From 92b6425ce0832639c7e3f19e31199405f5634d27 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 18:20:07 +0200 Subject: [PATCH] Debug v14 --- htdocs/adherents/partnership.php | 6 ++- htdocs/langs/en_US/partnership.lang | 2 +- .../modulebuilder/template/myobject_card.php | 4 +- htdocs/partnership/partnership_card.php | 10 ++-- htdocs/societe/partnership.php | 48 +++++-------------- 5 files changed, 24 insertions(+), 46 deletions(-) diff --git a/htdocs/adherents/partnership.php b/htdocs/adherents/partnership.php index 5bdf758e84f..28b041240a3 100644 --- a/htdocs/adherents/partnership.php +++ b/htdocs/adherents/partnership.php @@ -510,20 +510,22 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea if (empty($reshook)) { if ($object->status == $object::STATUS_DRAFT) { - print dolGetButtonAction($langs->trans('Modify'), '', 'default', $_SERVER["PHP_SELF"].'?rowid='.$memberid.'&action=edit', '', $permissiontoadd); + print dolGetButtonAction($langs->trans('Modify'), '', 'default', $_SERVER["PHP_SELF"].'?rowid='.$memberid.'&action=edit&token='.newToken(), '', $permissiontoadd); } // Show if ($permissiontoadd) { - print dolGetButtonAction($langs->trans('ShowPartnership'), '', 'default', dol_buildpath('/partnership/partnership_card.php', 1).'?id='.$object->id, '', $permissiontoadd); + print dolGetButtonAction($langs->trans('ManagePartnership'), '', 'default', dol_buildpath('/partnership/partnership_card.php', 1).'?id='.$object->id, '', $permissiontoadd); } // Cancel + /* if ($permissiontoadd) { if ($object->status == $object::STATUS_ACCEPTED) { print dolGetButtonAction($langs->trans('Cancel'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=close&token='.newToken(), '', $permissiontoadd); } } + */ } print ''."\n"; } diff --git a/htdocs/langs/en_US/partnership.lang b/htdocs/langs/en_US/partnership.lang index 7decec2a003..6d0c7dc0ac9 100644 --- a/htdocs/langs/en_US/partnership.lang +++ b/htdocs/langs/en_US/partnership.lang @@ -50,7 +50,7 @@ DatePartnershipEnd=End date ReasonDecline=Decline reason ReasonDeclineOrCancel=Decline reason PartnershipAlreadyExist=Partnership already exist -ShowPartnership=Show partnership +ManagePartnership=Manage partnership BacklinkNotFoundOnPartnerWebsite=Backlink not found on partner website ConfirmClosePartnershipAsk=Are you sure you want to cancel this partnership? diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index 739596b5653..7111b59b582 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -489,7 +489,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea if (empty($reshook)) { // Send if (empty($user->socid)) { - print dolGetButtonAction($langs->trans('SendMail'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init#formmailbeforetitle'); + print dolGetButtonAction($langs->trans('SendMail'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init&token='.newToken().'#formmailbeforetitle'); } // Back to draft @@ -502,7 +502,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // Validate if ($object->status == $object::STATUS_DRAFT) { if (empty($object->table_element_line) || (is_array($object->lines) && count($object->lines) > 0)) { - print dolGetButtonAction($langs->trans('Validate'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_validate&confirm=yes', '', $permissiontoadd); + print dolGetButtonAction($langs->trans('Validate'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_validate&confirm=yes&token='.newToken(), '', $permissiontoadd); } else { $langs->load("errors"); print dolGetButtonAction($langs->trans("ErrorAddAtLeastOneLineFirst"), $langs->trans("Validate"), 'default', '#', '', 0); diff --git a/htdocs/partnership/partnership_card.php b/htdocs/partnership/partnership_card.php index f724ace839d..72e0bc22bdd 100644 --- a/htdocs/partnership/partnership_card.php +++ b/htdocs/partnership/partnership_card.php @@ -623,20 +623,20 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea if (empty($reshook)) { // Send if (empty($user->socid)) { - print dolGetButtonAction($langs->trans('SendMail'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init#formmailbeforetitle'); + print dolGetButtonAction($langs->trans('SendMail'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init&token='.newToken().'#formmailbeforetitle'); } // Back to draft if ($object->status != $object::STATUS_DRAFT) { - print dolGetButtonAction($langs->trans('SetToDraft'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=confirm_setdraft&confirm=yes', '', $permissiontoadd); + print dolGetButtonAction($langs->trans('SetToDraft'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=confirm_setdraft&confirm=yes&token='.newToken(), '', $permissiontoadd); } - print dolGetButtonAction($langs->trans('Modify'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit', '', $permissiontoadd); + print dolGetButtonAction($langs->trans('Modify'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit&token='.newToken(), '', $permissiontoadd); // Accept if ($object->status == $object::STATUS_DRAFT) { if (empty($object->table_element_line) || (is_array($object->lines) && count($object->lines) > 0)) { - print dolGetButtonAction($langs->trans('Validate'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_accept&confirm=yes', '', $permissiontoadd); + print dolGetButtonAction($langs->trans('Validate'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_accept&confirm=yes&token='.newToken(), '', $permissiontoadd); } else { $langs->load("errors"); print dolGetButtonAction($langs->trans("ErrorAddAtLeastOneLineFirst"), $langs->trans("Validate"), 'default', '#', '', 0); @@ -655,7 +655,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // Refuse if ($permissiontoadd) { - if ($object->status != $object::STATUS_CANCELED && $object->status != $object::STATUS_REFUSED) { + if ($object->status != $object::STATUS_ACCEPTED && $object->status != $object::STATUS_CANCELED && $object->status != $object::STATUS_REFUSED) { print dolGetButtonAction($langs->trans('Refuse'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=refuse&token='.newToken(), '', $permissiontoadd); } } diff --git a/htdocs/societe/partnership.php b/htdocs/societe/partnership.php index 0a5205799a9..6a45c657126 100644 --- a/htdocs/societe/partnership.php +++ b/htdocs/societe/partnership.php @@ -44,42 +44,13 @@ //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} - +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; -dol_include_once('/partnership/class/partnership.class.php'); -dol_include_once('/partnership/lib/partnership.lib.php'); +require_once DOL_DOCUMENT_ROOT.'/partnership/class/partnership.class.php'; +require_once DOL_DOCUMENT_ROOT.'/partnership/lib/partnership.lib.php'; // Load translation files required by the page $langs->loadLangs(array("companies","partnership", "other")); @@ -153,6 +124,11 @@ if (($action == 'update' || $action == 'edit') && $object->status != $object::ST if (empty($socid) && $object) { $socid = $object->fk_soc; } + +// Security check +$result = restrictedArea($user, 'societe', $socid, '&societe', '', 'fk_soc', 'rowid', 0); + + /* * Actions */ @@ -276,8 +252,6 @@ $object->fields['note_public']['visible'] = 1; /* * View - * - * Put here all code to build page */ $form = new Form($db); @@ -528,20 +502,22 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea if (empty($reshook)) { if ($object->status == $object::STATUS_DRAFT) { - print dolGetButtonAction($langs->trans('Modify'), '', 'default', $_SERVER["PHP_SELF"].'?socid='.$socid.'&action=edit', '', $permissiontoadd); + print dolGetButtonAction($langs->trans('Modify'), '', 'default', $_SERVER["PHP_SELF"].'?socid='.$socid.'&action=edit&token='.newtoken(), '', $permissiontoadd); } // Show if ($permissiontoadd) { - print dolGetButtonAction($langs->trans('ShowPartnership'), '', 'default', dol_buildpath('/partnership/partnership_card.php', 1).'?id='.$object->id, '', $permissiontoadd); + print dolGetButtonAction($langs->trans('ManagePartnership'), '', 'default', dol_buildpath('/partnership/partnership_card.php', 1).'?id='.$object->id, '', $permissiontoadd); } // Cancel + /* if ($permissiontoadd) { if ($object->status == $object::STATUS_ACCEPTED) { print dolGetButtonAction($langs->trans('Cancel'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=close&token='.newToken(), '', $permissiontoadd); } } + */ } print ''."\n"; }