composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-03-25 02:44:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: composer:feature/9137-Logo-by-Network-Device-Type
Branches Tags
composer:develop composer:feature/9223-Portal-AttributeExternalKey_adding composer:feature/uninstallation composer:feature/9137-Logo-by-Network-Device-Type composer:issue/8234-no-right-on-eventrestservice composer:feature/9328_scssphp_php84 composer:support/3.2 composer:feature/9356-Service-tooltips composer:feature/8532_apply_filter_on_joins composer:feature/9165-backgound_cleanup composer:feature/9383-CheckToWrite_message_in_transition composer:feature/8142-labels-menu-Incident composer:feature/7771-CMDB-flow-map composer:feature/asynchronous-cron composer:feature/7150-Backup_MariaDB_11 composer:faf/operation_on_replicas composer:feature/9248-REST-Updating_link_empty_caselog composer:feature/new-dashboard-layout composer:feature/8933-change-password-default-length composer:feature/rest_multi_classes composer:issue/9057-SuperUser-cannot-run-collectors composer:feature/phpstan composer:issue/9063-missing-transition-auto-resolve composer:class_extraction composer:feature/9100-CSVImport_test_on_hierarchicalKey composer:feature/9086-UniquenessRulesOnTypology composer:feature/property_types composer:feature/8864-list-changes-in-setup-recap composer:issue/jeffrey-rewind composer:feature/8772_form_dependencies_manager_module_usage composer:feature/8514-CMDB-datamodel-for-electricity composer:feature/4678-add-static-analysis-for-php composer:feature/6327-Enum-Date-FinalClass_in_Complementary_Name composer:feature/5221-DG_display_all_related_URs composer:detached composer:support/3.2.1 composer:designer-3.2.1 composer:feature/8533-Impact-Analysis composer:feature/640-Team-tickets_list composer:test_eric composer:feature/8781_-_Improve_twig_base_controller_render_error_report composer:feature/8807-DoCheckToWrite_removed_linkset composer:feature/8528-ignore_silo_1_n_linkedset_in_portal composer:form_dependency_1 composer:form-sdk-poc-controller composer:feature/7577-GetAttributeFlags_Attributes_HIDDEN composer:feature/8663-DoCheckToWrite_portal composer:faf/moduledependency-validation composer:issue/7071_Remove_MYSQL_DEFAULT_PORT composer:feature/6071-Prefill_Tagset_not_saved composer:feature/6111-Display_read-only_field_in_transition composer:feature/8123_improve_on_mention_data_parsing composer:feature/8699_attributedef_PSR4 composer:feature/2535-split_file composer:feature/4789-moduleparsing composer:feature/6759_factorize_config composer:feature/8598-Request_template_with_portal_scopes composer:feature/GetObject_for_portal composer:faf/quick_impact_analysis composer:feature/6193-Excel_export_dependencies_of_CI_by_class composer:support/2.7 composer:faf/Add_filters_on_audit composer:feature/attribute_computed composer:feature/8291-column_name_not_automatically_recognized composer:feature/faf_cron_v1 composer:tag composer:feature/7326-Fix_remove_tab composer:support/3.1 composer:8231-prototype composer:issue/8129-dont_crash_if_datetime_default_value_has_bad_format composer:feature/3777-change_easily_favicon composer:issue/7662_CKEditor_Indent_Block composer:feature/7746---Caselog-edition-button-active-even-if-the-user-has-a-read-only-access-to-the-object composer:feature/7383_ShowDatatableWhenEmpty composer:feature/7963-InlineImageSetDefaultOrgId composer:feature/7770-security-hardening composer:issue/7984 composer:support/7770-3.2 composer:issue/7726 composer:feature/5874 composer:issue/7746 composer:issue/7707 composer:feature/2298-switch-portal-profile composer:support/3.0 composer:support/3.2.0 composer:feature/7063 composer:feature/7146-markup_in_portal_search composer:support/3.2-beta composer:feature/N°7552-Polishing-CKeditor composer:feature/7423-add_context_to_users composer:support/designer-3.1.2-3 composer:faf/improve_perf_of_sharing_base composer:feature/6935-migrate-to-sf-router composer:saas/3.1 composer:issue/context-tag-on-initdatamodel composer:support/3.1.1 composer:support/3.1.0 composer:feature/poc_form_sdk_symfony_6 composer:support/designer-3.1.0-2 composer:issue/6218 composer:feature/little_optimization_in_search_screen composer:feature/6890-Update_request_template_REST composer:saas/manager-3.1 composer:support/3.0.3 composer:issue/6716_add_perf_tests composer:saas/3.1.0 composer:issue/6667_trigger_on_state_enter composer:feature/1386-Navigation_in_list composer:support/2.6 composer:feature/1318-multiple_choice_in_template composer:saas/3.0 composer:feature/6293-sort-popupmenuitems composer:feature/5619-hide-newsroom composer:feature/5620-hide-org-filter-menu composer:documentation/latest composer:documentation/3.0 composer:feature/4157 composer:feature/faf_doc_twig_blocks composer:feature/5160_hide_readonly_fields composer:feature/faf_sqlite composer:feature/faf_unit_test_with_misc_custo composer:support/2.5 composer:feature/blob-as-extfield composer:support/2.4 composer:support/2.3 composer:feature/b1312 composer:support/2.2.0 composer:support/2.1.0 composer:support/2.1.1 composer:support/2.0.3 composer:support/2.0.1 composer:support/2.0.2 composer:support/2.0 composer:support/1.2.1 composer:support/1.2 composer:support/2.0-beta1 composer:support/1.2.0 composer:support/1.1 composer:support/1.0.2
composer:designer-prod-20251113 composer:2.7.13 composer:designer-prod-20251011 composer:3.2.2 composer:designer-prod-260525 composer:3.2.1-1 composer:3.2.1 composer:3.1.3 composer:2.7.12 composer:3.1.2 composer:2.7.11 composer:3.2.0-2 composer:3.2.0 composer:3.2.0-rc3 composer:3.2.0-rc2 composer:3.2.0-rc1 composer:3.2.0-beta1 composer:3.2.0-alpha1 composer:3.0.4 composer:2.7.10 composer:3.1.1-2 composer:3.1.1-1 composer:3.1.1 composer:3.1.0-3 composer:saas-1.0.17 composer:saas-1.0.18 composer:3.1.0-2 composer:3.1.0-designer-2 composer:2.7.9 composer:3.1.0-1 composer:3.1.0 composer:3.1.0-beta composer:ITSM_Designer_3.1-compatibility composer:saas-1.0.13 composer:3.0.3-1 composer:3.0.3-designer-php8.0-compatibility composer:3.0.3 composer:3.1.0-alpha1 composer:2.7.8 composer:saas-1.0.7 composer:saas-1.0.6 composer:3.0.2-1 composer:3.0.2 composer:3.0.2-rc1 composer:2.7.7 composer:3.0.1-designer-feature-lot2 composer:3.0.1 composer:3.0.1-designer-feature-lot1 composer:3.0.0 composer:3.0.0-rc composer:2.7.6 composer:3.0.0-beta8 composer:3.0.0-beta7 composer:3.0.0-beta6 composer:3.0.0-beta5 composer:2.7.5-2 composer:3.0.0-beta4 composer:3.0.0-beta3 composer:2.7.5-1 composer:2.7.5 composer:3.0.0-beta2 composer:2.7.3-2 composer:2.7.3-1 composer:3 composer:3.0.0-beta composer:2.7.4 composer:2.7.3 composer:1.0.8 composer:3.0.0-alpha composer:2.7.2-1 composer:2.7.2 composer:2.7.1 composer:2.7.0-2 composer:2.6.4 composer:2.7.0-1 composer:2.7.0 composer:2.7.0-rc2 composer:2.7.0-rc composer:2.7.0-beta2 composer:2.6.3 composer:2.5.4 composer:2.7.0-beta composer:2.7.0-alpha1 composer:2.6.2-2 composer:2.6.2-1 composer:2.5.3 composer:2.6.2 composer:itop-carbon composer:2.6.1 composer:2.5.2 composer:2.6.0-a composer:N941-2 composer:N941 composer:N2016 composer:N2011 composer:N1963 composer:1.0.0 composer:2.6.0 composer:2.6.0-products composer:2.5.1 composer:2.4.3 composer:0.1.0 composer:2.4.2 composer:2.5.0 composer:2.4.1 composer:2.4.0 composer:2.3.4 composer:2.3.3 composer:2.3.1 composer:2.3.0 composer:2.2.1 composer:2.2.0 composer:2.1.0 composer:2.1.0-beta composer:2.0.3 composer:2.0.2 composer:2.0.1 composer:2.0 composer:1.2.1 composer:1.2 composer:1.1 composer:1.0.2 composer:1.0.1 composer:1.0 composer:0.9.1 composer:0.9 composer:0.8.1 composer:0.8.1@194 composer:0.8 composer:0.8@189 composer:0.7.2 composer:0.7.1 composer:0.7 composer:0.7@51
...
compare: composer:support/3.2
Branches Tags
composer:feature/9223-Portal-AttributeExternalKey_adding composer:feature/uninstallation composer:develop composer:feature/9137-Logo-by-Network-Device-Type composer:issue/8234-no-right-on-eventrestservice composer:feature/9328_scssphp_php84 composer:support/3.2 composer:feature/9356-Service-tooltips composer:feature/8532_apply_filter_on_joins composer:feature/9165-backgound_cleanup composer:feature/9383-CheckToWrite_message_in_transition composer:feature/8142-labels-menu-Incident composer:feature/7771-CMDB-flow-map composer:feature/asynchronous-cron composer:feature/7150-Backup_MariaDB_11 composer:faf/operation_on_replicas composer:feature/9248-REST-Updating_link_empty_caselog composer:feature/new-dashboard-layout composer:feature/8933-change-password-default-length composer:feature/rest_multi_classes composer:issue/9057-SuperUser-cannot-run-collectors composer:feature/phpstan composer:issue/9063-missing-transition-auto-resolve composer:class_extraction composer:feature/9100-CSVImport_test_on_hierarchicalKey composer:feature/9086-UniquenessRulesOnTypology composer:feature/property_types composer:feature/8864-list-changes-in-setup-recap composer:issue/jeffrey-rewind composer:feature/8772_form_dependencies_manager_module_usage composer:feature/8514-CMDB-datamodel-for-electricity composer:feature/4678-add-static-analysis-for-php composer:feature/6327-Enum-Date-FinalClass_in_Complementary_Name composer:feature/5221-DG_display_all_related_URs composer:detached composer:support/3.2.1 composer:designer-3.2.1 composer:feature/8533-Impact-Analysis composer:feature/640-Team-tickets_list composer:test_eric composer:feature/8781_-_Improve_twig_base_controller_render_error_report composer:feature/8807-DoCheckToWrite_removed_linkset composer:feature/8528-ignore_silo_1_n_linkedset_in_portal composer:form_dependency_1 composer:form-sdk-poc-controller composer:feature/7577-GetAttributeFlags_Attributes_HIDDEN composer:feature/8663-DoCheckToWrite_portal composer:faf/moduledependency-validation composer:issue/7071_Remove_MYSQL_DEFAULT_PORT composer:feature/6071-Prefill_Tagset_not_saved composer:feature/6111-Display_read-only_field_in_transition composer:feature/8123_improve_on_mention_data_parsing composer:feature/8699_attributedef_PSR4 composer:feature/2535-split_file composer:feature/4789-moduleparsing composer:feature/6759_factorize_config composer:feature/8598-Request_template_with_portal_scopes composer:feature/GetObject_for_portal composer:faf/quick_impact_analysis composer:feature/6193-Excel_export_dependencies_of_CI_by_class composer:support/2.7 composer:faf/Add_filters_on_audit composer:feature/attribute_computed composer:feature/8291-column_name_not_automatically_recognized composer:feature/faf_cron_v1 composer:tag composer:feature/7326-Fix_remove_tab composer:support/3.1 composer:8231-prototype composer:issue/8129-dont_crash_if_datetime_default_value_has_bad_format composer:feature/3777-change_easily_favicon composer:issue/7662_CKEditor_Indent_Block composer:feature/7746---Caselog-edition-button-active-even-if-the-user-has-a-read-only-access-to-the-object composer:feature/7383_ShowDatatableWhenEmpty composer:feature/7963-InlineImageSetDefaultOrgId composer:feature/7770-security-hardening composer:issue/7984 composer:support/7770-3.2 composer:issue/7726 composer:feature/5874 composer:issue/7746 composer:issue/7707 composer:feature/2298-switch-portal-profile composer:support/3.0 composer:support/3.2.0 composer:feature/7063 composer:feature/7146-markup_in_portal_search composer:support/3.2-beta composer:feature/N°7552-Polishing-CKeditor composer:feature/7423-add_context_to_users composer:support/designer-3.1.2-3 composer:faf/improve_perf_of_sharing_base composer:feature/6935-migrate-to-sf-router composer:saas/3.1 composer:issue/context-tag-on-initdatamodel composer:support/3.1.1 composer:support/3.1.0 composer:feature/poc_form_sdk_symfony_6 composer:support/designer-3.1.0-2 composer:issue/6218 composer:feature/little_optimization_in_search_screen composer:feature/6890-Update_request_template_REST composer:saas/manager-3.1 composer:support/3.0.3 composer:issue/6716_add_perf_tests composer:saas/3.1.0 composer:issue/6667_trigger_on_state_enter composer:feature/1386-Navigation_in_list composer:support/2.6 composer:feature/1318-multiple_choice_in_template composer:saas/3.0 composer:feature/6293-sort-popupmenuitems composer:feature/5619-hide-newsroom composer:feature/5620-hide-org-filter-menu composer:documentation/latest composer:documentation/3.0 composer:feature/4157 composer:feature/faf_doc_twig_blocks composer:feature/5160_hide_readonly_fields composer:feature/faf_sqlite composer:feature/faf_unit_test_with_misc_custo composer:support/2.5 composer:feature/blob-as-extfield composer:support/2.4 composer:support/2.3 composer:feature/b1312 composer:support/2.2.0 composer:support/2.1.0 composer:support/2.1.1 composer:support/2.0.3 composer:support/2.0.1 composer:support/2.0.2 composer:support/2.0 composer:support/1.2.1 composer:support/1.2 composer:support/2.0-beta1 composer:support/1.2.0 composer:support/1.1 composer:support/1.0.2
composer:designer-prod-20251113 composer:2.7.13 composer:designer-prod-20251011 composer:3.2.2 composer:designer-prod-260525 composer:3.2.1-1 composer:3.2.1 composer:3.1.3 composer:2.7.12 composer:3.1.2 composer:2.7.11 composer:3.2.0-2 composer:3.2.0 composer:3.2.0-rc3 composer:3.2.0-rc2 composer:3.2.0-rc1 composer:3.2.0-beta1 composer:3.2.0-alpha1 composer:3.0.4 composer:2.7.10 composer:3.1.1-2 composer:3.1.1-1 composer:3.1.1 composer:3.1.0-3 composer:saas-1.0.17 composer:saas-1.0.18 composer:3.1.0-2 composer:3.1.0-designer-2 composer:2.7.9 composer:3.1.0-1 composer:3.1.0 composer:3.1.0-beta composer:ITSM_Designer_3.1-compatibility composer:saas-1.0.13 composer:3.0.3-1 composer:3.0.3-designer-php8.0-compatibility composer:3.0.3 composer:3.1.0-alpha1 composer:2.7.8 composer:saas-1.0.7 composer:saas-1.0.6 composer:3.0.2-1 composer:3.0.2 composer:3.0.2-rc1 composer:2.7.7 composer:3.0.1-designer-feature-lot2 composer:3.0.1 composer:3.0.1-designer-feature-lot1 composer:3.0.0 composer:3.0.0-rc composer:2.7.6 composer:3.0.0-beta8 composer:3.0.0-beta7 composer:3.0.0-beta6 composer:3.0.0-beta5 composer:2.7.5-2 composer:3.0.0-beta4 composer:3.0.0-beta3 composer:2.7.5-1 composer:2.7.5 composer:3.0.0-beta2 composer:2.7.3-2 composer:2.7.3-1 composer:3 composer:3.0.0-beta composer:2.7.4 composer:2.7.3 composer:1.0.8 composer:3.0.0-alpha composer:2.7.2-1 composer:2.7.2 composer:2.7.1 composer:2.7.0-2 composer:2.6.4 composer:2.7.0-1 composer:2.7.0 composer:2.7.0-rc2 composer:2.7.0-rc composer:2.7.0-beta2 composer:2.6.3 composer:2.5.4 composer:2.7.0-beta composer:2.7.0-alpha1 composer:2.6.2-2 composer:2.6.2-1 composer:2.5.3 composer:2.6.2 composer:itop-carbon composer:2.6.1 composer:2.5.2 composer:2.6.0-a composer:N941-2 composer:N941 composer:N2016 composer:N2011 composer:N1963 composer:1.0.0 composer:2.6.0 composer:2.6.0-products composer:2.5.1 composer:2.4.3 composer:0.1.0 composer:2.4.2 composer:2.5.0 composer:2.4.1 composer:2.4.0 composer:2.3.4 composer:2.3.3 composer:2.3.1 composer:2.3.0 composer:2.2.1 composer:2.2.0 composer:2.1.0 composer:2.1.0-beta composer:2.0.3 composer:2.0.2 composer:2.0.1 composer:2.0 composer:1.2.1 composer:1.2 composer:1.1 composer:1.0.2 composer:1.0.1 composer:1.0 composer:0.9.1 composer:0.9 composer:0.8.1 composer:0.8.1@194 composer:0.8 composer:0.8@189 composer:0.7.2 composer:0.7.1 composer:0.7 composer:0.7@51

2 Commits
feature/91 ... support/3.

Author SHA1 Message Date
Lenaick
b3223eb9b6 N°8606 - Check user permissions in search operation of ajax.render.php (#836) 2026-03-24 08:52:22 +01:00
Benjamin DALSASS
458a996c29 N°8612 - force authentication for inline image endpoints 
- ajax.render dict route needs to be reached without login authentication
 2026-03-23 15:50:47 +01:00
2 changed files with 14 additions and 1 deletions
Expand all files Collapse all files

3
pages/ajax.document.php
View File

@@ -34,7 +34,6 @@ try {
require_once(APPROOT.'/application/startup.inc.php');
require_once(APPROOT.'/application/loginwebpage.class.inc.php');
LoginWebPage::DoLoginEx();
IssueLog::Trace('----- Request: '.utils::GetRequestUri(), LogChannels::WEB_REQUEST);
@@ -45,6 +44,7 @@ try {
switch ($operation) {
case 'download_document':
LoginWebPage::DoLoginEx();
$id = utils::ReadParam('id', '');
$sField = utils::ReadParam('field', '');
if ($sClass == 'Attachment') {
@@ -64,6 +64,7 @@ try {
break;
case 'download_inlineimage':
LoginWebPage::DoLoginEx();
$id = utils::ReadParam('id', '');
$sSecret = utils::ReadParam('s', '');
$iCacheSec = 31556926; // One year ahead: an inline image cannot change

12
sources/Controller/AjaxRenderController.php
View File

@@ -42,6 +42,7 @@ use RunTimeEnvironment;
use ScalarExpression;
use SetupUtils;
use UILinksWidget;
use UserRights;
use utils;
use WizardHelper;
@@ -71,6 +72,12 @@ class AjaxRenderController
$bShowObsoleteData = utils::ShowObsoleteData();
}
$oSet->SetShowObsoleteData($bShowObsoleteData);
// N°8606 : Check user permissions on the main class
if (UserRights::IsActionAllowed($oSet->GetClass(), UR_ACTION_READ, $oSet) !== UR_ALLOWED_YES) {
throw new Exception(Dict::Format('UI:Error:ReadNotAllowedOn_Class', $oSet->GetClass()));
}
$aResult["draw"] = $iDrawNumber;
$aResult["recordsTotal"] = $oSet->Count();
$aResult["recordsFiltered"] = $aResult["recordsTotal"] ;
@@ -95,6 +102,11 @@ class AjaxRenderController
continue;
}
// N°8606 : Check user permissions on the current class
if (UserRights::IsActionAllowed($sClass, UR_ACTION_READ, $oSet) !== UR_ALLOWED_YES) {
throw new Exception(Dict::Format('UI:Error:ReadNotAllowedOn_Class', $sClass));
}
foreach ($aColumnsLoad[$sAlias] as $sAttCode) {
$aObj[$sAlias."/".$sAttCode] = $aObject[$sAlias]->GetAsHTML($sAttCode);
$bExcludeRawValue = false;