Merge remote-tracking branch 'origin/support/3.0' into develop

core/cmdbchangeop.class.inc.php

@@ -78,7 +78,7 @@ class CMDBChangeOp extends DBObject implements iCMDBChangeOp
 	}
 
 	/**
-	 * Describe (as a text string) the modifications corresponding to this change
+	 * @inheritDoc
 	 */
 	public function GetDescription()
 	{

core/metamodel.class.php

@@ -7308,7 +7308,7 @@ abstract class MetaModel
 									}
 									IssueLog::Debug(
 										'Invalid placeholder in notification, no replacement will occur!',
-										LogChannels::NOTIFICATION,
+										LogChannels::NOTIFICATIONS,
 										$aContext
 									);
 								}
@@ -7333,7 +7333,7 @@ abstract class MetaModel
 							catch (Exception $e) {
 								IssueLog::Debug(
 									'Invalid placeholder in notification, no replacement will occur !',
-									LogChannels::NOTIFICATION,
+									LogChannels::NOTIFICATIONS,
 									[
 										'placeholder' => $sPlaceholderAttCode,
 										'replace'     => $replace,

setup/permissions-test-folder/.htaccess

@@ -0,0 +1,13 @@
+# Apache 2.4
+<ifModule mod_authz_core.c>
+Require all denied
+</ifModule>
+
+# Apache 2.2
+<ifModule !mod_authz_core.c>
+deny from all
+Satisfy All
+</ifModule>
+
+# Apache 2.2 and 2.4
+IndexIgnore *

setup/permissions-test-folder/web.config

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+  <system.webServer>
+    <security>
+      <requestFiltering>
+         <fileExtensions applyToWebDAV="false" allowUnlisted="false"></fileExtensions>
+      </requestFiltering>
+      <authorization>
+        <deny users="*" /> <!-- Denies all users -->
+      </authorization>
+    </security>
+  </system.webServer>
+</configuration>

setup/setup.js

@@ -53,4 +53,17 @@ function ExecuteStep(sStep)
 	} );
 }
 
+function CheckDirectoryConfFilesPermissions(sWikiVersion){
+	$.ajax('permissions-test-folder/permissions-test-subfolder/permissions-test-file',
+		{
+		statusCode: {
+			200: function() {
+				$('#details').prepend('<div class="message message-warning"><span class="message-title">Security issue:</span> iTop is bundled with directory-level configuration files. You must check that those files will be read by your web server (eg. ' +
+					'AllowOverride directive should be set to <code>All</code> for Apache HTTP Server) <a href="https://www.itophub.io/wiki/page?id='+sWikiVersion+'%3Ainstall%3Asecurity#secure_critical_directories_access" target="_blank">see documentation</a>.</div>');
+				$('<span class="text-warning"> and 1 Security issue</span>').insertBefore('h2.message button:first');
+			}
+		}
+	});
+}
+
 CombodoTooltip.InitAllNonInstantiatedTooltips();

setup/wizardsteps.class.inc.php

@@ -165,6 +165,7 @@ HTML
 			$oPage->p('Sorry, the installation cannot continue. Please fix the errors and reload this page to launch the installation again.');
 			$oPage->p('<button type="button" onclick="window.location.reload()">Reload</button>');
 		}
+		$oPage->add_ready_script('CheckDirectoryConfFilesPermissions("'.utils::GetItopVersionWikiSyntax().'")');
 	}
 
 	public function CanMoveForward()

sources/Application/UI/Base/Component/FieldBadge/FieldBadgeUIBlockFactory.php

@@ -10,6 +10,7 @@ namespace Combodo\iTop\Application\UI\Base\Component\FieldBadge;
 
 use Combodo\iTop\Application\UI\Base\AbstractUIBlockFactory;
 use ormStyle;
+use utils;
 
 /**
  * Class FieldBadgeUIBlockFactory
@@ -36,6 +37,10 @@ class FieldBadgeUIBlockFactory extends AbstractUIBlockFactory
 	{
 		$oBadge = null;
 		$sHtml = '';
+
+		// N°5318 - Sanitize value manually as this UIBlock is not using a proper TWIG template 😥
+		$sValueForHtml = utils::EscapeHtml($sValue);
+
 		if ($oStyle) {
 			$sStyleClass = $oStyle->GetStyleClass();
 			$sPrimaryColor = $oStyle->GetMainColor();
@@ -47,12 +52,12 @@ class FieldBadgeUIBlockFactory extends AbstractUIBlockFactory
 				if (!is_null($sDecorationClasses) && !empty($sDecorationClasses)) {
 					$sHtml .= "<span class=\"ibo-field-badge--decoration\"><i class=\"$sDecorationClasses\"></i></span>";
 				}
-				$sHtml .= "<span class=\"ibo-field-badge--label\">$sValue</span>";
+				$sHtml .= "<span class=\"ibo-field-badge--label\">$sValueForHtml</span>";
 			}
 		}
 		if (!$oBadge) {
 			$oBadge = new FieldBadge();
-			$sHtml .= "<span>$sValue</span>";
+			$sHtml .= "<span>$sValueForHtml</span>";
 		}
 		$oBadge->AddHtml($sHtml);
 		return $oBadge;

test/application/privUITransactionFileTest.php

@@ -26,6 +26,7 @@ use Combodo\iTop\Test\UnitTest\ItopDataTestCase;
  *
  * @covers utils
  * @group sampleDataNeeded
+ * @group defaultProfiles
  */
 class privUITransactionFileTest extends ItopDataTestCase
 {

test/core/CMDBSource/TransactionsTest.php

@@ -18,6 +18,7 @@ use MetaModel;
  * @backupGlobals disabled
  *
  * @group itopRequestMgmt
+ * @group specificOrgInSampleData
  * Class TransactionsTest
  *
  * @package Combodo\iTop\Test\UnitTest\Core
@@ -248,4 +249,4 @@ class TransactionsTest extends ItopTestCase
 			"History 13" => ['iFailAt' => 15, 'bIsModified' => true],
 		];
 	}
-}
+}

test/core/DBSearchTest.php

@@ -527,6 +527,7 @@ class DBSearchTest extends ItopDataTestCase
 
 	/**
 	 * @dataProvider GetFirstResultProvider
+	 * @group specificOrgInSampleData
 	 *
 	 * @param string $sOql query to test
 	 * @param bool $bMustHaveOneResultMax arg passed to the tested function

test/core/GetSelectFilterTest.php

@@ -12,8 +12,9 @@ use utils;
 
 
 /**
- * @group getSelectFilterTest 
+ * @group getSelectFilterTest
  * @group sampleDataNeeded
+ * @group specificOrgInSampleData
  * Class GetSelectFilterTest
  *
  * @runTestsInSeparateProcesses
@@ -35,9 +36,9 @@ class GetSelectFilterTest extends ItopDataTestCase
 
 		$oRestProfile = MetaModel::GetObjectFromOQL("SELECT URP_Profiles WHERE name = :name", array('name' => 'REST Services User'), true);
 		$oAdminProfile = MetaModel::GetObjectFromOQL("SELECT URP_Profiles WHERE name = :name", array('name' => 'Administrator'), true);
-		
+
 		$this->sLogin = "getselectfilter-user-" . date('dmYHis');
-		
+
 		// Ensure that we have at least one administrator account
 		if (is_object($oRestProfile) && is_object($oAdminProfile))
 		{
@@ -45,7 +46,7 @@ class GetSelectFilterTest extends ItopDataTestCase
 			$this->AddProfileToUser($this->oUser, $oAdminProfile->GetKey());
 		}
 	}
-	
+
 	public function testGetSelectFilter()
 	{
 		$oUserRights = new UserRightsProfile();
@@ -64,9 +65,9 @@ class GetSelectFilterTest extends ItopDataTestCase
 		////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 		// Default behavior: Administrators, Administrator profile and URP_UserProfile related to administrators are visible
 		// via GetSelectFilter
-		
+
 		$oConfig->Set('security.hide_administrators', false);
-		
+
 		$oFilterProfiles = $oUserRights->GetSelectFilter($this->oUser, 'URP_Profiles');
 		if ($oFilterProfiles === true)
 		{
@@ -83,7 +84,7 @@ class GetSelectFilterTest extends ItopDataTestCase
 			}
 		}
 		$this->assertEquals($bAdminProfileFound, true);
-		
+
 		foreach($aUserLocalAncestors as $sUserClass)
 		{
 			$bAdminUserFound = false;
@@ -103,7 +104,7 @@ class GetSelectFilterTest extends ItopDataTestCase
 			}
 			$this->assertEquals($bAdminUserFound, true);
 		}
-		
+
 		$oFilterLnkProfiles = $oUserRights->GetSelectFilter($this->oUser, 'URP_UserProfile');
 		if ($oFilterLnkProfiles === true)
 		{
@@ -160,6 +161,6 @@ class GetSelectFilterTest extends ItopDataTestCase
 			$this->assertNotEquals($oLnk->Get('userid'), $this->oUser->GetKey());
 			$this->assertNotEquals($oLnk->Get('profileid'), 1);
 		}
-		
+
 	}
-}
+}

test/core/OQLParserTest.php

@@ -29,6 +29,7 @@ class OQLParserTest extends ItopDataTestCase
 	 * @group iTopChangeMgt
 	 * @group itopConfigMgmt
 	 * @group itopRequestMgmt
+	 * @group specificOrgInSampleData
 	 * @dataProvider NestedQueryProvider
 	 *
 	 * @param $sQuery

test/core/UserRightsTest.php

@@ -40,6 +40,7 @@ use utils;
 /**
  * @group itopRequestMgmt
  * @group userRights
+ * @group defaultProfiles
  *
  * @runTestsInSeparateProcesses
  * @preserveGlobalState disabled
@@ -486,7 +487,7 @@ class UserRightsTest extends ItopDataTestCase
 		// logout
 		$_SESSION = [];
 	}
-	
+
 	public function NonAdminCanListOwnProfilesProvider(): array
 	{
 		return [
@@ -495,7 +496,7 @@ class UserRightsTest extends ItopDataTestCase
 		];
 	}
 	/**
-	 *@dataProvider NonAdminCannotListAdminProfilesProvider 
+	 *@dataProvider NonAdminCannotListAdminProfilesProvider
 	 */
 	public function testNonAdminCannotListAdminProfiles($bHideAdministrators, $iExpectedCount)
 	{
@@ -518,7 +519,7 @@ class UserRightsTest extends ItopDataTestCase
 		// logout
 		$_SESSION = [];
 	}
-	
+
 	public function NonAdminCannotListAdminProfilesProvider(): array
 	{
 		return [

test/integration/iTopModulesPhpVersionChecklistTest.php

@@ -21,8 +21,6 @@ use utils;
 
 
 /**
- * @group itop-community
- *
  * @package Combodo\iTop\Test\UnitTest\Setup
  */
 class iTopModulesPhpVersionIntegrationTest extends ItopTestCase {
@@ -48,13 +46,18 @@ class iTopModulesPhpVersionIntegrationTest extends ItopTestCase {
 	}
 
 	/**
-	 * Verify if the datamodel.*.xml files refer to the current itop version
+	 * Verify if `module.*.php` files contained in `datamodels/1.x` or `datamodels/2.x` refers to the current itop version
 	 * This is an integration test
 	 *
+	 * As ess and pro targets are copying modules into datamodels/2.x this test can only be run on a community target !
+	 *
+	 * @group itop-community
 	 * @group skipPostBuild
+	 *
 	 * @uses utils::GetItopMinorVersion()
 	 *
 	 * @since 2.7.7 3.0.1 3.1.0 N°4714 uses new {@link ITOP_CORE_VERSION} constant
+	 * @since 3.0.3 3.1.0 move itop-community group in this method
 	 */
 	public function testITopModulesPhpVersion(): void {
 		if (is_dir(APPROOT.'datamodels/2.x')) {

test/integration/iTopModulesXmlVersionChecklistTest.php

@@ -21,8 +21,6 @@ use iTopDesignFormat;
 
 
 /**
- * @group itop-community
- *
  * @covers iTopDesignFormat
  *
  * @package Combodo\iTop\Test\UnitTest\Setup
@@ -38,12 +36,17 @@ class iTopModulesXmlVersionIntegrationTest extends ItopTestCase
 
 
 	/**
-	 * Verify if the datamodel.*.xml files refer to the latest version of the design
+	 * Verify if the `datamodels/2.x/datamodel.*.xml` files refer to the latest version of the design
 	 * This is an integration test
 	 *
+	 * As ess and pro targets are copying modules into datamodels/2.x this test can only be run on a community target !
+	 *
+	 * @group itop-community
 	 * @group skipPostBuild
 	 *
 	 * @dataProvider DatamodelItopXmlVersionProvider
+	 *
+	 * @since 3.0.3 3.1.0 move itop-community group in this method
 	 */
 	public function testDatamodelItopXmlVersion($sXmlFile)
 	{

test/integration/iTopXmlVersionChecklistTest.php

@@ -16,18 +16,9 @@
 namespace Combodo\iTop\Test\UnitTest\Integration;
 
 use Combodo\iTop\Test\UnitTest\ItopTestCase;
-use iTopDesignFormat;
 
 
 /**
- *
- * @runTestsInSeparateProcesses
- * @preserveGlobalState disabled
- * @backupGlobals disabled
- * @group itop-community
- *
- * @covers iTopDesignFormat
- *
  * @package Combodo\iTop\Test\UnitTest\Setup
  */
 class iTopXmlVersionIntegrationTest extends ItopTestCase

test/synchro/DataSynchroTest.php

@@ -30,6 +30,7 @@ use utils;
  *
  * @package Combodo\iTop\Test\UnitTest\Synchro
  * @group dataSynchro
+ * @group defaultProfiles
  *
  * @runTestsInSeparateProcesses
  * @preserveGlobalState disabled

test/webservices/RestTest.php

@@ -9,6 +9,7 @@ use Exception;
 /**
  * @group itopRequestMgmt
  * @group restApi
+ * @group defaultProfiles
  *
  * @runTestsInSeparateProcesses
  * @preserveGlobalState disabled