From b4880beb5bc4c1ab41dc4e41c21bf5d494a99560 Mon Sep 17 00:00:00 2001 From: Stephen Abello Date: Mon, 8 Aug 2022 10:35:16 +0200 Subject: [PATCH 1/5] =?UTF-8?q?N=C2=B05192=20Fix=20HILIGHT=5FCLASS=5FOK=20?= =?UTF-8?q?not=20displaying=20green=20rows=20since=20iTop=203.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- css/backoffice/vendors/_datatables.scss | 2 ++ 1 file changed, 2 insertions(+) diff --git a/css/backoffice/vendors/_datatables.scss b/css/backoffice/vendors/_datatables.scss index 231961e66..c873c17ae 100644 --- a/css/backoffice/vendors/_datatables.scss +++ b/css/backoffice/vendors/_datatables.scss @@ -46,6 +46,8 @@ $ibo-vendors-datatables--row-highlight--colors:( 'warning': ($ibo-color-orange-200), 'blue': ($ibo-color-blue-200), 'info': ($ibo-color-blue-200), + 'green': ($ibo-color-green-100), + 'success': ($ibo-color-green-200), ) !default; .dataTables_paginate { From 8e840d4529d641976b94359930d1486303f31e29 Mon Sep 17 00:00:00 2001 From: Stephen Abello Date: Mon, 8 Aug 2022 12:00:38 +0200 Subject: [PATCH 2/5] =?UTF-8?q?N=C2=B05138=20N=C2=B04425=20Fix=20not=20bei?= =?UTF-8?q?ng=20able=20to=20click=20on=20hyperlinks=20in=20tooltips?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- js/utils.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/js/utils.js b/js/utils.js index 1424d01c4..c8c2d6ac5 100644 --- a/js/utils.js +++ b/js/utils.js @@ -819,8 +819,10 @@ const CombodoTooltip = { oOptions['content'] = sContent; // Interaction (selection, click, ...) have to be enabled manually - // Important: When set to true, if "data-tooltip-append-to" is not specified, tooltip will be append to the parent element instead of the body - const bInteractive = oElem.attr('data-tooltip-interaction-enabled') === 'true'; + // Important: When set to true, if "data-tooltip-append-to" is not specified, tooltip will be appended to the parent element instead of the body + // Defaults to true if it contains hyperlink + let bDefaultInteractive = (bEnableHTML && sContent.indexOf(" -1) + const bInteractive = oElem.attr('data-tooltip-interaction-enabled') !== undefined ? oElem.attr('data-tooltip-interaction-enabled') === 'true' : bDefaultInteractive; oOptions['interactive'] = bInteractive; // Element to append the tooltip to From 059934151560ac13daf198470941b667d466fd8b Mon Sep 17 00:00:00 2001 From: Stephen Abello Date: Mon, 8 Aug 2022 13:14:45 +0200 Subject: [PATCH 3/5] =?UTF-8?q?N=C2=B04975=20Security=20hardening?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/Controller/PreferencesController.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/sources/Controller/PreferencesController.php b/sources/Controller/PreferencesController.php index 187639219..5fb731910 100644 --- a/sources/Controller/PreferencesController.php +++ b/sources/Controller/PreferencesController.php @@ -7,6 +7,7 @@ namespace Combodo\iTop\Controller; use appUserPreferences; +use CoreUnexpectedValue; use Exception; use MetaModel; use ormDocument; @@ -38,9 +39,14 @@ class PreferencesController appUserPreferences::SetPref('user_picture_placeholder', $sImageFilename); $sUserPicturesFolder = 'images/user-pictures/'; - $sImageAbsPath = APPROOT.$sUserPicturesFolder.$sImageFilename; + $sImageAbsPath = utils::RealPath(APPROOT.$sUserPicturesFolder.$sImageFilename, APPROOT.$sUserPicturesFolder); $sImageAbsUrl = utils::GetAbsoluteUrlAppRoot().$sUserPicturesFolder.$sImageFilename; - + + // Check if we're still in the right folder + if($sImageAbsPath === false){ + throw new CoreUnexpectedValue('Error while updating user image, invalid image path "'.$sUserPicturesFolder.$sImageFilename.'"'); + } + // Check file can be read $sImageData = file_get_contents($sImageAbsPath); if (false === $sImageData) { From b1432ef1c67cc8130c17695d07a454fc49bd1294 Mon Sep 17 00:00:00 2001 From: Stephen Abello Date: Mon, 8 Aug 2022 14:33:12 +0200 Subject: [PATCH 4/5] =?UTF-8?q?=20N=C2=B04927=20Fix=20date=20picker=20widg?= =?UTF-8?q?et=20initialized=20visible?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- css/backoffice/vendors/_jqueryui.scss | 1 + 1 file changed, 1 insertion(+) diff --git a/css/backoffice/vendors/_jqueryui.scss b/css/backoffice/vendors/_jqueryui.scss index 8905b9690..4d9e59f5e 100644 --- a/css/backoffice/vendors/_jqueryui.scss +++ b/css/backoffice/vendors/_jqueryui.scss @@ -300,6 +300,7 @@ $ibo-vendors-jqueryui--ui-slider--ui-slider-handle--hover--border-color: $ibo-co // Date picker .ui-datepicker { /* Note: We can't put the padding directly here as the jQuery JS code will position it regarding its inner width, not taking the padding here into account, so it is placed in the header/calendar elements */ + display: none; background-color: $ibo-vendors-jqueryui--ui-datepicker--background-color; border-radius: $ibo-vendors-jqueryui--ui-datepicker--border-radius; box-shadow: $ibo-vendors-jqueryui--ui-datepicker--box-shadow; From 80fa4ec71f542f3fd801da482543c747ae4f5562 Mon Sep 17 00:00:00 2001 From: Molkobain Date: Mon, 8 Aug 2022 16:30:46 +0200 Subject: [PATCH 5/5] Code format --- js/utils.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/js/utils.js b/js/utils.js index c8c2d6ac5..633245606 100644 --- a/js/utils.js +++ b/js/utils.js @@ -820,9 +820,9 @@ const CombodoTooltip = { // Interaction (selection, click, ...) have to be enabled manually // Important: When set to true, if "data-tooltip-append-to" is not specified, tooltip will be appended to the parent element instead of the body - // Defaults to true if it contains hyperlink + // Note: Defaults to true if it contains hyperlink let bDefaultInteractive = (bEnableHTML && sContent.indexOf(" -1) - const bInteractive = oElem.attr('data-tooltip-interaction-enabled') !== undefined ? oElem.attr('data-tooltip-interaction-enabled') === 'true' : bDefaultInteractive; + const bInteractive = oElem.attr('data-tooltip-interaction-enabled') !== undefined ? oElem.attr('data-tooltip-interaction-enabled') === 'true' : bDefaultInteractive; oOptions['interactive'] = bInteractive; // Element to append the tooltip to