From fa1e15af02cb39426705d413e0cd4eefcdf91135 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 16 Mar 2018 01:52:07 +0100 Subject: [PATCH] Add constant to allow a page to accept a username on a GET parameter --- htdocs/main.inc.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index df49c541b41..c9c6c2d4cde 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -225,13 +225,13 @@ session_set_cookie_params(0, '/', null, false, true); // Add tag httponly on s if (! defined('NOSESSION')) { session_start(); - if (ini_get('register_globals')) // Deprecated in 5.3 and removed in 5.4. To solve bug in using $_SESSION + /*if (ini_get('register_globals')) // Deprecated in 5.3 and removed in 5.4. To solve bug in using $_SESSION { foreach ($_SESSION as $key=>$value) { if (isset($GLOBALS[$key])) unset($GLOBALS[$key]); } - } + }*/ } // Init the 5 global objects, this include will make the new and set properties for: $conf, $db, $langs, $user, $mysoc @@ -499,7 +499,9 @@ if (! defined('NOLOGIN')) } } - $usertotest = (! empty($_COOKIE['login_dolibarr']) ? $_COOKIE['login_dolibarr'] : GETPOST("username","alpha",2)); + $allowedmethodtopostusername = 2; + if (defined('MAIN_AUTHENTICATION_POST_METHOD')) $allowedmethodtopostusername = constant('MAIN_AUTHENTICATION_POST_METHOD'); + $usertotest = (! empty($_COOKIE['login_dolibarr']) ? $_COOKIE['login_dolibarr'] : GETPOST("username","alpha",$allowedmethodtopostusername)); $passwordtotest = GETPOST('password','none',2); $entitytotest = (GETPOST('entity','int') ? GETPOST('entity','int') : (!empty($conf->entity) ? $conf->entity : 1)); @@ -507,7 +509,7 @@ if (! defined('NOLOGIN')) $goontestloop=false; if (isset($_SERVER["REMOTE_USER"]) && in_array('http',$authmode)) $goontestloop=true; if ($dolibarr_main_authentication == 'forceuser' && ! empty($dolibarr_auto_user)) $goontestloop=true; - if (GETPOST("username","alpha",2) || ! empty($_COOKIE['login_dolibarr']) || GETPOST('openid_mode','alpha',1)) $goontestloop=true; + if (GETPOST("username","alpha",$allowedmethodtopostusername) || ! empty($_COOKIE['login_dolibarr']) || GETPOST('openid_mode','alpha',1)) $goontestloop=true; if (! is_object($langs)) // This can occurs when calling page with NOREQUIRETRAN defined, however we need langs for error messages. {