From 6111f4394660511ec3c554e110f00b271046a2f0 Mon Sep 17 00:00:00 2001 From: Dorian Vabre Date: Fri, 7 May 2021 14:49:00 +0200 Subject: [PATCH] security fix, id was encoded where it should not be encoded --- htdocs/langs/en_US/eventorganization.lang | 1 + htdocs/public/project/suggestbooth.php | 3 +-- htdocs/public/project/suggestconference.php | 3 +-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/htdocs/langs/en_US/eventorganization.lang b/htdocs/langs/en_US/eventorganization.lang index 97293f3cbb0..97090c343cf 100644 --- a/htdocs/langs/en_US/eventorganization.lang +++ b/htdocs/langs/en_US/eventorganization.lang @@ -98,6 +98,7 @@ EvntOrgCancelled = Cancelled # SuggestForm = Suggestion page RegisterPage = Page for conferences or booth +EvntOrgRegistrationHelpMessage = Here, you can vote for an event, or suggest a new conference or booth for the project EvntOrgRegistrationConfHelpMessage = Here, you can suggest a new conference for the project EvntOrgRegistrationBoothHelpMessage = Here, you can suggest a new booth for the project ListOfSuggestedConferences = List of suggested conferences diff --git a/htdocs/public/project/suggestbooth.php b/htdocs/public/project/suggestbooth.php index ecaf524c034..71663a7f15c 100644 --- a/htdocs/public/project/suggestbooth.php +++ b/htdocs/public/project/suggestbooth.php @@ -496,9 +496,8 @@ if (empty($reshook) && $action == 'add') { } if (!$error) { $db->commit(); - $encodedid = dol_encode($id, $dolibarr_main_instance_unique_id); $securekeyurl = dol_hash($conf->global->EVENTORGANIZATION_SECUREKEY.'conferenceorbooth'.$id, 2); - $redirection = $dolibarr_main_url_root.'/public/eventorganization/subscriptionok.php?id='.$encodedid.'&securekey='.$securekeyurl; + $redirection = $dolibarr_main_url_root.'/public/eventorganization/subscriptionok.php?id='.$id.'&securekey='.$securekeyurl; Header("Location: ".$redirection); exit; } else { diff --git a/htdocs/public/project/suggestconference.php b/htdocs/public/project/suggestconference.php index 53dc9581d9a..844641fc4cf 100644 --- a/htdocs/public/project/suggestconference.php +++ b/htdocs/public/project/suggestconference.php @@ -430,9 +430,8 @@ if (empty($reshook) && $action == 'add') { } if (!$error) { $db->commit(); - $encodedid = dol_encode($id, $dolibarr_main_instance_unique_id); $securekeyurl = dol_hash($conf->global->EVENTORGANIZATION_SECUREKEY.'conferenceorbooth'.$id, 2); - $redirection = $dolibarr_main_url_root.'/public/eventorganization/subscriptionok.php?id='.$encodedid.'&securekey='.$securekeyurl; + $redirection = $dolibarr_main_url_root.'/public/eventorganization/subscriptionok.php?id='.$id.'&securekey='.$securekeyurl; Header("Location: ".$redirection); exit; } else {