diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php
index faf55427786..8982376ded6 100644
--- a/htdocs/accountancy/admin/account.php
+++ b/htdocs/accountancy/admin/account.php
@@ -529,11 +529,11 @@ if ($resql) {
if (!empty($arrayfields['aa.reconcilable']['checked'])) {
print '| ';
if (empty($obj->reconcilable)) {
- print '';
+ print '';
print img_picto($langs->trans("Disabled"), 'switch_off');
print '';
} else {
- print '';
+ print '';
print img_picto($langs->trans("Activated"), 'switch_on');
print '';
}
@@ -548,11 +548,11 @@ if ($resql) {
if (!empty($arrayfields['aa.active']['checked'])) {
print ' | ';
if (empty($obj->active)) {
- print '';
+ print '';
print img_picto($langs->trans("Disabled"), 'switch_off');
print '';
} else {
- print '';
+ print '';
print img_picto($langs->trans("Activated"), 'switch_on');
print '';
}
diff --git a/htdocs/accountancy/admin/subaccount.php b/htdocs/accountancy/admin/subaccount.php
index 341fddf113c..ad1804048c3 100644
--- a/htdocs/accountancy/admin/subaccount.php
+++ b/htdocs/accountancy/admin/subaccount.php
@@ -419,11 +419,11 @@ if ($resql) {
if (!empty($arrayfields['reconcilable']['checked'])) {
print ' | ';
if (empty($obj->reconcilable)) {
- print '';
+ print '';
print img_picto($langs->trans("Disabled"), 'switch_off');
print '';
} else {
- print '';
+ print '';
print img_picto($langs->trans("Activated"), 'switch_on');
print '';
}
diff --git a/htdocs/accountancy/bookkeeping/card.php b/htdocs/accountancy/bookkeeping/card.php
index 60645353976..e3cac139c08 100644
--- a/htdocs/accountancy/bookkeeping/card.php
+++ b/htdocs/accountancy/bookkeeping/card.php
@@ -543,11 +543,11 @@ if ($action == 'create') {
print ' | ' . $langs->trans("Status") . ' | ';
print '';
if (empty($object->validated)) {
- print '';
+ print '';
print img_picto($langs->trans("Disabled"), 'switch_off');
print '';
} else {
- print '';
+ print '';
print img_picto($langs->trans("Activated"), 'switch_on');
print '';
}
diff --git a/htdocs/admin/confexped.php b/htdocs/admin/confexped.php
index fbf347a45a9..b218a245c99 100644
--- a/htdocs/admin/confexped.php
+++ b/htdocs/admin/confexped.php
@@ -110,11 +110,11 @@ print ' | ';
print $langs->trans("Required");
/*if (empty($conf->global->MAIN_SUBMODULE_EXPEDITION))
{
- print ''.img_picto($langs->trans("Disabled"),'switch_off').'';
+ print ''.img_picto($langs->trans("Disabled"),'switch_off').'';
}
else
{
- print ''.img_picto($langs->trans("Enabled"),'switch_on').'';
+ print ''.img_picto($langs->trans("Enabled"),'switch_on').'';
}*/
print " | ";
print '';
@@ -130,9 +130,9 @@ print '';
print '';
if (empty($conf->global->MAIN_SUBMODULE_DELIVERY)) {
- print ''.img_picto($langs->trans("Disabled"), 'switch_off').'';
+ print ''.img_picto($langs->trans("Disabled"), 'switch_off').'';
} else {
- print ''.img_picto($langs->trans("Enabled"), 'switch_on').'';
+ print ''.img_picto($langs->trans("Enabled"), 'switch_on').'';
}
print " | ";
diff --git a/htdocs/admin/fckeditor.php b/htdocs/admin/fckeditor.php
index 0671783615c..65029a9246a 100644
--- a/htdocs/admin/fckeditor.php
+++ b/htdocs/admin/fckeditor.php
@@ -89,7 +89,7 @@ $picto = array(
*/
foreach ($modules as $const => $desc) {
- if ($action == 'activate_'.strtolower($const)) {
+ if ($action == 'enable_'.strtolower($const)) {
dolibarr_set_const($db, "FCKEDITOR_ENABLE_".$const, "1", 'chaine', 0, '', $conf->entity);
// If fckeditor is active in the product/service description, it is activated in the forms
if ($const == 'PRODUCTDESC' && !empty($conf->global->PRODUIT_DESC_IN_FORM)) {
@@ -166,9 +166,9 @@ if (empty($conf->use_javascript_ajax)) {
$constante = 'FCKEDITOR_ENABLE_'.$const;
$value = (isset($conf->global->$constante) ? $conf->global->$constante : 0);
if ($value == 0) {
- print ''.img_picto($langs->trans("Disabled"), 'switch_off').'';
+ print ''.img_picto($langs->trans("Disabled"), 'switch_off').'';
} elseif ($value == 1) {
- print ''.img_picto($langs->trans("Enabled"), 'switch_on').'';
+ print ''.img_picto($langs->trans("Enabled"), 'switch_on').'';
}
print "";
diff --git a/htdocs/admin/security.php b/htdocs/admin/security.php
index 011b28e7421..98b6c996181 100644
--- a/htdocs/admin/security.php
+++ b/htdocs/admin/security.php
@@ -406,7 +406,7 @@ if (!empty($conf->global->DATABASE_PWD_ENCRYPTED)) {
if ($allow_disable_encryption) {
//On n'autorise pas l'annulation de l'encryption car les mots de passe ne peuvent pas etre decodes
//Do not allow "disable encryption" as passwords cannot be decrypted
- print ''.$langs->trans("Disable").'';
+ print ''.$langs->trans("Disable").'';
} else {
print '-';
}
@@ -432,10 +432,10 @@ if (empty($dolibarr_main_db_pass) && empty($dolibarr_main_db_encrypted_pass)) {
print img_warning($langs->trans("WarningPassIsEmpty"));
} else {
if (empty($dolibarr_main_db_encrypted_pass)) {
- print ''.$langs->trans("Activate").'';
+ print ''.$langs->trans("Activate").'';
}
if (!empty($dolibarr_main_db_encrypted_pass)) {
- print ''.$langs->trans("Disable").'';
+ print ''.$langs->trans("Disable").'';
}
}
print "";
@@ -455,12 +455,12 @@ if (!empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)) {
print '';
if (empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)) {
print '';
- print ''.$langs->trans("Activate").'';
+ print ''.$langs->trans("Activate").'';
print " | ";
}
if (!empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)) {
print '';
- print ''.$langs->trans("Disable").'';
+ print ''.$langs->trans("Disable").'';
print " | ";
}
print "";
diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php
index 6d2047d3f49..fa2ef014d17 100644
--- a/htdocs/bom/bom_card.php
+++ b/htdocs/bom/bom_card.php
@@ -656,11 +656,11 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
{
if ($object->status == 1)
{
- print ''.$langs->trans("Disable").''."\n";
+ print ''.$langs->trans("Disable").''."\n";
}
else
{
- print ''.$langs->trans("Enable").''."\n";
+ print ''.$langs->trans("Enable").''."\n";
}
}
*/
diff --git a/htdocs/compta/facture/card-rec.php b/htdocs/compta/facture/card-rec.php
index 167e9e4a577..4f0148a05a1 100644
--- a/htdocs/compta/facture/card-rec.php
+++ b/htdocs/compta/facture/card-rec.php
@@ -1658,15 +1658,15 @@ if ($action == 'create') {
if ($user->rights->facture->creer) {
if (empty($object->suspended)) {
- print '';
+ print '';
} else {
- print '';
+ print '';
}
}
//if ($object->statut == Facture::STATUS_DRAFT && $user->rights->facture->supprimer)
if ($user->rights->facture->supprimer) {
- print '';
+ print '';
}
print '';
diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php
index bae45672257..421b88ea6b8 100644
--- a/htdocs/contact/card.php
+++ b/htdocs/contact/card.php
@@ -1470,11 +1470,11 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Activer
if ($object->statut == 0 && $user->rights->societe->contact->creer) {
- print ''.$langs->trans("Reactivate").'';
+ print ''.$langs->trans("Reactivate").'';
}
// Desactiver
if ($object->statut == 1 && $user->rights->societe->contact->creer) {
- print ''.$langs->trans("DisableUser").'';
+ print ''.$langs->trans("DisableUser").'';
}
// Delete
diff --git a/htdocs/eventorganization/conferenceorbooth_card.php b/htdocs/eventorganization/conferenceorbooth_card.php
index 817be70ab79..e27e909d071 100644
--- a/htdocs/eventorganization/conferenceorbooth_card.php
+++ b/htdocs/eventorganization/conferenceorbooth_card.php
@@ -476,16 +476,16 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
/*
if ($permissiontoadd) {
if ($object->status == $object::STATUS_ENABLED) {
- print ''.$langs->trans("Disable").''."\n";
+ print ''.$langs->trans("Disable").''."\n";
} else {
- print ''.$langs->trans("Enable").''."\n";
+ print ''.$langs->trans("Enable").''."\n";
}
}
if ($permissiontoadd) {
if ($object->status == $object::STATUS_VALIDATED) {
- print ''.$langs->trans("Cancel").''."\n";
+ print ''.$langs->trans("Cancel").''."\n";
} else {
- print ''.$langs->trans("Re-Open").''."\n";
+ print ''.$langs->trans("Re-Open").''."\n";
}
}
*/
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index d77b1479102..108a25e1877 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -431,11 +431,26 @@ if (!defined('NOTOKENRENEWAL')) {
// Check validity of token, only if option MAIN_SECURITY_CSRF_WITH_TOKEN enabled or if constant CSRFCHECK_WITH_TOKEN is set into page
if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN)) || defined('CSRFCHECK_WITH_TOKEN')) {
- // Check all cases that need a token (all POST actions + all login, actions and mass actions on pages with CSRFCHECK_WITH_TOKEN set + all sensitive GET actions)
+ // Array of action code where CSRFCHECK with token will be forced (so token must be provided on url request)
+ $arrayofactiontoforcetokencheck = array(
+ 'activate', 'add', 'addtimespent', 'update', 'install',
+ 'confirm_create_user', 'confirm_create_thirdparty', 'confirm_reject_check',
+ 'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'disable',
+ 'enable'
+ );
+ $sensitiveget = false;
+ if (in_array(GETPOST('action', 'aZ09'), $arrayofactiontoforcetokencheck)) {
+ $sensitiveget = true;
+ }
+ if (preg_match('/^(disable_|enable_)/', GETPOST('action', 'aZ09'))) {
+ $sensitiveget = true;
+ }
+
+ // Check all cases that need a mandatory token (all POST actions + all login, actions and mass actions on pages with CSRFCHECK_WITH_TOKEN set + all sensitive GET actions)
if (
$_SERVER['REQUEST_METHOD'] == 'POST' ||
- ((GETPOSTISSET('actionlogin') || GETPOSTISSET('action') || GETPOSTISSET('massaction')) && defined('CSRFCHECK_WITH_TOKEN')) ||
- in_array(GETPOST('action', 'aZ09'), array('add', 'addtimespent', 'update', 'install', 'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'confirm_create_user', 'confirm_create_thirdparty', 'confirm_reject_check'))
+ $sensitiveget ||
+ ((GETPOSTISSET('actionlogin') || GETPOSTISSET('action') || GETPOSTISSET('massaction')) && defined('CSRFCHECK_WITH_TOKEN'))
) {
if (!GETPOST('token', 'alpha')) { // If token is not provided or empty
if (GETPOST('uploadform', 'int')) {
diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php
index e99acc0b913..8e40c1071e2 100644
--- a/htdocs/modulebuilder/template/myobject_card.php
+++ b/htdocs/modulebuilder/template/myobject_card.php
@@ -514,16 +514,16 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
/*
if ($permissiontoadd) {
if ($object->status == $object::STATUS_ENABLED) {
- print ''.$langs->trans("Disable").''."\n";
+ print ''.$langs->trans("Disable").''."\n";
} else {
- print ''.$langs->trans("Enable").''."\n";
+ print ''.$langs->trans("Enable").''."\n";
}
}
if ($permissiontoadd) {
if ($object->status == $object::STATUS_VALIDATED) {
- print ''.$langs->trans("Cancel").''."\n";
+ print ''.$langs->trans("Cancel").''."\n";
} else {
- print ''.$langs->trans("Re-Open").''."\n";
+ print ''.$langs->trans("Re-Open").''."\n";
}
}
*/
diff --git a/htdocs/product/price.php b/htdocs/product/price.php
index 015b061119b..ee86d43c09f 100644
--- a/htdocs/product/price.php
+++ b/htdocs/product/price.php
@@ -942,10 +942,10 @@ if (!empty($conf->global->PRODUIT_MULTIPRICES) || !empty($conf->global->PRODUIT_
}
print '';
- print '('.$langs->trans("DisablePriceByQty").')';
+ print '('.$langs->trans("DisablePriceByQty").')';
} else {
print $langs->trans("No");
- print ' ('.$langs->trans("Activate").')';
+ print ' ('.$langs->trans("Activate").')';
}
print '';
}
diff --git a/htdocs/recruitment/recruitmentjobposition_card.php b/htdocs/recruitment/recruitmentjobposition_card.php
index 26d1578b24c..2b832b3b467 100644
--- a/htdocs/recruitment/recruitmentjobposition_card.php
+++ b/htdocs/recruitment/recruitmentjobposition_card.php
@@ -548,9 +548,9 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
/*
if ($permissiontoadd) {
if ($object->status == $object::STATUS_ENABLED) {
- print ''.$langs->trans("Disable").''."\n";
+ print ''.$langs->trans("Disable").''."\n";
} else {
- print ''.$langs->trans("Enable").''."\n";
+ print ''.$langs->trans("Enable").''."\n";
}
}*/
if ($permissiontoadd) {
diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index a72dde04fb1..d4373812f61 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -1821,12 +1821,12 @@ if ($action == 'create' || $action == 'adduserldap') {
// Enable user
if ($user->id <> $id && $candisableuser && $object->statut == 0 &&
((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) {
- print '';
+ print '';
}
// Disable user
if ($user->id <> $id && $candisableuser && $object->statut == 1 &&
((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) {
- print '';
+ print '';
} else {
if ($user->id == $id) {
print '';
@@ -1836,7 +1836,7 @@ if ($action == 'create' || $action == 'adduserldap') {
if ($user->id <> $id && $candisableuser &&
((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) {
if ($user->admin || !$object->admin) { // If user edited is admin, delete is possible on for an admin
- print '';
+ print '';
} else {
print '';
}
diff --git a/htdocs/website/websiteaccount_card.php b/htdocs/website/websiteaccount_card.php
index e63c3cb8fef..957173335c0 100644
--- a/htdocs/website/websiteaccount_card.php
+++ b/htdocs/website/websiteaccount_card.php
@@ -332,17 +332,17 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
{
if ($object->status == 1)
{
- print ''."\n";
+ print ''."\n";
}
else
{
- print ''."\n";
+ print ''."\n";
}
}
*/
if ($user->rights->website->delete) {
- print ''."\n";
+ print ''."\n";
}
}
print ''."\n";
diff --git a/htdocs/workstation/workstation_card.php b/htdocs/workstation/workstation_card.php
index c15053bad5e..61686423d4c 100755
--- a/htdocs/workstation/workstation_card.php
+++ b/htdocs/workstation/workstation_card.php
@@ -469,16 +469,16 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
if ($permissiontoadd) {
if ($object->status == $object::STATUS_ENABLED) {
- print ''.$langs->trans("Disable").''."\n";
+ print ''.$langs->trans("Disable").''."\n";
} else {
- print ''.$langs->trans("Enable").''."\n";
+ print ''.$langs->trans("Enable").''."\n";
}
}
// Delete (need delete permission, or if draft, just need create/modify permission)
if ($permissiontodelete) {
- print ''.$langs->trans('Delete').''."\n";
+ print ''.$langs->trans('Delete').''."\n";
} else {
print ''.$langs->trans('Delete').''."\n";
}
diff --git a/htdocs/zapier/hook_card.php b/htdocs/zapier/hook_card.php
index 455efc95cc9..f57f8873aba 100644
--- a/htdocs/zapier/hook_card.php
+++ b/htdocs/zapier/hook_card.php
@@ -351,11 +351,11 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
{
if ($object->status == 1)
{
- print ''.$langs->trans("Disable").''."\n";
+ print ''.$langs->trans("Disable").''."\n";
}
else
{
- print ''.$langs->trans("Enable").''."\n";
+ print ''.$langs->trans("Enable").''."\n";
}
}
*/