diff --git a/core/csvbulkexport.class.inc.php b/core/csvbulkexport.class.inc.php index 52d9c12f6..4eed34bd5 100644 --- a/core/csvbulkexport.class.inc.php +++ b/core/csvbulkexport.class.inc.php @@ -12,6 +12,7 @@ use Combodo\iTop\Application\UI\Base\Component\Input\SelectUIBlockFactory; use Combodo\iTop\Application\UI\Base\Component\Panel\PanelUIBlockFactory; use Combodo\iTop\Application\UI\Base\Layout\MultiColumn\Column\ColumnUIBlockFactory; use Combodo\iTop\Application\UI\Base\Layout\MultiColumn\MultiColumnUIBlockFactory; +use Combodo\iTop\Application\Helper\ExportHelper; /** * Bulk export: CSV export @@ -114,6 +115,7 @@ class CSVBulkExport extends TabularBulkExport case 'csv_options': $oPanel = PanelUIBlockFactory::MakeNeutral(Dict::S('Core:BulkExport:CSVOptions')); + $oPanel->AddSubBlock(ExportHelper::GetAlertForExcelMaliciousInjection()); $oMulticolumn = MultiColumnUIBlockFactory::MakeStandard(); $oPanel->AddSubBlock($oMulticolumn); diff --git a/core/excelbulkexport.class.inc.php b/core/excelbulkexport.class.inc.php index fa1e5f82c..20a5e62f5 100644 --- a/core/excelbulkexport.class.inc.php +++ b/core/excelbulkexport.class.inc.php @@ -10,6 +10,7 @@ use Combodo\iTop\Application\UI\Base\Component\Input\InputUIBlockFactory; use Combodo\iTop\Application\UI\Base\Component\Panel\PanelUIBlockFactory; use Combodo\iTop\Application\UI\Base\Layout\MultiColumn\Column\ColumnUIBlockFactory; use Combodo\iTop\Application\UI\Base\Layout\MultiColumn\MultiColumnUIBlockFactory; +use Combodo\iTop\Application\Helper\ExportHelper; require_once(APPROOT.'application/xlsxwriter.class.php'); @@ -82,6 +83,7 @@ class ExcelBulkExport extends TabularBulkExport case 'xlsx_options': $oPanel = PanelUIBlockFactory::MakeNeutral(Dict::S('Core:BulkExport:XLSXOptions')); + $oPanel->AddSubBlock(ExportHelper::GetAlertForExcelMaliciousInjection()); $oMulticolumn = MultiColumnUIBlockFactory::MakeStandard(); $oPanel->AddSubBlock($oMulticolumn); diff --git a/datamodels/2.x/itop-portal-base/portal/src/Controller/ManageBrickController.php b/datamodels/2.x/itop-portal-base/portal/src/Controller/ManageBrickController.php index d638a6f96..70d63f213 100644 --- a/datamodels/2.x/itop-portal-base/portal/src/Controller/ManageBrickController.php +++ b/datamodels/2.x/itop-portal-base/portal/src/Controller/ManageBrickController.php @@ -50,6 +50,7 @@ use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\HttpFoundation\Request; use UnaryExpression; use URLButtonItem; +use utils; /** * Class ManageBrickController @@ -260,6 +261,7 @@ class ManageBrickController extends BrickController 'oBrick' => $oBrick, 'sBrickId' => $sBrickId, 'sToken' => $oExporter->SaveState(), + 'sWikiUrl' => 'https://www.itophub.io/wiki/page?id='.utils::GetItopVersionWikiSyntax().'%3Auser%3Alists#excel_export', ); return $this->render(static::EXCEL_EXPORT_TEMPLATE_PATH, $aData); diff --git a/datamodels/2.x/itop-portal-base/portal/templates/bricks/manage/popup-export-excel.html.twig b/datamodels/2.x/itop-portal-base/portal/templates/bricks/manage/popup-export-excel.html.twig index 32417e391..c7a528f08 100644 --- a/datamodels/2.x/itop-portal-base/portal/templates/bricks/manage/popup-export-excel.html.twig +++ b/datamodels/2.x/itop-portal-base/portal/templates/bricks/manage/popup-export-excel.html.twig @@ -11,6 +11,7 @@
+

{{ 'ExcelExport:PreparingExport'|dict_s }}

'Format par défaut (%1$s), ex. %2$s', 'Core:BulkExport:DateTimeFormatCustom_Format' => 'Format spécial: %1$s', 'Core:BulkExport:PDF:PageNumber' => 'Page %1$s', - 'Core:DateTime:Placeholder_d' => 'JJ', // Day of the month: 2 digits (with leading zero) + 'Core:DateTime:Placeholder_d' => 'JJ', // Day of the month: 2 digits (with leading zero) 'Core:DateTime:Placeholder_j' => 'J', // Day of the month: 1 or 2 digits (without leading zero) 'Core:DateTime:Placeholder_m' => 'MM', // Month on 2 digits i.e. 01-12 'Core:DateTime:Placeholder_n' => 'M', // Month on 1 or 2 digits 1-12 diff --git a/dictionaries/ui/application/bulk/cs.dictionary.itop.bulk.php b/dictionaries/ui/application/bulk/cs.dictionary.itop.bulk.php index fd8993539..751c19dea 100644 --- a/dictionaries/ui/application/bulk/cs.dictionary.itop.bulk.php +++ b/dictionaries/ui/application/bulk/cs.dictionary.itop.bulk.php @@ -20,5 +20,6 @@ Dict::Add('CS CZ', 'Czech', 'Čeština', array( // Bulk modify 'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~', - + 'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~', + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', )); \ No newline at end of file diff --git a/dictionaries/ui/application/bulk/da.dictionary.itop.bulk.php b/dictionaries/ui/application/bulk/da.dictionary.itop.bulk.php index 734589e15..318cddb7f 100644 --- a/dictionaries/ui/application/bulk/da.dictionary.itop.bulk.php +++ b/dictionaries/ui/application/bulk/da.dictionary.itop.bulk.php @@ -20,5 +20,6 @@ Dict::Add('DA DA', 'Danish', 'Dansk', array( // Bulk modify 'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~', - + 'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~', + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', )); \ No newline at end of file diff --git a/dictionaries/ui/application/bulk/de.dictionary.itop.bulk.php b/dictionaries/ui/application/bulk/de.dictionary.itop.bulk.php index 4391576b2..61c02dde3 100644 --- a/dictionaries/ui/application/bulk/de.dictionary.itop.bulk.php +++ b/dictionaries/ui/application/bulk/de.dictionary.itop.bulk.php @@ -20,5 +20,6 @@ Dict::Add('DE DE', 'German', 'Deutsch', array( // Bulk modify 'UI:Bulk:modify:IncompatibleAttribute' => 'Dieses Attribut kann in einer Massenänderung nicht bearbeitet werden.', - + 'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~', + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', )); \ No newline at end of file diff --git a/dictionaries/ui/application/bulk/en.dictionary.itop.bulk.php b/dictionaries/ui/application/bulk/en.dictionary.itop.bulk.php index b903abade..09ad86cbd 100644 --- a/dictionaries/ui/application/bulk/en.dictionary.itop.bulk.php +++ b/dictionaries/ui/application/bulk/en.dictionary.itop.bulk.php @@ -21,5 +21,6 @@ Dict::Add('EN US', 'English', 'English', array( // Bulk modify 'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context', - + 'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning', + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.', )); \ No newline at end of file diff --git a/dictionaries/ui/application/bulk/es_cr.dictionary.itop.bulk.php b/dictionaries/ui/application/bulk/es_cr.dictionary.itop.bulk.php index 7b6a0e2d0..d28378b2f 100644 --- a/dictionaries/ui/application/bulk/es_cr.dictionary.itop.bulk.php +++ b/dictionaries/ui/application/bulk/es_cr.dictionary.itop.bulk.php @@ -20,5 +20,6 @@ Dict::Add('ES CR', 'Spanish', 'Español, Castellano', array( // Bulk modify 'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~', - + 'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~', + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', )); \ No newline at end of file diff --git a/dictionaries/ui/application/bulk/fr.dictionary.itop.bulk.php b/dictionaries/ui/application/bulk/fr.dictionary.itop.bulk.php index dfd94566d..23b6336ce 100644 --- a/dictionaries/ui/application/bulk/fr.dictionary.itop.bulk.php +++ b/dictionaries/ui/application/bulk/fr.dictionary.itop.bulk.php @@ -20,5 +20,6 @@ Dict::Add('FR FR', 'French', 'Français', array( // Bulk modify 'UI:Bulk:modify:IncompatibleAttribute' => 'Cet attribut ne peut être édité dans une modification en masse', - + 'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Avertissement sur la sécurité d\'Excel', + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'L\'ouverture d\'un fichier contenant des données non fiables dans Microsoft Excel peut entraîner l\'injection de formules. Assurez-vous que vos paramètres Excel sont configurés pour traiter les fichiers en toute sécurité. Pour en savoir plus, consultez notre documentation.', )); \ No newline at end of file diff --git a/dictionaries/ui/application/bulk/hu.dictionary.itop.bulk.php b/dictionaries/ui/application/bulk/hu.dictionary.itop.bulk.php index d8e408d33..0d62da845 100644 --- a/dictionaries/ui/application/bulk/hu.dictionary.itop.bulk.php +++ b/dictionaries/ui/application/bulk/hu.dictionary.itop.bulk.php @@ -20,5 +20,6 @@ Dict::Add('HU HU', 'Hungarian', 'Magyar', array( // Bulk modify 'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~', - + 'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~', + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', )); \ No newline at end of file diff --git a/dictionaries/ui/application/bulk/it.dictionary.itop.bulk.php b/dictionaries/ui/application/bulk/it.dictionary.itop.bulk.php index 6ce9b15da..8a0077219 100644 --- a/dictionaries/ui/application/bulk/it.dictionary.itop.bulk.php +++ b/dictionaries/ui/application/bulk/it.dictionary.itop.bulk.php @@ -20,5 +20,6 @@ Dict::Add('IT IT', 'Italian', 'Italiano', array( // Bulk modify 'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~', - + 'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~', + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', )); \ No newline at end of file diff --git a/dictionaries/ui/application/bulk/ja.dictionary.itop.bulk.php b/dictionaries/ui/application/bulk/ja.dictionary.itop.bulk.php index 89c93a161..feddd05f9 100644 --- a/dictionaries/ui/application/bulk/ja.dictionary.itop.bulk.php +++ b/dictionaries/ui/application/bulk/ja.dictionary.itop.bulk.php @@ -20,5 +20,6 @@ Dict::Add('JA JP', 'Japanese', '日本語', array( // Bulk modify 'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~', - + 'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~', + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', )); \ No newline at end of file diff --git a/dictionaries/ui/application/bulk/nl.dictionary.itop.bulk.php b/dictionaries/ui/application/bulk/nl.dictionary.itop.bulk.php index ccf0126c9..4a9b419d1 100644 --- a/dictionaries/ui/application/bulk/nl.dictionary.itop.bulk.php +++ b/dictionaries/ui/application/bulk/nl.dictionary.itop.bulk.php @@ -20,5 +20,6 @@ Dict::Add('NL NL', 'Dutch', 'Nederlands', array( // Bulk modify 'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~', - + 'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~', + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', )); \ No newline at end of file diff --git a/dictionaries/ui/application/bulk/pl.dictionary.itop.bulk.php b/dictionaries/ui/application/bulk/pl.dictionary.itop.bulk.php index a4a5fea13..96e484852 100644 --- a/dictionaries/ui/application/bulk/pl.dictionary.itop.bulk.php +++ b/dictionaries/ui/application/bulk/pl.dictionary.itop.bulk.php @@ -20,5 +20,6 @@ Dict::Add('PL PL', 'Polish', 'Polski', array( // Bulk modify 'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~', - + 'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~', + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', )); \ No newline at end of file diff --git a/dictionaries/ui/application/bulk/pt_br.dictionary.itop.bulk.php b/dictionaries/ui/application/bulk/pt_br.dictionary.itop.bulk.php index 6a7462029..2c8c65b66 100644 --- a/dictionaries/ui/application/bulk/pt_br.dictionary.itop.bulk.php +++ b/dictionaries/ui/application/bulk/pt_br.dictionary.itop.bulk.php @@ -20,5 +20,6 @@ Dict::Add('PT BR', 'Brazilian', 'Brazilian', array( // Bulk modify 'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~', - + 'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~', + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', )); \ No newline at end of file diff --git a/dictionaries/ui/application/bulk/ru.dictionary.itop.bulk.php b/dictionaries/ui/application/bulk/ru.dictionary.itop.bulk.php index c3af7c737..1fe60b154 100644 --- a/dictionaries/ui/application/bulk/ru.dictionary.itop.bulk.php +++ b/dictionaries/ui/application/bulk/ru.dictionary.itop.bulk.php @@ -20,5 +20,6 @@ Dict::Add('RU RU', 'Russian', 'Русский', array( // Bulk modify 'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~', - + 'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~', + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', )); \ No newline at end of file diff --git a/dictionaries/ui/application/bulk/sk.dictionary.itop.bulk.php b/dictionaries/ui/application/bulk/sk.dictionary.itop.bulk.php index 83d79d045..ac0504a76 100644 --- a/dictionaries/ui/application/bulk/sk.dictionary.itop.bulk.php +++ b/dictionaries/ui/application/bulk/sk.dictionary.itop.bulk.php @@ -20,5 +20,6 @@ Dict::Add('SK SK', 'Slovak', 'Slovenčina', array( // Bulk modify 'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~', - + 'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~', + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', )); \ No newline at end of file diff --git a/dictionaries/ui/application/bulk/tr.dictionary.itop.bulk.php b/dictionaries/ui/application/bulk/tr.dictionary.itop.bulk.php index ce68a4364..7dfcc5794 100644 --- a/dictionaries/ui/application/bulk/tr.dictionary.itop.bulk.php +++ b/dictionaries/ui/application/bulk/tr.dictionary.itop.bulk.php @@ -20,5 +20,6 @@ Dict::Add('TR TR', 'Turkish', 'Türkçe', array( // Bulk modify 'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~', - + 'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~', + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', )); \ No newline at end of file diff --git a/dictionaries/ui/application/bulk/zh_cn.dictionary.itop.bulk.php b/dictionaries/ui/application/bulk/zh_cn.dictionary.itop.bulk.php index d675b5bcd..e34438c58 100644 --- a/dictionaries/ui/application/bulk/zh_cn.dictionary.itop.bulk.php +++ b/dictionaries/ui/application/bulk/zh_cn.dictionary.itop.bulk.php @@ -20,5 +20,6 @@ Dict::Add('ZH CN', 'Chinese', '简体中文', array( // Bulk modify 'UI:Bulk:modify:IncompatibleAttribute' => '此属性无法在批量操作中编辑', - + 'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~', + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', )); \ No newline at end of file diff --git a/lib/composer/autoload_classmap.php b/lib/composer/autoload_classmap.php index 5cdf3879c..4989deb64 100644 --- a/lib/composer/autoload_classmap.php +++ b/lib/composer/autoload_classmap.php @@ -190,6 +190,7 @@ return array( 'CheckableExpression' => $baseDir . '/core/oql/oqlquery.class.inc.php', 'Combodo\\iTop\\Application\\Branding' => $baseDir . '/sources/Application/Branding.php', 'Combodo\\iTop\\Application\\EventRegister\\ApplicationEvents' => $baseDir . '/sources/Application/EventRegister/ApplicationEvents.php', + 'Combodo\\iTop\\Application\\Helper\\ExportHelper' => $baseDir . '/sources/Application/Helper/ExportHelper.php', 'Combodo\\iTop\\Application\\Helper\\FormHelper' => $baseDir . '/sources/Application/Helper/FormHelper.php', 'Combodo\\iTop\\Application\\Helper\\Session' => $baseDir . '/sources/Application/Helper/Session.php', 'Combodo\\iTop\\Application\\Helper\\WebResourcesHelper' => $baseDir . '/sources/Application/Helper/WebResourcesHelper.php', diff --git a/lib/composer/autoload_static.php b/lib/composer/autoload_static.php index 0487e482d..da75d88ba 100644 --- a/lib/composer/autoload_static.php +++ b/lib/composer/autoload_static.php @@ -554,6 +554,7 @@ class ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f 'CheckableExpression' => __DIR__ . '/../..' . '/core/oql/oqlquery.class.inc.php', 'Combodo\\iTop\\Application\\Branding' => __DIR__ . '/../..' . '/sources/Application/Branding.php', 'Combodo\\iTop\\Application\\EventRegister\\ApplicationEvents' => __DIR__ . '/../..' . '/sources/Application/EventRegister/ApplicationEvents.php', + 'Combodo\\iTop\\Application\\Helper\\ExportHelper' => __DIR__ . '/../..' . '/sources/Application/Helper/ExportHelper.php', 'Combodo\\iTop\\Application\\Helper\\FormHelper' => __DIR__ . '/../..' . '/sources/Application/Helper/FormHelper.php', 'Combodo\\iTop\\Application\\Helper\\Session' => __DIR__ . '/../..' . '/sources/Application/Helper/Session.php', 'Combodo\\iTop\\Application\\Helper\\WebResourcesHelper' => __DIR__ . '/../..' . '/sources/Application/Helper/WebResourcesHelper.php', diff --git a/sources/Application/Helper/ExportHelper.php b/sources/Application/Helper/ExportHelper.php new file mode 100644 index 000000000..41536898e --- /dev/null +++ b/sources/Application/Helper/ExportHelper.php @@ -0,0 +1,27 @@ + + * @since 2.7.9 3.0.4 3.1.1 3.2.0 + * @package Combodo\iTop\Application\Helper + */ +class ExportHelper +{ + public static function GetAlertForExcelMaliciousInjection() + { + $sWikiUrl = 'https://www.itophub.io/wiki/page?id='.utils::GetItopVersionWikiSyntax().'%3Auser%3Alists#excel_export'; + $oAlert = AlertUIBlockFactory::MakeForWarning(Dict::S('UI:Bulk:Export:MaliciousInjection:Alert:Title'), Dict::Format('UI:Bulk:Export:MaliciousInjection:Alert:Message', $sWikiUrl), 'ibo-excel-malicious-injection-alert'); + $oAlert->EnableSaveCollapsibleState(true) + ->SetIsClosable(false); + return $oAlert; + } +} \ No newline at end of file