Skip to content

Commit

Permalink
Merge branch 'develop' of git@github.com:Dolibarr/dolibarr.git into d…
Browse files Browse the repository at this point in the history 
…evelop
  • Loading branch information
@eldy
eldy committed Mar 1, 2025
2 parents 84cbf15 + de12a67 commit 64b3538
Show file tree
Hide file tree
Showing 66 changed files with 857 additions and 581 deletions.
5 changes: 2 additions & 3 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,8 +110,7 @@ Scope is the web application (backoffice) and the APIs.
* Software or libraries versions, private IP disclosure, Stack traces or path disclosure when logged-in user is admin.
* Vulnerabilities affecting outdated browsers or platforms, or vulnerabilities inside browsers themself.
* Brute force attacks on login page, password forgotten page or any public pages (/public/*) are not qualified if the recommended fail2ban rules were not installed.
* SSL/TLS best practices
* SSL/TLS practices (cypher enabled or not)
* Invalid or missing SPF (Sender Policy Framework) records (Incomplete or missing SPF/DKIM/DMARC)
* Physical or social engineering attempts or issues that require physical access to a victim’s computer/device
* Vulnerabilities of type XSS exploited by using javascript into a website page (with permission to edit website pages) or by using php code into a website page
using the permission to edit php code are not qualified, except if this allow to get higher privileges (being able to set javascript or php code is the expected behaviour).
* Vulnerabilities of type XSS exploited by using javascript into a website page of the website module or by using php code into a website page (being able to set javascript or php code is the expected behaviour in the website module), except if the user does not have the permission to edit page or php code.
172 changes: 2 additions & 170 deletions dev/build/phpstan/phpstan-baseline.neon
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,12 +54,6 @@ parameters:
count: 1
path: ../../../htdocs/accountancy/admin/categories_list.php

-
message: '#^Parameter \#12 \$tabcomplete of function complete_dictionary_with_modules expects array\<string, array\<string, array\<string, string\>\>\>, array\<int, array\> given\.$#'
identifier: argument.type
count: 1
path: ../../../htdocs/accountancy/admin/categories_list.php

-
message: '#^Right side of && is always true\.$#'
identifier: booleanAnd.rightAlwaysTrue
Expand Down Expand Up @@ -102,12 +96,6 @@ parameters:
count: 1
path: ../../../htdocs/accountancy/admin/journals_list.php

-
message: '#^Parameter \#12 \$tabcomplete of function complete_dictionary_with_modules expects array\<string, array\<string, array\<string, string\>\>\>, array\<int, array\> given\.$#'
identifier: argument.type
count: 1
path: ../../../htdocs/accountancy/admin/journals_list.php

-
message: '#^Ternary operator condition is always true\.$#'
identifier: ternary.alwaysTrue
Expand Down Expand Up @@ -144,12 +132,6 @@ parameters:
count: 1
path: ../../../htdocs/accountancy/admin/report_list.php

-
message: '#^Parameter \#12 \$tabcomplete of function complete_dictionary_with_modules expects array\<string, array\<string, array\<string, string\>\>\>, array\<int, array\> given\.$#'
identifier: argument.type
count: 1
path: ../../../htdocs/accountancy/admin/report_list.php

-
message: '#^Ternary operator condition is always true\.$#'
identifier: ternary.alwaysTrue
Expand Down Expand Up @@ -1164,12 +1146,6 @@ parameters:
count: 1
path: ../../../htdocs/admin/dict.php

-
message: '#^Parameter \#12 \$tabcomplete of function complete_dictionary_with_modules expects array\<string, array\<string, array\<string, string\>\>\>, array\<string, array\<string, array\<string, string\>\|string\>\> given\.$#'
identifier: argument.type
count: 1
path: ../../../htdocs/admin/dict.php

-
message: '#^Variable \$param in empty\(\) always exists and is not falsy\.$#'
identifier: empty.variable
Expand Down Expand Up @@ -3402,12 +3378,6 @@ parameters:
count: 2
path: ../../../htdocs/bookmarks/bookmarks.lib.php

-
message: '#^Ternary operator condition is always false\.$#'
identifier: ternary.alwaysFalse
count: 1
path: ../../../htdocs/bookmarks/bookmarks.lib.php

-
message: '#^Variable \$contextpage in empty\(\) always exists and is not falsy\.$#'
identifier: empty.variable
Expand Down Expand Up @@ -3486,24 +3456,12 @@ parameters:
count: 1
path: ../../../htdocs/categories/class/api_categories.class.php

-
message: '#^Left side of && is always true\.$#'
identifier: booleanAnd.leftAlwaysTrue
count: 1
path: ../../../htdocs/categories/class/categorie.class.php

-
message: '#^Method Categorie\:\:get_full_arbo\(\) should return \-1\|array\<int, array\{rowid\: int, id\: int, fk_parent\: int, label\: string, description\: string, color\: string, position\: string, visible\: int, \.\.\.\}\> but returns array\<array\{rowid\: mixed, id\: mixed, fk_parent\: mixed, label\: mixed, description\: mixed, color\: mixed, position\: mixed, visible\: mixed, \.\.\.\}\>\.$#'
identifier: return.type
count: 1
path: ../../../htdocs/categories/class/categorie.class.php

-
message: '#^Negated boolean expression is always true\.$#'
identifier: booleanNot.alwaysTrue
count: 3
path: ../../../htdocs/categories/class/categorie.class.php

-
message: '#^Parameter \#1 \$array of function dol_sort_array contains unresolvable type\.$#'
identifier: argument.unresolvableType
Expand All @@ -3522,12 +3480,6 @@ parameters:
count: 1
path: ../../../htdocs/categories/class/categorie.class.php

-
message: '#^Variable \$url in empty\(\) always exists and is not falsy\.$#'
identifier: empty.variable
count: 2
path: ../../../htdocs/categories/class/categorie.class.php

-
message: '#^If condition is always true\.$#'
identifier: if.alwaysTrue
Expand Down Expand Up @@ -8142,12 +8094,6 @@ parameters:
count: 3
path: ../../../htdocs/core/actions_massactions.inc.php

-
message: '#^Variable \$permissiontoadd might not be defined\.$#'
identifier: variable.undefined
count: 10
path: ../../../htdocs/core/actions_massactions.inc.php

-
message: '#^Variable \$search_status might not be defined\.$#'
identifier: variable.undefined
Expand Down Expand Up @@ -19926,12 +19872,6 @@ parameters:
count: 1
path: ../../../htdocs/master.inc.php

-
message: '#^Call to function is_array\(\) with array\<array\{modulenamewithcase\: mixed, moduledescriptorrelpath\: string, moduledescriptorfullpath\: mixed, moduledescriptorrootpath\: mixed, moduletype\?\: ''external''\|''internal''\}\> will always evaluate to true\.$#'
identifier: function.alreadyNarrowedType
count: 1
path: ../../../htdocs/modulebuilder/index.php

-
message: '#^Call to function is_array\(\) with non\-empty\-array\<mixed\> will always evaluate to true\.$#'
identifier: function.alreadyNarrowedType
Expand All @@ -19944,12 +19884,6 @@ parameters:
count: 2
path: ../../../htdocs/modulebuilder/index.php

-
message: '#^Parameter \#2 \$arrayreplacement of function dolReplaceInFile expects array\<string, string\>, array\<int\|string, array\<mixed\>\|string\> given\.$#'
identifier: argument.type
count: 1
path: ../../../htdocs/modulebuilder/index.php

-
message: '#^Right side of && is always true\.$#'
identifier: booleanAnd.rightAlwaysTrue
Expand Down Expand Up @@ -26661,7 +26595,7 @@ parameters:
-
message: '#^Variable \$prodcustprice might not be defined\.$#'
identifier: variable.undefined
count: 36
count: 3
path: ../../../htdocs/societe/price.php

-
Expand Down Expand Up @@ -27198,36 +27132,12 @@ parameters:
count: 1
path: ../../../htdocs/theme/eldy/style.css.php

-
message: '#^Variable \$fontlist might not be defined\.$#'
identifier: variable.undefined
count: 4
path: ../../../htdocs/theme/md/btn.inc.php

-
message: '#^Variable \$left might not be defined\.$#'
identifier: variable.undefined
count: 2
path: ../../../htdocs/theme/md/btn.inc.php

-
message: '#^Variable \$nbtopmenuentries might not be defined\.$#'
identifier: variable.undefined
count: 2
path: ../../../htdocs/theme/md/btn.inc.php

-
message: '#^Variable \$right might not be defined\.$#'
identifier: variable.undefined
count: 1
path: ../../../htdocs/theme/md/btn.inc.php

-
message: '#^Variable \$user might not be defined\.$#'
identifier: variable.undefined
count: 1
path: ../../../htdocs/theme/md/btn.inc.php

-
message: '#^Variable \$left might not be defined\.$#'
identifier: variable.undefined
Expand Down Expand Up @@ -28362,12 +28272,6 @@ parameters:
count: 8
path: ../../../htdocs/webportal/class/html.formwebportal.class.php

-
message: '#^Parameter \#3 \$preselectedvalue of method FormWebPortal\:\:selectForForms\(\) expects int, array\<mixed\>\|string given\.$#'
identifier: argument.type
count: 1
path: ../../../htdocs/webportal/class/html.formwebportal.class.php

-
message: '#^Call to function method_exists\(\) with \$this\(WebPortalInvoice\) and ''getLibStatut'' will always evaluate to true\.$#'
identifier: function.alreadyNarrowedType
Expand Down Expand Up @@ -28488,12 +28392,6 @@ parameters:
count: 1
path: ../../../htdocs/webportal/class/webportalpropal.class.php

-
message: '#^Parameter \#1 \$authentication of function check_authentication expects array\{login\: string, password\: string, entity\: int\|null, dolibarrkey\: string\}, array\{login\: string, entity\: int\} given\.$#'
identifier: argument.type
count: 1
path: ../../../htdocs/webservices/server_category.php

-
message: '#^Negated boolean expression is always true\.$#'
identifier: booleanNot.alwaysTrue
Expand Down Expand Up @@ -28530,12 +28428,6 @@ parameters:
count: 2
path: ../../../htdocs/website/class/website.class.php

-
message: '#^Parameter \#2 \$arrayreplacement of function dolReplaceInFile expects array\<string, string\>, array\<string, int\|string\> given\.$#'
identifier: argument.type
count: 3
path: ../../../htdocs/website/class/website.class.php

-
message: '#^Property Website\:\:\$description \(string\) in isset\(\) is not nullable\.$#'
identifier: isset.property
Expand Down Expand Up @@ -28614,12 +28506,6 @@ parameters:
count: 1
path: ../../../htdocs/website/index.php

-
message: '#^If condition is always true\.$#'
identifier: if.alwaysTrue
count: 1
path: ../../../htdocs/website/index.php

-
message: '#^Left side of && is always true\.$#'
identifier: booleanAnd.leftAlwaysTrue
Expand All @@ -28635,7 +28521,7 @@ parameters:
-
message: '#^Negated boolean expression is always false\.$#'
identifier: booleanNot.alwaysFalse
count: 2
count: 1
path: ../../../htdocs/website/index.php

-
Expand All @@ -28656,30 +28542,12 @@ parameters:
count: 1
path: ../../../htdocs/website/index.php

-
message: '#^Variable \$cate_arbo might not be defined\.$#'
identifier: variable.undefined
count: 1
path: ../../../htdocs/website/index.php

-
message: '#^Variable \$containertype might not be defined\.$#'
identifier: variable.undefined
count: 2
path: ../../../htdocs/website/index.php

-
message: '#^Variable \$contextpage in empty\(\) always exists and is not falsy\.$#'
identifier: empty.variable
count: 1
path: ../../../htdocs/website/index.php

-
message: '#^Variable \$disabled might not be defined\.$#'
identifier: variable.undefined
count: 1
path: ../../../htdocs/website/index.php

-
message: '#^Variable \$dolibarr_main_url_root might not be defined\.$#'
identifier: variable.undefined
Expand All @@ -28692,36 +28560,6 @@ parameters:
count: 1
path: ../../../htdocs/website/index.php

-
message: '#^Variable \$langcode might not be defined\.$#'
identifier: variable.undefined
count: 2
path: ../../../htdocs/website/index.php

-
message: '#^Variable \$otherfilters might not be defined\.$#'
identifier: variable.undefined
count: 2
path: ../../../htdocs/website/index.php

-
message: '#^Variable \$tmpobject might not be defined\.$#'
identifier: variable.undefined
count: 1
path: ../../../htdocs/website/index.php

-
message: '#^Variable \$urltograbdirrootwithoutslash might not be defined\.$#'
identifier: variable.undefined
count: 2
path: ../../../htdocs/website/index.php

-
message: '#^Variable \$urltograbdirwithoutslash might not be defined\.$#'
identifier: variable.undefined
count: 4
path: ../../../htdocs/website/index.php

-
message: '#^If condition is always false\.$#'
identifier: if.alwaysFalse
Expand Down Expand Up @@ -28770,12 +28608,6 @@ parameters:
count: 1
path: ../../../htdocs/website/websiteaccount_card.php

-
message: '#^Method Workstations\:\:index\(\) return type has no value type specified in iterable type array\.$#'
identifier: missingType.iterableValue
count: 1
path: ../../../htdocs/workstation/class/api_workstations.class.php

-
message: '#^Call to function method_exists\(\) with \$this\(Workstation\) and ''getLibStatut'' will always evaluate to true\.$#'
identifier: function.alreadyNarrowedType
Expand Down
Loading

0 comments on commit 64b3538

Please sign in to comment.