Fix: ajout d'un jeton alatoire dans les requetes POST
This commit is contained in:
Regis Houssin
parent
b1e630a3fa
commit
0d18fbcad5
@ -254,6 +254,7 @@ if ($user->rights->societe->contact->creer)
|
||||
|
||||
print '<br>';
|
||||
print '<form method="post" action="fiche.php">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="action" value="add">';
|
||||
print '<table class="border" width="100%">';
|
||||
|
||||
@ -344,6 +345,7 @@ if ($user->rights->societe->contact->creer)
|
||||
}
|
||||
|
||||
print '<form method="post" action="fiche.php?id='.$_GET["id"].'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="id" value="'.$_GET["id"].'">';
|
||||
print '<input type="hidden" name="action" value="update">';
|
||||
print '<input type="hidden" name="contactid" value="'.$contact->id.'">';
|
||||
|
||||
@ -207,6 +207,7 @@ if ($result)
|
||||
print_barre_liste($titre ,$page, "index.php", '&begin='.$begin.'&view='.$_GET["view"].'&userid='.$_GET["userid"], $sortfield, $sortorder,'',$num,$nbtotalofrecords);
|
||||
|
||||
print '<form method="post" action="index.php">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="view" value="'.$view.'">';
|
||||
print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
|
||||
print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
|
||||
|
||||
@ -95,6 +95,7 @@ if ($_GET["action"] == 'edit')
|
||||
print '<table class="border" width="100%">';
|
||||
|
||||
print '<form name="perso" method="post" action="perso.php?id='.$_GET["id"].'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="action" value="update">';
|
||||
print '<input type="hidden" name="contactid" value="'.$contact->id.'">';
|
||||
|
||||
|
||||
@ -230,6 +230,7 @@ if ($id > 0)
|
||||
$var = false;
|
||||
|
||||
print '<form action="contact.php?id='.$id.'" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="action" value="addcontact">';
|
||||
print '<input type="hidden" name="source" value="internal">';
|
||||
print '<input type="hidden" name="id" value="'.$id.'">';
|
||||
@ -258,6 +259,7 @@ if ($id > 0)
|
||||
print '</form>';
|
||||
|
||||
print '<form action="contact.php?id='.$id.'" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="action" value="addcontact">';
|
||||
print '<input type="hidden" name="source" value="external">';
|
||||
print '<input type="hidden" name="id" value="'.$id.'">';
|
||||
|
||||
@ -462,6 +462,7 @@ if ($_GET["action"] == 'create')
|
||||
$soc->fetch($obj->rowid);
|
||||
|
||||
print '<form name="contrat" action="fiche.php" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
|
||||
print '<input type="hidden" name="action" value="add">';
|
||||
print '<input type="hidden" name="socid" value="'.$soc->id.'">'."\n";
|
||||
@ -682,6 +683,7 @@ else
|
||||
if ($contrat->brouillon && $user->rights->contrat->creer)
|
||||
{
|
||||
print '<form action="fiche.php?id='.$id.'" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="action" value="setremise">';
|
||||
}
|
||||
|
||||
@ -1066,6 +1068,7 @@ else
|
||||
* Activer la ligne de contrat
|
||||
*/
|
||||
print '<form name="active" action="'.$_SERVER["PHP_SELF"].'?id='.$contrat->id.'&ligne='.$_GET["ligne"].'&action=active" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
|
||||
print '<table class="noborder" width="100%">';
|
||||
//print '<tr class="liste_titre"><td colspan="5">'.$langs->trans("Status").'</td></tr>';
|
||||
@ -1115,6 +1118,7 @@ else
|
||||
* Desactiver la ligne de contrat
|
||||
*/
|
||||
print '<form name="closeline" action="'.$_SERVER["PHP_SELF"].'?id='.$contrat->id.'&ligne='.$contrat->lignes[$cursorline-1]->id.'&action=closeline" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
|
||||
print '<table class="noborder" width="100%">';
|
||||
|
||||
@ -1189,6 +1193,7 @@ else
|
||||
|
||||
// Service sur produit predefini
|
||||
print '<form name="addligne" action="'.$_SERVER["PHP_SELF"].'?id='.$id.'" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="action" value="addligne">';
|
||||
print '<input type="hidden" name="mode" value="predefined">';
|
||||
print '<input type="hidden" name="id" value="'.$id.'">';
|
||||
@ -1224,6 +1229,7 @@ else
|
||||
|
||||
// Service libre
|
||||
print '<form name="addligne_sl" action="'.$_SERVER["PHP_SELF"].'?id='.$id.'" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="action" value="addligne">';
|
||||
print '<input type="hidden" name="mode" value="libre">';
|
||||
print '<input type="hidden" name="id" value="'.$id.'">';
|
||||
|
||||
@ -81,6 +81,7 @@ if ($conf->contrat->enabled)
|
||||
{
|
||||
$var=false;
|
||||
print '<form method="post" action="'.DOL_URL_ROOT.'/contrat/liste.php">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<table class="noborder" width="100%">';
|
||||
print '<tr class="liste_titre"><td colspan="3">'.$langs->trans("SearchAContract").'</td></tr>';
|
||||
print '<tr '.$bc[$var].'>';
|
||||
|
||||
@ -113,6 +113,7 @@ if ($resql)
|
||||
print "</tr>\n";
|
||||
|
||||
print '<form method="POST" action="liste.php">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<tr class="liste_titre">';
|
||||
print '<td class="liste_titre">';
|
||||
print '<input type="text" class="flat" size="3" name="search_contract" value="'.$search_contract.'">';
|
||||
|
||||
@ -132,6 +132,7 @@ if ($_GET["id"])
|
||||
if ($_GET["action"] == 'edit')
|
||||
{
|
||||
print '<form method="post" action="note.php?id='.$contrat->id.'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="action" value="update_public">';
|
||||
print '<textarea name="note_public" cols="80" rows="'.ROWS_8.'">'.$contrat->note_public."</textarea><br>";
|
||||
print '<input type="submit" class="button" value="'.$langs->trans("Save").'">';
|
||||
@ -151,6 +152,7 @@ if ($_GET["id"])
|
||||
if ($_GET["action"] == 'edit')
|
||||
{
|
||||
print '<form method="post" action="note.php?id='.$contrat->id.'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="action" value="update">';
|
||||
print '<textarea name="note" cols="80" rows="'.ROWS_8.'">'.$contrat->note."</textarea><br>";
|
||||
print '<input type="submit" class="button" value="'.$langs->trans("Save").'">';
|
||||
|
||||
@ -140,6 +140,7 @@ if ($resql)
|
||||
print "</tr>\n";
|
||||
|
||||
print '<form method="POST" action="services.php">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<tr class="liste_titre">';
|
||||
print '<td class="liste_titre">';
|
||||
print '<input type="hidden" name="filter" value="'.$filter.'">';
|
||||
|
||||
@ -147,6 +147,7 @@ if ($_GET["action"] == 'create')
|
||||
// Create
|
||||
//***********************
|
||||
print '<form action="'.$_SERVER["PHP_SELF"].'" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="action" value="add">';
|
||||
|
||||
$title=$langs->trans("ECMNewSection");
|
||||
|
||||
@ -119,6 +119,7 @@ dol_fiche_head($head, 'card', $langs->trans("ECMSectionManual"));
|
||||
if ($_GET["action"] == 'edit')
|
||||
{
|
||||
print '<form name="update" action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="fileid" value="'.$fileid.'">';
|
||||
print '<input type="hidden" name="action" value="update">';
|
||||
}
|
||||
|
||||
@ -228,6 +228,7 @@ dol_fiche_head($head, 'card', $langs->trans("ECMSectionManual"));
|
||||
if ($_GET["action"] == 'edit')
|
||||
{
|
||||
print '<form name="update" action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="section" value="'.$section.'">';
|
||||
print '<input type="hidden" name="action" value="update">';
|
||||
}
|
||||
|
||||
@ -140,6 +140,7 @@ print '<table class="nobordernopadding" width="100%"><tr><td valign="top">';
|
||||
//print_fiche_titre($langs->trans("ECMSectionsManual"));
|
||||
|
||||
print '<form method="post" action="'.DOL_URL_ROOT.'/ecm/search.php">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<table class="nobordernopadding" width="100%">';
|
||||
print "<tr class=\"liste_titre\">";
|
||||
print '<td colspan="2">'.$langs->trans("ECMSearchByKeywords").'</td></tr>';
|
||||
@ -153,6 +154,7 @@ print "</table></form>";
|
||||
//print_fiche_titre($langs->trans("ECMSectionAuto"));
|
||||
|
||||
print '<form method="post" action="'.DOL_URL_ROOT.'/ecm/search.php">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<table class="noborder" width="100%">';
|
||||
print "<tr class=\"liste_titre\">";
|
||||
print '<td colspan="4">'.$langs->trans("ECMSearchByEntity").'</td></tr>';
|
||||
|
||||
@ -92,6 +92,7 @@ if ($_GET["action"] == 'create')
|
||||
$compteur = new EnergieCompteur($db, $user);
|
||||
|
||||
print '<form action="compteur.php" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="action" value="add">';
|
||||
|
||||
print '<table class="border" width="100%">';
|
||||
@ -156,6 +157,7 @@ else
|
||||
|
||||
$html = new Form($db);
|
||||
print '<form name="addvalue" action="compteur.php?id='.$compteur->id.'" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="action" value="addvalue">';
|
||||
print '<table class="border" width="100%">';
|
||||
|
||||
|
||||
@ -82,6 +82,7 @@ if ($_GET["id"] > 0)
|
||||
|
||||
$html = new Form($db);
|
||||
print '<form action="compteur_groupe.php?id='.$compteur->id.'" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="action" value="addvalue">';
|
||||
print '<table class="border" width="100%">';
|
||||
|
||||
|
||||
@ -71,6 +71,7 @@ if ($_GET["action"] == 'create')
|
||||
$html = new Form($db);
|
||||
|
||||
print '<form action="groupe.php" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="action" value="add">';
|
||||
|
||||
print '<table class="border" width="100%">';
|
||||
|
||||
Loading…
Reference in New Issue
Block a user