lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sec: More security on public pages

Browse Source
This commit is contained in:
Laurent Destailleur 2009-07-15 13:32:01 +00:00
parent 9b0c6dd059
commit 3d7199a8b5
12 changed files with 105 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
htdocs/public/bplc/bplc.php
View File

@ -1,5 +1,6 @@
<?php <?php
/* Copyright (C) 2002-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org> /* Copyright (C) 2002-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2009 Laurent Destailleur <eldy@users.sourceforge.net>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -17,16 +18,23 @@
*/ */
/** /**
* \ingroup banque
* \brief Gestion du retour du systeme de Cyberpaiement * \brief Gestion du retour du systeme de Cyberpaiement
* Cette page est appellee par le serveur de la BPLC lors de l'utilisation * Cette page est appellee par le serveur de la BPLC lors de
* au systeme RSTS * l'utilisation au systeme RSTS.
* \version $Id$ * \version $Id$
*/ */
require("../../main.inc.php"); require("../../master.inc.php");
require_once(DOL_DOCUMENT_ROOT."/public/bplc/retourbplc.class.php"); require_once(DOL_DOCUMENT_ROOT."/public/bplc/retourbplc.class.php");
require_once(DOL_DOCUMENT_ROOT."/don.class.php"); require_once(DOL_DOCUMENT_ROOT."/don.class.php");
// Define lang object automatically using browser language
$langs->setDefaultLang('auto');
// Security check
if (empty($conf->banque->enabled)) accessforbidden('',1,1,1);
$retbplc = new Retourbplc($db); $retbplc = new Retourbplc($db);
@ -65,14 +73,14 @@ if($return)
* Validation de la commande * Validation de la commande
* *
*/ */
$don = new Don($db); $don = new Don($db);
$don_id = strstr($retbplc->ref_commande, 0, strlen($retbplc->ref_commande) -2); $don_id = strstr($retbplc->ref_commande, 0, strlen($retbplc->ref_commande) -2);
// 5 correspond au paiement en ligne voir table llx_c_paiement // 5 correspond au paiement en ligne voir table llx_c_paiement
$don->set_paye($don_id, 5); $don->set_paye($don_id, 5);
} }

19
htdocs/public/bplc/merci_code.php
View File

@ -17,13 +17,26 @@
*/ */
/** /**
* \version $Id$ * \file htdocs/public/bplc/merci_code.php
* \ingroup banque
* \brief File to offer a way to make a payment by BPLC
* \version $Id$
*/ */
require("../../master.inc.php");
require_once(DOL_DOCUMENT_ROOT."/public/bplc/retourbplc.class.php");
require_once(DOL_DOCUMENT_ROOT."/don.class.php");
// Define lang object automatically using browser language
$langs->setDefaultLang('auto');
// Security check
if (empty($conf->banque->enabled)) accessforbidden('',1,1,1);
if ($conf->don->onlinepayment) if ($conf->don->onlinepayment)
{ {
require(DOL_DOCUMENT_ROOT."public/bplc/cyberpaiement.class.php");
require(DOL_DOCUMENT_ROOT."../../cyberpaiement.class.php");
$cyberp = new Cyberpaiement($conf); $cyberp = new Cyberpaiement($conf);

13
htdocs/public/bplc/testretour.php
View File

@ -17,9 +17,20 @@
*/ */
/** /**
* \version $Id$ * \file htdocs/public/bplc/testretour.php
* \ingroup banque
* \brief Page to test the back link page bplc.php
* \version $Id$
*/ */
require("../../master.inc.php");
// Define lang object automatically using browser language
$langs->setDefaultLang('auto');
// Security check
if (empty($conf->banque->enabled)) accessforbidden('',1,1,1);
?> ?>
<form action="bplc.php" method="post"> <form action="bplc.php" method="post">

9
htdocs/public/demo/index.php
View File

@ -20,7 +20,7 @@
/** /**
* \file htdocs/public/demo/index.php * \file htdocs/public/demo/index.php
* \ingroup core * \ingroup core
* \brief File to access demo * \brief Entry page to access demo
* \author Laurent Destailleur * \author Laurent Destailleur
* \version $Id$ * \version $Id$
*/ */
@ -34,11 +34,8 @@ $langs->load("main");
$langs->load("other"); $langs->load("other");
// Security check // Security check
if (! empty($conf->global->MAIN_DEMO)) if (empty($conf->global->MAIN_DEMO)) accessforbidden('Constant MAIN_DEMO must be defined in Home->Setup->Misc to enable the demo entry page',1,1,1);
{
accessforbidden('Constant MAIN_DEMO must be defined in Home->Setup->Misc to enable the demo entry page',1,1,1);
exit;
}
$demoprofiles=array( $demoprofiles=array(
array('default'=>'-1', 'key'=>'profdemofun','label'=>'DemoFundation', array('default'=>'-1', 'key'=>'profdemofun','label'=>'DemoFundation',

15
htdocs/public/donations/donateurs_code.php
View File

@ -17,16 +17,29 @@
*/ */
/** /**
* \version $Id$ * \file htdocs/public/donations/donateurs_code.php
* \ingroup donation
* \brief Page to list donators
* \version $Id$
*/ */
require("../../master.inc.php"); require("../../master.inc.php");
require_once(DOL_DOCUMENT_ROOT ."/don.class.php"); require_once(DOL_DOCUMENT_ROOT ."/don.class.php");
// Define lang object automatically using browser language
$langs->setDefaultLang('auto'); $langs->setDefaultLang('auto');
// Security check
if (empty($conf->don->enabled)) accessforbidden('',1,1,1);
$langs->load("donations"); $langs->load("donations");
/*
* View
*/
$sql = "SELECT ".$db->pdate("d.datedon")." as datedon, d.nom, d.prenom, d.amount, d.public, d.societe"; $sql = "SELECT ".$db->pdate("d.datedon")." as datedon, d.nom, d.prenom, d.amount, d.public, d.societe";
$sql .= " FROM ".MAIN_DB_PREFIX."don as d"; $sql .= " FROM ".MAIN_DB_PREFIX."don as d";
$sql .= " WHERE d.fk_statut in (2, 3) ORDER BY d.datedon DESC"; $sql .= " WHERE d.fk_statut in (2, 3) ORDER BY d.datedon DESC";

19
htdocs/public/donations/therm.php
View File

@ -18,22 +18,27 @@
*/ */
/** /**
\file htdocs/public/donations/therm.php * \file htdocs/public/donations/therm.php
\ingroup donation * \ingroup donation
\brief Screen with thermometer * \brief Screen with thermometer
\version $Id$ * \version $Id$
*/ */
require("../../master.inc.php"); require("../../master.inc.php");
require_once(DOL_DOCUMENT_ROOT."/lib/images.lib.php"); require_once(DOL_DOCUMENT_ROOT."/lib/images.lib.php");
require_once(DOL_DOCUMENT_ROOT."/don.class.php"); require_once(DOL_DOCUMENT_ROOT."/don.class.php");
// Define lang object automatically using browser language
$langs->setDefaultLang('auto'); $langs->setDefaultLang('auto');
// Security check
if (empty($conf->don->enabled)) accessforbidden('',1,1,1);
/* /*
* View * View
*/ */
$dontherm = new Don($db); $dontherm = new Don($db);
$intentValue = $dontherm->sum_donations(1); $intentValue = $dontherm->sum_donations(1);

3
htdocs/public/members/new.php
View File

@ -34,6 +34,9 @@ require_once(DOL_DOCUMENT_ROOT."/html.form.class.php");
// Define lang object automatically using browser language // Define lang object automatically using browser language
$langs->setDefaultLang('auto'); $langs->setDefaultLang('auto');
// Security check
if (empty($conf->adherent->enabled)) accessforbidden('',1,1,1);
// Load translation files // Load translation files
$langs->load("main"); $langs->load("main");
$langs->load("members"); $langs->load("members");

10
htdocs/public/members/public_card.php
View File

@ -1,7 +1,7 @@
<?php <?php
/* Copyright (C) 2001-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org> /* Copyright (C) 2001-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2002-2003 Jean-Louis Bergamo <jlb@j1b.org> * Copyright (C) 2002-2003 Jean-Louis Bergamo <jlb@j1b.org>
* Copyright (C) 2007-2008 Laurent Destailleur <eldy@users.sourceforge.net> * Copyright (C) 2007-2009 Laurent Destailleur <eldy@users.sourceforge.net>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -20,7 +20,8 @@
/** /**
* \file htdocs/public/members/priv_fiche.php * \file htdocs/public/members/priv_fiche.php
* \brief Fichier de gestion de la popup de selection de date eldy * \ingroup adherent
* \brief Fichier de gestion de la popup de selection de date eldy
* \version $Id$ * \version $Id$
*/ */
@ -29,8 +30,13 @@ require_once(DOL_DOCUMENT_ROOT."/adherents/adherent.class.php");
require_once(DOL_DOCUMENT_ROOT."/adherents/adherent_type.class.php"); require_once(DOL_DOCUMENT_ROOT."/adherents/adherent_type.class.php");
require_once(DOL_DOCUMENT_ROOT."/adherents/adherent_options.class.php"); require_once(DOL_DOCUMENT_ROOT."/adherents/adherent_options.class.php");
// Define lang object automatically using browser language
$langs->setDefaultLang('auto'); $langs->setDefaultLang('auto');
// Security check
if (empty($conf->adherent->enabled)) accessforbidden('',1,1,1);
$langs->load("main"); $langs->load("main");
$langs->load("members"); $langs->load("members");
$langs->load("companies"); $langs->load("companies");

16
htdocs/public/members/public_list.php
View File

@ -1,7 +1,7 @@
<?php <?php
/* Copyright (C) 2001-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org> /* Copyright (C) 2001-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2002-2003 Jean-Louis Bergamo <jlb@j1b.org> * Copyright (C) 2002-2003 Jean-Louis Bergamo <jlb@j1b.org>
* Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net> * Copyright (C) 2004-2009 Laurent Destailleur <eldy@users.sourceforge.net>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -19,15 +19,21 @@
*/ */
/** /**
\file htdocs/public/members/priv_liste.php * \file htdocs/public/members/priv_liste.php
\brief File sample to list members * \ingroup adherent
\version $Id$ * \brief File sample to list members
*/ * \version $Id$
*/
require("../../master.inc.php"); require("../../master.inc.php");
// Define lang object automatically using browser language
$langs->setDefaultLang('auto'); $langs->setDefaultLang('auto');
// Security check
if (empty($conf->adherent->enabled)) accessforbidden('',1,1,1);
$langs->load("main"); $langs->load("main");
$langs->load("members"); $langs->load("members");
$langs->load("companies"); $langs->load("companies");

7
htdocs/public/paybox/newpayment.php
View File

@ -19,8 +19,8 @@
*/ */
/** /**
* \file htdocs/public/paybox/index.php * \file htdocs/public/paybox/newpayment.php
* \ingroup core * \ingroup paybox
* \brief File to offer a way to make a payment for a particular Dolibarr entity * \brief File to offer a way to make a payment for a particular Dolibarr entity
* \author Laurent Destailleur * \author Laurent Destailleur
* \version $Id$ * \version $Id$
@ -57,6 +57,9 @@ require_once(DOL_DOCUMENT_ROOT."/product.class.php");
$langcode=(empty($_GET["lang"])?'auto':$_GET["lang"]); $langcode=(empty($_GET["lang"])?'auto':$_GET["lang"]);
$langs->setDefaultLang($langcode); $langs->setDefaultLang($langcode);
// Security check
if (empty($conf->paybox->enabled)) accessforbidden('',1,1,1);
$langs->load("main"); $langs->load("main");
$langs->load("other"); $langs->load("other");
$langs->load("paybox"); $langs->load("paybox");

5
htdocs/public/paybox/paymentko.php
View File

@ -19,7 +19,7 @@
/** /**
* \file htdocs/public/paybox/paymentok.php * \file htdocs/public/paybox/paymentok.php
* \ingroup core * \ingroup paybox
* \brief File to offer a way to make a payment for a particular Dolibarr entity * \brief File to offer a way to make a payment for a particular Dolibarr entity
* \author Laurent Destailleur * \author Laurent Destailleur
* \version $Id$ * \version $Id$
@ -32,6 +32,9 @@ require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
$langcode=(empty($_GET["lang"])?'auto':$_GET["lang"]); $langcode=(empty($_GET["lang"])?'auto':$_GET["lang"]);
$langs->setDefaultLang($langcode); $langs->setDefaultLang($langcode);
// Security check
if (empty($conf->paybox->enabled)) accessforbidden('',1,1,1);
$langs->load("main"); $langs->load("main");
$langs->load("other"); $langs->load("other");
$langs->load("paybox"); $langs->load("paybox");

6
htdocs/public/paybox/paymentok.php
View File

@ -19,7 +19,7 @@
/** /**
* \file htdocs/public/paybox/paymentok.php * \file htdocs/public/paybox/paymentok.php
* \ingroup core * \ingroup paybox
* \brief File to offer a way to make a payment for a particular Dolibarr entity * \brief File to offer a way to make a payment for a particular Dolibarr entity
* \author Laurent Destailleur * \author Laurent Destailleur
* \version $Id$ * \version $Id$
@ -32,6 +32,9 @@ require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
$langcode=(empty($_GET["lang"])?'auto':$_GET["lang"]); $langcode=(empty($_GET["lang"])?'auto':$_GET["lang"]);
$langs->setDefaultLang($langcode); $langs->setDefaultLang($langcode);
// Security check
if (empty($conf->paybox->enabled)) accessforbidden('',1,1,1);
$langs->load("main"); $langs->load("main");
$langs->load("other"); $langs->load("other");
$langs->load("paybox"); $langs->load("paybox");
@ -41,7 +44,6 @@ $langs->load("companies");
/* /*
* Actions * Actions
*/ */