Fix protect public pages

htdocs/public/cron/cron_run_jobs_by_url.php

@@ -67,6 +67,10 @@ global $langs, $conf;
 // Language Management
 $langs->loadLangs(array("admin", "cron", "dict"));
 
+// Security check
+if (empty($conf->cron->enabled)) {
+	accessforbidden('', 0, 0, 1);
+}
 
 
 

htdocs/public/cron/index.php

@@ -0,0 +1,27 @@
+<?php
+/* Copyright (C) 2009 Laurent Destailleur  <eldy@users.sourceforge.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+/**
+ *     	\file       htdocs/public/cron/index.php
+ *		\ingroup    core
+ *		\brief      A redirect page to an error
+ */
+
+require '../../master.inc.php';
+
+header("Location: ".DOL_URL_ROOT.'/public/error-404.php');
+exit;

htdocs/public/index.php

@@ -1,5 +1,5 @@
 <?php
-/* Copyright (C) 2009 Laurent Destailleur  <eldy@users.sourceforge.net>
+/* Copyright (C) 2009-2021 Laurent Destailleur  <eldy@users.sourceforge.net>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -18,7 +18,7 @@
 /**
  *     	\file       htdocs/public/index.php
  *		\ingroup    core
- *		\brief      A redirect page to an error
+ *		\brief      A redirect page to an error page
  */
 
 require '../master.inc.php';

htdocs/public/notice.php

@@ -1,5 +1,5 @@
 <?php
-/* Copyright (C) 2016-2020	Laurent Destailleur		<eldy@users.sourceforge.net>
+/* Copyright (C) 2016-2021	Laurent Destailleur		<eldy@users.sourceforge.net>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -17,10 +17,10 @@
 
 /**
  *	\file       htdocs/public/notice.php
- *	\brief      Dolibarr page to show a notice.
- *              Default notice is a message to say network connection is off or show another message.
- *              You can also call this page with URL:
- *                /public/notice.php?lang=xx_XX&transkey=translation_key  (key must be inside file main.lang, error.lang or other.lang)
+ *	\brief      Dolibarr public page to show a notice.
+ *              Default notice is a message to say network connection is off. Some parameters can be used to show another message.
+ *              You can call this page with URL:
+ *                /public/notice.php?lang=xx_XX&transkey=translation_key  		(key must be inside file main.lang, error.lang or other.lang)
  *                /public/notice.php?transphrase=url_encoded_sentence_to_show
  */
 

htdocs/public/ticket/create_ticket.php

@@ -75,6 +75,10 @@ $extrafields = new ExtraFields($db);
 
 $extrafields->fetch_name_optionals_label($object->table_element);
 
+if (empty($conf->ticket->enabled)) {
+	accessforbidden('', 0, 0, 1);
+}
+
 
 /*
  * Actions

htdocs/public/ticket/index.php

@@ -61,6 +61,10 @@ $langs->loadLangs(array('companies', 'other', 'ticket', 'errors'));
 $track_id = GETPOST('track_id', 'alpha');
 $action = GETPOST('action', 'aZ09');
 
+if (empty($conf->ticket->enabled)) {
+	accessforbidden('', 0, 0, 1);
+}
+
 
 /*
  * View

htdocs/public/ticket/list.php

@@ -70,6 +70,9 @@ if (isset($_SESSION['email_customer'])) {
 
 $object = new Ticket($db);
 
+if (empty($conf->ticket->enabled)) {
+	accessforbidden('', 0, 0, 1);
+}
 
 
 

htdocs/public/ticket/view.php

@@ -68,6 +68,10 @@ if (isset($_SESSION['email_customer'])) {
 
 $object = new ActionsTicket($db);
 
+if (empty($conf->ticket->enabled)) {
+	accessforbidden('', 0, 0, 1);
+}
+
 
 /*
  * Actions