From d042562996a359be7b221950cb118c501d8203d8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 25 Oct 2020 13:48:08 +0100 Subject: [PATCH] Disable browser notification on public pages --- htdocs/core/get_menudiv.php | 2 +- htdocs/core/tpl/login.tpl.php | 2 + htdocs/core/tpl/passwordforgotten.tpl.php | 3 ++ htdocs/main.inc.php | 4 +- .../template/myobject_agenda.php | 1 + .../modulebuilder/template/myobject_card.php | 1 + .../template/myobject_document.php | 1 + .../modulebuilder/template/myobject_list.php | 1 + .../modulebuilder/template/myobject_note.php | 1 + htdocs/public/agenda/agendaexport.php | 2 +- htdocs/public/cron/cron_run_jobs.php | 1 + htdocs/public/demo/index.php | 6 ++- htdocs/public/donations/donateurs_code.php | 6 ++- htdocs/public/emailing/mailing-read.php | 6 ++- .../public/emailing/mailing-unsubscribe.php | 6 ++- htdocs/public/members/new.php | 2 + htdocs/public/members/public_card.php | 1 + htdocs/public/members/public_list.php | 1 + htdocs/public/notice.php | 8 ++-- htdocs/public/onlinesign/newonlinesign.php | 1 + htdocs/public/opensurvey/studs.php | 7 ++- htdocs/public/payment/newpayment.php | 1 + htdocs/public/payment/paymentko.php | 6 ++- htdocs/public/payment/paymentok.php | 6 ++- htdocs/public/recruitment/index.php | 2 + htdocs/public/recruitment/view.php | 1 + htdocs/public/stripe/confirm_payment.php | 6 ++- htdocs/public/stripe/ipn.php | 6 ++- htdocs/public/ticket/create_ticket.php | 2 + htdocs/public/ticket/index.php | 1 + htdocs/public/ticket/list.php | 2 + htdocs/public/ticket/view.php | 2 + htdocs/public/website/index.php | 2 + htdocs/public/website/styles.css.php | 2 + htdocs/takepos/ajax/ajax.php | 1 + htdocs/takepos/floors.php | 12 ++--- htdocs/takepos/freezone.php | 12 ++--- htdocs/takepos/index.php | 12 ++--- htdocs/takepos/public/auto_order.php | 1 + htdocs/takepos/public/menu.php | 1 + htdocs/takepos/receipt.php | 15 ++++++- htdocs/takepos/send.php | 12 ++--- htdocs/takepos/smpcb.php | 45 ++++++++++++++----- 43 files changed, 151 insertions(+), 62 deletions(-) diff --git a/htdocs/core/get_menudiv.php b/htdocs/core/get_menudiv.php index 78a96484751..9232d845442 100644 --- a/htdocs/core/get_menudiv.php +++ b/htdocs/core/get_menudiv.php @@ -32,13 +32,13 @@ if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', 1); //if (! defined('NOLOGIN')) define('NOLOGIN',1); // Not disabled cause need to load personalized language if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', 1); if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', 1); +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', 1); if (!defined('DISABLE_JQUERY_TABLEDND')) define('DISABLE_JQUERY_TABLEDND', 1); if (!defined('DISABLE_JQUERY_JNOTIFY')) define('DISABLE_JQUERY_JNOTIFY', 1); if (!defined('DISABLE_JQUERY_FLOT')) define('DISABLE_JQUERY_FLOT', 1); if (!defined('DISABLE_JQUERY_JEDITABLE')) define('DISABLE_JQUERY_JEDITABLE', 1); if (!defined('DISABLE_CKEDITOR')) define('DISABLE_CKEDITOR', 1); -if (!defined('DISABLE_BROWSER_NOTIF')) define('DISABLE_BROWSER_NOTIF', 1); if (!defined('DISABLE_DATE_PICKER')) define('DISABLE_DATE_PICKER', 1); if (!defined('DISABLE_SELECT2')) define('DISABLE_SELECT2', 1); diff --git a/htdocs/core/tpl/login.tpl.php b/htdocs/core/tpl/login.tpl.php index a4b2ba13ed9..6ae102d47fb 100644 --- a/htdocs/core/tpl/login.tpl.php +++ b/htdocs/core/tpl/login.tpl.php @@ -20,6 +20,8 @@ // Caller can also set $morelogincontent = array(['options']=>array('js'=>..., 'table'=>...); +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', 1); + // Protection to avoid direct call of template if (empty($conf) || !is_object($conf)) { print "Error, template page can't be called as URL"; diff --git a/htdocs/core/tpl/passwordforgotten.tpl.php b/htdocs/core/tpl/passwordforgotten.tpl.php index 84abd97bc14..d7d7e2f7ef3 100644 --- a/htdocs/core/tpl/passwordforgotten.tpl.php +++ b/htdocs/core/tpl/passwordforgotten.tpl.php @@ -16,6 +16,9 @@ * along with this program. If not, see . */ + +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', 1); + // Protection to avoid direct call of template if (empty($conf) || !is_object($conf)) { diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 3cfb5c3d1a5..44660445f18 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -1462,8 +1462,8 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr print ''."\n"; } - // Browser notifications - if (!defined('DISABLE_BROWSER_NOTIF')) + // Browser notifications (if NOREQUIREMENU is on, it is mostly a page for popup, so we do not enable notif too. We hide also for public pages). + if (!defined('NOBROWSERNOTIF') && !defined('NOREQUIREMENU') && !defined('NOLOGIN')) { $enablebrowsernotif = false; if (!empty($conf->agenda->enabled) && !empty($conf->global->AGENDA_REMINDER_BROWSER)) $enablebrowsernotif = true; diff --git a/htdocs/modulebuilder/template/myobject_agenda.php b/htdocs/modulebuilder/template/myobject_agenda.php index 40c7e3fd2ef..43253c90362 100644 --- a/htdocs/modulebuilder/template/myobject_agenda.php +++ b/htdocs/modulebuilder/template/myobject_agenda.php @@ -41,6 +41,7 @@ //if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET +//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification // Load Dolibarr environment $res = 0; diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index 9454a373a9e..685253385fb 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -41,6 +41,7 @@ //if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET +//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification // Load Dolibarr environment $res = 0; diff --git a/htdocs/modulebuilder/template/myobject_document.php b/htdocs/modulebuilder/template/myobject_document.php index 4ea74dfc0c9..6a417e32372 100644 --- a/htdocs/modulebuilder/template/myobject_document.php +++ b/htdocs/modulebuilder/template/myobject_document.php @@ -41,6 +41,7 @@ //if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET +//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification // Load Dolibarr environment $res = 0; diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index f0bbb1c60e6..4e21ea4f46c 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -41,6 +41,7 @@ //if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET +//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification // Load Dolibarr environment $res = 0; diff --git a/htdocs/modulebuilder/template/myobject_note.php b/htdocs/modulebuilder/template/myobject_note.php index 49a9076a0b9..e83531b2445 100644 --- a/htdocs/modulebuilder/template/myobject_note.php +++ b/htdocs/modulebuilder/template/myobject_note.php @@ -41,6 +41,7 @@ //if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET +//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification // Load Dolibarr environment $res = 0; diff --git a/htdocs/public/agenda/agendaexport.php b/htdocs/public/agenda/agendaexport.php index 1ab98093984..465c0190e65 100644 --- a/htdocs/public/agenda/agendaexport.php +++ b/htdocs/public/agenda/agendaexport.php @@ -34,7 +34,7 @@ if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't nee if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); if (!defined('NOLOGIN')) define("NOLOGIN", 1); // This means this output page does not require to be logged. if (!defined('NOCSRFCHECK')) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. -if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip // It's a wrapper, so empty header diff --git a/htdocs/public/cron/cron_run_jobs.php b/htdocs/public/cron/cron_run_jobs.php index 9eb0579680a..f8da10b3901 100644 --- a/htdocs/public/cron/cron_run_jobs.php +++ b/htdocs/public/cron/cron_run_jobs.php @@ -28,6 +28,7 @@ if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); if (!defined('NOLOGIN')) define('NOLOGIN', '1'); +if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php diff --git a/htdocs/public/demo/index.php b/htdocs/public/demo/index.php index ebf41e81feb..982f3b18686 100644 --- a/htdocs/public/demo/index.php +++ b/htdocs/public/demo/index.php @@ -24,8 +24,10 @@ * \brief Entry page to access demo */ -define("NOLOGIN", 1); // This means this output page does not require to be logged. -define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. +if (!defined('NOLOGIN')) define('NOLOGIN', '1'); +if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', 1); +if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip require '../../main.inc.php'; require_once '../../core/lib/functions2.lib.php'; diff --git a/htdocs/public/donations/donateurs_code.php b/htdocs/public/donations/donateurs_code.php index 294167bb574..3149aa7f2b2 100644 --- a/htdocs/public/donations/donateurs_code.php +++ b/htdocs/public/donations/donateurs_code.php @@ -22,8 +22,10 @@ * \brief Page to list donators */ -define("NOLOGIN", 1); // This means this output page does not require to be logged. -define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. +if (!defined('NOLOGIN')) define('NOLOGIN', '1'); +if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); +if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip // C'est un wrapper, donc header vierge /** diff --git a/htdocs/public/emailing/mailing-read.php b/htdocs/public/emailing/mailing-read.php index 7709ab5e28b..ccbf8f5c1d3 100644 --- a/htdocs/public/emailing/mailing-read.php +++ b/htdocs/public/emailing/mailing-read.php @@ -25,11 +25,13 @@ * \brief Script use to update mail status if destinaries read it (if images during mail read are display) */ -if (!defined('NOLOGIN')) define("NOLOGIN", 1); // This means this output page does not require to be logged. +if (!defined('NOLOGIN')) define('NOLOGIN', '1'); +if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); if (!defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); -if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check anti CSRF attack test if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not check anti POST attack test if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu +if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip /** * Header empty diff --git a/htdocs/public/emailing/mailing-unsubscribe.php b/htdocs/public/emailing/mailing-unsubscribe.php index d26bae234db..0d62545cf57 100644 --- a/htdocs/public/emailing/mailing-unsubscribe.php +++ b/htdocs/public/emailing/mailing-unsubscribe.php @@ -27,9 +27,11 @@ * https://myserver/public/emailing/mailing-unsubscribe.php?unsuscrib=1&securitykey=securitykey&tag=abcdefghijklmn */ -if (!defined('NOLOGIN')) define("NOLOGIN", 1); // This means this output page does not require to be logged. -if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check anti CSRF attack test +if (!defined('NOLOGIN')) define('NOLOGIN', '1'); +if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu +if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip /** * Header empty diff --git a/htdocs/public/members/new.php b/htdocs/public/members/new.php index f1fcfc04e37..bec228a8a16 100644 --- a/htdocs/public/members/new.php +++ b/htdocs/public/members/new.php @@ -40,6 +40,8 @@ if (!defined('NOLOGIN')) define("NOLOGIN", 1); // This means this output page does not require to be logged. if (!defined('NOCSRFCHECK')) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); +if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php diff --git a/htdocs/public/members/public_card.php b/htdocs/public/members/public_card.php index c1677b2902b..bfbf00f8f57 100644 --- a/htdocs/public/members/public_card.php +++ b/htdocs/public/members/public_card.php @@ -28,6 +28,7 @@ if (!defined('NOLOGIN')) define("NOLOGIN", 1); // This means this output page does not require to be logged. if (!defined('NOCSRFCHECK')) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php diff --git a/htdocs/public/members/public_list.php b/htdocs/public/members/public_list.php index cb5b9308ed4..63fa2793c63 100644 --- a/htdocs/public/members/public_list.php +++ b/htdocs/public/members/public_list.php @@ -27,6 +27,7 @@ if (!defined('NOLOGIN')) define("NOLOGIN", 1); // This means this output page does not require to be logged. if (!defined('NOCSRFCHECK')) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php diff --git a/htdocs/public/notice.php b/htdocs/public/notice.php index f97b4c03972..f0217d32622 100644 --- a/htdocs/public/notice.php +++ b/htdocs/public/notice.php @@ -24,9 +24,11 @@ * /public/notice.php?transphrase=url_encoded_sentence_to_show */ -define('NOCSRFCHECK', 1); -define('NOLOGIN', 1); -define('NOSESSION', 1); +if (!defined('NOLOGIN')) define("NOLOGIN", 1); // This means this output page does not require to be logged. +if (!defined('NOCSRFCHECK')) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. +if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOSESSION')) define('NOSESSION', '1'); +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); require '../main.inc.php'; diff --git a/htdocs/public/onlinesign/newonlinesign.php b/htdocs/public/onlinesign/newonlinesign.php index 4408438ceaf..376839536ab 100644 --- a/htdocs/public/onlinesign/newonlinesign.php +++ b/htdocs/public/onlinesign/newonlinesign.php @@ -26,6 +26,7 @@ if (!defined('NOLOGIN')) define("NOLOGIN", 1); // This means this output page does not require to be logged. if (!defined('NOCSRFCHECK')) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php diff --git a/htdocs/public/opensurvey/studs.php b/htdocs/public/opensurvey/studs.php index 8b2e8663dac..c818603f644 100644 --- a/htdocs/public/opensurvey/studs.php +++ b/htdocs/public/opensurvey/studs.php @@ -22,8 +22,11 @@ * \brief Page to list surveys */ -define("NOLOGIN", 1); // This means this output page does not require to be logged. -define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. +if (!defined('NOLOGIN')) define("NOLOGIN", 1); // This means this output page does not require to be logged. +if (!defined('NOCSRFCHECK')) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); +if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip + require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php"; require_once DOL_DOCUMENT_ROOT."/core/lib/files.lib.php"; diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index 3d197296df7..7c50908e038 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -37,6 +37,7 @@ if (!defined('NOLOGIN')) define("NOLOGIN", 1); // This means this output page does not require to be logged. if (!defined('NOCSRFCHECK')) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // For MultiCompany module. // Do not use GETPOST here, function is not defined and get of entity must be done before including main.inc.php diff --git a/htdocs/public/payment/paymentko.php b/htdocs/public/payment/paymentko.php index b3833bd14b5..f106e377dba 100644 --- a/htdocs/public/payment/paymentko.php +++ b/htdocs/public/payment/paymentko.php @@ -25,8 +25,10 @@ * This token can be used to get more informations. */ -define("NOLOGIN", 1); // This means this output page does not require to be logged. -define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. +if (!defined('NOLOGIN')) define("NOLOGIN", 1); // This means this output page does not require to be logged. +if (!defined('NOCSRFCHECK')) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. +if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php diff --git a/htdocs/public/payment/paymentok.php b/htdocs/public/payment/paymentok.php index 3be1af4935e..89245fcc765 100644 --- a/htdocs/public/payment/paymentok.php +++ b/htdocs/public/payment/paymentok.php @@ -25,8 +25,10 @@ * This token can be used to get more informations. */ -define("NOLOGIN", 1); // This means this output page does not require to be logged. -define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. +if (!defined('NOLOGIN')) define("NOLOGIN", 1); // This means this output page does not require to be logged. +if (!defined('NOCSRFCHECK')) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. +if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php diff --git a/htdocs/public/recruitment/index.php b/htdocs/public/recruitment/index.php index 0797ff20735..a5be30aab49 100644 --- a/htdocs/public/recruitment/index.php +++ b/htdocs/public/recruitment/index.php @@ -32,6 +32,8 @@ if (!defined('NOREQUIREMENU')) { if (!defined("NOLOGIN")) { define("NOLOGIN", '1'); } +if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // If this page is public (can be called outside logged session) require '../../main.inc.php'; diff --git a/htdocs/public/recruitment/view.php b/htdocs/public/recruitment/view.php index 94f85f911aa..654dc0e696d 100644 --- a/htdocs/public/recruitment/view.php +++ b/htdocs/public/recruitment/view.php @@ -24,6 +24,7 @@ if (!defined('NOLOGIN')) define("NOLOGIN", 1); // This means this output page does not require to be logged. if (!defined('NOCSRFCHECK')) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/recruitment/class/recruitmentjobposition.class.php'; diff --git a/htdocs/public/stripe/confirm_payment.php b/htdocs/public/stripe/confirm_payment.php index 683a537fe69..30d20e495e0 100644 --- a/htdocs/public/stripe/confirm_payment.php +++ b/htdocs/public/stripe/confirm_payment.php @@ -17,8 +17,10 @@ // TODO Do we really need this page. We alread have a ipn.php page ! -define("NOLOGIN", 1); // This means this output page does not require to be logged. -define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. +if (!defined('NOLOGIN')) define("NOLOGIN", 1); // This means this output page does not require to be logged. +if (!defined('NOCSRFCHECK')) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. +if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); if (is_numeric($entity)) define("DOLENTITY", $entity); diff --git a/htdocs/public/stripe/ipn.php b/htdocs/public/stripe/ipn.php index cc4d07b0a4b..882efbd6adc 100644 --- a/htdocs/public/stripe/ipn.php +++ b/htdocs/public/stripe/ipn.php @@ -16,8 +16,10 @@ * along with this program. If not, see . */ -define("NOLOGIN", 1); // This means this output page does not require to be logged. -define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. +if (!defined('NOLOGIN')) define("NOLOGIN", 1); // This means this output page does not require to be logged. +if (!defined('NOCSRFCHECK')) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. +if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); if (is_numeric($entity)) define("DOLENTITY", $entity); diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index ed26c881fd7..2ef8a4e5be5 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -29,6 +29,8 @@ if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); if (!defined('NOLOGIN')) define("NOLOGIN", 1); // This means this output page does not require to be logged. if (!defined('NOCSRFCHECK')) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); + require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/ticket/class/actions_ticket.class.php'; diff --git a/htdocs/public/ticket/index.php b/htdocs/public/ticket/index.php index be7c44580cd..7c91ea16c6f 100644 --- a/htdocs/public/ticket/index.php +++ b/htdocs/public/ticket/index.php @@ -26,6 +26,7 @@ if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); if (!defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session) if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php diff --git a/htdocs/public/ticket/list.php b/htdocs/public/ticket/list.php index a64c551bba3..9e7d5eacfa8 100644 --- a/htdocs/public/ticket/list.php +++ b/htdocs/public/ticket/list.php @@ -32,6 +32,8 @@ if (!defined('NOREQUIREMENU')) { if (!defined("NOLOGIN")) { define("NOLOGIN", '1'); } +if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // If this page is public (can be called outside logged session) require '../../main.inc.php'; diff --git a/htdocs/public/ticket/view.php b/htdocs/public/ticket/view.php index f8cab9c9b9a..3b0e2d0cdcc 100644 --- a/htdocs/public/ticket/view.php +++ b/htdocs/public/ticket/view.php @@ -33,6 +33,8 @@ if (!defined('NOREQUIREMENU')) { if (!defined("NOLOGIN")) { define("NOLOGIN", '1'); } +if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // If this page is public (can be called outside logged session) require '../../main.inc.php'; diff --git a/htdocs/public/website/index.php b/htdocs/public/website/index.php index d09b8e10012..4edd733b9e6 100644 --- a/htdocs/public/website/index.php +++ b/htdocs/public/website/index.php @@ -36,6 +36,8 @@ if (!defined('NOCSRFCHECK')) define("NOCSRFCHECK", 1); // We accept to go on if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); +if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); /** * Header empty diff --git a/htdocs/public/website/styles.css.php b/htdocs/public/website/styles.css.php index 8854c13ea52..568f671d09f 100644 --- a/htdocs/public/website/styles.css.php +++ b/htdocs/public/website/styles.css.php @@ -27,6 +27,8 @@ if (!defined('NOCSRFCHECK')) define("NOCSRFCHECK", 1); // We accept to go on if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); +if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); /** * Header empty diff --git a/htdocs/takepos/ajax/ajax.php b/htdocs/takepos/ajax/ajax.php index 1d49f985578..925477092f1 100644 --- a/htdocs/takepos/ajax/ajax.php +++ b/htdocs/takepos/ajax/ajax.php @@ -30,6 +30,7 @@ if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); require '../../main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; diff --git a/htdocs/takepos/floors.php b/htdocs/takepos/floors.php index 257c8db7fa0..af82d584bc5 100644 --- a/htdocs/takepos/floors.php +++ b/htdocs/takepos/floors.php @@ -23,13 +23,13 @@ //if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Not disabled cause need to load personalized language //if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Not disabled cause need to load personalized language -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); -if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); +//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); +//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); +if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); -if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); -if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); -if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); +if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); +if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); +if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); require '../main.inc.php'; // Load $user and permissions diff --git a/htdocs/takepos/freezone.php b/htdocs/takepos/freezone.php index 79a638456f2..4cca5816fab 100644 --- a/htdocs/takepos/freezone.php +++ b/htdocs/takepos/freezone.php @@ -24,13 +24,13 @@ //if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Not disabled cause need to load personalized language //if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Not disabled cause need to load personalized language -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); -if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); +//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); +//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); +if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); -if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); -if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); -if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); +if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); +if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); +if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); require '../main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php'; diff --git a/htdocs/takepos/index.php b/htdocs/takepos/index.php index 630c49b58a7..8e6eb397c55 100644 --- a/htdocs/takepos/index.php +++ b/htdocs/takepos/index.php @@ -25,13 +25,13 @@ //if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Not disabled cause need to load personalized language //if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Not disabled cause need to load personalized language -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); -if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); +//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); +//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); +if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); -if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); -if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); -if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); +if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); +if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); +if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); require '../main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; diff --git a/htdocs/takepos/public/auto_order.php b/htdocs/takepos/public/auto_order.php index 910c00327b4..e7853f7141b 100644 --- a/htdocs/takepos/public/auto_order.php +++ b/htdocs/takepos/public/auto_order.php @@ -23,6 +23,7 @@ if (!defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session) if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); require '../../main.inc.php'; diff --git a/htdocs/takepos/public/menu.php b/htdocs/takepos/public/menu.php index 217da157c2f..867217082bb 100644 --- a/htdocs/takepos/public/menu.php +++ b/htdocs/takepos/public/menu.php @@ -23,6 +23,7 @@ if (!defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session) if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); require '../../main.inc.php'; diff --git a/htdocs/takepos/receipt.php b/htdocs/takepos/receipt.php index 0773053d4a2..dd24718a476 100644 --- a/htdocs/takepos/receipt.php +++ b/htdocs/takepos/receipt.php @@ -20,12 +20,23 @@ */ /** - * \file htdocs/takepos/floors.php + * \file htdocs/takepos/receipt.php * \ingroup takepos * \brief Page to show a receipt. */ -if (!isset($action)) require '../main.inc.php'; // If this file is called from send.php avoid load again +if (!isset($action)) { + //if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Not disabled cause need to load personalized language + //if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Not disabled cause need to load personalized language + //if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); + //if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); + if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); + if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); + if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); + if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); + + require '../main.inc.php'; // If this file is called from send.php avoid load again +} include_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; $langs->loadLangs(array("main", "cashdesk", "companies")); diff --git a/htdocs/takepos/send.php b/htdocs/takepos/send.php index ea97e6d560b..b545b990d68 100644 --- a/htdocs/takepos/send.php +++ b/htdocs/takepos/send.php @@ -24,13 +24,13 @@ //if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Not disabled cause need to load personalized language //if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Not disabled cause need to load personalized language -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); -if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); +//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); +//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); +if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); -if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); -if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); -if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); +if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); +if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); +if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); require '../main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; diff --git a/htdocs/takepos/smpcb.php b/htdocs/takepos/smpcb.php index 0e25a0cb7b0..f138438a707 100644 --- a/htdocs/takepos/smpcb.php +++ b/htdocs/takepos/smpcb.php @@ -1,4 +1,26 @@ + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/** + * \file htdocs/takepos/smpcb.php + * \ingroup takepos + * \brief Page with the content for smpcb payment + */ + if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); @@ -11,25 +33,25 @@ if (empty($user->rights->takepos->run)) { accessforbidden(); } -if (isset($_GET['status'])) { +if (GETPOSTISSET('status')) { die(strtoupper($_SESSION['SMP_CURRENT_PAYMENT'])); } -if ($_GET['smp-status']) { - print ' - - +if (GETPOST('smp-status')) { + print ''; + print ''; + print ' The HTML5 Herald - + '; - + print ''; -'; - $_SESSION['SMP_CURRENT_PAYMENT'] = $_GET['smp-status']; + print ''; + $_SESSION['SMP_CURRENT_PAYMENT'] = GETPOST('smp-status'); print '