Merge branch '10.0' of git@github.com:Dolibarr/dolibarr.git into develop
This commit is contained in:
Laurent Destailleur
commit
d6d1b29257
@ -776,7 +776,7 @@ if (empty($reshook))
|
||||
$array_options = $extrafieldsline->getOptionalsFromPost($object->table_element_line);
|
||||
|
||||
$objectline = new FactureLigneRec($db);
|
||||
if ($objectline->fetch(GETPOST('lineid')))
|
||||
if ($objectline->fetch(GETPOST('lineid', 'int')))
|
||||
{
|
||||
$objectline->array_options=$array_options;
|
||||
$result=$objectline->insertExtraFields();
|
||||
@ -786,6 +786,8 @@ if (empty($reshook))
|
||||
}
|
||||
}
|
||||
|
||||
$position = ($objectline->rang >= 0 ? $objectline->rang : 0);
|
||||
|
||||
// Unset extrafield
|
||||
if (is_array($extralabelsline))
|
||||
{
|
||||
@ -797,8 +799,8 @@ if (empty($reshook))
|
||||
}
|
||||
|
||||
// Define special_code for special lines
|
||||
$special_code=GETPOST('special_code');
|
||||
if (! GETPOST('qty')) $special_code=3;
|
||||
$special_code=GETPOST('special_code', 'int');
|
||||
if (! GETPOST('qty', 'alpha')) $special_code=3;
|
||||
|
||||
/*$line = new FactureLigne($db);
|
||||
$line->fetch(GETPOST('lineid'));
|
||||
@ -834,11 +836,11 @@ if (empty($reshook))
|
||||
$error ++;
|
||||
}
|
||||
} else {
|
||||
$type = GETPOST('type');
|
||||
$type = GETPOST('type', 'int');
|
||||
$label = (GETPOST('product_label') ? GETPOST('product_label') : '');
|
||||
|
||||
// Check parameters
|
||||
if (GETPOST('type') < 0) {
|
||||
if (GETPOST('type', 'int') < 0) {
|
||||
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Type")), null, 'errors');
|
||||
$error ++;
|
||||
}
|
||||
@ -870,7 +872,7 @@ if (empty($reshook))
|
||||
0,
|
||||
0,
|
||||
$type,
|
||||
0,
|
||||
$position,
|
||||
$special_code,
|
||||
$label,
|
||||
GETPOST('units'),
|
||||
|
||||
@ -66,13 +66,15 @@ $(document).ready(function(){
|
||||
var fk_element = "<?php echo $fk_element; ?>";
|
||||
var element_id = "<?php echo $id; ?>";
|
||||
var filepath = "<?php echo urlencode($filepath); ?>";
|
||||
var token = "<?php echo $_SESSION["token"]; ?>"; // We use old 'token' and not 'newtoken' for Ajax call because the ajax page has the NOTOKENRENEWAL constant set.
|
||||
$.post("<?php echo DOL_URL_ROOT; ?>/core/ajax/row.php",
|
||||
{
|
||||
roworder: roworder,
|
||||
table_element_line: table_element_line,
|
||||
fk_element: fk_element,
|
||||
element_id: element_id,
|
||||
filepath: filepath
|
||||
filepath: filepath,
|
||||
token: token
|
||||
},
|
||||
function() {
|
||||
console.log("tableDND end of ajax call");
|
||||
|
||||
@ -252,6 +252,7 @@ if (isset($_SERVER["HTTP_USER_AGENT"]))
|
||||
if ($conf->browser->layout == 'phone') $conf->dol_no_mouse_hover=1;
|
||||
}
|
||||
|
||||
|
||||
// Force HTTPS if required ($conf->file->main_force_https is 0/1 or https dolibarr root url)
|
||||
// $_SERVER["HTTPS"] is 'on' when link is https, otherwise $_SERVER["HTTPS"] is empty or 'off'
|
||||
if (! empty($conf->file->main_force_https) && (empty($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != 'on'))
|
||||
@ -359,6 +360,7 @@ if ((! defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && ! empty($conf->
|
||||
{
|
||||
if ($_SERVER['REQUEST_METHOD'] == 'POST' && ! GETPOSTISSET('token')) // Note, offender can still send request by GET
|
||||
{
|
||||
dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." refused by CSRFCHECK_WITH_TOKEN protection. Token not provided.");
|
||||
print "Access by POST method refused by CSRF protection in main.inc.php. Token not provided.\n";
|
||||
print "If you access your server behind a proxy using url rewriting, you might check that all HTTP header is propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file or MAIN_SECURITY_CSRF_WITH_TOKEN to 0 into setup).\n";
|
||||
die;
|
||||
@ -368,9 +370,9 @@ if ((! defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && ! empty($conf->
|
||||
//{
|
||||
if (GETPOSTISSET('token') && GETPOST('token', 'alpha') != $_SESSION['token'])
|
||||
{
|
||||
dol_syslog("Invalid token, so we disable POST and some GET parameters - referer=".$_SERVER['HTTP_REFERER'].", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha').", _SESSION['token']=".$_SESSION['token'], LOG_WARNING);
|
||||
dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." refused due to invalid token, so we disable POST and some GET parameters - referer=".$_SERVER['HTTP_REFERER'].", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha').", _SESSION['token']=".$_SESSION['token'], LOG_WARNING);
|
||||
//print 'Unset POST by CSRF protection in main.inc.php.'; // Do not output anything because this create problems when using the BACK button on browsers.
|
||||
if ($conf->global->MAIN_FEATURES_LEVEL>1) setEventMessages('Unset POST by CSRF protection in main.inc.php.', null, 'warnings');
|
||||
if ($conf->global->MAIN_FEATURES_LEVEL>1) setEventMessages('Unset POST by CSRF protection in main.inc.php.'."<br>\n".'$_SERVER[REQUEST_URI] = '.$_SERVER['REQUEST_URI'].' $_SERVER[REQUEST_METHOD] = '.$_SERVER['REQUEST_METHOD'].' GETPOST(token) = '.GETPOST('token', 'alpha').' $_SESSION[token] = '.$_SESSION['token'], null, 'warnings');
|
||||
unset($_POST);
|
||||
unset($_GET['confirm']);
|
||||
}
|
||||
|
||||
@ -741,7 +741,7 @@ if (empty($reshook))
|
||||
{
|
||||
require_once DOL_DOCUMENT_ROOT .'/core/lib/files.lib.php';
|
||||
// the dir dirname($newfile) is directory of logo, so we should have only one file at once into index, so we delete indexes for the dir
|
||||
deleteFilesIntoDatabaseIndex(dirname($newfile), '', '', 'uploaded', 1);
|
||||
deleteFilesIntoDatabaseIndex(dirname($newfile), '', '');
|
||||
// now we index the uploaded logo file
|
||||
addFileIntoDatabaseIndex(dirname($newfile), basename($newfile), '', 'uploaded', 1);
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user