lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security added to subscriptionok page

Browse Source
This commit is contained in:
Dorian Vabre 2021-04-20 10:56:45 +02:00
parent 3b17a0d66a
commit 5c490ca57e
2 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/public/eventorganization/attendee_subscription.php
View File

@ -349,7 +349,7 @@ if (empty($reshook) && $action == 'add') {
// No price has been set
// Validating the subscription
$confattendee->setStatut(1);
$redirection = $dolibarr_main_url_root.'/public/eventorganization/subscriptionok.php';
$redirection = $dolibarr_main_url_root.'/public/eventorganization/subscriptionok.php?idthirdparty='.dol_encode($thirdparty->id, $dolibarr_main_instance_unique_id).'&securekey='.dol_encode($conf->global->EVENTORGANIZATION_SECUREKEY, $dolibarr_main_instance_unique_id);
Header("Location: ".$redirection);
exit;
}

19
htdocs/public/eventorganization/subscriptionok.php
View File

@ -56,12 +56,29 @@ if (!empty($conf->paypal->enabled)) {
require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypalfunctions.lib.php';
}
global $dolibarr_main_instance_unique_id, $dolibarr_main_url_root, $mysoc;
$langs->loadLangs(array("main", "companies", "install", "other", "eventorganization"));
$object = new stdClass(); // For triggers
$error = 0;
// Security check
$securekey = dol_decode(GETPOST('securekey'), $dolibarr_main_instance_unique_id);
if ($securekey != $conf->global->EVENTORGANIZATION_SECUREKEY) {
print $langs->trans('MissingOrBadSecureKey');
exit;
}
$idthirdparty = dol_decode(GETPOST('idthirdparty'), $dolibarr_main_instance_unique_id);
$thirdparty = new Societe($db);
$resthirdparty = $thirdparty->fetch($idthirdparty);
if ($resthirdparty<0) {
$error++;
$errmsg .= $thirdparty->error;
}
/*
* Actions
@ -153,4 +170,4 @@ unset($_SESSION["TRANSACTIONID"]);
llxFooter('', 'public');
$db->close();
$db->close();