lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use urlencode even on security key

Browse Source
This commit is contained in:
Laurent Destailleur 2021-04-10 15:27:44 +02:00
parent 0bc93d437e
commit be800e07f2
3 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/core/lib/payments.lib.php
View File

@ -211,9 +211,9 @@ function getOnlinePaymentUrl($mode, $type, $ref = '', $amount = '9.99', $freetag
$out = $urltouse.'/public/payment/newpayment.php?amount='.($mode ? '<font color="#666666">' : '').$amount.($mode ? '</font>' : '').'&tag='.($mode ? '<font color="#666666">' : '').$freetag.($mode ? '</font>' : '');
if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) {
if (empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) {
$out .= '&securekey='.$conf->global->PAYMENT_SECURITY_TOKEN;
$out .= '&securekey='.urlencode($conf->global->PAYMENT_SECURITY_TOKEN);
} else {
$out .= '&securekey='.dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2);
$out .= '&securekey='.urlencode(dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2));
}
}
//if ($mode) $out.='&noidempotency=1';
@ -228,7 +228,7 @@ function getOnlinePaymentUrl($mode, $type, $ref = '', $amount = '9.99', $freetag
$out .= ($mode ? '</font>' : '');
if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) {
if (empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) {
$out .= '&securekey='.$conf->global->PAYMENT_SECURITY_TOKEN;
$out .= '&securekey='.urlencode($conf->global->PAYMENT_SECURITY_TOKEN);
} else {
$out .= '&securekey='.($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
@ -251,7 +251,7 @@ function getOnlinePaymentUrl($mode, $type, $ref = '', $amount = '9.99', $freetag
$out .= ($mode ? '</font>' : '');
if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) {
if (empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) {
$out .= '&securekey='.$conf->global->PAYMENT_SECURITY_TOKEN;
$out .= '&securekey='.urlencode($conf->global->PAYMENT_SECURITY_TOKEN);
} else {
$out .= '&securekey='.($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
@ -274,7 +274,7 @@ function getOnlinePaymentUrl($mode, $type, $ref = '', $amount = '9.99', $freetag
$out .= ($mode ? '</font>' : '');
if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) {
if (empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) {
$out .= '&securekey='.$conf->global->PAYMENT_SECURITY_TOKEN;
$out .= '&securekey='.urlencode($conf->global->PAYMENT_SECURITY_TOKEN);
} else {
$out .= '&securekey='.($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
@ -297,7 +297,7 @@ function getOnlinePaymentUrl($mode, $type, $ref = '', $amount = '9.99', $freetag
$out .= ($mode ? '</font>' : '');
if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) {
if (empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) {
$out .= '&securekey='.$conf->global->PAYMENT_SECURITY_TOKEN;
$out .= '&securekey='.urlencode($conf->global->PAYMENT_SECURITY_TOKEN);
} else {
$out .= '&securekey='.($mode ? '<font color="#666666">' : '');
if ($mode == 1) {
@ -321,7 +321,7 @@ function getOnlinePaymentUrl($mode, $type, $ref = '', $amount = '9.99', $freetag
$out .= ($mode ? '</font>' : '');
if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) {
if (empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) {
$out .= '&securekey='.$conf->global->PAYMENT_SECURITY_TOKEN;
$out .= '&securekey='.urlencode($conf->global->PAYMENT_SECURITY_TOKEN);
} else {
$out .= '&securekey='.($mode ? '<font color="#666666">' : '');
if ($mode == 1) {

4
htdocs/public/payment/newpayment.php
View File

@ -1459,10 +1459,10 @@ if ($source == 'membersubscription') {
require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php';
$adht = new AdherentType($db);
if ( !$action) {
$form = new Form($db); // so wecan call method selectarray
$form = new Form($db); // so we can call method selectarray
print '<tr class="CTableRow'.($var ? '1' : '2').'"><td class="CTableRow'.($var ? '1' : '2').'">'.$langs->trans("NewSubscription");
print '</td><td class="CTableRow'.($var ? '1' : '2').'">';
print $form->selectarray("typeid", $adht->liste_array(1), $member->typeid, 0, 0, 0, 'onchange="window.location.replace(\''.$urlwithroot.'/public/payment/newpayment.php?source='.$source.'&ref='.$ref.'&amount='.$amount.'&typeid=\' + this.value + \'&securekey='.$SECUREKEY.'\');"', 0, 0, 0, '', '', 1);
print $form->selectarray("typeid", $adht->liste_array(1), $member->typeid, 0, 0, 0, 'onchange="window.location.replace(\''.$urlwithroot.'/public/payment/newpayment.php?source='.urlencode($source).'&ref='.urlencode($ref).'&amount='.urlencode($amount).'&typeid=\' + this.value + \'&securekey='.urlencode($SECUREKEY).'\');"', 0, 0, 0, '', '', 1);
print "</td></tr>\n";
} elseif ($action == dopayment) {
print '<tr class="CTableRow'.($var ? '1' : '2').'"><td class="CTableRow'.($var ? '1' : '2').'">'.$langs->trans("NewMemberType");

4
htdocs/recruitment/lib/recruitment_recruitmentjobposition.lib.php
View File

@ -127,8 +127,8 @@ function getPublicJobPositionUrl($mode, $ref = '', $localorexternal = 0)
$out = $urltouse.'/public/recruitment/view.php?ref='.($mode ? '<font color="#666666">' : '').$ref.($mode ? '</font>' : '');
/*if (!empty($conf->global->RECRUITMENT_SECURITY_TOKEN))
{
if (empty($conf->global->RECRUITMENT_SECURITY_TOKEN)) $out .= '&securekey='.$conf->global->RECRUITMENT_SECURITY_TOKEN;
else $out .= '&securekey='.dol_hash($conf->global->RECRUITMENT_SECURITY_TOKEN, 2);
if (empty($conf->global->RECRUITMENT_SECURITY_TOKEN)) $out .= '&securekey='.urlencode($conf->global->RECRUITMENT_SECURITY_TOKEN);
else $out .= '&securekey='.urlencode(dol_hash($conf->global->RECRUITMENT_SECURITY_TOKEN, 2));
}*/
// For multicompany