Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX Use token in js from meta page

Browse Source
This commit is contained in:
Laurent Destailleur 2022-10-06 15:24:23 +02:00
parent 0bb4c5701a
commit 273d2c30cd
2 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/core/js/lib_notification.js.php
View File

@ -99,13 +99,21 @@ function first_execution() {
function check_events() {
if (Notification.permission === "granted")
{
var newToken = 'notrequired';
const allMeta = document.getElementsByTagName("meta");
for (let i = 0; i < allMeta.length; i++) {
if (allMeta[i].getAttribute("name") == 'anti-csrf-token') {
newToken = allMeta[i].getAttribute('content');
console.log("newToken in page = "+newToken);
}
}
time_js_next_test += time_auto_update;
console.log("Call ajax to check_events with time_js_next_test = "+time_js_next_test);
console.log("Call ajax to check events with time_js_next_test = "+time_js_next_test);
$.ajax("<?php print DOL_URL_ROOT.'/core/ajax/check_notifications.php'; ?>", {
type: "post", // Usually post or get
async: true,
data: { time_js_next_test: time_js_next_test, forcechecknow: 1, token: 'notrequired' },
data: { time_js_next_test: time_js_next_test, forcechecknow: 1, token: newToken },
dataType: "json",
success: function (result) {
//console.log(result);
@ -173,7 +181,7 @@ function check_events() {
$.ajax("<?php print DOL_URL_ROOT.'/core/ajax/check_notifications.php?action=stopreminder&listofreminderids='; ?>"+listofreminderids, {
type: "POST", // Usually post or get
async: true,
data: { time_js_next_test: time_js_next_test, token: 'notrequired' }
data: { time_js_next_test: time_js_next_test, token: newToken }
});
} else {
console.log("No reminder to do found, next search at "+time_js_next_test);

5
htdocs/main.inc.php
View File

@ -1540,6 +1540,7 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr
print '<meta name="robots" content="'.($disablenoindex ? 'index' : 'noindex').($disablenofollow ? ',follow' : ',nofollow').'">'."\n"; // Do not index
print '<meta name="viewport" content="width=device-width, initial-scale=1.0">'."\n"; // Scale for mobile device
print '<meta name="author" content="Dolibarr Development Team">'."\n";
print '<meta name="anti-csrf-token" content="'.newToken().'">'."\n";
if (getDolGlobalInt('MAIN_FEATURES_LEVEL')) {
print '<meta name="MAIN_FEATURES_LEVEL" content="'.getDolGlobalInt('MAIN_FEATURES_LEVEL').'">'."\n";
}
@ -1548,8 +1549,8 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr
if (!empty($mysoc->logo_squarred_mini)) {
$favicon = DOL_URL_ROOT.'/viewimage.php?cache=1&modulepart=mycompany&file='.urlencode('logos/thumbs/'.$mysoc->logo_squarred_mini);
}
if (!empty($conf->global->MAIN_FAVICON_URL)) {
$favicon = $conf->global->MAIN_FAVICON_URL;
if (getDolGlobalString('MAIN_FAVICON_URL')) {
$favicon = getDolGlobalString('MAIN_FAVICON_URL');
}
if (empty($conf->dol_use_jmobile)) {
print '<link rel="shortcut icon" type="image/x-icon" href="'.$favicon.'"/>'."\n"; // Not required into an Android webview