Fix management of token
This commit is contained in:
Laurent Destailleur
parent
d38c6616e6
commit
8e1ffa5144
@ -16,11 +16,17 @@
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
/**
|
||||
|
||||
/**
|
||||
* \file htdocs/compta/accounting-files.php
|
||||
* \ingroup compta
|
||||
* \brief Page to show portoflio and files of a thirdparty and download it
|
||||
*/
|
||||
|
||||
if ($_GET['action'] == 'dl' || $_POST['action'] == 'dl') { // To not replace token when downloading file
|
||||
if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1');
|
||||
}
|
||||
|
||||
require '../main.inc.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
|
||||
@ -106,7 +112,7 @@ $error = 0;
|
||||
|
||||
$filesarray = array();
|
||||
$result = false;
|
||||
if (($action == "searchfiles" || $action == "dl")) {
|
||||
if (($action == 'searchfiles' || $action == 'dl')) {
|
||||
if (empty($date_start))
|
||||
{
|
||||
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("DateStart")), null, 'errors');
|
||||
@ -459,7 +465,7 @@ if (!empty($date_start) && !empty($date_stop))
|
||||
$param .= '&date_stopyear='.GETPOST('date_stopyear', 'int');
|
||||
|
||||
print '<form name="dl" action="?action=dl" method="POST" >'."\n";
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="token" value="'.currentToken().'">';
|
||||
|
||||
echo dol_print_date($date_start, 'day')." - ".dol_print_date($date_stop, 'day');
|
||||
|
||||
|
||||
@ -8574,7 +8574,8 @@ function isAFileWithExecutableContent($filename)
|
||||
}
|
||||
|
||||
/**
|
||||
* Return new session token
|
||||
* Return the value of token currently saved into session with name 'newtoken'.
|
||||
* This token must be send by any POST as it will be used by next page for comparison with value in session.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
@ -8582,3 +8583,13 @@ function newToken()
|
||||
{
|
||||
return $_SESSION['newtoken'];
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the value of token currently saved into session with name 'token'.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function currentToken()
|
||||
{
|
||||
return $_SESSION['token'];
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user