composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
7,797 Commits 151 Branches 134 Tags
d412a52fcc3dc0129485dfda50d510b51065c7a7
Commit Graph

283 Commits

Author SHA1 Message Date
Pierre Goiffon
d412a52fcc N°4449 Fix FPD in dashboard export/import 2022-11-29 18:10:17 +01:00
Eric Espie
68d44fa981 N°5724 - code hardening 2022-11-16 09:32:47 +01:00
acognet
ec86bd246a N°5129 - Unwanted popup during a transition with an AttributeExternalField 2022-06-21 15:24:25 +02:00
Benjamin Dalsass
8e97279401 N°4899 - Reflected XSS on revert_dashboard operation 2022-05-17 09:27:06 +02:00
acognet
6fa2d47780 N°4538 - Dashlet Groupby on ExternalKey with special character, bad display 2022-04-15 10:03:04 +02:00
Pierre Goiffon
69578d5d07 Merge remote-tracking branch 'origin/support/2.6' into support/2.7 2021-12-10 12:30:57 +01:00
Pierre Goiffon
97d6d413bb N°4502 Fix dashboard page not refreshed after saving customm dashboard 2021-12-10 12:30:33 +01:00
Pierre Goiffon
7e0d5d64ce Merge remote-tracking branch 'origin/support/2.6' into support/2.7 2021-12-10 09:21:43 +01:00
Pierre Goiffon
3f8f57fa9a N°4502 Fix cannot create new or edit existing custom dashboard 
Regression brought by dbaf9241
 2021-12-10 09:15:43 +01:00
Pierre Goiffon
d0fade9ce1 Merge remote-tracking branch 'origin/support/2.6' into support/2.7 
# Conflicts:
#	pages/ajax.render.php
#	setup/wizardsteps.class.inc.php
 2021-11-17 17:39:36 +01:00
Pierre Goiffon
84426c6634 N°4365 Security hardening 2021-11-17 10:15:12 +01:00
Pierre Goiffon
dbaf924171 N°4363 Security hardening 2021-11-16 17:19:19 +01:00
Pierre Goiffon
bcca6ac720 Merge remote-tracking branch 'origin/support/2.6' into support/2.7 2021-11-15 15:07:19 +01:00
Pierre Goiffon
2beb795f9a N°4304 Security hardening 2021-11-09 11:32:53 +01:00
Molkobain
1c983e8093 Merge remote-tracking branch 'origin/support/2.6' into support/2.7 
# Conflicts:
#	core/config.class.inc.php
#	datamodels/2.x/itop-portal-base/portal/src/controllers/objectcontroller.class.inc.php
#	pages/ajax.render.php
 2021-08-18 16:12:22 +02:00
Molkobain
92a9a8c65f N°4129 - Security hardening 2021-08-18 15:57:18 +02:00
Pierre Goiffon
8259a79cd2 🎨 Factorize LogAPI channels value in LogChannels class 2021-06-25 17:13:35 +02:00
Pierre Goiffon
0de6f98add 🔊 When ordering objects search list, log problems due to low max_input_vars php.ini option (#211) 
iTop is sending large volume of data to the server, and those data can be truncated due to this php.ini option.
Now we are checking for common issues : if the data is truncated a log is done (IssueLog, warning level, no channel) and the corresponding column is set as not selected.
User will still see an inconsistent result, but we won't have PHP notices generated anymore, and a log can tell what caused the issue.
 2021-06-08 18:43:43 +02:00
BGdu38
c2f5cafaf3 Avoid setting memory_limit to lower value than the one already configured (#215) 
Some scripts are setting the memory_limit PHP option : setup, csvimport and XLSX export. This was done to avoid crashing when dealing with such large amount of data.
But sometimes we were setting the value without any prior check, so we could actually lower the memory_limit value :/

Now this memory_limit change is done using \utils::SetMinMemoryLimit, which will call ini_set if and only if the current value is lower than the one to be set.

Setup calls (setup/ajax.dataloader.php and webservices/backoffice.dataloader.php) were left as is as they weren't subject to this bug, and also they are more complex (logging done on each case).
 2021-05-25 12:03:19 +02:00
Pierre Goiffon
1304e2eb2d N°3416 Updates after code review v2 :) 2020-12-04 08:51:07 +01:00
Pierre Goiffon
cece15d10c N°3416 Updates after code review 
Many thanks @bruno-ds !
* add comments to explain intentions
* fix indentations
 2020-12-03 17:45:44 +01:00
Pierre Goiffon
b9ca2ac13d N°3416 Fix DocumentFile preview not working anymore 
Was caused by X-Frame-Options http header added with N°3317

(cherry picked from commit 35d77ff642)

# Conflicts:
#	pages/ajax.render.php
 2020-12-03 08:20:51 +01:00
Pierre Goiffon
ecebe4ecd5 N°3416 XFrame and cache headers optimizations 
* Remove XFrame header set in \WebPage::no_cache : not this method responsability, was confusing :/
* Remove no_cache() calls when already set in page constructor (ajax_page mainly)
* Also calls everywhere the \WebPage::no_cache method instead of setting headers manually
 2020-12-02 17:19:05 +01:00
Pierre Goiffon
8bfcb14d0c N°3416 XFrame-Options header is now set using a config parameter, defaults to SAMEORIGIN 
Also adds an indirection (\WebPage::add_xframe_options) to set header
 2020-12-02 17:17:11 +01:00
Pierre Goiffon
35d77ff642 N°3416 Fix DocumentFile preview not working anymore 
Was caused by X-Frame-Options http header added with N°3317
 2020-12-02 15:44:58 +01:00
Eric
eebc29d2bb N°3111 - Fix Portal export 
(cherry picked from commit d3b57c3bda)
 2020-10-30 14:16:57 +01:00
Eric
5b04143711 N°3111 - Fix Portal export 2020-07-21 16:39:55 +02:00
bruno DA SILVA
839bbc425f N°2901 Add log to help diagnose lost InlineImage 
they are disabled by default, use this to enable:
 ```
 'log_level_min' => array(
 		'InlineImage' => LogAPI::LEVEL_TRACE,
 		'UserRequest' => LogAPI::LEVEL_TRACE,
 	),
```
 2020-05-12 15:34:13 +02:00
Pierre Goiffon
9b065ffb0a Merge remote-tracking branch 'origin/support/2.7.0' into support/2.7 
# Conflicts:
#	datamodels/2.x/itop-attachments/renderers.itop-attachments.php
 2020-04-29 09:00:10 +02:00
acognet
bbc751bee4 N°2383 - GetAttributeFlag ignored on form refresh with dependent field 2020-04-14 17:56:27 +02:00
Eric
5b60ec9edf N°2919 - Dashboard - Fix dashboard not saved 
the sanitization was too strong. Some names can contain ':'
 2020-04-10 18:11:36 +02:00
Eric
b88b9dabdb N°2919 - Dashboard - Fix dashboard not saved 
The sanitization was too strong. Some names can contain ':'
 2020-04-09 17:59:52 +02:00
Stephen Abello
bfcd137e52 N°2853 - Security hardening 
(cherry picked from commit d01caaf4e4)
 2020-04-06 09:37:58 +02:00
Molkobain
4f7676c42d N°2735 - Rollback previous "fixes" to keep the simple ID policy in the Designer and a unique ID generation at runtime 2020-03-16 12:17:09 +01:00
Molkobain
29d963317f N°2735 - Fix dashlet ID generation to have the "CUSTOM" prefix only at runtime 2020-03-12 16:46:15 +01:00
Molkobain
bbfddea93d Open new_dashlet_id operation for Designer 2020-03-12 14:16:02 +01:00
Stephen Abello
d01caaf4e4 N°2853 - Security hardening 2020-03-10 10:23:38 +01:00
Molkobain
e2a3e0e74f N°2735 - Continue rework of the dashlet id generation: 
- Move generation from DashboardLayout to Dashboard
- Migrate dashlet user preference in RuntimeDashboard only (and not in DesignTimeDashboard)
 2020-02-26 16:29:32 +01:00
Molkobain
5a01a76f80 N°2735 - Add new sanitize filter ('element_identifier') for dashboard identifier 2020-02-26 12:10:18 +01:00
Pierre Goiffon
dfc894f6fd N°2735 Fix cannot edit new dashlet properties regression 
Was introduced by cf83bc73
 2020-02-25 11:17:52 +01:00
Pierre Goiffon
a92157f763 N°2790 fix collapsibleLabel 
* change icon when label closed
* fix switch in about dialog for licenses details
 2020-02-18 16:34:51 +01:00
Pierre Goiffon
cf83bc7364 N°2634 / N°2735 Fix dashlets identifiers : was causing prb on widget init, prefs save 
Dashlet id now includes :
* "CUSTOM-" if dashlet is contained in a custom dashboard, nothing elsewhere
* the ID of the dashboard
  - for menus : menu id escaped for HTML
  - for AttributeDashboard : <class>__<field>
* the row / cell / dashlet idx

Examples :
CUSTOM-UserRequestOverview_IDrow1-col0-0
Organization__overview_IDrow1-col0-12
 2020-02-14 15:59:09 +01:00
Pierre Goiffon
fae8c9edbd N°2780 Add ContextTag::TAG_CONSOLE for ajax operations 2020-02-12 17:20:10 +01:00
Eric
c6759220b9 🎨 clean warnings and add KPI in ajax.render.php 2019-12-06 15:42:03 +01:00
bruno DA SILVA
08c1f4f072 autoload rework 
- bootstrap.inc.php is now included by approot.inc.php
 - remove all unescessaries includes of bootstrap.inc.php
 - in bootstrap.inc.php autoload can be bypassed using a feature flag because "why not"
 2019-11-08 16:51:57 +01:00
Molkobain
947e26d864 Internal: Change how the bootstrap.inc.php file is included in endpoints (This completes commit ec095896) 2019-08-13 17:38:51 +02:00
Molkobain
ec09589646 N°2439 Add real autoloader for framework files (not modules) 2019-08-13 13:46:19 +02:00
Pierre Goiffon
cbc96d8a58 📝 Attachment : add some @var on object init 2019-08-05 11:04:26 +02:00
Molkobain
0a9b376684 N°2324 Remove legacy portal security check 2019-07-17 15:40:43 +02:00
Pierre Goiffon
6c81163d20 Merge remote-tracking branch 'origin/master' into develop 2019-07-01 17:30:21 +02:00