NEW Add param $dolibarr_main_restrict_ip in config file to limit ips

htdocs/conf/conf.php.example

@@ -238,6 +238,15 @@ $dolibarr_main_prod='0';
 //
 $dolibarr_main_restrict_os_commands='mysqldump, mysql, pg_dump, pgrestore';
 
+// $dolibarr_main_restrict_ip
+// To restrict access to backoffice to some ip addresses only.
+// Note: Pages that does not need login (like public pages, web site) are not protected with this.
+// Default value: ''
+// Examples:
+// $dolibarr_main_restrict_ip='127.0.0.1, 192.168.0.1';
+//
+$dolibarr_main_restrict_ip='';
+
 // dolibarr_nocsrfcheck
 // This parameter can be used to disable CSRF protection.
 // This might be required if you access Dolibarr behind a proxy that make
@@ -284,16 +293,6 @@ $dolibarr_nocsrfcheck='0';
 // Examples:
 // $dolibarr_strict_mode=0;
 
-// dolibarr_pdf_force_fpdf
-// Set this to 1 to use the libray FPDF instead of TCPDF. FPDF is not embedded with Dolibarr, 
-// so you also have to uncomment line $dolibarr_lib_FPDF_PATH to provide path to FPDF library.
-// Warning: FPDF does not support all features supported by TCPDF used by default. So using
-// this library instead of TCPF will break some features like transparent logo, cyrillic, arab,
-// and asiatic languages, total number of pages, ...
-// Default value: 0
-// Examples:
-// $dolibarr_pdf_force_fpdf=1;
-
 
 
 //#################################

htdocs/core/class/commonobject.class.php

@@ -548,9 +548,10 @@ abstract class CommonObject
 	 *
 	 * @param	string	$modulepart			Module related to document
 	 * @param	int		$initsharekey		Init the share key if it was not yet defined
+	 * @param	int		$relativelink		0=Return full external link, 1=Return link relative to root of file
 	 * @return	string						Link or empty string if there is no download link
 	 */
-	function getLastMainDocLink($modulepart, $initsharekey=0)
+	function getLastMainDocLink($modulepart, $initsharekey=0, $relativelink=0)
 	{
 		global $user, $dolibarr_main_url_root;
 
@@ -621,10 +622,17 @@ abstract class CommonObject
 		if (! empty($ecmfile->share)) $paramlink.=($paramlink?'&':'').'hashp='.$ecmfile->share;			// Hash for public share
 		if ($forcedownload) $paramlink.=($paramlink?'&':'').'attachment=1';
 
-		$fulllink=$urlwithroot.'/document.php'.($paramlink?'?'.$paramlink:'');
+		if ($relativelink)
+		{
+			$linktoreturn='document.php'.($paramlink?'?'.$paramlink:'');
+		}
+		else
+		{
+			$linktoreturn=$urlwithroot.'/document.php'.($paramlink?'?'.$paramlink:'');
+		}
 
 		// Here $ecmfile->share is defined
-		return $fulllink;
+		return $linktoreturn;
 	}
 
 

htdocs/main.inc.php

@@ -293,6 +293,25 @@ if (! empty($conf->file->main_force_https) && (empty($_SERVER["HTTPS"]) || $_SER
 	}
 }
 
+if (! defined('NOLOGIN') && ! defined('NOIPCHECK') && ! empty($dolibarr_main_restrict_ip))
+{
+	$listofip=explode(',', $dolibarr_main_restrict_ip);
+	$found = false;
+	foreach($listofip as $ip)
+	{
+		$ip=trim($ip);
+		if ($ip == $_SERVER['REMOTE_ADDR'])
+		{
+			$found = true;
+			break;
+		}
+	}
+	if (! $found)
+	{
+		print 'Access refused by IP protection';
+		exit;
+	}
+}
 
 // Loading of additional presentation includes
 if (! defined('NOREQUIREHTML')) require_once DOL_DOCUMENT_ROOT .'/core/class/html.form.class.php';	    // Need 660ko memory (800ko in 2.2)

htdocs/modulebuilder/template/myobject_card.php

@@ -30,6 +30,7 @@
 //if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION','1');		// Do not check anti CSRF attack test
 //if (! defined('NOCSRFCHECK'))            define('NOCSRFCHECK','1');			// Do not check anti CSRF attack test done when option MAIN_SECURITY_CSRF_WITH_TOKEN is on.
 //if (! defined('NOSTYLECHECK'))           define('NOSTYLECHECK','1');			// Do not check style html tag into posted data
+//if (! defined('NOIPCHECK'))              define('NOIPCHECK','1');				// Do not check IP defined into conf $dolibarr_main_restrict_ip
 //if (! defined('NOTOKENRENEWAL'))         define('NOTOKENRENEWAL','1');		// Do not check anti POST attack test
 //if (! defined('NOREQUIREMENU'))          define('NOREQUIREMENU','1');			// If there is no need to load and show top and left menu
 //if (! defined('NOREQUIREHTML'))          define('NOREQUIREHTML','1');			// If we don't need to load the html.form.class.php

htdocs/modulebuilder/template/myobject_list.php

@@ -30,6 +30,7 @@
 //if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION','1');		// Do not check anti CSRF attack test
 //if (! defined('NOCSRFCHECK'))            define('NOCSRFCHECK','1');			// Do not check anti CSRF attack test done when option MAIN_SECURITY_CSRF_WITH_TOKEN is on.
 //if (! defined('NOSTYLECHECK'))           define('NOSTYLECHECK','1');			// Do not check style html tag into posted data
+//if (! defined('NOIPCHECK'))              define('NOIPCHECK','1');				// Do not check IP defined into conf $dolibarr_main_restrict_ip
 //if (! defined('NOTOKENRENEWAL'))         define('NOTOKENRENEWAL','1');		// Do not check anti POST attack test
 //if (! defined('NOREQUIREMENU'))          define('NOREQUIREMENU','1');			// If there is no need to load and show top and left menu
 //if (! defined('NOREQUIREHTML'))          define('NOREQUIREHTML','1');			// If we don't need to load the html.form.class.php
@@ -253,19 +254,19 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
 	$result = $db->query($sql);
 	$nbtotalofrecords = $db->num_rows($result);
 }
-// if total resultset is smaller then paging size (filtering), goto and load page 0 
-if (($page * $limit) > $nbtotalofrecords) 
+// if total resultset is smaller then paging size (filtering), goto and load page 0
+if (($page * $limit) > $nbtotalofrecords)
 {
 	$page = 0;
-	$offset = 0; 
+	$offset = 0;
 }
 // if total resultset is smaller the limit, no need to do paging.
 if (is_numeric($nbtotalofrecords) && $limit > $nbtotalofrecords)
 {
 	$resql = $result;
 	$num = $nbtotalofrecords;
-} 
-else 
+}
+else
 {
 	$sql.= $db->plimit($limit+1, $offset);