Fix security check on public pages

2021-06-13 20:37:53 +02:00 · 2021-06-13 20:37:53 +02:00 · 465ee6e643
commit 465ee6e643
parent 3eea92c6e6
4 changed files with 20 additions and 6 deletions
--- a/htdocs/public/project/index.php
+++ b/htdocs/public/project/index.php
@ -94,6 +94,12 @@ if ($resultproject < 0) {
 	$errmsg .= $project->error;
 }

+// Security check
+if (empty($conf->projet->enabled)) {
+	accessforbidden('', 0, 0, 1);
+}
+
+
 /*
 * Actions
 */
--- a/htdocs/public/project/new.php
+++ b/htdocs/public/project/new.php
@ -67,11 +67,6 @@ $action = GETPOST('action', 'aZ09');
 // Load translation files
 $langs->loadLangs(array("members", "companies", "install", "other"));

-// Security check
-if (empty($conf->projet->enabled)) {
-	accessforbidden('', 0, 0, 1);
-}
-
 if (empty($conf->global->PROJECT_ENABLE_PUBLIC)) {
 	print $langs->trans("Form for public lead registration has not been enabled");
 	exit;
@ -86,6 +81,11 @@ $object = new Project($db);

 $user->loadDefaultValues();

+// Security check
+if (empty($conf->projet->enabled)) {
+	accessforbidden('', 0, 0, 1);
+}
+

 /**
 * Show header for new member
--- a/htdocs/public/recruitment/index.php
+++ b/htdocs/public/recruitment/index.php
@ -55,7 +55,10 @@ $email = GETPOST('email', 'alpha');

 $object = new RecruitmentJobPosition($db);

-
+// Security check
+if (empty($conf->recruitement->enabled)) {
+	accessforbidden('', 0, 0, 1);
+}


 /*
--- a/htdocs/public/recruitment/view.php
+++ b/htdocs/public/recruitment/view.php
@ -74,6 +74,11 @@ if (!$action) {
 //$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT;		// This is to use external domain name found into config file
 $urlwithroot = DOL_MAIN_URL_ROOT; // This is to use same domain name than current. For Paypal payment, we can use internal URL like localhost.

+// Security check
+if (empty($conf->recruitement->enabled)) {
+	accessforbidden('', 0, 0, 1);
+}
+

 /*
 * Actions