dolibarr 20.0.2
main.inc.php File Reference

File that defines environment for Dolibarr GUI pages only (file not required by scripts) More...

Go to the source code of this file.

Functions

if(!empty( $_SERVER[ 'MAIN_SHOW_TUNING_INFO'])) getArrayOfEmoji ()
 Return array of Emojis.
 
 realCharForNumericEntities ($matches)
 Return the real char for a numeric entities.
 
 testSqlAndScriptInject ($val, $type)
 Security: WAF layer for SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST, PHP_SELF).
 
 analyseVarsForSqlAndScriptsInjection (&$var, $type, $stopcode=1)
 Return true if security check on parameters are OK, false otherwise.
 
if(!defined( 'NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead ($contenttype='text/html', $forcenocache=0)
 Show HTTP header.
 
 top_htmlhead ($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs=array(), $arrayofcss=array(), $disableforlogin=0, $disablenofollow=0, $disablenoindex=0)
 Output html header of a page.
 
 top_menu ($head, $title='', $target='', $disablejs=0, $disablehead=0, $arrayofjs=array(), $arrayofcss=array(), $morequerystring='', $helppagename='')
 Show an HTML header + a BODY + The top menu bar.
 
 top_menu_user ($hideloginname=0, $urllogout='')
 Build the tooltip on user login.
 
 top_menu_quickadd ()
 Build the tooltip on top menu quick add.
 
 printDropdownQuickadd ()
 Generate list of quickadd items.
 
 top_menu_bookmark ()
 Build the tooltip on top menu bookmark.
 
 top_menu_search ()
 Build the tooltip on top menu search.
 
 left_menu ($menu_array_before, $helppagename='', $notused='', $menu_array_after=array(), $leftmenuwithoutmainarea=0, $title='', $acceptdelayedhtml=0)
 Show left menu bar.
 
 main_area ($title='')
 Begin main area.
 
 getHelpParamFor ($helppagename, $langs)
 Return helpbaseurl, helppage and mode.
 
 printSearchForm ($urlaction, $urlobject, $title, $htmlmorecss, $htmlinputname, $accesskey='', $prefhtmlinputname='', $img='', $showtitlebefore=0, $autofocus=0)
 Show a search area.
 

Detailed Description

File that defines environment for Dolibarr GUI pages only (file not required by scripts)

Definition in file main.inc.php.

Function Documentation

◆ analyseVarsForSqlAndScriptsInjection()

analyseVarsForSqlAndScriptsInjection ( & $var,
$type,
$stopcode = 1 )

Return true if security check on parameters are OK, false otherwise.

Parameters
string|array<string,string>$var Variable name
int<0,2>$type 1=GET, 0=POST, 2=PHP_SELF
int<0,1>$stopcode 0=No stop code, 1=Stop code (default) if injection found
Returns
boolean True if there is no injection.

Show HTML header HTML + BODY + Top menu + left menu + DIV

Parameters
string$headOptional head lines
string$titleHTML title
string$help_urlUrl links to help page Syntax is: For a wiki page: EN:EnglishPage|FR:FrenchPage|ES:SpanishPage|DE:GermanPage For other external page: http://server/url
string$targetTarget to use on links
int<0,1>$disablejs More content into html header
int<0,1>$disablehead More content into html header
array | string$arrayofjsArray of complementary js files
array | string$arrayofcssArray of complementary css files
string$morequerystringQuery string to add to the link "print" to get same parameters (use only if autodetect fails)
string$morecssonbodyMore CSS on body tag. For example 'classforhorizontalscrolloftabs'.
string$replacemainareabyReplace call to main_area() by a print of this string
int$disablenofollowDisable the "nofollow" on meta robot header
int$disablenoindexDisable the "noindex" on meta robot header
Returns
void

Definition at line 263 of file main.inc.php.

References analyseVarsForSqlAndScriptsInjection(), and testSqlAndScriptInject().

Referenced by analyseVarsForSqlAndScriptsInjection().

◆ getArrayOfEmoji()

if(!empty($_SERVER['MAIN_SHOW_TUNING_INFO'])) getArrayOfEmoji ( )

Return array of Emojis.

We can't move this function inside a common lib because we need it for security before loading any file.

Returns
array<string,array<string>> Array of Emojis in hexadecimal
See also
getArrayOfEmojiBis()

Definition at line 62 of file main.inc.php.

Referenced by realCharForNumericEntities().

◆ getHelpParamFor()

getHelpParamFor ( $helppagename,
$langs )

Return helpbaseurl, helppage and mode.

Parameters
string$helppagenamePage name ('EN:xxx,ES:eee,FR:fff,DE:ddd...' or 'http://localpage')
Translate$langsLanguage
Returns
array{helpbaseurl:string,helppage:string,mode:string} Array of help urls

Definition at line 3600 of file main.inc.php.

Referenced by top_menu().

◆ left_menu()

left_menu ( $menu_array_before,
$helppagename = '',
$notused = '',
$menu_array_after = array(),
$leftmenuwithoutmainarea = 0,
$title = '',
$acceptdelayedhtml = 0 )

Show left menu bar.

Parameters
string$menu_array_beforeTable of menu entries to show before entries of menu handler. This param is deprecated and must be provided to ''.
string$helppagenameName of wiki page for help ('' by default). Syntax is: For a wiki page: EN:EnglishPage|FR:FrenchPage|ES:SpanishPage|DE:GermanPage For other external page: http://server/url
string$notusedDeprecated. Used in past to add content into left menu. Hooks can be used now.
array$menu_array_afterTable of menu entries to show after entries of menu handler
int$leftmenuwithoutmainareaMust be set to 1. 0 by default for backward compatibility with old modules.
string$titleTitle of web page
int<0,1>$acceptdelayedhtml 1 if caller request to have html delayed content not returned but saved into global $delayedhtmlcontent (so caller can show it at end of page to avoid flash FOUC effect)
Returns
void

Definition at line 3285 of file main.inc.php.

References dol_escape_htmltag(), dol_syslog(), getDolGlobalString(), main_area(), and printSearchForm().

◆ main_area()

main_area ( $title = '')

Begin main area.

Parameters
string$titleTitle
Returns
void

Definition at line 3538 of file main.inc.php.

References dol_escape_htmltag(), getDolGlobalString(), GETPOST(), and info_admin().

Referenced by left_menu().

◆ printDropdownQuickadd()

printDropdownQuickadd ( )

Generate list of quickadd items.

Returns
string HTML output

Definition at line 2835 of file main.inc.php.

References getDolGlobalString(), and img_picto().

Referenced by top_menu_quickadd().

◆ printSearchForm()

printSearchForm ( $urlaction,
$urlobject,
$title,
$htmlmorecss,
$htmlinputname,
$accesskey = '',
$prefhtmlinputname = '',
$img = '',
$showtitlebefore = 0,
$autofocus = 0 )

Show a search area.

Used when the javascript quick search is not used.

Parameters
string$urlactionUrl post
string$urlobjectUrl of the link under the search box
string$titleTitle search area
string$htmlmorecssAdd more css
string$htmlinputnameField Name input form
string$accesskeyAccesskey
string$prefhtmlinputnameComplement for id to avoid multiple same id in the page
string$imgImage to use
int$showtitlebeforeShow title before input text instead of into placeholder. This can be set when output is dedicated for text browsers.
int$autofocusSet autofocus on field
Returns
string

Show HTML footer Close div /DIV class=fiche + /DIV id-right + /DIV id-container + /BODY + /HTML. If global var $delayedhtmlcontent was filled, we output it just before closing the body.

Parameters
string$commentA text to add as HTML comment into HTML generated page
string$zone'private' (for private pages) or 'public' (for public pages)
int$disabledoutputofmessagesClear all messages stored into session without displaying them
Returns
void

Definition at line 3660 of file main.inc.php.

References img_picto().

Referenced by left_menu().

◆ realCharForNumericEntities()

realCharForNumericEntities ( $matches)

Return the real char for a numeric entities.

WARNING: This function is required by testSqlAndScriptInject() and the GETPOST 'restricthtml'. Regex calling must be similar.

Parameters
array<int,string>$matches Array with a decimal numeric entity into key 0, value without the &# into the key 1
Returns
string New value

Definition at line 86 of file main.inc.php.

References getArrayOfEmoji().

Referenced by testSqlAndScriptInject().

◆ testSqlAndScriptInject()

testSqlAndScriptInject ( $val,
$type )

Security: WAF layer for SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST, PHP_SELF).

Warning: Such a protection can't be enough. It is not reliable as it will always be possible to bypass this. Good protection can only be guaranteed by escaping data during output.

Parameters
string$valBrute value found into $_GET, $_POST or PHP_SELF
string$type0=POST, 1=GET, 2=PHP_SELF, 3=GET without sql reserved keywords (the less tolerant test)
Returns
int >0 if there is an injection, 0 if none
Parameters
string[]$m
Returns
string

Definition at line 123 of file main.inc.php.

References realCharForNumericEntities().

Referenced by analyseVarsForSqlAndScriptsInjection(), ImportCsv\import_insert(), ImportXlsx\import_insert(), Form\select_thirdparty_list(), and Form\selectcontacts().

◆ top_htmlhead()

top_htmlhead ( $head,
$title = '',
$disablejs = 0,
$disablehead = 0,
$arrayofjs = array(),
$arrayofcss = array(),
$disableforlogin = 0,
$disablenofollow = 0,
$disablenoindex = 0 )

Output html header of a page.

It calls also top_httphead() This code is also duplicated into security2.lib.php\dol_loginfunction

Parameters
string$headOptional head lines
string$titleHTML title
int<0,1>$disablejs Disable js output
int<0,1>$disablehead Disable head output
string[]$arrayofjsArray of complementary js files
string[]$arrayofcssArray of complementary css files
int<0,1>$disableforlogin Do not load heavy js and css for login pages
int<0,1>$disablenofollow Disable nofollow tag for meta robots
int<0,1>$disablenoindex Disable noindex tag for meta robots
Returns
void

Definition at line 1790 of file main.inc.php.

References dol_buildpath(), dol_htmlentities(), dol_syslog(), dolibarr_set_const(), getDolGlobalInt(), getDolGlobalString(), GETPOST(), GETPOSTINT(), and top_httphead().

Referenced by llxHeaderSurvey(), llxHeaderTicket(), llxHeaderVierge(), llxHeaderVierge(), and top_menu().

◆ top_httphead()

if(!defined('NOREQUIREMENU')) if(!empty(GETPOST( 'seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead ( $contenttype = 'text/html',
$forcenocache = 0 )

Show HTTP header.

Called by top_htmlhead().

Parameters
string$contenttypeContent type. For example, 'text/html'
int<0,1>$forcenocache Force disabling of cache for the page
Returns
void

Definition at line 1651 of file main.inc.php.

References getDolGlobalString().

Referenced by barcode_outimage(), DocumentController\display(), AccountancyExport\export(), httponly_accessforbidden(), llxHeaderVierge(), print_paybox_redirect(), and top_htmlhead().

◆ top_menu()

top_menu ( $head,
$title = '',
$target = '',
$disablejs = 0,
$disablehead = 0,
$arrayofjs = array(),
$arrayofcss = array(),
$morequerystring = '',
$helppagename = '' )

Show an HTML header + a BODY + The top menu bar.

Parameters
string$headLines in the HEAD
string$titleTitle of web page
string$targetTarget to use in menu links (Example: '' or '_top')
int<0,1>$disablejs Do not output links to js (Ex: qd fonction utilisee par sous formulaire Ajax)
int<0,1>$disablehead Do not output head section
string[]$arrayofjsArray of js files to add in header
string[]$arrayofcssArray of css files to add in header
string$morequerystringQuery string to add to the link "print" to get same parameters (use only if autodetect fails)
string$helppagenameName of wiki page for help ('' by default). Syntax is: For a wiki page: EN:EnglishPage|FR:FrenchPage|ES:SpanishPage|DE:GermanPage For other external page: http://server/url
Returns
void

Definition at line 2221 of file main.inc.php.

References dol_escape_htmltag(), getDolGlobalInt(), getDolGlobalString(), getHelpParamFor(), GETPOSTINT(), img_picto(), newToken(), top_htmlhead(), top_menu_bookmark(), top_menu_quickadd(), top_menu_search(), and top_menu_user().

◆ top_menu_bookmark()

top_menu_bookmark ( )

Build the tooltip on top menu bookmark.

Returns
string HTML content

Definition at line 3014 of file main.inc.php.

References getDolGlobalString(), and printDropdownBookmarksList().

Referenced by top_menu().

◆ top_menu_quickadd()

top_menu_quickadd ( )

Build the tooltip on top menu quick add.

Returns
string HTML content

Definition at line 2752 of file main.inc.php.

References getDolGlobalString(), and printDropdownQuickadd().

Referenced by top_menu().

◆ top_menu_search()

top_menu_search ( )

Build the tooltip on top menu search.

Returns
string HTML content

Definition at line 3109 of file main.inc.php.

Referenced by top_menu().

◆ top_menu_user()

top_menu_user ( $hideloginname = 0,
$urllogout = '' )

Build the tooltip on user login.

Parameters
int<0,1>$hideloginname Hide login name. Show only the image.
string$urllogoutURL for logout (Will use DOL_URL_ROOT.'/user/logout.php?token=...' if empty)
Returns
string HTML content

Definition at line 2481 of file main.inc.php.

References dol_escape_htmltag(), dol_print_date(), dol_print_profids(), dolButtonToOpenUrlInDialogPopup(), getDolGlobalString(), img_picto(), newToken(), picto_from_langcode(), Form\showphoto(), and yn().

Referenced by top_menu().