lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX the online signature feature

Browse Source
This commit is contained in:
Laurent Destailleur 2022-08-14 19:14:20 +02:00
parent 326686794a
commit a0d56b6db7
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/signature.lib.php
View File

@ -91,7 +91,7 @@ function getOnlineSignatureUrl($mode, $type, $ref = '', $localorexternal = 1)
if ($mode == 1) {
$out .= "hash('".$securekeyseed."' + '".$type."' + proposal_ref)";
} else {
$out .= '&securekey='.dol_hash($securekeyseed.$type.$ref.$object->entity, '0');
$out .= '&securekey='.dol_hash($securekeyseed.$type.$ref, '0');
}
/*
if ($mode == 1) {

2
htdocs/public/onlinesign/newonlinesign.php
View File

@ -139,7 +139,7 @@ if ($source == 'proposal') {
$securekeyseed = $conf->global->PROPOSAL_ONLINE_SIGNATURE_SECURITY_TOKEN;
}
if (!dol_verifyHash($securekeyseed.$type.$ref.$object->entity, $SECUREKEY, '0')) {
if (!dol_verifyHash($securekeyseed.$type.$ref, $SECUREKEY, '0')) {
http_response_code(403);
print 'Bad value for securitykey. Value provided '.dol_escape_htmltag($SECUREKEY).' does not match expected value for ref='.dol_escape_htmltag($ref);
exit(-1);