lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Keep feature as hidden feature because when enabled, it is a

Browse Source 
security hole (every worm can modify/edit data calling public urls).
This commit is contained in:
Laurent Destailleur 2012-04-28 15:50:52 +02:00
parent 84a0d93475
commit ef94ea5c26
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
htdocs/admin/mailing.php
View File

@ -41,18 +41,18 @@ $action = GETPOST('action','alpha');
if ($action == 'setvalue' && $user->admin)
{
$db->begin();
$mailfrom = GETPOST('MAILING_EMAIL_FROM','alpha');
$mailerror = GETPOST('MAILING_EMAIL_ERRORSTO','alpha');
$checkread = GETPOST('value','alpha');
$res=dolibarr_set_const($db, "MAILING_EMAIL_FROM",$mailfrom,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
$res=dolibarr_set_const($db, "MAILING_EMAIL_ERRORSTO",$mailerror,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
$res=dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE",$checkread,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
//$res=dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE",$checkread,'chaine',0,'',$conf->entity);
//if (! $res > 0) $error++;
if (! $error)
{
$db->commit();
@ -104,6 +104,7 @@ print '<input size="32" type="text" name="MAILING_EMAIL_ERRORSTO" value="'.$conf
if (!empty($conf->global->MAILING_EMAIL_ERRORSTO) && ! isValidEmail($conf->global->MAILING_EMAIL_ERRORSTO)) print ' '.img_warning($langs->trans("BadEMail"));
print '</td></tr>';
/*
$var=!$var;
print '<tr '.$bc[$var].'><td>';
print $langs->trans("ActivateCheckRead").'</td><td>';
@ -120,7 +121,7 @@ else
print '</a>';
}
print '</td></tr>';
*/
print '<tr><td colspan="3" align="center"><input type="submit" class="button" value="'.$langs->trans("Modify").'"></td></tr>';