From 7749138a810a01470cb9327455b4f7be82498195 Mon Sep 17 00:00:00 2001 From: StephaneLesage Date: Sat, 21 Nov 2020 13:28:37 +0100 Subject: [PATCH 1/2] Fix /categories/edit.php which used type parameter instead of object's type Do not read type parameter Security check, display error and exit Get type from category object --- htdocs/categories/edit.php | 9 ++++++--- htdocs/categories/info.php | 7 ++++--- htdocs/categories/photos.php | 7 ++++--- htdocs/categories/traduction.php | 4 ++-- htdocs/categories/viewcat.php | 14 ++------------ 5 files changed, 18 insertions(+), 23 deletions(-) diff --git a/htdocs/categories/edit.php b/htdocs/categories/edit.php index f4b7e12cc30..ba04cde0b54 100644 --- a/htdocs/categories/edit.php +++ b/htdocs/categories/edit.php @@ -35,7 +35,6 @@ $langs->load("categories"); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alphanohtml'); -$type = GETPOST('type', 'aZ09'); // Can be int or string $action = (GETPOST('action', 'aZ09') ?GETPOST('action', 'aZ09') : 'edit'); $confirm = GETPOST('confirm'); $cancel = GETPOST('cancel', 'alpha'); @@ -56,10 +55,14 @@ if ($id == "") { $result = restrictedArea($user, 'categorie', $id, '&category'); $object = new Categorie($db); -if ($id > 0) { - $result = $object->fetch($id); +$result = $object->fetch($id, $label); +if ($result <= 0) { + dol_print_error($db, $object->error); exit; } +$type = $object->type; +if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; // For backward compatibility + $extrafields = new ExtraFields($db); $extrafields->fetch_name_optionals_label($object->table_element); diff --git a/htdocs/categories/info.php b/htdocs/categories/info.php index f64f3be8f9e..2dd0476c5cd 100644 --- a/htdocs/categories/info.php +++ b/htdocs/categories/info.php @@ -43,10 +43,11 @@ if ($user->socid) $socid = $user->socid; $result = restrictedArea($user, 'categorie', $id, '&category'); $object = new Categorie($db); -if (!$object->fetch($id) > 0) { - dol_print_error($db); - exit; +$result = $object->fetch($id); +if ($result <= 0) { + dol_print_error($db, $object->error); exit; } + $type = $object->type; if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; // For backward compatibility diff --git a/htdocs/categories/photos.php b/htdocs/categories/photos.php index 73c7664f6c2..d09cf595620 100644 --- a/htdocs/categories/photos.php +++ b/htdocs/categories/photos.php @@ -38,7 +38,6 @@ $langs->loadlangs(array('categories', 'bills')); $id = GETPOST('id', 'int'); $label = GETPOST('label', 'alpha'); -$type = GETPOST('type'); $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm'); @@ -52,7 +51,7 @@ if ($id == '' && $label == '') $result = restrictedArea($user, 'categorie', $id, '&category'); $object = new Categorie($db); -$result = $object->fetch($id, $label, $type); +$result = $object->fetch($id, $label); if ($result <= 0) { dol_print_error($db, $object->error); exit; } @@ -60,10 +59,12 @@ $object->fetch_optionals(); if ($result <= 0) { dol_print_error($db, $object->error); exit; } -$upload_dir = $conf->categorie->multidir_output[$object->entity]; +$type = $object->type; if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; // For backward compatibility +$upload_dir = $conf->categorie->multidir_output[$object->entity]; + /* * Actions */ diff --git a/htdocs/categories/traduction.php b/htdocs/categories/traduction.php index 423819c49ac..825f52f5b80 100644 --- a/htdocs/categories/traduction.php +++ b/htdocs/categories/traduction.php @@ -39,7 +39,6 @@ $id = GETPOST('id', 'int'); $label = GETPOST('label', 'alpha'); $action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); -$type = GETPOST('type', 'aZ09'); if ($id == '' && $label == '') { @@ -51,7 +50,7 @@ if ($id == '' && $label == '') $result = restrictedArea($user, 'categorie', $id, '&category'); $object = new Categorie($db); -$result = $object->fetch($id, $label, $type); +$result = $object->fetch($id, $label); if ($result <= 0) { dol_print_error($db, $object->error); exit; } @@ -60,6 +59,7 @@ if ($result <= 0) { dol_print_error($db, $object->error); exit; } +$type = $object->type; if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; // For backward compatibility /* diff --git a/htdocs/categories/viewcat.php b/htdocs/categories/viewcat.php index 864de6e2e98..5503a7977be 100644 --- a/htdocs/categories/viewcat.php +++ b/htdocs/categories/viewcat.php @@ -38,7 +38,6 @@ $langs->load("categories"); $id = GETPOST('id', 'int'); $label = GETPOST('label', 'alpha'); -$type = GETPOST('type', 'aZ09'); $removeelem = GETPOST('removeelem', 'int'); $elemid = GETPOST('elemid', 'int'); @@ -73,7 +72,7 @@ if ($id == "" && $label == "") $result = restrictedArea($user, 'categorie', $id, '&category'); $object = new Categorie($db); -$result = $object->fetch($id, $label, $type); +$result = $object->fetch($id, $label); if ($result <= 0) { dol_print_error($db, $object->error); exit; } @@ -82,10 +81,7 @@ if ($result <= 0) { dol_print_error($db, $object->error); exit; } -$objecttype = $object->type; -if (is_numeric($objecttype)) $objecttype = Categorie::$MAP_ID_TO_CODE[$objecttype]; -if ($type === '') $type = $objecttype; - +$type = $object->type; if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; // For backward compatibility $extrafields = new ExtraFields($db); @@ -94,12 +90,6 @@ $extrafields->fetch_name_optionals_label($object->table_element); // Initialize technical object to manage hooks. Note that conf->hooks_modules contains array array $hookmanager->initHooks(array('categorycard', 'globalcard')); -// Protection when type provided is not similare to type of category -if ($objecttype != $type) { - print 'Error: Value for type parameter does not match value of the type of the category with id='.$id; - exit; -} - /* * Actions */ From 49225f3f57a2196915c2942cb43b2b1b8f79edbd Mon Sep 17 00:00:00 2001 From: StephaneLesage Date: Sat, 21 Nov 2020 15:57:11 +0100 Subject: [PATCH 2/2] Fix /categories/info.php navigation --- htdocs/categories/info.php | 7 ++++--- htdocs/categories/photos.php | 6 ------ htdocs/categories/traduction.php | 4 ---- htdocs/categories/viewcat.php | 7 +------ htdocs/core/lib/categories.lib.php | 2 +- 5 files changed, 6 insertions(+), 20 deletions(-) diff --git a/htdocs/categories/info.php b/htdocs/categories/info.php index 2dd0476c5cd..536b0c20a2c 100644 --- a/htdocs/categories/info.php +++ b/htdocs/categories/info.php @@ -37,13 +37,14 @@ $langs->loadLangs(array('categories', 'sendings')); $socid = 0; $id = GETPOST('id', 'int'); +$label = GETPOST('label', 'alpha'); // Security check if ($user->socid) $socid = $user->socid; $result = restrictedArea($user, 'categorie', $id, '&category'); $object = new Categorie($db); -$result = $object->fetch($id); +$result = $object->fetch($id, $label); if ($result <= 0) { dol_print_error($db, $object->error); exit; } @@ -64,11 +65,11 @@ llxHeader('', $langs->trans('Categories'), ''); $title = Categorie::$MAP_TYPE_TITLE_AREA[$type]; $head = categories_prepare_head($object, $type); - print dol_get_fiche_head($head, 'info', $langs->trans($title), -1, 'category'); + $backtolist = (GETPOST('backtolist') ? GETPOST('backtolist') : DOL_URL_ROOT.'/categories/index.php?leftmenu=cat&type='.$type); $linkback = ''.$langs->trans("BackToList").''; -$object->next_prev_filter = ' type = '.$type; +$object->next_prev_filter = ' type = '.$object->type; $object->ref = $object->label; $morehtmlref = '
'.$langs->trans("Root").' >> '; $ways = $object->print_all_ways(" >> ", '', 1); diff --git a/htdocs/categories/photos.php b/htdocs/categories/photos.php index d09cf595620..6bb5d79980c 100644 --- a/htdocs/categories/photos.php +++ b/htdocs/categories/photos.php @@ -55,10 +55,6 @@ $result = $object->fetch($id, $label); if ($result <= 0) { dol_print_error($db, $object->error); exit; } -$object->fetch_optionals(); -if ($result <= 0) { - dol_print_error($db, $object->error); exit; -} $type = $object->type; if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; // For backward compatibility @@ -116,8 +112,6 @@ if ($object->id) $title = Categorie::$MAP_TYPE_TITLE_AREA[$type]; $head = categories_prepare_head($object, $type); - - print dol_get_fiche_head($head, 'photos', $langs->trans($title), -1, 'category'); $linkback = ''.$langs->trans("BackToList").''; diff --git a/htdocs/categories/traduction.php b/htdocs/categories/traduction.php index 825f52f5b80..898484d0d51 100644 --- a/htdocs/categories/traduction.php +++ b/htdocs/categories/traduction.php @@ -54,10 +54,6 @@ $result = $object->fetch($id, $label); if ($result <= 0) { dol_print_error($db, $object->error); exit; } -$object->fetch_optionals(); -if ($result <= 0) { - dol_print_error($db, $object->error); exit; -} $type = $object->type; if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; // For backward compatibility diff --git a/htdocs/categories/viewcat.php b/htdocs/categories/viewcat.php index 5503a7977be..20f54a40788 100644 --- a/htdocs/categories/viewcat.php +++ b/htdocs/categories/viewcat.php @@ -76,10 +76,6 @@ $result = $object->fetch($id, $label); if ($result <= 0) { dol_print_error($db, $object->error); exit; } -$object->fetch_optionals(); -if ($result <= 0) { - dol_print_error($db, $object->error); exit; -} $type = $object->type; if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; // For backward compatibility @@ -216,9 +212,8 @@ llxHeader("", $langs->trans("Categories"), $helpurl, '', 0, 0, $arrayofjs, $arra $title = Categorie::$MAP_TYPE_TITLE_AREA[$type]; $head = categories_prepare_head($object, $type); - - print dol_get_fiche_head($head, 'card', $langs->trans($title), -1, 'category'); + $backtolist = (GETPOST('backtolist') ? GETPOST('backtolist') : DOL_URL_ROOT.'/categories/index.php?leftmenu=cat&type='.$type); $linkback = ''.$langs->trans("BackToList").''; $object->next_prev_filter = ' type = '.$object->type; diff --git a/htdocs/core/lib/categories.lib.php b/htdocs/core/lib/categories.lib.php index e900e6ff424..f6942cb5265 100644 --- a/htdocs/core/lib/categories.lib.php +++ b/htdocs/core/lib/categories.lib.php @@ -57,7 +57,7 @@ function categories_prepare_head(Categorie $object, $type) $h++; } - $head[$h][0] = DOL_URL_ROOT.'/categories/info.php?id='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/categories/info.php?id='.$object->id.'&type='.$type; $head[$h][1] = $langs->trans("Info"); $head[$h][2] = 'info'; $h++;