lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix #huntr7144bb4b-338f-45f0-a70e-088ef1f4c037

Browse Source
This commit is contained in:
Laurent Destailleur 2021-07-20 23:54:22 +02:00
parent 0e18bd4be1
commit dc7ff07517
4 changed files with 19 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/langs/en_US/main.lang
View File

@ -1137,4 +1137,5 @@ CopiedToClipboard=Copied to clipboard
InformationOnLinkToContract=This amount is only the total of all the lines of the contract. No notion of time is taken into consideration.
ConfirmCancel=Are you sure you want to cancel
EmailMsgID=Email MsgID
Forthcoming=Forthcoming
Forthcoming=Forthcoming
Currently=Currently

14
htdocs/main.inc.php
View File

@ -460,11 +460,15 @@ if (!defined('NOTOKENRENEWAL')) {
if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN)) || defined('CSRFCHECK_WITH_TOKEN')) {
// Array of action code where CSRFCHECK with token will be forced (so token must be provided on url request)
$arrayofactiontoforcetokencheck = array(
'activate', 'add', 'addtimespent', 'update', 'install',
'confirm_create_user', 'confirm_create_thirdparty', 'confirm_purge', 'confirm_reject_check', 'confirm_deletedir',
'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'disable',
'doprev', 'donext', 'dvprev', 'dvnext',
'enable', 'setpricelevel'
'activate', 'add', 'addrights', 'addtimespent',
'confirm_create_user', 'confirm_create_thirdparty', 'confirm_purge', 'confirm_reject_check', 'confirm_deletedir',
'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'delrights',
'disable',
'doprev', 'donext', 'dvprev', 'dvnext',
'enable',
'install',
'setpricelevel',
'update'
);
$sensitiveget = false;
if (in_array(GETPOST('action', 'aZ09'), $arrayofactiontoforcetokencheck)) {

4
htdocs/user/card.php
View File

@ -1437,7 +1437,7 @@ if ($action == 'create' || $action == 'adduserldap') {
}
// Employee
print '<tr><td>'.$langs->trans("Employee").'</td><td colspan="2">';
print '<tr><td>'.$langs->trans("Employee").'</td><td>';
print '<input type="checkbox" disabled name="employee" value="1"'.($object->employee ? ' checked="checked"' : '').'>';
//print yn($object->employee);
print '</td></tr>'."\n";
@ -1803,7 +1803,7 @@ if ($action == 'create' || $action == 'adduserldap') {
print dol_print_date($object->datepreviouslogin, "dayhour").' <span class="opacitymedium">('.$langs->trans("Previous").')</span>, ';
}
if ($object->datelastlogin) {
print dol_print_date($object->datelastlogin, "dayhour").' <span class="opacitymedium">('.$langs->trans("Current").')</span>';
print dol_print_date($object->datelastlogin, "dayhour").' <span class="opacitymedium">('.$langs->trans("Currently").')</span>';
}
print '</td>';
print "</tr>\n";

12
htdocs/user/group/perms.php
View File

@ -235,9 +235,9 @@ if ($object->id > 0) {
print '<td>'.$langs->trans("Module").'</td>';
if ($caneditperms) {
print '<td class="center nowrap">';
print '<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;module=allmodules">'.$langs->trans("All")."</a>";
print '<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;module=allmodules&amp;token='.newToken().'">'.$langs->trans("All")."</a>";
print '/';
print '<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.dol_escape_htmltag($langs->trans("None")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=delrights&amp;entity='.$entity.'&amp;module=allmodules">'.$langs->trans("None")."</a>";
print '<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.dol_escape_htmltag($langs->trans("None")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=delrights&amp;entity='.$entity.'&amp;module=allmodules&amp;token='.newToken().'">'.$langs->trans("None")."</a>";
print '</td>';
}
print '<td class="center" width="24">&nbsp;</td>';
@ -286,9 +286,9 @@ if ($object->id > 0) {
print '</td>';
if ($caneditperms) {
print '<td class="center nowrap">';
print '<a class="reposition" title='.$langs->trans("All").' alt='.$langs->trans("All").' href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;module='.$obj->module.'">'.$langs->trans("All")."</a>";
print '<a class="reposition" title='.$langs->trans("All").' alt='.$langs->trans("All").' href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;module='.$obj->module.'&amp;token='.newToken().'">'.$langs->trans("All")."</a>";
print '/';
print '<a class="reposition" title='.$langs->trans("None").' alt='.$langs->trans("None").' href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=delrights&amp;entity='.$entity.'&amp;module='.$obj->module.'">'.$langs->trans("None")."</a>";
print '<a class="reposition" title='.$langs->trans("None").' alt='.$langs->trans("None").' href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=delrights&amp;entity='.$entity.'&amp;module='.$obj->module.'&amp;token='.newToken().'">'.$langs->trans("None")."</a>";
print '</td>';
} else {
print '<td>&nbsp;</td>';
@ -326,7 +326,7 @@ if ($object->id > 0) {
} else {
// Do not own permission
if ($caneditperms) {
print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;rights='.$obj->id.'">';
print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;rights='.$obj->id.'&amp;token='.newToken().'">';
//print img_edit_add($langs->trans("Add"));
print img_picto($langs->trans("Add"), 'switch_off');
print '</a></td>';
@ -336,7 +336,7 @@ if ($object->id > 0) {
} else {
// Do not own permission
if ($caneditperms) {
print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;rights='.$obj->id.'">';
print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;rights='.$obj->id.'&amp;token='.newToken().'">';
//print img_edit_add($langs->trans("Add"));
print img_picto($langs->trans("Add"), 'switch_off');
print '</a></td>';