Merge branch 'support/3.0.2' into support/3.0

# Conflicts: # setup/setup.js
2026-02-12 23:14:18 +01:00 · 2022-08-24 16:46:16 +02:00
parent 7c6cc23aa8 14facb4d6c
commit bc7749602d
11 changed files with 31 additions and 18 deletions
--- a/core/cmdbchangeop.class.inc.php
+++ b/core/cmdbchangeop.class.inc.php
@@ -78,7 +78,7 @@ class CMDBChangeOp extends DBObject implements iCMDBChangeOp
 	}

 	/**
-	 * Describe (as a text string) the modifications corresponding to this change
+	 * @inheritDoc
 	 */
 	public function GetDescription()
 	{
--- a/setup/setup.js
+++ b/setup/setup.js
@@ -58,7 +58,7 @@ function CheckDirectoryConfFilesPermissions(sWikiVersion){
 		{
 		statusCode: {
 			200: function() {
-				$('#details').prepend('<div class="message message-warning"><span class="message-title">Security issue:</span> iTop is bundled with directory-level configuration files. You must check that those files will be read by your web server (eg.' +
+				$('#details').prepend('<div class="message message-warning"><span class="message-title">Security issue:</span> iTop is bundled with directory-level configuration files. You must check that those files will be read by your web server (eg. ' +
 					'AllowOverride directive should be set to <code>All</code> for Apache HTTP Server) <a href="https://www.itophub.io/wiki/page?id='+sWikiVersion+'%3Ainstall%3Asecurity#secure_critical_directories_access" target="_blank">see documentation</a>.</div>');
 				$('<span class="text-warning"> and 1 Security issue</span>').insertBefore('h2.message button:first');
 			}
--- a/sources/application/UI/Base/Component/FieldBadge/FieldBadgeUIBlockFactory.php
+++ b/sources/application/UI/Base/Component/FieldBadge/FieldBadgeUIBlockFactory.php
@@ -10,6 +10,7 @@ namespace Combodo\iTop\Application\UI\Base\Component\FieldBadge;

 use Combodo\iTop\Application\UI\Base\AbstractUIBlockFactory;
 use ormStyle;
+use utils;

 /**
 * Class FieldBadgeUIBlockFactory
@@ -36,6 +37,10 @@ class FieldBadgeUIBlockFactory extends AbstractUIBlockFactory
 	{
 		$oBadge = null;
 		$sHtml = '';
+
+		// N°5318 - Sanitize value manually as this UIBlock is not using a proper TWIG template 😥
+		$sValueForHtml = utils::EscapeHtml($sValue);
+
 		if ($oStyle) {
 			$sStyleClass = $oStyle->GetStyleClass();
 			$sPrimaryColor = $oStyle->GetMainColor();
@@ -47,12 +52,12 @@ class FieldBadgeUIBlockFactory extends AbstractUIBlockFactory
 				if (!is_null($sDecorationClasses) && !empty($sDecorationClasses)) {
 					$sHtml .= "<span class=\"ibo-field-badge--decoration\"><i class=\"$sDecorationClasses\"></i></span>";
 				}
-				$sHtml .= "<span class=\"ibo-field-badge--label\">$sValue</span>";
+				$sHtml .= "<span class=\"ibo-field-badge--label\">$sValueForHtml</span>";
 			}
 		}
 		if (!$oBadge) {
 			$oBadge = new FieldBadge();
-			$sHtml .= "<span>$sValue</span>";
+			$sHtml .= "<span>$sValueForHtml</span>";
 		}
 		$oBadge->AddHtml($sHtml);
 		return $oBadge;
--- a/test/application/privUITransactionFileTest.php
+++ b/test/application/privUITransactionFileTest.php
@@ -26,6 +26,7 @@ use Combodo\iTop\Test\UnitTest\ItopDataTestCase;
 *
 * @covers utils
 * @group sampleDataNeeded
+ * @group defaultProfiles
 */
 class privUITransactionFileTest extends ItopDataTestCase
 {
--- a/test/core/CMDBSource/TransactionsTest.php
+++ b/test/core/CMDBSource/TransactionsTest.php
@@ -18,6 +18,7 @@ use MetaModel;
 * @backupGlobals disabled
 *
 * @group itopRequestMgmt
+ * @group specificOrgInSampleData
 * Class TransactionsTest
 *
 * @package Combodo\iTop\Test\UnitTest\Core
@@ -248,4 +249,4 @@ class TransactionsTest extends ItopTestCase
 			"History 13" => ['iFailAt' => 15, 'bIsModified' => true],
 		];
 	}
-}
+}
--- a/test/core/DBSearchTest.php
+++ b/test/core/DBSearchTest.php
@@ -528,6 +528,7 @@ class DBSearchTest extends ItopDataTestCase

 	/**
 	 * @dataProvider GetFirstResultProvider
+	 * @group specificOrgInSampleData
 	 *
 	 * @param string $sOql query to test
 	 * @param bool $bMustHaveOneResultMax arg passed to the tested function
--- a/test/core/GetSelectFilterTest.php
+++ b/test/core/GetSelectFilterTest.php
@@ -12,8 +12,9 @@ use utils;


 /**
- * @group getSelectFilterTest 
+ * @group getSelectFilterTest
 * @group sampleDataNeeded
+ * @group specificOrgInSampleData
 * Class GetSelectFilterTest
 *
 * @runTestsInSeparateProcesses
@@ -35,9 +36,9 @@ class GetSelectFilterTest extends ItopDataTestCase

 		$oRestProfile = MetaModel::GetObjectFromOQL("SELECT URP_Profiles WHERE name = :name", array('name' => 'REST Services User'), true);
 		$oAdminProfile = MetaModel::GetObjectFromOQL("SELECT URP_Profiles WHERE name = :name", array('name' => 'Administrator'), true);
-		
+
 		$this->sLogin = "getselectfilter-user-" . date('dmYHis');
-		
+
 		// Ensure that we have at least one administrator account
 		if (is_object($oRestProfile) && is_object($oAdminProfile))
 		{
@@ -45,7 +46,7 @@ class GetSelectFilterTest extends ItopDataTestCase
 			$this->AddProfileToUser($this->oUser, $oAdminProfile->GetKey());
 		}
 	}
-	
+
 	public function testGetSelectFilter()
 	{
 		$oUserRights = new UserRightsProfile();
@@ -64,9 +65,9 @@ class GetSelectFilterTest extends ItopDataTestCase
 		////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 		// Default behavior: Administrators, Administrator profile and URP_UserProfile related to administrators are visible
 		// via GetSelectFilter
-		
+
 		$oConfig->Set('security.hide_administrators', false);
-		
+
 		$oFilterProfiles = $oUserRights->GetSelectFilter($this->oUser, 'URP_Profiles');
 		if ($oFilterProfiles === true)
 		{
@@ -83,7 +84,7 @@ class GetSelectFilterTest extends ItopDataTestCase
 			}
 		}
 		$this->assertEquals($bAdminProfileFound, true);
-		
+
 		foreach($aUserLocalAncestors as $sUserClass)
 		{
 			$bAdminUserFound = false;
@@ -103,7 +104,7 @@ class GetSelectFilterTest extends ItopDataTestCase
 			}
 			$this->assertEquals($bAdminUserFound, true);
 		}
-		
+
 		$oFilterLnkProfiles = $oUserRights->GetSelectFilter($this->oUser, 'URP_UserProfile');
 		if ($oFilterLnkProfiles === true)
 		{
@@ -160,6 +161,6 @@ class GetSelectFilterTest extends ItopDataTestCase
 			$this->assertNotEquals($oLnk->Get('userid'), $this->oUser->GetKey());
 			$this->assertNotEquals($oLnk->Get('profileid'), 1);
 		}
-		
+
 	}
-}
+}
--- a/test/core/OQLParserTest.php
+++ b/test/core/OQLParserTest.php
@@ -29,6 +29,7 @@ class OQLParserTest extends ItopDataTestCase
 	 * @group iTopChangeMgt
 	 * @group itopConfigMgmt
 	 * @group itopRequestMgmt
+	 * @group specificOrgInSampleData
 	 * @dataProvider NestedQueryProvider
 	 *
 	 * @param $sQuery
--- a/test/core/UserRightsTest.php
+++ b/test/core/UserRightsTest.php
@@ -40,6 +40,7 @@ use utils;
 /**
 * @group itopRequestMgmt
 * @group userRights
+ * @group defaultProfiles
 *
 * @runTestsInSeparateProcesses
 * @preserveGlobalState disabled
@@ -486,7 +487,7 @@ class UserRightsTest extends ItopDataTestCase
 		// logout
 		$_SESSION = [];
 	}
-	
+
 	public function NonAdminCanListOwnProfilesProvider(): array
 	{
 		return [
@@ -495,7 +496,7 @@ class UserRightsTest extends ItopDataTestCase
 		];
 	}
 	/**
-	 *@dataProvider NonAdminCannotListAdminProfilesProvider 
+	 *@dataProvider NonAdminCannotListAdminProfilesProvider
 	 */
 	public function testNonAdminCannotListAdminProfiles($bHideAdministrators, $iExpectedCount)
 	{
@@ -518,7 +519,7 @@ class UserRightsTest extends ItopDataTestCase
 		// logout
 		$_SESSION = [];
 	}
-	
+
 	public function NonAdminCannotListAdminProfilesProvider(): array
 	{
 		return [
--- a/test/synchro/DataSynchroTest.php
+++ b/test/synchro/DataSynchroTest.php
@@ -30,6 +30,7 @@ use utils;
 *
 * @package Combodo\iTop\Test\UnitTest\Synchro
 * @group dataSynchro
+ * @group defaultProfiles
 *
 * @runTestsInSeparateProcesses
 * @preserveGlobalState disabled
--- a/test/webservices/RestTest.php
+++ b/test/webservices/RestTest.php
@@ -9,6 +9,7 @@ use Exception;
 /**
 * @group itopRequestMgmt
 * @group restApi
+ * @group defaultProfiles
 *
 * @runTestsInSeparateProcesses
 * @preserveGlobalState disabled