FIX #yogosha5674
This commit is contained in:
Laurent Destailleur
parent
3df866518d
commit
d83d005284
@ -529,11 +529,11 @@ if ($resql) {
|
||||
if (!empty($arrayfields['aa.reconcilable']['checked'])) {
|
||||
print '<td class="center">';
|
||||
if (empty($obj->reconcilable)) {
|
||||
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=enable&mode=1">';
|
||||
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=enable&mode=1&token='.newToken().'">';
|
||||
print img_picto($langs->trans("Disabled"), 'switch_off');
|
||||
print '</a>';
|
||||
} else {
|
||||
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=disable&mode=1">';
|
||||
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=disable&mode=1&token='.newToken().'">';
|
||||
print img_picto($langs->trans("Activated"), 'switch_on');
|
||||
print '</a>';
|
||||
}
|
||||
@ -548,11 +548,11 @@ if ($resql) {
|
||||
if (!empty($arrayfields['aa.active']['checked'])) {
|
||||
print '<td class="center">';
|
||||
if (empty($obj->active)) {
|
||||
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=enable&mode=0">';
|
||||
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=enable&mode=0&token='.newToken().'">';
|
||||
print img_picto($langs->trans("Disabled"), 'switch_off');
|
||||
print '</a>';
|
||||
} else {
|
||||
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=disable&mode=0">';
|
||||
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=disable&mode=0&token='.newToken().'">';
|
||||
print img_picto($langs->trans("Activated"), 'switch_on');
|
||||
print '</a>';
|
||||
}
|
||||
|
||||
@ -419,11 +419,11 @@ if ($resql) {
|
||||
if (!empty($arrayfields['reconcilable']['checked'])) {
|
||||
print '<td class="center">';
|
||||
if (empty($obj->reconcilable)) {
|
||||
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=enable&mode=1">';
|
||||
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=enable&mode=1&token='.newToken().'">';
|
||||
print img_picto($langs->trans("Disabled"), 'switch_off');
|
||||
print '</a>';
|
||||
} else {
|
||||
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=disable&mode=1">';
|
||||
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=disable&mode=1&token='.newToken().'">';
|
||||
print img_picto($langs->trans("Activated"), 'switch_on');
|
||||
print '</a>';
|
||||
}
|
||||
|
||||
@ -543,11 +543,11 @@ if ($action == 'create') {
|
||||
print '<td class="titlefield">' . $langs->trans("Status") . '</td>';
|
||||
print '<td>';
|
||||
if (empty($object->validated)) {
|
||||
print '<a class="reposition" href="' . $_SERVER["PHP_SELF"] . '?piece_num=' . $line->id . '&action=enable">';
|
||||
print '<a class="reposition" href="' . $_SERVER["PHP_SELF"] . '?piece_num=' . $line->id . '&action=enable&token='.newToken().'">';
|
||||
print img_picto($langs->trans("Disabled"), 'switch_off');
|
||||
print '</a>';
|
||||
} else {
|
||||
print '<a class="reposition" href="' . $_SERVER["PHP_SELF"] . '?piece_num=' . $line->id . '&action=disable">';
|
||||
print '<a class="reposition" href="' . $_SERVER["PHP_SELF"] . '?piece_num=' . $line->id . '&action=disable&token='.newToken().'">';
|
||||
print img_picto($langs->trans("Activated"), 'switch_on');
|
||||
print '</a>';
|
||||
}
|
||||
|
||||
@ -110,11 +110,11 @@ print '<td class="center">';
|
||||
print $langs->trans("Required");
|
||||
/*if (empty($conf->global->MAIN_SUBMODULE_EXPEDITION))
|
||||
{
|
||||
print '<a href="confexped.php?action=activate_sending">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
|
||||
print '<a href="confexped.php?action=activate_sending&token='.newToken().'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
|
||||
}
|
||||
else
|
||||
{
|
||||
print '<a href="confexped.php?action=disable_sending">'.img_picto($langs->trans("Enabled"),'switch_on').'</a>';
|
||||
print '<a href="confexped.php?action=disable_sending&token='.newToken().'">'.img_picto($langs->trans("Enabled"),'switch_on').'</a>';
|
||||
}*/
|
||||
print "</td>";
|
||||
print '</tr>';
|
||||
@ -130,9 +130,9 @@ print '</td>';
|
||||
print '<td class="center">';
|
||||
|
||||
if (empty($conf->global->MAIN_SUBMODULE_DELIVERY)) {
|
||||
print '<a href="confexped.php?action=activate_delivery">'.img_picto($langs->trans("Disabled"), 'switch_off').'</a>';
|
||||
print '<a href="'.$_SERVER["PHP_SELF"].'?action=activate_delivery&token='.newToken().'">'.img_picto($langs->trans("Disabled"), 'switch_off').'</a>';
|
||||
} else {
|
||||
print '<a href="confexped.php?action=disable_delivery">'.img_picto($langs->trans("Enabled"), 'switch_on').'</a>';
|
||||
print '<a href="'.$_SERVER["PHP_SELF"].'?action=disable_delivery&token='.newToken().'">'.img_picto($langs->trans("Enabled"), 'switch_on').'</a>';
|
||||
}
|
||||
|
||||
print "</td>";
|
||||
|
||||
@ -89,7 +89,7 @@ $picto = array(
|
||||
*/
|
||||
|
||||
foreach ($modules as $const => $desc) {
|
||||
if ($action == 'activate_'.strtolower($const)) {
|
||||
if ($action == 'enable_'.strtolower($const)) {
|
||||
dolibarr_set_const($db, "FCKEDITOR_ENABLE_".$const, "1", 'chaine', 0, '', $conf->entity);
|
||||
// If fckeditor is active in the product/service description, it is activated in the forms
|
||||
if ($const == 'PRODUCTDESC' && !empty($conf->global->PRODUIT_DESC_IN_FORM)) {
|
||||
@ -166,9 +166,9 @@ if (empty($conf->use_javascript_ajax)) {
|
||||
$constante = 'FCKEDITOR_ENABLE_'.$const;
|
||||
$value = (isset($conf->global->$constante) ? $conf->global->$constante : 0);
|
||||
if ($value == 0) {
|
||||
print '<a href="'.$_SERVER['PHP_SELF'].'?action=activate_'.strtolower($const).'">'.img_picto($langs->trans("Disabled"), 'switch_off').'</a>';
|
||||
print '<a href="'.$_SERVER['PHP_SELF'].'?action=enable_'.strtolower($const).'&token='.newToken().'">'.img_picto($langs->trans("Disabled"), 'switch_off').'</a>';
|
||||
} elseif ($value == 1) {
|
||||
print '<a href="'.$_SERVER['PHP_SELF'].'?action=disable_'.strtolower($const).'">'.img_picto($langs->trans("Enabled"), 'switch_on').'</a>';
|
||||
print '<a href="'.$_SERVER['PHP_SELF'].'?action=disable_'.strtolower($const).'&token='.newToken().'">'.img_picto($langs->trans("Enabled"), 'switch_on').'</a>';
|
||||
}
|
||||
|
||||
print "</td>";
|
||||
|
||||
@ -406,7 +406,7 @@ if (!empty($conf->global->DATABASE_PWD_ENCRYPTED)) {
|
||||
if ($allow_disable_encryption) {
|
||||
//On n'autorise pas l'annulation de l'encryption car les mots de passe ne peuvent pas etre decodes
|
||||
//Do not allow "disable encryption" as passwords cannot be decrypted
|
||||
print '<a href="security.php?action=disable_encrypt">'.$langs->trans("Disable").'</a>';
|
||||
print '<a href="'.$_SERVER["PHP_SELF"].'?action=disable_encrypt&token='.newToken().'">'.$langs->trans("Disable").'</a>';
|
||||
} else {
|
||||
print '-';
|
||||
}
|
||||
@ -432,10 +432,10 @@ if (empty($dolibarr_main_db_pass) && empty($dolibarr_main_db_encrypted_pass)) {
|
||||
print img_warning($langs->trans("WarningPassIsEmpty"));
|
||||
} else {
|
||||
if (empty($dolibarr_main_db_encrypted_pass)) {
|
||||
print '<a href="security.php?action=activate_encryptdbpassconf">'.$langs->trans("Activate").'</a>';
|
||||
print '<a href="'.$_SERVER["PHP_SELF"].'?action=activate_encryptdbpassconf&token='.newToken().'">'.$langs->trans("Activate").'</a>';
|
||||
}
|
||||
if (!empty($dolibarr_main_db_encrypted_pass)) {
|
||||
print '<a href="security.php?action=disable_encryptdbpassconf">'.$langs->trans("Disable").'</a>';
|
||||
print '<a href="'.$_SERVER["PHP_SELF"].'?action=disable_encryptdbpassconf&token='.newToken().'">'.$langs->trans("Disable").'</a>';
|
||||
}
|
||||
}
|
||||
print "</td>";
|
||||
@ -455,12 +455,12 @@ if (!empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)) {
|
||||
print '</td>';
|
||||
if (empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)) {
|
||||
print '<td align="center" width="100">';
|
||||
print '<a href="security.php?action=activate_MAIN_SECURITY_DISABLEFORGETPASSLINK">'.$langs->trans("Activate").'</a>';
|
||||
print '<a href="'.$_SERVER["PHP_SELF"].'?action=activate_MAIN_SECURITY_DISABLEFORGETPASSLINK&token='.newToken().'">'.$langs->trans("Activate").'</a>';
|
||||
print "</td>";
|
||||
}
|
||||
if (!empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)) {
|
||||
print '<td align="center" width="100">';
|
||||
print '<a href="security.php?action=disable_MAIN_SECURITY_DISABLEFORGETPASSLINK">'.$langs->trans("Disable").'</a>';
|
||||
print '<a href="'.$_SERVER["PHP_SELF"].'?action=disable_MAIN_SECURITY_DISABLEFORGETPASSLINK&token='.newToken().'">'.$langs->trans("Disable").'</a>';
|
||||
print "</td>";
|
||||
}
|
||||
print "</td>";
|
||||
|
||||
@ -656,11 +656,11 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
|
||||
{
|
||||
if ($object->status == 1)
|
||||
{
|
||||
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=disable">'.$langs->trans("Disable").'</a>'."\n";
|
||||
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=disable&token='.newToken().'">'.$langs->trans("Disable").'</a>'."\n";
|
||||
}
|
||||
else
|
||||
{
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=enable">'.$langs->trans("Enable").'</a>'."\n";
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=enable&token='.newToken().'">'.$langs->trans("Enable").'</a>'."\n";
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
||||
@ -1658,15 +1658,15 @@ if ($action == 'create') {
|
||||
|
||||
if ($user->rights->facture->creer) {
|
||||
if (empty($object->suspended)) {
|
||||
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.DOL_URL_ROOT.'/compta/facture/card-rec.php?action=disable&id='.$object->id.'">'.$langs->trans("Disable").'</a></div>';
|
||||
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?action=disable&id='.$object->id.'&token='.newToken().'">'.$langs->trans("Disable").'</a></div>';
|
||||
} else {
|
||||
print '<div class="inline-block divButAction"><a class="butAction" href="'.DOL_URL_ROOT.'/compta/facture/card-rec.php?action=enable&id='.$object->id.'">'.$langs->trans("Enable").'</a></div>';
|
||||
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?action=enable&id='.$object->id.'&token='.newToken().'">'.$langs->trans("Enable").'</a></div>';
|
||||
}
|
||||
}
|
||||
|
||||
//if ($object->statut == Facture::STATUS_DRAFT && $user->rights->facture->supprimer)
|
||||
if ($user->rights->facture->supprimer) {
|
||||
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?action=ask_deleteinvoice&id='.$object->id.'">'.$langs->trans('Delete').'</a></div>';
|
||||
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?action=ask_deleteinvoice&id='.$object->id.'&token='.newToken().'">'.$langs->trans('Delete').'</a></div>';
|
||||
}
|
||||
|
||||
print '</div>';
|
||||
|
||||
@ -1470,11 +1470,11 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
|
||||
|
||||
// Activer
|
||||
if ($object->statut == 0 && $user->rights->societe->contact->creer) {
|
||||
print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=enable">'.$langs->trans("Reactivate").'</a>';
|
||||
print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=enable&token='.newToken().'">'.$langs->trans("Reactivate").'</a>';
|
||||
}
|
||||
// Desactiver
|
||||
if ($object->statut == 1 && $user->rights->societe->contact->creer) {
|
||||
print '<a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?action=disable&id='.$object->id.'">'.$langs->trans("DisableUser").'</a>';
|
||||
print '<a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?action=disable&id='.$object->id.'&token='.newToken().'">'.$langs->trans("DisableUser").'</a>';
|
||||
}
|
||||
|
||||
// Delete
|
||||
|
||||
@ -476,16 +476,16 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
|
||||
/*
|
||||
if ($permissiontoadd) {
|
||||
if ($object->status == $object::STATUS_ENABLED) {
|
||||
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=disable">'.$langs->trans("Disable").'</a>'."\n";
|
||||
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=disable&token='.newToken().'">'.$langs->trans("Disable").'</a>'."\n";
|
||||
} else {
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=enable">'.$langs->trans("Enable").'</a>'."\n";
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=enable&token='.newToken().'">'.$langs->trans("Enable").'</a>'."\n";
|
||||
}
|
||||
}
|
||||
if ($permissiontoadd) {
|
||||
if ($object->status == $object::STATUS_VALIDATED) {
|
||||
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=close">'.$langs->trans("Cancel").'</a>'."\n";
|
||||
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=close&token='.newToken().'">'.$langs->trans("Cancel").'</a>'."\n";
|
||||
} else {
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=reopen">'.$langs->trans("Re-Open").'</a>'."\n";
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=reopen&token='.newToken().'">'.$langs->trans("Re-Open").'</a>'."\n";
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
||||
@ -431,11 +431,26 @@ if (!defined('NOTOKENRENEWAL')) {
|
||||
|
||||
// Check validity of token, only if option MAIN_SECURITY_CSRF_WITH_TOKEN enabled or if constant CSRFCHECK_WITH_TOKEN is set into page
|
||||
if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN)) || defined('CSRFCHECK_WITH_TOKEN')) {
|
||||
// Check all cases that need a token (all POST actions + all login, actions and mass actions on pages with CSRFCHECK_WITH_TOKEN set + all sensitive GET actions)
|
||||
// Array of action code where CSRFCHECK with token will be forced (so token must be provided on url request)
|
||||
$arrayofactiontoforcetokencheck = array(
|
||||
'activate', 'add', 'addtimespent', 'update', 'install',
|
||||
'confirm_create_user', 'confirm_create_thirdparty', 'confirm_reject_check',
|
||||
'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'disable',
|
||||
'enable'
|
||||
);
|
||||
$sensitiveget = false;
|
||||
if (in_array(GETPOST('action', 'aZ09'), $arrayofactiontoforcetokencheck)) {
|
||||
$sensitiveget = true;
|
||||
}
|
||||
if (preg_match('/^(disable_|enable_)/', GETPOST('action', 'aZ09'))) {
|
||||
$sensitiveget = true;
|
||||
}
|
||||
|
||||
// Check all cases that need a mandatory token (all POST actions + all login, actions and mass actions on pages with CSRFCHECK_WITH_TOKEN set + all sensitive GET actions)
|
||||
if (
|
||||
$_SERVER['REQUEST_METHOD'] == 'POST' ||
|
||||
((GETPOSTISSET('actionlogin') || GETPOSTISSET('action') || GETPOSTISSET('massaction')) && defined('CSRFCHECK_WITH_TOKEN')) ||
|
||||
in_array(GETPOST('action', 'aZ09'), array('add', 'addtimespent', 'update', 'install', 'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'confirm_create_user', 'confirm_create_thirdparty', 'confirm_reject_check'))
|
||||
$sensitiveget ||
|
||||
((GETPOSTISSET('actionlogin') || GETPOSTISSET('action') || GETPOSTISSET('massaction')) && defined('CSRFCHECK_WITH_TOKEN'))
|
||||
) {
|
||||
if (!GETPOST('token', 'alpha')) { // If token is not provided or empty
|
||||
if (GETPOST('uploadform', 'int')) {
|
||||
|
||||
@ -514,16 +514,16 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
|
||||
/*
|
||||
if ($permissiontoadd) {
|
||||
if ($object->status == $object::STATUS_ENABLED) {
|
||||
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=disable">'.$langs->trans("Disable").'</a>'."\n";
|
||||
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=disable&token='.newToken().'">'.$langs->trans("Disable").'</a>'."\n";
|
||||
} else {
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=enable">'.$langs->trans("Enable").'</a>'."\n";
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=enable&token='.newToken().'">'.$langs->trans("Enable").'</a>'."\n";
|
||||
}
|
||||
}
|
||||
if ($permissiontoadd) {
|
||||
if ($object->status == $object::STATUS_VALIDATED) {
|
||||
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=close">'.$langs->trans("Cancel").'</a>'."\n";
|
||||
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=close&token='.newToken().'">'.$langs->trans("Cancel").'</a>'."\n";
|
||||
} else {
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=reopen">'.$langs->trans("Re-Open").'</a>'."\n";
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=reopen&token='.newToken().'">'.$langs->trans("Re-Open").'</a>'."\n";
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
||||
@ -942,10 +942,10 @@ if (!empty($conf->global->PRODUIT_MULTIPRICES) || !empty($conf->global->PRODUIT_
|
||||
}
|
||||
|
||||
print '</table>';
|
||||
print '<a class="editfielda marginleftonly marginrightonly" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=disable_price_by_qty&level='.$i.'">('.$langs->trans("DisablePriceByQty").')</a>';
|
||||
print '<a class="editfielda marginleftonly marginrightonly" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=disable_price_by_qty&level='.$i.'&token='.newToken().'">('.$langs->trans("DisablePriceByQty").')</a>';
|
||||
} else {
|
||||
print $langs->trans("No");
|
||||
print ' <a class="marginleftonly marginrightonly" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=activate_price_by_qty&level='.$i.'">('.$langs->trans("Activate").')</a>';
|
||||
print ' <a class="marginleftonly marginrightonly" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=activate_price_by_qty&level='.$i.'&token='.newToken().'">('.$langs->trans("Activate").')</a>';
|
||||
}
|
||||
print '</td></tr>';
|
||||
}
|
||||
|
||||
@ -548,9 +548,9 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
|
||||
/*
|
||||
if ($permissiontoadd) {
|
||||
if ($object->status == $object::STATUS_ENABLED) {
|
||||
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=disable">'.$langs->trans("Disable").'</a>'."\n";
|
||||
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=disable&token='.newToken().'">'.$langs->trans("Disable").'</a>'."\n";
|
||||
} else {
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=enable">'.$langs->trans("Enable").'</a>'."\n";
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=enable&token='.newToken().'">'.$langs->trans("Enable").'</a>'."\n";
|
||||
}
|
||||
}*/
|
||||
if ($permissiontoadd) {
|
||||
|
||||
@ -1821,12 +1821,12 @@ if ($action == 'create' || $action == 'adduserldap') {
|
||||
// Enable user
|
||||
if ($user->id <> $id && $candisableuser && $object->statut == 0 &&
|
||||
((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) {
|
||||
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=enable">'.$langs->trans("Reactivate").'</a></div>';
|
||||
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=enable&token='.newToken().'">'.$langs->trans("Reactivate").'</a></div>';
|
||||
}
|
||||
// Disable user
|
||||
if ($user->id <> $id && $candisableuser && $object->statut == 1 &&
|
||||
((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) {
|
||||
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?action=disable&id='.$object->id.'">'.$langs->trans("DisableUser").'</a></div>';
|
||||
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?action=disable&id='.$object->id.'&token='.newToken().'">'.$langs->trans("DisableUser").'</a></div>';
|
||||
} else {
|
||||
if ($user->id == $id) {
|
||||
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.$langs->trans("CantDisableYourself").'">'.$langs->trans("DisableUser").'</a></div>';
|
||||
@ -1836,7 +1836,7 @@ if ($action == 'create' || $action == 'adduserldap') {
|
||||
if ($user->id <> $id && $candisableuser &&
|
||||
((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) {
|
||||
if ($user->admin || !$object->admin) { // If user edited is admin, delete is possible on for an admin
|
||||
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?action=delete&token='.newToken().'&id='.$object->id.'">'.$langs->trans("DeleteUser").'</a></div>';
|
||||
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?action=delete&token='.newToken().'&id='.$object->id.'">'.$langs->trans("DeleteUser").'</a></div>';
|
||||
} else {
|
||||
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("MustBeAdminToDeleteOtherAdmin")).'">'.$langs->trans("DeleteUser").'</a></div>';
|
||||
}
|
||||
|
||||
@ -332,17 +332,17 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
|
||||
{
|
||||
if ($object->status == 1)
|
||||
{
|
||||
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=disable">'.$langs->trans("Disable").'</a></div>'."\n";
|
||||
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=disable&token='.newToken().'">'.$langs->trans("Disable").'</a></div>'."\n";
|
||||
}
|
||||
else
|
||||
{
|
||||
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=enable">'.$langs->trans("Enable").'</a></div>'."\n";
|
||||
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=enable&token='.newToken().'">'.$langs->trans("Enable").'</a></div>'."\n";
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
||||
if ($user->rights->website->delete) {
|
||||
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delete&token='.newToken().'">'.$langs->trans('Delete').'</a></div>'."\n";
|
||||
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delete&token='.newToken().'">'.$langs->trans('Delete').'</a></div>'."\n";
|
||||
}
|
||||
}
|
||||
print '</div>'."\n";
|
||||
|
||||
@ -469,16 +469,16 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
|
||||
|
||||
if ($permissiontoadd) {
|
||||
if ($object->status == $object::STATUS_ENABLED) {
|
||||
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=disable">'.$langs->trans("Disable").'</a>'."\n";
|
||||
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=disable&token='.newToken().'">'.$langs->trans("Disable").'</a>'."\n";
|
||||
} else {
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=enable">'.$langs->trans("Enable").'</a>'."\n";
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=enable&token='.newToken().'">'.$langs->trans("Enable").'</a>'."\n";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// Delete (need delete permission, or if draft, just need create/modify permission)
|
||||
if ($permissiontodelete) {
|
||||
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delete&token='.newToken().'">'.$langs->trans('Delete').'</a>'."\n";
|
||||
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delete&token='.newToken().'">'.$langs->trans('Delete').'</a>'."\n";
|
||||
} else {
|
||||
print '<a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans('Delete').'</a>'."\n";
|
||||
}
|
||||
|
||||
@ -351,11 +351,11 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
|
||||
{
|
||||
if ($object->status == 1)
|
||||
{
|
||||
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=disable">'.$langs->trans("Disable").'</a>'."\n";
|
||||
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=disable&token='.newToken().'">'.$langs->trans("Disable").'</a>'."\n";
|
||||
}
|
||||
else
|
||||
{
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=enable">'.$langs->trans("Enable").'</a>'."\n";
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=enable&token='.newToken().'">'.$langs->trans("Enable").'</a>'."\n";
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
||||
Loading…
Reference in New Issue
Block a user