FIX encrypt sensitive data not be done for const MAIN_AGENDA_ACTIONAUTO

ChangeLog

@@ -216,6 +216,10 @@ Following changes may create regressions for some external modules, but were nec
 * The module for WebService SOAP API have been deprecated. Use instead the Webservice REST API module.
 * The method htmlPrintOnlinePaymentFooter() used for public footer pages has been renamed into htmlPrintOnlineFooter() and moved into company.lib.php
 * The method getCheckOption() and deleteCPUser() of class Holiday has been removed (it was not used)
+* Sensitive datas like keys that need reversible encyption are using the $dolibarr_main_instance_unique_id as part of the key for encryption. So if
+you restore or duplicate the data from another instance, you must also update this parameter in your conf.php file to allow decryption, or you must
+reenter the sensitive data into the setup page to resave them correctly (this is true, for exemple, for the keys into the Stripe module, or external modules
+that store sensitive data).  
 
 
 ***** ChangeLog for 17.0.3 compared to 17.0.2 *****

dev/setup/fail2ban/jail.local

@@ -2,17 +2,20 @@
 # Examle of rule you can add to fail2ban to restrict bruteforce attacks.
 #
 
-[web-dol-passforgotten]
 
-; rule against call of passwordforgottenpage
+[web-accesslog-limit403]
+
+; rule against call of 403 forbidden access
+; note: you must change the path of log file to the one of the web server for the virtual host of the Dolibarr
 enabled = true
 port    = http,https
-filter  = web-dolibarr-rulespassforgotten
-logpath = /mypath/documents/documents/dolibarr.log
+filter  = web-accesslog-limit403
+logpath = /var/log/apache2/access.log
+;logpath = /var/log/apache2/other_vhosts_access.log
 action  = %(action_mw)s
 bantime  = 4320000   ; 50 days
 findtime = 86400     ; 1 day
-maxretry = 10
+maxretry = 100
 
 
 [web-dol-bruteforce]
@@ -28,10 +31,23 @@ findtime = 14400     ; 4 hours
 maxretry = 20
 
 
+[web-dol-passforgotten]
+
+; rule against call of passwordforgottenpage
+enabled = true
+port    = http,https
+filter  = web-dolibarr-rulespassforgotten
+logpath = /mypath/documents/documents/dolibarr.log
+action  = %(action_mw)s
+bantime  = 4320000   ; 50 days
+findtime = 86400     ; 1 day
+maxretry = 10
+
+
 [web-dol-limitpublic]
 
 ; rule to add rate limit on some public pages
-; note you must keep enough for public access like agenda export, emailing trackers, stripe ipn access, ...
+; note: you must keep enough for public access like agenda export, emailing trackers, stripe ipn access, ...
 enabled = true
 port    = http,https
 filter  = web-dolibarr-limitpublic

htdocs/core/class/conf.class.php

@@ -305,7 +305,7 @@ public function setValues($db)
 							$value = $_ENV['DOLIBARR_'.$key];
 						}
 
-						$this->global->$key = dolDecrypt($value);
+						$this->global->$key = dolDecrypt($value);	// decrypt data excrypted with dolibarr_set_const($db, $name, $value)
 
 						if ($value && strpos($key, 'MAIN_MODULE_') === 0) {
 							$reg = array();

htdocs/core/lib/admin.lib.php

@@ -662,7 +662,7 @@ function dolibarr_set_const($db, $name, $value, $type = 'chaine', $visible = 0,
 	$resql = $db->query($sql);
 
 	if (strcmp($value, '')) {	// true if different. Must work for $value='0' or $value=0
-		if (!preg_match('/^MAIN_LOGEVENTS/', $name) && (preg_match('/(_KEY|_EXPORTKEY|_SECUREKEY|_SERVERKEY|_PASS|_PASSWORD|_PW|_PW_TICKET|_PW_EMAILING|_SECRET|_SECURITY_TOKEN|_WEB_TOKEN)$/', $name))) {
+		if (!preg_match('/^(MAIN_LOGEVENTS|MAIN_AGENDA_ACTIONAUTO)/', $name) && (preg_match('/(_KEY|_EXPORTKEY|_SECUREKEY|_SERVERKEY|_PASS|_PASSWORD|_PW|_PW_TICKET|_PW_EMAILING|_SECRET|_SECURITY_TOKEN|_WEB_TOKEN)$/', $name))) {
 			// This seems a sensitive constant, we encrypt its value
 			// To list all sensitive constant, you can make a
 			// WHERE name like '%\_KEY' or name like '%\_EXPORTKEY' or name like '%\_SECUREKEY' or name like '%\_SERVERKEY' or name like '%\_PASS' or name like '%\_PASSWORD' or name like '%\_SECRET'