Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix: ajout d'un jeton alatoire dans les requetes POST

Browse Source
This commit is contained in:
Regis Houssin 2009-05-16 12:52:53 +00:00
parent 7285270f1c
commit 07c6ffb065
43 changed files with 87 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
htdocs/adherents/cotisations.php
View File

@ -212,6 +212,7 @@ if ($result)
if ($allowinsertbankafter && ! $objp->fk_account && $conf->banque->enabled && $conf->global->ADHERENT_BANK_USE && $objp->cotisation)
{
print "<form method=\"post\" action=\"cotisations.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
}
print "<tr $bc[$var]>";

1
htdocs/adherents/note.php
View File

@ -82,6 +82,7 @@ if ($id)
if ($msg) print '<div class="error">'.$msg.'</div>';
print "<form method=\"post\" action=\"note.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<table class="border" width="100%">';

1
htdocs/adherents/type.php
View File

@ -197,6 +197,7 @@ if ($_GET["action"] == 'create')
if ($mesg) print '<div class="error">'.$mesg.'</div>';
print "<form action=\"type.php\" method=\"post\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<table class="border" width="100%">';
print '<input type="hidden" name="action" value="add">';

2
htdocs/admin/barcode.php
View File

@ -252,6 +252,7 @@ if ($conf->societe->enabled)
{
$var=!$var;
print "<form method=\"post\" action=\"".$_SERVER["PHP_SELF"]."\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"setdefaultbarcodetype\">";
print "<tr ".$bc[$var].">";
print '<td>'.$langs->trans("SetDefaultBarcodeTypeProducts").'</td>';
@ -269,6 +270,7 @@ if ($conf->produit->enabled)
{
$var=!$var;
print "<form method=\"post\" action=\"".$_SERVER["PHP_SELF"]."\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"GENBARCODE_BARCODETYPE_THIRDPARTY\">";
print "<tr ".$bc[$var].">";
print '<td>'.$langs->trans("SetDefaultBarcodeTypeThirdParties").'</td>';

1
htdocs/admin/commande.php
View File

@ -473,6 +473,7 @@ print '</form>';
//Use draft Watermark
$var=!$var;
print "<form method=\"post\" action=\"".$_SERVER["PHP_SELF"]."\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"set_COMMANDE_DRAFT_WATERMARK\">";
print '<tr '.$bc[$var].'><td colspan="2">';
print $langs->trans("WatermarkOnDraftOrders").'<br>';

2
htdocs/admin/confexped.php
View File

@ -107,6 +107,7 @@ $var=true;
// expedition activation/desactivation
$var=!$var;
print "<form method=\"post\" action=\"confexped.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<table class="noborder" width="100%">';
print '<tr class="liste_titre">';
print '<td>'.$langs->trans("Feature").'</td>';
@ -143,6 +144,7 @@ print '</form>';
// Bon de livraison activation/desactivation
$var=!$var;
print "<form method=\"post\" action=\"confexped.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<table class="noborder" width="100%">';
print "<input type=\"hidden\" name=\"action\" value=\"delivery\">";
print "<tr ".$bc[$var].">";

1
htdocs/admin/external_rss.php
View File

@ -252,6 +252,7 @@ if ($resql)
// print_r($rss->items);
print "<form name=\"externalrssconfig\" action=\"external_rss.php\" method=\"post\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<tr class=\"liste_titre\">";
print "<td colspan=\"2\">".$langs->trans("RSS")." ".($i+1)."</td>";

1
htdocs/admin/facture.php
View File

@ -624,6 +624,7 @@ print '</form>';
$var=!$var;
print "<form method=\"post\" action=\"".$_SERVER["PHP_SELF"]."\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"set_FACTURE_DRAFT_WATERMARK\">";
print '<tr '.$bc[$var].'><td colspan="2">';
print $langs->trans("WatermarkOnDraftBill").'<br>';

1
htdocs/admin/fichinter.php
View File

@ -390,6 +390,7 @@ $var=true;
//Use draft Watermark
$var=!$var;
print "<form method=\"post\" action=\"".$_SERVER["PHP_SELF"]."\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"set_FICHINTER_DRAFT_WATERMARK\">";
print '<tr '.$bc[$var].'><td colspan="2">';
print $langs->trans("WatermarkOnDraftInterventionCards").'<br>';

8
htdocs/admin/produit.php
View File

@ -164,6 +164,7 @@ print " <td width=\"80\">&nbsp;</td></tr>\n";
// multiprix activation/desactivation
$var=!$var;
print "<form method=\"post\" action=\"produit.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"multiprix\">";
print "<tr ".$bc[$var].">";
print '<td>'.$langs->trans("MultiPricesAbility").'</td>';
@ -181,6 +182,7 @@ if($conf->global->PRODUIT_MULTIPRICES)
{
$var=!$var;
print "<form method=\"post\" action=\"produit.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"multiprix_num\">";
print "<tr ".$bc[$var].">";
print '<td>'.$langs->trans("MultiPricesNumPrices").'</td>';
@ -193,6 +195,7 @@ if($conf->global->PRODUIT_MULTIPRICES)
// sousproduits activation/desactivation
$var=!$var;
print "<form method=\"post\" action=\"produit.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"sousproduits\">";
print "<tr ".$bc[$var].">";
print '<td>'.$langs->trans("AssociatedProductsAbility").'</td>';
@ -207,6 +210,7 @@ print '</form>';
// utilisation formulaire Ajax sur choix produit
$var=!$var;
print "<form method=\"post\" action=\"produit.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"usesearchtoselectproduct\">";
print "<tr ".$bc[$var].">";
print '<td>'.$langs->trans("UseSearchToSelectProduct").'</td>';
@ -231,6 +235,7 @@ if (empty($conf->global->PRODUIT_USE_SEARCH_TO_SELECT))
{
$var=!$var;
print "<form method=\"post\" action=\"produit.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"nbprod\">";
print "<tr ".$bc[$var].">";
print '<td>'.$langs->trans("NumberOfProductShowInSelect").'</td>';
@ -243,6 +248,7 @@ if (empty($conf->global->PRODUIT_USE_SEARCH_TO_SELECT))
// Visualiser description produit dans les formulaires activation/desactivation
$var=!$var;
print "<form method=\"post\" action=\"produit.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"viewProdDescInForm\">";
print "<tr ".$bc[$var].">";
print '<td>'.$langs->trans("ViewProductDescInFormAbility").'</td>';
@ -258,6 +264,7 @@ print '</form>';
/*
$var=!$var;
print "<form method=\"post\" action=\"produit.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"confirmDeleteProdLineInForm\">";
print "<tr ".$bc[$var].">";
print '<td>'.$langs->trans("ConfirmDeleteProductLineAbility").'</td>';
@ -273,6 +280,7 @@ print '</form>';
// Utilisation de l'ecotaxe
$var=!$var;
print "<form method=\"post\" action=\"produit.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"useecotaxe\">";
print "<tr ".$bc[$var].">";
print '<td>'.$langs->trans("UseEcoTaxeAbility").'</td>';

3
htdocs/admin/propale.php
View File

@ -426,6 +426,7 @@ print "</tr>";
$var=!$var;
print "<form method=\"post\" action=\"".$_SERVER["PHP_SELF"]."\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"setdefaultduration\">";
print "<tr ".$bc[$var].">";
print '<td>'.$langs->trans("DefaultProposalDurationValidity").'</td>';
@ -451,6 +452,7 @@ if ($conf->commande->enabled)
{
$var=!$var;
print "<form method=\"post\" action=\"".$_SERVER["PHP_SELF"]."\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"setclassifiedinvoiced\">";
print "<tr ".$bc[$var].">";
print '<td>'.$langs->trans("ClassifiedInvoicedWithOrder").'</td>';
@ -476,6 +478,7 @@ print '</form>';
$var=!$var;
print "<form method=\"post\" action=\"".$_SERVER["PHP_SELF"]."\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"set_PROPALE_DRAFT_WATERMARK\">";
print '<tr '.$bc[$var].'><td colspan="2">';
print $langs->trans("WatermarkOnDraftProposal").'<br>';

1
htdocs/admin/security.php
View File

@ -249,6 +249,7 @@ print '<br>';
$var=true;
print "<form method=\"post\" action=\"security.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"encrypt\">";
print '<table class="noborder" width="100%">';

3
htdocs/admin/societe.php
View File

@ -237,9 +237,10 @@ print " <td>".$langs->trans("Parameters")."</td>\n";
print " <td align=\"right\" width=\"60\">".$langs->trans("Value")."</td>\n";
print " <td width=\"80\">&nbsp;</td></tr>\n";
// Utilisation formulaire Ajax sur choix soci<EFBFBD>t<EFBFBD>
// Utilisation formulaire Ajax sur choix societe
$var=!$var;
print "<form method=\"post\" action=\"societe.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"usesearchtoselectcompany\">";
print "<tr ".$bc[$var].">";
print '<td width="80%">'.$langs->trans("UseSearchToSelectCompany").'</td>';

7
htdocs/admin/stock.php
View File

@ -134,6 +134,7 @@ print "<tr ".$bc[$var].">";
print '<td width="60%">'.$langs->trans("UserWarehouse").'</td>';
print '<td width="160" align="right">';
print "<form method=\"post\" action=\"stock.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"STOCK_USERSTOCK\">";
print $html->selectyesno("STOCK_USERSTOCK",$conf->global->STOCK_USERSTOCK,1);
print '<input type="submit" class="button" value="'.$langs->trans("Modify").'">';
@ -148,6 +149,7 @@ if ($conf->global->STOCK_USERSTOCK == 1)
print '<td width="160" align="right">';
print "<form method=\"post\" action=\"stock.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"STOCK_USERSTOCK_AUTOCREATE\">";
print $html->selectyesno("STOCK_USERSTOCK_AUTOCREATE",$conf->global->STOCK_USERSTOCK_AUTOCREATE,1);
@ -172,6 +174,7 @@ if ($conf->facture->enabled)
print '<td width="60%">'.$langs->trans("DeStockOnBill").'</td>';
print '<td width="160" align="right">';
print "<form method=\"post\" action=\"stock.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"STOCK_CALCULATE_ON_BILL\">";
print $html->selectyesno("STOCK_CALCULATE_ON_BILL",$conf->global->STOCK_CALCULATE_ON_BILL,1);
print '<input type="submit" class="button" value="'.$langs->trans("Modify").'">';
@ -185,6 +188,7 @@ if ($conf->commande->enabled)
print '<td width="60%">'.$langs->trans("DeStockOnValidateOrder").'</td>';
print '<td width="160" align="right">';
print "<form method=\"post\" action=\"stock.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"STOCK_CALCULATE_ON_VALIDATE_ORDER\">";
print $html->selectyesno("STOCK_CALCULATE_ON_VALIDATE_ORDER",$conf->global->STOCK_CALCULATE_ON_VALIDATE_ORDER,1);
print '<input type="submit" class="button" value="'.$langs->trans("Modify").'">';
@ -198,6 +202,7 @@ if ($conf->expedition->enabled)
print '<td width="60%">'.$langs->trans("DeStockOnShipment").'</td>';
print '<td width="160" align="right">';
print "<form method=\"post\" action=\"stock.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"STOCK_CALCULATE_ON_SHIPMENT\">";
print $html->selectyesno("STOCK_CALCULATE_ON_SHIPMENT",$conf->global->STOCK_CALCULATE_ON_SHIPMENT,1);
print '<input type="submit" class="button" value="'.$langs->trans("Modify").'">';
@ -219,6 +224,7 @@ if ($conf->fournisseur->enabled)
print '<td width="60%">'.$langs->trans("ReStockOnBill").'</td>';
print '<td width="160" align="right">';
print "<form method=\"post\" action=\"stock.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"STOCK_CALCULATE_ON_SUPPLIER_BILL\">";
print $html->selectyesno("STOCK_CALCULATE_ON_SUPPLIER_BILL",$conf->global->STOCK_CALCULATE_ON_SUPPLIER_BILL,1);
print '<input type="submit" class="button" value="'.$langs->trans("Modify").'">';
@ -232,6 +238,7 @@ if ($conf->commande->enabled)
print '<td width="60%">'.$langs->trans("ReStockOnValidateOrder").'</td>';
print '<td width="160" align="right">';
print "<form method=\"post\" action=\"stock.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER\">";
print $html->selectyesno("STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER",$conf->global->STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER,1);
print '<input type="submit" class="button" value="'.$langs->trans("Modify").'">';

2
htdocs/boutique/notification/fiche.php
View File

@ -62,6 +62,7 @@ if ($action == 'create')
{
print "<form action=\"fiche.php?id=$id\" method=\"post\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
print '<div class="titre">Nouvel Editeur</div><br>';
@ -90,6 +91,7 @@ else
print '<div class="titre">Edition de la fiche Editeur : '.$editeur->titre.'</div><br>';
print "<form action=\"fiche.php?id=$id\" method=\"post\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="update">';
print '<table border="1" width="100%" cellspacing="0" cellpadding="4">';

1
htdocs/comm/addpropal.php
View File

@ -99,6 +99,7 @@ if ($_GET["action"] == 'create')
}
print "<form name='addprop' action=\"propal.php?socid=".$soc->id."\" method=\"post\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"add\">";
print '<table class="border" width="100%">';

8
htdocs/compta/bank/ligne.php
View File

@ -256,7 +256,8 @@ if ($result)
$i++;
print "<form name='update' method=\"post\" action=\"ligne.php?rowid=$objp->rowid\">";
print '<form name="update" method="post" action="ligne.php?rowid='.$objp->rowid.'">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"update\">";
print "<input type=\"hidden\" name=\"orig_account\" value=\"".$orig_account."\">";
@ -426,6 +427,7 @@ if ($result)
if ($user->rights->banque->modifier || $user->rights->banque->consolidate)
{
print "<form method=\"post\" action=\"ligne.php?rowid=$objp->rowid\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="type">';
print "<input type=\"hidden\" name=\"orig_account\" value=\"".$orig_account."\">";
print $html->select_types_paiements($objp->fk_type,"value",'',2);
@ -444,6 +446,7 @@ if ($result)
if ($user->rights->banque->modifier)
{
print "<form method=\"post\" action=\"ligne.php?rowid=$objp->rowid\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="banque">';
print "<input type=\"hidden\" name=\"orig_account\" value=\"".$orig_account."\">";
print '<input type="text" class="flat" size="40" name="banque" value="'.(empty($objp->banque) ? '' : $objp->banque).'">';
@ -461,6 +464,7 @@ if ($result)
if ($user->rights->banque->modifier || $user->rights->banque->consolidate)
{
print "<form method=\"post\" action=\"ligne.php?rowid=$objp->rowid\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="emetteur">';
print "<input type=\"hidden\" name=\"orig_account\" value=\"".$orig_account."\">";
print '<input type="text" class="flat" size="40" name="emetteur" value="'.(empty($objp->emetteur) ? '' : stripslashes($objp->emetteur)).'">';
@ -481,6 +485,7 @@ if ($result)
if ($user->rights->banque->consolidate)
{
print "<form method=\"post\" action=\"ligne.php?rowid=$objp->rowid\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="num_releve">';
print "<input type=\"hidden\" name=\"orig_account\" value=\"".$orig_account."\">";
print '<td colspan="3">';
@ -511,6 +516,7 @@ print '<br>';
print '<table class="noborder" width="100%">';
print "<form method=\"post\" action=\"ligne.php?rowid=$rowid&amp;account=$account\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"class\">";
print "<input type=\"hidden\" name=\"orig_account\" value=\"".$orig_account."\">";
print "<tr class=\"liste_titre\"><td>".$langs->trans("Rubriques")."</td><td colspan=\"2\">";

1
htdocs/compta/bank/releve.php
View File

@ -224,6 +224,7 @@ else
print '<br>';
print "<form method=\"post\" action=\"releve.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"add\">";
print '<table class="border" width="100%">';

1
htdocs/compta/bank/virement.php
View File

@ -146,6 +146,7 @@ print $langs->trans("TransferDesc");
print "<br><br>";
print "<form name='add' method=\"post\" action=\"virement.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';

2
htdocs/compta/deplacement/fiche.php
View File

@ -132,6 +132,7 @@ if ($_GET["action"] == 'create')
if ($mesg) print $mesg."<br>";
print "<form name='add' action=\"fiche.php\" method=\"post\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
print '<table class="border" width="100%">';
@ -186,6 +187,7 @@ else
dol_fiche_head($head, $hselected, $langs->trans("TripCard"));
print "<form name='update' action=\"fiche.php\" method=\"post\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="update">';
print '<input type="hidden" name="id" value="'.$id.'">';

1
htdocs/compta/dons/fiche.php
View File

@ -364,6 +364,7 @@ if ($_GET["rowid"] && $_GET["action"] != 'edit')
dol_fiche_head($head, $hselected, $langs->trans("Ref").": ".$_GET["rowid"]);
print "<form action=\"fiche.php\" method=\"post\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<table class="border" width="100%">';
// Ref

6
htdocs/compta/sociales/charges.php
View File

@ -276,7 +276,11 @@ if ($chid > 0)
if ($ret == 'html') print '<br>';
}
if ($_GET['action'] == 'edit') print "<form name=\"charge\" action=\"charges.php?id=$cha->id&amp;action=update\" method=\"post\">";
if ($_GET['action'] == 'edit')
{
print "<form name=\"charge\" action=\"charges.php?id=$cha->id&amp;action=update\" method=\"post\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
}
print '<table class="border" width="100%">';

1
htdocs/compta/tva/fiche.php
View File

@ -144,6 +144,7 @@ if ($id)
if ($_GET["action"] == 'create')
{
print "<form name='add' action=\"fiche.php\" method=\"post\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
print_fiche_titre($langs->trans("NewVATPayment"));

1
htdocs/compta/voyage/index.php
View File

@ -77,6 +77,7 @@ $result = $db->query($sql);
if ($result) {
print "<form method=\"post\" action=\"index.php?viewall=$viewall&vline=$vline&account=$account\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"add\">";
print "<table class=\"border\" width=\"100%\" cellspacing=\"0\" cellpadding=\"2\">";
print "<tr class=\"liste_titre\">";

1
htdocs/contrat/fiche.php
View File

@ -896,6 +896,7 @@ else
else
{
print "<form name='update' action=\"fiche.php?id=$id\" method=\"post\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="updateligne">';
print '<input type="hidden" name="elrowid" value="'.$_GET["rowid"].'">';
// Ligne carac

1
htdocs/domain/index.php
View File

@ -41,6 +41,7 @@ if ($result)
print_barre_liste($langs->trans("DomainNames"), $page, "liste.php","",$sortfield,$sortorder,"",$num);
print "<form method=\"post\" action=\"index.php?viewall=$viewall&vline=$vline&account=$account\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"add\">";
print "<table class=\"border\" width=\"100%\">";
print "<tr class=\"liste_titre\">";

1
htdocs/fichinter/fiche.php
View File

@ -405,6 +405,7 @@ if ($_GET["action"] == 'create')
if ($_GET["socid"] > 0)
{
print "<form name='fichinter' action=\"fiche.php\" method=\"post\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<table class="border" width="100%">';

3
htdocs/fourn/product/categorie.php
View File

@ -152,7 +152,8 @@ if ($_GET["id"])
print $langs->trans("AddProductToCat")."<br/><br/>";
print '<table class="border" width="100%">';
print "<form method='post' action='".DOL_URL_ROOT."/fourn/product/categorie.php?id=".$product->id."'>";
print '<form method="POST" action="'.DOL_URL_ROOT.'/fourn/product/categorie.php?id='.$product->id.'">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<tr><td><select name='add_cat'><option value='-1'>".$langs->trans("Choose")."</option>";
$cat = new Categorie($db);
foreach ($cat->get_all_categories() as $categorie)

1
htdocs/html.formmail.class.php
View File

@ -177,6 +177,7 @@ class FormMail
print "\n<!-- Debut form mail -->\n";
print "<form method=\"post\" ENCTYPE=\"multipart/form-data\" action=\"".$this->param["returnurl"]."\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
foreach ($this->param as $key=>$value)
{
print "<input type=\"hidden\" name=\"$key\" value=\"$value\">\n";

1
htdocs/postnuke/articles/fiche.php
View File

@ -68,6 +68,7 @@ if ($id)
print_titre ("Edition de la fiche article");
print "<form action=\"$fiche.php?id=$id\" method=\"post\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"update\">";
print '<table border="1" width="100%" cellspacing="0" cellpadding="4">';

1
htdocs/product/fiche.php
View File

@ -1008,6 +1008,7 @@ if ($_GET["id"] || $_GET["ref"])
{
print "<!-- CUT HERE -->\n";
print "<form action=\"fiche.php\" method=\"post\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="update">';
print '<input type="hidden" name="id" value="'.$product->id.'">';
print '<input type="hidden" name="canvas" value="'.$product->canvas.'">';

1
htdocs/product/stock/fiche.php
View File

@ -133,6 +133,7 @@ if ($_GET["action"] == 'create')
print_fiche_titre($langs->trans("NewWarehouse"));
print "<form action=\"fiche.php\" method=\"post\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
print '<input type="hidden" name="type" value="'.$type.'">'."\n";

3
htdocs/product/stock/product.php
View File

@ -245,6 +245,7 @@ if ($_GET["id"] || $_GET["ref"])
{
print_titre($langs->trans("StockCorrection"));
print "<form action=\"product.php?id=$product->id\" method=\"post\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="correct_stock">';
print '<table class="border" width="100%"><tr>';
print '<td width="20%">'.$langs->trans("Warehouse").'</td>';
@ -275,6 +276,7 @@ if ($_GET["id"] || $_GET["ref"])
{
print_titre($langs->trans("Transfer"));
print "<form action=\"product.php?id=$product->id\" method=\"post\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="transfert_stock">';
print '<table class="border" width="100%"><tr>';
print '<td width="20%">'.$langs->trans("WarehouseSource").'</td><td width="20%">';
@ -300,6 +302,7 @@ if ($_GET["id"] || $_GET["ref"])
{
print_titre($langs->trans("SetStock"));
print "<form action=\"product.php?id=$product->id\" method=\"post\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="create_stock">';
print '<table class="border" width="100%"><tr>';
print '<td width="20%">'.$langs->trans("Warehouse").'</td><td width="40%">';

1
htdocs/public/members/new.php
View File

@ -238,6 +238,7 @@ print '<li> Les champs Commencant par un <FONT COLOR="blue">*</FONT> seront affi
print "</ul><BR>\n";
print "<form action=\"new.php\" method=\"POST\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
print '<table cellspacing="0" border="1" width="100%" cellpadding="3">'."\n";

1
htdocs/searchpostalcode.php
View File

@ -112,6 +112,7 @@ function change_categorie(urlbase,leselect)
print "<div><div><br>"; // Ouvre 3 div a la place de top_menu car le llxFooter en ferme 3
print "<form method=\"post\" action=\"javascript:MAJ(" . $_GET['targetobject'] . ");\" name=\"villes\" enctype=\"application/x-www-form-urlencoded\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<table class=\"noborder\" align=\"center\" width=\"90%\">";
print "<tr class=\"liste_titre\">";
print " <td colspan=\"3\" align=\"center\">";

1
htdocs/societe/socnote.php
View File

@ -68,6 +68,7 @@ if ($socid > 0)
print "<form method=\"post\" action=\"".DOL_URL_ROOT."/societe/socnote.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<table class="border" width="100%">';

5
htdocs/telephonie/adsl/fiche.php
View File

@ -394,7 +394,7 @@ elseif ($_GET["action"] == 'create_line' && $_GET["client"] > 0)
print $socc->code_client;
print '</td></tr>';
print '</table><br /><br />';
print 'Impossible de cr<63>er une ligne pour cette soci<EFBFBD>t<EFBFBD>, vous devez au pr<70>alablement lui affecter un code client.';
print 'Impossible de cr<63>er une ligne pour cette societe, vous devez au prealablement lui affecter un code client.';
}
elseif (strlen($socc->code_client) > 0 && $socc->check_codeclient() <> 0)
{
@ -407,11 +407,12 @@ elseif ($_GET["action"] == 'create_line' && $_GET["client"] > 0)
print $socc->code_client;
print '</td></tr>';
print '</table><br /><br />';
print 'Le code client de cette soci<EFBFBD>t<EFBFBD> est incorrect, vous devez lui affecter un code client correct.';
print 'Le code client de cette societe est incorrect, vous devez lui affecter un code client correct.';
}
else
{
print "<form action=\"fiche.php\" method=\"post\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
print '<input type="hidden" name="client" value="'.$socc->id.'">'."\n";
if ($_GET['contratid'] > 0)

5
htdocs/telephonie/contrat/fiche.php
View File

@ -212,7 +212,7 @@ elseif ($_GET["action"] == 'create_line' && $_GET["client_comm"] > 0 && $user->r
print $socc->code_client;
print '</td></tr>';
print '</table><br /><br />';
print 'Impossible de cr<63>er un contrat pour cette soci<EFBFBD>t<EFBFBD>, vous devez au pr<70>alablement lui affecter un code client.';
print 'Impossible de cr<63>er un contrat pour cette societe, vous devez au prealablement lui affecter un code client.';
}
elseif (strlen($socc->code_client) > 0 && $socc->check_codeclient() <> 0)
{
@ -225,11 +225,12 @@ elseif ($_GET["action"] == 'create_line' && $_GET["client_comm"] > 0 && $user->r
print $socc->code_client;
print '</td></tr>';
print '</table><br /><br />';
print 'Le code client de cette soci<EFBFBD>t<EFBFBD> est incorrect, vous devez lui affecter un code client correct.';
print 'Le code client de cette societe est incorrect, vous devez lui affecter un code client correct.';
}
else
{
print "<form action=\"fiche.php\" method=\"post\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
print '<input type="hidden" name="client_comm" value="'.$socc->id.'">'."\n";

1
htdocs/telephonie/fournisseur/fiche.php
View File

@ -106,6 +106,7 @@ if ($_GET["action"] == 'create')
{
$fourn = new FournisseurTelephonie($db);
print "<form action=\"fiche.php\" method=\"post\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
print_titre("Nouveau fournisseur");

4
htdocs/telephonie/ligne/fiche.php
View File

@ -948,6 +948,7 @@ else
print_fiche_titre('Edition de la ligne', $mesg);
print "<form action=\"fiche.php?id=$ligne->id\" method=\"post\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="update">';
print '<table class="border" width="100%" cellspacing="0" cellpadding="4">';
@ -960,7 +961,7 @@ else
print '</td></tr>';
print '<input type="hidden" name="client_comm" value="'.$client_comm->id.'">'."\n";
print '<tr><td width="20%">Num<EFBFBD>ro</td><td>';
print '<tr><td width="20%">Numero</td><td>';
if ($ligne->statut == -1)
{
print '<input name="numero" size="12" value="'.$ligne->numero.'">';
@ -1101,6 +1102,7 @@ else
print_fiche_titre('Ajouter un contact', $mesg);
print "<form action=\"fiche.php?id=$ligne->id\" method=\"post\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="addcontact">';
print '<table class="border" width="100%" cellspacing="0" cellpadding="4">';

11
htdocs/telephonie/ligne/infoc.php
View File

@ -151,12 +151,12 @@ if ($_GET["id"] or $_GET["numero"])
$cuser->fetch();
}
print '<tr><td width="20%">Ligne cr<EFBFBD><EFBFBD>e par</td><td colspan="2">'.$cuser->fullname.'</td></tr>';
print '<tr><td width="20%">Ligne creee par</td><td colspan="2">'.$cuser->fullname.'</td></tr>';
print '<tr><td width="20%">Code analytique</td><td colspan="2">'.$ligne->code_analytique.'&nbsp;</td></tr>';
print '<tr><td width="20%">Mod<EFBFBD>le de facture utilis<69></td><td colspan="2">'.$ligne->pdfdetail.'</td></tr>';
print '<tr><td width="20%">Modele de facture utilise</td><td colspan="2">'.$ligne->pdfdetail.'</td></tr>';
print "</table>";
@ -165,14 +165,15 @@ if ($_GET["id"] or $_GET["numero"])
if ($_GET["action"] == 'edit' || $action == 're-edit')
{
print_fiche_titre('Edition des informations compl<EFBFBD>mentaires de la ligne', $mesg);
print_fiche_titre('Edition des informations complementaires de la ligne', $mesg);
print "<form action=\"infoc.php?id=$ligne->id\" method=\"post\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="update">';
print '<table class="border" width="100%" cellspacing="0" cellpadding="4">';
print '<tr><td width="20%">Num<EFBFBD>ro</td><td>'.$ligne->numero.'</td></tr>';
print '<tr><td width="20%">Numero</td><td>'.$ligne->numero.'</td></tr>';
$client = new Societe($db, $ligne->client_id);
$client->fetch($ligne->client_id);
@ -184,7 +185,7 @@ if ($_GET["id"] or $_GET["numero"])
print '<tr><td width="20%">Code Analytique</td><td><input name="code_ana" size="13" maxlength="12" value="'.$ligne->code_analytique.'">&nbsp;</td></tr>';
print '<tr><td>&nbsp;</td><td><input type="submit" value="Mettre <EFBFBD> jour">';
print '<tr><td>&nbsp;</td><td><input type="submit" value="Mettre a jour">';
print '<a href="infoc.php?id='.$ligne->id.'">Annuler</a></td></tr>';
print '</table>';
print '</form>';

1
htdocs/telephonie/service/fiche.php
View File

@ -185,6 +185,7 @@ else
print_fiche_titre('Edition du service', $mesg);
print "<form action=\"fiche.php?id=$service->id\" method=\"post\">\n";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="update">';
print '<table class="border" width="100%" cellspacing="0" cellpadding="4">';

1
htdocs/user/note.php
View File

@ -88,6 +88,7 @@ if ($id)
if ($msg) print '<div class="error">'.$msg.'</div>';
print "<form method=\"post\" action=\"note.php\">";
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<table class="border" width="100%">';