From cb3440c85d52e0c2609dc60b43a22c72f91aee09 Mon Sep 17 00:00:00 2001
From: Denis Flaven <denis.flaven@combodo.com>
Date: Thu, 13 Dec 2018 17:31:21 +0100
Subject: [PATCH 1/3] Setup hardening.

---
 setup/ajax.dataloader.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/setup/ajax.dataloader.php b/setup/ajax.dataloader.php
index 8f6786f9c..070db5bbb 100644
--- a/setup/ajax.dataloader.php
+++ b/setup/ajax.dataloader.php
@@ -121,6 +121,8 @@ header("Expires: Fri, 17 Jul 1970 05:00:00 GMT");    // Date in the past
 $sOperation = Utils::ReadParam('operation', '');
 try
 {
+	if (!is_writable(utils::GetConfigFilePath())) throw new Exception('Setup operations are not allowed outside of the setup');
+
 	switch($sOperation)
 	{
 		case 'async_action':

From 9828b905b2bd586655d462f0a36320f4423c2f03 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9Cpurplegrape=E2=80=9D?=
 <“purplegrape4@gmail.com”>
Date: Wed, 12 Dec 2018 14:36:39 +0800
Subject: [PATCH 2/3] rename chinese translation file from zh.dict*php to
 zh_cn.dict*php . in case guys from HongKong ,TaiWan or Singapore wana have
 their own translations.

---
 ....dict.authent-external.php => zh_cn.dict.authent-external.php} | 0
 .../{zh.dict.authent-ldap.php => zh_cn.dict.authent-ldap.php}     | 0
 .../{zh.dict.authent-local.php => zh_cn.dict.authent-local.php}   | 0
 ....dict.itop-attachments.php => zh_cn.dict.itop-attachments.php} | 0
 .../{zh.dict.itop-backup.php => zh_cn.dict.itop-backup.php}       | 0
 ...-change-mgmt-itil.php => zh_cn.dict.itop-change-mgmt-itil.php} | 0
 ....dict.itop-change-mgmt.php => zh_cn.dict.itop-change-mgmt.php} | 0
 ....dict.itop-config-mgmt.php => zh_cn.dict.itop-config-mgmt.php} | 0
 .../{zh.dict.itop-config.php => zh_cn.dict.itop-config.php}       | 0
 ...op-datacenter-mgmt.php => zh_cn.dict.itop-datacenter-mgmt.php} | 0
 ...t.itop-hub-connector.php => zh_cn.dict.itop-hub-connector.php} | 0
 ...ident-mgmt-itil.php => zh_cn.dict.itop-incident-mgmt-itil.php} | 0
 ...op-knownerror-mgmt.php => zh_cn.dict.itop-knownerror-mgmt.php} | 0
 ....dict.itop-portal-base.php => zh_cn.dict.itop-portal-base.php} | 0
 ...ict.itop-problem-mgmt.php => zh_cn.dict.itop-problem-mgmt.php} | 0
 ...equest-mgmt-itil.php => zh_cn.dict.itop-request-mgmt-itil.php} | 0
 ...ict.itop-request-mgmt.php => zh_cn.dict.itop-request-mgmt.php} | 0
 ...gmt-provider.php => zh_cn.dict.itop-service-mgmt-provider.php} | 0
 ...ict.itop-service-mgmt.php => zh_cn.dict.itop-service-mgmt.php} | 0
 .../{zh.dict.itop-tickets.php => zh_cn.dict.itop-tickets.php}     | 0
 ...ict.itop-welcome-itil.php => zh_cn.dict.itop-welcome-itil.php} | 0
 ...zh.dictionary.itop.core.php => zh_cn.dictionary.itop.core.php} | 0
 .../{zh.dictionary.itop.ui.php => zh_cn.dictionary.itop.ui.php}   | 0
 23 files changed, 0 insertions(+), 0 deletions(-)
 rename datamodels/2.x/authent-external/{zh.dict.authent-external.php => zh_cn.dict.authent-external.php} (100%)
 rename datamodels/2.x/authent-ldap/{zh.dict.authent-ldap.php => zh_cn.dict.authent-ldap.php} (100%)
 rename datamodels/2.x/authent-local/{zh.dict.authent-local.php => zh_cn.dict.authent-local.php} (100%)
 rename datamodels/2.x/itop-attachments/{zh.dict.itop-attachments.php => zh_cn.dict.itop-attachments.php} (100%)
 rename datamodels/2.x/itop-backup/{zh.dict.itop-backup.php => zh_cn.dict.itop-backup.php} (100%)
 rename datamodels/2.x/itop-change-mgmt-itil/{zh.dict.itop-change-mgmt-itil.php => zh_cn.dict.itop-change-mgmt-itil.php} (100%)
 rename datamodels/2.x/itop-change-mgmt/{zh.dict.itop-change-mgmt.php => zh_cn.dict.itop-change-mgmt.php} (100%)
 rename datamodels/2.x/itop-config-mgmt/{zh.dict.itop-config-mgmt.php => zh_cn.dict.itop-config-mgmt.php} (100%)
 rename datamodels/2.x/itop-config/{zh.dict.itop-config.php => zh_cn.dict.itop-config.php} (100%)
 rename datamodels/2.x/itop-datacenter-mgmt/{zh.dict.itop-datacenter-mgmt.php => zh_cn.dict.itop-datacenter-mgmt.php} (100%)
 rename datamodels/2.x/itop-hub-connector/{zh.dict.itop-hub-connector.php => zh_cn.dict.itop-hub-connector.php} (100%)
 rename datamodels/2.x/itop-incident-mgmt-itil/{zh.dict.itop-incident-mgmt-itil.php => zh_cn.dict.itop-incident-mgmt-itil.php} (100%)
 rename datamodels/2.x/itop-knownerror-mgmt/{zh.dict.itop-knownerror-mgmt.php => zh_cn.dict.itop-knownerror-mgmt.php} (100%)
 rename datamodels/2.x/itop-portal-base/{zh.dict.itop-portal-base.php => zh_cn.dict.itop-portal-base.php} (100%)
 rename datamodels/2.x/itop-problem-mgmt/{zh.dict.itop-problem-mgmt.php => zh_cn.dict.itop-problem-mgmt.php} (100%)
 rename datamodels/2.x/itop-request-mgmt-itil/{zh.dict.itop-request-mgmt-itil.php => zh_cn.dict.itop-request-mgmt-itil.php} (100%)
 rename datamodels/2.x/itop-request-mgmt/{zh.dict.itop-request-mgmt.php => zh_cn.dict.itop-request-mgmt.php} (100%)
 rename datamodels/2.x/itop-service-mgmt-provider/{zh.dict.itop-service-mgmt-provider.php => zh_cn.dict.itop-service-mgmt-provider.php} (100%)
 rename datamodels/2.x/itop-service-mgmt/{zh.dict.itop-service-mgmt.php => zh_cn.dict.itop-service-mgmt.php} (100%)
 rename datamodels/2.x/itop-tickets/{zh.dict.itop-tickets.php => zh_cn.dict.itop-tickets.php} (100%)
 rename datamodels/2.x/itop-welcome-itil/{zh.dict.itop-welcome-itil.php => zh_cn.dict.itop-welcome-itil.php} (100%)
 rename dictionaries/{zh.dictionary.itop.core.php => zh_cn.dictionary.itop.core.php} (100%)
 rename dictionaries/{zh.dictionary.itop.ui.php => zh_cn.dictionary.itop.ui.php} (100%)

diff --git a/datamodels/2.x/authent-external/zh.dict.authent-external.php b/datamodels/2.x/authent-external/zh_cn.dict.authent-external.php
similarity index 100%
rename from datamodels/2.x/authent-external/zh.dict.authent-external.php
rename to datamodels/2.x/authent-external/zh_cn.dict.authent-external.php
diff --git a/datamodels/2.x/authent-ldap/zh.dict.authent-ldap.php b/datamodels/2.x/authent-ldap/zh_cn.dict.authent-ldap.php
similarity index 100%
rename from datamodels/2.x/authent-ldap/zh.dict.authent-ldap.php
rename to datamodels/2.x/authent-ldap/zh_cn.dict.authent-ldap.php
diff --git a/datamodels/2.x/authent-local/zh.dict.authent-local.php b/datamodels/2.x/authent-local/zh_cn.dict.authent-local.php
similarity index 100%
rename from datamodels/2.x/authent-local/zh.dict.authent-local.php
rename to datamodels/2.x/authent-local/zh_cn.dict.authent-local.php
diff --git a/datamodels/2.x/itop-attachments/zh.dict.itop-attachments.php b/datamodels/2.x/itop-attachments/zh_cn.dict.itop-attachments.php
similarity index 100%
rename from datamodels/2.x/itop-attachments/zh.dict.itop-attachments.php
rename to datamodels/2.x/itop-attachments/zh_cn.dict.itop-attachments.php
diff --git a/datamodels/2.x/itop-backup/zh.dict.itop-backup.php b/datamodels/2.x/itop-backup/zh_cn.dict.itop-backup.php
similarity index 100%
rename from datamodels/2.x/itop-backup/zh.dict.itop-backup.php
rename to datamodels/2.x/itop-backup/zh_cn.dict.itop-backup.php
diff --git a/datamodels/2.x/itop-change-mgmt-itil/zh.dict.itop-change-mgmt-itil.php b/datamodels/2.x/itop-change-mgmt-itil/zh_cn.dict.itop-change-mgmt-itil.php
similarity index 100%
rename from datamodels/2.x/itop-change-mgmt-itil/zh.dict.itop-change-mgmt-itil.php
rename to datamodels/2.x/itop-change-mgmt-itil/zh_cn.dict.itop-change-mgmt-itil.php
diff --git a/datamodels/2.x/itop-change-mgmt/zh.dict.itop-change-mgmt.php b/datamodels/2.x/itop-change-mgmt/zh_cn.dict.itop-change-mgmt.php
similarity index 100%
rename from datamodels/2.x/itop-change-mgmt/zh.dict.itop-change-mgmt.php
rename to datamodels/2.x/itop-change-mgmt/zh_cn.dict.itop-change-mgmt.php
diff --git a/datamodels/2.x/itop-config-mgmt/zh.dict.itop-config-mgmt.php b/datamodels/2.x/itop-config-mgmt/zh_cn.dict.itop-config-mgmt.php
similarity index 100%
rename from datamodels/2.x/itop-config-mgmt/zh.dict.itop-config-mgmt.php
rename to datamodels/2.x/itop-config-mgmt/zh_cn.dict.itop-config-mgmt.php
diff --git a/datamodels/2.x/itop-config/zh.dict.itop-config.php b/datamodels/2.x/itop-config/zh_cn.dict.itop-config.php
similarity index 100%
rename from datamodels/2.x/itop-config/zh.dict.itop-config.php
rename to datamodels/2.x/itop-config/zh_cn.dict.itop-config.php
diff --git a/datamodels/2.x/itop-datacenter-mgmt/zh.dict.itop-datacenter-mgmt.php b/datamodels/2.x/itop-datacenter-mgmt/zh_cn.dict.itop-datacenter-mgmt.php
similarity index 100%
rename from datamodels/2.x/itop-datacenter-mgmt/zh.dict.itop-datacenter-mgmt.php
rename to datamodels/2.x/itop-datacenter-mgmt/zh_cn.dict.itop-datacenter-mgmt.php
diff --git a/datamodels/2.x/itop-hub-connector/zh.dict.itop-hub-connector.php b/datamodels/2.x/itop-hub-connector/zh_cn.dict.itop-hub-connector.php
similarity index 100%
rename from datamodels/2.x/itop-hub-connector/zh.dict.itop-hub-connector.php
rename to datamodels/2.x/itop-hub-connector/zh_cn.dict.itop-hub-connector.php
diff --git a/datamodels/2.x/itop-incident-mgmt-itil/zh.dict.itop-incident-mgmt-itil.php b/datamodels/2.x/itop-incident-mgmt-itil/zh_cn.dict.itop-incident-mgmt-itil.php
similarity index 100%
rename from datamodels/2.x/itop-incident-mgmt-itil/zh.dict.itop-incident-mgmt-itil.php
rename to datamodels/2.x/itop-incident-mgmt-itil/zh_cn.dict.itop-incident-mgmt-itil.php
diff --git a/datamodels/2.x/itop-knownerror-mgmt/zh.dict.itop-knownerror-mgmt.php b/datamodels/2.x/itop-knownerror-mgmt/zh_cn.dict.itop-knownerror-mgmt.php
similarity index 100%
rename from datamodels/2.x/itop-knownerror-mgmt/zh.dict.itop-knownerror-mgmt.php
rename to datamodels/2.x/itop-knownerror-mgmt/zh_cn.dict.itop-knownerror-mgmt.php
diff --git a/datamodels/2.x/itop-portal-base/zh.dict.itop-portal-base.php b/datamodels/2.x/itop-portal-base/zh_cn.dict.itop-portal-base.php
similarity index 100%
rename from datamodels/2.x/itop-portal-base/zh.dict.itop-portal-base.php
rename to datamodels/2.x/itop-portal-base/zh_cn.dict.itop-portal-base.php
diff --git a/datamodels/2.x/itop-problem-mgmt/zh.dict.itop-problem-mgmt.php b/datamodels/2.x/itop-problem-mgmt/zh_cn.dict.itop-problem-mgmt.php
similarity index 100%
rename from datamodels/2.x/itop-problem-mgmt/zh.dict.itop-problem-mgmt.php
rename to datamodels/2.x/itop-problem-mgmt/zh_cn.dict.itop-problem-mgmt.php
diff --git a/datamodels/2.x/itop-request-mgmt-itil/zh.dict.itop-request-mgmt-itil.php b/datamodels/2.x/itop-request-mgmt-itil/zh_cn.dict.itop-request-mgmt-itil.php
similarity index 100%
rename from datamodels/2.x/itop-request-mgmt-itil/zh.dict.itop-request-mgmt-itil.php
rename to datamodels/2.x/itop-request-mgmt-itil/zh_cn.dict.itop-request-mgmt-itil.php
diff --git a/datamodels/2.x/itop-request-mgmt/zh.dict.itop-request-mgmt.php b/datamodels/2.x/itop-request-mgmt/zh_cn.dict.itop-request-mgmt.php
similarity index 100%
rename from datamodels/2.x/itop-request-mgmt/zh.dict.itop-request-mgmt.php
rename to datamodels/2.x/itop-request-mgmt/zh_cn.dict.itop-request-mgmt.php
diff --git a/datamodels/2.x/itop-service-mgmt-provider/zh.dict.itop-service-mgmt-provider.php b/datamodels/2.x/itop-service-mgmt-provider/zh_cn.dict.itop-service-mgmt-provider.php
similarity index 100%
rename from datamodels/2.x/itop-service-mgmt-provider/zh.dict.itop-service-mgmt-provider.php
rename to datamodels/2.x/itop-service-mgmt-provider/zh_cn.dict.itop-service-mgmt-provider.php
diff --git a/datamodels/2.x/itop-service-mgmt/zh.dict.itop-service-mgmt.php b/datamodels/2.x/itop-service-mgmt/zh_cn.dict.itop-service-mgmt.php
similarity index 100%
rename from datamodels/2.x/itop-service-mgmt/zh.dict.itop-service-mgmt.php
rename to datamodels/2.x/itop-service-mgmt/zh_cn.dict.itop-service-mgmt.php
diff --git a/datamodels/2.x/itop-tickets/zh.dict.itop-tickets.php b/datamodels/2.x/itop-tickets/zh_cn.dict.itop-tickets.php
similarity index 100%
rename from datamodels/2.x/itop-tickets/zh.dict.itop-tickets.php
rename to datamodels/2.x/itop-tickets/zh_cn.dict.itop-tickets.php
diff --git a/datamodels/2.x/itop-welcome-itil/zh.dict.itop-welcome-itil.php b/datamodels/2.x/itop-welcome-itil/zh_cn.dict.itop-welcome-itil.php
similarity index 100%
rename from datamodels/2.x/itop-welcome-itil/zh.dict.itop-welcome-itil.php
rename to datamodels/2.x/itop-welcome-itil/zh_cn.dict.itop-welcome-itil.php
diff --git a/dictionaries/zh.dictionary.itop.core.php b/dictionaries/zh_cn.dictionary.itop.core.php
similarity index 100%
rename from dictionaries/zh.dictionary.itop.core.php
rename to dictionaries/zh_cn.dictionary.itop.core.php
diff --git a/dictionaries/zh.dictionary.itop.ui.php b/dictionaries/zh_cn.dictionary.itop.ui.php
similarity index 100%
rename from dictionaries/zh.dictionary.itop.ui.php
rename to dictionaries/zh_cn.dictionary.itop.ui.php

From faba67b2926aaebcf667ac500bd36dd81e9af45a Mon Sep 17 00:00:00 2001
From: Pierre Goiffon <pierre.goiffon@combodo.com>
Date: Mon, 17 Dec 2018 15:48:06 +0100
Subject: [PATCH 3/3] =?UTF-8?q?:heavy=5Fplus=5Fsign:=20N=C2=B01885=20add?=
 =?UTF-8?q?=20php-gd=20as=20a=20mandatory=20extension?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 composer.json                  |  3 ++-
 setup/setuputils.class.inc.php | 24 +++++++++++++++++++-----
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/composer.json b/composer.json
index 8bd34a0a7..3b432c153 100644
--- a/composer.json
+++ b/composer.json
@@ -8,7 +8,8 @@
     "ext-soap": "*",
     "ext-json": "*",
     "ext-zip": "*",
-    "ext-mysqli": "*"
+    "ext-mysqli": "*",
+    "ext-gd": "*"
   },
   "config": {
     "platform": {
diff --git a/setup/setuputils.class.inc.php b/setup/setuputils.class.inc.php
index a27ebd6e2..31097f5d9 100644
--- a/setup/setuputils.class.inc.php
+++ b/setup/setuputils.class.inc.php
@@ -89,11 +89,25 @@ class SetupUtils
 		// Check the common directories
 		$aWritableDirsErrors = self::CheckWritableDirs(array('log', 'env-production', 'env-production-build', 'conf', 'data'));
 		$aResult = array_merge($aResult, $aWritableDirsErrors);
-		
-		$aMandatoryExtensions = array('mysqli', 'iconv', 'simplexml', 'soap', 'hash', 'json', 'session', 'pcre', 'dom', 'zlib', 'zip');
-		$aOptionalExtensions = array('mcrypt' => 'Strong encryption will not be used.',
-									 'ldap' => 'LDAP authentication will be disabled.',
-									 'gd' => 'PDF export will be disabled. Also, image resizing will be disabled on profile pictures (May increase database size).');
+
+		$aMandatoryExtensions = array(
+			'mysqli',
+			'iconv',
+			'simplexml',
+			'soap',
+			'hash',
+			'json',
+			'session',
+			'pcre',
+			'dom',
+			'zlib',
+			'zip',
+			'gd', // used to test image type (always returns false if not installed), image resizing, PDF export
+		);
+		$aOptionalExtensions = array(
+			'mcrypt' => 'Strong encryption will not be used.',
+			'ldap' => 'LDAP authentication will be disabled.',
+		);
 		asort($aMandatoryExtensions); // Sort the list to look clean !
 		ksort($aOptionalExtensions); // Sort the list to look clean !
 		$aExtensionsOk = array();