Skip to content

Commit

Permalink
Fix #huntr7144bb4b-338f-45f0-a70e-088ef1f4c037
Browse files Browse the repository at this point in the history
  • Loading branch information
@eldy
eldy committed Jul 20, 2021
1 parent 0e18bd4 commit dc7ff07
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 14 deletions.
3 changes: 2 additions & 1 deletion htdocs/langs/en_US/main.lang
View file
Expand Up @@ -1137,4 +1137,5 @@ CopiedToClipboard=Copied to clipboard
InformationOnLinkToContract=This amount is only the total of all the lines of the contract. No notion of time is taken into consideration.
ConfirmCancel=Are you sure you want to cancel
EmailMsgID=Email MsgID
Forthcoming=Forthcoming
Forthcoming=Forthcoming
Currently=Currently
14 changes: 9 additions & 5 deletions htdocs/main.inc.php
View file
Expand Up @@ -460,11 +460,15 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type)
if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN)) || defined('CSRFCHECK_WITH_TOKEN')) {
// Array of action code where CSRFCHECK with token will be forced (so token must be provided on url request)
$arrayofactiontoforcetokencheck = array(
'activate', 'add', 'addtimespent', 'update', 'install',
'confirm_create_user', 'confirm_create_thirdparty', 'confirm_purge', 'confirm_reject_check', 'confirm_deletedir',
'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'disable',
'doprev', 'donext', 'dvprev', 'dvnext',
'enable', 'setpricelevel'
'activate', 'add', 'addrights', 'addtimespent',
'confirm_create_user', 'confirm_create_thirdparty', 'confirm_purge', 'confirm_reject_check', 'confirm_deletedir',
'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'delrights',
'disable',
'doprev', 'donext', 'dvprev', 'dvnext',
'enable',
'install',
'setpricelevel',
'update'
);
$sensitiveget = false;
if (in_array(GETPOST('action', 'aZ09'), $arrayofactiontoforcetokencheck)) {
Expand Down
4 changes: 2 additions & 2 deletions htdocs/user/card.php
View file
Expand Up @@ -1437,7 +1437,7 @@
}

// Employee
print '<tr><td>'.$langs->trans("Employee").'</td><td colspan="2">';
print '<tr><td>'.$langs->trans("Employee").'</td><td>';
print '<input type="checkbox" disabled name="employee" value="1"'.($object->employee ? ' checked="checked"' : '').'>';
//print yn($object->employee);
print '</td></tr>'."\n";
Expand Down Expand Up @@ -1803,7 +1803,7 @@
print dol_print_date($object->datepreviouslogin, "dayhour").' <span class="opacitymedium">('.$langs->trans("Previous").')</span>, ';
}
if ($object->datelastlogin) {
print dol_print_date($object->datelastlogin, "dayhour").' <span class="opacitymedium">('.$langs->trans("Current").')</span>';
print dol_print_date($object->datelastlogin, "dayhour").' <span class="opacitymedium">('.$langs->trans("Currently").')</span>';
}
print '</td>';
print "</tr>\n";
Expand Down
12 changes: 6 additions & 6 deletions htdocs/user/group/perms.php
View file
Expand Up @@ -235,9 +235,9 @@
print '<td>'.$langs->trans("Module").'</td>';
if ($caneditperms) {
print '<td class="center nowrap">';
print '<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;module=allmodules">'.$langs->trans("All")."</a>";
print '<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;module=allmodules&amp;token='.newToken().'">'.$langs->trans("All")."</a>";
print '/';
print '<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.dol_escape_htmltag($langs->trans("None")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=delrights&amp;entity='.$entity.'&amp;module=allmodules">'.$langs->trans("None")."</a>";
print '<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.dol_escape_htmltag($langs->trans("None")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=delrights&amp;entity='.$entity.'&amp;module=allmodules&amp;token='.newToken().'">'.$langs->trans("None")."</a>";
print '</td>';
}
print '<td class="center" width="24">&nbsp;</td>';
Expand Down Expand Up @@ -286,9 +286,9 @@
print '</td>';
if ($caneditperms) {
print '<td class="center nowrap">';
print '<a class="reposition" title='.$langs->trans("All").' alt='.$langs->trans("All").' href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;module='.$obj->module.'">'.$langs->trans("All")."</a>";
print '<a class="reposition" title='.$langs->trans("All").' alt='.$langs->trans("All").' href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;module='.$obj->module.'&amp;token='.newToken().'">'.$langs->trans("All")."</a>";
print '/';
print '<a class="reposition" title='.$langs->trans("None").' alt='.$langs->trans("None").' href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=delrights&amp;entity='.$entity.'&amp;module='.$obj->module.'">'.$langs->trans("None")."</a>";
print '<a class="reposition" title='.$langs->trans("None").' alt='.$langs->trans("None").' href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=delrights&amp;entity='.$entity.'&amp;module='.$obj->module.'&amp;token='.newToken().'">'.$langs->trans("None")."</a>";
print '</td>';
} else {
print '<td>&nbsp;</td>';
Expand Down Expand Up @@ -326,7 +326,7 @@
} else {
// Do not own permission
if ($caneditperms) {
print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;rights='.$obj->id.'">';
print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;rights='.$obj->id.'&amp;token='.newToken().'">';
//print img_edit_add($langs->trans("Add"));
print img_picto($langs->trans("Add"), 'switch_off');
print '</a></td>';
Expand All @@ -336,7 +336,7 @@
} else {
// Do not own permission
if ($caneditperms) {
print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;rights='.$obj->id.'">';
print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;rights='.$obj->id.'&amp;token='.newToken().'">';
//print img_edit_add($langs->trans("Add"));
print img_picto($langs->trans("Add"), 'switch_off');
print '</a></td>';
Expand Down

0 comments on commit dc7ff07

Please sign in to comment.