From 0749d01c5a29038d7ecd68fb8530feef23b37bc8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 18 Sep 2021 22:04:41 +0200 Subject: [PATCH] Fix add action delete* as sensitive action --- htdocs/accountancy/admin/categories_list.php | 2 +- .../canvas/default/tpl/adherentcard_view.tpl.php | 6 +++--- htdocs/admin/receiptprinter.php | 12 ++++++------ htdocs/asset/card.php | 4 ++-- htdocs/bom/bom_card.php | 2 +- htdocs/bom/tpl/objectline_view.tpl.php | 2 +- htdocs/bookmarks/card.php | 4 ++-- htdocs/categories/photos.php | 2 +- htdocs/comm/mailing/card.php | 2 +- htdocs/commande/card.php | 4 ++-- htdocs/compta/bank/bankentries_list.php | 2 +- htdocs/compta/bank/categ.php | 4 ++-- htdocs/compta/facture/card.php | 2 +- htdocs/compta/paiement/card.php | 4 ++-- htdocs/compta/paiement/cheque/card.php | 4 ++-- htdocs/compta/payment_sc/card.php | 2 +- htdocs/compta/payment_vat/card.php | 2 +- htdocs/compta/sociales/card.php | 2 +- .../canvas/default/tpl/contactcard_view.tpl.php | 6 +++--- htdocs/contrat/card.php | 6 +++--- htdocs/core/class/commonobject.class.php | 8 ++++---- htdocs/delivery/card.php | 4 ++-- htdocs/don/payment/card.php | 2 +- .../eventorganization/conferenceorbooth_card.php | 8 ++++---- .../conferenceorboothattendee_card.php | 4 ++-- htdocs/expedition/card.php | 8 ++++---- htdocs/expensereport/card.php | 4 ++-- htdocs/expensereport/payment/card.php | 2 +- htdocs/fourn/commande/card.php | 2 +- htdocs/fourn/facture/card.php | 2 +- htdocs/fourn/paiement/card.php | 2 +- .../knowledgemanagement/knowledgerecord_card.php | 2 +- htdocs/loan/card.php | 4 ++-- htdocs/loan/payment/card.php | 2 +- htdocs/main.inc.php | 5 +---- htdocs/product/card.php | 2 +- htdocs/product/dynamic_price/editor.php | 2 +- htdocs/product/price.php | 14 +++++++------- htdocs/product/stock/productlot_card.php | 4 ++-- htdocs/projet/card.php | 2 +- htdocs/projet/tasks/task.php | 2 +- htdocs/projet/tasks/time.php | 4 ++-- htdocs/reception/card.php | 8 ++++---- htdocs/recruitment/recruitmentcandidature_card.php | 2 +- htdocs/recruitment/recruitmentjobposition_card.php | 2 +- htdocs/resource/card.php | 2 +- htdocs/salaries/payment_salary/card.php | 2 +- .../societe/canvas/company/tpl/card_view.tpl.php | 2 +- .../canvas/individual/tpl/card_view.tpl.php | 2 +- htdocs/societe/card.php | 2 +- htdocs/societe/price.php | 4 ++-- htdocs/supplier_proposal/card.php | 4 ++-- htdocs/user/group/card.php | 4 ++-- htdocs/user/notify/card.php | 2 +- 54 files changed, 98 insertions(+), 101 deletions(-) diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index 4be890de7d51c..8cadfb5f4d50b 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -820,7 +820,7 @@ if ($iserasable) { print ''; if ($user->admin) { - print ''.img_delete().''; + print ''.img_delete().''; } //else print ''.img_delete().''; // Some dictionary can be edited by other profile than admin print ''; diff --git a/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php b/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php index 16e9dc1886a77..d685e828b9ca2 100644 --- a/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php +++ b/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php @@ -125,15 +125,15 @@ echo '
'; if ($user->rights->adherent->creer) { - echo ''.$langs->trans('Modify').''; + echo ''.$langs->trans('Modify').''; } if (!$this->control->tpl['user_id'] && $user->rights->user->user->creer) { - echo ''.$langs->trans("CreateDolibarrLogin").''; + echo ''.$langs->trans("CreateDolibarrLogin").''; } if ($user->rights->adherent->supprimer) { - echo ''.$langs->trans('Delete').''; + echo ''.$langs->trans('Delete').''; } echo '

'; diff --git a/htdocs/admin/receiptprinter.php b/htdocs/admin/receiptprinter.php index 988023175dbda..0daaa162a69a6 100644 --- a/htdocs/admin/receiptprinter.php +++ b/htdocs/admin/receiptprinter.php @@ -350,15 +350,15 @@ function gzdecode($data) print ''.$langs->trans($printer->listprinters[$line]['fk_profile_name']).''; print ''.$printer->listprinters[$line]['parameter'].''; // edit icon - print ''; + print ''; print img_picto($langs->trans("Edit"), 'edit'); print ''; // delete icon - print ''; + print ''; print img_picto($langs->trans("Delete"), 'delete'); print ''; // test icon - print ''; + print ''; print img_picto($langs->trans("TestPrinter"), 'printer'); print ''; print ''; @@ -438,15 +438,15 @@ function gzdecode($data) print ''.$printer->listprinterstemplates[$line]['name'].''; print ''.dol_htmlentitiesbr($printer->listprinterstemplates[$line]['template']).''; // edit icon - print ''; + print ''; print img_picto($langs->trans("Edit"), 'edit'); print ''; // delete icon - print ''; + print ''; print img_picto($langs->trans("Delete"), 'delete'); print ''; // test icon - print ''; + print ''; print img_picto($langs->trans("TestPrinterTemplate"), 'printer'); print ''; } diff --git a/htdocs/asset/card.php b/htdocs/asset/card.php index efa1703bca5be..dc00b24481371 100644 --- a/htdocs/asset/card.php +++ b/htdocs/asset/card.php @@ -294,13 +294,13 @@ if (empty($reshook)) { if ($user->rights->asset->write) { - print ''.$langs->trans("Modify").''."\n"; + print ''.$langs->trans("Modify").''."\n"; } else { print ''.$langs->trans('Modify').''."\n"; } if ($user->rights->asset->delete) { - print ''.$langs->trans('Delete').''."\n"; + print ''.$langs->trans('Delete').''."\n"; } else { print ''.$langs->trans('Delete').''."\n"; } diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php index a8077d1f9730f..e3d3343bbee9a 100644 --- a/htdocs/bom/bom_card.php +++ b/htdocs/bom/bom_card.php @@ -651,7 +651,7 @@ */ if ($permissiontodelete) { - print ''.$langs->trans('Delete').''."\n"; + print ''.$langs->trans('Delete').''."\n"; } else { print ''.$langs->trans('Delete').''."\n"; } diff --git a/htdocs/bom/tpl/objectline_view.tpl.php b/htdocs/bom/tpl/objectline_view.tpl.php index fff9d077a0850..2c3896a628257 100644 --- a/htdocs/bom/tpl/objectline_view.tpl.php +++ b/htdocs/bom/tpl/objectline_view.tpl.php @@ -129,7 +129,7 @@ $coldisplay++; if (($line->fk_prev_id == null) && empty($disableremove)) { //La suppression n'est autorisée que si il n'y a pas de ligne dans une précédente situation - print 'id.'">'; + print 'id.'">'; print img_delete(); print ''; } diff --git a/htdocs/bookmarks/card.php b/htdocs/bookmarks/card.php index 045e656de50a7..839ce4c3f8631 100644 --- a/htdocs/bookmarks/card.php +++ b/htdocs/bookmarks/card.php @@ -313,12 +313,12 @@ // Edit if ($user->rights->bookmark->creer && $action != 'edit') { - print ''.$langs->trans("Edit").''."\n"; + print ''.$langs->trans("Edit").''."\n"; } // Remove if ($user->rights->bookmark->supprimer && $action != 'edit') { - print ''.$langs->trans("Delete").''."\n"; + print ''.$langs->trans("Delete").''."\n"; } print ''; diff --git a/htdocs/categories/photos.php b/htdocs/categories/photos.php index 5fb1c85dd408b..06c3caae43c39 100644 --- a/htdocs/categories/photos.php +++ b/htdocs/categories/photos.php @@ -234,7 +234,7 @@ print ''.img_picto($langs->trans('GenerateThumb'), 'refresh').'  '; } if ($user->rights->categorie->creer) { - print ''; + print ''; print img_delete().''; } if ($nbbyrow) { diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php index 8b97f23737e75..0a28346a130fb 100644 --- a/htdocs/comm/mailing/card.php +++ b/htdocs/comm/mailing/card.php @@ -1011,7 +1011,7 @@ if ($object->statut > 0 && (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !$user->rights->mailing->mailing_advance->delete)) { print ''.$langs->trans("DeleteMailing").''; } else { - print ''.$langs->trans("DeleteMailing").''; + print ''.$langs->trans("DeleteMailing").''; } } diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index d598c8b403f5f..625ca98d1ea33 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -2592,13 +2592,13 @@ // Cancel order if ($object->statut == Commande::STATUS_VALIDATED && (!empty($usercanclose) || !empty($usercancancel))) { - print ''.$langs->trans("Cancel").''; + print ''.$langs->trans("Cancel").''; } // Delete order if ($usercandelete) { if ($numshipping == 0) { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } else { print ''.$langs->trans("Delete").''; } diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index dda6eec132c22..f6a03c1d11dc0 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -1683,7 +1683,7 @@ } } if ($user->rights->banque->modifier) { - print 'rowid.'&id='.$objp->bankid.'&page='.$page.'">'; + print 'rowid.'&id='.$objp->bankid.'&page='.$page.'">'; print img_delete('', 'class="marginleftonly"'); print ''; } diff --git a/htdocs/compta/bank/categ.php b/htdocs/compta/bank/categ.php index 403caa6cdfd6e..2605bc39d30ba 100644 --- a/htdocs/compta/bank/categ.php +++ b/htdocs/compta/bank/categ.php @@ -146,8 +146,8 @@ //print ''.$langs->trans("List").''; print ''; print ''; - print ''.img_edit().''; - print ''.img_delete().''; + print ''.img_edit().''; + print ''.img_delete().''; print ''; } print ""; diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index c7032002c4322..0384080069b0d 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -5513,7 +5513,7 @@ function js_recalculate_revenuestamp(){ } elseif ($objectidnext) { print ''.$langs->trans('Delete').''; } else { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } } else { print ''.$langs->trans('Delete').''; diff --git a/htdocs/compta/paiement/card.php b/htdocs/compta/paiement/card.php index ed8ec522aea14..b69a2a9195859 100644 --- a/htdocs/compta/paiement/card.php +++ b/htdocs/compta/paiement/card.php @@ -445,7 +445,7 @@ if (!empty($conf->global->BILL_ADD_PAYMENT_VALIDATION)) { if ($user->socid == 0 && $object->statut == 0 && $_GET['action'] == '') { if ($user->rights->facture->paiement) { - print ''.$langs->trans('Valid').''; + print ''.$langs->trans('Valid').''; } } } @@ -453,7 +453,7 @@ if ($user->socid == 0 && $action == '') { if ($user->rights->facture->paiement) { if (!$disable_delete) { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } else { print ''.$langs->trans('Delete').''; } diff --git a/htdocs/compta/paiement/cheque/card.php b/htdocs/compta/paiement/cheque/card.php index 0092e7310460e..61d295a29b035 100644 --- a/htdocs/compta/paiement/cheque/card.php +++ b/htdocs/compta/paiement/cheque/card.php @@ -710,11 +710,11 @@ print '
'; if ($user->socid == 0 && !empty($object->id) && $object->statut == 0 && $user->rights->banque->cheque) { - print ''.$langs->trans('Validate').''; + print ''.$langs->trans('Validate').''; } if ($user->socid == 0 && !empty($object->id) && $user->rights->banque->cheque) { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } print '
'; diff --git a/htdocs/compta/payment_sc/card.php b/htdocs/compta/payment_sc/card.php index 27a35e8335253..8b33b9b8730a3 100644 --- a/htdocs/compta/payment_sc/card.php +++ b/htdocs/compta/payment_sc/card.php @@ -251,7 +251,7 @@ if ($action == '') { if ($user->rights->tax->charges->supprimer) { if (!$disable_delete) { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } else { print ''.$langs->trans('Delete').''; } diff --git a/htdocs/compta/payment_vat/card.php b/htdocs/compta/payment_vat/card.php index bfa1400938036..94dd817900ed9 100644 --- a/htdocs/compta/payment_vat/card.php +++ b/htdocs/compta/payment_vat/card.php @@ -307,7 +307,7 @@ if ($action == '') { if ($user->rights->tax->charges->supprimer) { if (!$disable_delete) { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } else { print ''.$langs->trans('Delete').''; } diff --git a/htdocs/compta/sociales/card.php b/htdocs/compta/sociales/card.php index 3f1948f1e919e..dba86742e5b15 100644 --- a/htdocs/compta/sociales/card.php +++ b/htdocs/compta/sociales/card.php @@ -777,7 +777,7 @@ // Delete if ($user->rights->tax->charges->supprimer && empty($totalpaye)) { - print '
'.$langs->trans("Delete").'
'; + print '
'.$langs->trans("Delete").'
'; } else { print '
'.$langs->trans("Delete").'
'; } diff --git a/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php b/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php index c624eca4026f3..e458cdf3016fe 100644 --- a/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php +++ b/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php @@ -139,15 +139,15 @@ if (empty($user->socid)) { print '
'; if ($user->rights->societe->contact->creer) { - print ''.$langs->trans('Modify').''; + print ''.$langs->trans('Modify').''; } if (!$this->control->tpl['user_id'] && $user->rights->user->user->creer) { - print ''.$langs->trans("CreateDolibarrLogin").''; + print ''.$langs->trans("CreateDolibarrLogin").''; } if ($user->rights->societe->contact->supprimer) { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } print '

'; diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index 7c6ffe695e6e8..f29c00b0f99d0 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -1546,12 +1546,12 @@ print ''; } if ($user->rights->contrat->creer && ($object->statut >= 0)) { - print ''; + print ''; print img_edit(); print ''; } if ($user->rights->contrat->creer && ($object->statut >= 0)) { - print ''; + print ''; print img_delete(); print ''; } @@ -2103,7 +2103,7 @@ // - Droit de creer + mode brouillon (erreur creation) // - Droit de supprimer if (($user->rights->contrat->creer && $object->statut == $object::STATUS_DRAFT) || $user->rights->contrat->supprimer) { - print '
'.$langs->trans("Delete").'
'; + print '
'.$langs->trans("Delete").'
'; } else { print '
'.$langs->trans("Delete").'
'; } diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 45076e522a33c..230bdb73a5086 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -8205,10 +8205,10 @@ public function show_photos($modulepart, $sdir, $size = 0, $nbmax = 0, $nbbyrow // Special cas for product if ($modulepart == 'product' && ($user->rights->produit->creer || $user->rights->service->creer)) { // Link to resize - $return .= ''.img_picto($langs->trans("Resize"), 'resize', '').'   '; + $return .= ''.img_picto($langs->trans("Resize"), 'resize', '').'   '; // Link to delete - $return .= ''; + $return .= ''; $return .= img_delete().''; } } @@ -8234,10 +8234,10 @@ public function show_photos($modulepart, $sdir, $size = 0, $nbmax = 0, $nbbyrow // Special case for product if ($modulepart == 'product' && ($user->rights->produit->creer || $user->rights->service->creer)) { // Link to resize - $return .= ''.img_picto($langs->trans("Resize"), 'resize', '').'   '; + $return .= ''.img_picto($langs->trans("Resize"), 'resize', '').'   '; // Link to delete - $return .= ''; + $return .= ''; $return .= img_delete().''; } } diff --git a/htdocs/delivery/card.php b/htdocs/delivery/card.php index 41b066ae5a669..c501d41320f12 100644 --- a/htdocs/delivery/card.php +++ b/htdocs/delivery/card.php @@ -651,9 +651,9 @@ if ($user->rights->expedition->delivery->supprimer) { if ($conf->expedition_bon->enabled) { - print ''.$langs->trans("Delete").''; + print ''.$langs->trans("Delete").''; } else { - print ''.$langs->trans("Delete").''; + print ''.$langs->trans("Delete").''; } } diff --git a/htdocs/don/payment/card.php b/htdocs/don/payment/card.php index 40cf029889512..363ef6d34effa 100644 --- a/htdocs/don/payment/card.php +++ b/htdocs/don/payment/card.php @@ -213,7 +213,7 @@ if (empty($action)) { if ($user->rights->don->supprimer) { if (!$disable_delete) { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } else { print ''.$langs->trans('Delete').''; } diff --git a/htdocs/eventorganization/conferenceorbooth_card.php b/htdocs/eventorganization/conferenceorbooth_card.php index ec3e00c0ddeb2..afcb4f9a6f0d2 100644 --- a/htdocs/eventorganization/conferenceorbooth_card.php +++ b/htdocs/eventorganization/conferenceorbooth_card.php @@ -558,16 +558,16 @@ if (empty($reshook)) { // Send if (empty($user->socid)) { - print dolGetButtonAction($langs->trans('SendMail'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.$withProjectUrl.'&action=presend&mode=init#formmailbeforetitle'); + print dolGetButtonAction($langs->trans('SendMail'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.$withProjectUrl.'&action=presend&token='.newtoken().'&mode=init#formmailbeforetitle'); } - print dolGetButtonAction($langs->trans('Modify'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.$withProjectUrl.'&action=edit', '', $permissiontoadd); + print dolGetButtonAction($langs->trans('Modify'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.$withProjectUrl.'&action=edit&token='.newtoken().'', '', $permissiontoadd); // Clone - print dolGetButtonAction($langs->trans('ToClone'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.$withProjectUrl.'&socid='.$object->socid.'&action=clone&object=scrumsprint', '', $permissiontoadd); + print dolGetButtonAction($langs->trans('ToClone'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.$withProjectUrl.'&socid='.$object->socid.'&action=clone&token='.newtoken().'&object=scrumsprint', '', $permissiontoadd); // Delete (need delete permission, or if draft, just need create/modify permission) - print dolGetButtonAction($langs->trans('Delete'), '', 'delete', $_SERVER['PHP_SELF'].'?id='.$object->id.$withProjectUrl.'&action=delete', '', $permissiontodelete || ($object->status == $object::STATUS_DRAFT && $permissiontoadd)); + print dolGetButtonAction($langs->trans('Delete'), '', 'delete', $_SERVER['PHP_SELF'].'?id='.$object->id.$withProjectUrl.'&action=delete&token='.newtoken().'', '', $permissiontodelete || ($object->status == $object::STATUS_DRAFT && $permissiontoadd)); } print ''."\n"; } diff --git a/htdocs/eventorganization/conferenceorboothattendee_card.php b/htdocs/eventorganization/conferenceorboothattendee_card.php index f10c0b694cb2d..3d97d42aa4676 100644 --- a/htdocs/eventorganization/conferenceorboothattendee_card.php +++ b/htdocs/eventorganization/conferenceorboothattendee_card.php @@ -643,11 +643,11 @@ print dolGetButtonAction($langs->trans('Modify'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.(!empty($confOrBooth->id)?'&conforboothid='.$confOrBooth->id:'').(!empty($projectstatic->id)?'&fk_project='.$projectstatic->id:'').'&action=edit', '', $permissiontoadd); // Clone - print dolGetButtonAction($langs->trans('ToClone'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&socid='.$object->socid.'&action=clone&object=scrumsprint', '', $permissiontoadd); + print dolGetButtonAction($langs->trans('ToClone'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&socid='.$object->socid.'&action=clone&token='.newtoken().'&object=scrumsprint', '', $permissiontoadd); // Delete (need delete permission, or if draft, just need create/modify permission) - print dolGetButtonAction($langs->trans('Delete'), '', 'delete', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=delete', '', $permissiontodelete || ($object->status == $object::STATUS_DRAFT && $permissiontoadd)); + print dolGetButtonAction($langs->trans('Delete'), '', 'delete', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=delete&token='.newtoken().'', '', $permissiontodelete || ($object->status == $object::STATUS_DRAFT && $permissiontoadd)); } print ''."\n"; } diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index c9bd077f51173..0e7c7e07c29a8 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -2363,10 +2363,10 @@ } elseif ($object->statut == Expedition::STATUS_DRAFT) { // edit-delete buttons print ''; - print 'id.'">'.img_edit().''; + print 'id.'">'.img_edit().''; print ''; print ''; - print 'id.'">'.img_delete().''; + print 'id.'">'.img_delete().''; print ''; // Display lines extrafields @@ -2489,13 +2489,13 @@ // Cancel if ($object->statut == Expedition::STATUS_VALIDATED) { if ($user->rights->expedition->supprimer) { - print ''.$langs->trans("Cancel").''; + print ''.$langs->trans("Cancel").''; } } // Delete if ($user->rights->expedition->supprimer) { - print ''.$langs->trans("Delete").''; + print ''.$langs->trans("Delete").''; } } diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php index 5951c99d44051..b0206dd641757 100644 --- a/htdocs/expensereport/card.php +++ b/htdocs/expensereport/card.php @@ -2155,10 +2155,10 @@ if (($object->status < ExpenseReport::STATUS_VALIDATED || $object->status == ExpenseReport::STATUS_REFUSED) && $user->rights->expensereport->creer) { print ''; - print 'rowid.'">'; + print 'rowid.'">'; print img_edit(); print '   '; - print 'rowid.'">'; + print 'rowid.'">'; print img_delete(); print ''; diff --git a/htdocs/expensereport/payment/card.php b/htdocs/expensereport/payment/card.php index 7b86f295b5b46..847c059a9c6e4 100644 --- a/htdocs/expensereport/payment/card.php +++ b/htdocs/expensereport/payment/card.php @@ -240,7 +240,7 @@ if ($action == '') { if ($user->rights->expensereport->supprimer) { if (!$disable_delete) { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } else { print ''.$langs->trans('Delete').''; } diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 7668dd4dc171b..575b50a03941c 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -2570,7 +2570,7 @@ if ($hasreception) { print ''.$langs->trans("Delete").''; } else { - print ''.$langs->trans("Delete").''; + print ''.$langs->trans("Delete").''; } } } diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index 00ebda21fd1bf..9c77f1f3566cb 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -3531,7 +3531,7 @@ function setRadioForTypeOfInvoice() { } elseif ($isErasable <= 0) { // Any other cases print ''.$langs->trans('Delete').''; } else { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } } print ''; diff --git a/htdocs/fourn/paiement/card.php b/htdocs/fourn/paiement/card.php index 708fa266f0a17..05ad6ac71c427 100644 --- a/htdocs/fourn/paiement/card.php +++ b/htdocs/fourn/paiement/card.php @@ -345,7 +345,7 @@ if ($user->socid == 0 && $action == '') { if ($user->rights->fournisseur->facture->supprimer) { if ($allow_delete) { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } else { print ''.$langs->trans('Delete').''; } diff --git a/htdocs/knowledgemanagement/knowledgerecord_card.php b/htdocs/knowledgemanagement/knowledgerecord_card.php index df28de78e4ea6..2fdb574395fde 100644 --- a/htdocs/knowledgemanagement/knowledgerecord_card.php +++ b/htdocs/knowledgemanagement/knowledgerecord_card.php @@ -438,7 +438,7 @@ */ // Delete (need delete permission, or if draft, just need create/modify permission) - print dolGetButtonAction($langs->trans('Delete'), '', 'delete', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=delete', '', $permissiontodelete || ($object->status == $object::STATUS_DRAFT && $permissiontoadd)); + print dolGetButtonAction($langs->trans('Delete'), '', 'delete', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=delete&token='.newtoken(), '', $permissiontodelete || ($object->status == $object::STATUS_DRAFT && $permissiontoadd)); } print ''."\n"; } diff --git a/htdocs/loan/card.php b/htdocs/loan/card.php index 4d68da16ad893..9a3af206800c8 100644 --- a/htdocs/loan/card.php +++ b/htdocs/loan/card.php @@ -727,12 +727,12 @@ // Classify 'paid' if (($object->paid == 0 || $object->paid == 2) && round($staytopay) <= 0 && $user->rights->loan->write) { - print '
'.$langs->trans("ClassifyPaid").'
'; + print '
'.$langs->trans("ClassifyPaid").'
'; } // Delete if (($object->paid == 0 || $object->paid == 2) && $user->rights->loan->delete) { - print '
'.$langs->trans("Delete").'
'; + print '
'.$langs->trans("Delete").'
'; } print ""; diff --git a/htdocs/loan/payment/card.php b/htdocs/loan/payment/card.php index 0292fbf5b2c68..198025215b7b8 100644 --- a/htdocs/loan/payment/card.php +++ b/htdocs/loan/payment/card.php @@ -222,7 +222,7 @@ if (empty($action) && !empty($user->rights->loan->delete)) { if (!$disable_delete) { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } else { print ''.$langs->trans('Delete').''; } diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index b26dabbc98702..ad7ac652a4d6c 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -464,10 +464,7 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type) // Array of action code where CSRFCHECK with token will be forced (so token must be provided on url request) $arrayofactiontoforcetokencheck = array( 'activate', 'add', 'addrights', 'addtimespent', - 'delete', 'deletecontact', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'delrights', - 'disable', 'doprev', 'donext', 'dvprev', 'dvnext', - 'enable', 'install', 'setpricelevel', 'update' @@ -476,7 +473,7 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type) if (in_array(GETPOST('action', 'aZ09'), $arrayofactiontoforcetokencheck)) { $sensitiveget = true; } - if (preg_match('/^(classify|confirm_|disable_|enable_|setremise)/', GETPOST('action', 'aZ09'))) { + if (preg_match('/^(classify|confirm_|delete|disable|enable|setremise)/', GETPOST('action', 'aZ09'))) { $sensitiveget = true; } diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 23fc0077c9770..0aa2fb54abaf4 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -2525,7 +2525,7 @@ if (!empty($conf->use_javascript_ajax) && empty($conf->dol_use_jmobile)) { print ''.$langs->trans('Delete').''."\n"; } else { - print 'id.'">'.$langs->trans("Delete").''; + print 'id.'">'.$langs->trans("Delete").''; } } else { print ''.$langs->trans("Delete").''; diff --git a/htdocs/product/dynamic_price/editor.php b/htdocs/product/dynamic_price/editor.php index 418a71166a886..784be41dfe94b 100644 --- a/htdocs/product/dynamic_price/editor.php +++ b/htdocs/product/dynamic_price/editor.php @@ -190,7 +190,7 @@ if ($eid == 0) { print '
'.$langs->trans('Delete').'
'."\n"; } else { - print '
'.$langs->trans("Delete").'
'; + print '
'.$langs->trans("Delete").'
'; } print ''; diff --git a/htdocs/product/price.php b/htdocs/product/price.php index e21d17d823fb6..ecdddba712c91 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -953,9 +953,9 @@ print ''.price($prices['remise_percent']).' %'; print ''; if (($user->rights->produit->creer || $user->rights->service->creer)) { - print ''; + print ''; print img_edit().''; - print ''; + print ''; print img_delete().''; } else { print ' '; @@ -1106,9 +1106,9 @@ print ''.price($prices['remise_percent']).' %'; print ''; if (($user->rights->produit->creer || $user->rights->service->creer)) { - print ''; + print ''; print img_edit().''; - print ''; + print ''; print img_delete().''; } else { print ' '; @@ -1638,7 +1638,7 @@ function on_change() { print ''; if ($candelete || ($db->jdate($objp->dp) >= dol_now())) { // Test on date is to be able to delete a corrupted record with a date in future - print 'id.'&lineid='.$objp->rowid.'">'; + print 'id.'&lineid='.$objp->rowid.'">'; print img_delete(); print ''; } else { @@ -2193,11 +2193,11 @@ function on_change() { print img_info($langs->trans('PriceByCustomerLog')); print ''; print ' '; - print 'id.'&lineid='.$line->id.'">'; + print 'id.'&lineid='.$line->id.'">'; print img_edit('default', 0, 'style="vertical-align: middle;"'); print ''; print ' '; - print 'id.'&lineid='.$line->id.'">'; + print 'id.'&lineid='.$line->id.'">'; print img_delete('default', 'style="vertical-align: middle;"'); print ''; print ''; diff --git a/htdocs/product/stock/productlot_card.php b/htdocs/product/stock/productlot_card.php index 7a75019c8d1b0..31279ae32eedf 100644 --- a/htdocs/product/stock/productlot_card.php +++ b/htdocs/product/stock/productlot_card.php @@ -532,12 +532,12 @@ if (empty($reshook)) { /*TODO if ($user->rights->stock->lire) { - print '
'.$langs->trans("Modify").'
'."\n"; + print '
'.$langs->trans("Modify").'
'."\n"; } if ($user->rights->stock->supprimer) { - print '
'.$langs->trans('Delete').'
'."\n"; + print '
'.$langs->trans('Delete').'
'."\n"; } */ } diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index 05419cdb4eff8..21b49b9447e76 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -1343,7 +1343,7 @@ function change_percent() // Delete if ($user->rights->projet->supprimer || ($object->statut == Project::STATUS_DRAFT && $user->rights->projet->creer)) { if ($userDelete > 0 || ($object->statut == Project::STATUS_DRAFT && $user->rights->projet->creer)) { - print ''.$langs->trans("Delete").''; + print ''.$langs->trans("Delete").''; } else { print ''.$langs->trans('Delete').''; } diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php index 99b390870a80e..c35b46ef778dd 100644 --- a/htdocs/projet/tasks/task.php +++ b/htdocs/projet/tasks/task.php @@ -606,7 +606,7 @@ // Delete if ($user->rights->projet->supprimer) { if (!$object->hasChildren() && !$object->hasTimeSpent()) { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } else { print ''.$langs->trans('Delete').''; } diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index fa6884ee92070..200fab4579fa7 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -1729,12 +1729,12 @@ function setDetailVisibility() { } print ' '; - print 'rowid.$param.((empty($id) || $tab == 'timespent') ? '&tab=timespent' : '').'">'; + print 'rowid.$param.((empty($id) || $tab == 'timespent') ? '&tab=timespent' : '').'">'; print img_edit(); print ''; print ' '; - print 'rowid.$param.((empty($id) || $tab == 'timespent') ? '&tab=timespent' : '').'">'; + print 'rowid.$param.((empty($id) || $tab == 'timespent') ? '&tab=timespent' : '').'">'; print img_delete('default', 'class="pictodelete paddingleft"'); print ''; diff --git a/htdocs/reception/card.php b/htdocs/reception/card.php index f6424d6dc9116..b74adaae6b0c4 100644 --- a/htdocs/reception/card.php +++ b/htdocs/reception/card.php @@ -1920,10 +1920,10 @@ } elseif ($object->statut == Reception::STATUS_DRAFT) { // edit-delete buttons print ''; - print 'id.'">'.img_edit().''; + print 'id.'">'.img_edit().''; print ''; print ''; - print 'id.'">'.img_delete().''; + print 'id.'">'.img_delete().''; print ''; // Display lines extrafields @@ -2026,12 +2026,12 @@ $label = "ClassifyBilled"; $paramaction = 'classifybilled'; } - print ''.$langs->trans($label).''; + print ''.$langs->trans($label).''; } } if ($user->rights->reception->supprimer) { - print ''.$langs->trans("Delete").''; + print ''.$langs->trans("Delete").''; } } diff --git a/htdocs/recruitment/recruitmentcandidature_card.php b/htdocs/recruitment/recruitmentcandidature_card.php index 586cc2256397b..8eb2c8a1f10e0 100644 --- a/htdocs/recruitment/recruitmentcandidature_card.php +++ b/htdocs/recruitment/recruitmentcandidature_card.php @@ -620,7 +620,7 @@ // Delete (need delete permission, or if draft, just need create/modify permission) if ($permissiontodelete || ($object->status == $object::STATUS_DRAFT && $permissiontoadd)) { - print ''.$langs->trans('Delete').''."\n"; + print ''.$langs->trans('Delete').''."\n"; } else { print ''.$langs->trans('Delete').''."\n"; } diff --git a/htdocs/recruitment/recruitmentjobposition_card.php b/htdocs/recruitment/recruitmentjobposition_card.php index a3e9b697ae1a5..9564e95938129 100644 --- a/htdocs/recruitment/recruitmentjobposition_card.php +++ b/htdocs/recruitment/recruitmentjobposition_card.php @@ -505,7 +505,7 @@ // Delete (need delete permission, or if draft, just need create/modify permission) if ($permissiontodelete || ($object->status == $object::STATUS_DRAFT && $permissiontoadd)) { - print ''.$langs->trans('Delete').''."\n"; + print ''.$langs->trans('Delete').''."\n"; } else { print ''.$langs->trans('Delete').''."\n"; } diff --git a/htdocs/resource/card.php b/htdocs/resource/card.php index 88b3d0fdb03c3..649d69d7fb5f8 100644 --- a/htdocs/resource/card.php +++ b/htdocs/resource/card.php @@ -347,7 +347,7 @@ // Delete resource if ($user->rights->resource->delete) { print '
'; - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; print '
'; } } diff --git a/htdocs/salaries/payment_salary/card.php b/htdocs/salaries/payment_salary/card.php index e4364f6727f09..d33d04c49ff34 100644 --- a/htdocs/salaries/payment_salary/card.php +++ b/htdocs/salaries/payment_salary/card.php @@ -248,7 +248,7 @@ if ($action == '') { if ($user->rights->salaries->delete) { if (!$disable_delete) { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } else { print ''.$langs->trans('Delete').''; } diff --git a/htdocs/societe/canvas/company/tpl/card_view.tpl.php b/htdocs/societe/canvas/company/tpl/card_view.tpl.php index 8169a6ca22f1a..7dfe7c212f27a 100644 --- a/htdocs/societe/canvas/company/tpl/card_view.tpl.php +++ b/htdocs/societe/canvas/company/tpl/card_view.tpl.php @@ -267,7 +267,7 @@ use_javascript_ajax) { ?> trans('Delete'); ?> - ">trans('Delete'); ?> + ">trans('Delete'); ?> diff --git a/htdocs/societe/canvas/individual/tpl/card_view.tpl.php b/htdocs/societe/canvas/individual/tpl/card_view.tpl.php index f058d38cd7c50..86c7d9c9f6585 100644 --- a/htdocs/societe/canvas/individual/tpl/card_view.tpl.php +++ b/htdocs/societe/canvas/individual/tpl/card_view.tpl.php @@ -194,7 +194,7 @@ use_javascript_ajax) { ?> trans('Delete'); ?> - ">trans('Delete'); ?> + ">trans('Delete'); ?> diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index 96142f65cd6fc..a155f08e529b0 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -2942,7 +2942,7 @@ function init_supplier_categ() { if ($conf->use_javascript_ajax && empty($conf->dol_use_jmobile)) { // We can't use preloaded confirm form with jmobile print ''.$langs->trans('Delete').''."\n"; } else { - print ''.$langs->trans('Delete').''."\n"; + print ''.$langs->trans('Delete').''."\n"; } } } diff --git a/htdocs/societe/price.php b/htdocs/societe/price.php index da4ca1c0cd7af..dbb0e8f055324 100644 --- a/htdocs/societe/price.php +++ b/htdocs/societe/price.php @@ -620,11 +620,11 @@ print img_info(); print ''; print ' '; - print 'id.'&lineid='.$line->id.'">'; + print 'id.'&lineid='.$line->id.'">'; print img_edit('default', 0, 'style="vertical-align: middle;"'); print ''; print ' '; - print 'id.'&lineid='.$line->id.'">'; + print 'id.'&lineid='.$line->id.'">'; print img_delete('default', 'style="vertical-align: middle;"'); print ''; print ''; diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index a8c1c3a747d0d..c116dceb9934c 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -1889,12 +1889,12 @@ // Clone if ($usercancreate) { - print '
'.$langs->trans("ToClone").'
'; + print '
'.$langs->trans("ToClone").'
'; } // Delete if (($object->statut == SupplierProposal::STATUS_DRAFT && $usercancreate) || $usercandelete) { - print '
'.$langs->trans('Delete').'
'; } } diff --git a/htdocs/user/group/card.php b/htdocs/user/group/card.php index 0034878d5a163..36b9ce7566cfc 100644 --- a/htdocs/user/group/card.php +++ b/htdocs/user/group/card.php @@ -380,11 +380,11 @@ } if ($caneditperms) { - print ''.$langs->trans("Modify").''; + print ''.$langs->trans("Modify").''; } if ($candisableperms) { - print ''.$langs->trans("DeleteGroup").''; + print ''.$langs->trans("DeleteGroup").''; } print "\n"; diff --git a/htdocs/user/notify/card.php b/htdocs/user/notify/card.php index 5ff285972df38..48cbad46799f9 100644 --- a/htdocs/user/notify/card.php +++ b/htdocs/user/notify/card.php @@ -337,7 +337,7 @@ print $langs->trans("SMS"); } print ''; - print ''.img_delete().''; + print ''.img_delete().''; print ''; $i++; }