diff --git a/core/csvbulkexport.class.inc.php b/core/csvbulkexport.class.inc.php index bfb22cfcf..09e39067a 100644 --- a/core/csvbulkexport.class.inc.php +++ b/core/csvbulkexport.class.inc.php @@ -15,6 +15,7 @@ // // You should have received a copy of the GNU Affero General Public License // along with iTop. If not, see +use Combodo\iTop\Application\Helper\ExportHelper; /** * Bulk export: CSV export @@ -113,6 +114,7 @@ class CSVBulkExport extends TabularBulkExport case 'csv_options': $oP->add('
'.Dict::S('Core:BulkExport:CSVOptions').''); + $oP->add(ExportHelper::GetAlertForExcelMaliciousInjection()); $oP->add('
'); $oP->add('

'.Dict::S('UI:CSVImport:SeparatorCharacter').'

'); $sRawSeparator = utils::ReadParam('separator', ',', true, 'raw_data'); diff --git a/core/excelbulkexport.class.inc.php b/core/excelbulkexport.class.inc.php index 1d4569397..ae3079171 100644 --- a/core/excelbulkexport.class.inc.php +++ b/core/excelbulkexport.class.inc.php @@ -23,6 +23,8 @@ * @license http://opensource.org/licenses/AGPL-3.0 */ +use Combodo\iTop\Application\Helper\ExportHelper; + require_once(APPROOT.'application/xlsxwriter.class.php'); class ExcelBulkExport extends TabularBulkExport @@ -89,6 +91,7 @@ class ExcelBulkExport extends TabularBulkExport case 'xlsx_options': $oP->add('
'.Dict::S('Core:BulkExport:XLSXOptions').''); + $oP->add(ExportHelper::GetAlertForExcelMaliciousInjection()); $oP->add('
'); $sChecked = (utils::ReadParam('formatted_text', 0) == 1) ? ' checked ' : ''; diff --git a/datamodels/2.x/itop-portal-base/portal/src/Controller/ManageBrickController.php b/datamodels/2.x/itop-portal-base/portal/src/Controller/ManageBrickController.php index c1933372c..c4408c170 100644 --- a/datamodels/2.x/itop-portal-base/portal/src/Controller/ManageBrickController.php +++ b/datamodels/2.x/itop-portal-base/portal/src/Controller/ManageBrickController.php @@ -49,6 +49,7 @@ use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\HttpFoundation\Request; use UnaryExpression; use URLButtonItem; +use utils; /** * Class ManageBrickController @@ -259,6 +260,7 @@ class ManageBrickController extends BrickController 'oBrick' => $oBrick, 'sBrickId' => $sBrickId, 'sToken' => $oExporter->SaveState(), + 'sWikiUrl' => 'https://www.itophub.io/wiki/page?id='.utils::GetItopVersionWikiSyntax().'%3Auser%3Alists#excel_export', ); return $this->render(static::EXCEL_EXPORT_TEMPLATE_PATH, $aData); diff --git a/datamodels/2.x/itop-portal-base/portal/templates/bricks/manage/popup-export-excel.html.twig b/datamodels/2.x/itop-portal-base/portal/templates/bricks/manage/popup-export-excel.html.twig index 32417e391..c7a528f08 100644 --- a/datamodels/2.x/itop-portal-base/portal/templates/bricks/manage/popup-export-excel.html.twig +++ b/datamodels/2.x/itop-portal-base/portal/templates/bricks/manage/popup-export-excel.html.twig @@ -11,6 +11,7 @@
+

{{ 'ExcelExport:PreparingExport'|dict_s }}

'Default format (%1$s), e.g. %2$s~~', 'Core:BulkExport:DateTimeFormatCustom_Format' => 'Custom format: %1$s~~', 'Core:BulkExport:PDF:PageNumber' => 'Page %1$s~~', + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', 'Core:DateTime:Placeholder_d' => 'DD~~', // Day of the month: 2 digits (with leading zero) 'Core:DateTime:Placeholder_j' => 'D~~', // Day of the month: 1 or 2 digits (without leading zero) 'Core:DateTime:Placeholder_m' => 'MM~~', // Month on 2 digits i.e. 01-12 diff --git a/dictionaries/da.dictionary.itop.core.php b/dictionaries/da.dictionary.itop.core.php index 99a95dc4a..dc757bbf6 100644 --- a/dictionaries/da.dictionary.itop.core.php +++ b/dictionaries/da.dictionary.itop.core.php @@ -932,7 +932,8 @@ Dict::Add('DA DA', 'Danish', 'Dansk', array( 'Core:BulkExport:DateTimeFormatDefault_Example' => 'Default format (%1$s), e.g. %2$s~~', 'Core:BulkExport:DateTimeFormatCustom_Format' => 'Custom format: %1$s~~', 'Core:BulkExport:PDF:PageNumber' => 'Page %1$s~~', - 'Core:DateTime:Placeholder_d' => 'DD~~', // Day of the month: 2 digits (with leading zero) + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', + 'Core:DateTime:Placeholder_d' => 'DD~~', // Day of the month: 2 digits (with leading zero) 'Core:DateTime:Placeholder_j' => 'D~~', // Day of the month: 1 or 2 digits (without leading zero) 'Core:DateTime:Placeholder_m' => 'MM~~', // Month on 2 digits i.e. 01-12 'Core:DateTime:Placeholder_n' => 'M~~', // Month on 1 or 2 digits 1-12 diff --git a/dictionaries/de.dictionary.itop.core.php b/dictionaries/de.dictionary.itop.core.php index cd3093863..b2d1d4c6a 100644 --- a/dictionaries/de.dictionary.itop.core.php +++ b/dictionaries/de.dictionary.itop.core.php @@ -931,7 +931,8 @@ Dict::Add('DE DE', 'German', 'Deutsch', array( 'Core:BulkExport:DateTimeFormatDefault_Example' => 'Standardformat (%1$s), z.B. %2$s', 'Core:BulkExport:DateTimeFormatCustom_Format' => 'Angepasstes format: %1$s', 'Core:BulkExport:PDF:PageNumber' => 'Seite %1$s', - 'Core:DateTime:Placeholder_d' => 'TT', // Day of the month: 2 digits (with leading zero) + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', + 'Core:DateTime:Placeholder_d' => 'TT', // Day of the month: 2 digits (with leading zero) 'Core:DateTime:Placeholder_j' => 'T', // Day of the month: 1 or 2 digits (without leading zero) 'Core:DateTime:Placeholder_m' => 'MM', // Month on 2 digits i.e. 01-12 'Core:DateTime:Placeholder_n' => 'M', // Month on 1 or 2 digits 1-12 diff --git a/dictionaries/en.dictionary.itop.core.php b/dictionaries/en.dictionary.itop.core.php index bbbf41b2a..bfbd6a949 100644 --- a/dictionaries/en.dictionary.itop.core.php +++ b/dictionaries/en.dictionary.itop.core.php @@ -932,6 +932,7 @@ Dict::Add('EN US', 'English', 'English', array( 'Core:BulkExport:DateTimeFormatDefault_Example' => 'Default format (%1$s), e.g. %2$s', 'Core:BulkExport:DateTimeFormatCustom_Format' => 'Custom format: %1$s', 'Core:BulkExport:PDF:PageNumber' => 'Page %1$s', + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.', 'Core:DateTime:Placeholder_d' => 'DD', // Day of the month: 2 digits (with leading zero) 'Core:DateTime:Placeholder_j' => 'D', // Day of the month: 1 or 2 digits (without leading zero) 'Core:DateTime:Placeholder_m' => 'MM', // Month on 2 digits i.e. 01-12 diff --git a/dictionaries/es_cr.dictionary.itop.core.php b/dictionaries/es_cr.dictionary.itop.core.php index 615184f62..e5de92d84 100644 --- a/dictionaries/es_cr.dictionary.itop.core.php +++ b/dictionaries/es_cr.dictionary.itop.core.php @@ -933,7 +933,8 @@ Dict::Add('ES CR', 'Spanish', 'Español, Castellaño', array( 'Core:BulkExport:DateTimeFormatDefault_Example' => 'Formato por omisión (%1$s), ej. %2$s', 'Core:BulkExport:DateTimeFormatCustom_Format' => 'Formato personalizado: %1$s', 'Core:BulkExport:PDF:PageNumber' => 'Página %1$s', - 'Core:DateTime:Placeholder_d' => 'DD', // Day of the month: 2 digits (with leading zero) + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', + 'Core:DateTime:Placeholder_d' => 'DD', // Day of the month: 2 digits (with leading zero) 'Core:DateTime:Placeholder_j' => 'D', // Day of the month: 1 or 2 digits (without leading zero) 'Core:DateTime:Placeholder_m' => 'MM', // Month on 2 digits i.e. 01-12 'Core:DateTime:Placeholder_n' => 'M', // Month on 1 or 2 digits 1-12 diff --git a/dictionaries/fr.dictionary.itop.core.php b/dictionaries/fr.dictionary.itop.core.php index 2a9f66b3a..c27139f16 100644 --- a/dictionaries/fr.dictionary.itop.core.php +++ b/dictionaries/fr.dictionary.itop.core.php @@ -930,7 +930,8 @@ Dict::Add('FR FR', 'French', 'Français', array( 'Core:BulkExport:DateTimeFormatDefault_Example' => 'Format par défaut (%1$s), ex. %2$s', 'Core:BulkExport:DateTimeFormatCustom_Format' => 'Format spécial: %1$s', 'Core:BulkExport:PDF:PageNumber' => 'Page %1$s', - 'Core:DateTime:Placeholder_d' => 'JJ', // Day of the month: 2 digits (with leading zero) + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'L\'ouverture d\'un fichier contenant des données non fiables dans Microsoft Excel peut entraîner l\'injection de formules. Assurez-vous que vos paramètres Excel sont configurés pour traiter les fichiers en toute sécurité. Pour en savoir plus, consultez notre documentation.', + 'Core:DateTime:Placeholder_d' => 'JJ', // Day of the month: 2 digits (with leading zero) 'Core:DateTime:Placeholder_j' => 'J', // Day of the month: 1 or 2 digits (without leading zero) 'Core:DateTime:Placeholder_m' => 'MM', // Month on 2 digits i.e. 01-12 'Core:DateTime:Placeholder_n' => 'M', // Month on 1 or 2 digits 1-12 diff --git a/dictionaries/hu.dictionary.itop.core.php b/dictionaries/hu.dictionary.itop.core.php index 502680cf4..8b2f94700 100755 --- a/dictionaries/hu.dictionary.itop.core.php +++ b/dictionaries/hu.dictionary.itop.core.php @@ -930,7 +930,8 @@ Dict::Add('HU HU', 'Hungarian', 'Magyar', array( 'Core:BulkExport:DateTimeFormatDefault_Example' => 'Default format (%1$s), e.g. %2$s~~', 'Core:BulkExport:DateTimeFormatCustom_Format' => 'Custom format: %1$s~~', 'Core:BulkExport:PDF:PageNumber' => 'Page %1$s~~', - 'Core:DateTime:Placeholder_d' => 'DD~~', // Day of the month: 2 digits (with leading zero) + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', + 'Core:DateTime:Placeholder_d' => 'DD~~', // Day of the month: 2 digits (with leading zero) 'Core:DateTime:Placeholder_j' => 'D~~', // Day of the month: 1 or 2 digits (without leading zero) 'Core:DateTime:Placeholder_m' => 'MM~~', // Month on 2 digits i.e. 01-12 'Core:DateTime:Placeholder_n' => 'M~~', // Month on 1 or 2 digits 1-12 diff --git a/dictionaries/it.dictionary.itop.core.php b/dictionaries/it.dictionary.itop.core.php index b0e3721ad..621fc14c1 100644 --- a/dictionaries/it.dictionary.itop.core.php +++ b/dictionaries/it.dictionary.itop.core.php @@ -932,7 +932,8 @@ Dict::Add('IT IT', 'Italian', 'Italiano', array( 'Core:BulkExport:DateTimeFormatDefault_Example' => 'Default format (%1$s), e.g. %2$s~~', 'Core:BulkExport:DateTimeFormatCustom_Format' => 'Custom format: %1$s~~', 'Core:BulkExport:PDF:PageNumber' => 'Page %1$s~~', - 'Core:DateTime:Placeholder_d' => 'GG', // Day of the month: 2 digits (with leading zero) + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', + 'Core:DateTime:Placeholder_d' => 'GG', // Day of the month: 2 digits (with leading zero) 'Core:DateTime:Placeholder_j' => 'G', // Day of the month: 1 or 2 digits (without leading zero) 'Core:DateTime:Placeholder_m' => 'MM', // Month on 2 digits i.e. 01-12 'Core:DateTime:Placeholder_n' => 'M', // Month on 1 or 2 digits 1-12 diff --git a/dictionaries/ja.dictionary.itop.core.php b/dictionaries/ja.dictionary.itop.core.php index 651a6c2dd..2866a1d0b 100644 --- a/dictionaries/ja.dictionary.itop.core.php +++ b/dictionaries/ja.dictionary.itop.core.php @@ -930,7 +930,8 @@ Dict::Add('JA JP', 'Japanese', '日本語', array( 'Core:BulkExport:DateTimeFormatDefault_Example' => 'Default format (%1$s), e.g. %2$s~~', 'Core:BulkExport:DateTimeFormatCustom_Format' => 'Custom format: %1$s~~', 'Core:BulkExport:PDF:PageNumber' => 'Page %1$s~~', - 'Core:DateTime:Placeholder_d' => 'DD~~', // Day of the month: 2 digits (with leading zero) + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', + 'Core:DateTime:Placeholder_d' => 'DD~~', // Day of the month: 2 digits (with leading zero) 'Core:DateTime:Placeholder_j' => 'D~~', // Day of the month: 1 or 2 digits (without leading zero) 'Core:DateTime:Placeholder_m' => 'MM~~', // Month on 2 digits i.e. 01-12 'Core:DateTime:Placeholder_n' => 'M~~', // Month on 1 or 2 digits 1-12 diff --git a/dictionaries/nl.dictionary.itop.core.php b/dictionaries/nl.dictionary.itop.core.php index eb0252ac8..6e7396741 100644 --- a/dictionaries/nl.dictionary.itop.core.php +++ b/dictionaries/nl.dictionary.itop.core.php @@ -938,7 +938,8 @@ Dict::Add('NL NL', 'Dutch', 'Nederlands', array( 'Core:BulkExport:DateTimeFormatDefault_Example' => 'Standaardformaat (%1$s), bv. %2$s', 'Core:BulkExport:DateTimeFormatCustom_Format' => 'Aangepast formaat: %1$s', 'Core:BulkExport:PDF:PageNumber' => 'Pagina %1$s', - 'Core:DateTime:Placeholder_d' => 'DD', // Day of the month: 2 digits (with leading zero) + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', + 'Core:DateTime:Placeholder_d' => 'DD', // Day of the month: 2 digits (with leading zero) 'Core:DateTime:Placeholder_j' => 'D', // Day of the month: 1 or 2 digits (without leading zero) 'Core:DateTime:Placeholder_m' => 'MM', // Month on 2 digits i.e. 01-12 'Core:DateTime:Placeholder_n' => 'M', // Month on 1 or 2 digits 1-12 diff --git a/dictionaries/pt_br.dictionary.itop.core.php b/dictionaries/pt_br.dictionary.itop.core.php index dc5fc782c..bc0500321 100644 --- a/dictionaries/pt_br.dictionary.itop.core.php +++ b/dictionaries/pt_br.dictionary.itop.core.php @@ -932,7 +932,8 @@ Dict::Add('PT BR', 'Brazilian', 'Brazilian', array( 'Core:BulkExport:DateTimeFormatDefault_Example' => 'Formato padrão (%1$s), por ex. %2$s', 'Core:BulkExport:DateTimeFormatCustom_Format' => 'Formato personalizado: %1$s', 'Core:BulkExport:PDF:PageNumber' => 'Página %1$s', - 'Core:DateTime:Placeholder_d' => 'DD', // Day of the month: 2 digits (with leading zero) + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', + 'Core:DateTime:Placeholder_d' => 'DD', // Day of the month: 2 digits (with leading zero) 'Core:DateTime:Placeholder_j' => 'D', // Day of the month: 1 or 2 digits (without leading zero) 'Core:DateTime:Placeholder_m' => 'MM', // Month on 2 digits i.e. 01-12 'Core:DateTime:Placeholder_n' => 'M', // Month on 1 or 2 digits 1-12 diff --git a/dictionaries/ru.dictionary.itop.core.php b/dictionaries/ru.dictionary.itop.core.php index a1a26429a..1c1c48f6b 100644 --- a/dictionaries/ru.dictionary.itop.core.php +++ b/dictionaries/ru.dictionary.itop.core.php @@ -919,7 +919,8 @@ Dict::Add('RU RU', 'Russian', 'Русский', array( 'Core:BulkExport:DateTimeFormatDefault_Example' => 'Формат по умолчанию (%1$s), например %2$s', 'Core:BulkExport:DateTimeFormatCustom_Format' => 'Пользовательский формат: %1$s', 'Core:BulkExport:PDF:PageNumber' => 'Страница %1$s', - 'Core:DateTime:Placeholder_d' => 'DD', // Day of the month: 2 digits (with leading zero) + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', + 'Core:DateTime:Placeholder_d' => 'DD', // Day of the month: 2 digits (with leading zero) 'Core:DateTime:Placeholder_j' => 'D', // Day of the month: 1 or 2 digits (without leading zero) 'Core:DateTime:Placeholder_m' => 'MM', // Month on 2 digits i.e. 01-12 'Core:DateTime:Placeholder_n' => 'M', // Month on 1 or 2 digits 1-12 diff --git a/dictionaries/sk.dictionary.itop.core.php b/dictionaries/sk.dictionary.itop.core.php index 11458e6f3..d22cbac5b 100644 --- a/dictionaries/sk.dictionary.itop.core.php +++ b/dictionaries/sk.dictionary.itop.core.php @@ -929,7 +929,8 @@ Dict::Add('SK SK', 'Slovak', 'Slovenčina', array( 'Core:BulkExport:DateTimeFormatDefault_Example' => 'Default format (%1$s), e.g. %2$s~~', 'Core:BulkExport:DateTimeFormatCustom_Format' => 'Custom format: %1$s~~', 'Core:BulkExport:PDF:PageNumber' => 'Page %1$s~~', - 'Core:DateTime:Placeholder_d' => 'DD~~', // Day of the month: 2 digits (with leading zero) + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', + 'Core:DateTime:Placeholder_d' => 'DD~~', // Day of the month: 2 digits (with leading zero) 'Core:DateTime:Placeholder_j' => 'D~~', // Day of the month: 1 or 2 digits (without leading zero) 'Core:DateTime:Placeholder_m' => 'MM~~', // Month on 2 digits i.e. 01-12 'Core:DateTime:Placeholder_n' => 'M~~', // Month on 1 or 2 digits 1-12 diff --git a/dictionaries/tr.dictionary.itop.core.php b/dictionaries/tr.dictionary.itop.core.php index 82f36b56a..f4b844a92 100644 --- a/dictionaries/tr.dictionary.itop.core.php +++ b/dictionaries/tr.dictionary.itop.core.php @@ -940,7 +940,8 @@ Dict::Add('TR TR', 'Turkish', 'Türkçe', array( 'Core:BulkExport:DateTimeFormatDefault_Example' => 'Default format (%1$s), e.g. %2$s~~', 'Core:BulkExport:DateTimeFormatCustom_Format' => 'Custom format: %1$s~~', 'Core:BulkExport:PDF:PageNumber' => 'Page %1$s~~', - 'Core:DateTime:Placeholder_d' => 'DD~~', // Day of the month: 2 digits (with leading zero) + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', + 'Core:DateTime:Placeholder_d' => 'DD~~', // Day of the month: 2 digits (with leading zero) 'Core:DateTime:Placeholder_j' => 'D~~', // Day of the month: 1 or 2 digits (without leading zero) 'Core:DateTime:Placeholder_m' => 'MM~~', // Month on 2 digits i.e. 01-12 'Core:DateTime:Placeholder_n' => 'M~~', // Month on 1 or 2 digits 1-12 diff --git a/dictionaries/zh_cn.dictionary.itop.core.php b/dictionaries/zh_cn.dictionary.itop.core.php index 5e0f58541..870d6a3bb 100644 --- a/dictionaries/zh_cn.dictionary.itop.core.php +++ b/dictionaries/zh_cn.dictionary.itop.core.php @@ -931,7 +931,8 @@ Dict::Add('ZH CN', 'Chinese', '简体中文', array( 'Core:BulkExport:DateTimeFormatDefault_Example' => '默认格式 (%1$s), e.g. %2$s', 'Core:BulkExport:DateTimeFormatCustom_Format' => '自定义格式: %1$s', 'Core:BulkExport:PDF:PageNumber' => '第 %1$s 页', - 'Core:DateTime:Placeholder_d' => 'DD', // Day of the month: 2 digits (with leading zero) + 'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. Learn more in our documentation.~~', + 'Core:DateTime:Placeholder_d' => 'DD', // Day of the month: 2 digits (with leading zero) 'Core:DateTime:Placeholder_j' => 'D', // Day of the month: 1 or 2 digits (without leading zero) 'Core:DateTime:Placeholder_m' => 'MM', // Month on 2 digits i.e. 01-12 'Core:DateTime:Placeholder_n' => 'M', // Month on 1 or 2 digits 1-12 diff --git a/lib/autoload.php b/lib/autoload.php index 79c1600b5..d85126e45 100644 --- a/lib/autoload.php +++ b/lib/autoload.php @@ -2,6 +2,24 @@ // autoload.php @generated by Composer +if (PHP_VERSION_ID < 50600) { + if (!headers_sent()) { + header('HTTP/1.1 500 Internal Server Error'); + } + $err = 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL; + if (!ini_get('display_errors')) { + if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') { + fwrite(STDERR, $err); + } elseif (!headers_sent()) { + echo $err; + } + } + trigger_error( + $err, + E_USER_ERROR + ); +} + require_once __DIR__ . '/composer/autoload_real.php'; return ComposerAutoloaderInit0018331147de7601e7552f7da8e3bb8b::getLoader(); diff --git a/lib/composer/ClassLoader.php b/lib/composer/ClassLoader.php index 0cd6055d1..7824d8f7e 100644 --- a/lib/composer/ClassLoader.php +++ b/lib/composer/ClassLoader.php @@ -42,35 +42,37 @@ namespace Composer\Autoload; */ class ClassLoader { - /** @var ?string */ + /** @var \Closure(string):void */ + private static $includeFile; + + /** @var string|null */ private $vendorDir; // PSR-4 /** - * @var array[] - * @psalm-var array> + * @var array> */ private $prefixLengthsPsr4 = array(); /** - * @var array[] - * @psalm-var array> + * @var array> */ private $prefixDirsPsr4 = array(); /** - * @var array[] - * @psalm-var array + * @var list */ private $fallbackDirsPsr4 = array(); // PSR-0 /** - * @var array[] - * @psalm-var array> + * List of PSR-0 prefixes + * + * Structured as array('F (first letter)' => array('Foo\Bar (full prefix)' => array('path', 'path2'))) + * + * @var array>> */ private $prefixesPsr0 = array(); /** - * @var array[] - * @psalm-var array + * @var list */ private $fallbackDirsPsr0 = array(); @@ -78,8 +80,7 @@ class ClassLoader private $useIncludePath = false; /** - * @var string[] - * @psalm-var array + * @var array */ private $classMap = array(); @@ -87,29 +88,29 @@ class ClassLoader private $classMapAuthoritative = false; /** - * @var bool[] - * @psalm-var array + * @var array */ private $missingClasses = array(); - /** @var ?string */ + /** @var string|null */ private $apcuPrefix; /** - * @var self[] + * @var array */ private static $registeredLoaders = array(); /** - * @param ?string $vendorDir + * @param string|null $vendorDir */ public function __construct($vendorDir = null) { $this->vendorDir = $vendorDir; + self::initializeIncludeClosure(); } /** - * @return string[] + * @return array> */ public function getPrefixes() { @@ -121,8 +122,7 @@ class ClassLoader } /** - * @return array[] - * @psalm-return array> + * @return array> */ public function getPrefixesPsr4() { @@ -130,8 +130,7 @@ class ClassLoader } /** - * @return array[] - * @psalm-return array + * @return list */ public function getFallbackDirs() { @@ -139,8 +138,7 @@ class ClassLoader } /** - * @return array[] - * @psalm-return array + * @return list */ public function getFallbackDirsPsr4() { @@ -148,8 +146,7 @@ class ClassLoader } /** - * @return string[] Array of classname => path - * @psalm-var array + * @return array Array of classname => path */ public function getClassMap() { @@ -157,8 +154,7 @@ class ClassLoader } /** - * @param string[] $classMap Class to filename map - * @psalm-param array $classMap + * @param array $classMap Class to filename map * * @return void */ @@ -175,24 +171,25 @@ class ClassLoader * Registers a set of PSR-0 directories for a given prefix, either * appending or prepending to the ones previously set for this prefix. * - * @param string $prefix The prefix - * @param string[]|string $paths The PSR-0 root directories - * @param bool $prepend Whether to prepend the directories + * @param string $prefix The prefix + * @param list|string $paths The PSR-0 root directories + * @param bool $prepend Whether to prepend the directories * * @return void */ public function add($prefix, $paths, $prepend = false) { + $paths = (array) $paths; if (!$prefix) { if ($prepend) { $this->fallbackDirsPsr0 = array_merge( - (array) $paths, + $paths, $this->fallbackDirsPsr0 ); } else { $this->fallbackDirsPsr0 = array_merge( $this->fallbackDirsPsr0, - (array) $paths + $paths ); } @@ -201,19 +198,19 @@ class ClassLoader $first = $prefix[0]; if (!isset($this->prefixesPsr0[$first][$prefix])) { - $this->prefixesPsr0[$first][$prefix] = (array) $paths; + $this->prefixesPsr0[$first][$prefix] = $paths; return; } if ($prepend) { $this->prefixesPsr0[$first][$prefix] = array_merge( - (array) $paths, + $paths, $this->prefixesPsr0[$first][$prefix] ); } else { $this->prefixesPsr0[$first][$prefix] = array_merge( $this->prefixesPsr0[$first][$prefix], - (array) $paths + $paths ); } } @@ -222,9 +219,9 @@ class ClassLoader * Registers a set of PSR-4 directories for a given namespace, either * appending or prepending to the ones previously set for this namespace. * - * @param string $prefix The prefix/namespace, with trailing '\\' - * @param string[]|string $paths The PSR-4 base directories - * @param bool $prepend Whether to prepend the directories + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param list|string $paths The PSR-4 base directories + * @param bool $prepend Whether to prepend the directories * * @throws \InvalidArgumentException * @@ -232,17 +229,18 @@ class ClassLoader */ public function addPsr4($prefix, $paths, $prepend = false) { + $paths = (array) $paths; if (!$prefix) { // Register directories for the root namespace. if ($prepend) { $this->fallbackDirsPsr4 = array_merge( - (array) $paths, + $paths, $this->fallbackDirsPsr4 ); } else { $this->fallbackDirsPsr4 = array_merge( $this->fallbackDirsPsr4, - (array) $paths + $paths ); } } elseif (!isset($this->prefixDirsPsr4[$prefix])) { @@ -252,18 +250,18 @@ class ClassLoader throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); } $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; - $this->prefixDirsPsr4[$prefix] = (array) $paths; + $this->prefixDirsPsr4[$prefix] = $paths; } elseif ($prepend) { // Prepend directories for an already registered namespace. $this->prefixDirsPsr4[$prefix] = array_merge( - (array) $paths, + $paths, $this->prefixDirsPsr4[$prefix] ); } else { // Append directories for an already registered namespace. $this->prefixDirsPsr4[$prefix] = array_merge( $this->prefixDirsPsr4[$prefix], - (array) $paths + $paths ); } } @@ -272,8 +270,8 @@ class ClassLoader * Registers a set of PSR-0 directories for a given prefix, * replacing any others previously set for this prefix. * - * @param string $prefix The prefix - * @param string[]|string $paths The PSR-0 base directories + * @param string $prefix The prefix + * @param list|string $paths The PSR-0 base directories * * @return void */ @@ -290,8 +288,8 @@ class ClassLoader * Registers a set of PSR-4 directories for a given namespace, * replacing any others previously set for this namespace. * - * @param string $prefix The prefix/namespace, with trailing '\\' - * @param string[]|string $paths The PSR-4 base directories + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param list|string $paths The PSR-4 base directories * * @throws \InvalidArgumentException * @@ -425,7 +423,8 @@ class ClassLoader public function loadClass($class) { if ($file = $this->findFile($class)) { - includeFile($file); + $includeFile = self::$includeFile; + $includeFile($file); return true; } @@ -476,9 +475,9 @@ class ClassLoader } /** - * Returns the currently registered loaders indexed by their corresponding vendor directories. + * Returns the currently registered loaders keyed by their corresponding vendor directories. * - * @return self[] + * @return array */ public static function getRegisteredLoaders() { @@ -555,18 +554,26 @@ class ClassLoader return false; } -} -/** - * Scope isolated include. - * - * Prevents access to $this/self from included files. - * - * @param string $file - * @return void - * @private - */ -function includeFile($file) -{ - include $file; + /** + * @return void + */ + private static function initializeIncludeClosure() + { + if (self::$includeFile !== null) { + return; + } + + /** + * Scope isolated include. + * + * Prevents access to $this/self from included files. + * + * @param string $file + * @return void + */ + self::$includeFile = \Closure::bind(static function($file) { + include $file; + }, null, null); + } } diff --git a/lib/composer/autoload_classmap.php b/lib/composer/autoload_classmap.php index f080a002f..1481c8767 100644 --- a/lib/composer/autoload_classmap.php +++ b/lib/composer/autoload_classmap.php @@ -2,7 +2,7 @@ // autoload_classmap.php @generated by Composer -$vendorDir = dirname(dirname(__FILE__)); +$vendorDir = dirname(__DIR__); $baseDir = dirname($vendorDir); return array( @@ -138,6 +138,7 @@ return array( 'CharConcatWSExpression' => $baseDir . '/core/oql/expression.class.inc.php', 'CheckStopWatchThresholds' => $baseDir . '/core/ormstopwatch.class.inc.php', 'CheckableExpression' => $baseDir . '/core/oql/oqlquery.class.inc.php', + 'Combodo\\iTop\\Application\\Helper\\ExportHelper' => $baseDir . '/sources/application/Helper/ExportHelper.php', 'Combodo\\iTop\\Application\\Search\\AjaxSearchException' => $baseDir . '/sources/application/search/ajaxsearchexception.class.inc.php', 'Combodo\\iTop\\Application\\Search\\CriterionConversionAbstract' => $baseDir . '/sources/application/search/criterionconversionabstract.class.inc.php', 'Combodo\\iTop\\Application\\Search\\CriterionConversion\\CriterionToOQL' => $baseDir . '/sources/application/search/criterionconversion/criteriontooql.class.inc.php', @@ -450,6 +451,7 @@ return array( 'IntervalOqlExpression' => $baseDir . '/core/oql/oqlquery.class.inc.php', 'Introspection' => $baseDir . '/core/introspection.class.inc.php', 'InvalidConfigParamException' => $baseDir . '/core/coreexception.class.inc.php', + 'InvalidExternalKeyValueException' => $baseDir . '/core/coreexception.class.inc.php', 'InvalidPasswordAttributeOneWayPassword' => $baseDir . '/core/coreexception.class.inc.php', 'IssueLog' => $baseDir . '/core/log.class.inc.php', 'ItopCounter' => $baseDir . '/core/counter.class.inc.php', diff --git a/lib/composer/autoload_files.php b/lib/composer/autoload_files.php index 7be757bea..ae02e5199 100644 --- a/lib/composer/autoload_files.php +++ b/lib/composer/autoload_files.php @@ -2,25 +2,25 @@ // autoload_files.php @generated by Composer -$vendorDir = dirname(dirname(__FILE__)); +$vendorDir = dirname(__DIR__); $baseDir = dirname($vendorDir); return array( '320cde22f66dd4f5d3fd621d3e88b98f' => $vendorDir . '/symfony/polyfill-ctype/bootstrap.php', - '0e6d7bf4a5811bfa5cf40c5ccd6fae6a' => $vendorDir . '/symfony/polyfill-mbstring/bootstrap.php', '5255c38a0faeba867671b61dfda6d864' => $vendorDir . '/paragonie/random_compat/lib/random.php', '023d27dca8066ef29e6739335ea73bad' => $vendorDir . '/symfony/polyfill-php70/bootstrap.php', - '32dcc8afd4335739640db7d200c1971d' => $vendorDir . '/symfony/polyfill-apcu/bootstrap.php', - '667aeda72477189d0494fecd327c3641' => $vendorDir . '/symfony/var-dumper/Resources/functions/dump.php', - 'bd9634f2d41831496de0d3dfe4c94881' => $vendorDir . '/symfony/polyfill-php56/bootstrap.php', + '0e6d7bf4a5811bfa5cf40c5ccd6fae6a' => $vendorDir . '/symfony/polyfill-mbstring/bootstrap.php', '7e9bd612cc444b3eed788ebbe46263a0' => $vendorDir . '/laminas/laminas-zendframework-bridge/src/autoload.php', 'e69f7f6ee287b969198c3c9d6777bd38' => $vendorDir . '/symfony/polyfill-intl-normalizer/bootstrap.php', '25072dd6e2470089de65ae7bf11d3109' => $vendorDir . '/symfony/polyfill-php72/bootstrap.php', 'f598d06aa772fa33d905e87be6398fb1' => $vendorDir . '/symfony/polyfill-intl-idn/bootstrap.php', '7b11c4dc42b3b3023073cb14e519683c' => $vendorDir . '/ralouphie/getallheaders/src/getallheaders.php', + 'bd9634f2d41831496de0d3dfe4c94881' => $vendorDir . '/symfony/polyfill-php56/bootstrap.php', 'c964ee0ededf28c96ebd9db5099ef910' => $vendorDir . '/guzzlehttp/promises/src/functions_include.php', 'a0edc8309cc5e1d60e3047b5df6b7052' => $vendorDir . '/guzzlehttp/psr7/src/functions_include.php', '37a3dc5111fe8f707ab4c132ef1dbc62' => $vendorDir . '/guzzlehttp/guzzle/src/functions_include.php', + '32dcc8afd4335739640db7d200c1971d' => $vendorDir . '/symfony/polyfill-apcu/bootstrap.php', 'def43f6c87e4f8dfd0c9e1b1bab14fe8' => $vendorDir . '/symfony/polyfill-iconv/bootstrap.php', + '667aeda72477189d0494fecd327c3641' => $vendorDir . '/symfony/var-dumper/Resources/functions/dump.php', '2c102faa651ef8ea5874edb585946bce' => $vendorDir . '/swiftmailer/swiftmailer/lib/swift_required.php', ); diff --git a/lib/composer/autoload_namespaces.php b/lib/composer/autoload_namespaces.php index d12922d08..e6117c750 100644 --- a/lib/composer/autoload_namespaces.php +++ b/lib/composer/autoload_namespaces.php @@ -2,7 +2,7 @@ // autoload_namespaces.php @generated by Composer -$vendorDir = dirname(dirname(__FILE__)); +$vendorDir = dirname(__DIR__); $baseDir = dirname($vendorDir); return array( diff --git a/lib/composer/autoload_psr4.php b/lib/composer/autoload_psr4.php index ca8b4b9f6..651c9f0c1 100644 --- a/lib/composer/autoload_psr4.php +++ b/lib/composer/autoload_psr4.php @@ -2,7 +2,7 @@ // autoload_psr4.php @generated by Composer -$vendorDir = dirname(dirname(__FILE__)); +$vendorDir = dirname(__DIR__); $baseDir = dirname($vendorDir); return array( diff --git a/lib/composer/autoload_real.php b/lib/composer/autoload_real.php index 661cd2543..6c0e1e666 100644 --- a/lib/composer/autoload_real.php +++ b/lib/composer/autoload_real.php @@ -25,46 +25,31 @@ class ComposerAutoloaderInit0018331147de7601e7552f7da8e3bb8b require __DIR__ . '/platform_check.php'; spl_autoload_register(array('ComposerAutoloaderInit0018331147de7601e7552f7da8e3bb8b', 'loadClassLoader'), true, true); - self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__))); + self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(__DIR__)); spl_autoload_unregister(array('ComposerAutoloaderInit0018331147de7601e7552f7da8e3bb8b', 'loadClassLoader')); $includePaths = require __DIR__ . '/include_paths.php'; $includePaths[] = get_include_path(); set_include_path(implode(PATH_SEPARATOR, $includePaths)); - $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded()); - if ($useStaticLoader) { - require __DIR__ . '/autoload_static.php'; - - call_user_func(\Composer\Autoload\ComposerStaticInit0018331147de7601e7552f7da8e3bb8b::getInitializer($loader)); - } else { - $classMap = require __DIR__ . '/autoload_classmap.php'; - if ($classMap) { - $loader->addClassMap($classMap); - } - } + require __DIR__ . '/autoload_static.php'; + call_user_func(\Composer\Autoload\ComposerStaticInit0018331147de7601e7552f7da8e3bb8b::getInitializer($loader)); $loader->setClassMapAuthoritative(true); $loader->register(true); - if ($useStaticLoader) { - $includeFiles = Composer\Autoload\ComposerStaticInit0018331147de7601e7552f7da8e3bb8b::$files; - } else { - $includeFiles = require __DIR__ . '/autoload_files.php'; - } - foreach ($includeFiles as $fileIdentifier => $file) { - composerRequire0018331147de7601e7552f7da8e3bb8b($fileIdentifier, $file); + $filesToLoad = \Composer\Autoload\ComposerStaticInit0018331147de7601e7552f7da8e3bb8b::$files; + $requireFile = \Closure::bind(static function ($fileIdentifier, $file) { + if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) { + $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true; + + require $file; + } + }, null, null); + foreach ($filesToLoad as $fileIdentifier => $file) { + $requireFile($fileIdentifier, $file); } return $loader; } } - -function composerRequire0018331147de7601e7552f7da8e3bb8b($fileIdentifier, $file) -{ - if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) { - require $file; - - $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true; - } -} diff --git a/lib/composer/autoload_static.php b/lib/composer/autoload_static.php index 4a74a9cc4..48b0f9c5e 100644 --- a/lib/composer/autoload_static.php +++ b/lib/composer/autoload_static.php @@ -8,21 +8,21 @@ class ComposerStaticInit0018331147de7601e7552f7da8e3bb8b { public static $files = array ( '320cde22f66dd4f5d3fd621d3e88b98f' => __DIR__ . '/..' . '/symfony/polyfill-ctype/bootstrap.php', - '0e6d7bf4a5811bfa5cf40c5ccd6fae6a' => __DIR__ . '/..' . '/symfony/polyfill-mbstring/bootstrap.php', '5255c38a0faeba867671b61dfda6d864' => __DIR__ . '/..' . '/paragonie/random_compat/lib/random.php', '023d27dca8066ef29e6739335ea73bad' => __DIR__ . '/..' . '/symfony/polyfill-php70/bootstrap.php', - '32dcc8afd4335739640db7d200c1971d' => __DIR__ . '/..' . '/symfony/polyfill-apcu/bootstrap.php', - '667aeda72477189d0494fecd327c3641' => __DIR__ . '/..' . '/symfony/var-dumper/Resources/functions/dump.php', - 'bd9634f2d41831496de0d3dfe4c94881' => __DIR__ . '/..' . '/symfony/polyfill-php56/bootstrap.php', + '0e6d7bf4a5811bfa5cf40c5ccd6fae6a' => __DIR__ . '/..' . '/symfony/polyfill-mbstring/bootstrap.php', '7e9bd612cc444b3eed788ebbe46263a0' => __DIR__ . '/..' . '/laminas/laminas-zendframework-bridge/src/autoload.php', 'e69f7f6ee287b969198c3c9d6777bd38' => __DIR__ . '/..' . '/symfony/polyfill-intl-normalizer/bootstrap.php', '25072dd6e2470089de65ae7bf11d3109' => __DIR__ . '/..' . '/symfony/polyfill-php72/bootstrap.php', 'f598d06aa772fa33d905e87be6398fb1' => __DIR__ . '/..' . '/symfony/polyfill-intl-idn/bootstrap.php', '7b11c4dc42b3b3023073cb14e519683c' => __DIR__ . '/..' . '/ralouphie/getallheaders/src/getallheaders.php', + 'bd9634f2d41831496de0d3dfe4c94881' => __DIR__ . '/..' . '/symfony/polyfill-php56/bootstrap.php', 'c964ee0ededf28c96ebd9db5099ef910' => __DIR__ . '/..' . '/guzzlehttp/promises/src/functions_include.php', 'a0edc8309cc5e1d60e3047b5df6b7052' => __DIR__ . '/..' . '/guzzlehttp/psr7/src/functions_include.php', '37a3dc5111fe8f707ab4c132ef1dbc62' => __DIR__ . '/..' . '/guzzlehttp/guzzle/src/functions_include.php', + '32dcc8afd4335739640db7d200c1971d' => __DIR__ . '/..' . '/symfony/polyfill-apcu/bootstrap.php', 'def43f6c87e4f8dfd0c9e1b1bab14fe8' => __DIR__ . '/..' . '/symfony/polyfill-iconv/bootstrap.php', + '667aeda72477189d0494fecd327c3641' => __DIR__ . '/..' . '/symfony/var-dumper/Resources/functions/dump.php', '2c102faa651ef8ea5874edb585946bce' => __DIR__ . '/..' . '/swiftmailer/swiftmailer/lib/swift_required.php', ); @@ -506,6 +506,7 @@ class ComposerStaticInit0018331147de7601e7552f7da8e3bb8b 'CharConcatWSExpression' => __DIR__ . '/../..' . '/core/oql/expression.class.inc.php', 'CheckStopWatchThresholds' => __DIR__ . '/../..' . '/core/ormstopwatch.class.inc.php', 'CheckableExpression' => __DIR__ . '/../..' . '/core/oql/oqlquery.class.inc.php', + 'Combodo\\iTop\\Application\\Helper\\ExportHelper' => __DIR__ . '/../..' . '/sources/application/Helper/ExportHelper.php', 'Combodo\\iTop\\Application\\Search\\AjaxSearchException' => __DIR__ . '/../..' . '/sources/application/search/ajaxsearchexception.class.inc.php', 'Combodo\\iTop\\Application\\Search\\CriterionConversionAbstract' => __DIR__ . '/../..' . '/sources/application/search/criterionconversionabstract.class.inc.php', 'Combodo\\iTop\\Application\\Search\\CriterionConversion\\CriterionToOQL' => __DIR__ . '/../..' . '/sources/application/search/criterionconversion/criteriontooql.class.inc.php', @@ -818,6 +819,7 @@ class ComposerStaticInit0018331147de7601e7552f7da8e3bb8b 'IntervalOqlExpression' => __DIR__ . '/../..' . '/core/oql/oqlquery.class.inc.php', 'Introspection' => __DIR__ . '/../..' . '/core/introspection.class.inc.php', 'InvalidConfigParamException' => __DIR__ . '/../..' . '/core/coreexception.class.inc.php', + 'InvalidExternalKeyValueException' => __DIR__ . '/../..' . '/core/coreexception.class.inc.php', 'InvalidPasswordAttributeOneWayPassword' => __DIR__ . '/../..' . '/core/coreexception.class.inc.php', 'IssueLog' => __DIR__ . '/../..' . '/core/log.class.inc.php', 'ItopCounter' => __DIR__ . '/../..' . '/core/counter.class.inc.php', diff --git a/lib/composer/include_paths.php b/lib/composer/include_paths.php index d4fb96718..af33c1491 100644 --- a/lib/composer/include_paths.php +++ b/lib/composer/include_paths.php @@ -2,7 +2,7 @@ // include_paths.php @generated by Composer -$vendorDir = dirname(dirname(__FILE__)); +$vendorDir = dirname(__DIR__); $baseDir = dirname($vendorDir); return array( diff --git a/sources/application/Helper/ExportHelper.php b/sources/application/Helper/ExportHelper.php new file mode 100644 index 000000000..79fdcd48a --- /dev/null +++ b/sources/application/Helper/ExportHelper.php @@ -0,0 +1,23 @@ + + * @since 2.7.9 3.0.4 3.1.1 3.2.0 + * @package Combodo\iTop\Application\Helper + */ +class ExportHelper +{ + public static function GetAlertForExcelMaliciousInjection() + { + $sWikiUrl = 'https://www.itophub.io/wiki/page?id='.utils::GetItopVersionWikiSyntax().'%3Auser%3Alists#excel_export'; + return '
' . Dict::Format('UI:Bulk:Export:MaliciousInjection:Alert:Message', $sWikiUrl) . '
'; + } +} \ No newline at end of file