lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix doc and token renewal with NOSESSION

Browse Source
This commit is contained in:
Laurent Destailleur 2021-08-24 21:48:38 +02:00
parent 2268fc11ed
commit e4cbc2140e
3 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/core/class/hookmanager.class.php
View File

@ -160,7 +160,7 @@ class HookManager
//dol_syslog(get_class($this).'::executeHooks method='.$method." action=".$action." context=".$parameters['context']);
// Define type of hook ('output' or 'addreplace').
// TODO Remove hooks with type 'output'. All hooks must be converted into 'addreplace' hooks.
// TODO Remove hooks with type 'output' (exemple getNomUrl). All hooks must be converted into 'addreplace' hooks.
$hooktype = 'output';
if (in_array(
$method,
@ -267,7 +267,7 @@ class HookManager
$actionclassinstance->error = 0;
$actionclassinstance->errors = array();
dol_syslog(get_class($this)."::executeHooks Qualified hook found (hooktype=".$hooktype."). We call method ".get_class($actionclassinstance).'->'.$method.", context=".$context.", module=".$module.", action=".$action.((is_object($object) && property_exists($object, 'id')) ? ', objectid='.$object->id : ''), LOG_DEBUG);
dol_syslog(get_class($this)."::executeHooks Qualified hook found (hooktype=".$hooktype."). We call method ".get_class($actionclassinstance).'->'.$method.", context=".$context.", module=".$module.", action=".$action.((is_object($object) && property_exists($object, 'id')) ? ', object id='.$object->id : '').((is_object($object) && property_exists($object, 'element')) ? ', object element='.$object->element : ''), LOG_DEBUG);
// Add current context to avoid method execution in bad context, you can add this test in your method : eg if($currentcontext != 'formfile') return;
$parameters['currentcontext'] = $context;

2
htdocs/main.inc.php
View File

@ -442,7 +442,7 @@ if ((!empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && ($conf->global->MAIN_VE
}
// Creation of a token against CSRF vulnerabilities
if (!defined('NOTOKENRENEWAL')) {
if (!defined('NOTOKENRENEWAL') && !defined('NOSESSION')) {
// No token renewal on .css.php, .js.php and .json.php
if (!preg_match('/\.(css|js|json)\.php$/', $_SERVER["PHP_SELF"])) {
// Rolling token at each call ($_SESSION['token'] contains token of previous page)

1
htdocs/modulebuilder/template/myobject_list.php
View File

@ -42,6 +42,7 @@
//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies
//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET
//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification
//if (! defined('NOSESSION')) define('NOSESSION', '1'); // On CLI mode, no need to use web sessions
// Load Dolibarr environment
$res = 0;