New add home box mrp

.github/CONTRIBUTING.md

@@ -185,7 +185,7 @@ A so high ratio is very rare on a so popular project and with the increasing pop
 
 Translations
 ------------
-The source language (en_US) is maintained in the repository. See the [Code](#code) section above.
+The source language (en_US) is maintained in the repository.
 
 All other translations are managed online at [Transifex](https://www.transifex.com/dolibarr-association/dolibarr/).
 

ChangeLog

@@ -22,10 +22,49 @@ The following changes may create regressions for some external modules, but were
 * The deprecated variable $trigger_name (duplicate of variable $triggersendname) has been removed. You must use $triggersendname everywhere now.
 * The behavior of constant STOCK_ALLOW_NEGATIVE_TRANSFER has been reversed. It has been renamed to STOCK_DISALLOW_NEGATIVE_TRANSFER.
 * Method Categoie->getObjectsInCateg() is deprecated. Try by using instead getListForItem() or containing().
-* Global variable $bctag and $conffiletoshowshort has been removed.
+* Global variables $bctag, $conffiletoshowshort, $type2label has been removed.
+* Deprecatedproperty ->fk_departement that was replaced by ->state_id has been completely removed.
 * If you setup the API to update multicurrency rate from internet, you may need to re-enter your API key (so API key will be crypted in database).
 
 
+***** ChangeLog for 21.0.1 compared to 21.0.0 *****
+
+FIX: #33360
+FIX: #33365 Global search for single shipment (#33401)
+FIX: #33404 - to keep the method findNearest an agnostic method.
+FIX: #33435 Warnings
+FIX: Accountancy simplified - with multiple entities, amount of the entry is multiplied by the number of entities (#33370)
+FIX: Add a new email for notification
+FIX: Bad link to download tax vat document
+FIX: Blank page on agenda event per user
+FIX: blank page on smartphone for bank SEPA direct transfer page
+FIX: close all services on contract will close all lines (#33466)
+FIX: Count on supplier invoice list does not match count in DB (#33351)
+FIX: CR on script output
+FIX: CSS center end CSS in total
+FIX: Duplicate load of extrafield ->fetch_optionals()
+FIX: fatal error in notification sending email when error array is empty
+FIX: Link to country setup on company setup page
+FIX: Loading of deliveries in shipping card was loading everything
+FIX: Missing ref_ext in group by in list of product
+FIX: Must make different redirect in paymentok/ko according to frame or not.
+FIX: PAIEMENT Wrong field displayed for DateChequeReceived (#33390)
+FIX: picto for unknown mime type
+FIX: Replace compromised tj-actions/changed-files (#33481)
+FIX: Report by custom group was empty
+FIX: Responsive
+FIX: shipment dispatch origin line (#33415)
+FIX: Show the default duration of a membership type.
+FIX: Sort and search Ref Project column was missing (#33539)
+FIX: syntax error on list of intervention for external users
+FIX: text in tooltip on buttons when pb is not a permission problem
+FIX: Translation of column in list of invoice
+FIX: warnings (#33423)
+FIX: Warning when getNomUrl is called before top_httphead
+FIX: we must retrieve linked order_supplier and no other object (#33602)
+SEC FIX: Reflected XSS reported by 柏天浩
+
+
 ***** ChangeLog for 21.0.0 compared to 20.0 *****
 
 For users:

README.md

@@ -116,6 +116,7 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog)
 - Product Variants
 - Bill of Materials (BOM)
 - Manufacturing Orders (MO)
+- Workstations / Workplaces
 
  Customer/Sales Management
 
@@ -175,12 +176,13 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog)
 - Data export/import
 - Barcodes
 - LDAP connectivity
-- ClickToDial integration
+- Click-To-Dial integration
 - Mass emailing
 - RSS integration
 - Social platforms linking
 - Payment platforms integration (PayPal, Stripe, Paybox...)
 - Email-Collector
+- AI support via API
 
 (around 100 modules available by default, 1000+ addons at the official marketplace Dolistore.com)
 

dev/build/makepack-dolibarr.pl

@@ -19,7 +19,7 @@
 # Change this to defined target for option 98 and 99
 $PROJECT="dolibarr";
 
-$PUBLISHBETARC="$ENV{'DESTIASSLOGIN'}\@vmprod1.dolibarr.org:/home/dolibarr/asso.dolibarr.org/dolibarr_documents/website/www.dolibarr.org/files";
+$PUBLISHBETARC="$ENV{'DESTIASSOLOGIN'}\@vmprod1.dolibarr.org:/home/dolibarr/asso.dolibarr.org/dolibarr_documents/website/www.dolibarr.org/files";
 $PUBLISHSTABLE="$ENV{'DESTISFLOGIN'}\@frs.sourceforge.net:/home/frs/project/dolibarr";
 
 #@LISTETARGET=("TGZ","ZIP","RPM_GENERIC","RPM_FEDORA","RPM_MANDRIVA","RPM_OPENSUSE","DEB","EXEDOLIWAMP","SNAPSHOT");   # Possible packages
@@ -435,6 +435,10 @@
 	  	print $ret."\n";
 	  	# Copy to final dir
 	  	$NEWDESTI=$DESTI;
+		if ( !-d "$NEWDESTI/signatures" ) {
+			use File::Path qw( make_path );
+		    make_path "$NEWDESTI/signatures" or die "Failed to create path: $NEWDESTI/signatures";
+		}
 		print "Copy \"$SOURCE/htdocs/install/filelist-$MAJOR.$MINOR.$BUILD.xml\" to $NEWDESTI/signatures/filelist-$MAJOR.$MINOR.$BUILD.xml\n";
 	    use File::Copy qw(copy);
 	    copy "$SOURCE/htdocs/install/filelist-$MAJOR.$MINOR.$BUILD.xml", "$NEWDESTI/signatures/filelist-$MAJOR.$MINOR.$BUILD.xml";
@@ -991,6 +995,11 @@
 
 			# Removed files we don't need (already removed)
 			#$ret=`rm -fr $BUILDROOT/$PROJECT.tmp/htdocs/includes/ckeditor/ckeditor/_source`;
+			$ret=`rm -fr $BUILDROOT/$PROJECT.tmp/.codeclimate.yml`;
+			$ret=`rm -fr $BUILDROOT/$PROJECT.tmp/.pre-commit-config.yaml`;
+			$ret=`rm -fr $BUILDROOT/$PROJECT.tmp/.vscode`;
+			$ret=`find $BUILDROOT/$PROJECT.tmp/ -type f -name '.editorconfig' -exec rm {} \\;`;
+			$ret=`find $BUILDROOT/$PROJECT.tmp/ -type f -name '.travis.yml' -exec rm {} \\;`;
 
 			# Rename upstream changelog to match debian rules
 			$ret=`mv $BUILDROOT/$PROJECT.tmp/ChangeLog $BUILDROOT/$PROJECT.tmp/changelog`;
@@ -1195,7 +1204,8 @@
 			"$DESTI/package_debian-ubuntu/${FILENAMEDEB}_all.deb"=>'package_debian-ubuntu',
 			"$DESTI/package_debian-ubuntu/${FILENAMEDEB}_amd64.changes"=>'package_debian-ubuntu',
 			"$DESTI/package_debian-ubuntu/${FILENAMEDEB}.dsc"=>'package_debian-ubuntu',
-			"$DESTI/package_debian-ubuntu/${FILENAMEDEB}.debian.tar.xz"=>'package_debian-ubuntu',
+			#"$DESTI/package_debian-ubuntu/${FILENAMEDEB}.debian.tar.xz"=>'package_debian-ubuntu',
+			"$DESTI/package_debian-ubuntu/${FILENAMEDEB}.debian.tar.gz"=>'package_debian-ubuntu',
 			"$DESTI/package_debian-ubuntu/${FILENAMEDEBSHORT}.orig.tar.gz"=>'package_debian-ubuntu',
 			"$DESTI/package_windows/$FILENAMEEXEDOLIWAMP.exe"=>'package_windows',
 			"$DESTI/standard/$FILENAMETGZ.tgz"=>'standard',

dev/build/tgz/tar_exclude.txt

@@ -3,6 +3,13 @@
 .git
 .gitignore
 .scrutinizer.yml
+.travis.yml
+.vscode
+.idea
+.editorconfig
+.codeclimate.yml
+.pre-commit-config.yaml
+.mailmap
 Thumbs.db
 dev/build/exe
 dev/build/html

dev/build/zip/zip_exclude.txt

@@ -22,3 +22,9 @@ dolibarr*.deb
 dolibarr*.zip
 cvschangelogbuilder_dolibarr*
 dolibarr_install.log
+.travis.yml
+.vscode
+.idea
+.editorconfig
+.codeclimate.yml
+.pre-commit-config.yaml

dev/dolibarr_changes.txt

@@ -146,22 +146,35 @@ with
 			}
 
 * Replace in tcpdf.php:
-		if (($imgsrc[0] === '/') AND !empty($_SERVER['DOCUMENT_ROOT']) AND ($_SERVER['DOCUMENT_ROOT'] != '/')) {
+		if ($imgsrc[0] === '@') {
+				// data stream
+				$imgsrc = '@'.base64_decode(substr($imgsrc, 1));
+				$type = '';
+		} else {
+			if (($imgsrc[0] === '/') AND !empty($_SERVER['DOCUMENT_ROOT']) AND ($_SERVER['DOCUMENT_ROOT'] != '/')) {
 with
-		// @CHANGE LDR Add support for src="file://..." links
-		if (strpos($imgsrc, 'file://') === 0) {
-			$imgsrc = str_replace('file://', '/', $imgsrc);
-			$imgsrc = urldecode($imgsrc);
-			$testscrtype = @parse_url($imgsrc);
-			if (empty($testscrtype['query'])) {
-				// convert URL to server path
-				$imgsrc = str_replace(K_PATH_URL, K_PATH_MAIN, $imgsrc);
-			} elseif (preg_match('|^https?://|', $imgsrc) !== 1) {
-				// convert URL to server path
-				$imgsrc = str_replace(K_PATH_MAIN, K_PATH_URL, $imgsrc);
-			}
-		}
-		elseif (($imgsrc[0] === '/') AND !empty($_SERVER['DOCUMENT_ROOT']) AND ($_SERVER['DOCUMENT_ROOT'] != '/')) {
+		$reg = array(); // @CHANGE Avoid warning
+		if ($imgsrc[0] === '@') {
+				// data stream
+				$imgsrc = '@'.base64_decode(substr($imgsrc, 1));
+				$type = '';
+		} elseif (preg_match('@^data:image/([^;]*);base64,(.*)@', $imgsrc, $reg)) {
+				$imgsrc = '@'.base64_decode($reg[2]);
+				$type = $reg[1];
+		} else {
+			// @CHANGE LDR Add support for src="file://..." links
+			if (strpos($imgsrc, 'file://') === 0) {
+				$imgsrc = str_replace('file://', '/', $imgsrc);
+				$imgsrc = urldecode($imgsrc);
+				$testscrtype = @parse_url($imgsrc);
+				if (empty($testscrtype['query'])) {
+					// convert URL to server path
+					$imgsrc = str_replace(K_PATH_URL, K_PATH_MAIN, $imgsrc);
+				} elseif (preg_match('|^https?://|', $imgsrc) !== 1) {
+					// convert URL to server path
+					$imgsrc = str_replace(K_PATH_MAIN, K_PATH_URL, $imgsrc);
+				}
+			} elseif (($imgsrc[0] === '/') AND !empty($_SERVER['DOCUMENT_ROOT']) AND ($_SERVER['DOCUMENT_ROOT'] != '/')) {
 
 
 * In tecnickcom/tcpdf/include/tcpdf_static.php, in function fopenLocal, replace:

dev/setup/fail2ban/filter.d/web-accesslog-limit403.conf

@@ -1,16 +1,15 @@
 # Fail2Ban configuration file
 #
-# Regexp to detect forbidden access on pages (public or not) so we can add mitigation on IP making too much 
+# Regexp to detect forbidden access on pages (public or not) so we can add mitigation on IP making too much
 # access to your a Dolibarr instance.
 
-
 [Definition]
 
 # To test, you can inject this example into log
 # echo `myvirtualhost.com:443 1.2.3.4 - - [15/Dec/2022:09:57:47 +0000] "GET /public/abc" 403 123 "-" "Mozilla" >> /var/log/apache2/access.log
 #
-# then 
-# fail2ban-client status web-accesslog-limit403 
+# then
+# fail2ban-client status web-accesslog-limit403
 #
 # To test rule file on a existing log file
 # fail2ban-regex /var/log/apache2/access.log /etc/fail2ban/filter.d/web-accesslog-limit403.conf --print-all-matched

dev/setup/fail2ban/filter.d/web-accesslog-limit404.conf

@@ -0,0 +1,20 @@
+# Fail2Ban configuration file
+#
+# Regexp to detect not found access on pages (public or not) so we can add mitigation on IP making too much
+# access to a Dolibarr instance.
+
+[Definition]
+
+# To test, you can inject this example into log
+# echo 'myvirtualhost.com:443 1.2.3.4 - - [15/Dec/2022:09:57:47 +0000] "GET /attemptedpage HTTP/1.1" 404 123 "-" "Mozilla"' >> /var/log/apache2/other_vhosts_access.log
+# echo '1.2.3.4 - - [18/Jul/2024:00:17:15 +0000] "GET /attemptedpage HTTP/1.1" 404 4142 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0"' >> /var/log/apache2/access_ssl.log
+# WARNING: Set the date in log that is current date
+#
+# then
+# fail2ban-client status web-accesslog-limit404
+#
+# To test rule file on a existing log file
+# fail2ban-regex /var/log/apache2/other_vhosts_access.log /etc/fail2ban/filter.d/web-accesslog-limit404.conf
+
+failregex = <HOST> - - .*HTTP/[0-9]+(.[0-9]+)?" 404
+ignoreregex =

dev/setup/fail2ban/filter.d/web-dolibarr-limitpublic.conf

@@ -1,16 +1,15 @@
 # Fail2Ban configuration file
 #
-# Regexp to detect access on public pages so we can add mitigation on IP making too much 
+# Regexp to detect access on public pages so we can add mitigation on IP making too much
 # access to your a Dolibarr instance.
 
-
 [Definition]
 
 # To test, you can inject this example into log
 # echo `date +'%Y-%m-%d %H:%M:%S'`" INFO    1.2.3.4    --- Access to GET /public/clicktodial/cidlookup.php" >> /mypath/documents/dolibarr.log
 #
-# then 
-# fail2ban-client status web-dolibarr-limitpublic 
+# then
+# fail2ban-client status web-dolibarr-limitpublic
 #
 # To test rule file on a existing log file
 # fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-limitpublic.conf --print-all-matched

dev/setup/fail2ban/filter.d/web-dolibarr-rulespassforgotten.conf → dev/setup/fail2ban/filter.d/web-dolibarr-passf.conf

@@ -1,19 +1,18 @@
 # Fail2Ban configuration file
 #
-# Regexp to detect access on passwordforgotten.php page so we can add mitigation on IP making too much 
+# Regexp to detect access on passwordforgotten.php page so we can add mitigation on IP making too much
 # access to this Dolibarr page.
 
-
 [Definition]
 
 # To test, you can inject this example into log
 # echo `date +'%Y-%m-%d %H:%M:%S'`" INFO    1.2.3.4    --- Access to GET /passwordforgotten.php - action=buildnewpassword, massaction=" >> /mypath/documents/dolibarr.log
 #
-# then 
-# fail2ban-client status web-dolibarr-rulespassforgotten 
+# then
+# fail2ban-client status web-dolibarr-rulespassforgotten
 #
 # To test rule file on a existing log file
-# fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-rulespassforgotten.conf --print-all-matched
+# fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-passf.conf --print-all-matched
 
 failregex = ^ [A-Z\s]+ <HOST>\s+--- Access to .*/passwordforgotten.php - action=buildnewpassword
 ignoreregex =

dev/setup/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf

@@ -1,16 +1,15 @@
 # Fail2Ban configuration file
 #
-# Regexp to detect try to check a couple login/password so we can add mitigation 
-# on IP making too much tries. 
-
+# Regexp to detect try to check a couple login/password so we can add mitigation
+# on IP making too much tries.
 
 [Definition]
 
 # To test, you can inject this example into log
 # echo `date +'%Y-%m-%d %H:%M:%S'`" INFO    1.2.3.4         functions_dolibarr::check_user_password_abcd Authentication KO" >> /mypath/documents/dolibarr.log
 #
-# then 
-# fail2ban-client status web-dolibarr-rulesbruteforce 
+# then
+# fail2ban-client status web-dol-bruteforce
 #
 # To test rule file on a existing log file
 # fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf --print-all-matched

dev/setup/fail2ban/jail.d/web-accesslog-limit403.conf

@@ -0,0 +1,12 @@
+[web-accesslog-limit403]
+
+; rule against call of 403 forbidden access (for all servers)
+; note: you must change the path of log file to the one of the web server for the virtual host of the Dolibarr
+enabled = true
+port    = http,https
+filter  = web-accesslog-limit403
+logpath = /var/log/apache2/*access*_log
+action  = %(action_mw)s
+bantime  = 600    ;
+findtime = 30     ;
+maxretry = 100    ; 100 error 403 in 30 second, we can ban

dev/setup/fail2ban/jail.d/web-accesslog-limit404.conf

@@ -0,0 +1,11 @@
+[web-accesslog-limit404]
+
+; rule against call of 404 forbidden access (for all servers)
+enabled = true
+port    = http,https
+filter  = web-accesslog-limit404
+logpath = /var/log/apache2/*access*_log
+action  = %(action_mw)s
+bantime  = 600    ;
+findtime = 30     ;
+maxretry = 100    ; 100 error 404 in 30 second, we can ban

dev/setup/fail2ban/jail.d/web-dolibarr-limitpublic.conf

@@ -0,0 +1,12 @@
+[web-dol-limitpublic]
+
+; rule to add rate limit on some public pages
+; note: you must keep enough for public access like agenda export, emailing trackers, stripe ipn access, ...
+enabled = true
+port    = http,https
+filter  = web-dolibarr-limitpublic
+logpath = /mypath/documents/documents/dolibarr.log
+action  = %(action_mw)s
+bantime  = 86400     ; 1 day
+findtime = 86400     ; 1 day
+maxretry = 500       ; 500 access to a public page in the same day, we ban

dev/setup/fail2ban/jail.d/web-dolibarr-passf.conf

@@ -0,0 +1,11 @@
+[web-dol-passf]
+
+; rule against call of password forgotten page
+enabled = true
+port    = http,https
+filter  = web-dolibarr-passf
+logpath = /mypath/documents/documents/dolibarr.log
+action  = %(action_mw)s
+bantime  = 4320000   ; 50 days
+findtime = 86400     ; 1 day
+maxretry = 10

dev/setup/fail2ban/jail.d/web-dolibarr-rulesbruteforce.conf

@@ -0,0 +1,11 @@
+[web-dol-bruteforce]
+
+; rule against bruteforce hacking (login + api)
+enabled = true
+port    = http,https
+filter  = web-dolibarr-rulesbruteforce
+logpath = /mypath/documents/documents/dolibarr.log
+action  = %(action_mw)s
+bantime  = 86400     ; 1 day
+findtime = 3600      ; 1 hour
+maxretry = 20        ; 10 login error in 1 hour, we ban