diff --git a/htdocs/core/lib/payments.lib.php b/htdocs/core/lib/payments.lib.php index f9022726511..166814525cf 100644 --- a/htdocs/core/lib/payments.lib.php +++ b/htdocs/core/lib/payments.lib.php @@ -211,9 +211,9 @@ function getOnlinePaymentUrl($mode, $type, $ref = '', $amount = '9.99', $freetag $out = $urltouse.'/public/payment/newpayment.php?amount='.($mode ? '' : '').$amount.($mode ? '' : '').'&tag='.($mode ? '' : '').$freetag.($mode ? '' : ''); if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { if (empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) { - $out .= '&securekey='.$conf->global->PAYMENT_SECURITY_TOKEN; + $out .= '&securekey='.urlencode($conf->global->PAYMENT_SECURITY_TOKEN); } else { - $out .= '&securekey='.dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2); + $out .= '&securekey='.urlencode(dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2)); } } //if ($mode) $out.='&noidempotency=1'; @@ -228,7 +228,7 @@ function getOnlinePaymentUrl($mode, $type, $ref = '', $amount = '9.99', $freetag $out .= ($mode ? '' : ''); if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { if (empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) { - $out .= '&securekey='.$conf->global->PAYMENT_SECURITY_TOKEN; + $out .= '&securekey='.urlencode($conf->global->PAYMENT_SECURITY_TOKEN); } else { $out .= '&securekey='.($mode ? '' : ''); if ($mode == 1) { @@ -251,7 +251,7 @@ function getOnlinePaymentUrl($mode, $type, $ref = '', $amount = '9.99', $freetag $out .= ($mode ? '' : ''); if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { if (empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) { - $out .= '&securekey='.$conf->global->PAYMENT_SECURITY_TOKEN; + $out .= '&securekey='.urlencode($conf->global->PAYMENT_SECURITY_TOKEN); } else { $out .= '&securekey='.($mode ? '' : ''); if ($mode == 1) { @@ -274,7 +274,7 @@ function getOnlinePaymentUrl($mode, $type, $ref = '', $amount = '9.99', $freetag $out .= ($mode ? '' : ''); if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { if (empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) { - $out .= '&securekey='.$conf->global->PAYMENT_SECURITY_TOKEN; + $out .= '&securekey='.urlencode($conf->global->PAYMENT_SECURITY_TOKEN); } else { $out .= '&securekey='.($mode ? '' : ''); if ($mode == 1) { @@ -297,7 +297,7 @@ function getOnlinePaymentUrl($mode, $type, $ref = '', $amount = '9.99', $freetag $out .= ($mode ? '' : ''); if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { if (empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) { - $out .= '&securekey='.$conf->global->PAYMENT_SECURITY_TOKEN; + $out .= '&securekey='.urlencode($conf->global->PAYMENT_SECURITY_TOKEN); } else { $out .= '&securekey='.($mode ? '' : ''); if ($mode == 1) { @@ -321,7 +321,7 @@ function getOnlinePaymentUrl($mode, $type, $ref = '', $amount = '9.99', $freetag $out .= ($mode ? '' : ''); if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { if (empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) { - $out .= '&securekey='.$conf->global->PAYMENT_SECURITY_TOKEN; + $out .= '&securekey='.urlencode($conf->global->PAYMENT_SECURITY_TOKEN); } else { $out .= '&securekey='.($mode ? '' : ''); if ($mode == 1) { diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index 8931ce1ceed..9a88a1b49ac 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -1459,10 +1459,10 @@ if ($source == 'membersubscription') { require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php'; $adht = new AdherentType($db); if ( !$action) { - $form = new Form($db); // so wecan call method selectarray + $form = new Form($db); // so we can call method selectarray print ''.$langs->trans("NewSubscription"); print ''; - print $form->selectarray("typeid", $adht->liste_array(1), $member->typeid, 0, 0, 0, 'onchange="window.location.replace(\''.$urlwithroot.'/public/payment/newpayment.php?source='.$source.'&ref='.$ref.'&amount='.$amount.'&typeid=\' + this.value + \'&securekey='.$SECUREKEY.'\');"', 0, 0, 0, '', '', 1); + print $form->selectarray("typeid", $adht->liste_array(1), $member->typeid, 0, 0, 0, 'onchange="window.location.replace(\''.$urlwithroot.'/public/payment/newpayment.php?source='.urlencode($source).'&ref='.urlencode($ref).'&amount='.urlencode($amount).'&typeid=\' + this.value + \'&securekey='.urlencode($SECUREKEY).'\');"', 0, 0, 0, '', '', 1); print "\n"; } elseif ($action == dopayment) { print ''.$langs->trans("NewMemberType"); diff --git a/htdocs/recruitment/lib/recruitment_recruitmentjobposition.lib.php b/htdocs/recruitment/lib/recruitment_recruitmentjobposition.lib.php index 2be1fea7756..a7bfe03aac4 100644 --- a/htdocs/recruitment/lib/recruitment_recruitmentjobposition.lib.php +++ b/htdocs/recruitment/lib/recruitment_recruitmentjobposition.lib.php @@ -127,8 +127,8 @@ function getPublicJobPositionUrl($mode, $ref = '', $localorexternal = 0) $out = $urltouse.'/public/recruitment/view.php?ref='.($mode ? '' : '').$ref.($mode ? '' : ''); /*if (!empty($conf->global->RECRUITMENT_SECURITY_TOKEN)) { - if (empty($conf->global->RECRUITMENT_SECURITY_TOKEN)) $out .= '&securekey='.$conf->global->RECRUITMENT_SECURITY_TOKEN; - else $out .= '&securekey='.dol_hash($conf->global->RECRUITMENT_SECURITY_TOKEN, 2); + if (empty($conf->global->RECRUITMENT_SECURITY_TOKEN)) $out .= '&securekey='.urlencode($conf->global->RECRUITMENT_SECURITY_TOKEN); + else $out .= '&securekey='.urlencode(dol_hash($conf->global->RECRUITMENT_SECURITY_TOKEN, 2)); }*/ // For multicompany