Advanced Project Status

Generated on 2026-02-21 02:25:50 in 1539 seconds by apstats

Lines of code

LanguageBytesFilesLinesBlanksCommentsCode (SLOC)
All files without dependencies    
See detail per file type...
90 000 4244 0041 758 122190 588340 0011 227 533
All files of dependencies only    
See detail per file type...
70 185 5063 534828 95173 398165 239590 314
Total160 185 9307 5382 587 073263 986505 2401 817 847

Contributions

Pushes and Commits of Dolibarr/dolibarr Pull Request Size of Dolibarr/dolibarr

Contributors


Thumbs of most active contributors

Dolibarr


Star History of Dolibarr/dolibarr

Project value

COCOMO value
(Basic/Semi-detached model)
$140 191 106
COCOMO effort
(Basic/Semi-detached model)
12 236 months people

Last security issues (last 6 months)

Commit IDDateReported on a
VDP (GHSA, Yogosha...)		Reported on
GitHub issues		Reported on
CVE		TitleBranch of fix
a8e05083…2026-02-12#37211Sec: Can init a page with php content without permission for php content (#37211)18.0, 19.0, 20.0, 21.0, 22.0, 23.0, develop
5846921e…2026-02-11Sec: Can init a page with php content without permission for php content edition (reported by phdwg1410)22.0, 23.0, develop
ba28d16d…2026-02-08Sec: Add param $dolibarr_website_allow_custom_php to block by default any PHP content in website module23.0, develop
2e7ab21d…
+
2026-01-13#ghsa-w5j3-8fcr-h87w#36868FIX #GHSA-w5j3-8fcr-h87w (#36868), FIX #GHSA-w5j3-8fcr-h87w18.0, 19.0, 20.0, 21.0, 22.0, 23.0, develop
4bfda08f…2026-01-07#ghsa-px39-mwcr-hvxpFix #GHSA-px39-mwcr-hvxp23.0, develop
ac4a110c…2025-12-16Sec: Fix Dolibarr Stored XSS via Meta Tag Injection GHSA-59gv-36h7-qwh823.0, develop
a1476fd2…2025-12-03SEC: permissions not checked on other tabs of HRM evaluation card17.0, 18.0, 19.0, 20.0, 21.0, 22.0, 23.0, develop
908880c8…2025-11-26SEC: fix IDOR attack on employee evaluation. Missing permision test https://github.com/atm-florianm/dolibarr/commit/7ed0af2a138a34e7c7005b95c85ffc791976a6cf17.0, 18.0, 19.0, 20.0, 21.0, 22.0, 23.0, develop
3608e9b1…2025-11-26SEC: 7ed0af2a138a34e7c7005b95c85ffc791976a6cf17.0, 18.0, 19.0, 20.0, 21.0, 22.0, 23.0, develop
01aa901f…2025-09-04#34762CVE-2024-4013718.0 fix CVE 2024 40137 (#34762)18.0, 19.0, 20.0, 21.0, 22.0, 23.0, develop
5a8aff9e…2025-09-02Sec: Update doc to trigger alert of vulnerability fix in commit bb0974add9cb746c2f1723a239bbaf50561251c621.0, 22.0, 23.0, develop

Note:Search is done in git repository on regex string "#ghsa|#yogosha|CVE[\s\-]*\d|Sec:|Sec |^Sec\s" (not case sensitive)
You can use this URL for RSS notifications: index-security.rss

Technical debt (PHPStan - PHP Static Analysis Tool 1.10.27 - level 9 -> 843 warnings)

FileLineType
htdocs/admin/limits.php343Parameter #12 $localtaxes_array of function calcul_price_total expects array{string, int|string, string, int|string, string, string}|array{string, int|string, string, string}, array{} given.
htdocs/admin/limits.php352Parameter #12 $localtaxes_array of function calcul_price_total expects array{string, int|string, string, int|string, string, string}|array{string, int|string, string, string}, array{} given.
htdocs/admin/security_headers_http.php171Variable $sourcetype in isset() always exists and is not nullable.
htdocs/admin/system/dbtable.php173Variable $row might not be defined.
htdocs/admin/system/phpinfo.php57Variable $title in isset() always exists and is not nullable.
htdocs/admin/tools/dolibarr_import.php185Variable $dolibarr_main_db_pass might not be defined.
htdocs/admin/tools/export.php57Variable $massaction might not be defined.
htdocs/admin/tools/ui/class/documentation.class.php36Property Documentation::$view type has no value type specified in iterable type array.
htdocs/admin/tools/ui/class/documentation.class.php293Method Documentation::setMenu() should return mixed but return statement is missing.
htdocs/admin/tools/ui/class/documentation.class.php376Method Documentation::displayMenu() has parameter $menu with no value type specified in iterable type array.
htdocs/admin/tools/ui/class/documentation.class.php458Parameter #1 $menu of method Documentation::displaySummary() expects array{summary?: array, submenu?: array}, mixed given.
htdocs/admin/tools/ui/class/documentation.class.php473Method Documentation::displaySummary() has parameter $menu with no value type specified in iterable type array.
htdocs/admin/usergroup.php67Variable $label might not be defined.
htdocs/admin/usergroup.php67Variable $scandir might not be defined.
htdocs/admin/usergroup.php88Variable $label might not be defined.
htdocs/admin/usergroup.php88Variable $scandir might not be defined.
htdocs/asset/admin/setup.php643Variable $object might not be defined.
htdocs/asset/agenda.php207Variable $socid might not be defined.
htdocs/asset/class/assetmodel.class.php234Property AssetModel::$asset_depreciation_options (AssetDepreciationOptions) in empty() is not falsy.
htdocs/asset/class/assetmodel.class.php239Property AssetModel::$asset_accountancy_codes (AssetAccountancyCodes) in empty() is not falsy.

Technical debt (Phan 5.4.3 -> 637 warnings)

FileLineDetail
htdocs/blockedlog/admin/blockedlog_archives.php332Plugin PhanPluginSuspiciousParamOrder Suspicious order for arguments named tms and tz - These are being passed to parameters #1 (?string $string) and #2 (bool|int|string $gm) of \DoliDB::jdate(?string $string, $gm = 'tzserver') defined at htdocs/core/db/DoliDB.class.php:399
htdocs/blockedlog/admin/blockedlog_archives.php993UndefError PhanPossiblyUndeclaredGlobalVariable Global variable $statusline is possibly undeclared
htdocs/blockedlog/admin/blockedlog_archives.php1000UndefError PhanPossiblyUndeclaredGlobalVariable Global variable $statusline is possibly undeclared
htdocs/blockedlog/class/blockedlog.class.php1034UndefError PhanPossiblyUndeclaredVariable Variable $terminalofpayment is possibly undeclared
htdocs/blockedlog/class/blockedlog.class.php1152Plugin PhanPluginSuspiciousParamOrder Suspicious order for arguments named tms and tz - These are being passed to parameters #1 (?string $string) and #2 (bool|int|string $gm) of \DoliDB::jdate(?string $string, $gm = 'tzserver') defined at htdocs/core/db/DoliDB.class.php:399
htdocs/comm/action/index.php1129TypeError PhanTypeMismatchArgument Argument 1 ($string) is $event->datep of type int|non-zero-int but \DoliDB::jdate() takes ?string defined at htdocs/core/db/DoliDB.class.php:399
htdocs/comm/action/index.php1130TypeError PhanTypeMismatchArgument Argument 1 ($string) is $event->datef of type int|non-zero-int but \DoliDB::jdate() takes ?string defined at htdocs/core/db/DoliDB.class.php:399
htdocs/comm/action/index.php1461TypeError PhanTypeMismatchProperty Assigning ($userId as a field) of type array to property but \ActionComm->userassigned is array
htdocs/comm/action/pertype.php1054TypeError PhanTypeExpectedObjectPropAccess Expected an object instance when accessing an instance property, but saw an expression $username with type string
htdocs/comm/action/pertype.php1324TypeError PhanTypeExpectedObjectPropAccess Expected an object instance when accessing an instance property, but saw an expression $username with type string
htdocs/comm/action/pertype.php1326TypeError PhanTypeExpectedObjectPropAccess Expected an object instance when accessing an instance property, but saw an expression $username with type string
htdocs/comm/action/peruser.php1045TypeError PhanTypeMismatchArgument Argument 1 ($string) is $event->datep of type int|non-zero-int but \DoliDB::jdate() takes ?string defined at htdocs/core/db/DoliDB.class.php:399
htdocs/comm/action/peruser.php1046TypeError PhanTypeMismatchArgument Argument 1 ($string) is $event->datef of type int|non-zero-int but \DoliDB::jdate() takes ?string defined at htdocs/core/db/DoliDB.class.php:399
htdocs/comm/card.php958TypeError PhanTypeMismatchArgument Argument 1 ($file) is $file_list of type array{name:string,path:string,level1name:string,relativename:string,fullname:string,date:string,size:int,perm:int,type:string,position_name:string,cover:string,keywords:string,acl:string,rowid:int,label:string,share:string}[]|non-empty-array but \FormFile::showPreview() takes array{name:string,path?:string,level1name?:string,relativename?:string,fullname:string,date?:string,size?:int,perm?:int,type?:string} defined at htdocs/core/class/html.formfile.class.php:2425
htdocs/comm/card.php1079TypeError PhanTypeMismatchArgument Argument 1 ($file) is $file_list of type array{name:string,path:string,level1name:string,relativename:string,fullname:string,date:string,size:int,perm:int,type:string,position_name:string,cover:string,keywords:string,acl:string,rowid:int,label:string,share:string}[]|non-empty-array but \FormFile::showPreview() takes array{name:string,path?:string,level1name?:string,relativename?:string,fullname:string,date?:string,size?:int,perm?:int,type?:string} defined at htdocs/core/class/html.formfile.class.php:2425
htdocs/comm/card.php1180TypeError PhanTypeMismatchArgument Argument 1 ($file) is $file_list of type array{name:string,path:string,level1name:string,relativename:string,fullname:string,date:string,size:int,perm:int,type:string,position_name:string,cover:string,keywords:string,acl:string,rowid:int,label:string,share:string}[]|non-empty-array but \FormFile::showPreview() takes array{name:string,path?:string,level1name?:string,relativename?:string,fullname:string,date?:string,size?:int,perm?:int,type?:string} defined at htdocs/core/class/html.formfile.class.php:2425
htdocs/comm/card.php1294TypeError PhanTypeMismatchArgument Argument 1 ($file) is $file_list of type array{name:string,path:string,level1name:string,relativename:string,fullname:string,date:string,size:int,perm:int,type:string,position_name:string,cover:string,keywords:string,acl:string,rowid:int,label:string,share:string}[]|non-empty-array but \FormFile::showPreview() takes array{name:string,path?:string,level1name?:string,relativename?:string,fullname:string,date?:string,size?:int,perm?:int,type?:string} defined at htdocs/core/class/html.formfile.class.php:2425
htdocs/comm/card.php1395TypeError PhanTypeMismatchArgument Argument 1 ($file) is $file_list of type array{name:string,path:string,level1name:string,relativename:string,fullname:string,date:string,size:int,perm:int,type:string,position_name:string,cover:string,keywords:string,acl:string,rowid:int,label:string,share:string}[]|non-empty-array but \FormFile::showPreview() takes array{name:string,path?:string,level1name?:string,relativename?:string,fullname:string,date?:string,size?:int,perm?:int,type?:string} defined at htdocs/core/class/html.formfile.class.php:2425
htdocs/comm/card.php1626TypeError PhanTypeMismatchArgument Argument 1 ($file) is $file_list of type array{name:string,path:string,level1name:string,relativename:string,fullname:string,date:string,size:int,perm:int,type:string,position_name:string,cover:string,keywords:string,acl:string,rowid:int,label:string,share:string}[]|non-empty-array but \FormFile::showPreview() takes array{name:string,path?:string,level1name?:string,relativename?:string,fullname:string,date?:string,size?:int,perm?:int,type?:string} defined at htdocs/core/class/html.formfile.class.php:2425
htdocs/comm/mailing/index.php121UndefError PhanUndeclaredProperty Reference to undeclared property \MailingTargets->require_module