From 7749138a810a01470cb9327455b4f7be82498195 Mon Sep 17 00:00:00 2001
From: StephaneLesage <root@srv-dolibarr.ateis>
Date: Sat, 21 Nov 2020 13:28:37 +0100
Subject: [PATCH] Fix /categories/edit.php which used type parameter instead of
 object's type Do not read type parameter Security check, display error and
 exit Get type from category object

---
 htdocs/categories/edit.php       |  9 ++++++---
 htdocs/categories/info.php       |  7 ++++---
 htdocs/categories/photos.php     |  7 ++++---
 htdocs/categories/traduction.php |  4 ++--
 htdocs/categories/viewcat.php    | 14 ++------------
 5 files changed, 18 insertions(+), 23 deletions(-)

diff --git a/htdocs/categories/edit.php b/htdocs/categories/edit.php
index f4b7e12cc30..ba04cde0b54 100644
--- a/htdocs/categories/edit.php
+++ b/htdocs/categories/edit.php
@@ -35,7 +35,6 @@ $langs->load("categories");
 
 $id = GETPOST('id', 'int');
 $ref = GETPOST('ref', 'alphanohtml');
-$type = GETPOST('type', 'aZ09');		// Can be int or string
 $action = (GETPOST('action', 'aZ09') ?GETPOST('action', 'aZ09') : 'edit');
 $confirm = GETPOST('confirm');
 $cancel = GETPOST('cancel', 'alpha');
@@ -56,10 +55,14 @@ if ($id == "") {
 $result = restrictedArea($user, 'categorie', $id, '&category');
 
 $object = new Categorie($db);
-if ($id > 0) {
-	$result = $object->fetch($id);
+$result = $object->fetch($id, $label);
+if ($result <= 0) {
+	dol_print_error($db, $object->error); exit;
 }
 
+$type = $object->type;
+if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; // For backward compatibility
+
 $extrafields = new ExtraFields($db);
 $extrafields->fetch_name_optionals_label($object->table_element);
 
diff --git a/htdocs/categories/info.php b/htdocs/categories/info.php
index f64f3be8f9e..2dd0476c5cd 100644
--- a/htdocs/categories/info.php
+++ b/htdocs/categories/info.php
@@ -43,10 +43,11 @@ if ($user->socid) $socid = $user->socid;
 $result = restrictedArea($user, 'categorie', $id, '&category');
 
 $object = new Categorie($db);
-if (!$object->fetch($id) > 0) {
-	dol_print_error($db);
-	exit;
+$result = $object->fetch($id);
+if ($result <= 0) {
+	dol_print_error($db, $object->error); exit;
 }
+
 $type = $object->type;
 if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; // For backward compatibility
 
diff --git a/htdocs/categories/photos.php b/htdocs/categories/photos.php
index 73c7664f6c2..d09cf595620 100644
--- a/htdocs/categories/photos.php
+++ b/htdocs/categories/photos.php
@@ -38,7 +38,6 @@ $langs->loadlangs(array('categories', 'bills'));
 
 $id      = GETPOST('id', 'int');
 $label   = GETPOST('label', 'alpha');
-$type    = GETPOST('type');
 $action  = GETPOST('action', 'aZ09');
 $confirm = GETPOST('confirm');
 
@@ -52,7 +51,7 @@ if ($id == '' && $label == '')
 $result = restrictedArea($user, 'categorie', $id, '&category');
 
 $object = new Categorie($db);
-$result = $object->fetch($id, $label, $type);
+$result = $object->fetch($id, $label);
 if ($result <= 0) {
 	dol_print_error($db, $object->error); exit;
 }
@@ -60,10 +59,12 @@ $object->fetch_optionals();
 if ($result <= 0) {
 	dol_print_error($db, $object->error); exit;
 }
-$upload_dir = $conf->categorie->multidir_output[$object->entity];
 
+$type = $object->type;
 if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; // For backward compatibility
 
+$upload_dir = $conf->categorie->multidir_output[$object->entity];
+
 /*
  * Actions
  */
diff --git a/htdocs/categories/traduction.php b/htdocs/categories/traduction.php
index 423819c49ac..825f52f5b80 100644
--- a/htdocs/categories/traduction.php
+++ b/htdocs/categories/traduction.php
@@ -39,7 +39,6 @@ $id     = GETPOST('id', 'int');
 $label  = GETPOST('label', 'alpha');
 $action = GETPOST('action', 'aZ09');
 $cancel = GETPOST('cancel', 'alpha');
-$type   = GETPOST('type', 'aZ09');
 
 if ($id == '' && $label == '')
 {
@@ -51,7 +50,7 @@ if ($id == '' && $label == '')
 $result = restrictedArea($user, 'categorie', $id, '&category');
 
 $object = new Categorie($db);
-$result = $object->fetch($id, $label, $type);
+$result = $object->fetch($id, $label);
 if ($result <= 0) {
 	dol_print_error($db, $object->error); exit;
 }
@@ -60,6 +59,7 @@ if ($result <= 0) {
 	dol_print_error($db, $object->error); exit;
 }
 
+$type = $object->type;
 if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; // For backward compatibility
 
 /*
diff --git a/htdocs/categories/viewcat.php b/htdocs/categories/viewcat.php
index 864de6e2e98..5503a7977be 100644
--- a/htdocs/categories/viewcat.php
+++ b/htdocs/categories/viewcat.php
@@ -38,7 +38,6 @@ $langs->load("categories");
 
 $id         = GETPOST('id', 'int');
 $label      = GETPOST('label', 'alpha');
-$type       = GETPOST('type', 'aZ09');
 $removeelem = GETPOST('removeelem', 'int');
 $elemid     = GETPOST('elemid', 'int');
 
@@ -73,7 +72,7 @@ if ($id == "" && $label == "")
 $result = restrictedArea($user, 'categorie', $id, '&category');
 
 $object = new Categorie($db);
-$result = $object->fetch($id, $label, $type);
+$result = $object->fetch($id, $label);
 if ($result <= 0) {
 	dol_print_error($db, $object->error); exit;
 }
@@ -82,10 +81,7 @@ if ($result <= 0) {
 	dol_print_error($db, $object->error); exit;
 }
 
-$objecttype = $object->type;
-if (is_numeric($objecttype)) $objecttype = Categorie::$MAP_ID_TO_CODE[$objecttype];
-if ($type === '') $type = $objecttype;
-
+$type = $object->type;
 if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; // For backward compatibility
 
 $extrafields = new ExtraFields($db);
@@ -94,12 +90,6 @@ $extrafields->fetch_name_optionals_label($object->table_element);
 // Initialize technical object to manage hooks. Note that conf->hooks_modules contains array array
 $hookmanager->initHooks(array('categorycard', 'globalcard'));
 
-// Protection when type provided is not similare to type of category
-if ($objecttype != $type) {
-	print 'Error: Value for type parameter does not match value of the type of the category with id='.$id;
-	exit;
-}
-
 /*
  *	Actions
  */