Comments (16)
If I set MAIN_SECURITY_CSRF_WITH_TOKEN=0, it fails with the following message :
This website or feature is currently temporarly not available or failed after a technical error.
This may be due to a maintenance operation. Current status of operation (2023-02-01T17:12:46Z) are on next line...
Dolibarr a détecté une erreur technique. Vous pouvez lire le fichier log ou définir l'option $dolibarr_main_prod sur '0' dans votre fichier de configuration pour obtenir plus d'informations.
from dolibarr_project_timesheet.
@delcroip do you have any clue of what could be the source of this problem ? Could you please tell me if there is any log / configuration file I can post here to help with this issue ?
from dolibarr_project_timesheet.
It seems an ( is missing
from dolibarr_project_timesheet.
I would be happy to help / contribute but I don't know PHP really well. SQL I can do.
I just tried to find which file is used to generate this query.
Doing a simple search in the repo using part of the failing query does not help.
from dolibarr_project_timesheet.
So you can confirm the CRSF token error may be due that SQL typo ?
If so the error message is misleading.
from dolibarr_project_timesheet.
should be fixed with 4.6.2, reopen issue if not
from dolibarr_project_timesheet.
Hi @delcroip , I don't see the reopen button.
The SQL error is gone, but the CRSF token error is still here a described in this issue.
Message in the log file :
2023-03-17 09:17:30 WARNING 193.48.189.250 --- Access to POST /custom/timesheet/TimesheetUserTasksAdmin.php refused by CSRF protection (POST method or GET with a sensible value for 'action' parameter) in main.inc.php. Token not provided.
If deactivated, another error appears as described here.
In that case there is another SQL error in the logs :
2023-03-17 09:20:18 ERR 193.48.189.250 DoliDBPgsql::query SQL Error query: SELECT t.rowid, t.fk_userid, t.date_start, t.date_end, t.status FROM llx_project_task_timesheet as t WHERE (t.fk_userid IN (1)) AND (t.status ILIKE '%3%') LIMIT 26
2023-03-17 09:20:18 ERR 193.48.189.250 DoliDBPgsql::query SQL Error message: ERROR: 42883: operator does not exist: integer ~~* unknown
LINE 1: ...eet as t WHERE (t.fk_userid IN (1)) AND (t.status ILIKE '%3%...
^
HINT: No operator matches the given name and argument types. You might need to add explicit type casts.
LOCATION: op_error, parse_oper.c:722 (DB_ERROR_42883)
2023-03-17 09:20:18 ERR 193.48.189.250 DoliDBPgsql::query SQL Error usesavepoint = 0
2023-03-17 09:20:18 ERR 193.48.189.250 Error url=/custom/timesheet/TimesheetUserTasksAdmin.php, query_string=, sql=SELECT t.rowid, t.fk_userid, t.date_start, t.date_end, t.status FROM llx_project_task_timesheet as t WHERE (t.fk_userid IN (1)) AND (t.status ILIKE '%3%') LIMIT 26, db_error=ERROR: 42883: operator does not exist: integer ~~* unknown
LINE 1: ...eet as t WHERE (t.fk_userid IN (1)) AND (t.status ILIKE '%3%...
^
HINT: No operator matches the given name and argument types. You might need to add explicit type casts.
LOCATION: op_error, parse_oper.c:722
from dolibarr_project_timesheet.
Can you paste the url on which you have the error message, i couldn't find it.
Br
from dolibarr_project_timesheet.
It's /custom/timesheet/TimesheetUserTasksAdmin.php
from dolibarr_project_timesheet.
I mean in the browser, I tried to update all actions but I must have missed one
from dolibarr_project_timesheet.
Not sure what you mean but here is the complete url after I click on the admin section :
https://dolibarr.mydomain.fr/custom/timesheet/TimesheetUserTasksAdmin.php?action=list&sortfield=t.date_start&sortorder=desc&idmenu=168&mainmenu=timesheet&leftmenu=
Then I select and filter one employee, here the URL where I see the CSRF error :
https://dolibarr.mydomain.fr/custom/timesheet/TimesheetUserTasksAdmin.php
I don't see another URL in the browser than TimesheetUserTasksAdmin.php
from dolibarr_project_timesheet.
please recheck with 4.6.3,
from dolibarr_project_timesheet.
Hi, the error is still the same.
With MAIN_SECURITY_CSRF_WITH_TOKEN=0 ; here is the new log messages :
2023-03-23 08:53:45 NOTICE 193.251.52.139 --- Access to GET /custom/timesheet/core/js/jsparameters.php - action=, massaction=
2023-03-23 08:53:54 NOTICE 193.251.52.139 --- Access to POST /custom/timesheet/TimesheetUserTasksAdmin.php - action=, massaction=
2023-03-23 08:53:54 ERR 193.251.52.139 DoliDBPgsql::query SQL Error query: SELECT t.rowid, t.fk_userid, t.date_start, t.date_end, t.status FROM llx_project_task_timesheet as t WHERE (t.fk_userid IN (1)) AND (t.status ILIKE '%2%') LIMIT 26
2023-03-23 08:53:54 ERR 193.251.52.139 DoliDBPgsql::query SQL Error message: ERROR: 42883: operator does not exist: integer ~~* unknown
LINE 1: ...eet as t WHERE (t.fk_userid IN (1)) AND (t.status ILIKE '%2%...
^
HINT: No operator matches the given name and argument types. You might need to add explicit type casts.
LOCATION: op_error, parse_oper.c:722 (DB_ERROR_42883)
2023-03-23 08:53:54 ERR 193.251.52.139 DoliDBPgsql::query SQL Error usesavepoint = 0
2023-03-23 08:53:54 ERR 193.251.52.139 Error url=/custom/timesheet/TimesheetUserTasksAdmin.php, query_string=, sql=SELECT t.rowid, t.fk_userid, t.date_start, t.date_end, t.status FROM llx_project_task_timesheet as t WHERE (t.fk_userid IN (1)) AND (t.status ILIKE '%2%') LIMIT 26, db_error=ERROR: 42883: operator does not exist: integer ~~* unknown
LINE 1: ...eet as t WHERE (t.fk_userid IN (1)) AND (t.status ILIKE '%2%...
^
HINT: No operator matches the given name and argument types. You might need to add explicit type casts.
LOCATION: op_error, parse_oper.c:722
from dolibarr_project_timesheet.
I found the CSRF issue thanks, the SQL is from the core I cannot do much
from dolibarr_project_timesheet.
All right, thanks @delcroip for looking into this. If the problem comes from dolibarr core, but it occurs with your module, what can I do ?
Looking at the error, it seems that this t.status
column should be string, but is an integer.
Or is it a Postgres specific problem that the ILIKE
operator does not work in that case ?
Which one could be fixed, this specific query with a type cast, or the column type in the table definition ?
In any case, I can't find it looking at the source code, I guess the query is dynamically built by a JS function or something like that...
from dolibarr_project_timesheet.
I will check if i can hint that it is a int
from dolibarr_project_timesheet.
Related Issues (20)
- updateTimeUsedError for tasks where progress is NULL HOT 9
- Closed task in user's list HOT 1
- Eastermonday / ascension / pentecost not disabled in the timesheet HOT 3
- PHP Serialization Exception HOT 2
- Feature Request : Add the name 'type of holidays' into the colored box on the timesheeh page HOT 2
- 500 Error - Trouble deserializing holidays HOT 2
- Bug: week total is month total
- Error in AttendanceEvent.class.php
- when the session is not okay we got wrong data and can not start any task event HOT 1
- fixing AttendanceEventAdmin.php now selecting single users is working sql errors fixed too HOT 1
- the note is not working. HOT 1
- fullfixed i hope HOT 3
- Error on Dolibarr 18 beta HOT 35
- Fixed EVENT_AUTO_STOP
- Timesheet Report HOT 3
- Illegal string offset HOT 1
- Enhancement Request or Solution Idea to start a task by scanning an NFC Tag HOT 1
- Problem with including main when symlinking module HOT 3
- Changelog and Version number
- Dolibarr 21 Compatibility HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dolibarr_project_timesheet.