NEW The upgrade process can be done by creating a file upgrade.unlock

htdocs/core/modules/modImport.class.php

@@ -32,7 +32,6 @@ include_once DOL_DOCUMENT_ROOT.'/core/modules/DolibarrModules.class.php';
  */
 class modImport extends DolibarrModules
 {
-
 	/**
 	 *   Constructor. Define names, constants, directories, boxes, permissions
 	 *

htdocs/core/modules/modUser.class.php

@@ -32,7 +32,6 @@ include_once DOL_DOCUMENT_ROOT.'/core/modules/DolibarrModules.class.php';
  */
 class modUser extends DolibarrModules
 {
-
 	/**
 	 *   Constructor. Define names, constants, directories, boxes, permissions
 	 *

htdocs/install/check.php

@@ -27,6 +27,7 @@
  *	\brief      Test if file conf can be modified and if does not exists, test if install process can create it
  */
 
+define('ALLOWED_IF_UPGRADE_UNLOCK_FOUND', 1);
 include_once 'inc.php';
 
 global $langs;

htdocs/install/inc.php

@@ -180,33 +180,27 @@ if (!empty($dolibarr_main_document_root_alt)) {
 }
 
 
-// Security check (old method, when directory is renamed /install.lock)
-if (preg_match('/install\.lock/i', $_SERVER["SCRIPT_FILENAME"])) {
-	if (!is_object($langs)) {
-		$langs = new Translate('..', $conf);
-		$langs->setDefaultLang('auto');
-	}
-	$langs->load("install");
-
-	header("X-Content-Type-Options: nosniff");
-	header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)
-
-	print $langs->trans("YouTryInstallDisabledByDirLock");
-	if (!empty($dolibarr_main_url_root)) {
-		print 'Click on following link, <a href="'.$dolibarr_main_url_root.'/admin/index.php?mainmenu=home&leftmenu=setup'.(GETPOSTISSET("login") ? '&username='.urlencode(GETPOST("login")) : '').'">';
-		print $langs->trans("ClickHereToGoToApp");
-		print '</a>';
-	}
-	exit;
-}
+// Check install.lock (for both install and upgrade)
 
-$lockfile = DOL_DATA_ROOT.'/install.lock';
+$lockfile = DOL_DATA_ROOT.'/install.lock';	// To lock all /install pages
+$lockfile2 = DOL_DOCUMENT_ROOT.'/install.lock';	// To lock all /install pages (recommended)
+$upgradeunlockfile = DOL_DATA_ROOT.'/upgrade.unlock';	// To unlock upgrade process
+$upgradeunlockfile2 = DOL_DOCUMENT_ROOT.'/upgrade.unlock';	// To unlock upgrade process
 if (constant('DOL_DATA_ROOT') === null) {
 	// We don't have a configuration file yet
 	// Try to detect any lockfile in the default documents path
 	$lockfile = '../../documents/install.lock';
+	$upgradeunlockfile = '../../documents/upgrade.unlock';
+}
+$islocked=false;
+if (@file_exists($lockfile) || @file_exists($lockfile2)) {
+	if (!defined('ALLOWED_IF_UPGRADE_UNLOCK_FOUND') || (! @file_exists($upgradeunlockfile) && ! @file_exists($upgradeunlockfile2))) {
+		// If this is a dangerous install page (ALLOWED_IF_UPGRADE_UNLOCK_FOUND not defined) or
+		// if there is no upgrade unlock files, we lock the pages.
+		$islocked = true;
+	}
 }
-if (@file_exists($lockfile)) {
+if ($islocked) {	// Pages are locked
 	if (!isset($langs) || !is_object($langs)) {
 		$langs = new Translate('..', $conf);
 		$langs->setDefaultLang('auto');
@@ -216,14 +210,22 @@ if (@file_exists($lockfile)) {
 	header("X-Content-Type-Options: nosniff");
 	header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)
 
-	print $langs->trans("YouTryInstallDisabledByFileLock");
+	if (GETPOST('action') != 'upgrade') {
+		print $langs->trans("YouTryInstallDisabledByFileLock").'<br>';
+	} else {
+		print $langs->trans("YouTryUpgradeDisabledByMissingFileUnLock").'<br>';
+	}
 	if (!empty($dolibarr_main_url_root)) {
-		print $langs->trans("ClickOnLinkOrRemoveManualy").'<br>';
+		if (GETPOST('action') != 'upgrade') {
+			print $langs->trans("ClickOnLinkOrRemoveManualy").'<br>';
+		} else {
+			print $langs->trans("ClickOnLinkOrCreateUnlockFileManualy").'<br>';
+		}
 		print '<a href="'.$dolibarr_main_url_root.'/admin/index.php?mainmenu=home&leftmenu=setup'.(GETPOSTISSET("login") ? '&username='.urlencode(GETPOST("login")) : '').'">';
 		print $langs->trans("ClickHereToGoToApp");
 		print '</a>';
 	} else {
-		print 'If you always reach this page, you must remove install.lock file manually.<br>';
+		print 'If you always reach this page, you must remove the install.lock file manually.<br>';
 	}
 	exit;
 }

htdocs/install/index.php

@@ -23,6 +23,8 @@
  *       \brief      Show page to select language. This is done only for a first installation.
  *					 For a reinstall this page redirect to page check.php
  */
+
+define('ALLOWED_IF_UPGRADE_UNLOCK_FOUND', 1);
 include_once 'inc.php';
 include_once '../core/class/html.form.class.php';
 include_once '../core/class/html.formadmin.class.php';

htdocs/install/mysql/migration/17.0.0-18.0.0.sql

@@ -37,6 +37,7 @@
 -- VMYSQL4.3 ALTER TABLE llx_hrm_skillrank CHANGE COLUMN `rank` rankorder integer;
 -- VPGSQL8.2 ALTER TABLE llx_hrm_skillrank CHANGE COLUMN rank rankorder integer;
 
+ALTER TABLE llx_accounting_system CHANGE COLUMN fk_pays fk_country integer; 
 
 
 -- v18

htdocs/install/step5.php

@@ -24,8 +24,18 @@
  *       \file      htdocs/install/step5.php
  *       \ingroup   install
  *       \brief     Last page of upgrade / install process
+ *
+ *       This page is called with parameter action=set by step4.php or action=upgrade by upgrade2.php
+ *       For installation:
+ *         It creates the login admin and set the MAIN_SECURITY_SALT to a random value.
+ *         It set the value for MAIN_VERSION_LAST_INSTALL
+ *         It creates the install.lock and shows the final message.
+ *       For upgrade:
+ *         It updates the value for MAIN_VERSION_LAST_UPGRADE.
+ *         It (re)creates the install.lock and shows the final message.
  */
 
+define('ALLOWED_IF_UPGRADE_UNLOCK_FOUND', 1);
 include_once 'inc.php';
 if (file_exists($conffile)) {
 	include_once $conffile;
@@ -384,7 +394,7 @@ if ($action == "set") {
 					if (empty($force_install_lockinstall) || $force_install_lockinstall == 1) {
 						$force_install_lockinstall = 444; // For backward compatibility
 					}
-					fwrite($fp, "This is a lock file to prevent use of install pages (set with permission ".$force_install_lockinstall.")");
+					fwrite($fp, "This is a lock file to prevent use of install or upgrade pages (set with permission ".$force_install_lockinstall.")");
 					fclose($fp);
 					@chmod($lockfile, octdec($force_install_lockinstall));
 					$createlock = 1;
@@ -416,8 +426,9 @@ if ($action == "set") {
 } elseif (empty($action) || preg_match('/upgrade/i', $action)) {
 	// If upgrade
 	if (empty($conf->global->MAIN_VERSION_LAST_UPGRADE) || ($conf->global->MAIN_VERSION_LAST_UPGRADE == DOL_VERSION)) {
-		// Upgrade is finished (database is on same version than files)
-		print '<img class="valignmiddle inline-block paddingright" src="../theme/common/octicons/build/svg/checklist.svg" width="20" alt="Configuration"> <span class="valignmiddle">'.$langs->trans("SystemIsUpgraded")."</span><br>";
+		// Upgrade is finished (database is on the same version than files)
+		print '<img class="valignmiddle inline-block paddingright" src="../theme/common/octicons/build/svg/checklist.svg" width="20" alt="Configuration">';
+		print ' <span class="valignmiddle">'.$langs->trans("SystemIsUpgraded")."</span><br>";
 
 		// Create install.lock file if it does not exists.
 		// Note: it should always exists. A better solution to allow upgrade will be to add an upgrade.unlock file
@@ -430,7 +441,7 @@ if ($action == "set") {
 				if (empty($force_install_lockinstall) || $force_install_lockinstall == 1) {
 					$force_install_lockinstall = 444; // For backward compatibility
 				}
-				fwrite($fp, "This is a lock file to prevent use of install pages (set with permission ".$force_install_lockinstall.")");
+				fwrite($fp, "This is a lock file to prevent use of install or upgrade pages (set with permission ".$force_install_lockinstall.")");
 				fclose($fp);
 				@chmod($lockfile, octdec($force_install_lockinstall));
 				$createlock = 1;

htdocs/install/upgrade.php

@@ -36,6 +36,7 @@
  *      \brief      Run migration script
  */
 
+define('ALLOWED_IF_UPGRADE_UNLOCK_FOUND', 1);
 include_once 'inc.php';
 if (!file_exists($conffile)) {
 	print 'Error: Dolibarr config file was not found. This may means that Dolibarr is not installed yet. Please call the page "/install/index.php" instead of "/install/upgrade.php").';

htdocs/install/upgrade2.php

@@ -38,6 +38,7 @@
  *	\brief      Upgrade some data
  */
 
+define('ALLOWED_IF_UPGRADE_UNLOCK_FOUND', 1);
 include_once 'inc.php';
 if (!file_exists($conffile)) {
 	print 'Error: Dolibarr config file was not found. This may means that Dolibarr is not installed yet. Please call the page "/install/index.php" instead of "/install/upgrade.php").';

htdocs/langs/en_US/install.lang

@@ -88,7 +88,7 @@ LoginAlreadyExists=Already exists
 DolibarrAdminLogin=Dolibarr admin login
 AdminLoginAlreadyExists=Dolibarr administrator account '<b>%s</b>' already exists. Go back if you want to create another one.
 FailedToCreateAdminLogin=Failed to create Dolibarr administrator account.
-WarningRemoveInstallDir=Warning, for security reasons, once the install or upgrade is complete, you should add a file called <b>install.lock</b> into the Dolibarr document directory in order to prevent the accidental/malicious use of the install tools again.
+WarningRemoveInstallDir=Warning, for security reasons, once the installation process is complete, you must add a file called <b>install.lock</b> into the Dolibarr document directory in order to prevent the accidental/malicious use of the install tools again.
 FunctionNotAvailableInThisPHP=Not available in this PHP
 ChoosedMigrateScript=Choose migration script
 DataMigration=Database migration (data)
@@ -208,8 +208,10 @@ HideNotAvailableOptions=Hide unavailable options
 ErrorFoundDuringMigration=Error(s) were reported during the migration process so next step is not available. To ignore errors, you can <a href="%s">click here</a>, but the application or some features may not work correctly until the errors are resolved.
 YouTryInstallDisabledByDirLock=The application tried to self-upgrade, but the install/upgrade pages have been disabled for security (directory renamed with .lock suffix).<br>
 YouTryInstallDisabledByFileLock=The application tried to self-upgrade, but the install/upgrade pages have been disabled for security (by the existence of a lock file <strong>install.lock</strong> in the dolibarr documents directory).<br>
+YouTryUpgradeDisabledByMissingFileUnLock=The application tried to self-upgrade, but the upgrade process is currently not allowed.<br>
 ClickHereToGoToApp=Click here to go to your application
 ClickOnLinkOrRemoveManualy=If an upgrade is in progress, please wait. If not, click on the following link. If you always see this same page, you must remove/rename the file install.lock in the documents directory.
+ClickOnLinkOrCreateUnlockFileManualy=If an upgrade is in progress, please wait... If not, you must create a file upgrade.unlock into the Dolibarr documents directory.
 Loaded=Loaded
 FunctionTest=Function test
 NodoUpgradeAfterDB=No action requested by external modules after upgrade of database

htdocs/theme/eldy/global.inc.php

@@ -4867,6 +4867,7 @@ div.divphotoref > div > .photowithmargin, div.divphotoref > img.photowithmargin,
 {
 	content:url(<?php echo dol_buildpath($path.'/theme/'.$theme.'/img/logo_setup.svg', 1) ?>);	/* content is used to best fit the container */
 	display: inline-block;
+	opacity: 0.2;
 }
 .nographyet
 {

htdocs/theme/md/style.css.php

@@ -4892,6 +4892,7 @@ div.divphotoref > img.photowithmargin, div.divphotoref > a > .photowithmargin {
 {
 	content:url(<?php echo dol_buildpath($path.'/theme/'.$theme.'/img/logo_setup.svg', 1) ?>);	/* content is used to best fit the container */
 	display: inline-block;
+	opacity: 0.2;
 }
 .nographyet
 {