lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ref passed in url no longer crypted (useless) and correctly passed through POST at submit

Browse Source
This commit is contained in:
Dorian Vabre 2021-04-21 14:50:50 +02:00
parent 9809179aa4
commit f059cbe89c
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/public/eventorganization/attendee_subscription.php
View File

@ -343,7 +343,7 @@ if (empty($reshook) && $action == 'add') {
if (!$error) {
$valid = true;
$sourcetouse = 'conferencesubscription';
$reftouse = dol_encode($facture->id, $dolibarr_main_instance_unique_id);
$reftouse = $facture->id;
$redirection = $dolibarr_main_url_root.'/public/payment/newpayment.php?source='.$sourcetouse.'&ref='.$reftouse;
if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) {
if (!empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) {

6
htdocs/public/payment/newpayment.php
View File

@ -113,9 +113,9 @@ if (!$action) {
if ($source == 'conferencesubscription') {
// Finding the Attendee
$decodedinvoiceid = dol_decode(GETPOST('ref'), $dolibarr_main_instance_unique_id);
$invoiceid = GETPOST('ref');
$invoice = new Facture($db);
$resultinvoice = $invoice->fetch($decodedinvoiceid);
$resultinvoice = $invoice->fetch($invoiceid);
if ($resultinvoice <= 0) {
setEventMessages(null, $invoice->errors, "errors");
} else {
@ -1808,7 +1808,7 @@ if ($source == 'conferencesubscription') {
print '<tr class="CTableRow'.($var ? '1' : '2').'"><td class="CTableRow'.($var ? '1' : '2').'">'.$langs->trans("Designation");
print '</td><td class="CTableRow'.($var ? '1' : '2').'">'.$text;
print '<input type="hidden" name="source" value="'.dol_escape_htmltag($source).'">';
print '<input type="hidden" name="ref" value="'.dol_escape_htmltag($attendee->ref).'">';
print '<input type="hidden" name="ref" value="'.dol_escape_htmltag($invoice->id).'">';
print '</td></tr>'."\n";
// Amount