'.$out.'

/', '', $out); $out = preg_replace('/<\/div>$/', '', $out); } catch (Exception $e) { //print $e->getMessage(); return 'InvalidHTMLString'; } } // Ckeditor use the numeric entitic for apostrophe so we force it to text entity (all other special chars are // encoded using text entities) so we can then exclude all numeric entities. $out = preg_replace('/'/i', ''', $out); // We replace chars from a/A to z/Z encoded with numeric HTML entities with the real char so we won't loose the chars at the next step (preg_replace). // No need to use a loop here, this step is not to sanitize (this is done at next step, this is to try to save chars, even if they are // using a non coventionnel way to be encoded, to not have them sanitized just after) //$out = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', 'realCharForNumericEntities', $out); $out = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', function ($m) { return realCharForNumericEntities($m); }, $out); // Now we remove all remaining HTML entities starting with a number. We don't want such entities. $out = preg_replace('/&#x?[0-9]+/i', '', $out); // For example if we have javascript with an entities without the ; to hide the 'a' of 'javascript'. $out = dol_string_onlythesehtmltags($out, 0, 1, 1); // We should also exclude non expected HTML attributes and clean content of some attributes. if (!empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)) { // Warning, the function may add a LF so we are forced to trim to compare with old $out without having always a difference and an infinit loop. $out = dol_string_onlythesehtmlattributes($out); } // Restore entity ' into ' (restricthtml is for html content so we can use html entity) $out = preg_replace('/'/i', "'", $out); } while ($oldstringtoclean != $out); break; case 'custom': if (empty($filter)) { return 'BadFourthParameterForGETPOST'; } $out = filter_var($out, $filter, $options); break; } return $out; } if (!function_exists('dol_getprefix')) { /** * Return a prefix to use for this Dolibarr instance, for session/cookie names or email id. * The prefix is unique for instance and avoid conflict between multi-instances, even when having two instances with same root dir * or two instances in same virtual servers. * This function must not use dol_hash (that is used for password hash) and need to have all context $conf loaded. * * @param string $mode '' (prefix for session name) or 'email' (prefix for email id) * @return string A calculated prefix */ function dol_getprefix($mode = '') { // If prefix is for email (we need to have $conf already loaded for this case) if ($mode == 'email') { global $conf; if (!empty($conf->global->MAIL_PREFIX_FOR_EMAIL_ID)) { // If MAIL_PREFIX_FOR_EMAIL_ID is set if ($conf->global->MAIL_PREFIX_FOR_EMAIL_ID != 'SERVER_NAME') { return $conf->global->MAIL_PREFIX_FOR_EMAIL_ID; } elseif (isset($_SERVER["SERVER_NAME"])) { // If MAIL_PREFIX_FOR_EMAIL_ID is set to 'SERVER_NAME' return $_SERVER["SERVER_NAME"]; } } // The recommended value if MAIL_PREFIX_FOR_EMAIL_ID is not defined (may be not defined for old versions) if (!empty($conf->file->instance_unique_id)) { return sha1('dolibarr'.$conf->file->instance_unique_id); } // For backward compatibility when instance_unique_id is not set return sha1(DOL_DOCUMENT_ROOT.DOL_URL_ROOT); } // If prefix is for session (no need to have $conf loaded) global $dolibarr_main_instance_unique_id, $dolibarr_main_cookie_cryptkey; // This is loaded by filefunc.inc.php $tmp_instance_unique_id = empty($dolibarr_main_instance_unique_id) ? (empty($dolibarr_main_cookie_cryptkey) ? '' : $dolibarr_main_cookie_cryptkey) : $dolibarr_main_instance_unique_id; // Unique id of instance // The recommended value (may be not defined for old versions) if (!empty($tmp_instance_unique_id)) { return sha1('dolibarr'.$tmp_instance_unique_id); } // For backward compatibility when instance_unique_id is not set if (isset($_SERVER["SERVER_NAME"]) && isset($_SERVER["DOCUMENT_ROOT"])) { return sha1($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT); } else { return sha1(DOL_DOCUMENT_ROOT.DOL_URL_ROOT); } } } /** * Make an include_once using default root and alternate root if it fails. * To link to a core file, use include(DOL_DOCUMENT_ROOT.'/pathtofile') * To link to a module file from a module file, use include './mymodulefile'; * To link to a module file from a core file, then this function can be used (call by hook / trigger / speciales pages) * * @param string $relpath Relative path to file (Ie: mydir/myfile, ../myfile, ...) * @param string $classname Class name (deprecated) * @return bool True if load is a success, False if it fails */ function dol_include_once($relpath, $classname = '') { global $conf, $langs, $user, $mysoc; // Do not remove this. They must be defined for files we include. Other globals var must be retrieved with $GLOBALS['var'] $fullpath = dol_buildpath($relpath); if (!file_exists($fullpath)) { dol_syslog('functions::dol_include_once Tried to load unexisting file: '.$relpath, LOG_WARNING); return false; } if (!empty($classname) && !class_exists($classname)) { return include $fullpath; } else { return include_once $fullpath; } } /** * Return path of url or filesystem. Can check into alternate dir or alternate dir + main dir depending on value of $returnemptyifnotfound. * * @param string $path Relative path to file (if mode=0) or relative url (if mode=1). Ie: mydir/myfile, ../myfile * @param int $type 0=Used for a Filesystem path, 1=Used for an URL path (output relative), 2=Used for an URL path (output full path using same host that current url), 3=Used for an URL path (output full path using host defined into $dolibarr_main_url_root of conf file) * @param int $returnemptyifnotfound 0:If $type==0 and if file was not found into alternate dir, return default path into main dir (no test on it) * 1:If $type==0 and if file was not found into alternate dir, return empty string * 2:If $type==0 and if file was not found into alternate dir, test into main dir, return default path if found, empty string if not found * @return string Full filesystem path (if path=0) or '' if file not found, Full url path (if mode=1) */ function dol_buildpath($path, $type = 0, $returnemptyifnotfound = 0) { global $conf; $path = preg_replace('/^\//', '', $path); if (empty($type)) { // For a filesystem path $res = DOL_DOCUMENT_ROOT.'/'.$path; // Standard default path if (is_array($conf->file->dol_document_root)) { foreach ($conf->file->dol_document_root as $key => $dirroot) { // ex: array("main"=>"/home/main/htdocs", "alt0"=>"/home/dirmod/htdocs", ...) if ($key == 'main') { continue; } if (file_exists($dirroot.'/'.$path)) { $res = $dirroot.'/'.$path; return $res; } } } if ($returnemptyifnotfound) { // Not found into alternate dir if ($returnemptyifnotfound == 1 || !file_exists($res)) { return ''; } } } else { // For an url path // We try to get local path of file on filesystem from url // Note that trying to know if a file on disk exist by forging path on disk from url // works only for some web server and some setup. This is bugged when // using proxy, rewriting, virtual path, etc... $res = ''; if ($type == 1) { $res = DOL_URL_ROOT.'/'.$path; // Standard value } if ($type == 2) { $res = DOL_MAIN_URL_ROOT.'/'.$path; // Standard value } if ($type == 3) { $res = DOL_URL_ROOT.'/'.$path; } foreach ($conf->file->dol_document_root as $key => $dirroot) { // ex: array(["main"]=>"/home/main/htdocs", ["alt0"]=>"/home/dirmod/htdocs", ...) if ($key == 'main') { if ($type == 3) { global $dolibarr_main_url_root; // Define $urlwithroot $urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root)); $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file //$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current $res = (preg_match('/^http/i', $conf->file->dol_url_root[$key]) ? '' : $urlwithroot).'/'.$path; // Test on start with http is for old conf syntax } continue; } preg_match('/^([^\?]+(\.css\.php|\.css|\.js\.php|\.js|\.png|\.jpg|\.php)?)/i', $path, $regs); // Take part before '?' if (!empty($regs[1])) { //print $key.'-'.$dirroot.'/'.$path.'-'.$conf->file->dol_url_root[$type].'
'."\n"; if (file_exists($dirroot.'/'.$regs[1])) { if ($type == 1) { $res = (preg_match('/^http/i', $conf->file->dol_url_root[$key]) ? '' : DOL_URL_ROOT).$conf->file->dol_url_root[$key].'/'.$path; } if ($type == 2) { $res = (preg_match('/^http/i', $conf->file->dol_url_root[$key]) ? '' : DOL_MAIN_URL_ROOT).$conf->file->dol_url_root[$key].'/'.$path; } if ($type == 3) { global $dolibarr_main_url_root; // Define $urlwithroot $urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root)); $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file //$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current $res = (preg_match('/^http/i', $conf->file->dol_url_root[$key]) ? '' : $urlwithroot).$conf->file->dol_url_root[$key].'/'.$path; // Test on start with http is for old conf syntax } break; } } } } return $res; } /** * Create a clone of instance of object (new instance with same value for properties) * With native = 0: Property that are reference are also new object (full isolation clone). This means $this->db of new object is not valid. * With native = 1: Use PHP clone. Property that are reference are same pointer. This means $this->db of new object is still valid but point to same this->db than original object. * * @param object $object Object to clone * @param int $native 0=Full isolation method, 1=Native PHP method * @return object Clone object * @see https://php.net/manual/language.oop5.cloning.php */ function dol_clone($object, $native = 0) { if (empty($native)) { $tmpsavdb = null; if (isset($object->db) && isset($object->db->db) && is_object($object->db->db) && get_class($object->db->db) == 'PgSql\Connection') { $tmpsavdb = $object->db; unset($object->db); // Such property can not be serialized when PgSql/Connection } $myclone = unserialize(serialize($object)); // serialize then unserialize is hack to be sure to have a new object for all fields if ($tmpsavdb) { $object->db = $tmpsavdb; } } else { $myclone = clone $object; // PHP clone is a shallow copy only, not a real clone, so properties of references will keep the reference (refering to the same target/variable) } return $myclone; } /** * Optimize a size for some browsers (phone, smarphone, ...) * * @param int $size Size we want * @param string $type Type of optimizing: * '' = function used to define a size for truncation * 'width' = function is used to define a width * @return int New size after optimizing */ function dol_size($size, $type = '') { global $conf; if (empty($conf->dol_optimize_smallscreen)) { return $size; } if ($type == 'width' && $size > 250) { return 250; } else { return 10; } } /** * Clean a string to use it as a file name. * Replace also '--' and ' -' strings, they are used for parameters separation (Note: ' - ' is allowed). * * @param string $str String to clean * @param string $newstr String to replace bad chars with. * @param int $unaccent 1=Remove also accent (default), 0 do not remove them * @return string String cleaned (a-zA-Z_) * * @see dol_string_nospecial(), dol_string_unaccent(), dol_sanitizePathName() */ function dol_sanitizeFileName($str, $newstr = '_', $unaccent = 1) { // List of special chars for filenames in windows are defined on page https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file // Char '>' '<' '|' '$' and ';' are special chars for shells. // Char '/' and '\' are file delimiters. // Chars '--' can be used into filename to inject special paramaters like --use-compress-program to make command with file as parameter making remote execution of command $filesystem_forbidden_chars = array('<', '>', '/', '\\', '?', '*', '|', '"', ':', '°', '$', ';'); $tmp = dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars); $tmp = preg_replace('/\-\-+/', '_', $tmp); $tmp = preg_replace('/\s+\-([^\s])/', ' _$1', $tmp); $tmp = str_replace('..', '', $tmp); return $tmp; } /** * Clean a string to use it as a path name. * Replace also '--' and ' -' strings, they are used for parameters separation (Note: ' - ' is allowed). * * @param string $str String to clean * @param string $newstr String to replace bad chars with * @param int $unaccent 1=Remove also accent (default), 0 do not remove them * @return string String cleaned (a-zA-Z_) * * @see dol_string_nospecial(), dol_string_unaccent(), dol_sanitizeFileName() */ function dol_sanitizePathName($str, $newstr = '_', $unaccent = 1) { // List of special chars for filenames in windows are defined on page https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file // Char '>' '<' '|' '$' and ';' are special chars for shells. // Chars '--' can be used into filename to inject special paramaters like --use-compress-program to make command with file as parameter making remote execution of command $filesystem_forbidden_chars = array('<', '>', '?', '*', '|', '"', '°', '$', ';'); $tmp = dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars); $tmp = preg_replace('/\-\-+/', '_', $tmp); $tmp = preg_replace('/\s+\-([^\s])/', ' _$1', $tmp); $tmp = str_replace('..', '', $tmp); return $tmp; } /** * Clean a string to use it as an URL (into a href or src attribute) * * @param string $stringtoclean String to clean * @param int $type 0=Accept all Url, 1=Clean external Url (keep only relative Url) * @return string Escaped string. */ function dol_sanitizeUrl($stringtoclean, $type = 1) { // We clean string because some hacks try to obfuscate evil strings by inserting non printable chars. Example: 'java(ascci09)scr(ascii00)ipt' is processed like 'javascript' (whatever is place of evil ascii char) // We should use dol_string_nounprintableascii but function may not be yet loaded/available $stringtoclean = preg_replace('/[\x00-\x1F\x7F]/u', '', $stringtoclean); // /u operator makes UTF8 valid characters being ignored so are not included into the replace // We clean html comments because some hacks try to obfuscate evil strings by inserting HTML comments. Example: onerror=alert(1) $stringtoclean = preg_replace('//', '', $stringtoclean); $stringtoclean = str_replace('\\', '/', $stringtoclean); if ($type == 1) { // removing : should disable links to external url like http:aaa) // removing ';' should disable "named" html entities encode into an url (we should not have this into an url) $stringtoclean = str_replace(array(':', ';', '@'), '', $stringtoclean); } do { $oldstringtoclean = $stringtoclean; // removing '&colon' should disable links to external url like http:aaa) // removing '&#' should disable "numeric" html entities encode into an url (we should not have this into an url) $stringtoclean = str_ireplace(array('javascript', 'vbscript', '&colon', '&#'), '', $stringtoclean); } while ($oldstringtoclean != $stringtoclean); if ($type == 1) { // removing '//' should disable links to external url like //aaa or http//) $stringtoclean = preg_replace(array('/^[a-z]*\/\/+/i'), '', $stringtoclean); } return $stringtoclean; } /** * Clean a string from all accent characters to be used as ref, login or by dol_sanitizeFileName * * @param string $str String to clean * @return string Cleaned string * * @see dol_sanitizeFilename(), dol_string_nospecial() */ function dol_string_unaccent($str) { global $conf; if (utf8_check($str)) { if (extension_loaded('intl') && !empty($conf->global->MAIN_UNACCENT_USE_TRANSLITERATOR)) { $transliterator = \Transliterator::createFromRules(':: Any-Latin; :: Latin-ASCII; :: NFD; :: [:Nonspacing Mark:] Remove; :: NFC;', \Transliterator::FORWARD); return $transliterator->transliterate($str); } // See http://www.utf8-chartable.de/ $string = rawurlencode($str); $replacements = array( '%C3%80' => 'A', '%C3%81' => 'A', '%C3%82' => 'A', '%C3%83' => 'A', '%C3%84' => 'A', '%C3%85' => 'A', '%C3%87' => 'C', '%C3%88' => 'E', '%C3%89' => 'E', '%C3%8A' => 'E', '%C3%8B' => 'E', '%C3%8C' => 'I', '%C3%8D' => 'I', '%C3%8E' => 'I', '%C3%8F' => 'I', '%C3%91' => 'N', '%C3%92' => 'O', '%C3%93' => 'O', '%C3%94' => 'O', '%C3%95' => 'O', '%C3%96' => 'O', '%C5%A0' => 'S', '%C3%99' => 'U', '%C3%9A' => 'U', '%C3%9B' => 'U', '%C3%9C' => 'U', '%C3%9D' => 'Y', '%C5%B8' => 'y', '%C3%A0' => 'a', '%C3%A1' => 'a', '%C3%A2' => 'a', '%C3%A3' => 'a', '%C3%A4' => 'a', '%C3%A5' => 'a', '%C3%A7' => 'c', '%C3%A8' => 'e', '%C3%A9' => 'e', '%C3%AA' => 'e', '%C3%AB' => 'e', '%C3%AC' => 'i', '%C3%AD' => 'i', '%C3%AE' => 'i', '%C3%AF' => 'i', '%C3%B1' => 'n', '%C3%B2' => 'o', '%C3%B3' => 'o', '%C3%B4' => 'o', '%C3%B5' => 'o', '%C3%B6' => 'o', '%C5%A1' => 's', '%C3%B9' => 'u', '%C3%BA' => 'u', '%C3%BB' => 'u', '%C3%BC' => 'u', '%C3%BD' => 'y', '%C3%BF' => 'y' ); $string = strtr($string, $replacements); return rawurldecode($string); } else { // See http://www.ascii-code.com/ $string = strtr( $str, "\xC0\xC1\xC2\xC3\xC4\xC5\xC7 \xC8\xC9\xCA\xCB\xCC\xCD\xCE\xCF\xD0\xD1 \xD2\xD3\xD4\xD5\xD8\xD9\xDA\xDB\xDD \xE0\xE1\xE2\xE3\xE4\xE5\xE7\xE8\xE9\xEA\xEB \xEC\xED\xEE\xEF\xF0\xF1\xF2\xF3\xF4\xF5\xF8 \xF9\xFA\xFB\xFC\xFD\xFF", "AAAAAAC EEEEIIIIDN OOOOOUUUY aaaaaaceeee iiiidnooooo uuuuyy" ); $string = strtr($string, array("\xC4"=>"Ae", "\xC6"=>"AE", "\xD6"=>"Oe", "\xDC"=>"Ue", "\xDE"=>"TH", "\xDF"=>"ss", "\xE4"=>"ae", "\xE6"=>"ae", "\xF6"=>"oe", "\xFC"=>"ue", "\xFE"=>"th")); return $string; } } /** * Clean a string from all punctuation characters to use it as a ref or login. * This is a more complete function than dol_sanitizeFileName. * * @param string $str String to clean * @param string $newstr String to replace forbidden chars with * @param array|string $badcharstoreplace Array of forbidden characters to replace. Use '' to keep default list. * @param array|string $badcharstoremove Array of forbidden characters to remove. Use '' to keep default list. * @return string Cleaned string * * @see dol_sanitizeFilename(), dol_string_unaccent(), dol_string_nounprintableascii() */ function dol_string_nospecial($str, $newstr = '_', $badcharstoreplace = '', $badcharstoremove = '') { $forbidden_chars_to_replace = array(" ", "'", "/", "\\", ":", "*", "?", "\"", "<", ">", "|", "[", "]", ",", ";", "=", '°'); // more complete than dol_sanitizeFileName $forbidden_chars_to_remove = array(); //$forbidden_chars_to_remove=array("(",")"); if (is_array($badcharstoreplace)) { $forbidden_chars_to_replace = $badcharstoreplace; } if (is_array($badcharstoremove)) { $forbidden_chars_to_remove = $badcharstoremove; } return str_replace($forbidden_chars_to_replace, $newstr, str_replace($forbidden_chars_to_remove, "", $str)); } /** * Clean a string from all non printable ASCII chars (0x00-0x1F and 0x7F). It can also removes also Tab-CR-LF. UTF8 chars remains. * This can be used to sanitize a string and view its real content. Some hacks try to obfuscate attacks by inserting non printable chars. * Note, for information: UTF8 on 1 byte are: \x00-\7F * 2 bytes are: byte 1 \xc0-\xdf, byte 2 = \x80-\xbf * 3 bytes are: byte 1 \xe0-\xef, byte 2 = \x80-\xbf, byte 3 = \x80-\xbf * 4 bytes are: byte 1 \xf0-\xf7, byte 2 = \x80-\xbf, byte 3 = \x80-\xbf, byte 4 = \x80-\xbf * @param string $str String to clean * @param int $removetabcrlf Remove also CR-LF * @return string Cleaned string * * @see dol_sanitizeFilename(), dol_string_unaccent(), dol_string_nospecial() */ function dol_string_nounprintableascii($str, $removetabcrlf = 1) { if ($removetabcrlf) { return preg_replace('/[\x00-\x1F\x7F]/u', '', $str); // /u operator makes UTF8 valid characters being ignored so are not included into the replace } else { return preg_replace('/[\x00-\x08\x11-\x12\x14-\x1F\x7F]/u', '', $str); // /u operator should make UTF8 valid characters being ignored so are not included into the replace } } /** * Returns text escaped for inclusion into javascript code * * @param string $stringtoescape String to escape * @param int $mode 0=Escape also ' and " into ', 1=Escape ' but not " for usage into 'string', 2=Escape " but not ' for usage into "string", 3=Escape ' and " with \ * @param int $noescapebackslashn 0=Escape also \n. 1=Do not escape \n. * @return string Escaped string. Both ' and " are escaped into ' if they are escaped. */ function dol_escape_js($stringtoescape, $mode = 0, $noescapebackslashn = 0) { // escape quotes and backslashes, newlines, etc. $substitjs = array("'"=>"\\'", "\r"=>'\\r'); //$substitjs['. * @param string $noescapetags '' or 'common' or list of tags to not escape. TODO Does not works yet when there is attributes to tag. * @param int $escapeonlyhtmltags 1=Escape only html tags, not the special chars like accents. * @return string Escaped string * @see dol_string_nohtmltag(), dol_string_nospecial(), dol_string_unaccent() */ function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $noescapetags = '', $escapeonlyhtmltags = 0) { if ($noescapetags == 'common') { $noescapetags = 'html,body,a,b,em,hr,i,u,ul,li,br,div,img,font,p,span,strong,table,tr,td,th,tbody'; } // escape quotes and backslashes, newlines, etc. if ($escapeonlyhtmltags) { $tmp = htmlspecialchars_decode((string) $stringtoescape, ENT_COMPAT); } else { $tmp = html_entity_decode((string) $stringtoescape, ENT_COMPAT, 'UTF-8'); } if (!$keepb) { $tmp = strtr($tmp, array(""=>'', ''=>'')); } if (!$keepn) { $tmp = strtr($tmp, array("\r"=>'\\r', "\n"=>'\\n')); } if ($escapeonlyhtmltags) { return htmlspecialchars($tmp, ENT_COMPAT, 'UTF-8'); } else { // Escape tags to keep // TODO Does not works yet when there is attributes to tag $tmparrayoftags = array(); if ($noescapetags) { $tmparrayoftags = explode(',', $noescapetags); } if (count($tmparrayoftags)) { foreach ($tmparrayoftags as $tagtoreplace) { $tmp = str_ireplace('<'.$tagtoreplace.'>', '__BEGINTAGTOREPLACE'.$tagtoreplace.'__', $tmp); $tmp = str_ireplace('', '__ENDTAGTOREPLACE'.$tagtoreplace.'__', $tmp); $tmp = str_ireplace('<'.$tagtoreplace.' />', '__BEGINENDTAGTOREPLACE'.$tagtoreplace.'__', $tmp); } } $result = htmlentities($tmp, ENT_COMPAT, 'UTF-8'); if (count($tmparrayoftags)) { foreach ($tmparrayoftags as $tagtoreplace) { $result = str_ireplace('__BEGINTAGTOREPLACE'.$tagtoreplace.'__', '<'.$tagtoreplace.'>', $result); $result = str_ireplace('__ENDTAGTOREPLACE'.$tagtoreplace.'__', '', $result); $result = str_ireplace('__BEGINENDTAGTOREPLACE'.$tagtoreplace.'__', '<'.$tagtoreplace.' />', $result); } } return $result; } } /** * Convert a string to lower. Never use strtolower because it does not works with UTF8 strings. * * @param string $string String to encode * @param string $encoding Character set encoding * @return string String converted */ function dol_strtolower($string, $encoding = "UTF-8") { if (function_exists('mb_strtolower')) { return mb_strtolower($string, $encoding); } else { return strtolower($string); } } /** * Convert a string to upper. Never use strtolower because it does not works with UTF8 strings. * * @param string $string String to encode * @param string $encoding Character set encoding * @return string String converted */ function dol_strtoupper($string, $encoding = "UTF-8") { if (function_exists('mb_strtoupper')) { return mb_strtoupper($string, $encoding); } else { return strtoupper($string); } } /** * Convert first character of the first word of a string to upper. Never use ucfirst because it does not works with UTF8 strings. * * @param string $string String to encode * @param string $encoding Character set encodign * @return string String converted */ function dol_ucfirst($string, $encoding = "UTF-8") { if (function_exists('mb_substr')) { return mb_strtoupper(mb_substr($string, 0, 1, $encoding), $encoding).mb_substr($string, 1, null, $encoding); } else { return ucfirst($string); } } /** * Convert first character of all the words of a string to upper. Never use ucfirst because it does not works with UTF8 strings. * * @param string $string String to encode * @param string $encoding Character set encodign * @return string String converted */ function dol_ucwords($string, $encoding = "UTF-8") { if (function_exists('mb_convert_case')) { return mb_convert_case($string, MB_CASE_TITLE, $encoding); } else { return ucwords($string); } } /** * Write log message into outputs. Possible outputs can be: * SYSLOG_HANDLERS = ["mod_syslog_file"] file name is then defined by SYSLOG_FILE * SYSLOG_HANDLERS = ["mod_syslog_syslog"] facility is then defined by SYSLOG_FACILITY * Warning, syslog functions are bugged on Windows, generating memory protection faults. To solve * this, use logging to files instead of syslog (see setup of module). * Note: If constant 'SYSLOG_FILE_NO_ERROR' defined, we never output any error message when writing to log fails. * Note: You can get log message into html sources by adding parameter &logtohtml=1 (constant MAIN_LOGTOHTML must be set) * This function works only if syslog module is enabled. * This must not use any call to other function calling dol_syslog (avoid infinite loop). * * @param string $message Line to log. ''=Show nothing * @param int $level Log level * On Windows LOG_ERR=4, LOG_WARNING=5, LOG_NOTICE=LOG_INFO=6, LOG_DEBUG=6 si define_syslog_variables ou PHP 5.3+, 7 si dolibarr * On Linux LOG_ERR=3, LOG_WARNING=4, LOG_NOTICE=5, LOG_INFO=6, LOG_DEBUG=7 * @param int $ident 1=Increase ident of 1, -1=Decrease ident of 1 * @param string $suffixinfilename When output is a file, append this suffix into default log filename. * @param string $restricttologhandler Force output of log only to this log handler * @param array|null $logcontext If defined, an array with extra informations (can be used by some log handlers) * @return void */ function dol_syslog($message, $level = LOG_INFO, $ident = 0, $suffixinfilename = '', $restricttologhandler = '', $logcontext = null) { global $conf, $user, $debugbar; // If syslog module enabled if (empty($conf->syslog->enabled)) { return; } // Check if we are into execution of code of a website if (defined('USEEXTERNALSERVER') && !defined('USEDOLIBARRSERVER') && !defined('USEDOLIBARREDITOR')) { global $website, $websitekey; if (is_object($website) && !empty($website->ref)) { $suffixinfilename .= '_website_'.$website->ref; } elseif (!empty($websitekey)) { $suffixinfilename .= '_website_'.$websitekey; } } // Check if we have a forced suffix if (defined('USESUFFIXINLOG')) { $suffixinfilename .= constant('USESUFFIXINLOG'); } if ($ident < 0) { foreach ($conf->loghandlers as $loghandlerinstance) { $loghandlerinstance->setIdent($ident); } } if (!empty($message)) { // Test log level $logLevels = array(LOG_EMERG=>'EMERG', LOG_ALERT=>'ALERT', LOG_CRIT=>'CRITICAL', LOG_ERR=>'ERR', LOG_WARNING=>'WARN', LOG_NOTICE=>'NOTICE', LOG_INFO=>'INFO', LOG_DEBUG=>'DEBUG'); if (!array_key_exists($level, $logLevels)) { throw new Exception('Incorrect log level'); } if ($level > $conf->global->SYSLOG_LEVEL) { return; } if (empty($conf->global->MAIN_SHOW_PASSWORD_INTO_LOG)) { $message = preg_replace('/password=\'[^\']*\'/', 'password=\'hidden\'', $message); // protection to avoid to have value of password in log } // If adding log inside HTML page is required if ((!empty($_REQUEST['logtohtml']) && !empty($conf->global->MAIN_ENABLE_LOG_TO_HTML)) || (!empty($user->rights->debugbar->read) && is_object($debugbar))) { $conf->logbuffer[] = dol_print_date(time(), "%Y-%m-%d %H:%M:%S")." ".$logLevels[$level]." ".$message; } //TODO: Remove this. MAIN_ENABLE_LOG_INLINE_HTML should be deprecated and use a log handler dedicated to HTML output // If html log tag enabled and url parameter log defined, we show output log on HTML comments if (!empty($conf->global->MAIN_ENABLE_LOG_INLINE_HTML) && !empty($_GET["log"])) { print "\n\n\n"; } $data = array( 'message' => $message, 'script' => (isset($_SERVER['PHP_SELF']) ? basename($_SERVER['PHP_SELF'], '.php') : false), 'level' => $level, 'user' => ((is_object($user) && $user->id) ? $user->login : false), 'ip' => false ); $remoteip = getUserRemoteIP(); // Get ip when page run on a web server if (!empty($remoteip)) { $data['ip'] = $remoteip; // This is when server run behind a reverse proxy if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != $remoteip) { $data['ip'] = $_SERVER['HTTP_X_FORWARDED_FOR'].' -> '.$data['ip']; } elseif (!empty($_SERVER['HTTP_CLIENT_IP']) && $_SERVER['HTTP_CLIENT_IP'] != $remoteip) { $data['ip'] = $_SERVER['HTTP_CLIENT_IP'].' -> '.$data['ip']; } } elseif (!empty($_SERVER['SERVER_ADDR'])) { // This is when PHP session is ran inside a web server but not inside a client request (example: init code of apache) $data['ip'] = $_SERVER['SERVER_ADDR']; } elseif (!empty($_SERVER['COMPUTERNAME'])) { // This is when PHP session is ran outside a web server, like from Windows command line (Not always defined, but useful if OS defined it). $data['ip'] = $_SERVER['COMPUTERNAME'].(empty($_SERVER['USERNAME']) ? '' : '@'.$_SERVER['USERNAME']); } elseif (!empty($_SERVER['LOGNAME'])) { // This is when PHP session is ran outside a web server, like from Linux command line (Not always defined, but usefull if OS defined it). $data['ip'] = '???@'.$_SERVER['LOGNAME']; } // Loop on each log handler and send output foreach ($conf->loghandlers as $loghandlerinstance) { if ($restricttologhandler && $loghandlerinstance->code != $restricttologhandler) { continue; } $loghandlerinstance->export($data, $suffixinfilename); } unset($data); } if ($ident > 0) { foreach ($conf->loghandlers as $loghandlerinstance) { $loghandlerinstance->setIdent($ident); } } } /** * Return HTML code to output a button to open a dialog popup box. * Such buttons must be included inside a HTML form. * * @param string $name A name for the html component * @param string $label Label shown in Popup title top bar * @param string $buttonstring button string * @param string $url Url to open * @param string $disabled Disabled text * @param string $morecss More CSS * @param string $backtopagejsfields The back to page must be managed using javascript instead of a redirect. * Value is 'keyforpopupid:Name_of_html_component_to_set_with id,Name_of_html_component_to_set_with_label' * @return string HTML component with button */ function dolButtonToOpenUrlInDialogPopup($name, $label, $buttonstring, $url, $disabled = '', $morecss = 'button bordertransp', $backtopagejsfields = '') { if (strpos($url, '?') > 0) { $url .= '&dol_hide_topmenu=1&dol_hide_leftmenu=1&dol_openinpopup='.urlencode($name); } else { $url .= '?dol_hide_topmenu=1&dol_hide_leftmenu=1&dol_openinpopup='.urlencode($name); } $out = ''; $backtopagejsfieldsid = ''; $backtopagejsfieldslabel = ''; if ($backtopagejsfields) { $tmpbacktopagejsfields = explode(':', $backtopagejsfields); if (empty($tmpbacktopagejsfields[1])) { // If the part 'keyforpopupid:' is missing, we add $name for it. $backtopagejsfields = $name.":".$backtopagejsfields; $tmp2backtopagejsfields = explode(',', $tmpbacktopagejsfields[0]); } else { $tmp2backtopagejsfields = explode(',', $tmpbacktopagejsfields[1]); } $backtopagejsfieldsid = empty($tmp2backtopagejsfields[0]) ? '' : $tmp2backtopagejsfields[0]; $backtopagejsfieldslabel = empty($tmp2backtopagejsfields[1]) ? '' : $tmp2backtopagejsfields[1]; $url .= '&backtopagejsfields='.urlencode($backtopagejsfields); } //print ''; $out .= ''."\n"; $out .= ''.$buttonstring.''; $out .= ''; $out .= ''; $out .= ''; $out .= ''; $out .= ''; return $out; } /** * Show tab header of a card * * @param array $links Array of tabs. Currently initialized by calling a function xxx_admin_prepare_head * @param string $active Active tab name (document', 'info', 'ldap', ....) * @param string $title Title * @param int $notab -1 or 0=Add tab header, 1=no tab header (if you set this to 1, using print dol_get_fiche_end() to close tab is not required), -2=Add tab header with no seaparation under tab (to start a tab just after) * @param string $picto Add a picto on tab title * @param int $pictoisfullpath If 1, image path is a full path. If you set this to 1, you can use url returned by dol_buildpath('/mymodyle/img/myimg.png',1) for $picto. * @param string $morehtmlright Add more html content on right of tabs title * @param string $morecss More Css * @param int $limittoshow Limit number of tabs to show. Use 0 to use automatic default value. * @param string $moretabssuffix A suffix to use when you have several dol_get_fiche_head() in same page * @return void * @deprecated Use print dol_get_fiche_head() instead */ function dol_fiche_head($links = array(), $active = '0', $title = '', $notab = 0, $picto = '', $pictoisfullpath = 0, $morehtmlright = '', $morecss = '', $limittoshow = 0, $moretabssuffix = '') { print dol_get_fiche_head($links, $active, $title, $notab, $picto, $pictoisfullpath, $morehtmlright, $morecss, $limittoshow, $moretabssuffix); } /** * Show tabs of a record * * @param array $links Array of tabs. Note that label into $links[$i][1] must be already HTML escaped. * @param string $active Active tab name * @param string $title Title * @param int $notab -1 or 0=Add tab header, 1=no tab header (if you set this to 1, using print dol_get_fiche_end() to close tab is not required), -2=Add tab header with no seaparation under tab (to start a tab just after) * @param string $picto Add a picto on tab title * @param int $pictoisfullpath If 1, image path is a full path. If you set this to 1, you can use url returned by dol_buildpath('/mymodyle/img/myimg.png',1) for $picto. * @param string $morehtmlright Add more html content on right of tabs title * @param string $morecss More CSS on the link * @param int $limittoshow Limit number of tabs to show. Use 0 to use automatic default value. * @param string $moretabssuffix A suffix to use when you have several dol_get_fiche_head() in same page * @return string */ function dol_get_fiche_head($links = array(), $active = '', $title = '', $notab = 0, $picto = '', $pictoisfullpath = 0, $morehtmlright = '', $morecss = '', $limittoshow = 0, $moretabssuffix = '') { global $conf, $langs, $hookmanager; // Show title $showtitle = 1; if (!empty($conf->dol_optimize_smallscreen)) { $showtitle = 0; } $out = "\n".''; if ((!empty($title) && $showtitle) || $morehtmlright || !empty($links)) { $out .= '\n"; } if (!$notab || $notab == -1 || $notab == -2) { $out .= "\n".'\n"; } else { return ''; } } /** * Show tab footer of a card. * Note: $object->next_prev_filter can be set to restrict select to find next or previous record by $form->showrefnav. * * @param Object $object Object to show * @param string $paramid Name of parameter to use to name the id into the URL next/previous link * @param string $morehtml More html content to output just before the nav bar * @param int $shownav Show Condition (navigation is shown if value is 1) * @param string $fieldid Nom du champ en base a utiliser pour select next et previous (we make the select max and min on this field). Use 'none' for no prev/next search. * @param string $fieldref Nom du champ objet ref (object->ref) a utiliser pour select next et previous * @param string $morehtmlref More html to show after the ref (see $morehtmlleft for before) * @param string $moreparam More param to add in nav link url. * @param int $nodbprefix Do not include DB prefix to forge table name * @param string $morehtmlleft More html code to show before the ref (see $morehtmlref for after) * @param string $morehtmlstatus More html code to show under navigation arrows * @param int $onlybanner Put this to 1, if the card will contains only a banner (this add css 'arearefnobottom' on div) * @param string $morehtmlright More html code to show before navigation arrows * @return void */ function dol_banner_tab($object, $paramid, $morehtml = '', $shownav = 1, $fieldid = 'rowid', $fieldref = 'ref', $morehtmlref = '', $moreparam = '', $nodbprefix = 0, $morehtmlleft = '', $morehtmlstatus = '', $onlybanner = 0, $morehtmlright = '') { global $conf, $form, $user, $langs, $hookmanager, $action; $error = 0; $maxvisiblephotos = 1; $showimage = 1; $entity = (empty($object->entity) ? $conf->entity : $object->entity); $showbarcode = empty($conf->barcode->enabled) ? 0 : (empty($object->barcode) ? 0 : 1); if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->barcode->lire_advance)) { $showbarcode = 0; } $modulepart = 'unknown'; if ($object->element == 'societe' || $object->element == 'contact' || $object->element == 'product' || $object->element == 'ticket') { $modulepart = $object->element; } elseif ($object->element == 'member') { $modulepart = 'memberphoto'; } elseif ($object->element == 'user') { $modulepart = 'userphoto'; } if (class_exists("Imagick")) { if ($object->element == 'expensereport' || $object->element == 'propal' || $object->element == 'commande' || $object->element == 'facture' || $object->element == 'supplier_proposal') { $modulepart = $object->element; } elseif ($object->element == 'fichinter') { $modulepart = 'ficheinter'; } elseif ($object->element == 'contrat') { $modulepart = 'contract'; } elseif ($object->element == 'order_supplier') { $modulepart = 'supplier_order'; } elseif ($object->element == 'invoice_supplier') { $modulepart = 'supplier_invoice'; } } if ($object->element == 'product') { $width = 80; $cssclass = 'photowithmargin photoref'; $showimage = $object->is_photo_available($conf->product->multidir_output[$entity]); $maxvisiblephotos = (isset($conf->global->PRODUCT_MAX_VISIBLE_PHOTO) ? $conf->global->PRODUCT_MAX_VISIBLE_PHOTO : 5); if ($conf->browser->layout == 'phone') { $maxvisiblephotos = 1; } if ($showimage) { $morehtmlleft .= ''; } else { if (!empty($conf->global->PRODUCT_NODISPLAYIFNOPHOTO)) { $nophoto = ''; $morehtmlleft .= ''; } else { // Show no photo link $nophoto = '/public/theme/common/nophoto.png'; $morehtmlleft .= ''; } } } elseif ($object->element == 'ticket') { $width = 80; $cssclass = 'photoref'; $showimage = $object->is_photo_available($conf->ticket->multidir_output[$entity].'/'.$object->ref); $maxvisiblephotos = (isset($conf->global->TICKET_MAX_VISIBLE_PHOTO) ? $conf->global->TICKET_MAX_VISIBLE_PHOTO : 2); if ($conf->browser->layout == 'phone') { $maxvisiblephotos = 1; } if ($showimage) { $showphoto = $object->show_photos('ticket', $conf->ticket->multidir_output[$entity], 'small', $maxvisiblephotos, 0, 0, 0, $width, 0); if ($object->nbphoto > 0) { $morehtmlleft .= ''; } else { $showimage = 0; } } if (!$showimage) { if (!empty($conf->global->TICKET_NODISPLAYIFNOPHOTO)) { $nophoto = ''; $morehtmlleft .= ''; } else { // Show no photo link $nophoto = img_picto('No photo', 'object_ticket'); $morehtmlleft .= ''; $morehtmlleft .= ''; } } } else { if ($showimage) { if ($modulepart != 'unknown') { $phototoshow = ''; // Check if a preview file is available if (in_array($modulepart, array('propal', 'commande', 'facture', 'ficheinter', 'contract', 'supplier_order', 'supplier_proposal', 'supplier_invoice', 'expensereport')) && class_exists("Imagick")) { $objectref = dol_sanitizeFileName($object->ref); $dir_output = (empty($conf->$modulepart->multidir_output[$entity]) ? $conf->$modulepart->dir_output : $conf->$modulepart->multidir_output[$entity])."/"; if (in_array($modulepart, array('invoice_supplier', 'supplier_invoice'))) { $subdir = get_exdir($object->id, 2, 0, 1, $object, $modulepart); $subdir .= ((!empty($subdir) && !preg_match('/\/$/', $subdir)) ? '/' : '').$objectref; // the objectref dir is not included into get_exdir when used with level=2, so we add it at end } else { $subdir = get_exdir($object->id, 0, 0, 1, $object, $modulepart); } if (empty($subdir)) { $subdir = 'errorgettingsubdirofobject'; // Protection to avoid to return empty path } $filepath = $dir_output.$subdir."/"; $filepdf = $filepath.$objectref.".pdf"; $relativepath = $subdir.'/'.$objectref.'.pdf'; // Define path to preview pdf file (preview precompiled "file.ext" are "file.ext_preview.png") $fileimage = $filepdf.'_preview.png'; $relativepathimage = $relativepath.'_preview.png'; $pdfexists = file_exists($filepdf); // If PDF file exists if ($pdfexists) { // Conversion du PDF en image png si fichier png non existant if (!file_exists($fileimage) || (filemtime($fileimage) < filemtime($filepdf))) { if (empty($conf->global->MAIN_DISABLE_PDF_THUMBS)) { // If you experience trouble with pdf thumb generation and imagick, you can disable here. include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $ret = dol_convert_file($filepdf, 'png', $fileimage, '0'); // Convert first page of PDF into a file _preview.png if ($ret < 0) { $error++; } } } } if ($pdfexists && !$error) { $heightforphotref = 80; if (!empty($conf->dol_optimize_smallscreen)) { $heightforphotref = 60; } // If the preview file is found if (file_exists($fileimage)) { $phototoshow = ''; } } } elseif (!$phototoshow) { // example if modulepart = 'societe' or 'photo' $phototoshow .= $form->showphoto($modulepart, $object, 0, 0, 0, 'photowithmargin photoref', 'small', 1, 0, $maxvisiblephotos); } if ($phototoshow) { $morehtmlleft .= ''; } } if (empty($phototoshow)) { // Show No photo link (picto of object) if ($object->element == 'action') { $width = 80; $cssclass = 'photorefcenter'; $nophoto = img_picto('No photo', 'title_agenda'); } else { $width = 14; $cssclass = 'photorefcenter'; $picto = $object->picto; $prefix = 'object_'; if ($object->element == 'project' && !$object->public) { $picto = 'project'; // instead of projectpub } if (strpos($picto, 'fontawesome_') !== false) { $prefix = ''; } $nophoto = img_picto('No photo', $prefix.$picto); } $morehtmlleft .= ''; $morehtmlleft .= ''; } } } if ($showbarcode) { $morehtmlleft .= ''; } if ($object->element == 'societe') { if (!empty($conf->use_javascript_ajax) && $user->rights->societe->creer && !empty($conf->global->MAIN_DIRECT_STATUS_UPDATE)) { $morehtmlstatus .= ajax_object_onoff($object, 'status', 'status', 'InActivity', 'ActivityCeased'); } else { $morehtmlstatus .= $object->getLibStatut(6); } } elseif ($object->element == 'product') { //$morehtmlstatus.=$langs->trans("Status").' ('.$langs->trans("Sell").') '; if (!empty($conf->use_javascript_ajax) && $user->rights->produit->creer && !empty($conf->global->MAIN_DIRECT_STATUS_UPDATE)) { $morehtmlstatus .= ajax_object_onoff($object, 'status', 'tosell', 'ProductStatusOnSell', 'ProductStatusNotOnSell'); } else { $morehtmlstatus .= ''.$object->getLibStatut(6, 0).''; } $morehtmlstatus .= '   '; //$morehtmlstatus.=$langs->trans("Status").' ('.$langs->trans("Buy").') '; if (!empty($conf->use_javascript_ajax) && $user->rights->produit->creer && !empty($conf->global->MAIN_DIRECT_STATUS_UPDATE)) { $morehtmlstatus .= ajax_object_onoff($object, 'status_buy', 'tobuy', 'ProductStatusOnBuy', 'ProductStatusNotOnBuy'); } else { $morehtmlstatus .= ''.$object->getLibStatut(6, 1).''; } } elseif (in_array($object->element, array('facture', 'invoice', 'invoice_supplier', 'chargesociales', 'loan', 'tva', 'salary'))) { $tmptxt = $object->getLibStatut(6, $object->totalpaid); if (empty($tmptxt) || $tmptxt == $object->getLibStatut(3)) { $tmptxt = $object->getLibStatut(5, $object->totalpaid); } $morehtmlstatus .= $tmptxt; } elseif ($object->element == 'contrat' || $object->element == 'contract') { if ($object->statut == 0) { $morehtmlstatus .= $object->getLibStatut(5); } else { $morehtmlstatus .= $object->getLibStatut(4); } } elseif ($object->element == 'facturerec') { if ($object->frequency == 0) { $morehtmlstatus .= $object->getLibStatut(2); } else { $morehtmlstatus .= $object->getLibStatut(5); } } elseif ($object->element == 'project_task') { $object->fk_statut = 1; if ($object->progress > 0) { $object->fk_statut = 2; } if ($object->progress >= 100) { $object->fk_statut = 3; } $tmptxt = $object->getLibStatut(5); $morehtmlstatus .= $tmptxt; // No status on task } else { // Generic case $tmptxt = $object->getLibStatut(6); if (empty($tmptxt) || $tmptxt == $object->getLibStatut(3)) { $tmptxt = $object->getLibStatut(5); } $morehtmlstatus .= $tmptxt; } // Add if object was dispatched "into accountancy" if (!empty($conf->accounting->enabled) && in_array($object->element, array('bank', 'paiementcharge', 'facture', 'invoice', 'invoice_supplier', 'expensereport', 'payment_various'))) { // Note: For 'chargesociales', 'salaries'... this is the payments that are dispatched (so element = 'bank') if (method_exists($object, 'getVentilExportCompta')) { $accounted = $object->getVentilExportCompta(); $langs->load("accountancy"); $morehtmlstatus .= '