File that defines environment for Dolibarr GUI pages only (file not required by scripts) More...

Functions
if(!empty( $_SERVER[ 'MAIN_SHOW_TUNING_INFO']))	getArrayOfEmoji ()
	Return array of Emojis.

	realCharForNumericEntities ($matches)
	Return the real char for a numeric entities.

	testSqlAndScriptInject ($val, $type)
	Security: WAF layer for SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST, PHP_SELF).

	analyseVarsForSqlAndScriptsInjection (&$var, $type, $stopcode=1)
	Return true if security check on parameters are OK, false otherwise.

if(!defined( 'NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader"))	top_httphead ($contenttype='text/html', $forcenocache=0)
	Show HTTP header.

	top_htmlhead ($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs=array(), $arrayofcss=array(), $disableforlogin=0, $disablenofollow=0, $disablenoindex=0)
	Output html header of a page.

	top_menu ($head, $title='', $target='', $disablejs=0, $disablehead=0, $arrayofjs=array(), $arrayofcss=array(), $morequerystring='', $helppagename='')
	Show an HTML header + a BODY + The top menu bar.

	top_menu_user ($hideloginname=0, $urllogout='')
	Build the tooltip on user login.

	top_menu_quickadd ()
	Build the tooltip on top menu quick add.

	printDropdownQuickadd ()
	Generate list of quickadd items.

	top_menu_bookmark ()
	Build the tooltip on top menu bookmark.

	top_menu_search ()
	Build the tooltip on top menu tsearch.

	left_menu ($menu_array_before, $helppagename='', $notused='', $menu_array_after=array(), $leftmenuwithoutmainarea=0, $title='', $acceptdelayedhtml=0)
	Show left menu bar.

	main_area ($title='')
	Begin main area.

	getHelpParamFor ($helppagename, $langs)
	Return helpbaseurl, helppage and mode.

	printSearchForm ($urlaction, $urlobject, $title, $htmlmorecss, $htmlinputname, $accesskey='', $prefhtmlinputname='', $img='', $showtitlebefore=0, $autofocus=0)
	Show a search area.

Detailed Description

File that defines environment for Dolibarr GUI pages only (file not required by scripts)

Definition in file main.inc.php.

Function Documentation

◆ analyseVarsForSqlAndScriptsInjection()

analyseVarsForSqlAndScriptsInjection	(	&	$var,
			$type,
			$stopcode = 1 )

Return true if security check on parameters are OK, false otherwise.

Parameters

string\|array<string,string>	$var Variable name
int<0,2>	$type 1=GET, 0=POST, 2=PHP_SELF
int<0,1>	$stopcode 0=No stop code, 1=Stop code (default) if injection found

Returns: boolean True if there is no injection.

Show HTML header HTML + BODY + Top menu + left menu + DIV

Parameters

string	$head	Optional head lines
string	$title	HTML title
string	$help_url	Url links to help page Syntax is: For a wiki page: EN:EnglishPage\|FR:FrenchPage\|ES:SpanishPage\|DE:GermanPage For other external page: http://server/url
string	$target	Target to use on links
	int<0,1>	$disablejs More content into html header
	int<0,1>	$disablehead More content into html header
array \| string	$arrayofjs	Array of complementary js files
array \| string	$arrayofcss	Array of complementary css files
string	$morequerystring	Query string to add to the link "print" to get same parameters (use only if autodetect fails)
string	$morecssonbody	More CSS on body tag. For example 'classforhorizontalscrolloftabs'.
string	$replacemainareaby	Replace call to main_area() by a print of this string
int	$disablenofollow	Disable the "nofollow" on meta robot header
int	$disablenoindex	Disable the "noindex" on meta robot header

Returns: void

Definition at line 261 of file main.inc.php.

References analyseVarsForSqlAndScriptsInjection(), and testSqlAndScriptInject().

Referenced by analyseVarsForSqlAndScriptsInjection().

◆ getArrayOfEmoji()

if(!empty($_SERVER['MAIN_SHOW_TUNING_INFO'])) getArrayOfEmoji ( )

Return array of Emojis.

We can't move this function inside a common lib because we need it for security before loading any file.

Returns: array<string,array<string>> Array of Emojis in hexadecimal

See also: getArrayOfEmojiBis()

Definition at line 62 of file main.inc.php.

Referenced by realCharForNumericEntities().

◆ getHelpParamFor()

getHelpParamFor	(		$helppagename,
			$langs )

Return helpbaseurl, helppage and mode.

Parameters

string	$helppagename	Page name ('EN:xxx,ES:eee,FR:fff,DE:ddd...' or 'http://localpage')
Translate	$langs	Language

Returns: array{helpbaseurl:string,helppage:string,mode:string} Array of help urls

Definition at line 3601 of file main.inc.php.

Referenced by top_menu().

◆ left_menu()

left_menu	(	$menu_array_before,
		$helppagename = '',
		$notused = '',
		$menu_array_after = array(),
		$leftmenuwithoutmainarea = 0,
		$title = '',
		$acceptdelayedhtml = 0 )

Show left menu bar.

Parameters

string	$menu_array_before	Table of menu entries to show before entries of menu handler. This param is deprecated and must be provided to ''.
string	$helppagename	Name of wiki page for help ('' by default). Syntax is: For a wiki page: EN:EnglishPage\|FR:FrenchPage\|ES:SpanishPage\|DE:GermanPage For other external page: http://server/url
string	$notused	Deprecated. Used in past to add content into left menu. Hooks can be used now.
array	$menu_array_after	Table of menu entries to show after entries of menu handler
int	$leftmenuwithoutmainarea	Must be set to 1. 0 by default for backward compatibility with old modules.
string	$title	Title of web page
	int<0,1>	$acceptdelayedhtml 1 if caller request to have html delayed content not returned but saved into global $delayedhtmlcontent (so caller can show it at end of page to avoid flash FOUC effect)

Returns: void

Definition at line 3282 of file main.inc.php.

References dol_escape_htmltag(), dol_syslog(), getDolGlobalInt(), getDolGlobalString(), main_area(), and printSearchForm().

◆ main_area()

main_area ( $title = '' )

Begin main area.

Parameters

string $title Title

Returns: void

Definition at line 3539 of file main.inc.php.

References dol_escape_htmltag(), getDolGlobalString(), GETPOST(), and info_admin().

Referenced by left_menu().

◆ printDropdownQuickadd()

printDropdownQuickadd ( )

Generate list of quickadd items.

Returns: string HTML output

Definition at line 2832 of file main.inc.php.

References getDolGlobalString(), and img_picto().

Referenced by top_menu_quickadd().

◆ printSearchForm()

printSearchForm	(	$urlaction,
		$urlobject,
		$title,
		$htmlmorecss,
		$htmlinputname,
		$accesskey = '',
		$prefhtmlinputname = '',
		$img = '',
		$showtitlebefore = 0,
		$autofocus = 0 )

Show a search area.

Used when the javascript quick search is not used.

Parameters

string	$urlaction	Url post
string	$urlobject	Url of the link under the search box
string	$title	Title search area
string	$htmlmorecss	Add more css
string	$htmlinputname	Field Name input form
string	$accesskey	Accesskey
string	$prefhtmlinputname	Complement for id to avoid multiple same id in the page
string	$img	Image to use
int	$showtitlebefore	Show title before input text instead of into placeholder. This can be set when output is dedicated for text browsers.
int	$autofocus	Set autofocus on field

Returns: string

Show HTML footer Close div /DIV class=fiche + /DIV id-right + /DIV id-container + /BODY + /HTML. If global var $delayedhtmlcontent was filled, we output it just before closing the body.

Parameters

string	$comment	A text to add as HTML comment into HTML generated page
string	$zone	'private' (for private pages) or 'public' (for public pages)
int	$disabledoutputofmessages	Clear all messages stored into session without displaying them

Returns: void

Definition at line 3661 of file main.inc.php.

References img_picto().

Referenced by left_menu().

◆ realCharForNumericEntities()

realCharForNumericEntities ( $matches )

Return the real char for a numeric entities.

WARNING: This function is required by testSqlAndScriptInject() and the GETPOST 'restricthtml'. Regex calling must be similar.

Parameters

array<int,string> $matches Array with a decimal numeric entity into key 0, value without the &# into the key 1

Returns: string New value

Definition at line 86 of file main.inc.php.

References getArrayOfEmoji().

Referenced by testSqlAndScriptInject().

◆ testSqlAndScriptInject()

testSqlAndScriptInject	(		$val,
			$type )

Security: WAF layer for SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST, PHP_SELF).

Warning: Such a protection can't be enough. It is not reliable as it will always be possible to bypass this. Good protection can only be guaranteed by escaping data during output.

Parameters

string	$val	Brute value found into $_GET, $_POST or PHP_SELF
string	$type	0=POST, 1=GET, 2=PHP_SELF, 3=GET without sql reserved keywords (the less tolerant test)

Returns: int >0 if there is an injection, 0 if none

Parameters

string[] $m

Returns: string

Definition at line 123 of file main.inc.php.

References realCharForNumericEntities().

Referenced by analyseVarsForSqlAndScriptsInjection(), ImportCsv\import_insert(), ImportXlsx\import_insert(), Form\select_thirdparty_list(), and Form\selectcontacts().

◆ top_htmlhead()

top_htmlhead	(	$head,
		$title = '',
		$disablejs = 0,
		$disablehead = 0,
		$arrayofjs = array(),
		$arrayofcss = array(),
		$disableforlogin = 0,
		$disablenofollow = 0,
		$disablenoindex = 0 )

Output html header of a page.

It calls also top_httphead() This code is also duplicated into security2.lib.php\dol_loginfunction

Parameters

string	$head	Optional head lines
string	$title	HTML title
	int<0,1>	$disablejs Disable js output
	int<0,1>	$disablehead Disable head output
string[]	$arrayofjs	Array of complementary js files
string[]	$arrayofcss	Array of complementary css files
	int<0,1>	$disableforlogin Do not load heavy js and css for login pages
	int<0,1>	$disablenofollow Disable nofollow tag for meta robots
	int<0,1>	$disablenoindex Disable noindex tag for meta robots

Returns: void

Definition at line 1796 of file main.inc.php.

References dol_buildpath(), dol_htmlentities(), dol_syslog(), dolibarr_set_const(), getDolGlobalInt(), getDolGlobalString(), GETPOST(), GETPOSTINT(), and top_httphead().

Referenced by llxHeaderSurvey(), llxHeaderTicket(), llxHeaderVierge(), llxHeaderVierge(), and top_menu().

◆ top_httphead()

if(!defined('NOREQUIREMENU')) if(!empty(GETPOST( 'seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead	(		$contenttype = 'text/html',
			$forcenocache = 0 )

Show HTTP header.

Called by top_htmlhead().

Parameters

string	$contenttype	Content type. For example, 'text/html'
	int<0,1>	$forcenocache Force disabling of cache for the page

Returns: void

Definition at line 1657 of file main.inc.php.

References getDolGlobalString().

Referenced by barcode_outimage(), DocumentController\display(), AccountancyExport\export(), httponly_accessforbidden(), llxHeaderVierge(), print_paybox_redirect(), and top_htmlhead().

◆ top_menu()

top_menu	(	$head,
		$title = '',
		$target = '',
		$disablejs = 0,
		$disablehead = 0,
		$arrayofjs = array(),
		$arrayofcss = array(),
		$morequerystring = '',
		$helppagename = '' )

Show an HTML header + a BODY + The top menu bar.

Parameters

string	$head	Lines in the HEAD
string	$title	Title of web page
string	$target	Target to use in menu links (Example: '' or '_top')
	int<0,1>	$disablejs Do not output links to js (Ex: qd fonction utilisee par sous formulaire Ajax)
	int<0,1>	$disablehead Do not output head section
string[]	$arrayofjs	Array of js files to add in header
string[]	$arrayofcss	Array of css files to add in header
string	$morequerystring	Query string to add to the link "print" to get same parameters (use only if autodetect fails)
string	$helppagename	Name of wiki page for help ('' by default). Syntax is: For a wiki page: EN:EnglishPage\|FR:FrenchPage\|ES:SpanishPage\|DE:GermanPage For other external page: http://server/url

Returns: void

Definition at line 2224 of file main.inc.php.

References dol_escape_htmltag(), getDolGlobalInt(), getDolGlobalString(), getHelpParamFor(), GETPOSTINT(), img_picto(), top_htmlhead(), top_menu_bookmark(), top_menu_quickadd(), top_menu_search(), and top_menu_user().

◆ top_menu_bookmark()

top_menu_bookmark ( )

Build the tooltip on top menu bookmark.

Returns: string HTML content

Definition at line 3011 of file main.inc.php.

References getDolGlobalString(), and printDropdownBookmarksList().

Referenced by top_menu().

◆ top_menu_quickadd()

top_menu_quickadd ( )

Build the tooltip on top menu quick add.

Returns: string HTML content

Definition at line 2749 of file main.inc.php.

References getDolGlobalString(), and printDropdownQuickadd().

Referenced by top_menu().

◆ top_menu_search()

top_menu_search ( )

Build the tooltip on top menu tsearch.

Returns: string HTML content

Definition at line 3106 of file main.inc.php.

Referenced by top_menu().

◆ top_menu_user()

top_menu_user	(		$hideloginname = 0,
			$urllogout = '' )

Build the tooltip on user login.

Parameters

	int<0,1>	$hideloginname Hide login name. Show only the image.
string	$urllogout	URL for logout (Will use DOL_URL_ROOT.'/user/logout.php?token=...' if empty)

Returns: string HTML content

Definition at line 2484 of file main.inc.php.

References dol_escape_htmltag(), dol_print_date(), dol_print_profids(), dolButtonToOpenUrlInDialogPopup(), getDolGlobalString(), img_picto(), picto_from_langcode(), Form\showphoto(), and yn().

Referenced by top_menu().

Functions

Detailed Description

Function Documentation

◆ analyseVarsForSqlAndScriptsInjection()

◆ getArrayOfEmoji()

◆ getHelpParamFor()

◆ left_menu()

◆ main_area()

◆ printDropdownQuickadd()

◆ printSearchForm()

◆ realCharForNumericEntities()

◆ testSqlAndScriptInject()

◆ top_htmlhead()

◆ top_httphead()

◆ top_menu()

◆ top_menu_bookmark()

◆ top_menu_quickadd()

◆ top_menu_search()

◆ top_menu_user()