dolibarr 19.0.3
main.inc.php File Reference

File that defines environment for Dolibarr GUI pages only (file not required by scripts) More...

Go to the source code of this file.

Functions

if(!empty( $_SERVER[ 'MAIN_SHOW_TUNING_INFO'])) realCharForNumericEntities ($matches)
 Return the real char for a numeric entities.
 
 testSqlAndScriptInject ($val, $type)
 Security: WAF layer for SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST, PHP_SELF).
 
 analyseVarsForSqlAndScriptsInjection (&$var, $type)
 Return true if security check on parameters are OK, false otherwise.
 
if(!defined( 'NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead ($contenttype='text/html', $forcenocache=0)
 Show HTTP header.
 
 top_htmlhead ($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs=array(), $arrayofcss=array(), $disableforlogin=0, $disablenofollow=0, $disablenoindex=0)
 Ouput html header of a page.
 
 top_menu ($head, $title='', $target='', $disablejs=0, $disablehead=0, $arrayofjs=array(), $arrayofcss=array(), $morequerystring='', $helppagename='')
 Show an HTML header + a BODY + The top menu bar.
 
 top_menu_user ($hideloginname=0, $urllogout='')
 Build the tooltip on user login.
 
 top_menu_quickadd ()
 Build the tooltip on top menu quick add.
 
 printDropdownQuickadd ()
 Generate list of quickadd items.
 
 top_menu_bookmark ()
 Build the tooltip on top menu bookmark.
 
 top_menu_search ()
 Build the tooltip on top menu tsearch.
 
 left_menu ($menu_array_before, $helppagename='', $notused='', $menu_array_after=array(), $leftmenuwithoutmainarea=0, $title='', $acceptdelayedhtml=0)
 Show left menu bar.
 
 main_area ($title='')
 Begin main area.
 
 getHelpParamFor ($helppagename, $langs)
 Return helpbaseurl, helppage and mode.
 
 printSearchForm ($urlaction, $urlobject, $title, $htmlmorecss, $htmlinputname, $accesskey='', $prefhtmlinputname='', $img='', $showtitlebefore=0, $autofocus=0)
 Show a search area.
 

Detailed Description

File that defines environment for Dolibarr GUI pages only (file not required by scripts)

Definition in file main.inc.php.

Function Documentation

◆ analyseVarsForSqlAndScriptsInjection()

analyseVarsForSqlAndScriptsInjection ( & $var,
$type )

Return true if security check on parameters are OK, false otherwise.

Parameters
string | array$varVariable name
string$type1=GET, 0=POST, 2=PHP_SELF
Returns
boolean|null true if there is no injection. Stop code if injection found.

Show HTML header HTML + BODY + Top menu + left menu + DIV

Parameters
string$headOptionnal head lines
string$titleHTML title
string$help_urlUrl links to help page Syntax is: For a wiki page: EN:EnglishPage|FR:FrenchPage|ES:SpanishPage|DE:GermanPage For other external page: http://server/url
string$targetTarget to use on links
int$disablejsMore content into html header
int$disableheadMore content into html header
array | string$arrayofjsArray of complementary js files
array | string$arrayofcssArray of complementary css files
string$morequerystringQuery string to add to the link "print" to get same parameters (use only if autodetect fails)
string$morecssonbodyMore CSS on body tag. For example 'classforhorizontalscrolloftabs'.
string$replacemainareabyReplace call to main_area() by a print of this string
int$disablenofollowDisable the "nofollow" on meta robot header
int$disablenoindexDisable the "noindex" on meta robot header
Returns
void

Definition at line 216 of file main.inc.php.

References analyseVarsForSqlAndScriptsInjection(), and testSqlAndScriptInject().

Referenced by analyseVarsForSqlAndScriptsInjection().

◆ getHelpParamFor()

getHelpParamFor ( $helppagename,
$langs )

Return helpbaseurl, helppage and mode.

Parameters
string$helppagenamePage name ('EN:xxx,ES:eee,FR:fff,DE:ddd...' or 'http://localpage')
Translate$langsLanguage
Returns
array Array of help urls

Definition at line 3476 of file main.inc.php.

Referenced by top_menu().

◆ left_menu()

left_menu ( $menu_array_before,
$helppagename = '',
$notused = '',
$menu_array_after = array(),
$leftmenuwithoutmainarea = 0,
$title = '',
$acceptdelayedhtml = 0 )

Show left menu bar.

Parameters
array$menu_array_beforeTable of menu entries to show before entries of menu handler. This param is deprectaed and must be provided to ''.
string$helppagenameName of wiki page for help ('' by default). Syntax is: For a wiki page: EN:EnglishPage|FR:FrenchPage|ES:SpanishPage|DE:GermanPage For other external page: http://server/url
string$notusedDeprecated. Used in past to add content into left menu. Hooks can be used now.
array$menu_array_afterTable of menu entries to show after entries of menu handler
int$leftmenuwithoutmainareaMust be set to 1. 0 by default for backward compatibility with old modules.
string$titleTitle of web page
int$acceptdelayedhtml1 if caller request to have html delayed content not returned but saved into global $delayedhtmlcontent (so caller can show it at end of page to avoid flash FOUC effect)
Returns
void

Definition at line 3164 of file main.inc.php.

References dol_escape_htmltag(), dol_syslog(), getDolGlobalString(), main_area(), and printSearchForm().

◆ main_area()

main_area ( $title = '')

Begin main area.

Parameters
string$titleTitle
Returns
void

Definition at line 3414 of file main.inc.php.

References dol_escape_htmltag(), getDolGlobalString(), GETPOST(), and info_admin().

Referenced by left_menu().

◆ printDropdownQuickadd()

printDropdownQuickadd ( )

Generate list of quickadd items.

Returns
string HTML output

Definition at line 2714 of file main.inc.php.

References getDolGlobalString(), and img_picto().

Referenced by top_menu_quickadd().

◆ printSearchForm()

printSearchForm ( $urlaction,
$urlobject,
$title,
$htmlmorecss,
$htmlinputname,
$accesskey = '',
$prefhtmlinputname = '',
$img = '',
$showtitlebefore = 0,
$autofocus = 0 )

Show a search area.

Used when the javascript quick search is not used.

Parameters
string$urlactionUrl post
string$urlobjectUrl of the link under the search box
string$titleTitle search area
string$htmlmorecssAdd more css
string$htmlinputnameField Name input form
string$accesskeyAccesskey
string$prefhtmlinputnameComplement for id to avoid multiple same id in the page
string$imgImage to use
int$showtitlebeforeShow title before input text instead of into placeholder. This can be set when output is dedicated for text browsers.
int$autofocusSet autofocus on field
Returns
string

Show HTML footer Close div /DIV class=fiche + /DIV id-right + /DIV id-container + /BODY + /HTML. If global var $delayedhtmlcontent was filled, we output it just before closing the body.

Parameters
string$commentA text to add as HTML comment into HTML generated page
string$zone'private' (for private pages) or 'public' (for public pages)
int$disabledoutputofmessagesClear all messages stored into session without diplaying them
Returns
void

Definition at line 3536 of file main.inc.php.

References img_picto().

Referenced by left_menu().

◆ realCharForNumericEntities()

if(!empty($_SERVER['MAIN_SHOW_TUNING_INFO'])) realCharForNumericEntities ( $matches)

Return the real char for a numeric entities.

WARNING: This function is required by testSqlAndScriptInject() and the GETPOST 'restricthtml'. Regex calling must be similar.

Parameters
string$matchesString of numeric entity
Returns
string New value

Definition at line 63 of file main.inc.php.

Referenced by dol_htmlwithnojs(), and testSqlAndScriptInject().

◆ testSqlAndScriptInject()

testSqlAndScriptInject ( $val,
$type )

Security: WAF layer for SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST, PHP_SELF).

Warning: Such a protection can't be enough. It is not reliable as it will always be possible to bypass this. Good protection can only be guaranted by escaping data during output.

Parameters
string$valBrute value found into $_GET, $_POST or PHP_SELF
string$type0=POST, 1=GET, 2=PHP_SELF, 3=GET without sql reserved keywords (the less tolerant test)
Returns
int >0 if there is an injection, 0 if none

Definition at line 89 of file main.inc.php.

References realCharForNumericEntities().

Referenced by analyseVarsForSqlAndScriptsInjection(), ImportCsv\import_insert(), ImportXlsx\import_insert(), and Form\select_thirdparty_list().

◆ top_htmlhead()

top_htmlhead ( $head,
$title = '',
$disablejs = 0,
$disablehead = 0,
$arrayofjs = array(),
$arrayofcss = array(),
$disableforlogin = 0,
$disablenofollow = 0,
$disablenoindex = 0 )

Ouput html header of a page.

It calls also top_httphead() This code is also duplicated into security2.lib.php\dol_loginfunction

Parameters
string$headOptionnal head lines
string$titleHTML title
int$disablejsDisable js output
int$disableheadDisable head output
array$arrayofjsArray of complementary js files
array$arrayofcssArray of complementary css files
int$disableforloginDo not load heavy js and css for login pages
int$disablenofollowDisable nofollow tag for meta robots
int$disablenoindexDisable noindex tag for meta robots
Returns
void

Definition at line 1708 of file main.inc.php.

References dol_buildpath(), dol_htmlentities(), dol_syslog(), dolibarr_set_const(), getDolGlobalInt(), getDolGlobalString(), GETPOST(), and top_httphead().

Referenced by llxHeaderTicket(), llxHeaderVierge(), llxHeaderVierge(), llxHeaderVierge(), and top_menu().

◆ top_httphead()

if(!defined('NOREQUIREMENU')) if(!empty(GETPOST( 'seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead ( $contenttype = 'text/html',
$forcenocache = 0 )

Show HTTP header.

Called by top_htmlhead().

Parameters
string$contenttypeContent type. For example, 'text/html'
int$forcenocacheForce disabling of cache for the page
Returns
void

Definition at line 1569 of file main.inc.php.

References getDolGlobalString().

Referenced by dol_print_error(), AccountancyExport\export(), httponly_accessforbidden(), llxHeaderVierge(), print_paybox_redirect(), and top_htmlhead().

◆ top_menu()

top_menu ( $head,
$title = '',
$target = '',
$disablejs = 0,
$disablehead = 0,
$arrayofjs = array(),
$arrayofcss = array(),
$morequerystring = '',
$helppagename = '' )

Show an HTML header + a BODY + The top menu bar.

Parameters
string$headLines in the HEAD
string$titleTitle of web page
string$targetTarget to use in menu links (Example: '' or '_top')
int$disablejsDo not output links to js (Ex: qd fonction utilisee par sous formulaire Ajax)
int$disableheadDo not output head section
array$arrayofjsArray of js files to add in header
array$arrayofcssArray of css files to add in header
string$morequerystringQuery string to add to the link "print" to get same parameters (use only if autodetect fails)
string$helppagenameName of wiki page for help ('' by default). Syntax is: For a wiki page: EN:EnglishPage|FR:FrenchPage|ES:SpanishPage|DE:GermanPage For other external page: http://server/url
Returns
void

Definition at line 2120 of file main.inc.php.

References dol_escape_htmltag(), getDolGlobalInt(), getDolGlobalString(), getHelpParamFor(), GETPOST(), img_picto(), top_htmlhead(), top_menu_bookmark(), top_menu_quickadd(), top_menu_search(), and top_menu_user().

◆ top_menu_bookmark()

top_menu_bookmark ( )

Build the tooltip on top menu bookmark.

Returns
string HTML content

Definition at line 2893 of file main.inc.php.

References getDolGlobalString(), and printDropdownBookmarksList().

Referenced by top_menu().

◆ top_menu_quickadd()

top_menu_quickadd ( )

Build the tooltip on top menu quick add.

Returns
string HTML content

Definition at line 2639 of file main.inc.php.

References printDropdownQuickadd().

Referenced by top_menu().

◆ top_menu_search()

top_menu_search ( )

Build the tooltip on top menu tsearch.

Returns
string HTML content

Definition at line 2988 of file main.inc.php.

Referenced by top_menu().

◆ top_menu_user()

top_menu_user ( $hideloginname = 0,
$urllogout = '' )

Build the tooltip on user login.

Parameters
int$hideloginnameHide login name. Show only the image.
string$urllogoutURL for logout (Will use DOL_URL_ROOT.'/user/logout.php?token=...' if empty)
Returns
string HTML content

Definition at line 2374 of file main.inc.php.

References dol_escape_htmltag(), dol_print_date(), dol_print_profids(), dolButtonToOpenUrlInDialogPopup(), getDolGlobalString(), img_picto(), picto_from_langcode(), Form\showphoto(), and yn().

Referenced by top_menu().