lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix token

Browse Source
This commit is contained in:
Laurent Destailleur 2021-09-26 20:35:54 +02:00
parent 1436f0de7d
commit 4f6586d6a8
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/tpl/ajaxrow.tpl.php
View File

@ -66,7 +66,7 @@ $(document).ready(function(){
var fk_element = "<?php echo $fk_element; ?>";
var element_id = "<?php echo $id; ?>";
var filepath = "<?php echo urlencode($filepath); ?>";
var token = "<?php echo $_SESSION["token"]; ?>"; // We use old 'token' and not 'newtoken' for Ajax call because the ajax page has the NOTOKENRENEWAL constant set.
var token = "<?php echo currentToken(); ?>"; // We use old 'token' and not 'newtoken' for Ajax call because the ajax page has the NOTOKENRENEWAL constant set.
$.post("<?php echo DOL_URL_ROOT; ?>/core/ajax/row.php",
{
roworder: roworder,

5
htdocs/ecm/tpl/enablefiletreeajax.tpl.php
View File

@ -16,6 +16,7 @@
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* Output javascript for interactions code of ecm module
* $conf, $module, $param, $preopened, $nameforformuserfile may be defined
*/
// Protection to avoid direct call of template
@ -47,8 +48,8 @@ $(document).ready(function() {
$('#filetree').fileTree({
root: '<?php print dol_escape_js($openeddir); ?>',
// Ajax called if we click to expand a dir (not a file). Parameter 'dir' is provided as a POST parameter by fileTree code to this following URL.
// We must use token=$_SESSION['token'] and not token=$_SESSION['newtoken'] here because ajaxdirtree has NOTOKENRENEWAL define so there is no rollup of token so we must compare with the one valid on main page
script: '<?php echo DOL_URL_ROOT.'/core/ajax/ajaxdirtree.php?token='.urlencode($_SESSION['token']).'&modulepart='.urlencode($module).(empty($preopened) ? '' : '&preopened='.urlencode($preopened)).'&openeddir='.urlencode($openeddir).(empty($paramwithoutsection) ? '' : $paramwithoutsection); ?>',
// We must use token=currentToken() and not newToken() here because ajaxdirtree has NOTOKENRENEWAL define so there is no rollup of token so we must compare with the one valid on main page
script: '<?php echo DOL_URL_ROOT.'/core/ajax/ajaxdirtree.php?token='.currentToken().'&modulepart='.urlencode($module).(empty($preopened) ? '' : '&preopened='.urlencode($preopened)).'&openeddir='.urlencode($openeddir).(empty($paramwithoutsection) ? '' : $paramwithoutsection); ?>',
folderEvent: 'click', // 'dblclick'
multiFolder: false },
// Called if we click on a file (not a dir)