lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add confirm_validate and confirm_close as sensitive actions

Browse Source
This commit is contained in:
Laurent Destailleur 2021-09-18 18:36:45 +02:00
parent f0547438f8
commit 858a5ab188
3 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
htdocs/main.inc.php
View File

@ -465,6 +465,7 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->gl
$arrayofactiontoforcetokencheck = array(
'activate', 'add', 'addrights', 'addtimespent',
'confirm_create_user', 'confirm_create_thirdparty', 'confirm_delete', 'confirm_deletedir', 'confirm_deletefile', 'confirm_purge', 'confirm_reject_check',
'confirm_validate', 'confirm_close',
'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'delrights',
'disable',
'doprev', 'donext', 'dvprev', 'dvnext',

2
htdocs/recruitment/recruitmentcandidature_card.php
View File

@ -567,7 +567,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
if ($object->status == $object::STATUS_DRAFT) {
if ($permissiontoadd) {
if (empty($object->table_element_line) || (is_array($object->lines) && count($object->lines) > 0)) {
print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_validate&confirm=yes">'.$langs->trans("Validate").'</a>';
print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_validate&token='.newToken().'&confirm=yes">'.$langs->trans("Validate").'</a>';
} else {
$langs->load("errors");
print '<a class="butActionRefused" href="" title="'.$langs->trans("ErrorAddAtLeastOneLineFirst").'">'.$langs->trans("Validate").'</a>';

2
htdocs/recruitment/recruitmentjobposition_card.php
View File

@ -466,7 +466,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
if ($object->status == $object::STATUS_DRAFT) {
if ($permissiontoadd) {
if (empty($object->table_element_line) || (is_array($object->lines) && count($object->lines) > 0)) {
print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_validate&confirm=yes">'.$langs->trans("Validate").'</a>';
print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_validate&token='.newToken().'&confirm=yes">'.$langs->trans("Validate").'</a>';
} else {
$langs->load("errors");
print '<a class="butActionRefused" href="" title="'.$langs->trans("ErrorAddAtLeastOneLineFirst").'">'.$langs->trans("Validate").'</a>';