Class:RoutineChange/Stimulus:ev_plan+' => '', 'Class:RoutineChange/Stimulus:ev_approve' => 'Approver', 'Class:RoutineChange/Stimulus:ev_approve+' => '', - 'Class:RoutineChange/Stimulus:ev_replan' => 'Replannifier', + 'Class:RoutineChange/Stimulus:ev_replan' => 'Replanifier', 'Class:RoutineChange/Stimulus:ev_replan+' => '', 'Class:RoutineChange/Stimulus:ev_notapprove' => 'Ne pas approver', 'Class:RoutineChange/Stimulus:ev_notapprove+' => '', @@ -212,11 +212,11 @@ Dict::Add('FR FR', 'French', 'Français', array( 'Class:ApprovedChange/Stimulus:ev_assign+' => '', 'Class:ApprovedChange/Stimulus:ev_reopen' => 'Réouvrir', 'Class:ApprovedChange/Stimulus:ev_reopen+' => '', - 'Class:ApprovedChange/Stimulus:ev_plan' => 'Plannifier', + 'Class:ApprovedChange/Stimulus:ev_plan' => 'Planifier', 'Class:ApprovedChange/Stimulus:ev_plan+' => '', 'Class:ApprovedChange/Stimulus:ev_approve' => 'Approuver', 'Class:ApprovedChange/Stimulus:ev_approve+' => '', - 'Class:ApprovedChange/Stimulus:ev_replan' => 'Replannifier', + 'Class:ApprovedChange/Stimulus:ev_replan' => 'Replanifier', 'Class:ApprovedChange/Stimulus:ev_replan+' => '', 'Class:ApprovedChange/Stimulus:ev_notapprove' => 'Ne pas approuver', 'Class:ApprovedChange/Stimulus:ev_notapprove+' => '', @@ -247,11 +247,11 @@ Dict::Add('FR FR', 'French', 'Français', array( 'Class:NormalChange/Stimulus:ev_assign+' => '', 'Class:NormalChange/Stimulus:ev_reopen' => 'Réouvrir', 'Class:NormalChange/Stimulus:ev_reopen+' => '', - 'Class:NormalChange/Stimulus:ev_plan' => 'Plannifier', + 'Class:NormalChange/Stimulus:ev_plan' => 'Planifier', 'Class:NormalChange/Stimulus:ev_plan+' => '', 'Class:NormalChange/Stimulus:ev_approve' => 'Approuver', 'Class:NormalChange/Stimulus:ev_approve+' => '', - 'Class:NormalChange/Stimulus:ev_replan' => 'Replannifier', + 'Class:NormalChange/Stimulus:ev_replan' => 'Replanifier', 'Class:NormalChange/Stimulus:ev_replan+' => '', 'Class:NormalChange/Stimulus:ev_notapprove' => 'Ne pas approuver', 'Class:NormalChange/Stimulus:ev_notapprove+' => '', @@ -278,11 +278,11 @@ Dict::Add('FR FR', 'French', 'Français', array( 'Class:EmergencyChange/Stimulus:ev_assign+' => '', 'Class:EmergencyChange/Stimulus:ev_reopen' => 'Réouvrir', 'Class:EmergencyChange/Stimulus:ev_reopen+' => '', - 'Class:EmergencyChange/Stimulus:ev_plan' => 'Plannifier', + 'Class:EmergencyChange/Stimulus:ev_plan' => 'Planifier', 'Class:EmergencyChange/Stimulus:ev_plan+' => '', 'Class:EmergencyChange/Stimulus:ev_approve' => 'Approuver', 'Class:EmergencyChange/Stimulus:ev_approve+' => '', - 'Class:EmergencyChange/Stimulus:ev_replan' => 'Replannifier', + 'Class:EmergencyChange/Stimulus:ev_replan' => 'Replanifier', 'Class:EmergencyChange/Stimulus:ev_replan+' => '', 'Class:EmergencyChange/Stimulus:ev_notapprove' => 'Ne pas approuver', 'Class:EmergencyChange/Stimulus:ev_notapprove+' => '', From 94b9a9bb75900fdfe0281105338f381aa0f23969 Mon Sep 17 00:00:00 2001 From: Eric Date: Tue, 22 Sep 2020 12:51:43 +0200 Subject: [PATCH 06/31] =?UTF-8?q?N=C2=B03309=20-=20Spelling=20mistake?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dictionaries/fr.dictionary.itop.ui.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dictionaries/fr.dictionary.itop.ui.php b/dictionaries/fr.dictionary.itop.ui.php index 1e3faa91b..3b1dba5b4 100644 --- a/dictionaries/fr.dictionary.itop.ui.php +++ b/dictionaries/fr.dictionary.itop.ui.php @@ -339,7 +339,7 @@ Dict::Add('FR FR', 'French', 'Français', array( 'UI:WelcomeMenu:LeftBlock' => '

iTop est un portail opérationnel complet et libre pour gérer votre SI.

    il contient: -
  • Une base de gestion des configuration (CMDB - Configuration management database) pour documenter et gérer votre parc informatique.
    • +
  • Une base de gestion des configurations (CMDB - Configuration management database) pour documenter et gérer votre parc informatique.
  • Un module de gestion des incidents pour suivre les incidents d\'exploitation et gérer la communication à propos de ces incidents.
  • Un module de gestion des changements pour planifier et suivre les modifications de votre SI.
  • Une base des erreurs connues, pour accélérer la résolution des incidents.
    • @@ -355,7 +355,7 @@ Dict::Add('FR FR', 'French', 'Français', array(
  • Améliorer la satisfaction client et fournir aux responsables des vues sur la performance interne du SI.

-

iTop est complètement ouvert pour s\'intéger avec votre environnement informatique.

+

iTop est complètement ouvert pour s\'intégrer avec votre environnement informatique.

    Grâce à ce portail opérationnel de nouvelle génération:
  • Gérez un environnement informatique de plus en plus complexe.
    • From 1e634a8bba0ab88f1d2911d4d23ef374c25d52b1 Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Wed, 23 Sep 2020 17:17:05 +0200 Subject: [PATCH 07/31] =?UTF-8?q?N=C2=B03332=20Security=20hardening?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- js/breadcrumb.js | 27 ++++++++++++++------------- js/utils.js | 20 ++++++++++++++++++-- 2 files changed, 32 insertions(+), 15 deletions(-) diff --git a/js/breadcrumb.js b/js/breadcrumb.js index e8fc88a6f..ab0941d86 100644 --- a/js/breadcrumb.js +++ b/js/breadcrumb.js @@ -59,24 +59,25 @@ $(function() var oEntry = aBreadCrumb[iEntry]; if (oEntry['label'].length > 0) { - var sIconSpec = ''; - if (oEntry['icon'].length > 0) - { - sIconSpec = ''; - } - var sTitle = oEntry['description']; + var sIconSpec = ''; + if (oEntry['icon'].length > 0) { + sIconSpec = ''; + } + + var sTitle = oEntry['description'], + sLabel = oEntry['label']; if (sTitle.length == 0) { sTitle = oEntry['label']; } - if ((this.options.new_entry !== null) && (iEntry == aBreadCrumb.length - 1)) - { + sTitle = SanitizeHtml(sTitle); + sLabel = SanitizeHtml(sLabel); + + if ((this.options.new_entry !== null) && (iEntry == aBreadCrumb.length-1)) { // Last entry is the current page - sBreadCrumbHtml += '
    '+sIconSpec+''+oEntry['label']+'
    '; - } - else - { + sBreadCrumbHtml += '
    '+sIconSpec+''+sLabel+'
    '; + } else { var sSanitizedUrl = StripArchiveArgument(oEntry['url']); - sBreadCrumbHtml += '
    '+sIconSpec+''+oEntry['label']+'
    '; + sBreadCrumbHtml += '
    '+sIconSpec+''+sLabel+'
    '; } } } diff --git a/js/utils.js b/js/utils.js index be52a81d2..52f446a4c 100644 --- a/js/utils.js +++ b/js/utils.js @@ -669,6 +669,23 @@ function DisplayHistory(sSelector, sFilter, iCount, iStart) { ); } +/** + * @param sValue value to escape + * @returns {string} sanitized value, ready to insert in the DOM without XSS risk + * + * @since 2.6.5, 2.7.2, 2.8.0 N°3332 + * @see https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#rule-1-html-encode-before-inserting-untrusted-data-into-html-element-content + */ +function SanitizeHtml(sValue) { + return (sValue+'') + .replace(/&/g, '&') + .replace(//g, '>') + .replace(/"/g, '"') + .replace(/'/g, ''') + .replace(/\//g, '/'); +} + // Very simple equivalent to format: placeholders are %1$s %2$d ... function Format() { var args = []; @@ -676,8 +693,7 @@ function Format() { if (arguments[0] instanceof Array) { str = arguments[0][0].toString(); args = arguments[0]; - } - else { + } else { str = arguments[0].toString(); if (arguments.length > 1) { var t = typeof arguments[1]; From 45e366745d641c8e7e28f51028ff16a24f858e19 Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Thu, 24 Sep 2020 17:34:57 +0200 Subject: [PATCH 08/31] =?UTF-8?q?N=C2=B03333=20Security=20hardening?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/userrights.class.inc.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/core/userrights.class.inc.php b/core/userrights.class.inc.php index 5c746bbb1..12a936787 100644 --- a/core/userrights.class.inc.php +++ b/core/userrights.class.inc.php @@ -1343,9 +1343,8 @@ class UserRights // The bug has been fixed in PHP 7.2, but in case session_regenerate_id() // fails we just silently ignore the error and keep the same session id... $old_error_handler = set_error_handler(array(__CLASS__, 'VoidErrorHandler')); - session_regenerate_id(); - if ($old_error_handler !== null) - { + session_regenerate_id(true); + if ($old_error_handler !== null) { set_error_handler($old_error_handler); } } From 4e0eed6e13ac316eb56f49a3f28f76bdb46e0de8 Mon Sep 17 00:00:00 2001 From: odain Date: Fri, 21 Aug 2020 18:10:48 +0200 Subject: [PATCH 09/31] =?UTF-8?q?N=C2=B03270=20Notify=20on=20expiration=20?= =?UTF-8?q?not=20sending=20notification=20(trigger=20exception)=20=09add?= =?UTF-8?q?=20boilerplate=20function=20and=20use=20it=20to=20intercept/enr?= =?UTF-8?q?ich=20trigger=20exception=20loops?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/utils.inc.php | 22 ++++++ core/coreexception.class.inc.php | 14 +++- core/dbobject.class.php | 44 +++++++++-- core/ormstopwatch.class.inc.php | 9 ++- .../portal/src/Form/ObjectFormManager.php | 9 ++- .../2.x/itop-tickets/module.itop-tickets.php | 11 ++- pages/UI.php | 4 +- test/core/TriggerTest.php | 73 +++++++++++++++++++ 8 files changed, 173 insertions(+), 13 deletions(-) diff --git a/application/utils.inc.php b/application/utils.inc.php index 5d6754b8e..ec5b43ab5 100644 --- a/application/utils.inc.php +++ b/application/utils.inc.php @@ -2315,4 +2315,26 @@ class utils { return str_replace(' ', '', ucwords(strtr($sInput, '_-', ' '))); } + + /** + * @param \cmdbAbstractObject $oCmdbAbstract + * @param \Exception $oException + * + * @throws \Exception + * @since 2.7.2/ 2.8.0 + */ + public static function EnrichRaisedException($oCmdbAbstract, $oException) + { + if (is_null($oCmdbAbstract) || + ! is_a($oCmdbAbstract, \cmdbAbstractObject::class)) + { + throw $oException; + } + + $sCmdbAbstractInfo = str_replace("\n", '', "" . $oCmdbAbstract); + $sMessage = $oException->getMessage() . " (" . $sCmdbAbstractInfo . ")"; + + $e = new CoreException($sMessage, null, '', $oException); + throw $e; + } } diff --git a/core/coreexception.class.inc.php b/core/coreexception.class.inc.php index 81ba9efef..7188446c7 100644 --- a/core/coreexception.class.inc.php +++ b/core/coreexception.class.inc.php @@ -28,7 +28,7 @@ class CoreException extends Exception { - public function __construct($sIssue, $aContextData = null, $sImpact = '') + public function __construct($sIssue, $aContextData = null, $sImpact = '', $oPrevious = null) { $this->m_sIssue = $sIssue; $this->m_sImpact = $sImpact; @@ -66,7 +66,7 @@ class CoreException extends Exception } $sMessage .= implode(', ', $aContextItems); } - parent::__construct($sMessage, 0); + parent::__construct($sMessage, 0, $oPrevious); } /** @@ -81,6 +81,16 @@ class CoreException extends Exception return $this->getMessage(); } + /** + * getTraceAsString() cannot be overrided and it is limited as only current exception stack is returned. + * we need stack of all previous exceptions + * @uses __tostring() already does the work. + * @since 2.7.2/ 2.8.0 + */ + public function getFullStackTraceAsString(){ + return "" . $this; + } + public function getTraceAsHtml() { $aBackTrace = $this->getTrace(); diff --git a/core/dbobject.class.php b/core/dbobject.class.php index fae884d1e..aba3b5a25 100644 --- a/core/dbobject.class.php +++ b/core/dbobject.class.php @@ -2805,7 +2805,14 @@ abstract class DBObject implements iDisplay while ($oTrigger = $oSet->Fetch()) { /** @var \Trigger $oTrigger */ - $oTrigger->DoActivate($this->ToArgs('this')); + try + { + $oTrigger->DoActivate($this->ToArgs('this')); + } + catch(Exception $e) + { + utils::EnrichRaisedException($oTrigger, $e); + } } $this->RecordObjCreation(); @@ -3117,7 +3124,14 @@ abstract class DBObject implements iDisplay while ($oTrigger = $oSet->Fetch()) { /** @var \Trigger $oTrigger */ - $oTrigger->DoActivate($this->ToArgs('this')); + try + { + $oTrigger->DoActivate($this->ToArgs('this')); + } + catch(Exception $e) + { + utils::EnrichRaisedException($oTrigger, $e); + } } $bHasANewExternalKeyValue = false; @@ -3433,7 +3447,14 @@ abstract class DBObject implements iDisplay while ($oTrigger = $oSet->Fetch()) { /** @var \Trigger $oTrigger */ - $oTrigger->DoActivate($this->ToArgs('this')); + try + { + $oTrigger->DoActivate($this->ToArgs('this')); + } + catch(Exception $e) + { + utils::EnrichRaisedException($oTrigger, $e); + } } $this->RecordObjDeletion($this->m_iKey); // May cause a reload for storing history information @@ -3837,14 +3858,27 @@ abstract class DBObject implements iDisplay while ($oTrigger = $oSet->Fetch()) { /** @var \Trigger $oTrigger */ - $oTrigger->DoActivate($this->ToArgs('this')); + try + { + $oTrigger->DoActivate($this->ToArgs('this')); + } + catch(Exception $e) + { + utils::EnrichRaisedException($oTrigger, $e); + } } $oSet = new DBObjectSet(DBObjectSearch::FromOQL("SELECT TriggerOnStateEnter AS t WHERE t.target_class IN (:class_list) AND t.state=:new_state"), array(), $aParams); while ($oTrigger = $oSet->Fetch()) { /** @var \Trigger $oTrigger */ - $oTrigger->DoActivate($this->ToArgs('this')); + try{ + $oTrigger->DoActivate($this->ToArgs('this')); + } + catch(Exception $e) + { + utils::EnrichRaisedException($oTrigger, $e); + } } } else diff --git a/core/ormstopwatch.class.inc.php b/core/ormstopwatch.class.inc.php index 3af604e2c..1913a36c4 100644 --- a/core/ormstopwatch.class.inc.php +++ b/core/ormstopwatch.class.inc.php @@ -614,7 +614,14 @@ class CheckStopWatchThresholds implements iBackgroundProcess ); while ($oTrigger = $oTriggerSet->Fetch()) { - $oTrigger->DoActivate($oObj->ToArgs('this')); + try + { + $oTrigger->DoActivate($oObj->ToArgs('this')); + } + catch(Exception $e) + { + utils::EnrichRaisedException($oTrigger, $e); + } } } } diff --git a/datamodels/2.x/itop-portal-base/portal/src/Form/ObjectFormManager.php b/datamodels/2.x/itop-portal-base/portal/src/Form/ObjectFormManager.php index 835099838..11c9f3995 100644 --- a/datamodels/2.x/itop-portal-base/portal/src/Form/ObjectFormManager.php +++ b/datamodels/2.x/itop-portal-base/portal/src/Form/ObjectFormManager.php @@ -1139,7 +1139,14 @@ class ObjectFormManager extends FormManager /** @var \Trigger $oTrigger */ while ($oTrigger = $oTriggerSet->Fetch()) { - $oTrigger->DoActivate($this->oObject->ToArgs('this')); + try + { + $oTrigger->DoActivate($this->oObject->ToArgs('this')); + } + catch(Exception $e) + { + utils::EnrichRaisedException($oTrigger, $e); + } } } } diff --git a/datamodels/2.x/itop-tickets/module.itop-tickets.php b/datamodels/2.x/itop-tickets/module.itop-tickets.php index 4be3a3d22..0830d1917 100755 --- a/datamodels/2.x/itop-tickets/module.itop-tickets.php +++ b/datamodels/2.x/itop-tickets/module.itop-tickets.php @@ -55,9 +55,16 @@ class TicketsInstaller extends ModuleInstallerAPI $oSet = new DBObjectSet($oSearch); while($oTrigger = $oSet->Fetch()) { - if (!MetaModel::IsValidClass($oTrigger->Get('target_class'))) + try { - $oTrigger->DBDelete(); + if (!MetaModel::IsValidClass($oTrigger->Get('target_class'))) + { + $oTrigger->DBDelete(); + } + } + catch(Exception $e) + { + utils::EnrichRaisedException($oTrigger, $e); } } } diff --git a/pages/UI.php b/pages/UI.php index 3c908983c..f931e9121 100644 --- a/pages/UI.php +++ b/pages/UI.php @@ -2004,7 +2004,7 @@ catch(CoreException $e) $oLog->Set('userinfo', ''); $oLog->Set('issue', $e->GetIssue()); $oLog->Set('impact', 'Page could not be displayed'); - $oLog->Set('callstack', $e->getTrace()); + $oLog->Set('callstack', $e->getFullStackTraceAsString()); $oLog->Set('data', $e->getContextData()); $oLog->DBInsertNoReload(); } @@ -2014,7 +2014,7 @@ catch(CoreException $e) } } - IssueLog::Error('UI.php operation='.$operation.', error='.$e->getMessage()."\n".$e->getTraceAsString()); + IssueLog::Error('UI.php operation='.$operation.', error='.$e->getMessage()."\n".$e->getFullStackTraceAsString()); } // For debugging only diff --git a/test/core/TriggerTest.php b/test/core/TriggerTest.php index e9c703cec..b2547b0e9 100644 --- a/test/core/TriggerTest.php +++ b/test/core/TriggerTest.php @@ -5,6 +5,7 @@ namespace Combodo\iTop\Test\UnitTest\Core; use Combodo\iTop\Test\UnitTest\ItopDataTestCase; use ContextTag; use MetaModel; +use PHPUnit\Exception; use TriggerOnObjectCreate; /** @@ -14,10 +15,21 @@ use TriggerOnObjectCreate; * * @runTestsInSeparateProcesses */ + +//define('APPROOT', dirname(__FILE__).'/../../'); +//define('APPCONF', APPROOT.'conf/'); + class TriggerTest extends ItopDataTestCase { const USE_TRANSACTION = false; + + protected function setUp() + { + //@include_once APPROOT . 'approot.inc.php'; + parent::setUp(); + } + public function testIsContextValid() { /** @var TriggerOnObjectCreate $oTrigger */ @@ -29,4 +41,65 @@ class TriggerTest extends ItopDataTestCase ContextTag::AddContext(ContextTag::TAG_CRON); $this->assertTrue($oTrigger->IsContextValid()); } + + public function testEnrichRaisedException_Trigger() + { + $oTrigger = MetaModel::NewObject('TriggerOnObjectCreate'); + $sStackTrace = ""; + try + { + try + { + MetaModel::NewObject('Toto'); + } + catch (\Exception $e) + { + $sStackTrace = $e->getTraceAsString(); + \utils::EnrichRaisedException($oTrigger, $e); + } + $this->assertTrue(false, "An exception should have been thrown"); + } + catch(\CoreException $e1) + { + $this->assertEquals('CoreException', get_class($e1)); + $this->assertEquals('Unknown class \'Toto\' (TriggerOnObjectCreate::-1 ()
    )', $e1->getMessage()); + + $fullStackTraceAsString = $e1->getFullStackTraceAsString(); + $this->assertContains("MetaModel::NewObject", $fullStackTraceAsString,"new enriched exception should contain root cause method: " . $fullStackTraceAsString); + } + } + + public function NoEnrichmentProvider() + { + return [ + [ null ], + [ new \PHPUnit\Runner\Exception() ], + ] ; + } + + /** + * @param $oCmdbAbstract + * @dataProvider NoEnrichmentProvider + */ + public function testEnrichRaisedException_NoEnrichment($oCmdbAbstract) + { + $sStackTrace = ""; + try + { + try + { + MetaModel::NewObject('CoreException'); + } + catch (\Exception $e) + { + $sStackTrace = $e->getTraceAsString(); + \utils::EnrichRaisedException($oCmdbAbstract, $e); + } + $this->assertTrue(false, "An exception should have been thrown"); + } + catch(\Exception $e1) + { + $this->assertEquals($e, $e1); + } + } } From 9520d2794fe27f3719dbef111f029ea168a5d3f1 Mon Sep 17 00:00:00 2001 From: odain Date: Fri, 25 Sep 2020 10:29:38 +0200 Subject: [PATCH 10/31] :green_heart: fix ci Serialization of 'ReflectionClass' is not allowed --- test/core/TriggerTest.php | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/test/core/TriggerTest.php b/test/core/TriggerTest.php index b2547b0e9..768f1fb3b 100644 --- a/test/core/TriggerTest.php +++ b/test/core/TriggerTest.php @@ -2,6 +2,7 @@ namespace Combodo\iTop\Test\UnitTest\Core; +use Combodo\iTop\Portal\Controller\ObjectController; use Combodo\iTop\Test\UnitTest\ItopDataTestCase; use ContextTag; use MetaModel; @@ -16,9 +17,6 @@ use TriggerOnObjectCreate; * @runTestsInSeparateProcesses */ -//define('APPROOT', dirname(__FILE__).'/../../'); -//define('APPCONF', APPROOT.'conf/'); - class TriggerTest extends ItopDataTestCase { const USE_TRANSACTION = false; @@ -26,7 +24,6 @@ class TriggerTest extends ItopDataTestCase protected function setUp() { - //@include_once APPROOT . 'approot.inc.php'; parent::setUp(); } @@ -45,7 +42,6 @@ class TriggerTest extends ItopDataTestCase public function testEnrichRaisedException_Trigger() { $oTrigger = MetaModel::NewObject('TriggerOnObjectCreate'); - $sStackTrace = ""; try { try @@ -54,7 +50,6 @@ class TriggerTest extends ItopDataTestCase } catch (\Exception $e) { - $sStackTrace = $e->getTraceAsString(); \utils::EnrichRaisedException($oTrigger, $e); } $this->assertTrue(false, "An exception should have been thrown"); @@ -73,7 +68,7 @@ class TriggerTest extends ItopDataTestCase { return [ [ null ], - [ new \PHPUnit\Runner\Exception() ], + [ new NonCmdbAbstractObject() ], ] ; } @@ -83,7 +78,6 @@ class TriggerTest extends ItopDataTestCase */ public function testEnrichRaisedException_NoEnrichment($oCmdbAbstract) { - $sStackTrace = ""; try { try @@ -92,7 +86,6 @@ class TriggerTest extends ItopDataTestCase } catch (\Exception $e) { - $sStackTrace = $e->getTraceAsString(); \utils::EnrichRaisedException($oCmdbAbstract, $e); } $this->assertTrue(false, "An exception should have been thrown"); @@ -103,3 +96,7 @@ class TriggerTest extends ItopDataTestCase } } } + +class NonCmdbAbstractObject{ + +} From 0948e80060733e6bc48632f07e15d0f66de3b471 Mon Sep 17 00:00:00 2001 From: Molkobain Date: Mon, 28 Sep 2020 14:10:19 +0200 Subject: [PATCH 11/31] =?UTF-8?q?N=C2=B03320=20-=20Fix=20empty=20tabs=20be?= =?UTF-8?q?ing=20displayed=20(misuse=20of=20the=20API=20or=20user=20rights?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/cmdbabstract.class.inc.php | 9 +++------ application/webpage.class.inc.php | 6 ++++++ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/application/cmdbabstract.class.inc.php b/application/cmdbabstract.class.inc.php index a39bd69d9..61777fe51 100644 --- a/application/cmdbabstract.class.inc.php +++ b/application/cmdbabstract.class.inc.php @@ -558,12 +558,6 @@ EOF $oLinkSet = $oOrmLinkSet->ToDBObjectSet(utils::ShowObsoleteData()); $iCount = $oLinkSet->Count(); - $sCount = ''; - if ($iCount != 0) - { - $sCount = " ($iCount)"; - } - $oPage->SetCurrentTab('Class:'.$sClass.'/Attribute:'.$sAttCode, $oAttDef->GetLabel().$sCount); if ($this->IsNew()) { $iFlags = $this->GetInitialStateAttributeFlags($sAttCode); @@ -609,6 +603,9 @@ EOF continue; } + $sCount = ($iCount != 0) ? " ($iCount)" : ""; + $oPage->SetCurrentTab('Class:'.$sClass.'/Attribute:'.$sAttCode, $oAttDef->GetLabel().$sCount); + $aArgs = array('this' => $this); $bReadOnly = ($iFlags & (OPT_ATT_READONLY | OPT_ATT_SLAVE)); if ($bEditMode && (!$bReadOnly)) diff --git a/application/webpage.class.inc.php b/application/webpage.class.inc.php index 746ba9083..efd63088f 100644 --- a/application/webpage.class.inc.php +++ b/application/webpage.class.inc.php @@ -1547,6 +1547,12 @@ class TabManager { unset($aTabs['tabs'][$sTabCode]); } + + // N°3320: Do not display empty tabs + if (empty($aTabData['html'])) + { + unset($aTabs['tabs'][$sTabCode]); + } } // Render tabs From 389b61d3a8df3f623bff8daf4fb5037a405646ba Mon Sep 17 00:00:00 2001 From: Molkobain Date: Mon, 28 Sep 2020 14:29:51 +0200 Subject: [PATCH 12/31] Fix missing author information in composer.json for TCPDF lib. --- composer.lock | 8 ++++---- lib/combodo/tcpdf/composer.json | 7 ++++++- lib/composer/autoload_real.php | 3 --- lib/composer/installed.json | 23 +++++++++++------------ 4 files changed, 21 insertions(+), 20 deletions(-) diff --git a/composer.lock b/composer.lock index 3a08b7f7d..82f6bcf10 100644 --- a/composer.lock +++ b/composer.lock @@ -12,12 +12,12 @@ "source": { "type": "git", "url": "https://github.com/combodo-itop-libs/TCPDF.git", - "reference": "abbfedb8ca59843dec11c97ca3f308742265c3fc" + "reference": "aedd4b7b8cf7fcc24e617c405c9d3304150f4b94" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/combodo-itop-libs/TCPDF/zipball/abbfedb8ca59843dec11c97ca3f308742265c3fc", - "reference": "abbfedb8ca59843dec11c97ca3f308742265c3fc", + "url": "https://api.github.com/repos/combodo-itop-libs/TCPDF/zipball/aedd4b7b8cf7fcc24e617c405c9d3304150f4b94", + "reference": "aedd4b7b8cf7fcc24e617c405c9d3304150f4b94", "shasum": "" }, "require": { @@ -64,7 +64,7 @@ ], "description": "TCPDF fork adding requirements for iTop: Specific fonts.", "homepage": "https://github.com/combodo-itop-libs/TCPDF", - "time": "2020-06-05T13:06:44+00:00" + "time": "2020-09-28T12:19:09+00:00" }, { "name": "nikic/php-parser", diff --git a/lib/combodo/tcpdf/composer.json b/lib/combodo/tcpdf/composer.json index d9ac48435..fe90ae9eb 100644 --- a/lib/combodo/tcpdf/composer.json +++ b/lib/combodo/tcpdf/composer.json @@ -6,8 +6,13 @@ "homepage": "https://github.com/combodo-itop-libs/TCPDF", "type": "library", "description": "TCPDF fork adding requirements for iTop: Specific fonts.", - "license": "LGPL-3.0", + "license": "LGPL-3.0-only", "authors": [ + { + "name": "Nicola Asuni", + "email": "info@tecnick.com", + "role": "lead" + }, { "name": "Combodo", "email": "contact@combodo.com" diff --git a/lib/composer/autoload_real.php b/lib/composer/autoload_real.php index ac16a9508..e8c595bf1 100644 --- a/lib/composer/autoload_real.php +++ b/lib/composer/autoload_real.php @@ -13,9 +13,6 @@ class ComposerAutoloaderInit0018331147de7601e7552f7da8e3bb8b } } - /** - * @return \Composer\Autoload\ClassLoader - */ public static function getLoader() { if (null !== self::$loader) { diff --git a/lib/composer/installed.json b/lib/composer/installed.json index 1ec9d2a9a..d201d4b99 100644 --- a/lib/composer/installed.json +++ b/lib/composer/installed.json @@ -6,12 +6,12 @@ "source": { "type": "git", "url": "https://github.com/combodo-itop-libs/TCPDF.git", - "reference": "abbfedb8ca59843dec11c97ca3f308742265c3fc" + "reference": "aedd4b7b8cf7fcc24e617c405c9d3304150f4b94" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/combodo-itop-libs/TCPDF/zipball/abbfedb8ca59843dec11c97ca3f308742265c3fc", - "reference": "abbfedb8ca59843dec11c97ca3f308742265c3fc", + "url": "https://api.github.com/repos/combodo-itop-libs/TCPDF/zipball/aedd4b7b8cf7fcc24e617c405c9d3304150f4b94", + "reference": "aedd4b7b8cf7fcc24e617c405c9d3304150f4b94", "shasum": "" }, "require": { @@ -20,7 +20,7 @@ "replace": { "tecnickcom/tcpdf": "self.version" }, - "time": "2020-06-05T13:06:44+00:00", + "time": "2020-09-28T12:19:09+00:00", "type": "library", "installation-source": "dist", "autoload": { @@ -45,22 +45,21 @@ }, "notification-url": "https://packagist.org/downloads/", "license": [ - "LGPL-3.0" + "LGPL-3.0-only" ], "authors": [ + { + "name": "Nicola Asuni", + "email": "info@tecnick.com", + "role": "lead" + }, { "name": "Combodo", "email": "contact@combodo.com" } ], "description": "TCPDF fork adding requirements for iTop: Specific fonts.", - "homepage": "https://github.com/combodo-itop-libs/TCPDF", - "funding": [ - { - "url": "https://www.paypal.com/cgi-bin/webscr?cmd=_donations¤cy_code=GBP&business=paypal@tecnick.com&item_name=donation%20for%20tcpdf%20project", - "type": "custom" - } - ] + "homepage": "https://github.com/combodo-itop-libs/TCPDF" }, { "name": "nikic/php-parser", From 794d4f1e0e39ab8e0678ce2576cf06e7ede7ae98 Mon Sep 17 00:00:00 2001 From: Molkobain Date: Mon, 28 Sep 2020 14:31:36 +0200 Subject: [PATCH 13/31] =?UTF-8?q?N=C2=B03310=20-=20Fix=20corrupted=20backu?= =?UTF-8?q?ps=20when=20a=20file=20has=20a=20size=20which=20is=20a=20multip?= =?UTF-8?q?le=20of=20512=20bytes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- composer.json | 2 +- composer.lock | 12 ++++++------ lib/composer/installed.json | 12 ++++++------ lib/pear/archive_tar/.gitignore | 5 +++++ lib/pear/archive_tar/.travis.yml | 18 +++++------------- lib/pear/archive_tar/Archive/Tar.php | 13 +++++++++---- lib/pear/archive_tar/package.xml | 24 ++++++++++++++++++++---- 7 files changed, 52 insertions(+), 34 deletions(-) diff --git a/composer.json b/composer.json index e363d44da..8b9321e99 100644 --- a/composer.json +++ b/composer.json @@ -12,7 +12,7 @@ "ext-soap": "*", "combodo/tcpdf": "6.3.5", "nikic/php-parser": "^3.1", - "pear/archive_tar": "1.4.9", + "pear/archive_tar": "1.4.10", "pelago/emogrifier": "2.1.0", "scssphp/scssphp": "1.0.6", "swiftmailer/swiftmailer": "5.4.12", diff --git a/composer.lock b/composer.lock index 82f6bcf10..2aef21e81 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "ad359769d05acd25a9fc31d69acbe43a", + "content-hash": "27af144ea2acf2c138f587052a4ceddc", "packages": [ { "name": "combodo/tcpdf", @@ -168,16 +168,16 @@ }, { "name": "pear/archive_tar", - "version": "1.4.9", + "version": "1.4.10", "source": { "type": "git", "url": "https://github.com/pear/Archive_Tar.git", - "reference": "c5b00053770e1d72128252c62c2c1a12c26639f0" + "reference": "bbb4f10f71a1da2715ec6d9a683f4f23c507a49b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/c5b00053770e1d72128252c62c2c1a12c26639f0", - "reference": "c5b00053770e1d72128252c62c2c1a12c26639f0", + "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/bbb4f10f71a1da2715ec6d9a683f4f23c507a49b", + "reference": "bbb4f10f71a1da2715ec6d9a683f4f23c507a49b", "shasum": "" }, "require": { @@ -230,7 +230,7 @@ "archive", "tar" ], - "time": "2019-12-04T10:17:28+00:00" + "time": "2020-09-15T14:13:23+00:00" }, { "name": "pear/console_getopt", diff --git a/lib/composer/installed.json b/lib/composer/installed.json index d201d4b99..508b402a5 100644 --- a/lib/composer/installed.json +++ b/lib/composer/installed.json @@ -167,17 +167,17 @@ }, { "name": "pear/archive_tar", - "version": "1.4.9", - "version_normalized": "1.4.9.0", + "version": "1.4.10", + "version_normalized": "1.4.10.0", "source": { "type": "git", "url": "https://github.com/pear/Archive_Tar.git", - "reference": "c5b00053770e1d72128252c62c2c1a12c26639f0" + "reference": "bbb4f10f71a1da2715ec6d9a683f4f23c507a49b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/c5b00053770e1d72128252c62c2c1a12c26639f0", - "reference": "c5b00053770e1d72128252c62c2c1a12c26639f0", + "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/bbb4f10f71a1da2715ec6d9a683f4f23c507a49b", + "reference": "bbb4f10f71a1da2715ec6d9a683f4f23c507a49b", "shasum": "" }, "require": { @@ -192,7 +192,7 @@ "ext-xz": "Lzma2 compression support.", "ext-zlib": "Gzip compression support." }, - "time": "2019-12-04T10:17:28+00:00", + "time": "2020-09-15T14:13:23+00:00", "type": "library", "extra": { "branch-alias": { diff --git a/lib/pear/archive_tar/.gitignore b/lib/pear/archive_tar/.gitignore index c32ccd7cc..c703991e8 100644 --- a/lib/pear/archive_tar/.gitignore +++ b/lib/pear/archive_tar/.gitignore @@ -8,3 +8,8 @@ vendor .buildpath .project .settings +# pear +.tarballs +*.tgz +# phpunit +build diff --git a/lib/pear/archive_tar/.travis.yml b/lib/pear/archive_tar/.travis.yml index b841f4efc..f103381b1 100644 --- a/lib/pear/archive_tar/.travis.yml +++ b/lib/pear/archive_tar/.travis.yml @@ -1,6 +1,9 @@ sudo: false language: php matrix: + fast_finish: true + allow_failures: + - php: nightly include: - php: 5.2 dist: precise @@ -11,23 +14,12 @@ matrix: - php: 5.5 dist: trusty - php: 5.6 - dist: trusty - php: 7.0 - dist: trusty - php: 7.1 - dist: trusty - php: 7.2 - dist: trusty - php: 7.3 - dist: trusty - - php: 7.4snapshot - - php: master - -jobs: - allow_failures: - - php: 7.4snapshot - - php: master - + - php: 7.4 + - php: nightly install: # - pear upgrade --force --alldeps pear/pear - pear install -f package.xml diff --git a/lib/pear/archive_tar/Archive/Tar.php b/lib/pear/archive_tar/Archive/Tar.php index 2f328c227..5a52ce818 100644 --- a/lib/pear/archive_tar/Archive/Tar.php +++ b/lib/pear/archive_tar/Archive/Tar.php @@ -731,7 +731,7 @@ class Archive_Tar extends PEAR */ public function setIgnoreList($list) { - $regexp = str_replace(array('#', '.', '^', '$'), array('\#', '\.', '\^', '\$'), $list); + $list = str_replace(array('#', '.', '^', '$'), array('\#', '\.', '\^', '\$'), $list); $regexp = '#/' . join('$|/', $list) . '#'; $this->setIgnoreRegexp($regexp); } @@ -1273,7 +1273,7 @@ class Archive_Tar extends PEAR while (($v_buffer = fread($v_file, $this->buffer_length)) != '') { $buffer_length = strlen("$v_buffer"); if ($buffer_length != $this->buffer_length) { - $pack_size = ((int)($buffer_length / 512) + 1) * 512; + $pack_size = ((int)($buffer_length / 512) + ($buffer_length % 512 !== 0 ? 1 : 0)) * 512; $pack_format = sprintf('a%d', $pack_size); } else { $pack_format = sprintf('a%d', $this->buffer_length); @@ -1515,8 +1515,13 @@ class Archive_Tar extends PEAR $userinfo = posix_getpwuid($p_uid); $groupinfo = posix_getgrgid($p_gid); - $v_uname = $userinfo['name']; - $v_gname = $groupinfo['name']; + if ($userinfo === false || $groupinfo === false) { + $v_uname = ''; + $v_gname = ''; + } else { + $v_uname = $userinfo['name']; + $v_gname = $groupinfo['name']; + } } else { $v_uname = ''; $v_gname = ''; diff --git a/lib/pear/archive_tar/package.xml b/lib/pear/archive_tar/package.xml index 683493951..f1f8040b2 100644 --- a/lib/pear/archive_tar/package.xml +++ b/lib/pear/archive_tar/package.xml @@ -32,10 +32,10 @@ Also Lzma2 compressed archives are supported with xz extension. stig@php.net no - 2019-12-04 - + 2020-09-15 + - 1.4.9 + 1.4.10 1.4.0 @@ -44,7 +44,8 @@ Also Lzma2 compressed archives are supported with xz extension. New BSD License -* Implement Feature #23861: Add option to disallow symlinks [mrook] +* Fix block padding when the file buffer length is a multiple of 512 and smaller than Archive_Tar buffer length +* Don't try to copy username/groupname in chroot jail @@ -74,6 +75,21 @@ Also Lzma2 compressed archives are supported with xz extension. + + + 1.4.9 + 1.4.0 + + + stable + stable + + 2019-12-04 + New BSD License + +* Implement Feature #23861: Add option to disallow symlinks [mrook] + + 1.4.8 From 80b3212a1970b893269bd9b8cd7645ba82ac8624 Mon Sep 17 00:00:00 2001 From: acognet Date: Tue, 29 Sep 2020 09:12:47 +0200 Subject: [PATCH 14/31] =?UTF-8?q?N=C2=B03335=20-=20Notifications=20on=20th?= =?UTF-8?q?reshold=20don't=20work=20when=20trigger=20is=20created=20on=20i?= =?UTF-8?q?Top=202.7.1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/ormstopwatch.class.inc.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/core/ormstopwatch.class.inc.php b/core/ormstopwatch.class.inc.php index 1913a36c4..805f9f336 100644 --- a/core/ormstopwatch.class.inc.php +++ b/core/ormstopwatch.class.inc.php @@ -607,10 +607,11 @@ class CheckStopWatchThresholds implements iBackgroundProcess // Activate any existing trigger // $sClassList = implode("', '", MetaModel::EnumParentClasses($sClass, ENUM_PARENT_CLASSES_ALL)); + $oTriggerSet = new DBObjectSet( - DBObjectSearch::FromOQL("SELECT TriggerOnThresholdReached AS t WHERE t.target_class IN ('$sClassList') AND stop_watch_code=:stop_watch_code AND threshold_index = :threshold_index"), + DBObjectSearch::FromOQL("SELECT TriggerOnThresholdReached AS t WHERE t.target_class IN ('$sClassList') AND stop_watch_code MATCHES '$sAttCode' AND threshold_index = :threshold_index"), array(), // order by - array('stop_watch_code' => $sAttCode, 'threshold_index' => $iThreshold) + array('threshold_index' => $iThreshold) ); while ($oTrigger = $oTriggerSet->Fetch()) { From 05a0d61244795052695050b068db47322a470996 Mon Sep 17 00:00:00 2001 From: acognet Date: Tue, 29 Sep 2020 10:27:05 +0200 Subject: [PATCH 15/31] =?UTF-8?q?N=C2=B03335=20-=20Notifications=20on=20th?= =?UTF-8?q?reshold=20don't=20work=20when=20trigger=20is=20created=20on=20i?= =?UTF-8?q?Top=202.7.1=20-=20nicer=20fix?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/oql/expression.class.inc.php | 7 +++++-- core/oql/oql-parser.php | 32 +++++++++++++++---------------- core/oql/oqlquery.class.inc.php | 2 +- core/oql/version.txt | 2 +- core/ormstopwatch.class.inc.php | 4 ++-- 5 files changed, 25 insertions(+), 22 deletions(-) diff --git a/core/oql/expression.class.inc.php b/core/oql/expression.class.inc.php index 26efeb1d3..596823041 100644 --- a/core/oql/expression.class.inc.php +++ b/core/oql/expression.class.inc.php @@ -839,12 +839,15 @@ class MatchExpression extends BinaryExpression * MatchExpression constructor. * * @param \FieldExpression $oLeftExpr - * @param \ScalarExpression $oRightExpr + * @param \Expression $oRightExpr * * @throws \CoreException */ - public function __construct(FieldExpression $oLeftExpr, ScalarExpression $oRightExpr) + public function __construct(FieldExpression $oLeftExpr, Expression $oRightExpr) { + if (!$oRightExpr instanceof ScalarExpression && !$oRightExpr instanceof VariableExpression) { + throw new CoreException('Only instance of ScalarExpression or VariableExpression are allowed in MATCHES '.get_class( $oRightExpr).' found', $oRightExpr); + } parent::__construct($oLeftExpr, 'MATCHES', $oRightExpr); } diff --git a/core/oql/oql-parser.php b/core/oql/oql-parser.php index d2f752da4..c67ffff7a 100644 --- a/core/oql/oql-parser.php +++ b/core/oql/oql-parser.php @@ -1600,38 +1600,38 @@ static public $yy_action = array( $this->_retvalue = new ListOqlExpression($this->yystack[$this->yyidx + -1]->minor); } #line 1606 "..\oql-parser.php" -#line 132 "..\oql-parser.y" +#line 131 "..\oql-parser.y" function yy_r43(){ $this->_retvalue = new NestedQueryOqlExpression($this->yystack[$this->yyidx + -1]->minor); } #line 1611 "..\oql-parser.php" -#line 147 "..\oql-parser.y" +#line 146 "..\oql-parser.y" function yy_r47(){ $this->_retvalue = array(); } #line 1616 "..\oql-parser.php" -#line 158 "..\oql-parser.y" +#line 157 "..\oql-parser.y" function yy_r51(){ $this->_retvalue = new IntervalOqlExpression($this->yystack[$this->yyidx + -1]->minor, $this->yystack[$this->yyidx + 0]->minor); } #line 1619 "..\oql-parser.php" -#line 171 "..\oql-parser.y" +#line 170 "..\oql-parser.y" function yy_r61(){ $this->_retvalue = new ScalarOqlExpression($this->yystack[$this->yyidx + 0]->minor); } #line 1622 "..\oql-parser.php" -#line 173 "..\oql-parser.y" +#line 172 "..\oql-parser.y" function yy_r63(){ $this->_retvalue = new ScalarOqlExpression(null); } #line 1625 "..\oql-parser.php" -#line 175 "..\oql-parser.y" +#line 174 "..\oql-parser.y" function yy_r64(){ $this->_retvalue = new FieldOqlExpression($this->yystack[$this->yyidx + 0]->minor); } #line 1628 "..\oql-parser.php" -#line 176 "..\oql-parser.y" +#line 175 "..\oql-parser.y" function yy_r65(){ $this->_retvalue = new FieldOqlExpression($this->yystack[$this->yyidx + 0]->minor, $this->yystack[$this->yyidx + -2]->minor); } #line 1631 "..\oql-parser.php" -#line 177 "..\oql-parser.y" +#line 176 "..\oql-parser.y" function yy_r66(){ $this->_retvalue=$this->yystack[$this->yyidx + 0]->minor; } #line 1634 "..\oql-parser.php" -#line 180 "..\oql-parser.y" +#line 179 "..\oql-parser.y" function yy_r67(){ $this->_retvalue = new VariableOqlExpression(substr($this->yystack[$this->yyidx + 0]->minor, 1)); } #line 1637 "..\oql-parser.php" -#line 182 "..\oql-parser.y" +#line 181 "..\oql-parser.y" function yy_r68(){ if ($this->yystack[$this->yyidx + 0]->minor[0] == '`') { @@ -1644,19 +1644,19 @@ static public $yy_action = array( $this->_retvalue = new OqlName($name, $this->m_iColPrev); } #line 1650 "..\oql-parser.php" -#line 193 "..\oql-parser.y" +#line 192 "..\oql-parser.y" function yy_r69(){$this->_retvalue=(int)$this->yystack[$this->yyidx + 0]->minor; } #line 1653 "..\oql-parser.php" -#line 194 "..\oql-parser.y" +#line 193 "..\oql-parser.y" function yy_r70(){$this->_retvalue=(int)-$this->yystack[$this->yyidx + 0]->minor; } #line 1656 "..\oql-parser.php" -#line 195 "..\oql-parser.y" +#line 194 "..\oql-parser.y" function yy_r71(){$this->_retvalue=new OqlHexValue($this->yystack[$this->yyidx + 0]->minor); } #line 1659 "..\oql-parser.php" -#line 196 "..\oql-parser.y" +#line 195 "..\oql-parser.y" function yy_r72(){$this->_retvalue=stripslashes(substr($this->yystack[$this->yyidx + 0]->minor, 1, strlen($this->yystack[$this->yyidx + 0]->minor) - 2)); } #line 1662 "..\oql-parser.php" -#line 199 "..\oql-parser.y" +#line 198 "..\oql-parser.y" function yy_r73(){$this->_retvalue=$this->yystack[$this->yyidx + 0]->minor; } #line 1665 "..\oql-parser.php" @@ -1940,7 +1940,7 @@ throw new OQLParserException($this->m_sSourceQuery, $this->m_iLine, $this->m_iCo } while ($yymajor != self::YYNOCODE && $this->yyidx >= 0); } } -#line 264 "..\oql-parser.y" +#line 263 "..\oql-parser.y" class OQLParserException extends OQLException diff --git a/core/oql/oqlquery.class.inc.php b/core/oql/oqlquery.class.inc.php index bc357c0c5..6a4bd5cd8 100644 --- a/core/oql/oqlquery.class.inc.php +++ b/core/oql/oqlquery.class.inc.php @@ -173,7 +173,7 @@ class MatchOqlExpression extends MatchExpression implements CheckableExpression throw new OqlNormalizeException('Only "field MATCHES string" syntax is allowed', $sSourceQuery, new OqlName($this->m_oLeftExpr->RenderExpression(true), 0)); } // Only field MATCHES scalar is allowed - if (!$this->m_oRightExpr instanceof ScalarExpression) + if (!$this->m_oRightExpr instanceof ScalarExpression && !$this->m_oRightExpr instanceof VariableOqlExpression) { throw new OqlNormalizeException('Only "field MATCHES string" syntax is allowed', $sSourceQuery, new OqlName($this->m_oRightExpr->RenderExpression(true), 0)); } diff --git a/core/oql/version.txt b/core/oql/version.txt index 3c8103be0..26a3e601d 100644 --- a/core/oql/version.txt +++ b/core/oql/version.txt @@ -1 +1 @@ -2019-12-03 \ No newline at end of file +2020-09-29 \ No newline at end of file diff --git a/core/ormstopwatch.class.inc.php b/core/ormstopwatch.class.inc.php index 805f9f336..7bbe8e815 100644 --- a/core/ormstopwatch.class.inc.php +++ b/core/ormstopwatch.class.inc.php @@ -609,9 +609,9 @@ class CheckStopWatchThresholds implements iBackgroundProcess $sClassList = implode("', '", MetaModel::EnumParentClasses($sClass, ENUM_PARENT_CLASSES_ALL)); $oTriggerSet = new DBObjectSet( - DBObjectSearch::FromOQL("SELECT TriggerOnThresholdReached AS t WHERE t.target_class IN ('$sClassList') AND stop_watch_code MATCHES '$sAttCode' AND threshold_index = :threshold_index"), + DBObjectSearch::FromOQL("SELECT TriggerOnThresholdReached AS t WHERE t.target_class IN ('$sClassList') AND stop_watch_code MATCHES :stop_watch_code AND threshold_index = :threshold_index"), array(), // order by - array('threshold_index' => $iThreshold) + array('stop_watch_code' => $sAttCode, 'threshold_index' => $iThreshold) ); while ($oTrigger = $oTriggerSet->Fetch()) { From 5a46bb8461626e6f1ca0f3d8887f7456599317a8 Mon Sep 17 00:00:00 2001 From: Eric Date: Tue, 29 Sep 2020 11:23:49 +0200 Subject: [PATCH 16/31] =?UTF-8?q?N=C2=B03320:=20Do=20not=20display=20empty?= =?UTF-8?q?=20tabs?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/webpage.class.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/webpage.class.inc.php b/application/webpage.class.inc.php index efd63088f..0134a815f 100644 --- a/application/webpage.class.inc.php +++ b/application/webpage.class.inc.php @@ -1549,7 +1549,7 @@ class TabManager } // N°3320: Do not display empty tabs - if (empty($aTabData['html'])) + if (empty($aTabData['html']) && empty($aTabData['url'])) { unset($aTabs['tabs'][$sTabCode]); } From bef1832ac71c3f5009ed604b6198c95c3d4b2ce6 Mon Sep 17 00:00:00 2001 From: Eric Date: Tue, 22 Sep 2020 11:39:19 +0200 Subject: [PATCH 17/31] =?UTF-8?q?N=C2=B03317=20-=20Add=20http=20headers?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/ajaxwebpage.class.inc.php | 4 +++- application/csvpage.class.inc.php | 6 ++++-- application/itopwebpage.class.inc.php | 8 +++++--- application/loginwebpage.class.inc.php | 4 +++- application/webpage.class.inc.php | 5 +++-- application/xmlpage.class.inc.php | 6 ++++-- datamodels/2.x/combodo-db-tools/dbtools.php | 1 + datamodels/2.x/itop-backup/status.php | 1 + datamodels/2.x/itop-config/config.php | 1 + .../itop-hub-connector/hubconnectorpage.class.inc.php | 9 ++++++--- pages/UI.php | 1 + pages/UniversalSearch.php | 1 + pages/notifications.php | 1 + pages/run_query.php | 1 + pages/schema.php | 1 + webservices/export-v2.php | 9 +++++++++ 16 files changed, 45 insertions(+), 14 deletions(-) diff --git a/application/ajaxwebpage.class.inc.php b/application/ajaxwebpage.class.inc.php index 2717943a2..f84d13918 100644 --- a/application/ajaxwebpage.class.inc.php +++ b/application/ajaxwebpage.class.inc.php @@ -48,7 +48,9 @@ class ajax_page extends WebPage implements iTabbedPage parent::__construct($s_title, $bPrintable); $this->m_sReadyScript = ""; //$this->add_header("Content-type: text/html; charset=utf-8"); - $this->add_header("Cache-control: no-cache"); + $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); + $this->add_header('Pragma: no-cache'); + $this->add_header('Expires: 0'); $this->m_oTabs = new TabManager(); $this->sContentType = 'text/html'; $this->sContentDisposition = 'inline'; diff --git a/application/csvpage.class.inc.php b/application/csvpage.class.inc.php index e16113408..537c23194 100644 --- a/application/csvpage.class.inc.php +++ b/application/csvpage.class.inc.php @@ -32,8 +32,10 @@ class CSVPage extends WebPage function __construct($s_title) { parent::__construct($s_title); - $this->add_header("Content-type: text/plain; charset=utf-8"); - $this->add_header("Cache-control: no-cache"); + $this->add_header("Content-type: text/plain; charset=utf-8"); + $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); + $this->add_header('Pragma: no-cache'); + $this->add_header('Expires: 0'); //$this->add_header("Content-Transfer-Encoding: binary"); } diff --git a/application/itopwebpage.class.inc.php b/application/itopwebpage.class.inc.php index 8be3a424b..19a3aa7cf 100644 --- a/application/itopwebpage.class.inc.php +++ b/application/itopwebpage.class.inc.php @@ -3,7 +3,7 @@ // // This file is part of iTop. // -// iTop is free software; you can redistribute it and/or modify +// iTop is free software; you can redistribute it and/or modify // it under the terms of the GNU Affero General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. @@ -72,7 +72,9 @@ class iTopWebPage extends NiceWebPage implements iTabbedPage $this->m_aMessages = array(); $this->SetRootUrl(utils::GetAbsoluteUrlAppRoot()); $this->add_header("Content-type: text/html; charset=utf-8"); - $this->add_header("Cache-control: no-cache"); + $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); + $this->add_header('Pragma: no-cache'); + $this->add_header('Expires: 0'); $this->add_linked_stylesheet("../css/jquery.treeview.css"); $this->add_linked_stylesheet("../css/jquery.autocomplete.css"); $this->add_linked_stylesheet("../css/jquery-ui-timepicker-addon.css"); @@ -337,7 +339,7 @@ EOF .magnificPopup({type: 'image', closeOnContentClick: true }); EOF ); - + $this->add_init_script( <<< EOF try diff --git a/application/loginwebpage.class.inc.php b/application/loginwebpage.class.inc.php index 424d1231d..02b03f12b 100644 --- a/application/loginwebpage.class.inc.php +++ b/application/loginwebpage.class.inc.php @@ -69,7 +69,9 @@ class LoginWebPage extends NiceWebPage parent::__construct($sTitle); $this->SetStyleSheet(); - $this->add_header("Cache-control: no-cache"); + $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); + $this->add_header('Pragma: no-cache'); + $this->add_header('Expires: 0'); } public function SetStyleSheet() diff --git a/application/webpage.class.inc.php b/application/webpage.class.inc.php index d06c5c06e..b75707c17 100644 --- a/application/webpage.class.inc.php +++ b/application/webpage.class.inc.php @@ -355,8 +355,9 @@ class WebPage implements Page */ public function no_cache() { - $this->add_header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 - $this->add_header("Expires: Fri, 17 Jul 1970 05:00:00 GMT"); // Date in the past + $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); + $this->add_header('Pragma: no-cache'); + $this->add_header('Expires: 0'); } /** diff --git a/application/xmlpage.class.inc.php b/application/xmlpage.class.inc.php index bb2341248..7a8cb47fc 100644 --- a/application/xmlpage.class.inc.php +++ b/application/xmlpage.class.inc.php @@ -43,7 +43,9 @@ class XMLPage extends WebPage $this->m_bPassThrough = $bPassThrough; $this->m_bHeaderSent = false; $this->add_header("Content-type: text/xml; charset=utf-8"); - $this->add_header("Cache-control: no-cache"); + $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); + $this->add_header('Pragma: no-cache'); + $this->add_header('Expires: 0'); $this->add_header("Content-location: export.xml"); } @@ -53,7 +55,7 @@ class XMLPage extends WebPage { // Get the unexpected output but do nothing with it $sTrash = $this->ob_get_clean_safe(); - + $this->s_content = "\n".trim($this->s_content); $this->add_header("Content-Length: ".strlen($this->s_content)); foreach($this->a_headers as $s_header) diff --git a/datamodels/2.x/combodo-db-tools/dbtools.php b/datamodels/2.x/combodo-db-tools/dbtools.php index 32e22353e..4635eca09 100644 --- a/datamodels/2.x/combodo-db-tools/dbtools.php +++ b/datamodels/2.x/combodo-db-tools/dbtools.php @@ -570,6 +570,7 @@ try $sPageId = 'db-tools'; $oP = new iTopWebPage($sPageTitle); + $this->m_oPage->add_header('X-Frame-Options: deny'); $oP->add_saas('env-'.utils::GetCurrentEnvironment().'/combodo-db-tools/default.scss'); $oP->add( diff --git a/datamodels/2.x/itop-backup/status.php b/datamodels/2.x/itop-backup/status.php index feeeb9b1b..d33615680 100644 --- a/datamodels/2.x/itop-backup/status.php +++ b/datamodels/2.x/itop-backup/status.php @@ -37,6 +37,7 @@ try { $sTransactionId = utils::GetNewTransactionId(); $oP = new iTopWebPage(Dict::S('bkp-status-title')); + $oP->add_header('X-Frame-Options: deny'); $oP->set_base(utils::GetAbsoluteUrlAppRoot().'pages/'); $oP->add("

    ".Dict::S('bkp-status-title')."

    "); diff --git a/datamodels/2.x/itop-config/config.php b/datamodels/2.x/itop-config/config.php index 7e9f9231b..de9bb584d 100644 --- a/datamodels/2.x/itop-config/config.php +++ b/datamodels/2.x/itop-config/config.php @@ -100,6 +100,7 @@ ApplicationMenu::CheckMenuIdEnabled('ConfigEditor'); //$oAppContext = new ApplicationContext(); $oP = new iTopWebPage(Dict::S('config-edit-title')); +$oP->add_header('X-Frame-Options: deny'); $oP->set_base(utils::GetAbsoluteUrlAppRoot().'pages/'); $oP->add_linked_script(utils::GetCurrentModuleUrl().'/js/ace.js'); $oP->add_linked_script(utils::GetCurrentModuleUrl().'/js/mode-php.js'); diff --git a/datamodels/2.x/itop-hub-connector/hubconnectorpage.class.inc.php b/datamodels/2.x/itop-hub-connector/hubconnectorpage.class.inc.php index f1782e9e6..9bbb2da35 100644 --- a/datamodels/2.x/itop-hub-connector/hubconnectorpage.class.inc.php +++ b/datamodels/2.x/itop-hub-connector/hubconnectorpage.class.inc.php @@ -5,9 +5,12 @@ class HubConnectorPage extends NiceWebPage public function __construct($sTitle) { parent::__construct($sTitle); - - $this->add_header("Cache-control: no-cache"); - + + $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); + $this->add_header('Pragma: no-cache'); + $this->add_header('Expires: 0'); + $this->add_header('X-Frame-Options: deny'); + $sImagesDir = utils::GetAbsoluteUrlAppRoot().'images'; $sModuleImagesDir = utils::GetAbsoluteUrlModulesRoot().'itop-hub-connector/images'; diff --git a/pages/UI.php b/pages/UI.php index f4222c540..367b4284d 100644 --- a/pages/UI.php +++ b/pages/UI.php @@ -1780,6 +1780,7 @@ EOF /////////////////////////////////////////////////////////////////////////////////////////// default: // Menu node rendering (templates) + $oP->add_header('X-Frame-Options: deny'); ApplicationMenu::LoadAdditionalMenus(); $oMenuNode = ApplicationMenu::GetMenuNode(ApplicationMenu::GetMenuIndexById(ApplicationMenu::GetActiveNodeId())); if (is_object($oMenuNode)) diff --git a/pages/UniversalSearch.php b/pages/UniversalSearch.php index 04da4fe69..aeae6c3fb 100644 --- a/pages/UniversalSearch.php +++ b/pages/UniversalSearch.php @@ -38,6 +38,7 @@ ApplicationMenu::CheckMenuIdEnabled('UniversalSearchMenu'); $oAppContext = new ApplicationContext(); $oP = new iTopWebPage(Dict::S('UI:UniversalSearchTitle')); +$oP->add_header('X-Frame-Options: deny'); $oP->add_linked_script("../js/json.js"); $oP->add_linked_script("../js/forms-json-utils.js"); $oP->add_linked_script("../js/wizardhelper.js"); diff --git a/pages/notifications.php b/pages/notifications.php index 384db331a..866c468da 100644 --- a/pages/notifications.php +++ b/pages/notifications.php @@ -37,6 +37,7 @@ ApplicationMenu::CheckMenuIdEnabled("NotificationsMenu"); // Main program // $oP = new iTopWebPage(Dict::S('Menu:NotificationsMenu+')); +$oP->add_header('X-Frame-Options: deny'); $oP->add('
    '); $oP->add('

    '.dict::S('UI:NotificationsMenu:Title').'

    '); diff --git a/pages/run_query.php b/pages/run_query.php index 2d9288c34..b2e49f96f 100644 --- a/pages/run_query.php +++ b/pages/run_query.php @@ -100,6 +100,7 @@ $oAppContext = new ApplicationContext(); $oP = new iTopWebPage(Dict::S('UI:RunQuery:Title')); $oP->SetBreadCrumbEntry('ui-tool-runquery', Dict::S('Menu:RunQueriesMenu'), Dict::S('Menu:RunQueriesMenu+'), '', utils::GetAbsoluteUrlAppRoot().'images/wrench.png'); +$oP->add_header('X-Frame-Options: deny'); // Main program $sExpression = utils::ReadParam('expression', '', false, 'raw_data'); diff --git a/pages/schema.php b/pages/schema.php index 8c69eb18d..64fc0e97a 100644 --- a/pages/schema.php +++ b/pages/schema.php @@ -1074,6 +1074,7 @@ $operation = utils::ReadParam('operation', ''); $oPage = new iTopWebPage(Dict::S('UI:Schema:Title')); $oPage->no_cache(); +$oPage->add_header('X-Frame-Options: deny'); $oPage->SetBreadCrumbEntry('ui-tool-datamodel', Dict::S('Menu:DataModelMenu'), Dict::S('Menu:DataModelMenu+'), '', utils::GetAbsoluteUrlAppRoot().'images/wrench.png'); $oPage->add_script( diff --git a/webservices/export-v2.php b/webservices/export-v2.php index ae5857aff..3046766b0 100644 --- a/webservices/export-v2.php +++ b/webservices/export-v2.php @@ -50,6 +50,7 @@ function ReportErrorAndExit($sErrorMessage) else { $oP = new WebPage("iTop - Export"); + $oP->add_header('X-Frame-Options: deny'); $oP->p('ERROR: '.$sErrorMessage); $oP->output(); exit(-1); @@ -69,6 +70,7 @@ function ReportErrorAndUsage($sErrorMessage) else { $oP = new WebPage("iTop - Export"); + $oP->add_header('X-Frame-Options: deny'); $oP->p('ERROR: '.$sErrorMessage); Usage($oP); $oP->output(); @@ -350,6 +352,7 @@ function InteractiveShell($sExpression, $sQueryId, $sFormat, $sFileName, $sMode) if ($sMode == 'dialog') { $oP = new ajax_page(''); + $oP->add_header('X-Frame-Options: deny'); $oP->add('
    '); $sExportBtnLabel = json_encode(Dict::S('UI:Button:Export')); $sJSTitle = json_encode(htmlentities(utils::ReadParam('dialog_title', '', false, 'raw_data'), ENT_QUOTES, 'UTF-8')); @@ -375,6 +378,7 @@ EOF else { $oP = new iTopWebPage('iTop Export'); + $oP->add_header('X-Frame-Options: deny'); $oP->SetBreadCrumbEntry('ui-tool-export', Dict::S('Menu:ExportMenu'), Dict::S('Menu:ExportMenu+'), '', utils::GetAbsoluteUrlAppRoot().'images/wrench.png'); } @@ -735,11 +739,13 @@ try if($oExporter instanceof HTMLBulkExport) { $oP = new NiceWebPage('iTop export'); + $oP->add_header('X-Frame-Options: deny'); $oP->add_ready_script("$('table.listResults').tablesorter({widgets: ['MyZebra']});"); } else { $oP = new WebPage('iTop export'); + $oP->add_header('X-Frame-Options: deny'); $oP->add_style("table br { mso-data-placement:same-cell; }"); // Trick for Excel: keep line breaks inside the same cell ! } $oP->add_style("body { overflow: auto; }"); @@ -747,6 +753,7 @@ try else { $oP = new ajax_page('iTop export'); + $oP->add_header('X-Frame-Options: deny'); $oP->SetContentType($oExporter->GetMimeType()); } DoExport($oP, $oExporter, false); @@ -756,6 +763,7 @@ try catch (BulkExportMissingParameterException $e) { $oP = new ajax_page('iTop Export'); + $oP->add_header('X-Frame-Options: deny'); $oP->add($e->getMessage()); Usage($oP); $oP->output(); @@ -763,6 +771,7 @@ catch (BulkExportMissingParameterException $e) catch (Exception $e) { $oP = new WebPage('iTop Export'); + $oP->add_header('X-Frame-Options: deny'); $oP->add('Error: '.$e->getMessage()); IssueLog::Error($e->getMessage()."\n".$e->getTraceAsString()); $oP->output(); From d86e904e18f440e4fc29bb2cf770b473f6ad99ce Mon Sep 17 00:00:00 2001 From: Eric Date: Tue, 29 Sep 2020 14:11:11 +0200 Subject: [PATCH 18/31] =?UTF-8?q?N=C2=B03317=20-=20Add=20http=20headers?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/application/TwigBase/Controller/Controller.php | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/application/TwigBase/Controller/Controller.php b/sources/application/TwigBase/Controller/Controller.php index 7ff7eb49d..0a1309916 100644 --- a/sources/application/TwigBase/Controller/Controller.php +++ b/sources/application/TwigBase/Controller/Controller.php @@ -558,6 +558,7 @@ abstract class Controller { case 'html': $this->m_oPage = new iTopWebPage($this->GetOperationTitle()); + $this->m_oPage->add_header('X-Frame-Options: deny'); break; case 'ajax': From 20ce42b24b836f0177a514284624c6950c188fd9 Mon Sep 17 00:00:00 2001 From: odain Date: Tue, 29 Sep 2020 08:57:57 +0200 Subject: [PATCH 19/31] =?UTF-8?q?Reintegrate=20validation=20tests=20to=20e?= =?UTF-8?q?ase=20iTop=20release=20management=20from=20=20develop=20=20=20?= =?UTF-8?q?=20=20=20-=20N=C2=B03053=20-=20Check=20XML=20conversion=20metho?= =?UTF-8?q?ds=20=20=20=20=20=20-=20N=C2=B03059=20-=20Automatically=20set?= =?UTF-8?q?=20the=20documentation=20URLs=20=20=20=20=20=20-=20N=C2=B03052?= =?UTF-8?q?=20-=20Check=20community=20modules=20XML=20version=20against=20?= =?UTF-8?q?latest=20version=20=20=20=20=20=20-=20N=C2=B03054=20-=20Check?= =?UTF-8?q?=20community=20modules=20version=20against=20major=20version=20?= =?UTF-8?q?=20=20=20=20=20-=20N=C2=B03062=20-=20setup.css=20file=20integri?= =?UTF-8?q?ty=20test=20=20=20=20=20=20-=20N=C2=B03060=20-=20Check=20consis?= =?UTF-8?q?tency=20between=20the=20list=20of=20modules=20and=20installatio?= =?UTF-8?q?n.xml=20=20=20=20=20=20-=20N=C2=B03061=20-=20Automatically=20ch?= =?UTF-8?q?eck=20the=20installation.xml=20consistency=20=20=20=20=20=20-?= =?UTF-8?q?=20N=C2=B03268=20Add=20test=20to=20check=20dictionary=20files:?= =?UTF-8?q?=20make=20sure=20that=20the=20Dict::Add=20declarations=20match?= =?UTF-8?q?=20the=20file=20name?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- setup/setuputils.class.inc.php | 2 +- .../DictionariesConsistencyTest.php | 108 ++++++++++++ .../iTopModulesPhpVersionChecklistTest.php | 2 +- .../iTopModulesXmlVersionChecklistTest.php | 43 +++-- ...ml.dist => postbuild_integration.xml.dist} | 4 +- .../SetupCssIntegrityChecklistTest.php | 0 .../iTopDesignFormatChecklistTest.php | 164 ++++++++++++++++++ ...iTopModuleXmlInstallationChecklistTest.php | 0 .../iTopDesignFormatChecklistTest.php | 101 ----------- 9 files changed, 302 insertions(+), 122 deletions(-) create mode 100644 test/integration/DictionariesConsistencyTest.php rename test/{releaseChecklist.xml.dist => postbuild_integration.xml.dist} (95%) rename test/{releaseChecklist => postbuild_integration}/SetupCssIntegrityChecklistTest.php (100%) create mode 100644 test/postbuild_integration/iTopDesignFormatChecklistTest.php rename test/{releaseChecklist => postbuild_integration}/iTopModuleXmlInstallationChecklistTest.php (100%) delete mode 100644 test/releaseChecklist/iTopDesignFormatChecklistTest.php diff --git a/setup/setuputils.class.inc.php b/setup/setuputils.class.inc.php index 2b260890c..217c4f77d 100644 --- a/setup/setuputils.class.inc.php +++ b/setup/setuputils.class.inc.php @@ -916,7 +916,7 @@ class SetupUtils $oPage, $bIsItopInstall, $sDBServer, $sDBUser, $sDBPwd, $sDBName, $sDBPrefix, $bTlsEnabled, $sTlsCA, $sNewDBName = '' ) { - $sWikiVersion = '2_7_0'; + $sWikiVersion = utils::GetItopVersionWikiSyntax(); //eg : '2_7_0'; $sMysqlTlsWikiPageUrl = 'https://wiki.openitop.org/doku.php?id='.$sWikiVersion.':install:php_and_mysql_tls'; $oPage->add(''); diff --git a/test/integration/DictionariesConsistencyTest.php b/test/integration/DictionariesConsistencyTest.php new file mode 100644 index 000000000..e11a4c7ea --- /dev/null +++ b/test/integration/DictionariesConsistencyTest.php @@ -0,0 +1,108 @@ + array('CS CZ', 'Czech', 'Čeština'), + 'da' => array('DA DA', 'Danish', 'Dansk'), + 'de' => array('DE DE', 'German', 'Deutsch'), + 'en' => array('EN US', 'English', 'English'), + 'es_cr' => array('ES CR', 'Spanish', 'Español, Castellaño'), + 'fr' => array('FR FR', 'French', 'Français'), + 'hu' => array('HU HU', 'Hungarian', 'Magyar'), + 'it' => array('IT IT', 'Italian', 'Italiano'), + 'ja' => array('JA JP', 'Japanese', '日本語'), + 'nl' => array('NL NL', 'Dutch', 'Nederlands'), + 'pt_br' => array('PT BR', 'Brazilian', 'Brazilian'), + 'ru' => array('RU RU', 'Russian', 'Русский'), + 'sk' => array('SK SK', 'Slovak', 'Slovenčina'), + 'tr' => array('TR TR', 'Turkish', 'Türkçe'), + 'zh_cn' => array('ZH CN', 'Chinese', '简体中文') + ); + + if (!preg_match('/^(.*)\\.dict/', basename($sDictFile), $aMatches)) + { + static::fail("Dictionary file '$sDictFile' not matching the naming convention"); + } + + $sLangPrefix = $aMatches[1]; + if (!array_key_exists($sLangPrefix, $aPrefixToLanguageData)) + { + static::fail("Unknown prefix '$sLangPrefix' for dictionary file '$sDictFile'"); + } + + $sExpectedLanguageCode = $aPrefixToLanguageData[$sLangPrefix][0]; + $sExpectedEnglishLanguageDesc = $aPrefixToLanguageData[$sLangPrefix][1]; + $sExpectedLocalizedLanguageDesc = $aPrefixToLanguageData[$sLangPrefix][2]; + + $sDictPHP = file_get_contents($sDictFile); + if ($iCount = preg_match_all("@Dict::Add\('(.*)'\s*,\s*'(.*)'\s*,\s*'(.*)'@", $sDictPHP, $aMatches) === false) + { + static::fail("Pattern not working"); + } + if ($iCount == 0) + { + // Empty dictionary, that's fine! + static::assertTrue(true); + } + foreach ($aMatches[1] as $sLanguageCode) + { + static::assertSame($sExpectedLanguageCode, $sLanguageCode, + "Unexpected language code for Dict::Add in dictionary $sDictFile"); + } + foreach ($aMatches[2] as $sEnglishLanguageDesc) + { + static::assertSame($sExpectedEnglishLanguageDesc, $sEnglishLanguageDesc, + "Unexpected language description (english) for Dict::Add in dictionary $sDictFile"); + } + foreach ($aMatches[3] as $sLocalizedLanguageDesc) + { + static::assertSame($sExpectedLocalizedLanguageDesc, $sLocalizedLanguageDesc, + "Unexpected language description for Dict::Add in dictionary $sDictFile"); + } + } + + public function DictionaryFileProvider() + { + static::setUp(); + + $aDictFiles = array_merge( + glob(APPROOT.'datamodels/2.x/*/*.dict*.php'), // legacy form in modules + glob(APPROOT.'datamodels/2.x/*/dictionaries/*.dict*.php'), // modern form in modules + glob(APPROOT.'dictionaries/*.dict*.php') // framework + ); + $aTestCases = array(); + foreach ($aDictFiles as $sDictFile) + { + $aTestCases[$sDictFile] = array('sDictFile' => $sDictFile); + } + return $aTestCases; + } +} diff --git a/test/integration/iTopModulesPhpVersionChecklistTest.php b/test/integration/iTopModulesPhpVersionChecklistTest.php index c71316265..c5bfd00f8 100644 --- a/test/integration/iTopModulesPhpVersionChecklistTest.php +++ b/test/integration/iTopModulesPhpVersionChecklistTest.php @@ -57,7 +57,7 @@ class iTopModulesPhpVersionIntegrationTest extends ItopTestCase $matches ); - $this->assertRegExp("#$sExpectedVersion#", $matches[1], "$sPhpFile file refer does not refer to current itop version ($sModuleName/$matches[1] does not match regexp $sModuleName/$sExpectedVersion)"); + $this->assertRegExp("#$sExpectedVersion#", $matches[1], " $sPhpFile:2 file refer does not refer to current itop version ($sModuleName/$matches[1] does not match regexp $sModuleName/$sExpectedVersion)"); } diff --git a/test/integration/iTopModulesXmlVersionChecklistTest.php b/test/integration/iTopModulesXmlVersionChecklistTest.php index 9fde4b779..0ff89f3f0 100644 --- a/test/integration/iTopModulesXmlVersionChecklistTest.php +++ b/test/integration/iTopModulesXmlVersionChecklistTest.php @@ -32,48 +32,57 @@ use iTopDesignFormat; */ class iTopModulesXmlVersionIntegrationTest extends ItopTestCase { + protected function setUp() + { + parent::setUp(); + + require_once APPROOT.'setup/itopdesignformat.class.inc.php'; + } /** - * Verify if the datamodel.*.xml files refer to the current itop version + * Verify if the datamodel.*.xml files refer to the latest version of the design * This is an integration test * * @group skipPostBuild * * @dataProvider DatamodelItopXmlVersionProvider */ - public function testDatamodelItopXmlVersion($sExpectedXmlVersion, $sXmlFile) + public function testDatamodelItopXmlVersion($sXmlFile) { - $sFileContent = file_get_contents($sXmlFile); + $oOriginalXml = new DOMDocument(); + $oOriginalXml->load($sXmlFile); - preg_match( - '//', - $sFileContent, - $matches - ); + $oTransformedXml = new DOMDocument(); + $oTransformedXml->load($sXmlFile); + $oFormat = new iTopDesignFormat($oTransformedXml); - $this->assertSame($sExpectedXmlVersion, $matches[1], "$sXmlFile file refer does not refer to current itop version ($matches[1] instead of expected $sExpectedXmlVersion)"); + if ($oFormat->Convert()) + { + // Compare the original and new format + $sExpectedXmlVersion = ITOP_DESIGN_LATEST_VERSION; + $this->assertSame($oTransformedXml->saveXML(), $oOriginalXml->saveXML(), "Datamodel file $sXmlFile:2 not in the latest format ($sExpectedXmlVersion)"); + } + else + { + $this->fail("Failed to convert $sXmlFile into the latest format"); + } } public function DatamodelItopXmlVersionProvider() { - parent::setUp(); - - require_once APPROOT.'core/config.class.inc.php'; - require_once APPROOT.'application/utils.inc.php'; + static::setUp(); $sPath = APPROOT.'datamodels/2.x/*/datamodel.*.xml'; $aXmlFiles = glob($sPath); - $sItopVersionShort = \utils::GetItopPatchVersion(); - $aItopVersion = explode('.', $sItopVersionShort); - $sExpectedXmlVersion = ($aItopVersion[0] - 1).'.'.($aItopVersion[1]); // eg: 2.7.0-dev become 1.7 + $aXmlFiles[] = APPROOT.'core/datamodel.core.xml'; + $aXmlFiles[] = APPROOT.'application/datamodel.application.xml'; $aTestCases = array(); foreach ($aXmlFiles as $sXmlFile) { $aTestCases[$sXmlFile] = array( - 'sExpectedXmlVersion' => $sExpectedXmlVersion, 'sXmlFile' => $sXmlFile, ); } diff --git a/test/releaseChecklist.xml.dist b/test/postbuild_integration.xml.dist similarity index 95% rename from test/releaseChecklist.xml.dist rename to test/postbuild_integration.xml.dist index 8dea80426..d83d3199f 100644 --- a/test/releaseChecklist.xml.dist +++ b/test/postbuild_integration.xml.dist @@ -41,8 +41,8 @@ verbose="false"> - - releaseChecklist + + postbuild_integration diff --git a/test/releaseChecklist/SetupCssIntegrityChecklistTest.php b/test/postbuild_integration/SetupCssIntegrityChecklistTest.php similarity index 100% rename from test/releaseChecklist/SetupCssIntegrityChecklistTest.php rename to test/postbuild_integration/SetupCssIntegrityChecklistTest.php diff --git a/test/postbuild_integration/iTopDesignFormatChecklistTest.php b/test/postbuild_integration/iTopDesignFormatChecklistTest.php new file mode 100644 index 000000000..0518c84d5 --- /dev/null +++ b/test/postbuild_integration/iTopDesignFormatChecklistTest.php @@ -0,0 +1,164 @@ +GetDataModelFiles(APPROOT.'/datamodels'); + + //retrieve current XML version in datamoldels files + foreach ($aDataModelFiles as $sDataModelFile) + { + if (preg_match('/itop_design .* version="([\d\.]*)"/', file_get_contents($sDataModelFile), $aMatches)) + { + $sVersion = $aMatches[1]; + if (!array_key_exists($sVersion, $aDatamodelCurrentVersions)) + { + if (trim($sVersion) === '') + { + $aErrors[] = "cannot retrieve itop_design datamodel version in $sDataModelFile:1"; + continue; + } + + $aDatamodelCurrentVersions[$sVersion] = $sVersion; + } + } + } + + //make sure there is only one found + $this->assertTrue(is_array($aDatamodelCurrentVersions)); + + $sFirstVersion = array_keys(iTopDesignFormat::$aVersions)[0]; + $sLatestVersion = array_keys(iTopDesignFormat::$aVersions)[count(iTopDesignFormat::$aVersions)-1]; + foreach ($aDatamodelCurrentVersions as $sCurrentVersion) + { + try{ + //check we have migration function from current version to previous + $this->CheckCondition(array_key_exists($sCurrentVersion, iTopDesignFormat::$aVersions), "Missing $sCurrentVersion conversion functions in iTopDesignFormat."); + $aCurrentVersionInfo = iTopDesignFormat::$aVersions[$sCurrentVersion]; + $this->CheckCondition(is_array($aCurrentVersionInfo), "Wrong $sCurrentVersion config in iTopDesignFormat."); + $this->CheckCondition(array_key_exists('previous', $aCurrentVersionInfo), "Missing previous for $sCurrentVersion config in iTopDesignFormat."); + $this->TestDefinedFunction($aCurrentVersionInfo, 'go_to_next', $sCurrentVersion, ($sCurrentVersion=== $sLatestVersion)); + $this->TestDefinedFunction($aCurrentVersionInfo, 'go_to_previous', $sCurrentVersion, ($sCurrentVersion==='1.0')); + + //check we have migration function from N-1 version to current one + if (($sCurrentVersion!=='1.0')) { + $sPreviousVersion = $aCurrentVersionInfo['previous']; + $this->CheckCondition(array_key_exists($sPreviousVersion, iTopDesignFormat::$aVersions), + "$sCurrentVersion: Missing $sPreviousVersion config in iTopDesignFormat."); + $aPreviousVersionInfo = iTopDesignFormat::$aVersions[$sPreviousVersion]; + $this->CheckCondition(is_array($aPreviousVersionInfo), + "$sCurrentVersion: wrong $sPreviousVersion config in iTopDesignFormat."); + $this->CheckCondition(array_key_exists('previous', $aPreviousVersionInfo), + "$sCurrentVersion: Missing previous for $sPreviousVersion config in iTopDesignFormat."); + $this->TestDefinedFunction($aPreviousVersionInfo, 'go_to_previous', $sPreviousVersion, ($sPreviousVersion === '1.0')); + $this->TestDefinedFunction($aPreviousVersionInfo, 'go_to_next', $sPreviousVersion, ($sPreviousVersion === $sLatestVersion)); + } + + //check we have migration function from current version to next one + if (($sCurrentVersion!== $sLatestVersion)) { + $sNextVersion = $aCurrentVersionInfo['next']; + $this->CheckCondition(array_key_exists($sNextVersion, iTopDesignFormat::$aVersions), + "$sCurrentVersion: Missing $sNextVersion config in iTopDesignFormat."); + $aNextVersionInfo = iTopDesignFormat::$aVersions[$sNextVersion]; + $this->CheckCondition(is_array($aNextVersionInfo), + "$sCurrentVersion: wrong $sNextVersion config in iTopDesignFormat."); + $this->CheckCondition(array_key_exists('previous', $aNextVersionInfo), + "$sCurrentVersion: Missing previous for $sNextVersion config in iTopDesignFormat."); + $this->TestDefinedFunction($aNextVersionInfo, 'go_to_previous', $sNextVersion, ($sNextVersion === '1.0')); + $this->TestDefinedFunction($aNextVersionInfo, 'go_to_next', $sNextVersion, ($sNextVersion === $sLatestVersion)); + } + } + catch(Exception $e) + { + $aErrors[] = $e->getMessage(); + } + } + + if (count($aErrors)!=0) + { + $sMsg = "Issue with conversion functions:\n"; + $sMsg .= implode("\n", $aErrors); + $this->fail($sMsg); + } + else + { + $this->assertTrue(true); + } + } + + private function CheckCondition($bCondition, $sMsg) + { + if ($bCondition === false) + { + throw new \Exception($sMsg); + } + } + + private function TestDefinedFunction($aCurrentVersionInfo, $sFunctionKey, $sVersion, $bNullFunction=false) + { + $sInfo = json_encode($aCurrentVersionInfo, true); + $this->CheckCondition(array_key_exists($sFunctionKey, $aCurrentVersionInfo), "Missing $sFunctionKey in $sVersion config in iTopDesignFormat: " . $sInfo); + //echo $aCurrentVersionInfo[$sFunctionKey].'\n'; + if ($bNullFunction === false) + { + $oReflectionClass = new \ReflectionClass(iTopDesignFormat::class); + $this->CheckCondition($oReflectionClass->hasMethod($aCurrentVersionInfo[$sFunctionKey]), "wrong go_to_previous function '".$aCurrentVersionInfo[$sFunctionKey]."'' for $sVersion config in iTopDesignFormat." . $sInfo); + } + else + { + $this->CheckCondition(is_null($aCurrentVersionInfo[$sFunctionKey]), "$sVersion $sFunctionKey function should be null"); + } + } + + public function GetDataModelFiles($sFolder) + { + $aDataModelFiles = array(); + if (is_dir($sFolder)) + { + foreach (glob($sFolder."/*") as $sPath) + { + if (is_dir($sPath)) + { + $aDataModelFiles = array_merge($aDataModelFiles, $this->GetDataModelFiles($sPath)); + } + else if (preg_match("/datamodel\..*\.xml/", basename($sPath))) + { + $aDataModelFiles[] = $sPath; + } + } + } + return $aDataModelFiles; + } +} \ No newline at end of file diff --git a/test/releaseChecklist/iTopModuleXmlInstallationChecklistTest.php b/test/postbuild_integration/iTopModuleXmlInstallationChecklistTest.php similarity index 100% rename from test/releaseChecklist/iTopModuleXmlInstallationChecklistTest.php rename to test/postbuild_integration/iTopModuleXmlInstallationChecklistTest.php diff --git a/test/releaseChecklist/iTopDesignFormatChecklistTest.php b/test/releaseChecklist/iTopDesignFormatChecklistTest.php deleted file mode 100644 index 0cd5a8b6c..000000000 --- a/test/releaseChecklist/iTopDesignFormatChecklistTest.php +++ /dev/null @@ -1,101 +0,0 @@ -GetDataModelFiles(APPROOT.'/datamodels'); - - //retrieve current XML version in datamoldels files - foreach ($aDataModelFiles as $sDataModelFile) - { - if (preg_match('/itop_design .* version="([\d\.]*)"/', file_get_contents($sDataModelFile), $aMatches)) - { - $sVersion = $aMatches[1]; - if (!array_key_exists($sVersion, $aDatamodelCurrentVersions)) - { - $aDatamodelCurrentVersions[$sVersion] = $sVersion; - } - } - } - - //make sure there is only one found - $this->assertTrue(is_array($aDatamodelCurrentVersions)); - $this->assertEquals(1, count($aDatamodelCurrentVersions), "Found too much XML versions: " . json_encode($aDatamodelCurrentVersions)); - - //check we have migration function from new version to previous one - $sCurrentVersion = array_values($aDatamodelCurrentVersions)[0]; - $this->assertTrue(array_key_exists($sCurrentVersion, iTopDesignFormat::$aVersions), "Release checklist: missing $sCurrentVersion config in iTopDesignFormat "); - $aCurrentVersionInfo = iTopDesignFormat::$aVersions[$sCurrentVersion]; - $this->assertTrue(is_array($aCurrentVersionInfo), "Release checklist: wrong $sCurrentVersion config in iTopDesignFormat "); - $this->assertTrue(array_key_exists('previous', $aCurrentVersionInfo), "Release checklist: missing previous for $sCurrentVersion config in iTopDesignFormat "); - $this->TestDefinedFunction($aCurrentVersionInfo, 'go_to_previous', $sCurrentVersion); - - //check we have migration function from N-1 version to new one - $sPreviousVersion = $aCurrentVersionInfo['previous']; - $this->assertTrue(array_key_exists($sPreviousVersion, iTopDesignFormat::$aVersions), "Release checklist: missing $sPreviousVersion config in iTopDesignFormat "); - $aPreviousVersionInfo = iTopDesignFormat::$aVersions[$sPreviousVersion]; - $this->assertTrue(is_array($aPreviousVersionInfo), "Release checklist: wrong $sPreviousVersion config in iTopDesignFormat "); - $this->assertTrue(array_key_exists('previous', $aPreviousVersionInfo), "Release checklist: missing previous for $sPreviousVersion config in iTopDesignFormat "); - $this->TestDefinedFunction($aPreviousVersionInfo, 'go_to_previous', $sPreviousVersion); - $this->TestDefinedFunction($aPreviousVersionInfo, 'go_to_next', $sPreviousVersion); - } - - private function TestDefinedFunction($aCurrentVersionInfo, $sFunctionKey, $sVersion) - { - $sInfo = json_encode($aCurrentVersionInfo, true); - $this->assertTrue(array_key_exists($sFunctionKey, $aCurrentVersionInfo), "Release checklist: missing $sFunctionKey in $sVersion config in iTopDesignFormat: " . $sInfo); - echo $aCurrentVersionInfo[$sFunctionKey].'\n'; - $oReflectionClass = new \ReflectionClass(iTopDesignFormat::class); - $this->assertTrue($oReflectionClass->hasMethod($aCurrentVersionInfo[$sFunctionKey]), "Release checklist: wrong go_to_previous function '".$aCurrentVersionInfo[$sFunctionKey]."'' for $sVersion config in iTopDesignFormat " . $sInfo); - } - - public function GetDataModelFiles($sFolder) - { - $aDataModelFiles = array(); - if (is_dir($sFolder)) - { - foreach (glob($sFolder."/*") as $sPath) - { - if (is_dir($sPath)) - { - $aDataModelFiles = array_merge($aDataModelFiles, $this->GetDataModelFiles($sPath)); - } - else if (preg_match("/datamodel\..*\.xml/", basename($sPath))) - { - $aDataModelFiles[] = $sPath; - } - } - } - return $aDataModelFiles; - } -} \ No newline at end of file From e9f81bd9785bcd6ce3e821736e381eb83c6e2f28 Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Thu, 1 Oct 2020 10:09:19 +0200 Subject: [PATCH 20/31] :wrench: Update .Editorconfig for braces always at eol --- .editorconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.editorconfig b/.editorconfig index d095a35cf..b30c0b63e 100644 --- a/.editorconfig +++ b/.editorconfig @@ -321,7 +321,7 @@ ij_php_call_parameters_right_paren_on_new_line = false ij_php_call_parameters_wrap = normal ij_php_catch_on_new_line = true ij_php_category_weight = 28 -ij_php_class_brace_style = next_line +ij_php_class_brace_style = end_of_line ij_php_comma_after_last_array_element = true ij_php_concat_spaces = false ij_php_copyright_weight = 28 @@ -372,7 +372,7 @@ ij_php_link_weight = 28 ij_php_lower_case_boolean_const = true ij_php_lower_case_keywords = true ij_php_lower_case_null_const = true -ij_php_method_brace_style = next_line +ij_php_method_brace_style = end_of_line ij_php_method_call_chain_wrap = off ij_php_method_parameters_new_line_after_left_paren = true ij_php_method_parameters_right_paren_on_new_line = true From 6cd0670d6b70e33f8da20cb293c93f10479bf809 Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Thu, 1 Oct 2020 09:45:00 +0200 Subject: [PATCH 21/31] :art: Fix parameter for all DBSearch::AllowAllData impl --- core/dbsearch.class.php | 52 +++++++++++++++++------------------- core/dbunionsearch.class.php | 13 ++++----- 2 files changed, 30 insertions(+), 35 deletions(-) diff --git a/core/dbsearch.class.php b/core/dbsearch.class.php index e5ce11999..e59493d80 100644 --- a/core/dbsearch.class.php +++ b/core/dbsearch.class.php @@ -97,42 +97,40 @@ abstract class DBSearch /** * Perform a deep clone (as opposed to "clone" which does copy a reference to the underlying objects) * - * @internal - * + * @internal + * * @return \DBSearch - **/ + **/ public function DeepClone() { return unserialize(serialize($this)); // Beware this serializes/unserializes the search and its parameters as well } - /** - * whether or not some information should be hidden to the current user. - * - * @api - * @see IsAllDataAllowed() - * - * @return mixed - */ - abstract public function AllowAllData(); + /** + * @api + * @see IsAllDataAllowed() + * + * @param bool $bAllowAllData whether or not some information should be hidden to the current user. + */ + abstract public function AllowAllData($bAllowAllData = true); - /** - * Current state of AllowAllData - * - * @internal - * @see AllowAllData() - * - * @return mixed - */ + /** + * Current state of AllowAllData + * + * @internal + * @see AllowAllData() + * + * @return mixed + */ abstract public function IsAllDataAllowed(); - /** - * Should the archives be fetched - * - * @internal - * - * @param $bEnable - */ + /** + * Should the archives be fetched + * + * @internal + * + * @param $bEnable + */ public function SetArchiveMode($bEnable) { $this->m_bArchiveMode = $bEnable; diff --git a/core/dbunionsearch.class.php b/core/dbunionsearch.class.php index 721191bd3..a574af4b7 100644 --- a/core/dbunionsearch.class.php +++ b/core/dbunionsearch.class.php @@ -65,9 +65,7 @@ class DBUnionSearch extends DBSearch { $this->aSearches[] = $oSubSearch->DeepClone(); } - } - else - { + } else { $this->aSearches[] = $oSearch->DeepClone(); } } @@ -75,17 +73,16 @@ class DBUnionSearch extends DBSearch $this->ComputeSelectedClasses(); } - public function AllowAllData() + public function AllowAllData($bAllowAllData = true) { - foreach ($this->aSearches as $oSearch) - { + foreach ($this->aSearches as $oSearch) { $oSearch->AllowAllData(); } } + public function IsAllDataAllowed() { - foreach ($this->aSearches as $oSearch) - { + foreach ($this->aSearches as $oSearch) { if ($oSearch->IsAllDataAllowed() === false) return false; } return true; From b2474d33689b419a08c93798e3a2dab7ad62f65e Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Thu, 1 Oct 2020 11:31:24 +0200 Subject: [PATCH 22/31] =?UTF-8?q?N=C2=B03324=20Portal=20fix=20ignore=5Fsil?= =?UTF-8?q?o=20when=20using=20nested=20query=20in=20scopes=20The=20AllowAl?= =?UTF-8?q?lData=20attribute=20wasn't=20updated=20in=20the=20nested=20quer?= =?UTF-8?q?ies.=20It=20is=20now=20set=20both=20when=20calling=20DBObjectSe?= =?UTF-8?q?arch::AllowAllData=20and=20when=20creating=20a=20new=20nested?= =?UTF-8?q?=20query=20(\DBObjectSearch::AddConditionExpression)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/dbobjectsearch.class.php | 85 +++++++++++++--------- core/oql/expression.class.inc.php | 116 ++++++++++++++++++------------ test/core/DBSearchTest.php | 42 +++++++++-- 3 files changed, 159 insertions(+), 84 deletions(-) diff --git a/core/dbobjectsearch.class.php b/core/dbobjectsearch.class.php index fff7c2338..9b57078a8 100644 --- a/core/dbobjectsearch.class.php +++ b/core/dbobjectsearch.class.php @@ -63,9 +63,15 @@ class DBObjectSearch extends DBSearch { parent::__construct(); - if (is_null($sClassAlias)) $sClassAlias = $sClass; - if(!is_string($sClass)) throw new Exception('DBObjectSearch::__construct called with a non-string parameter: $sClass = '.print_r($sClass, true)); - if(!MetaModel::IsValidClass($sClass)) throw new Exception('DBObjectSearch::__construct called for an invalid class: "'.$sClass.'"'); + if (is_null($sClassAlias)) { + $sClassAlias = $sClass; + } + if (!is_string($sClass)) { + throw new Exception('DBObjectSearch::__construct called with a non-string parameter: $sClass = '.print_r($sClass, true)); + } + if (!MetaModel::IsValidClass($sClass)) { + throw new Exception('DBObjectSearch::__construct called for an invalid class: "'.$sClass.'"'); + } $this->m_aSelectedClasses = array($sClassAlias => $sClass); $this->m_aClasses = array($sClassAlias => $sClass); @@ -75,30 +81,43 @@ class DBObjectSearch extends DBSearch $this->m_aReferencedBy = array(); } - public function AllowAllData($bAllowAllData = true) {$this->m_bAllowAllData = $bAllowAllData;} - public function IsAllDataAllowed() {return $this->m_bAllowAllData;} - protected function IsDataFiltered() {return $this->m_bDataFiltered; } - protected function SetDataFiltered() {$this->m_bDataFiltered = true;} + public function AllowAllData($bAllowAllData = true) { + $this->m_bAllowAllData = $bAllowAllData; + + $this->m_oSearchCondition->Browse(function ($oThisExpression) use ($bAllowAllData) { + ExpressionHelper::ExpressionAllowAllDataCallback($oThisExpression, $bAllowAllData); + }); + } + + public function IsAllDataAllowed() { + return $this->m_bAllowAllData; + } + + protected function IsDataFiltered() { + return $this->m_bDataFiltered; + } + + protected function SetDataFiltered() { + $this->m_bDataFiltered = true; + } // Create a search definition that leads to 0 result, still a valid search object - static public function FromEmptySet($sClass) - { + public static function FromEmptySet($sClass) { $oResultFilter = new DBObjectSearch($sClass); $oResultFilter->m_oSearchCondition = new FalseExpression; + return $oResultFilter; } - public function GetJoinedClasses() {return $this->m_aClasses;} + public function GetJoinedClasses() { + return $this->m_aClasses; + } - public function GetClassName($sAlias) - { - if (array_key_exists($sAlias, $this->m_aSelectedClasses)) - { + public function GetClassName($sAlias) { + if (array_key_exists($sAlias, $this->m_aSelectedClasses)) { return $this->m_aSelectedClasses[$sAlias]; - } - else - { + } else { throw new CoreException("Invalid class alias '$sAlias'"); } } @@ -358,37 +377,35 @@ class DBObjectSearch extends DBSearch } foreach($this->m_aReferencedBy as $sForeignClass => $aReferences) { - foreach($aReferences as $sForeignExtKeyAttCode => $aFiltersByOperator) - { - foreach ($aFiltersByOperator as $iOperatorCode => $aFilters) - { - foreach ($aFilters as $oForeignFilter) - { + foreach($aReferences as $sForeignExtKeyAttCode => $aFiltersByOperator) { + foreach ($aFiltersByOperator as $iOperatorCode => $aFilters) { + foreach ($aFilters as $oForeignFilter) { $oForeignFilter->RenameParam($sOldName, $sNewName); } } } } } - - public function ResetCondition() - { + + public function ResetCondition() { $this->m_oSearchCondition = new TrueExpression(); // ? is that usefull/enough, do I need to rebuild the list after the subqueries ? } - public function MergeConditionExpression($oExpression) - { - $this->m_oSearchCondition = $this->m_oSearchCondition->LogOr($oExpression); + public function MergeConditionExpression($oExpression) { + $this->m_oSearchCondition = $this->m_oSearchCondition->LogOr($oExpression); } - public function AddConditionExpression($oExpression) - { - $this->m_oSearchCondition = $this->m_oSearchCondition->LogAnd($oExpression); + public function AddConditionExpression($oExpression) { + $this->m_oSearchCondition = $this->m_oSearchCondition->LogAnd($oExpression); + + $bRootSearchAllowAllData = $this->IsAllDataAllowed(); + $oExpression->Browse(function ($oThisExpression) use ($bRootSearchAllowAllData) { + ExpressionHelper::ExpressionAllowAllDataCallback($oThisExpression, $bRootSearchAllowAllData); + }); } - public function AddNameCondition($sName) - { + public function AddNameCondition($sName) { $oValueExpr = new ScalarExpression($sName); $oNameExpr = new FieldExpression('friendlyname', $this->GetClassAlias()); $oNewCondition = new BinaryExpression($oNameExpr, '=', $oValueExpr); diff --git a/core/oql/expression.class.inc.php b/core/oql/expression.class.inc.php index 596823041..69d04420d 100644 --- a/core/oql/expression.class.inc.php +++ b/core/oql/expression.class.inc.php @@ -1,32 +1,52 @@ -// +/* + * Copyright (C) 2010-2020 Combodo SARL + * + * This file is part of iTop. + * + * iTop is free software; you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * iTop is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + */ -class MissingQueryArgument extends CoreException -{ +class MissingQueryArgument extends CoreException { +} + + +class ExpressionHelper { + /** + * Callback to be used with {@link Expression::Browse}, to update the AllowAllData attribute in the NestedQueryExpression that are + * present in the Expression tree + * + * @param \Expression $oExpression + * @param boolean $bAllowAllData + * + * @uses \DBSearch::AllowAllData() + * + * @since 2.7.2 2.8.0 N°3324 + */ + public static function ExpressionAllowAllDataCallback($oExpression, $bAllowAllData) { + if (!($oExpression instanceof NestedQueryExpression)) { + return; + } + + $oExpression->AllowAllData($bAllowAllData); + } } /** * @method Check($oModelReflection, array $aAliases, $sSourceQuery) */ -abstract class Expression -{ +abstract class Expression { const OPERATOR_BINARY = 'binary'; const OPERATOR_BOOLEAN = 'boolean_binary'; const OPERATOR_FIELD = 'field'; @@ -139,9 +159,13 @@ abstract class Expression } /** - * Recursively browse the expression tree - * @param Closure $callback - * @return mixed + * Recursively browse the expression tree. + * + * To access variables, specify them using the `use` keyword and the `&` to pass by reference if necessary + * + * @see https://www.php.net/manual/fr/functions.anonymous.php + * + * @param Closure $callback with current expression as parameter */ abstract public function Browse(Closure $callback); @@ -2157,60 +2181,62 @@ class NestedQueryExpression extends Expression } /**/ - public function ApplyParameters($aArgs) - { + public function ApplyParameters($aArgs) { $this->m_oNestedQuery->ApplyParameters($aArgs); } /**/ - public function GetUnresolvedFields($sAlias, &$aUnresolved) - { + public function GetUnresolvedFields($sAlias, &$aUnresolved) { } /**/ - public function Translate($aTranslationData, $bMatchAll = true, $bMarkFieldsAsResolved = true) - { + public function Translate($aTranslationData, $bMatchAll = true, $bMarkFieldsAsResolved = true) { // Check and prepare the select information - $this->m_oNestedQuery->TranslateConditions($aTranslationData, $bMatchAll , $bMarkFieldsAsResolved ); + $this->m_oNestedQuery->TranslateConditions($aTranslationData, $bMatchAll, $bMarkFieldsAsResolved); + return clone $this; } - public function ListRequiredFields() - { + public function ListRequiredFields() { return array(); } - public function CollectUsedParents(&$aTable) - { + public function CollectUsedParents(&$aTable) { } - public function ListConstantFields() - { + public function ListConstantFields() { return $this->m_oNestedQuery->ListConstantFields(); } - public function ListParameters() - { + public function ListParameters() { return $this->m_oNestedQuery->ListParameters(); } - public function RenameParam($sOldName, $sNewName) - { + public function RenameParam($sOldName, $sNewName) { $this->m_oNestedQuery->RenameParam($sOldName, $sNewName); } - public function RenameAlias($sOldName, $sNewName) - { + public function RenameAlias($sOldName, $sNewName) { $this->m_oNestedQuery->RenameAlias($sOldName, $sNewName); } /** * @inheritDoc */ - public function ToJSON(&$aArgs = null, $bRetrofitParams = false) - { + public function ToJSON(&$aArgs = null, $bRetrofitParams = false) { return $this->m_oNestedQuery->ToJSON(); } + + /** + * Simple indirection to {@link \DBObjectSearch::AllowAllData()} + * + * @param bool $bAllowAllData + * + * @uses \DBSearch::AllowAllData() + */ + public function AllowAllData($bAllowAllData = true) { + $this->m_oNestedQuery->AllowAllData($bAllowAllData); + } } class FunctionExpression extends Expression diff --git a/test/core/DBSearchTest.php b/test/core/DBSearchTest.php index 9389bc9ca..abc8a7795 100644 --- a/test/core/DBSearchTest.php +++ b/test/core/DBSearchTest.php @@ -675,17 +675,49 @@ class DBSearchTest extends ItopDataTestCase $TwoOrgIdsOnly = array($allOrgIds[0], $allOrgIds[1]); $oSearch = DBSearch::FromOQL("SELECT UserRequest WHERE org_id IN (:org_ids)"); self::assertNotNull($oSearch); - $oSet = new \CMDBObjectSet($oSearch, array(), array('org_ids'=> $TwoOrgIdsOnly)); + $oSet = new \CMDBObjectSet($oSearch, array(), array('org_ids' => $TwoOrgIdsOnly)); static::assertEquals(4, $oSet->Count()); - $_SERVER['REQUEST_URI']='FAKE_REQUEST_URI' ; - $_SERVER['REQUEST_METHOD']='FAKE_REQUEST_METHOD'; + $_SERVER['REQUEST_URI'] = 'FAKE_REQUEST_URI'; + $_SERVER['REQUEST_METHOD'] = 'FAKE_REQUEST_METHOD'; $oP = new \iTopWebPage("test"); $oBlock = new \DisplayBlock($oSet->GetFilter(), 'list', false); - $sHtml = $oBlock->GetDisplay($oP, 'package_table', array ('menu'=>true, 'display_limit'=>false)); + $sHtml = $oBlock->GetDisplay($oP, 'package_table', array('menu' => true, 'display_limit' => false)); $iHtmlUserRequestLineCount = substr_count($sHtml, 'output(); } + + /** + * @since 2.7.2 2.8.0 N°3324 + */ + public function testAllowAllData() { + $oSimpleSearch = \DBObjectSearch::FromOQL('SELECT FunctionalCI'); + $oSimpleSearch->AllowAllData(false); + self::assertFalse($oSimpleSearch->IsAllDataAllowed(), 'DBSearch AllowData value'); + $oSimpleSearch->AllowAllData(true); + self::assertTrue($oSimpleSearch->IsAllDataAllowed(), 'DBSearch AllowData value'); + + $sNestedQuery = 'SELECT FunctionalCI WHERE id IN (SELECT Server)'; + $this->CheckNestedSearch($sNestedQuery, true); + $this->CheckNestedSearch($sNestedQuery, false); + } + + private function CheckNestedSearch($sQuery, $bAllowAllData) { + $oNestedQuerySearch = \DBObjectSearch::FromOQL($sQuery); + $oNestedQuerySearch->AllowAllData($bAllowAllData); + self::assertEquals($bAllowAllData, $oNestedQuerySearch->IsAllDataAllowed(), 'root DBSearch AllowData value'); + $oNestedSearchInExpression = null; + $oNestedQuerySearch->GetCriteria()->Browse(function ($oExpression) use (&$oNestedSearchInExpression) { + if ($oExpression instanceof \NestedQueryExpression) { + $oNestedSearchInExpression = $oExpression->GetNestedQuery(); + + return; + } + }); + self::assertNotNull($oNestedSearchInExpression, 'We must have a DBSearch inside a NestedQueryExpression inside the root DBSearch'); + /** @var \DBObjectSearch $oNestedSearchInExpression */ + self::assertEquals($bAllowAllData, $oNestedSearchInExpression->IsAllDataAllowed(), 'Nested DBSearch AllowData value'); + } } From e4b3871947c6a79cc5d579df528d0aa1f21177d4 Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Thu, 1 Oct 2020 14:51:28 +0200 Subject: [PATCH 23/31] :memo: PHPDoc for \Expression::IsTrue --- core/oql/expression.class.inc.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/core/oql/expression.class.inc.php b/core/oql/expression.class.inc.php index 69d04420d..18f51354c 100644 --- a/core/oql/expression.class.inc.php +++ b/core/oql/expression.class.inc.php @@ -177,6 +177,9 @@ abstract class Expression { // recursively list field parents ($aTable = array of sParent => dummy) abstract public function CollectUsedParents(&$aTable); + /** + * @return boolean evaluation of the expression value, false if no conversion possible + */ abstract public function IsTrue(); // recursively builds an array of [classAlias][fieldName] => value @@ -185,8 +188,7 @@ abstract class Expression { // recursively builds an array of parameters to give to current request abstract public function ListParameters(); - public function RequiresField($sClass, $sFieldName) - { + public function RequiresField($sClass, $sFieldName) { // #@# todo - optimize : this is called quite often when building a single query ! $aRequired = $this->ListRequiredFields(); if (!in_array($sClass.'.'.$sFieldName, $aRequired)) return false; From 93c91c40777d67673d7913b0decd23abe1caacd3 Mon Sep 17 00:00:00 2001 From: BenGrenoble Date: Thu, 1 Oct 2020 15:11:07 +0200 Subject: [PATCH 24/31] =?UTF-8?q?3354=20remove=20now=20from=20"Bitte=20bes?= =?UTF-8?q?t=C3=A4tigen=20sie,=20dass=20jetzt=20ein=20Backup=20erstellen?= =?UTF-8?q?=20wollen=20now."?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- datamodels/2.x/itop-backup/de.dict.itop-backup.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/datamodels/2.x/itop-backup/de.dict.itop-backup.php b/datamodels/2.x/itop-backup/de.dict.itop-backup.php index d6145c39b..c925efb53 100644 --- a/datamodels/2.x/itop-backup/de.dict.itop-backup.php +++ b/datamodels/2.x/itop-backup/de.dict.itop-backup.php @@ -53,7 +53,7 @@ Dict::Add('DE DE', 'German', 'Deutsch', array( 'bkp-next-backup' => 'Das nächste Backup wird am %1$s (%2$s) um %3$s durchgeführt', 'bkp-button-backup-now' => 'Starte Backup', 'bkp-button-restore-now' => 'Wiederherstellen!', - 'bkp-confirm-backup' => 'Bitte bestätigen sie, dass sie jetzt ein Backup erstellen wollen now.', + 'bkp-confirm-backup' => 'Bitte bestätigen sie, dass sie jetzt ein Backup erstellen wollen.', 'bkp-confirm-restore' => 'Bitte bestätigen sie, dass sie mit Backup %1$s eine Wiederherstellung durchführen wollen.', 'bkp-wait-backup' => 'Bitte warten, bis das Backup abgeschlossen ist ...', 'bkp-wait-restore' => 'Bitte warten, bis die Wiederherstellung abgeschlossen ist ...', From db8c26da172383626091d7b1f921fd65f9860f18 Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Thu, 1 Oct 2020 17:02:22 +0200 Subject: [PATCH 25/31] :memo: update PHPDoc for \Expression::IsTrue --- core/oql/expression.class.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/oql/expression.class.inc.php b/core/oql/expression.class.inc.php index 18f51354c..1f65b5c5b 100644 --- a/core/oql/expression.class.inc.php +++ b/core/oql/expression.class.inc.php @@ -178,7 +178,7 @@ abstract class Expression { abstract public function CollectUsedParents(&$aTable); /** - * @return boolean evaluation of the expression value, false if no conversion possible + * @return boolean true if the expression's value is constant and evaluates to true, false otherwise */ abstract public function IsTrue(); From 37522459a868c505f106907ea198a082964b9db0 Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Thu, 1 Oct 2020 18:02:31 +0200 Subject: [PATCH 26/31] =?UTF-8?q?N=C2=B03351=20restore=20LogKPI=20calls=20?= =?UTF-8?q?in=20portal=20index?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../config/legacy_silex_compat_layer.php | 9 +++++++ .../itop-portal-base/portal/public/index.php | 25 +++++++++++++++---- 2 files changed, 29 insertions(+), 5 deletions(-) diff --git a/datamodels/2.x/itop-portal-base/portal/config/legacy_silex_compat_layer.php b/datamodels/2.x/itop-portal-base/portal/config/legacy_silex_compat_layer.php index 06e69d1d7..a92e34260 100644 --- a/datamodels/2.x/itop-portal-base/portal/config/legacy_silex_compat_layer.php +++ b/datamodels/2.x/itop-portal-base/portal/config/legacy_silex_compat_layer.php @@ -34,23 +34,30 @@ $oModuleDesign = new ModuleDesign($_ENV['PORTAL_ID']); // Load portal conf. such as properties, themes, templates, ... // Append into %combodo.portal.instance.conf% +$oKPI = new ExecutionKPI(); $oBasicCompat = new Basic($oModuleDesign); $oBasicCompat->Process($container); +$oKPI->ComputeAndReport('Load portal conf. such as properties, themes, templates, ...'); // Load portal forms definition // Append into %combodo.portal.instance.conf% +$oKPI = new ExecutionKPI(); $oFormsCompat = new Forms($oModuleDesign); $oFormsCompat->Process($container); +$oKPI->ComputeAndReport('Load portal forms definition'); // Load portal lists definition // Append into %combodo.portal.instance.conf% +$oKPI = new ExecutionKPI(); $oListsCompat = new Lists($oModuleDesign); $oListsCompat->Process($container); +$oKPI->ComputeAndReport('Load portal lists definition'); // Generating CSS files // Note: We do this here as it is not user dependent and therefore can be cached for everyone. // A dedicated listener 'CssFromSassCompiler' exists to compile files again when by-passing HTTP cache. // This is to keep developers comfort when tuning the SCSS files. +$oKPI = new ExecutionKPI(); $aImportPaths = array($_ENV['COMBODO_PORTAL_BASE_ABSOLUTE_PATH'].'css/'); $aPortalConf = $container->getParameter('combodo.portal.instance.conf'); foreach ($aPortalConf['properties']['themes'] as $sKey => $value) @@ -71,4 +78,6 @@ foreach ($aPortalConf['properties']['themes'] as $sKey => $value) $aPortalConf['properties']['themes'][$sKey] = $aValues; } } +$oKPI->ComputeAndReport('Generating CSS files'); + $container->setParameter('combodo.portal.instance.conf', $aPortalConf); \ No newline at end of file diff --git a/datamodels/2.x/itop-portal-base/portal/public/index.php b/datamodels/2.x/itop-portal-base/portal/public/index.php index 04d090984..b9b7539d2 100644 --- a/datamodels/2.x/itop-portal-base/portal/public/index.php +++ b/datamodels/2.x/itop-portal-base/portal/public/index.php @@ -24,23 +24,38 @@ require_once MODULESROOT.'itop-portal-base/portal/config/bootstrap.php'; // Stacking context tag so it knows we are in the portal $oContext = new ContextTag(ContextTag::TAG_PORTAL); -$oContext2 = new ContextTag('Portal:' . $_ENV['PORTAL_ID']); +$oContext2 = new ContextTag('Portal:'.$_ENV['PORTAL_ID']); + + +$oKPI = new ExecutionKPI(); // Note: Manually refactored ternary condition to be PHP 5.x compatible -if ($trustedProxies = isset($_SERVER['TRUSTED_PROXIES']) ? $_SERVER['TRUSTED_PROXIES'] : (isset($_ENV['TRUSTED_PROXIES']) ? $_ENV['TRUSTED_PROXIES'] : false)) -{ +if ($trustedProxies = isset($_SERVER['TRUSTED_PROXIES']) ? $_SERVER['TRUSTED_PROXIES'] : (isset($_ENV['TRUSTED_PROXIES']) ? $_ENV['TRUSTED_PROXIES'] : false)) { Request::setTrustedProxies(explode(',', $trustedProxies), Request::HEADER_X_FORWARDED_ALL ^ Request::HEADER_X_FORWARDED_HOST); } // Note: Manually refactored ternary condition to be PHP 5.x compatible -if ($trustedHosts = isset($_SERVER['TRUSTED_HOSTS']) ? $_SERVER['TRUSTED_HOSTS'] : (isset($_ENV['TRUSTED_HOSTS']) ? $_ENV['TRUSTED_HOSTS'] : false)) -{ +if ($trustedHosts = isset($_SERVER['TRUSTED_HOSTS']) ? $_SERVER['TRUSTED_HOSTS'] : (isset($_ENV['TRUSTED_HOSTS']) ? $_ENV['TRUSTED_HOSTS'] : false)) { Request::setTrustedHosts([$trustedHosts]); } $oKernel = new Kernel($_SERVER['APP_ENV'], (bool)$_SERVER['APP_DEBUG']); +$oKPI->ComputeAndReport('Symfony kernel init'); + +$oKPI = new ExecutionKPI(); $oRequest = Request::createFromGlobals(); +$oKPI->ComputeAndReport('Symfony request parsing/creation'); + +$oKPI = new ExecutionKPI(); /** @noinspection PhpUnhandledExceptionInspection */ $oResponse = $oKernel->handle($oRequest); $oResponse->send(); +$oKPI->ComputeAndReport('Page execution and rendering'); + + +$oKPI = new ExecutionKPI(); $oKernel->terminate($oRequest, $oResponse); +$oKPI->ComputeAndReport('Symfony kernel termination'); + + +ExecutionKPI::ReportStats(); \ No newline at end of file From 2e08ae571afaebfaa16e74b056a94e6b125c5230 Mon Sep 17 00:00:00 2001 From: BenGrenoble Date: Fri, 2 Oct 2020 10:51:25 +0200 Subject: [PATCH 27/31] 3354 change sie by Sie --- datamodels/2.x/itop-backup/de.dict.itop-backup.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/datamodels/2.x/itop-backup/de.dict.itop-backup.php b/datamodels/2.x/itop-backup/de.dict.itop-backup.php index c925efb53..b60f0cb1d 100644 --- a/datamodels/2.x/itop-backup/de.dict.itop-backup.php +++ b/datamodels/2.x/itop-backup/de.dict.itop-backup.php @@ -31,8 +31,8 @@ Dict::Add('DE DE', 'German', 'Deutsch', array( 'bkp-status-title' => 'Geplante Backups', 'bkp-status-checks' => 'Einstellungen und Prüfungen', 'bkp-mysqldump-ok' => 'mysqldump ist vorhanden: %1$s', - 'bkp-mysqldump-notfound' => 'mysqldump wurde nicht gefunden: %1$s - Stellen sie sicher, das er eingespielt und im Pfad verfügbar ist oder editieren sie die Konfigurationsdatei um das MySQL bindir anzupassen.', - 'bkp-mysqldump-issue' => 'mysqldump konnte nicht eingespielt werden (retcode=%1$d): Stellen sie sicher, das es installiert und im Pfad verfügbar ist oder editieren sie die Konfigurationsdatei um das MySQL bindir anzupassen.', + 'bkp-mysqldump-notfound' => 'mysqldump wurde nicht gefunden: %1$s - Stellen Sie sicher, das er eingespielt und im Pfad verfügbar ist oder editieren Sie die Konfigurationsdatei um das MySQL bindir anzupassen.', + 'bkp-mysqldump-issue' => 'mysqldump konnte nicht eingespielt werden (retcode=%1$d): Stellen Sie sicher, das es installiert und im Pfad verfügbar ist oder editieren Sie die Konfigurationsdatei um das MySQL bindir anzupassen.', 'bkp-missing-dir' => 'Zielverzeichniss %1$s nicht gefunden', 'bkp-free-disk-space' => '%1$s frei in %2$s', 'bkp-dir-not-writeable' => '%1$s ist nicht schreibbar', @@ -53,8 +53,8 @@ Dict::Add('DE DE', 'German', 'Deutsch', array( 'bkp-next-backup' => 'Das nächste Backup wird am %1$s (%2$s) um %3$s durchgeführt', 'bkp-button-backup-now' => 'Starte Backup', 'bkp-button-restore-now' => 'Wiederherstellen!', - 'bkp-confirm-backup' => 'Bitte bestätigen sie, dass sie jetzt ein Backup erstellen wollen.', - 'bkp-confirm-restore' => 'Bitte bestätigen sie, dass sie mit Backup %1$s eine Wiederherstellung durchführen wollen.', + 'bkp-confirm-backup' => 'Bitte bestätigen Sie, dass Sie jetzt ein Backup erstellen wollen.', + 'bkp-confirm-restore' => 'Bitte bestätigen Sie, dass Sie mit Backup %1$s eine Wiederherstellung durchführen wollen.', 'bkp-wait-backup' => 'Bitte warten, bis das Backup abgeschlossen ist ...', 'bkp-wait-restore' => 'Bitte warten, bis die Wiederherstellung abgeschlossen ist ...', 'bkp-success-restore' => 'Wiederherstellung erfolgreich.', From 155169419819c271cd3f22dec46b1a17cb8b3dd7 Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Mon, 5 Oct 2020 14:31:26 +0200 Subject: [PATCH 28/31] =?UTF-8?q?N=C2=B03317=20Security=20hardening?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/ajaxwebpage.class.inc.php | 23 +++++++++++---------- application/csvpage.class.inc.php | 5 +++-- application/itopwebpage.class.inc.php | 1 + application/loginwebpage.class.inc.php | 8 +++---- application/webpage.class.inc.php | 1 + application/xmlpage.class.inc.php | 3 ++- datamodels/2.x/combodo-db-tools/dbtools.php | 1 - datamodels/2.x/itop-backup/status.php | 1 - datamodels/2.x/itop-config/config.php | 1 - pages/UI.php | 1 - pages/UniversalSearch.php | 1 - pages/notifications.php | 1 - pages/run_query.php | 1 - pages/schema.php | 1 - webservices/export-v2.php | 4 ---- 15 files changed, 23 insertions(+), 30 deletions(-) diff --git a/application/ajaxwebpage.class.inc.php b/application/ajaxwebpage.class.inc.php index f84d13918..b74c17db8 100644 --- a/application/ajaxwebpage.class.inc.php +++ b/application/ajaxwebpage.class.inc.php @@ -42,21 +42,22 @@ class ajax_page extends WebPage implements iTabbedPage */ function __construct($s_title) { - $sPrintable = utils::ReadParam('printable', '0'); - $bPrintable = ($sPrintable == '1'); + $sPrintable = utils::ReadParam('printable', '0'); + $bPrintable = ($sPrintable == '1'); - parent::__construct($s_title, $bPrintable); - $this->m_sReadyScript = ""; - //$this->add_header("Content-type: text/html; charset=utf-8"); - $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); + parent::__construct($s_title, $bPrintable); + $this->m_sReadyScript = ""; + //$this->add_header("Content-type: text/html; charset=utf-8"); + $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); $this->add_header('Pragma: no-cache'); $this->add_header('Expires: 0'); - $this->m_oTabs = new TabManager(); - $this->sContentType = 'text/html'; - $this->sContentDisposition = 'inline'; - $this->m_sMenu = ""; + $this->add_header('X-Frame-Options: deny'); + $this->m_oTabs = new TabManager(); + $this->sContentType = 'text/html'; + $this->sContentDisposition = 'inline'; + $this->m_sMenu = ""; - utils::InitArchiveMode(); + utils::InitArchiveMode(); } public function AddTabContainer($sTabContainer, $sPrefix = '') diff --git a/application/csvpage.class.inc.php b/application/csvpage.class.inc.php index 537c23194..25dc612a2 100644 --- a/application/csvpage.class.inc.php +++ b/application/csvpage.class.inc.php @@ -31,12 +31,13 @@ class CSVPage extends WebPage { function __construct($s_title) { - parent::__construct($s_title); + parent::__construct($s_title); $this->add_header("Content-type: text/plain; charset=utf-8"); $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); $this->add_header('Pragma: no-cache'); $this->add_header('Expires: 0'); - //$this->add_header("Content-Transfer-Encoding: binary"); + $this->add_header('X-Frame-Options: deny'); + //$this->add_header("Content-Transfer-Encoding: binary"); } public function output() diff --git a/application/itopwebpage.class.inc.php b/application/itopwebpage.class.inc.php index 19a3aa7cf..e459d8ae9 100644 --- a/application/itopwebpage.class.inc.php +++ b/application/itopwebpage.class.inc.php @@ -75,6 +75,7 @@ class iTopWebPage extends NiceWebPage implements iTabbedPage $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); $this->add_header('Pragma: no-cache'); $this->add_header('Expires: 0'); + $this->add_header('X-Frame-Options: deny'); $this->add_linked_stylesheet("../css/jquery.treeview.css"); $this->add_linked_stylesheet("../css/jquery.autocomplete.css"); $this->add_linked_stylesheet("../css/jquery-ui-timepicker-addon.css"); diff --git a/application/loginwebpage.class.inc.php b/application/loginwebpage.class.inc.php index 02b03f12b..ce42ee050 100644 --- a/application/loginwebpage.class.inc.php +++ b/application/loginwebpage.class.inc.php @@ -62,16 +62,16 @@ class LoginWebPage extends NiceWebPage public function __construct($sTitle = null) { - if($sTitle === null) - { - $sTitle = Dict::S('UI:Login:Title'); - } + if ($sTitle === null) { + $sTitle = Dict::S('UI:Login:Title'); + } parent::__construct($sTitle); $this->SetStyleSheet(); $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); $this->add_header('Pragma: no-cache'); $this->add_header('Expires: 0'); + $this->add_header('X-Frame-Options: deny'); } public function SetStyleSheet() diff --git a/application/webpage.class.inc.php b/application/webpage.class.inc.php index b75707c17..bcaf20327 100644 --- a/application/webpage.class.inc.php +++ b/application/webpage.class.inc.php @@ -358,6 +358,7 @@ class WebPage implements Page $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); $this->add_header('Pragma: no-cache'); $this->add_header('Expires: 0'); + $this->add_header('X-Frame-Options: deny'); } /** diff --git a/application/xmlpage.class.inc.php b/application/xmlpage.class.inc.php index 7a8cb47fc..70d5ba2dd 100644 --- a/application/xmlpage.class.inc.php +++ b/application/xmlpage.class.inc.php @@ -46,8 +46,9 @@ class XMLPage extends WebPage $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); $this->add_header('Pragma: no-cache'); $this->add_header('Expires: 0'); + $this->add_header('X-Frame-Options: deny'); $this->add_header("Content-location: export.xml"); - } + } public function output() { diff --git a/datamodels/2.x/combodo-db-tools/dbtools.php b/datamodels/2.x/combodo-db-tools/dbtools.php index 4635eca09..32e22353e 100644 --- a/datamodels/2.x/combodo-db-tools/dbtools.php +++ b/datamodels/2.x/combodo-db-tools/dbtools.php @@ -570,7 +570,6 @@ try $sPageId = 'db-tools'; $oP = new iTopWebPage($sPageTitle); - $this->m_oPage->add_header('X-Frame-Options: deny'); $oP->add_saas('env-'.utils::GetCurrentEnvironment().'/combodo-db-tools/default.scss'); $oP->add( diff --git a/datamodels/2.x/itop-backup/status.php b/datamodels/2.x/itop-backup/status.php index d33615680..feeeb9b1b 100644 --- a/datamodels/2.x/itop-backup/status.php +++ b/datamodels/2.x/itop-backup/status.php @@ -37,7 +37,6 @@ try { $sTransactionId = utils::GetNewTransactionId(); $oP = new iTopWebPage(Dict::S('bkp-status-title')); - $oP->add_header('X-Frame-Options: deny'); $oP->set_base(utils::GetAbsoluteUrlAppRoot().'pages/'); $oP->add("

    ".Dict::S('bkp-status-title')."

    "); diff --git a/datamodels/2.x/itop-config/config.php b/datamodels/2.x/itop-config/config.php index de9bb584d..7e9f9231b 100644 --- a/datamodels/2.x/itop-config/config.php +++ b/datamodels/2.x/itop-config/config.php @@ -100,7 +100,6 @@ ApplicationMenu::CheckMenuIdEnabled('ConfigEditor'); //$oAppContext = new ApplicationContext(); $oP = new iTopWebPage(Dict::S('config-edit-title')); -$oP->add_header('X-Frame-Options: deny'); $oP->set_base(utils::GetAbsoluteUrlAppRoot().'pages/'); $oP->add_linked_script(utils::GetCurrentModuleUrl().'/js/ace.js'); $oP->add_linked_script(utils::GetCurrentModuleUrl().'/js/mode-php.js'); diff --git a/pages/UI.php b/pages/UI.php index 367b4284d..f4222c540 100644 --- a/pages/UI.php +++ b/pages/UI.php @@ -1780,7 +1780,6 @@ EOF /////////////////////////////////////////////////////////////////////////////////////////// default: // Menu node rendering (templates) - $oP->add_header('X-Frame-Options: deny'); ApplicationMenu::LoadAdditionalMenus(); $oMenuNode = ApplicationMenu::GetMenuNode(ApplicationMenu::GetMenuIndexById(ApplicationMenu::GetActiveNodeId())); if (is_object($oMenuNode)) diff --git a/pages/UniversalSearch.php b/pages/UniversalSearch.php index aeae6c3fb..04da4fe69 100644 --- a/pages/UniversalSearch.php +++ b/pages/UniversalSearch.php @@ -38,7 +38,6 @@ ApplicationMenu::CheckMenuIdEnabled('UniversalSearchMenu'); $oAppContext = new ApplicationContext(); $oP = new iTopWebPage(Dict::S('UI:UniversalSearchTitle')); -$oP->add_header('X-Frame-Options: deny'); $oP->add_linked_script("../js/json.js"); $oP->add_linked_script("../js/forms-json-utils.js"); $oP->add_linked_script("../js/wizardhelper.js"); diff --git a/pages/notifications.php b/pages/notifications.php index 866c468da..384db331a 100644 --- a/pages/notifications.php +++ b/pages/notifications.php @@ -37,7 +37,6 @@ ApplicationMenu::CheckMenuIdEnabled("NotificationsMenu"); // Main program // $oP = new iTopWebPage(Dict::S('Menu:NotificationsMenu+')); -$oP->add_header('X-Frame-Options: deny'); $oP->add('
    '); $oP->add('

    '.dict::S('UI:NotificationsMenu:Title').'

    '); diff --git a/pages/run_query.php b/pages/run_query.php index b2e49f96f..2d9288c34 100644 --- a/pages/run_query.php +++ b/pages/run_query.php @@ -100,7 +100,6 @@ $oAppContext = new ApplicationContext(); $oP = new iTopWebPage(Dict::S('UI:RunQuery:Title')); $oP->SetBreadCrumbEntry('ui-tool-runquery', Dict::S('Menu:RunQueriesMenu'), Dict::S('Menu:RunQueriesMenu+'), '', utils::GetAbsoluteUrlAppRoot().'images/wrench.png'); -$oP->add_header('X-Frame-Options: deny'); // Main program $sExpression = utils::ReadParam('expression', '', false, 'raw_data'); diff --git a/pages/schema.php b/pages/schema.php index 64fc0e97a..8c69eb18d 100644 --- a/pages/schema.php +++ b/pages/schema.php @@ -1074,7 +1074,6 @@ $operation = utils::ReadParam('operation', ''); $oPage = new iTopWebPage(Dict::S('UI:Schema:Title')); $oPage->no_cache(); -$oPage->add_header('X-Frame-Options: deny'); $oPage->SetBreadCrumbEntry('ui-tool-datamodel', Dict::S('Menu:DataModelMenu'), Dict::S('Menu:DataModelMenu+'), '', utils::GetAbsoluteUrlAppRoot().'images/wrench.png'); $oPage->add_script( diff --git a/webservices/export-v2.php b/webservices/export-v2.php index 3046766b0..ddd355b3b 100644 --- a/webservices/export-v2.php +++ b/webservices/export-v2.php @@ -352,7 +352,6 @@ function InteractiveShell($sExpression, $sQueryId, $sFormat, $sFileName, $sMode) if ($sMode == 'dialog') { $oP = new ajax_page(''); - $oP->add_header('X-Frame-Options: deny'); $oP->add('
    '); $sExportBtnLabel = json_encode(Dict::S('UI:Button:Export')); $sJSTitle = json_encode(htmlentities(utils::ReadParam('dialog_title', '', false, 'raw_data'), ENT_QUOTES, 'UTF-8')); @@ -378,7 +377,6 @@ EOF else { $oP = new iTopWebPage('iTop Export'); - $oP->add_header('X-Frame-Options: deny'); $oP->SetBreadCrumbEntry('ui-tool-export', Dict::S('Menu:ExportMenu'), Dict::S('Menu:ExportMenu+'), '', utils::GetAbsoluteUrlAppRoot().'images/wrench.png'); } @@ -753,7 +751,6 @@ try else { $oP = new ajax_page('iTop export'); - $oP->add_header('X-Frame-Options: deny'); $oP->SetContentType($oExporter->GetMimeType()); } DoExport($oP, $oExporter, false); @@ -763,7 +760,6 @@ try catch (BulkExportMissingParameterException $e) { $oP = new ajax_page('iTop Export'); - $oP->add_header('X-Frame-Options: deny'); $oP->add($e->getMessage()); Usage($oP); $oP->output(); From 090119147cf6c80879e1a268de094c9b5d64ee46 Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Mon, 5 Oct 2020 14:36:28 +0200 Subject: [PATCH 29/31] :art: PHP formatting --- application/ajaxwebpage.class.inc.php | 48 +++++++++++++-------------- application/csvpage.class.inc.php | 19 +++++------ 2 files changed, 33 insertions(+), 34 deletions(-) diff --git a/application/ajaxwebpage.class.inc.php b/application/ajaxwebpage.class.inc.php index b74c17db8..3c48108ab 100644 --- a/application/ajaxwebpage.class.inc.php +++ b/application/ajaxwebpage.class.inc.php @@ -30,35 +30,35 @@ class ajax_page extends WebPage implements iTabbedPage { /** * Jquery style ready script - * @var Hash - */ + * @var Hash + */ protected $m_sReadyScript; protected $m_oTabs; private $m_sMenu; // If set, then the menu will be updated - - /** - * constructor for the web page - * @param string $s_title Not used - */ - function __construct($s_title) - { - $sPrintable = utils::ReadParam('printable', '0'); - $bPrintable = ($sPrintable == '1'); - parent::__construct($s_title, $bPrintable); - $this->m_sReadyScript = ""; - //$this->add_header("Content-type: text/html; charset=utf-8"); - $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); - $this->add_header('Pragma: no-cache'); - $this->add_header('Expires: 0'); - $this->add_header('X-Frame-Options: deny'); - $this->m_oTabs = new TabManager(); - $this->sContentType = 'text/html'; - $this->sContentDisposition = 'inline'; - $this->m_sMenu = ""; + /** + * constructor for the web page + * + * @param string $s_title Not used + */ + function __construct($s_title) { + $sPrintable = utils::ReadParam('printable', '0'); + $bPrintable = ($sPrintable == '1'); - utils::InitArchiveMode(); - } + parent::__construct($s_title, $bPrintable); + $this->m_sReadyScript = ""; + //$this->add_header("Content-type: text/html; charset=utf-8"); + $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); + $this->add_header('Pragma: no-cache'); + $this->add_header('Expires: 0'); + $this->add_header('X-Frame-Options: deny'); + $this->m_oTabs = new TabManager(); + $this->sContentType = 'text/html'; + $this->sContentDisposition = 'inline'; + $this->m_sMenu = ""; + + utils::InitArchiveMode(); + } public function AddTabContainer($sTabContainer, $sPrefix = '') { diff --git a/application/csvpage.class.inc.php b/application/csvpage.class.inc.php index 25dc612a2..4a12a7520 100644 --- a/application/csvpage.class.inc.php +++ b/application/csvpage.class.inc.php @@ -29,16 +29,15 @@ require_once(APPROOT."/application/webpage.class.inc.php"); class CSVPage extends WebPage { - function __construct($s_title) - { - parent::__construct($s_title); - $this->add_header("Content-type: text/plain; charset=utf-8"); - $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); - $this->add_header('Pragma: no-cache'); - $this->add_header('Expires: 0'); - $this->add_header('X-Frame-Options: deny'); - //$this->add_header("Content-Transfer-Encoding: binary"); - } + function __construct($s_title) { + parent::__construct($s_title); + $this->add_header("Content-type: text/plain; charset=utf-8"); + $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); + $this->add_header('Pragma: no-cache'); + $this->add_header('Expires: 0'); + $this->add_header('X-Frame-Options: deny'); + //$this->add_header("Content-Transfer-Encoding: binary"); + } public function output() { From 1f5375731864bd78a1b692b18dd8e7abc9a2c98b Mon Sep 17 00:00:00 2001 From: Eric Date: Tue, 18 Aug 2020 17:21:25 +0200 Subject: [PATCH 30/31] =?UTF-8?q?N=C2=B03248=20-=20code=20hardening=20(che?= =?UTF-8?q?rry=20picked=20from=20commit=206a2593374433a72b3d23832db04f48b7?= =?UTF-8?q?03854e4f)=20(cherry=20picked=20from=20commit=20f74c78d61c4bd204?= =?UTF-8?q?394a4c216e6fad0e1e199ddd)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/transaction.class.inc.php | 9 ++++++++- application/utils.inc.php | 3 ++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/application/transaction.class.inc.php b/application/transaction.class.inc.php index ec073cd52..0e4ca4be1 100644 --- a/application/transaction.class.inc.php +++ b/application/transaction.class.inc.php @@ -233,7 +233,14 @@ class privUITransactionFile */ public static function IsTransactionValid($id, $bRemoveTransaction = true) { - $sFilepath = APPROOT.'data/transactions/'.$id; + // Constraint the transaction file within APPROOT.'data/transactions' + $sTransactionDir = realpath(APPROOT.'data/transactions'); + $sFilepath = utils::RealPath($sTransactionDir.'/'.$id, $sTransactionDir); + if (($sFilepath === false) || (strlen($sTransactionDir) == strlen($sFilepath))) + { + return false; + } + clearstatcache(true, $sFilepath); $bResult = file_exists($sFilepath); if ($bResult) diff --git a/application/utils.inc.php b/application/utils.inc.php index 08d816459..5c9f34817 100644 --- a/application/utils.inc.php +++ b/application/utils.inc.php @@ -308,6 +308,7 @@ class utils case 'context_param': case 'parameter': case 'field_name': + case 'transaction_id': if (is_array($value)) { $retValue = array(); @@ -2086,7 +2087,7 @@ class utils * @param string $sPath for example '/var/www/html/itop/data/backups/manual/itop_27-2019-10-03_15_35.tar.gz' * @param string $sBasePath for example '/var/www/html/itop/data/' * - * @return bool false if path : + * @return bool|string false if path : * * invalid * * not allowed * * not contained in base path From ed0e16494d731214dc156613b41993866b8fcb60 Mon Sep 17 00:00:00 2001 From: acognet Date: Mon, 5 Oct 2020 16:23:56 +0200 Subject: [PATCH 31/31] =?UTF-8?q?N=C2=B03335=20-=20Fix=20test?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- test/core/OQLTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/core/OQLTest.php b/test/core/OQLTest.php index eb7bf7230..32882a0ef 100644 --- a/test/core/OQLTest.php +++ b/test/core/OQLTest.php @@ -218,7 +218,7 @@ class OQLTest extends ItopDataTestCase * * @param $sQuery * - * @expectedException \TypeError + * @expectedException \CoreException * * @throws \OQLException */