From 6c54ea925bb8216e847ba01522fc5e8911bc7057 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 22 Dec 2018 17:42:33 +0100 Subject: [PATCH] Add token into confirm link so we will be able to check we accept the confirmation on interface for critical actions --- htdocs/core/class/html.form.class.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 25874e9336e..7c3e591ae05 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -3991,7 +3991,7 @@ class Form closeOnEscape: false, buttons: { "'.dol_escape_js($langs->transnoentities("Yes")).'": function() { - var options=""; + var options = "token='.urlencode($_SESSION['newtoken']).'"; var inputok = '.json_encode($inputok).'; var pageyes = "'.dol_escape_js(! empty($pageyes)?$pageyes:'').'"; if (inputok.length>0) { @@ -4002,7 +4002,6 @@ class Form var inputvalue = $("#" + inputname + more).val(); if (typeof inputvalue == "undefined") { inputvalue=""; } options += "&" + inputname + "=" + encodeURIComponent(inputvalue); - options += "&token=" + encodeURIComponent('.$_SESSION['newtoken'].') }); } var urljump = pageyes + (pageyes.indexOf("?") < 0 ? "?" : "") + options; @@ -4011,7 +4010,7 @@ class Form $(this).dialog("close"); }, "'.dol_escape_js($langs->transnoentities("No")).'": function() { - var options = ""; + var options = "token='.urlencode($_SESSION['newtoken']).'"; var inputko = '.json_encode($inputko).'; var pageno="'.dol_escape_js(! empty($pageno)?$pageno:'').'"; if (inputko.length>0) {