lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '17.0' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source
This commit is contained in:
Laurent Destailleur 2023-03-17 01:31:05 +01:00
commit ba35b405cb
3 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/admin/ticket_public.php
View File

@ -330,7 +330,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
print '</tr>';
// Auto fill the contact found from email
// This option is a serious security hole. it allowe to any non looged perso, to get the database of contacts
// This option is a serious security hole. it allows to any non logged perso, to get the database of contacts or to check if an email is a customer or not. We must keep it as hidden option only.
/*
print '<tr class="oddeven"><td>'.$langs->trans("TicketCreateThirdPartyWithContactIfNotExist").'</td>';
print '<td class="left">';

2
htdocs/install/mysql/migration/16.0.0-17.0.0.sql
View File

@ -401,4 +401,6 @@ ALTER TABLE llx_facture_fourn_det MODIFY COLUMN ref varchar(128);
ALTER TABLE llx_projet ADD COLUMN extraparams varchar(255);
DELETE FROM llx_const WHERE name = 'TICKET_CREATE_THIRD_PARTY_WITH_CONTACT_IF_NOT_EXIST';

2
htdocs/public/ticket/ajax/ajax.php
View File

@ -55,7 +55,7 @@ include_once '../../../main.inc.php'; // Load $user and permissions
$action = GETPOST('action', 'aZ09');
$id = GETPOST('id', 'int');
$email = GETPOST('email', 'alphanohtml');
$email = GETPOST('email', 'custom', 0, 'FILTER_VALIDATE_EMAIL');
if (!isModEnabled('ticket')) {
httponly_accessforbidden('Module Ticket not enabled');