Advanced Project Status

Generated on 2026-02-17 02:25:25 in 1513 seconds by apstats

Lines of code

LanguageBytesFilesLinesBlanksCommentsCode (SLOC)
All files without dependencies    
See detail per file type...
89 533 6253 9981 756 169190 311339 6731 226 185
All files of dependencies only    
See detail per file type...
70 185 5063 534828 95173 398165 239590 314
Total159 719 1317 5322 585 120263 709504 9121 816 499

Contributions

Pushes and Commits of Dolibarr/dolibarr Pull Request Size of Dolibarr/dolibarr

Contributors


Thumbs of most active contributors

Dolibarr


Star History of Dolibarr/dolibarr

Project value

COCOMO value
(Basic/Semi-detached model)
$140 071 413
COCOMO effort
(Basic/Semi-detached model)
12 236 months people

Last security issues (last 6 months)

Commit IDDateReported on a
VDP (GHSA, Yogosha...)		Reported on
GitHub issues		Reported on
CVE		TitleBranch of fix
a8e05083…2026-02-12#37211Sec: Can init a page with php content without permission for php content (#37211)18.0, 19.0, 20.0, 21.0, 22.0, 23.0, develop
5846921e…2026-02-11Sec: Can init a page with php content without permission for php content edition (reported by phdwg1410)22.0, 23.0, develop
ba28d16d…2026-02-08Sec: Add param $dolibarr_website_allow_custom_php to block by default any PHP content in website module23.0, develop
2e7ab21d…
+
2026-01-13#ghsa-w5j3-8fcr-h87w#36868FIX #GHSA-w5j3-8fcr-h87w (#36868), FIX #GHSA-w5j3-8fcr-h87w18.0, 19.0, 20.0, 21.0, 22.0, 23.0, develop
4bfda08f…2026-01-07#ghsa-px39-mwcr-hvxpFix #GHSA-px39-mwcr-hvxp23.0, develop
ac4a110c…2025-12-16Sec: Fix Dolibarr Stored XSS via Meta Tag Injection GHSA-59gv-36h7-qwh823.0, develop
a1476fd2…2025-12-03SEC: permissions not checked on other tabs of HRM evaluation card17.0, 18.0, 19.0, 20.0, 21.0, 22.0, 23.0, develop
908880c8…2025-11-26SEC: fix IDOR attack on employee evaluation. Missing permision test https://github.com/atm-florianm/dolibarr/commit/7ed0af2a138a34e7c7005b95c85ffc791976a6cf17.0, 18.0, 19.0, 20.0, 21.0, 22.0, 23.0, develop
3608e9b1…2025-11-26SEC: 7ed0af2a138a34e7c7005b95c85ffc791976a6cf17.0, 18.0, 19.0, 20.0, 21.0, 22.0, 23.0, develop
01aa901f…2025-09-04#34762CVE-2024-4013718.0 fix CVE 2024 40137 (#34762)18.0, 19.0, 20.0, 21.0, 22.0, 23.0, develop
5a8aff9e…2025-09-02Sec: Update doc to trigger alert of vulnerability fix in commit bb0974add9cb746c2f1723a239bbaf50561251c621.0, 22.0, 23.0, develop

Note:Search is done in git repository on regex string "#ghsa|#yogosha|CVE[\s\-]*\d|Sec:|Sec |^Sec\s" (not case sensitive)
You can use this URL for RSS notifications: index-security.rss

Technical debt (PHPStan - PHP Static Analysis Tool 1.10.27 - level 9 -> 849 warnings)

FileLineType
htdocs/admin/limits.php343Parameter #12 $localtaxes_array of function calcul_price_total expects array{string, int|string, string, int|string, string, string}|array{string, int|string, string, string}, array{} given.
htdocs/admin/limits.php352Parameter #12 $localtaxes_array of function calcul_price_total expects array{string, int|string, string, int|string, string, string}|array{string, int|string, string, string}, array{} given.
htdocs/admin/security_headers_http.php171Variable $sourcetype in isset() always exists and is not nullable.
htdocs/admin/system/dbtable.php173Variable $row might not be defined.
htdocs/admin/system/phpinfo.php57Variable $title in isset() always exists and is not nullable.
htdocs/admin/tools/dolibarr_import.php185Variable $dolibarr_main_db_pass might not be defined.
htdocs/admin/tools/export.php57Variable $massaction might not be defined.
htdocs/admin/tools/ui/class/documentation.class.php36Property Documentation::$view type has no value type specified in iterable type array.
htdocs/admin/tools/ui/class/documentation.class.php293Method Documentation::setMenu() should return mixed but return statement is missing.
htdocs/admin/tools/ui/class/documentation.class.php376Method Documentation::displayMenu() has parameter $menu with no value type specified in iterable type array.
htdocs/admin/tools/ui/class/documentation.class.php458Parameter #1 $menu of method Documentation::displaySummary() expects array{summary?: array, submenu?: array}, mixed given.
htdocs/admin/tools/ui/class/documentation.class.php473Method Documentation::displaySummary() has parameter $menu with no value type specified in iterable type array.
htdocs/admin/usergroup.php67Variable $label might not be defined.
htdocs/admin/usergroup.php67Variable $scandir might not be defined.
htdocs/admin/usergroup.php88Variable $label might not be defined.
htdocs/admin/usergroup.php88Variable $scandir might not be defined.
htdocs/asset/admin/setup.php643Variable $object might not be defined.
htdocs/asset/agenda.php207Variable $socid might not be defined.
htdocs/asset/class/assetmodel.class.php234Property AssetModel::$asset_depreciation_options (AssetDepreciationOptions) in empty() is not falsy.
htdocs/asset/class/assetmodel.class.php239Property AssetModel::$asset_accountancy_codes (AssetAccountancyCodes) in empty() is not falsy.

Technical debt (Phan 5.4.3 -> 639 warnings)

FileLineDetail
htdocs/blockedlog/admin/blockedlog_archives.php896TypeError PhanTypeMismatchProperty Assigning (string)($line[8]) of type string to property but \BlockedLog->date_object is int
htdocs/blockedlog/admin/blockedlog_archives.php941UndefError PhanPossiblyUndeclaredGlobalVariable Global variable $concatenateddata is possibly undeclared
htdocs/blockedlog/admin/blockedlog_archives.php949TypeError PhanTypeInvalidRightOperand Invalid operator: left operand is array and right is not
htdocs/blockedlog/admin/blockedlog_archives.php950TypeError PhanTypeInvalidRightOperand Invalid operator: left operand is array and right is not
htdocs/blockedlog/admin/blockedlog_archives.php958TypeError PhanTypeMismatchArgumentNullableInternal Argument 2 ($subject) is $line[0] of type ?string but \preg_match() takes string (expected type to be non-nullable)
htdocs/blockedlog/admin/blockedlog_archives.php1013UndefError PhanPossiblyUndeclaredGlobalVariable Global variable $nbLinesModifiedInExportButKo is possibly undeclared
htdocs/blockedlog/admin/blockedlog_archives.php1020UndefError PhanPossiblyUndeclaredGlobalVariable Global variable $nbLinesModifiedBeforeExport is possibly undeclared
htdocs/blockedlog/admin/registration.php471UndefError PhanUndeclaredProperty Reference to undeclared property \FormSetup->htmlButton2Label
htdocs/comm/action/index.php1129TypeError PhanTypeMismatchArgument Argument 1 ($string) is $event->datep of type int|non-zero-int but \DoliDB::jdate() takes ?string defined at htdocs/core/db/DoliDB.class.php:399
htdocs/comm/action/index.php1130TypeError PhanTypeMismatchArgument Argument 1 ($string) is $event->datef of type int|non-zero-int but \DoliDB::jdate() takes ?string defined at htdocs/core/db/DoliDB.class.php:399
htdocs/comm/action/index.php1461TypeError PhanTypeMismatchProperty Assigning ($userId as a field) of type array to property but \ActionComm->userassigned is array
htdocs/comm/action/pertype.php1054TypeError PhanTypeExpectedObjectPropAccess Expected an object instance when accessing an instance property, but saw an expression $username with type string
htdocs/comm/action/pertype.php1324TypeError PhanTypeExpectedObjectPropAccess Expected an object instance when accessing an instance property, but saw an expression $username with type string
htdocs/comm/action/pertype.php1326TypeError PhanTypeExpectedObjectPropAccess Expected an object instance when accessing an instance property, but saw an expression $username with type string
htdocs/comm/action/peruser.php1045TypeError PhanTypeMismatchArgument Argument 1 ($string) is $event->datep of type int|non-zero-int but \DoliDB::jdate() takes ?string defined at htdocs/core/db/DoliDB.class.php:399
htdocs/comm/action/peruser.php1046TypeError PhanTypeMismatchArgument Argument 1 ($string) is $event->datef of type int|non-zero-int but \DoliDB::jdate() takes ?string defined at htdocs/core/db/DoliDB.class.php:399
htdocs/comm/card.php958TypeError PhanTypeMismatchArgument Argument 1 ($file) is $file_list of type array{name:string,path:string,level1name:string,relativename:string,fullname:string,date:string,size:int,perm:int,type:string,position_name:string,cover:string,keywords:string,acl:string,rowid:int,label:string,share:string}[]|non-empty-array but \FormFile::showPreview() takes array{name:string,path?:string,level1name?:string,relativename?:string,fullname:string,date?:string,size?:int,perm?:int,type?:string} defined at htdocs/core/class/html.formfile.class.php:2425
htdocs/comm/card.php1079TypeError PhanTypeMismatchArgument Argument 1 ($file) is $file_list of type array{name:string,path:string,level1name:string,relativename:string,fullname:string,date:string,size:int,perm:int,type:string,position_name:string,cover:string,keywords:string,acl:string,rowid:int,label:string,share:string}[]|non-empty-array but \FormFile::showPreview() takes array{name:string,path?:string,level1name?:string,relativename?:string,fullname:string,date?:string,size?:int,perm?:int,type?:string} defined at htdocs/core/class/html.formfile.class.php:2425
htdocs/comm/card.php1180TypeError PhanTypeMismatchArgument Argument 1 ($file) is $file_list of type array{name:string,path:string,level1name:string,relativename:string,fullname:string,date:string,size:int,perm:int,type:string,position_name:string,cover:string,keywords:string,acl:string,rowid:int,label:string,share:string}[]|non-empty-array but \FormFile::showPreview() takes array{name:string,path?:string,level1name?:string,relativename?:string,fullname:string,date?:string,size?:int,perm?:int,type?:string} defined at htdocs/core/class/html.formfile.class.php:2425
htdocs/comm/card.php1294TypeError PhanTypeMismatchArgument Argument 1 ($file) is $file_list of type array{name:string,path:string,level1name:string,relativename:string,fullname:string,date:string,size:int,perm:int,type:string,position_name:string,cover:string,keywords:string,acl:string,rowid:int,label:string,share:string}[]|non-empty-array but \FormFile::showPreview() takes array{name:string,path?:string,level1name?:string,relativename?:string,fullname:string,date?:string,size?:int,perm?:int,type?:string} defined at htdocs/core/class/html.formfile.class.php:2425