lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source 
Conflicts:
	htdocs/main.inc.php
This commit is contained in:
Laurent Destailleur 2021-07-21 01:29:22 +02:00
commit afa6ced6c9
2 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/install/check.php
View File

@ -100,7 +100,7 @@ print "<br>\n";
// Check PHP support for $_GET and $_POST
if (!isset($_GET["testget"]) && !isset($_POST["testpost"])) { // We must keep $_GET and $_POST here
print '<img src="../theme/eldy/img/warning.png" alt="Warning"> '.$langs->trans("PHPSupportPOSTGETKo");
print ' (<a href="'.$_SERVER["PHP_SELF"].'?testget=ok">'.$langs->trans("Recheck").'</a>)';
print ' (<a href="'.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?testget=ok">'.$langs->trans("Recheck").'</a>)';
print "<br>\n";
$checksok = 0;
} else {

20
htdocs/main.inc.php
View File

@ -80,7 +80,7 @@ function realCharForNumericEntities($matches)
* Warning: Such a protection can't be enough. It is not reliable as it will always be possible to bypass this. Good protection can
* only be guaranted by escaping data during output.
*
* @param string $val Value brut found int $_GET, $_POST or PHP_SELF
* @param string $val Brut value found into $_GET, $_POST or PHP_SELF
* @param string $type 0=POST, 1=GET, 2=PHP_SELF, 3=GET without sql reserved keywords (the less tolerant test)
* @return int >0 if there is an injection, 0 if none
*/
@ -460,15 +460,15 @@ if (!defined('NOTOKENRENEWAL')) {
if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN)) || defined('CSRFCHECK_WITH_TOKEN')) {
// Array of action code where CSRFCHECK with token will be forced (so token must be provided on url request)
$arrayofactiontoforcetokencheck = array(
'activate', 'add', 'addrights', 'addtimespent',
'confirm_create_user', 'confirm_create_thirdparty', 'confirm_delete', 'confirm_deletedir', 'confirm_deletefile', 'confirm_purge', 'confirm_reject_check',
'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'delrights',
'disable',
'doprev', 'donext', 'dvprev', 'dvnext',
'enable',
'install',
'setpricelevel',
'update'
'activate', 'add', 'addrights', 'addtimespent',
'confirm_create_user', 'confirm_create_thirdparty', 'confirm_delete', 'confirm_deletedir', 'confirm_deletefile', 'confirm_purge', 'confirm_reject_check',
'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'delrights',
'disable',
'doprev', 'donext', 'dvprev', 'dvnext',
'enable',
'install',
'setpricelevel',
'update'
);
$sensitiveget = false;
if (in_array(GETPOST('action', 'aZ09'), $arrayofactiontoforcetokencheck)) {