lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix missing token

Browse Source
This commit is contained in:
Laurent Destailleur 2019-07-02 15:00:17 +02:00
parent 8a25c854e9
commit 3b0f1c733f
7 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
htdocs/core/boxes/box_graph_invoices_permonth.php
View File

@ -224,6 +224,7 @@ class box_graph_invoices_permonth extends ModeleBoxes
</script>';
$stringtoshow.='<div class="center hideobject" id="idfilter'.$this->boxcode.'">'; // hideobject is to start hidden
$stringtoshow.='<form class="flat formboxfilter" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
$stringtoshow.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
$stringtoshow.='<input type="hidden" name="action" value="'.$refreshaction.'">';
$stringtoshow.='<input type="hidden" name="page_y" value="">';
$stringtoshow.='<input type="hidden" name="DOL_AUTOSET_COOKIE" value="DOLUSERCOOKIE_box_'.$this->boxcode.':year,shownb,showtot">';

1
htdocs/core/boxes/box_graph_invoices_supplier_permonth.php
View File

@ -221,6 +221,7 @@ class box_graph_invoices_supplier_permonth extends ModeleBoxes
</script>';
$stringtoshow.='<div class="center hideobject" id="idfilter'.$this->boxcode.'">'; // hideobject is to start hidden
$stringtoshow.='<form class="flat formboxfilter" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
$stringtoshow.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
$stringtoshow.='<input type="hidden" name="action" value="'.$refreshaction.'">';
$stringtoshow.='<input type="hidden" name="page_y" value="">';
$stringtoshow.='<input type="hidden" name="DOL_AUTOSET_COOKIE" value="DOLUSERCOOKIE_box_'.$this->boxcode.':year,shownb,showtot">';

1
htdocs/core/boxes/box_graph_orders_permonth.php
View File

@ -220,6 +220,7 @@ class box_graph_orders_permonth extends ModeleBoxes
</script>';
$stringtoshow.='<div class="center hideobject" id="idfilter'.$this->boxcode.'">'; // hideobject is to start hidden
$stringtoshow.='<form class="flat formboxfilter" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
$stringtoshow.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
$stringtoshow.='<input type="hidden" name="action" value="'.$refreshaction.'">';
$stringtoshow.='<input type="hidden" name="page_y" value="">';
$stringtoshow.='<input type="hidden" name="DOL_AUTOSET_COOKIE" value="DOLUSERCOOKIE_box_'.$this->boxcode.':year,shownb,showtot">';

1
htdocs/core/boxes/box_graph_orders_supplier_permonth.php
View File

@ -219,6 +219,7 @@ class box_graph_orders_supplier_permonth extends ModeleBoxes
</script>';
$stringtoshow.='<div class="center hideobject" id="idfilter'.$this->boxcode.'">'; // hideobject is to start hidden
$stringtoshow.='<form class="flat formboxfilter" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
$stringtoshow.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
$stringtoshow.='<input type="hidden" name="action" value="'.$refreshaction.'">';
$stringtoshow.='<input type="hidden" name="page_y" value="">';
$stringtoshow.='<input type="hidden" name="DOL_AUTOSET_COOKIE" value="DOLUSERCOOKIE_box_'.$this->boxcode.':year,shownb,showtot">';

1
htdocs/core/boxes/box_graph_product_distribution.php
View File

@ -338,6 +338,7 @@ class box_graph_product_distribution extends ModeleBoxes
</script>';
$stringtoshow.='<div class="center hideobject" id="idfilter'.$this->boxcode.'">'; // hideobject is to start hidden
$stringtoshow.='<form class="flat formboxfilter" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
$stringtoshow.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
$stringtoshow.='<input type="hidden" name="action" value="'.$refreshaction.'">';
$stringtoshow.='<input type="hidden" name="page_y" value="">';
$stringtoshow.='<input type="hidden" name="DOL_AUTOSET_COOKIE" value="DOLUSERCOOKIE_box_'.$this->boxcode.':year,showinvoicenb,showpropalnb,showordernb">';

1
htdocs/core/boxes/box_graph_propales_permonth.php
View File

@ -223,6 +223,7 @@ class box_graph_propales_permonth extends ModeleBoxes
</script>';
$stringtoshow.='<div class="center hideobject divboxfilter" id="idfilter'.$this->boxcode.'">'; // hideobject is to start hidden
$stringtoshow.='<form class="flat formboxfilter" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
$stringtoshow.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
$stringtoshow.='<input type="hidden" name="action" value="'.$refreshaction.'">';
$stringtoshow.='<input type="hidden" name="page_y" value="">';
$stringtoshow.='<input type="hidden" name="DOL_AUTOSET_COOKIE" value="DOLUSERCOOKIE_box_'.$this->boxcode.':year,shownb,showtot">';

1
htdocs/main.inc.php
View File

@ -374,6 +374,7 @@ if (! defined('NOTOKENRENEWAL'))
//var_dump(GETPOST('token').' '.$_SESSION['token'].' - '.$_SESSION['newtoken'].' '.$_SERVER['SCRIPT_FILENAME']);
// Check token
//var_dump((! defined('NOCSRFCHECK')).' '.empty($dolibarr_nocsrfcheck).' '.(! empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN)).' '.$_SERVER['REQUEST_METHOD'].' '.(! GETPOSTISSET('token')));
if ((! defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && ! empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN))
|| defined('CSRFCHECK_WITH_TOKEN')) // Check validity of token, only if option MAIN_SECURITY_CSRF_WITH_TOKEN enabled or if constant CSRFCHECK_WITH_TOKEN is set
{