GLPI 11 compatibility (#457)

* GLPI 11 compatibility

* Fix phpstan

* fix review

* phpcbf

* deleteByCriteria

* less doQuery

* beta1

* fix path

* psalm rector

* fix CS

* fix CS

* fix CS

* fix CS

* fix CS

* fix

* fix

* fix

* release GLPI 11.0

---------

Co-authored-by: Rom1-B <[email protected]>
Co-authored-by: Stanislas Kita <[email protected]>

Author: 3 people

.github/workflows/continuous-integration.yml

@@ -20,7 +20,7 @@ jobs:
     name: "Generate CI matrix"
     uses: "glpi-project/plugin-ci-workflows/.github/workflows/generate-ci-matrix.yml@v1"
     with:
-      glpi-version: "10.0.x"
+      glpi-version: "11.0.x"
   ci:
     name: "GLPI ${{ matrix.glpi-version }} - php:${{ matrix.php-version }} - ${{ matrix.db-image }}"
     needs: "generate-ci-matrix"

.phpcs.xml

@@ -2,14 +2,16 @@
 
 declare(strict_types=1);
 
-use FriendsOfTwig\Twigcs;
+use FriendsOfTwig\Twigcs\Finder\TemplateFinder;
+use FriendsOfTwig\Twigcs\Config\Config;
+use Glpi\Tools\GlpiTwigRuleset;
 
-$finder = Twigcs\Finder\TemplateFinder::create()
+$finder = TemplateFinder::create()
     ->in(__DIR__ . '/templates')
     ->name('*.html.twig')
     ->ignoreVCSIgnored(true);
 
-return Twigcs\Config\Config::create()
+return Config::create()
     ->setFinder($finder)
-    ->setRuleSet(\Glpi\Tools\GlpiTwigRuleset::class)
+    ->setRuleSet(GlpiTwigRuleset::class)
 ;

.twig_cs.dist.php

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [2.12.0] - 2025-10-01
+
+### Added
+
+- GLPI 11 compatibility
+
 ## [2.11.2] - 2025-08-07
 
 - Update exemple.odt file to include ecotax tags

CHANGELOG.md

@@ -28,18 +28,12 @@
  * -------------------------------------------------------------------------
  */
 
-include("../../../inc/includes.php");
-
 Session::checkRight("plugin_order_bill", READ);
 
 header("Content-Type: text/html; charset=UTF-8");
 
 Html::header_nocache();
 
-if (!defined('GLPI_ROOT')) {
-    die("Can not acces directly to this file");
-}
-
 if (isset($_POST["action"])) {
     switch ($_POST["action"]) {
         case "bill":

ajax/billactions.php

@@ -31,7 +31,7 @@
 /** @var DBmysql $DB */
 global $DB;
 
-include_once("../../../inc/includes.php");
+include_once(__DIR__ . "/../../../inc/includes.php");
 
 Session::checkRight("plugin_order_reference", READ);
 
@@ -42,37 +42,37 @@
             's.plugin_order_references_id AS id',
             's.price_taxfree',
             's.reference_code',
-            'r.name'
+            'r.name',
         ],
         'FROM' => 'glpi_plugin_order_references_suppliers AS s',
         'LEFT JOIN' => [
             'glpi_plugin_order_references AS r' => [
                 'ON' => [
                     's' => 'plugin_order_references_id',
-                    'r' => 'id'
-                ]
-            ]
+                    'r' => 'id',
+                ],
+            ],
         ],
         'WHERE' => [
             's.suppliers_id' => $_POST['suppliers_id'],
             'r.itemtype' => $_POST['itemtype'],
             'r.is_active' => 1,
-            'r.is_deleted' => 0
+            'r.is_deleted' => 0,
         ] + getEntitiesRestrictCriteria('r', '', $_POST['entities_id'], true),
-        'ORDER' => ['s.reference_code']
+        'ORDER' => ['s.reference_code'],
     ];
     $result = $DB->request($criteria);
     $number = count($result);
     $values = [0 => Dropdown::EMPTY_VALUE];
-    if ($number) {
+    if ($number !== 0) {
         foreach ($result as $data) {
             $values[$data['id']] = $data['name'] . " - " . $data['reference_code'];
         }
     }
     Dropdown::showFromArray(
         $_POST['fieldname'],
         $values,
-        ['rand'  => $_POST['rand'], 'width' => '100%']
+        ['rand'  => $_POST['rand'], 'width' => '100%'],
     );
     Ajax::updateItemOnSelectEvent(
         'dropdown_plugin_order_references_id' . $_POST['rand'],
@@ -81,17 +81,17 @@
         [
             'reference_id' => '__VALUE__',
             'suppliers_id' => $_POST['suppliers_id'],
-        ]
+        ],
     );
-} else if (isset($_POST['reference_id'])) {
-   // Get price
+} elseif (isset($_POST['reference_id'])) {
+    // Get price
     $criteria = [
         'SELECT' => ['price_taxfree'],
         'FROM' => 'glpi_plugin_order_references_suppliers',
         'WHERE' => [
             'plugin_order_references_id' => $_POST['reference_id'],
-            'suppliers_id' => $_POST['suppliers_id']
-        ]
+            'suppliers_id' => $_POST['suppliers_id'],
+        ],
     ];
     $result = $DB->request($criteria);
     $row = $result->current();

ajax/dropdownReference.php

@@ -27,12 +27,10 @@
  * @link      https://github.com/pluginsGLPI/order
  * -------------------------------------------------------------------------
  */
-
-/** @var \DBmysql $DB */
+/** @var DBmysql $DB */
 global $DB;
 
 if (strpos($_SERVER['PHP_SELF'], "dropdownSupplier.php")) {
-    include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();
 }
@@ -41,28 +39,28 @@
 
 // Make a select box
 if (isset($_POST["suppliers_id"])) {
-   // Make a select box
+    // Make a select box
     $criteria = [
         'SELECT' => ['c.id', 'c.name', 'c.firstname'],
         'FROM' => 'glpi_contacts AS c',
         'LEFT JOIN' => [
             'glpi_contacts_suppliers AS s' => [
                 'ON' => [
                     's' => 'contacts_id',
-                    'c' => 'id'
-                ]
-            ]
+                    'c' => 'id',
+                ],
+            ],
         ],
         'WHERE' => ['s.suppliers_id' => $_POST['suppliers_id']],
-        'ORDER' => ['c.name']
+        'ORDER' => ['c.name'],
     ];
     $result = $DB->request($criteria);
     $number = count($result);
 
     $values = [0 => Dropdown::EMPTY_VALUE];
-    if ($number) {
+    if ($number !== 0) {
         foreach ($result as $data) {
-            $values[$data['id']] = formatUserName('', '', $data['name'], $data['firstname']);
+            $values[$data['id']] = formatUserName(0, '', $data['name'], $data['firstname']);
         }
     }
     Dropdown::showFromArray($_POST['fieldname'], $values);

ajax/dropdownSupplier.php

@@ -32,9 +32,7 @@
 * @brief
 */
 
-use Glpi\Toolbox\Sanitizer;
 
-include('../../../inc/includes.php');
 
 header("Content-Type: text/html; charset=UTF-8");
 Html::header_nocache();
@@ -53,14 +51,28 @@
 
     $min = 0;
     if (isset($_REQUEST['min'])) {
-        if (isset($_REQUEST['force_integer']) && $_REQUEST['force_integer']) {
-            $min = (int)$_REQUEST['min'];
-        } else {
-            $min = (float)$_REQUEST['min'];
-        }
+        $min = !empty($_REQUEST['force_integer']) ? (int) $_REQUEST['min'] : (float) $_REQUEST['min'];
     }
 
-    $data = Html::cleanInputText(Sanitizer::sanitize(rawurldecode(stripslashes($_POST["data"]))));
+    $data = htmlescape(rawurldecode(stripslashes($_POST["data"])));
+
+    // Validation et fallback
+    $name  = preg_match('/^[a-zA-Z0-9_\-]+$/', $_POST['name']) ? $_POST['name'] : 'default_name';
+
+    // Ces variables existent déjà et ne sont pas null, donc pas besoin de ??=
+    $value = $data;
+    $step  = $step;
+    $min   = $min;
+    $class = $class;
+
+    // Échappement pour HTML (caster les nombres en string)
+    $name  = htmlspecialchars($name, ENT_QUOTES, 'UTF-8');
+    $value = htmlspecialchars((string) $value, ENT_QUOTES, 'UTF-8');
+    $step  = htmlspecialchars((string) $step, ENT_QUOTES, 'UTF-8');
+    $min   = htmlspecialchars((string) $min, ENT_QUOTES, 'UTF-8');
+    $class = htmlspecialchars($class, ENT_QUOTES, 'UTF-8');
+
+    // Affichage
+    echo "<input type='number' class='form-control' step='{$step}' min='{$min}' name='{$name}' value='{$value}' {$class}>";
 
-    echo "<input type='number' class='form-control' step='$step' min='$min' name='" . $_POST['name'] . "' value='$data' $class>";
 }