diff --git a/htdocs/langs/en_US/eventorganization.lang b/htdocs/langs/en_US/eventorganization.lang index 5ddd3d259ea..863cec82164 100644 --- a/htdocs/langs/en_US/eventorganization.lang +++ b/htdocs/langs/en_US/eventorganization.lang @@ -107,7 +107,7 @@ MissingOrBadSecureKey = The security key is invalid or missing EvntOrgWelcomeMessage = This form allows you to register as a new participant to the conference EvntOrgStartDuration = This conference starts on EvntOrgEndDuration = and ends on -ConferenceAttendeeFee = Conference attendee fee +ConferenceAttendeeFee = Conference attendee fee for the event : '%s' occurring from %s to %s # # SubscriptionOk page # diff --git a/htdocs/public/eventorganization/attendee_subscription.php b/htdocs/public/eventorganization/attendee_subscription.php index 22b6955c6f5..ed6d5261fcd 100644 --- a/htdocs/public/eventorganization/attendee_subscription.php +++ b/htdocs/public/eventorganization/attendee_subscription.php @@ -334,14 +334,25 @@ if (empty($reshook) && $action == 'add') { if (!$error) { // Add line to draft invoice $vattouse = get_default_tva($mysoc, $thirdparty, $productforinvoicerow->id); - $result = $facture->addline($langs->trans("ConferenceAttendeeFee").' for the event : \''.$conference->label.'\' occuring from '.dol_print_date($conference->datep, '%d/%m/%y %H:%M:%S').' to '.dol_print_date($conference->datep2, '%d/%m/%y %H:%M:%S'), floatval($project->price_registration), 1, $vattouse, 0, 0, $productforinvoicerow->id, 0, dol_now(), '', 0, 0, '', 'HT', 0, 1); + $result = $facture->addline($langs->trans("ConferenceAttendeeFee", $conference->label, dol_print_date($conference->datep, '%d/%m/%y %H:%M:%S'), dol_print_date($conference->datep2, '%d/%m/%y %H:%M:%S')), floatval($project->price_registration), 1, $vattouse, 0, 0, $productforinvoicerow->id, 0, dol_now(), '', 0, 0, '', 'HT', 0, 1); if ($result <= 0) { $confattendee->error = $facture->error; $confattendee->errors = $facture->errors; $error++; } if (!$error) { - $redirection = $dolibarr_main_url_root.'/public/payment/newpayment.php?source=conferencesubscription&ref='.dol_encode($facture->id, $dolibarr_main_instance_unique_id); + $valid = true; + $sourcetouse = 'conferencesubscription'; + $reftouse = dol_encode($facture->id, $dolibarr_main_instance_unique_id); + $redirection = $dolibarr_main_url_root.'/public/payment/newpayment.php?source='.$sourcetouse.'&ref='.$reftouse; + if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { + if (!empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) { + $redirection .= '&securekey='.dol_hash($conf->global->PAYMENT_SECURITY_TOKEN . $sourcetouse . $reftouse, 2); // Use the source in the hash to avoid duplicates if the references are identical + + } else { + $redirection .= '&securekey='.$conf->global->PAYMENT_SECURITY_TOKEN; + } + } Header("Location: ".$redirection); exit; } diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index 22efe3d18af..2a43e655288 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -155,6 +155,7 @@ foreach ($_POST as $key => $val) { } + // Define $urlwithroot //$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root)); //$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file @@ -168,6 +169,7 @@ $ref = $REF = GETPOST('ref', 'alpha'); $TAG = GETPOST("tag", 'alpha'); $FULLTAG = GETPOST("fulltag", 'alpha'); // fulltag is tag with more informations $SECUREKEY = GETPOST("securekey"); // Secure key + if ($paymentmethod && !preg_match('/'.preg_quote('PM='.$paymentmethod, '/').'/', $FULLTAG)) { $FULLTAG .= ($FULLTAG ? '.' : '').'PM='.$paymentmethod; } @@ -262,6 +264,7 @@ if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { } else { $token = $conf->global->PAYMENT_SECURITY_TOKEN; } + if ($SECUREKEY != $token) { if (empty($conf->global->PAYMENT_SECURITY_ACCEPT_ANY_TOKEN)) { $valid = false; // PAYMENT_SECURITY_ACCEPT_ANY_TOKEN is for backward compatibility