lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Missing container type 'menu'

Browse Source 
Fix: Add security if container is not a page
This commit is contained in:
Laurent Destailleur 2019-11-12 13:55:46 +01:00
parent 528823140d
commit 2c718af26c
4 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
htdocs/core/website.inc.php
View File

@ -1,5 +1,5 @@
<?php
/* Copyright (C) 2017-2018 Laurent Destailleur <eldy@users.sourceforge.net>
/* Copyright (C) 2017-2019 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -51,6 +51,14 @@ if (! is_object($websitepage))
if ($pageid > 0)
{
$websitepage->fetch($pageid);
if (! defined('USEDOLIBARREDITOR') && in_array($websitepage->type_container, array('menu', 'other')))
{
$weblangs->load("website");
http_response_code(404);
print '<center><br><br>'.$weblangs->trans("YouTryToAccessToAFileThatIsNotAWebsitePage").'</center>';
exit;
}
}
// A lang was forced, so we change weblangs init

1
htdocs/install/mysql/data/llx_c_type_container.sql
View File

@ -33,5 +33,6 @@
insert into llx_c_type_container (code,label,module,active) values ('page', 'Page', 'system', 1);
insert into llx_c_type_container (code,label,module,active) values ('banner', 'Banner', 'system', 1);
insert into llx_c_type_container (code,label,module,active) values ('blogpost', 'BlogPost', 'system', 1);
insert into llx_c_type_container (code,label,module,active) values ('menu', 'Menu', 'system', 1);
insert into llx_c_type_container (code,label,module,active) values ('other', 'Other', 'system', 1);

2
htdocs/install/mysql/migration/10.0.0-11.0.0.sql
View File

@ -51,6 +51,8 @@ ALTER TABLE llx_adherent_type ADD UNIQUE INDEX uk_adherent_type_libelle (libelle
-- For v11
insert into llx_c_type_container (code,label,module,active) values ('menu', 'Menu', 'system', 1);
INSERT INTO llx_c_ticket_type (code, pos, label, active, use_default, description) VALUES('HELP', '15', 'Request for functionnal help', 1, 0, NULL);
ALTER TABLE llx_don ADD COLUMN fk_user_modif integer;

3
htdocs/langs/en_US/website.lang
View File

@ -118,4 +118,5 @@ EditInLineOnOff=Mode 'Edit inline' is %s
ShowSubContainersOnOff=Mode to execute 'dynamic content' is %s
GlobalCSSorJS=Global CSS/JS/Header file of web site
BackToHomePage=Back to home page...
TranslationLinks=Translation links
TranslationLinks=Translation links
YouTryToAccessToAFileThatIsNotAWebsitePage=You try to access to a page that is not a website page