Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix use of token

Browse Source
This commit is contained in:
Laurent Destailleur 2020-11-16 14:36:23 +01:00
parent d8753ea224
commit 548a25b005
4 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/contrat/card.php
View File

@ -2183,7 +2183,7 @@ if (!empty($conf->margin->enabled) && $action == 'editline')
$(document).ready(function() {
var idprod = $("input[name='idprod']").val();
var fournprice = $("input[name='fournprice']").val();
var token = '<?php echo $_SESSION["token"]; ?>'; // For AJAX Call we use old 'token' and not 'newtoken'
var token = '<?php echo currentToken(); ?>'; // For AJAX Call we use old 'token' and not 'newtoken'
if (idprod > 0) {
$.post('<?php echo DOL_URL_ROOT; ?>/fourn/ajax/getSupplierPrices.php', {
'idprod': idprod,

3
htdocs/core/tpl/objectline_create.tpl.php
View File

@ -693,7 +693,8 @@ if (!empty($usemargins) && $user->rights->margins->creer)
$("#buying_price").val("").show();
/* Call post to load content of combo list fournprice_predef */
$.post('<?php echo DOL_URL_ROOT; ?>/fourn/ajax/getSupplierPrices.php?bestpricefirst=1', { 'idprod': $(this).val(), 'token': '<?php echo newToken(); ?>' }, function(data) {
var token = '<?php echo currentToken(); ?>'; // For AJAX Call we use old 'token' and not 'newtoken'
$.post('<?php echo DOL_URL_ROOT; ?>/fourn/ajax/getSupplierPrices.php?bestpricefirst=1', { 'idprod': $(this).val(), 'token': token }, function(data) {
if (data && data.length > 0)
{
var options = ''; var defaultkey = ''; var defaultprice = ''; var bestpricefound = 0;

3
htdocs/core/tpl/objectline_edit.tpl.php
View File

@ -434,7 +434,8 @@ jQuery(document).ready(function()
});
/* Init field buying_price and fournprice */
$.post('<?php echo DOL_URL_ROOT; ?>/fourn/ajax/getSupplierPrices.php', {'idprod': <?php echo $line->fk_product ? $line->fk_product : 0; ?>, 'token': '<?php echo newToken(); ?>'}, function(data) {
var token = '<?php echo currentToken(); ?>'; // For AJAX Call we use old 'token' and not 'newtoken'
$.post('<?php echo DOL_URL_ROOT; ?>/fourn/ajax/getSupplierPrices.php', {'idprod': <?php echo $line->fk_product ? $line->fk_product : 0; ?>, 'token': token }, function(data) {
if (data && data.length > 0) {
var options = '';
var trouve=false;

2
htdocs/main.inc.php
View File

@ -988,7 +988,7 @@ if (!defined('NOLOGIN'))
$user->getrights();
}
dol_syslog("--- Access to ".$_SERVER["REQUEST_METHOD"].' '.$_SERVER["PHP_SELF"].' - action='.GETPOST('action', 'aZ09').', massaction='.GETPOST('massaction', 'aZ09'));
dol_syslog("--- Access to ".$_SERVER["REQUEST_METHOD"].' '.$_SERVER["PHP_SELF"].' - action='.GETPOST('action', 'aZ09').', massaction='.GETPOST('massaction', 'aZ09').' NOTOKENRENEWAL='.constant('NOTOKENRENEWAL'));
//Another call for easy debugg
//dol_syslog("Access to ".$_SERVER["PHP_SELF"].' GET='.join(',',array_keys($_GET)).'->'.join(',',$_GET).' POST:'.join(',',array_keys($_POST)).'->'.join(',',$_POST));