[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Dolibarr/dolibarr] a2bd77: Fix for the Cross-site Scripting (XSS) Vulne
|
From: |
Laurent Destailleur |
|
Subject: |
[Dolibarr/dolibarr] a2bd77: Fix for the Cross-site Scripting (XSS) Vulnerability |
|
Date: |
Tue, 18 Feb 2020 13:29:56 -0800 |
Branch: refs/heads/develop
Home: https://github.com/Dolibarr/dolibarr
Commit: a2bd77ef5865d7316741d0638acada7f1f65356f
https://github.com/Dolibarr/dolibarr/commit/a2bd77ef5865d7316741d0638acada7f1f65356f
Author: Mufeed VH <address@hidden>
Date: 2020-02-04 (Tue, 04 Feb 2020)
Changed paths:
M htdocs/filefunc.inc.php
Log Message:
-----------
Fix for the Cross-site Scripting (XSS) Vulnerability
Commit: 2419f122c4d99aead80410347054db7e30f089ee
https://github.com/Dolibarr/dolibarr/commit/2419f122c4d99aead80410347054db7e30f089ee
Author: root <root@SapphirePentest>
Date: 2020-02-03 (Mon, 03 Feb 2020)
Changed paths:
M htdocs/comm/action/card.php
M htdocs/public/error-401.php
M htdocs/public/error-404.php
Log Message:
-----------
referer XSS patches
Commit: 59572f15a9e623f36ee47c2ff250a072131e5b06
https://github.com/Dolibarr/dolibarr/commit/59572f15a9e623f36ee47c2ff250a072131e5b06
Author: Jamie Slome <address@hidden>
Date: 2020-02-17 (Mon, 17 Feb 2020)
Changed paths:
M htdocs/comm/action/card.php
M htdocs/public/error-401.php
M htdocs/public/error-404.php
Log Message:
-----------
Merge pull request #2 from 0xRoM/develop
Merging fix - on-behalf of @0xRoM, executed by huntr.dev (011-php-dolibarr).
Commit: 1bbe4469f1594f4ec4b853798dcaeb4a4e19a051
https://github.com/Dolibarr/dolibarr/commit/1bbe4469f1594f4ec4b853798dcaeb4a4e19a051
Author: Jamie Slome <address@hidden>
Date: 2020-02-17 (Mon, 17 Feb 2020)
Changed paths:
M htdocs/filefunc.inc.php
Log Message:
-----------
Merge pull request #1 from mufeedvh/develop
Merging fix - on-behalf of @mufeedvh, executed by huntr.dev (011-php-dolibarr).
Commit: 2d9162aedb6e61f5cfcc521279c37325e32f5471
https://github.com/Dolibarr/dolibarr/commit/2d9162aedb6e61f5cfcc521279c37325e32f5471
Author: Jamie Slome <address@hidden>
Date: 2020-02-17 (Mon, 17 Feb 2020)
Changed paths:
A .github/workflows/greetings-pr.yml
A .github/workflows/stale-issues.yml
M ChangeLog
M README-FR.md
M README.md
M dev/dolibarr_changes.txt
M dev/initdata/generate-invoice.php
M dev/initdata/generate-order.php
M dev/initdata/generate-product.php
M dev/initdata/generate-proposal.php
M dev/initdata/generate-thirdparty.php
M dev/initdata/import-users.php
A dev/tools/dolibarr-postgres2mysql.php
M htdocs/accountancy/admin/accountmodel.php
M htdocs/accountancy/admin/categories_list.php
M htdocs/accountancy/admin/journals_list.php
M htdocs/accountancy/bookkeeping/balance.php
M htdocs/accountancy/class/accountancyexport.class.php
M htdocs/accountancy/class/bookkeeping.class.php
M htdocs/accountancy/journal/bankjournal.php
M htdocs/accountancy/tpl/export_journal.tpl.php
M htdocs/adherents/class/adherent.class.php
M htdocs/adherents/class/subscription.class.php
M htdocs/adherents/subscription.php
M htdocs/adherents/subscription/card.php
M htdocs/adherents/subscription/list.php
M htdocs/adherents/type.php
M htdocs/admin/dict.php
M htdocs/admin/events.php
M htdocs/admin/fckeditor.php
M htdocs/admin/ldap_groups.php
M htdocs/admin/mails.php
M htdocs/admin/mails_templates.php
M htdocs/admin/menus/edit.php
M htdocs/admin/oauthlogintokens.php
M htdocs/admin/pdf.php
M htdocs/admin/perms.php
M htdocs/admin/reception_setup.php
M htdocs/admin/security_other.php
M htdocs/admin/sms.php
M htdocs/admin/spip.php
M htdocs/admin/supplier_invoice.php
M htdocs/admin/supplier_order.php
M htdocs/admin/tools/export_files.php
M htdocs/admin/website.php
M htdocs/asset/class/asset.class.php
M htdocs/asset/class/asset_type.class.php
M htdocs/asset/list.php
M htdocs/asset/type.php
M htdocs/bom/tpl/objectline_create.tpl.php
M htdocs/cashdesk/tpl/facturation1.tpl.php
M htdocs/categories/index.php
M htdocs/categories/viewcat.php
M htdocs/comm/action/card.php
M htdocs/comm/action/class/actioncomm.class.php
M htdocs/comm/action/list.php
M htdocs/comm/action/peruser.php
M htdocs/comm/index.php
M htdocs/comm/mailing/advtargetemailing.php
M htdocs/comm/mailing/cibles.php
M htdocs/comm/mailing/class/advtargetemailing.class.php
M htdocs/comm/mailing/class/html.formadvtargetemailing.class.php
M htdocs/comm/mailing/class/mailing.class.php
M htdocs/comm/propal/class/propal.class.php
M htdocs/comm/propal/list.php
M htdocs/commande/class/commande.class.php
M htdocs/commande/list.php
M htdocs/compta/bank/bankentries_list.php
M htdocs/compta/bank/class/account.class.php
M htdocs/compta/cashcontrol/cashcontrol_card.php
M htdocs/compta/facture/card.php
M htdocs/compta/facture/class/facture-rec.class.php
M htdocs/compta/facture/class/facture.class.php
M htdocs/compta/facture/list.php
M htdocs/compta/paiement/card.php
M htdocs/compta/paiement/class/paiement.class.php
M htdocs/compta/sociales/card.php
M htdocs/compta/stats/cabyprodserv.php
M htdocs/compta/tva/card.php
M htdocs/contact/class/contact.class.php
M htdocs/contact/list.php
M htdocs/contrat/class/contrat.class.php
M htdocs/core/actions_addupdatedelete.inc.php
M htdocs/core/actions_setmoduleoptions.inc.php
M htdocs/core/boxes/box_project.php
M htdocs/core/class/CMailFile.class.php
M htdocs/core/class/commondocgenerator.class.php
M htdocs/core/class/commonobject.class.php
M htdocs/core/class/conf.class.php
M htdocs/core/class/coreobject.class.php
M htdocs/core/class/dolreceiptprinter.class.php
M htdocs/core/class/html.form.class.php
M htdocs/core/class/html.formfile.class.php
M htdocs/core/class/html.formmail.class.php
M htdocs/core/class/html.formticket.class.php
M htdocs/core/class/utils.class.php
A htdocs/core/customreports.php
M htdocs/core/db/DoliDB.class.php
M htdocs/core/db/mssql.class.php
M htdocs/core/lib/agenda.lib.php
M htdocs/core/lib/company.lib.php
M htdocs/core/lib/emailing.lib.php
M htdocs/core/lib/files.lib.php
M htdocs/core/lib/functions.lib.php
M htdocs/core/lib/functionsnumtoword.lib.php
M htdocs/core/lib/product.lib.php
M htdocs/core/lib/security.lib.php
M htdocs/core/lib/security2.lib.php
M htdocs/core/lib/ticket.lib.php
M htdocs/core/login/functions_googleoauth.php
M htdocs/core/login/functions_openid.php
M htdocs/core/modules/commande/doc/pdf_einstein.modules.php
M htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php
M htdocs/core/modules/contract/doc/pdf_strato.modules.php
M htdocs/core/modules/expedition/doc/pdf_espadon.modules.php
M htdocs/core/modules/expedition/doc/pdf_rouget.modules.php
M htdocs/core/modules/expensereport/doc/pdf_standard.modules.php
M htdocs/core/modules/facture/doc/pdf_crabe.modules.php
M htdocs/core/modules/facture/doc/pdf_sponge.modules.php
M htdocs/core/modules/import/import_csv.modules.php
M htdocs/core/modules/import/import_xlsx.modules.php
M htdocs/core/modules/livraison/doc/pdf_typhon.modules.php
M htdocs/core/modules/modContrat.class.php
M htdocs/core/modules/modFournisseur.class.php
M htdocs/core/modules/modMrp.class.php
M htdocs/core/modules/modSociete.class.php
M htdocs/core/modules/modTicket.class.php
M htdocs/core/modules/modUser.class.php
M htdocs/core/modules/oauth/github_oauthcallback.php
M htdocs/core/modules/oauth/google_oauthcallback.php
M htdocs/core/modules/project/doc/pdf_baleine.modules.php
M htdocs/core/modules/project/doc/pdf_beluga.modules.php
M htdocs/core/modules/project/doc/pdf_timespent.modules.php
M htdocs/core/modules/propale/doc/pdf_azur.modules.php
M htdocs/core/modules/propale/doc/pdf_cyan.modules.php
M htdocs/core/modules/reception/doc/pdf_squille.modules.php
M htdocs/core/modules/stock/doc/pdf_standard.modules.php
M htdocs/core/modules/stock/doc/pdf_stdmovement.modules.php
M htdocs/core/modules/supplier_invoice/doc/pdf_canelle.modules.php
M htdocs/core/modules/supplier_order/doc/pdf_cornas.modules.php
M htdocs/core/modules/supplier_order/doc/pdf_muscadet.modules.php
M htdocs/core/modules/supplier_payment/doc/pdf_standard.modules.php
M htdocs/core/modules/supplier_proposal/doc/pdf_aurore.modules.php
M htdocs/core/tpl/admin_extrafields_add.tpl.php
M htdocs/core/tpl/advtarget.tpl.php
M htdocs/core/tpl/card_presend.tpl.php
M htdocs/core/tpl/extrafields_list_search_param.tpl.php
M htdocs/core/tpl/extrafields_list_search_sql.tpl.php
M htdocs/core/tpl/notes.tpl.php
M htdocs/dav/dav.class.php
M htdocs/don/payment/payment.php
M htdocs/expedition/card.php
M htdocs/expedition/class/expedition.class.php
M htdocs/expensereport/class/expensereport_ik.class.php
M htdocs/expensereport/class/expensereport_rule.class.php
M htdocs/exports/export.php
M htdocs/fichinter/card.php
M htdocs/filefunc.inc.php
M htdocs/fourn/class/fournisseur.commande.class.php
M htdocs/fourn/class/fournisseur.facture.class.php
M htdocs/fourn/class/fournisseur.product.class.php
M htdocs/fourn/commande/dispatch.php
M htdocs/fourn/facture/list.php
M htdocs/holiday/class/holiday.class.php
M htdocs/index.php
M htdocs/install/default.css
M htdocs/install/mysql/data/llx_accounting_abc.sql
A htdocs/install/mysql/data/llx_accounting_account_at.sql
M htdocs/install/mysql/data/llx_accounting_account_fr.sql
A htdocs/install/mysql/data/llx_c_ticket_resolution.sql
M htdocs/install/mysql/migration/11.0.0-12.0.0.sql
A htdocs/install/mysql/tables/llx_c_ticket_resolution.key.sql
A htdocs/install/mysql/tables/llx_c_ticket_resolution.sql
M htdocs/install/mysql/tables/llx_const.sql
M htdocs/install/mysql/tables/llx_contrat.sql
M htdocs/install/mysql/tables/llx_holiday_users.key.sql
M htdocs/install/mysql/tables/llx_holiday_users.sql
M htdocs/install/mysql/tables/llx_ticket.sql
M htdocs/install/upgrade2.php
M htdocs/langs/en_US/accountancy.lang
M htdocs/langs/en_US/admin.lang
M htdocs/langs/en_US/banks.lang
M htdocs/langs/en_US/bills.lang
M htdocs/langs/en_US/errors.lang
M htdocs/langs/en_US/mrp.lang
M htdocs/langs/en_US/oauth.lang
M htdocs/langs/en_US/other.lang
M htdocs/langs/en_US/products.lang
M htdocs/langs/en_US/receiptprinter.lang
M htdocs/langs/en_US/ticket.lang
A htdocs/langs/es_ES/zapier.lang
M htdocs/main.inc.php
M htdocs/master.inc.php
M htdocs/modulebuilder/index.php
M htdocs/modulebuilder/template/class/actions_mymodule.class.php
M htdocs/modulebuilder/template/class/myobject.class.php
M
htdocs/modulebuilder/template/core/modules/mailings/mailinglist_mymodule_myobject.modules.php
M
htdocs/modulebuilder/template/core/modules/mymodule/mod_myobject_advanced.php
M htdocs/modulebuilder/template/mymoduleindex.php
M htdocs/mrp/class/mo.class.php
M htdocs/mrp/lib/mrp_mo.lib.php
M htdocs/mrp/mo_agenda.php
M htdocs/mrp/mo_card.php
M htdocs/mrp/mo_document.php
A htdocs/mrp/mo_movements.php
M htdocs/mrp/mo_note.php
M htdocs/mrp/mo_production.php
M htdocs/product/admin/dynamic_prices.php
M htdocs/product/admin/product.php
M htdocs/product/card.php
M htdocs/product/class/product.class.php
M htdocs/product/dynamic_price/class/price_parser.class.php
M htdocs/product/fournisseurs.php
M htdocs/product/list.php
M htdocs/product/reassort.php
M htdocs/product/stats/contrat.php
M htdocs/product/stock/class/mouvementstock.class.php
M htdocs/product/stock/movement_card.php
M htdocs/product/stock/product.php
M htdocs/product/stock/replenish.php
M htdocs/projet/element.php
M htdocs/public/members/new.php
M htdocs/public/ticket/create_ticket.php
M htdocs/public/ticket/view.php
M htdocs/societe/card.php
M htdocs/societe/class/api_contacts.class.php
M htdocs/societe/class/companypaymentmode.class.php
M htdocs/societe/class/societe.class.php
M htdocs/societe/paymentmodes.php
M htdocs/societe/project.php
M htdocs/stripe/admin/stripe.php
M htdocs/stripe/class/stripe.class.php
A htdocs/theme/common/login_logo.png
M htdocs/theme/eldy/badges.inc.php
M htdocs/theme/eldy/global.inc.php
M htdocs/theme/eldy/info-box.inc.php
M htdocs/theme/eldy/theme_vars.inc.php
R htdocs/theme/login_logo.png
M htdocs/theme/md/style.css.php
M htdocs/ticket/card.php
M htdocs/ticket/class/ticket.class.php
M htdocs/user/card.php
M htdocs/user/group/card.php
M htdocs/user/group/ldap.php
M htdocs/user/group/perms.php
M htdocs/user/note.php
M htdocs/user/param_ihm.php
M htdocs/user/passwordforgotten.php
M htdocs/user/perms.php
M htdocs/variants/ajax/orderAttribute.php
M htdocs/website/class/website.class.php
M htdocs/website/index.php
M test/phpunit/FunctionsLibTest.php
M test/phpunit/HolidayTest.php
Log Message:
-----------
Merge branch 'develop' into develop
Commit: 20694381159771ba409e21fe05ba9efac1d87532
https://github.com/Dolibarr/dolibarr/commit/20694381159771ba409e21fe05ba9efac1d87532
Author: Laurent Destailleur <address@hidden>
Date: 2020-02-18 (Tue, 18 Feb 2020)
Changed paths:
M htdocs/comm/action/card.php
M htdocs/filefunc.inc.php
M htdocs/public/error-401.php
M htdocs/public/error-404.php
Log Message:
-----------
Merge pull request #13125 from 418sec/develop
dolibarr - Cross-site Scripting (XSS) - Fix:
Compare:
https://github.com/Dolibarr/dolibarr/compare/6a97b1b9c81f...206943811597
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Dolibarr/dolibarr] a2bd77: Fix for the Cross-site Scripting (XSS) Vulnerability,
Laurent Destailleur <=