lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

wip

Browse Source
This commit is contained in:
Frédéric FRANCE 2023-05-03 14:22:30 +02:00
parent fe6e31a81d
commit 9d29ae8f10
3 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/core/modules/mailings/modules_mailings.php
View File

@ -180,7 +180,6 @@ class MailingTargets // This can't be abstract as it is used for some method
public function addTargetsToDatabase($mailing_id, $cibles)
{
global $conf;
global $dolibarr_main_instance_unique_id;
$this->db->begin();
@ -203,7 +202,7 @@ class MailingTargets // This can't be abstract as it is used for some method
$sql .= "'".$this->db->escape($targetarray['other'])."',";
$sql .= "'".$this->db->escape($targetarray['source_url'])."',";
$sql .= (empty($targetarray['source_id']) ? 'null' : "'".$this->db->escape($targetarray['source_id'])."'").",";
$sql .= "'".$this->db->escape(dol_hash($dolibarr_main_instance_unique_id.";".$targetarray['email'].";".$targetarray['lastname'].";".((int) $mailing_id).";".getDolGlobalString('MAILING_EMAIL_UNSUBSCRIBE_KEY'), 'md5'))."',";
$sql .= "'".$this->db->escape(dol_hash($conf->file->instance_unique_id.";".$targetarray['email'].";".$targetarray['lastname'].";".((int) $mailing_id).";".getDolGlobalString('MAILING_EMAIL_UNSUBSCRIBE_KEY'), 'md5'))."',";
$sql .= "'".$this->db->escape($targetarray['source_type'])."')";
dol_syslog(__METHOD__, LOG_DEBUG);
$result = $this->db->query($sql);

6
htdocs/core/tpl/passwordreset.tpl.php
View File

@ -97,10 +97,10 @@ if ($setnewpassword && $username && $passworduidhash) {
if ($result < 0) {
$message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorTechnicalError")).'</div>';
} else {
global $dolibarr_main_instance_unique_id;
global $conf;
//print $edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id.' '.$passworduidhash;
if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id, $passworduidhash)) {
//print $edituser->pass_temp.'-'.$edituser->id.'-'.$conf->file->instance_unique_id.' '.$passworduidhash;
if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$conf->file->instance_unique_id, $passworduidhash)) {
// Clear session
unset($_SESSION['dol_login']);

4
htdocs/public/users/view.php
View File

@ -62,8 +62,8 @@ $object->fetch($id, '', '', 1);
$urlwithroot = DOL_MAIN_URL_ROOT; // This is to use same domain name than current. For Paypal payment, we can use internal URL like localhost.
// Security check
global $dolibarr_main_instance_unique_id;
$encodedsecurekey = dol_hash($dolibarr_main_instance_unique_id.'uservirtualcard'.$object->id.'-'.$object->login, 'md5');
global $conf;
$encodedsecurekey = dol_hash($conf->file->instance_unique_id.'uservirtualcard'.$object->id.'-'.$object->login, 'md5');
if ($encodedsecurekey != $securekey) {
httponly_accessforbidden('Bad value for securitykey or public profile not enabled');
}