dolibarr 23.0.3
security_headers_http.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2004-2013 Laurent Destailleur <eldy@users.sourceforge.net>
3 * Copyright (C) 2005-2012 Regis Houssin <regis.houssin@inodbox.com>
4 * Copyright (C) 2013 Juanjo Menent <jmenent@2byte.es>
5 * Copyright (C) 2024 Frédéric France <frederic.france@free.fr>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
19 */
20
27// Load Dolibarr environment
28require '../main.inc.php';
36require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
37require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
38require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
39
40// Load translation files required by the page
41$langs->loadLangs(array("users", "admin", "other", "website"));
42
43if (!$user->admin) {
44 accessforbidden();
45}
46
47$action = GETPOST('action', 'aZ09');
48$cancel = GETPOST('cancel', 'alpha');
49
50$forceCSP = getDolGlobalString("MAIN_SECURITY_FORCECSP");
51$selectarrayCSPDirectives = GetContentPolicyDirectives();
52$selectarrayCSPSources = GetContentPolicySources();
53$forceCSPArr = GetContentPolicyToArray($forceCSP);
54$error = 0;
55
56
57/*
58 * Actions
59 */
60
61if ($cancel) {
62 $action = '';
63}
64
65$reg = array();
66if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) {
67 $code = $reg[1];
68 $value = (GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1);
69 if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0) {
70 header("Location: ".$_SERVER["PHP_SELF"]);
71 exit;
72 } else {
73 dol_print_error($db);
74 }
75} elseif (preg_match('/del_([a-z0-9_\-]+)/i', $action, $reg)) {
76 $code = $reg[1];
77 if (dolibarr_del_const($db, $code, $conf->entity) > 0) {
78 header("Location: ".$_SERVER["PHP_SELF"]);
79 exit;
80 } else {
81 dol_print_error($db);
82 }
83} elseif ($action == 'removecspsource') {
84 $db->begin();
85 $sourcetype = "";
86 $sourcecsp = explode("_", GETPOST("sourcecsp"));
87 $directive = $sourcecsp[0];
88 $sourcekey = isset($sourcecsp[1]) ? $sourcecsp[1] : null;
89 $sourcedata = isset($sourcecsp[2]) ? $sourcecsp[2] : null;
90 $forceCSPArr = GetContentPolicyToArray($forceCSP);
91 $directivesarray = GetContentPolicyDirectives();
92 $sourcesarray = GetContentPolicySources();
93 if (empty($directive)) {
94 $error++;
95 }
96
97 if (!empty($directivesarray[$directive])) {
98 $directivetype = (string) $directivesarray[$directive]["data-directivetype"];
99 if (isset($sourcekey)) {
100 $sourcetype = $sourcesarray[$directivetype][$sourcekey]["data-sourcetype"];
101 }
102 }
103
104 $securitycspstring = "";
105 if (!$error && !empty($forceCSPArr)) {
106 if (isset($sourcekey) && !empty($forceCSPArr[$directive][$sourcekey])) {
107 unset($forceCSPArr[$directive][$sourcekey]);
108 }
109 if (count($forceCSPArr[$directive]) == 0) {
110 unset($forceCSPArr[$directive]);
111 }
112 foreach ($forceCSPArr as $directive => $sourcekeys) {
113 if ($securitycspstring != "") {
114 $securitycspstring .= "; ";
115 }
116 $sourcestring = "";
117 foreach ($sourcekeys as $key => $source) {
118 $directivetype = $directivesarray[$directive]["data-directivetype"];
119 $sourcetype = $sourcesarray[$directivetype][$source]["data-sourcetype"];
120 if ($sourcetype == "quoted") {
121 $sourcestring .= " '".$source."'";
122 } else {
123 $sourcestring .= " ".$source;
124 }
125 }
126 $securitycspstring .= $directive . $sourcestring;
127 }
128
129 // Add a protection against bad setup that break Dolibarr
130 $securitycspstring = cleanSecurityCSP($securitycspstring);
131
132 $res = dolibarr_set_const($db, 'MAIN_SECURITY_FORCECSP', $securitycspstring, 'chaine', 0, '', $conf->entity);
133 if ($res <= 0) {
134 $error++;
135 }
136 }
137
138 if (!$error) {
139 $db->commit();
140 setEventMessages($langs->trans("MainSecurityPolicySucesfullyRemoved"), null, 'mesgs');
141 } else {
142 $db->rollback();
143 setEventMessages($langs->trans("MainErrorRemovingSecurityPolicy"), null, 'errors');
144 }
145
146 header("Location: ".$_SERVER["PHP_SELF"]);
147 exit;
148} elseif ($action == "updateform" && GETPOST("btn_MAIN_SECURITY_FORCECSP")) {
149 $directivecsp = GETPOST("select_identifier_MAIN_SECURITY_FORCECSP");
150 $sourcecsp = GETPOST("select_source_MAIN_SECURITY_FORCECSP");
151 $sourcedatacsp = GETPOST("input_data_MAIN_SECURITY_FORCECSP");
152 $sourcetype = "";
153
154 $forceCSPArr = GetContentPolicyToArray($forceCSP);
155 $directivesarray = GetContentPolicyDirectives();
156 $sourcesarray = GetContentPolicySources();
157 if (empty($directivecsp)) {
158 $error++;
159 }
160 if ($error || (!isset($sourcecsp) && $directivesarray[$directivecsp]["data-directivetype"] != "none")) {
161 $error++;
162 }
163 if (!$error) {
164 $directivetype = $directivesarray[$directivecsp]["data-directivetype"];
165 if (isset($sourcecsp)) {
166 $sourcetype = $sourcesarray[$directivetype][$sourcecsp]["data-sourcetype"];
167 }
168 $securitycspstring = "";
169 if (isset($sourcetype) && $sourcetype == "data") {
170 $forceCSPArr[$directivecsp][] = "data:".$sourcedatacsp;
171 } elseif (isset($sourcetype) && $sourcetype == "blob") {
172 $forceCSPArr[$directivecsp][] = "blob:".$sourcedatacsp;
173 } elseif (isset($sourcetype) && $sourcetype == "input") {
174 if (empty($forceCSPArr[$directivecsp])) {
175 $forceCSPArr[$directivecsp] = array();
176 }
177 $forceCSPArr[$directivecsp] = array_merge(explode(" ", $sourcedatacsp), $forceCSPArr[$directivecsp]);
178 } else {
179 if (empty($forceCSPArr[$directivecsp])) {
180 $forceCSPArr[$directivecsp] = array();
181 }
182 if (!isset($sourcecsp)) {
183 $sourcecsp = "";
184 }
185 array_unshift($forceCSPArr[$directivecsp], $sourcecsp);
186 }
187 foreach ($forceCSPArr as $directive => $sourcekeys) {
188 if ($securitycspstring != "") {
189 $securitycspstring .= "; ";
190 }
191 $sourcestring = "";
192 foreach ($sourcekeys as $key => $source) {
193 $directivetype = $directivesarray[$directive]["data-directivetype"];
194 $sourcetype = $sourcesarray[$directivetype][$source]["data-sourcetype"];
195 if (isset($sourcetype) && $sourcetype == "quoted") {
196 $sourcestring .= " '".$source."'";
197 } elseif ($directivetype != "none") {
198 $sourcestring .= " ".$source;
199 }
200 }
201 $securitycspstring .= $directive . $sourcestring;
202 }
203
204 // Add a protection against bad setup that break Dolibarr
205 $securitycspstring = cleanSecurityCSP($securitycspstring);
206
207 $res = dolibarr_set_const($db, 'MAIN_SECURITY_FORCECSP', $securitycspstring, 'chaine', 0, '', $conf->entity);
208 if ($res <= 0) {
209 $error++;
210 }
211 }
212
213 if (!$error) {
214 $db->commit();
215 setEventMessages($langs->trans("MainSecurityPolicySucesfullyAdded"), null, 'mesgs');
216 } else {
217 $db->rollback();
218 setEventMessages($langs->trans("MainErrorAddingSecurityPolicy"), null, 'errors');
219 }
220 header("Location: ".$_SERVER["PHP_SELF"]);
221 exit;
222} elseif ($action == "updateform") {
223 $db->begin();
224 $res1 = $res2 = $res3 = $res4 = 0;
225 $securityrp = GETPOST('MAIN_SECURITY_FORCERP', 'alpha');
226 $securitysts = GETPOST('MAIN_SECURITY_FORCESTS', 'alpha');
227 $securitypp = GETPOST('MAIN_SECURITY_FORCEPP', 'alpha');
228 $securitycsp = GETPOST('MAIN_SECURITY_FORCECSP', 'alpha');
229 $securitycspro = GETPOST('MAIN_SECURITY_FORCECSPRO', 'alpha');
230
231 // Add a protection against bad setup that break Dolibarr
232 $securitycsp = cleanSecurityCSP($securitycsp);
233 $securitycspro = cleanSecurityCSP($securitycspro);
234
235 $res1 = dolibarr_set_const($db, 'MAIN_SECURITY_FORCERP', $securityrp, 'chaine', 0, '', $conf->entity);
236 $res2 = dolibarr_set_const($db, 'MAIN_SECURITY_FORCESTS', $securitysts, 'chaine', 0, '', $conf->entity);
237 $res3 = dolibarr_set_const($db, 'MAIN_SECURITY_FORCEPP', $securitypp, 'chaine', 0, '', $conf->entity);
238 $res4 = dolibarr_set_const($db, 'MAIN_SECURITY_FORCECSP', $securitycsp, 'chaine', 0, '', $conf->entity);
239 $res5 = dolibarr_set_const($db, 'MAIN_SECURITY_FORCECSPRO', $securitycspro, 'chaine', 0, '', $conf->entity);
240
241 if ($res1 >= 0 && $res2 >= 0 && $res3 >= 0 && $res4 >= 0 && $res5 >= 0) {
242 $db->commit();
243 setEventMessages($langs->trans("Saved"), null, 'mesgs');
244
245 header("Location: ".$_SERVER["PHP_SELF"]);
246 exit;
247 } else {
248 $db->rollback();
249 setEventMessages($langs->trans("ErrorSavingChanges"), null, 'errors');
250 }
251 $action = '';
252 $forceCSP = getDolGlobalString("MAIN_SECURITY_FORCECSP");
253}
254
261function cleanSecurityCSP($securitycsp)
262{
263 if (!empty($securitycsp)) {
264 if (!preg_match('/script-src.*self/', $securitycsp) || !preg_match('/script-src.*unsafe-inline/', $securitycsp)) {
265 if (!preg_match('/script-src/', $securitycsp)) {
266 $securitycsp .= (preg_match('/;\s*$/', $securitycsp) ? '' : '; ').' script-src \'self\' \'unsafe-inline\';';
267 } else {
268 $securitycsp = preg_replace('/script-src\s+/', 'script-src \'self\' \'unsafe-inline\' ', $securitycsp);
269 }
270 }
271 if (!preg_match('/style-src.*self/', $securitycsp) || !preg_match('/style-src.*unsafe-inline/', $securitycsp)) {
272 if (!preg_match('/style-src/', $securitycsp)) {
273 $securitycsp .= (preg_match('/;\s*$/', $securitycsp) ? '' : '; ').' style-src \'self\' \'unsafe-inline\';';
274 } else {
275 $securitycsp = preg_replace('/style-src\s+/', 'style-src \'self\' \'unsafe-inline\' ', $securitycsp);
276 }
277 }
278 if (!preg_match('/dolibarr\.org/', $securitycsp)) {
279 if (!preg_match('/default-src/', $securitycsp)) {
280 $securitycsp .= (preg_match('/;\s*$/', $securitycsp) ? '' : '; ').' default-src *.dolibarr.org;';
281 } else {
282 $securitycsp = preg_replace('/default-src\s+/', 'default-src *.dolibarr.org ', $securitycsp);
283 }
284 }
285 }
286 $securitycsp = preg_replace('/\s+/', ' ', $securitycsp);
287 return $securitycsp;
288}
289
290
291/*
292 * View
293 */
294
295$form = new Form($db);
296
297$wikihelp = 'EN:Setup_Security|FR:Paramétrage_Sécurité|ES:Configuración_Seguridad';
298llxHeader('', $langs->trans("MainHttpSecurityHeaders"), $wikihelp, '', 0, 0, '', '', '', 'mod-admin page-security_other');
299
300print load_fiche_titre($langs->trans("SecuritySetup"), '', 'title_setup');
301$head = security_prepare_head();
302
303print dol_get_fiche_head($head, 'headers_http', '', -1);
304
305print '<br>';
306
307print '<span class="opacitymedium">'.$langs->trans("HTTPHeaderEditor").'. '.$langs->trans("ReservedToAdvancedUsers").'.</span><br><br>';
308
309print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
310print '<input type="hidden" name="token" value="'.newToken().'">';
311print '<input type="hidden" name="action" value="updateform">';
312
313print '<div class="div-table-responsive-no-min">';
314print '<table class="noborder centpercent">';
315print '<tr class="liste_titre">';
316print '<td>'.$langs->trans("HTTPHeader").'</td>';
317print '<td></td>'."\n";
318print '</tr>';
319
320// Force RP
321print '<tr class="oddeven">';
322print '<td>'.$form->textwithpicto($langs->trans('MainSecurityForceRP'), 'HTTP Header Referer-Policy<br><br>'.$langs->trans("Recommended").':<br>strict-origin-when-cross-origin <span class="opacitymedium"> &nbsp; '.$langs->trans("or").' &nbsp; </span> same-origin <span class="opacitymedium">(more secured)</span>', 1, 'help', 'valignmiddle', 0, 3, 'MAIN_SECURITY_FORCERP').'</td>';
323print '<td><input class="minwidth500" name="MAIN_SECURITY_FORCERP" id="MAIN_SECURITY_FORCERP" value="'.getDolGlobalString("MAIN_SECURITY_FORCERP").'" spellcheck="false"></td>';
324print '</tr>';
325// Force STS
326print '<tr class="oddeven">';
327print '<td>'.$form->textwithpicto($langs->trans('MainSecurityForceSTS'), 'HTTP Header Strict-Transport-Security<br><br>'.$langs->trans("Example").':<br>max-age=31536000; includeSubDomains', 1, 'help', 'valignmiddle', 0, 3, 'MAIN_SECURITY_FORCESTS').'</td>';
328print '<td><input class="minwidth500" name="MAIN_SECURITY_FORCESTS" id="MAIN_SECURITY_FORCESTS" value="'.getDolGlobalString("MAIN_SECURITY_FORCESTS").'" spellcheck="false"></td>';
329print '</tr>';
330// Force PP
331print '<tr class="oddeven">';
332print '<td>'.$form->textwithpicto($langs->trans('MainSecurityForcePP'), 'HTTP Header Permissions-Policy<br><br>'.$langs->trans("Example").':<br>camera=*, microphone=(), geolocation=*', 1, 'help', 'valignmiddle', 0, 3, 'MAIN_SECURITY_FORCEPP').'</td>';
333print '<td><input class="minwidth500" name="MAIN_SECURITY_FORCEPP" id="MAIN_SECURITY_FORCEPP" value="'.getDolGlobalString("MAIN_SECURITY_FORCEPP").'" spellcheck="false"></td>';
334print '</tr>';
335
336$examplecsprule = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;";
337
338// Force CSP - Content Security Policy
339print '<tr class="oddeven nohover">';
340print '<td class="tdtop">'.$form->textwithpicto($langs->trans('MainContentSecurityPolicy'), 'HTTP Header Content-Security-Policy<br><br>'.$langs->trans("Example").":<br>".$examplecsprule, 1, 'help', 'valignmiddle', 0, 3, 'MAIN_SECURITY_FORCECSP').'</td>';
341print '<td>';
342
343print '<div class="div-table-responsive-no-min">';
344
345print '<input class="minwidth500 quatrevingtpercent" name="MAIN_SECURITY_FORCECSP" id="MAIN_SECURITY_FORCECSP" value="'.$forceCSP.'" spellcheck="false"> <a href="#" id="btnaddcontentsecuritypolicy">'.img_picto('', 'add').'</a><br>';
346
347print '<br class="selectaddcontentsecuritypolicy hidden">';
348
349print '<div id="selectaddcontentsecuritypolicy" class="hidden selectaddcontentsecuritypolicy">';
350print $form->selectarray("select_identifier_MAIN_SECURITY_FORCECSP", $selectarrayCSPDirectives, "select_identifier_MAIN_SECURITY_FORCECSP", $langs->trans("FillCSPDirective"), 0, 0, '', 0, 0, 0, '', 'minwidth200 maxwidth350 inline-block');
351print ' ';
352print '<input type="hidden" id="select_source_MAIN_SECURITY_FORCECSP" name="select_source_MAIN_SECURITY_FORCECSP">';
353foreach ($selectarrayCSPSources as $key => $values) {
354 print '<div class="div_MAIN_SECURITY_FORCECSP hidden inline-block maxwidth350" id="div_'.$key.'_MAIN_SECURITY_FORCECSP">';
355 print $form->selectarray("select_".$key."_MAIN_SECURITY_FORCECSP", $values, "select_".$key."_MAIN_SECURITY_FORCECSP", $langs->trans("FillCSPSource"), 0, 0, '', 0, 0, 0, '', 'minwidth200 maxwidth300 inline-block select_MAIN_SECURITY_FORCECSP');
356 print '</div>';
357}
358print ' ';
359print '<div class="div_input_data_MAIN_SECURITY_FORCECSP hidden inline-block maxwidth200"><input id="input_data_MAIN_SECURITY_FORCECSP" name="input_data_MAIN_SECURITY_FORCECSP"></div>';
360print ' ';
361print '<div class="div_btn_class_MAIN_SECURITY_FORCECSP inline-block maxwidth200"><input type="submit" id="btn_MAIN_SECURITY_FORCECSP" name="btn_MAIN_SECURITY_FORCECSP" class="butAction small smallpaddingimp" value="'.$langs->trans("Add").'" disabled></div>';
362print '<br><br>';
363print '</div>';
364
365if (!empty($forceCSP)) {
366 // Content Security Policy list of selected rules
367 print '<br>';
368 print '<div class="div-table-responsive-no-min">';
369 print img_picto('', 'graph', 'class="pictofixedwidth"').$langs->trans("HierarchicView").'<br>';
370 print '<ul>';
371 foreach ($forceCSPArr as $directive => $sources) {
372 print '<li>';
373 if (in_array($directive, array_keys($selectarrayCSPDirectives))) {
374 print '<span>'.$directive.'</span>';
375 } else {
376 print $form->textwithpicto($directive, $langs->trans("UnknowContentSecurityPolicyDirective"), 1, 'warning');
377 }
378 if (!empty($sources)) {
379 print '<ul>';
380 foreach ($sources as $key => $source) {
381 print '<li><span>'.$source.'</span>&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?action=removecspsource&sourcecsp='.$directive.'_'.$key.'&token='.newToken().'">'.img_delete().'</a></li>';
382 }
383 print '</ul>';
384 } else {
385 print '&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?action=removecspsource&sourcecsp='.$directive.'&token='.newToken().'">'.img_delete().'</a>';
386 }
387 print '</li>';
388 }
389 print '</ul>';
390 print '</div>';
391}
392print '</div>';
393
394print '</td>';
395print '</tr>';
396
397// Force CSPRO
398if (getDolGlobalString("MAIN_SECURITY_FORCECSPRO")) {
399 print '<tr class="oddeven">';
400 print '<td>'.$form->textwithpicto($langs->trans('MainSecurityForceCSPRO'), 'HTTP Header Content-Security-Policy-Report-Only<br><br>'.$langs->trans("Example").":<br>".$examplecsprule, 1, 'help', 'valignmiddle', 0, 3, 'MAIN_SECURITY_FORCECSPRO').'</td>';
401 print '<td><input class="minwidth500" name="MAIN_SECURITY_FORCECSPRO" id="MAIN_SECURITY_FORCECSPRO" value="'.getDolGlobalString("MAIN_SECURITY_FORCECSPRO").'"></td>';
402 print '</tr>';
403}
404
405print '</table>';
406print '</div>';
407
408
409print '<div class="center">';
410
411print '<input type="submit" class="button small" name="updateandstay" value="'.$langs->trans("Save").'">';
412print '<input class="button button-cancel small" type="submit" name="cancel" value="'.$langs->trans("Cancel").'">';
413
414print '</div>';
415
416
417print '<script>
418 $(document).ready(function() {
419 $("#btnaddcontentsecuritypolicy").on("click", function(){
420 if($("#selectaddcontentsecuritypolicy").is(":visible")){
421 console.log("We hide select to add Content Security Policy");
422 $(".selectaddcontentsecuritypolicy").hide();
423 } else {
424 console.log("We show select to add Content Security Policy");
425 $(".selectaddcontentsecuritypolicy").show();
426 }
427 });
428
429 $("#select_identifier_MAIN_SECURITY_FORCECSP").on("change", function() {
430 key = $(this).find(":selected").data("directivetype");
431 console.log("We hide all select div");
432 $(".div_MAIN_SECURITY_FORCECSP").hide();
433 $(".select_MAIN_SECURITY_FORCECSP").val(null).trigger("change");
434 $(".div_input_data_MAIN_SECURITY_FORCECSP").hide();
435 $("#btn_MAIN_SECURITY_FORCECSP").prop("disabled",true);
436 if (key == "none"){
437 $("#btn_MAIN_SECURITY_FORCECSP").prop("disabled",false);
438 } else {
439 console.log("We show div select with key "+key);
440 $("#div_"+key+"_MAIN_SECURITY_FORCECSP").css("display", "inline-block");
441 }
442 });
443
444 $(".select_MAIN_SECURITY_FORCECSP").on("change", function() {
445 keysource = $(this).find(":selected").data("sourcetype");
446 $("#select_source_MAIN_SECURITY_FORCECSP").val($(this).val());
447 console.log("We hide and show fields");
448 if (keysource == "data" || keysource == "input") {
449 $(".div_input_data_MAIN_SECURITY_FORCECSP").css("display", "inline-block");
450 $("#btn_MAIN_SECURITY_FORCECSP").prop("disabled",true);
451 } else {
452 $("#input_data_MAIN_SECURITY_FORCECSP").val("");
453 $(".div_input_data_MAIN_SECURITY_FORCECSP").hide();
454 if (keysource != undefined) {
455 $("#btn_MAIN_SECURITY_FORCECSP").prop("disabled",false);
456 } else {
457 $("#btn_MAIN_SECURITY_FORCECSP").prop("disabled",true);
458 }
459 }
460 });
461
462 $("#input_data_MAIN_SECURITY_FORCECSP").on("change keyup", function(){
463 if ($(this).val() != "") {
464 console.log("We show add button");
465 $("#btn_MAIN_SECURITY_FORCECSP").prop("disabled",false);
466 } else {
467 console.log("We hide add button");
468 $("#btn_MAIN_SECURITY_FORCECSP").prop("disabled",true);
469 }
470 });
471 });
472</script>';
473
474print '</form>';
475
476print dol_get_fiche_end();
477print '</div>';
478
479// End of page
480llxFooter();
481$db->close();
security_prepare_head
security_prepare_head()
Prepare array with list of tabs.
Definition admin.lib.php:865
dolibarr_set_const
dolibarr_set_const($db, $name, $value, $type='chaine', $visible=0, $note='', $entity=1)
Insert a parameter (key,value) into database (delete old key then insert it again).
Definition admin.lib.php:675
dolibarr_del_const
dolibarr_del_const($db, $name, $entity=1)
Delete a constant.
Definition admin.lib.php:585
GetContentPolicySources
GetContentPolicySources()
Prepare array of sources for HTTP headers.
Definition admin.lib.php:2226
GetContentPolicyToArray
GetContentPolicyToArray($forceCSP)
Transform a Content Security Policy to an array.
Definition admin.lib.php:2281
GetContentPolicyDirectives
GetContentPolicyDirectives()
Prepare array of directives for HTTP headers.
Definition admin.lib.php:2184
llxFooter
llxFooter($comment='', $zone='private', $disabledoutputofmessages=0)
Empty footer.
Definition wrapper.php:91
llxHeader
if(!defined('NOREQUIRESOC')) if(!defined( 'NOREQUIRETRAN')) if(!defined('NOTOKENRENEWAL')) if(!defined( 'NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined( 'NOREQUIREAJAX')) llxHeader($head='', $title='', $help_url='', $target='', $disablejs=0, $disablehead=0, $arrayofjs='', $arrayofcss='', $morequerystring='', $morecssonbody='', $replacemainareaby='', $disablenofollow=0, $disablenoindex=0)
Empty header.
Definition wrapper.php:73
Form
Class to manage generation of HTML components Only common components must be here.
Definition html.form.class.php:57
setEventMessages
setEventMessages($mesg, $mesgs, $style='mesgs', $messagekey='', $noduplicate=0, $attop=0)
Set event messages in dol_events session object.
Definition functions.lib.php:11205
img_picto
img_picto($titlealt, $picto, $moreatt='', $pictoisfullpath=0, $srconly=0, $notitle=0, $alt='', $morecss='', $marginleftonlyshort=2, $allowothertags=array())
Show picto whatever it's its name (generic function)
Definition functions.lib.php:5577
img_delete
img_delete($titlealt='default', $other='class="pictodelete"', $morecss='')
Show delete logo.
Definition functions.lib.php:6410
dol_get_fiche_head
dol_get_fiche_head($links=array(), $active='', $title='', $notab=0, $picto='', $pictoisfullpath=0, $morehtmlright='', $morecss='', $limittoshow=0, $moretabssuffix='', $dragdropfile=0, $morecssdiv='')
Show tabs of a record.
Definition functions.lib.php:3114
dol_get_fiche_end
dol_get_fiche_end($notab=0)
Return tab footer of a card.
Definition functions.lib.php:3312
newToken
newToken()
Return the value of token currently saved into session with name 'newtoken'.
Definition functions.lib.php:15451
GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition functions.lib.php:1033
dol_print_error
dol_print_error($db=null, $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
Definition functions.lib.php:6834
load_fiche_titre
load_fiche_titre($title, $morehtmlright='', $picto='generic', $pictoisfullpath=0, $id='', $morecssontable='', $morehtmlcenter='', $morecssonpicto='widthpictotitle')
Load a title with picto.
Definition functions.lib.php:7209
getDolGlobalString
getDolGlobalString($key, $default='')
Return a Dolibarr global constant string value.
Definition functions.lib.php:258
accessforbidden
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.
Definition security.lib.php:1358
cleanSecurityCSP
if(preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) elseif(preg_match('/del_([a-z0-9_\-]+)/i', $action, $reg)) elseif( $action=='removecspsource') elseif($action=="updateform" &&GETPOST("btn_MAIN_SECURITY_FORCECSP")) elseif( $action=="updateform" cleanSecurityCSP)($securitycsp)
Function to fix a bad security CSP string.
Definition security_headers_http.php:261
Generated on Mon Jun 22 2026 20:45:20 for dolibarr by Doxygen 1.11.0