lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX All forms must use newToken()

Browse Source 
Conflicts:
	htdocs/commande/card.php
	htdocs/compta/cashcontrol/cashcontrol_card.php
	htdocs/supplier_proposal/card.php
This commit is contained in:
Laurent Destailleur 2020-03-24 13:10:35 +01:00
parent 1e955a89ef
commit a5379c7144
24 changed files with 46 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php
View File

@ -197,7 +197,7 @@ if ($resql) {
$param="&socid=".$socid;
print '<form name="add" action="' . $_SERVER["PHP_SELF"] . '?socid=' . $object->id . '" method="POST">';
print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
print '<input type="hidden" name="token" value="' . newToken() . '">';
print '<input type="hidden" name="socid" value="' . $object->id . '">';
$letteringbutton = '<a class="divButAction"><span class="valignmiddle"><input class="butAction" type="submit" value="lettering" name="lettering" id="lettering"></span></a>';

2
htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php
View File

@ -195,7 +195,7 @@ if ($resql) {
$param="&socid=".$socid;
print '<form name="add" action="'.$_SERVER["PHP_SELF"].'?socid=' . $object->id . '" method="POST">';
print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
print '<input type="hidden" name="token" value="' . newToken() . '">';
print '<input type="hidden" name="socid" value="' . $object->id . '">';
$letteringbutton = '<a class="divButAction"><span class="valignmiddle"><input class="butAction" type="submit" value="lettering" name="lettering" id="lettering"></span></a>';

6
htdocs/adherents/cartes/carte.php
View File

@ -259,7 +259,7 @@ print '<br>';
print img_picto('', 'puce').' '.$langs->trans("DocForAllMembersCards", ($conf->global->ADHERENT_CARD_TYPE?$conf->global->ADHERENT_CARD_TYPE:$langs->transnoentitiesnoconv("None"))).' ';
print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
print '<input type="hidden" name="token" value="' . newToken() . '">';
print '<input type="hidden" name="foruserid" value="all">';
print '<input type="hidden" name="mode" value="card">';
print '<input type="hidden" name="action" value="builddoc">';
@ -279,7 +279,7 @@ print '<br><br>';
print img_picto('', 'puce').' '.$langs->trans("DocForOneMemberCards", ($conf->global->ADHERENT_CARD_TYPE?$conf->global->ADHERENT_CARD_TYPE:$langs->transnoentitiesnoconv("None"))).' ';
print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
print '<input type="hidden" name="token" value="' . newToken() . '">';
print '<input type="hidden" name="mode" value="cardlogin">';
print '<input type="hidden" name="action" value="builddoc">';
print $langs->trans("DescADHERENT_CARD_TYPE").' ';
@ -299,7 +299,7 @@ print '<br><br>';
print img_picto('', 'puce').' '.$langs->trans("DocForLabels", $conf->global->ADHERENT_ETIQUETTE_TYPE).' ';
print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
print '<input type="hidden" name="token" value="' . newToken() . '">';
print '<input type="hidden" name="mode" value="label">';
print '<input type="hidden" name="action" value="builddoc">';
print $langs->trans("DescADHERENT_ETIQUETTE_TYPE").' ';

2
htdocs/adherents/type.php
View File

@ -605,7 +605,7 @@ if ($rowid > 0)
}
print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input class="flat" type="hidden" name="rowid" value="'.$object->id.'" size="12"></td>';
print '<br>';

2
htdocs/admin/agenda_other.php
View File

@ -324,7 +324,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL >= 2)
}
print '<form action="'.$_SERVER["PHP_SELF"].'" name="agenda">';
print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
print '<input type="hidden" name="token" value="' . newToken() . '">';
print '<input type="hidden" name="action" value="set">';
print '<table class="noborder allwidth">'."\n";

2
htdocs/admin/agenda_reminder.php
View File

@ -180,7 +180,7 @@ $head=agenda_prepare_head();
dol_fiche_head($head, 'reminders', $langs->trans("Agenda"), -1, 'action');
print '<form action="'.$_SERVER["PHP_SELF"].'" name="agenda">';
print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
print '<input type="hidden" name="token" value="' . newToken() . '">';
print '<input type="hidden" name="action" value="set">';
print '<table class="noborder allwidth">'."\n";

2
htdocs/admin/clicktodial.php
View File

@ -119,7 +119,7 @@ if (! empty($conf->global->CLICKTODIAL_URL))
if (GETPOST('phonefortest')) $phonefortest=GETPOST('phonefortest');
print '<form action="'.$_SERVER["PHP_SELF"].'">';
print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
print '<input type="hidden" name="token" value="' . newToken() . '">';
print $langs->trans("LinkToTestClickToDial", $user->login).' : ';
print '<input class="flat" type="text" name="phonefortest" value="'.dol_escape_htmltag($phonefortest).'">';
print '<input type="submit" class="button" value="'.dol_escape_htmltag($langs->trans("RefreshPhoneLink")).'">';

2
htdocs/admin/fckeditor.php
View File

@ -185,7 +185,7 @@ else
print '<br>'."\n";
print '<form name="formtest" method="POST" action="'.$_SERVER["PHP_SELF"].'">'."\n";
print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
print '<input type="hidden" name="token" value="' . newToken() . '">';
// Skins
show_skin(null, 1);

2
htdocs/bom/bom_card.php
View File

@ -546,7 +546,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
$result = $object->getLinesArray();
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid', 'int')).'" method="POST">
<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
<input type="hidden" name="token" value="' . newToken().'">
<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
<input type="hidden" name="mode" value="">
<input type="hidden" name="id" value="' . $object->id.'">

2
htdocs/comm/action/pertype.php
View File

@ -248,7 +248,7 @@ $nav .= " &nbsp; (<a href=\"?year=".$nowyear."&amp;month=".$nowmonth."&amp;day="
$picto = 'calendarweek';
$nav .= ' &nbsp; <form name="dateselect" action="'.$_SERVER["PHP_SELF"].'?action=show_peruser'.$param.'">';
$nav .= '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
$nav .= '<input type="hidden" name="token" value="'.newToken().'">';
$nav .= '<input type="hidden" name="action" value="'.$action.'">';
$nav .= '<input type="hidden" name="filtert" value="'.$filtert.'">';
$nav .= '<input type="hidden" name="usergroup" value="'.$usergroup.'">';

2
htdocs/comm/action/peruser.php
View File

@ -289,7 +289,7 @@ $nav .= " &nbsp; <a href=\"?year=".$next_year."&amp;month=".$next_month."&amp;da
$nav .= " &nbsp; (<a href=\"?year=".$nowyear."&amp;month=".$nowmonth."&amp;day=".$nowday.$param."\">".$langs->trans("Today")."</a>)";
/*$nav.=' &nbsp; <form name="dateselect" action="'.$_SERVER["PHP_SELF"].'?action=show_peruser'.$param.'">';
$nav.='<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
$nav.='<input type="hidden" name="token" value="' . newToken() . '">';
$nav.='<input type="hidden" name="action" value="' . $action . '">';
$nav.='<input type="hidden" name="filtert" value="' . $filtert . '">';
$nav.='<input type="hidden" name="usergroup" value="' . $usergroup . '">';

8
htdocs/comm/propal/card.php
View File

@ -1541,7 +1541,7 @@ if ($action == 'create')
$object = new Propal($db);
print '<form name="addprop" action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="add">';
if ($origin != 'project' && $originid) {
print '<input type="hidden" name="origin" value="'.$origin.'">';
@ -2052,7 +2052,7 @@ if ($action == 'create')
print '</td><td>';
if ($object->statut == Propal::STATUS_DRAFT && $action == 'editdate' && $usercancreate) {
print '<form name="editdate" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="post">';
print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="setdate">';
print $form->selectDate($object->date, 're', '', '', 0, "editdate");
print '<input type="submit" class="button" value="'.$langs->trans('Modify').'">';
@ -2078,7 +2078,7 @@ if ($action == 'create')
print '</td><td>';
if ($object->statut == Propal::STATUS_DRAFT && $action == 'editecheance' && $usercancreate) {
print '<form name="editecheance" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="post">';
print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="setecheance">';
print $form->selectDate($object->fin_validite, 'ech', '', '', '', "editecheance");
print '<input type="submit" class="button" value="'.$langs->trans('Modify').'">';
@ -2412,7 +2412,7 @@ if ($action == 'create')
$result = $object->getLinesArray();
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid')).'" method="POST">
<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
<input type="hidden" name="token" value="' . newToken().'">
<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
<input type="hidden" name="mode" value="">
<input type="hidden" name="id" value="' . $object->id.'">

10
htdocs/commande/card.php
View File

@ -1594,8 +1594,8 @@ if ($action == 'create' && $usercancreate)
$note_public = $object->getDefaultCreateValueFor('note_public');
}
print '<form name="crea_commande" action="' . $_SERVER["PHP_SELF"] . '" method="POST">';
print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
print '<form name="crea_commande" action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="add">';
print '<input type="hidden" name="socid" value="' . $soc->id . '">' . "\n";
print '<input type="hidden" name="remise_percent" value="' . $soc->remise_percent . '">';
@ -2177,7 +2177,7 @@ if ($action == 'create' && $usercancreate)
print '</td><td>';
if ($action == 'editdate') {
print '<form name="setdate" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="post">';
print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="setdate">';
print $form->selectDate($object->date, 'order_', '', '', '', "setdate");
print '<input type="submit" class="button" value="'.$langs->trans('Modify').'">';
@ -2198,7 +2198,7 @@ if ($action == 'create' && $usercancreate)
print '</td><td>';
if ($action == 'editdate_livraison') {
print '<form name="setdate_livraison" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="post">';
print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="setdate_livraison">';
print $form->selectDate($object->date_livraison ? $object->date_livraison : - 1, 'liv_', '', '', '', "setdate_livraison");
print '<input type="submit" class="button" value="'.$langs->trans('Modify').'">';
@ -2492,7 +2492,7 @@ if ($action == 'create' && $usercancreate)
$result = $object->getLinesArray();
print '<form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid')).'" method="POST">
<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
<input type="hidden" name="token" value="' . newToken().'">
<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
<input type="hidden" name="mode" value="">
<input type="hidden" name="id" value="' . $object->id.'">';

2
htdocs/compta/cashcontrol/cashcontrol_card.php
View File

@ -318,7 +318,7 @@ if ($action == "create" || $action == "start")
print load_fiche_titre($langs->trans("CashControl")." - ".$langs->trans("New"), '', 'cash-register');
print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
print '<input type="hidden" name="token" value="' . newToken() . '">';
if ($action == 'start' && GETPOST('posnumber', 'int') != '' && GETPOST('posnumber', 'int') != '' && GETPOST('posnumber', 'int') != '-1')
{
print '<input type="hidden" name="action" value="add">';

2
htdocs/compta/facture/card-rec.php
View File

@ -1680,7 +1680,7 @@ else
// Lines
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#add' : '#line_'.GETPOST('lineid')).'" method="POST">
<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
<input type="hidden" name="token" value="' . newToken().'">
<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
<input type="hidden" name="mode" value="">
<input type="hidden" name="id" value="' . $object->id.'">

6
htdocs/compta/facture/card.php
View File

@ -2840,7 +2840,7 @@ if ($action == 'create')
}
print '<form name="add" action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="add">';
if ($soc->id > 0) print '<input type="hidden" name="socid" value="'.$soc->id.'">'."\n";
print '<input name="ref" type="hidden" value="provisoire">';
@ -4441,7 +4441,7 @@ elseif ($id > 0 || !empty($ref))
print '</td><td>';
if ($action == 'editrevenuestamp') {
print '<form action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="post">';
print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="setrevenuestamp">';
print '<input type="hidden" name="revenuestamp" id="revenuestamp_val" value="'.price2num($object->revenuestamp).'">';
print $formother->select_revenue_stamp('', 'revenuestamp_type', $mysoc->country_code);
@ -4945,7 +4945,7 @@ elseif ($id > 0 || !empty($ref))
}
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid')).'" method="POST">
<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
<input type="hidden" name="token" value="' . newToken().'">
<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
<input type="hidden" name="mode" value="">
<input type="hidden" name="id" value="' . $object->id.'">

2
htdocs/core/lib/agenda.lib.php
View File

@ -59,7 +59,7 @@ function print_actions_filter($form, $canedit, $status, $year, $month, $day, $sh
// Filters
//print '<form name="listactionsfilter" class="listactionsfilter" action="' . $_SERVER["PHP_SELF"] . '" method="get">';
print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
print '<input type="hidden" name="token" value="' . newToken() . '">';
print '<input type="hidden" name="year" value="' . $year . '">';
print '<input type="hidden" name="month" value="' . $month . '">';
print '<input type="hidden" name="day" value="' . $day . '">';

2
htdocs/expedition/card.php
View File

@ -2012,7 +2012,7 @@ elseif ($id || $ref)
if ($action == 'editline')
{
print ' <form name="updateline" id="updateline" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;lineid='.$line_id.'" method="POST">
<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
<input type="hidden" name="token" value="' . newToken().'">
<input type="hidden" name="action" value="updateline">
<input type="hidden" name="mode" value="">
<input type="hidden" name="id" value="' . $object->id.'">

2
htdocs/modulebuilder/template/myobject_card.php
View File

@ -401,7 +401,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
$result = $object->getLinesArray();
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid', 'int')).'" method="POST">
<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
<input type="hidden" name="token" value="' . newToken().'">
<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
<input type="hidden" name="mode" value="">
<input type="hidden" name="id" value="' . $object->id.'">

2
htdocs/mrp/mo_card.php
View File

@ -497,7 +497,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
$object->fetchLines();
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid', 'int')).'" method="POST">
<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
<input type="hidden" name="token" value="' . newToken().'">
<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
<input type="hidden" name="mode" value="">
<input type="hidden" name="id" value="' . $object->id.'">

8
htdocs/product/price.php
View File

@ -1151,7 +1151,7 @@ if ($action == 'edit_vat' && ($user->rights->produit->creer || $user->rights->se
print load_fiche_titre($langs->trans("UpdateVAT"), '');
print '<form action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="POST">';
print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="update_vat">';
print '<input type="hidden" name="id" value="'.$object->id.'">';
@ -1185,7 +1185,7 @@ if ($action == 'edit_price' && $object->getRights()->creer)
{
print '<!-- Edit price -->'."\n";
print '<form action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="POST">';
print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="update_price">';
print '<input type="hidden" name="id" value="'.$object->id.'">';
@ -1660,7 +1660,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES))
print load_fiche_titre($langs->trans('PriceByCustomer'));
print '<form action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="POST">';
print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="add_customer_price_confirm">';
print '<input type="hidden" name="id" value="'.$object->id.'">';
@ -1747,7 +1747,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES))
}
print '<form action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="POST">';
print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="update_customer_price_confirm">';
print '<input type="hidden" name="lineid" value="'.$prodcustprice->id.'">';

2
htdocs/reception/card.php
View File

@ -1610,7 +1610,7 @@ elseif ($id || $ref)
if ($action == 'editline')
{
print '<form name="updateline" id="updateline" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;lineid='.$line_id.'" method="POST">
<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
<input type="hidden" name="token" value="' . newToken().'">
<input type="hidden" name="action" value="updateline">
<input type="hidden" name="mode" value="">
<input type="hidden" name="id" value="' . $object->id.'">';

4
htdocs/societe/price.php
View File

@ -256,7 +256,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) {
print load_fiche_titre($langs->trans('PriceByCustomer'));
print '<form action="'.$_SERVER["PHP_SELF"].'?socid='.$object->id.'" method="POST">';
print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="add_customer_price_confirm">';
print '<input type="hidden" name="socid" value="'.$object->id.'">';
print '<table class="border centpercent">';
@ -334,7 +334,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) {
}
print '<form action="'.$_SERVER["PHP_SELF"].'?socid='.$object->id.'" method="POST">';
print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="update_customer_price_confirm">';
print '<input type="hidden" name="lineid" value="'.$prodcustprice->id.'">';
print '<table class="border centpercent">';

13
htdocs/supplier_proposal/card.php
View File

@ -1125,7 +1125,7 @@ if ($action == 'create')
$object = new SupplierProposal($db);
print '<form name="addprop" action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="add">';
if ($origin != 'project' && $originid) {
print '<input type="hidden" name="origin" value="'.$origin.'">';
@ -1557,8 +1557,8 @@ if ($action == 'create')
print '</tr></table>';
print '</td><td colspan="3">';
if ($action == 'editdate_livraison') {
print '<form name="editdate_livraison" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="post">';
print '<input type="hidden" name="token" value="'.$_SESSION ['newtoken'].'">';
print '<form name="editdate_livraison" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="post" class="formconsumeproduce">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="setdate_livraison">';
print $form->selectDate($object->date_livraison, 'liv_', '', '', '', "editdate_livraison");
print '<input type="submit" class="button" value="'.$langs->trans('Modify').'">';
@ -1762,7 +1762,7 @@ if ($action == 'create')
$result = $object->getLinesArray();
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#add' : '#line_'.GETPOST('lineid')).'" method="POST">
<input type="hidden" name="token" value="' . $_SESSION ['newtoken'].'">
<input type="hidden" name="token" value="' . newToken().'">
<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
<input type="hidden" name="mode" value="">
<input type="hidden" name="id" value="' . $object->id.'">
@ -1806,7 +1806,10 @@ if ($action == 'create')
if ($action == 'statut')
{
// Form to set proposal accepted/refused
$form_close = '<form action="' . $_SERVER["PHP_SELF"] . '?id=' . $object->id . '" method="post">';
$form_close = '<form action="' . $_SERVER["PHP_SELF"] . '?id=' . $object->id . '" method="POST" id="formacceptrefuse" class="formconsumeproduce">';
$form_close .= '<input type="hidden" name="token" value="' . newToken() . '">';
$form_close .= '<input type="hidden" name="action" value="setstatut">';
if (! empty($conf->global->SUPPLIER_PROPOSAL_UPDATE_PRICE_ON_SUPPlIER_PROPOSAL)) $form_close .= '<p class="notice">'.$langs->trans('SupplierProposalRefFournNotice').'</p>'; // TODO Suggest a permanent checkbox instead of option
$form_close .= '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
$form_close .= '<table class="border centpercent">';