Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix add set_paid as sensitive action
  • Loading branch information
eldy committed Sep 18, 2021
1 parent 0749d01 commit b46f402
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion htdocs/don/card.php
Expand Up @@ -876,7 +876,7 @@

// Classify 'paid'
if ($object->statut == $object::STATUS_VALIDATED && round($remaintopay) == 0 && $object->paid == 0 && $user->rights->don->creer) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?rowid='.$object->id.'&action=set_paid">'.$langs->trans("ClassifyPaid")."</a></div>";
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?rowid='.$object->id.'&action=set_paid&token='.newToken().'">'.$langs->trans("ClassifyPaid")."</a></div>";
}

// Delete
Expand Down
2 changes: 1 addition & 1 deletion htdocs/main.inc.php
Expand Up @@ -466,7 +466,7 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type)
'activate', 'add', 'addrights', 'addtimespent',
'doprev', 'donext', 'dvprev', 'dvnext',
'install',
'setpricelevel',
'setpricelevel', 'set_paid',
'update'
);
$sensitiveget = false;
Expand Down

0 comments on commit b46f402

Please sign in to comment.