diff --git a/htdocs/barcode/printsheet.php b/htdocs/barcode/printsheet.php index 5128cd56164..8663d50e66a 100644 --- a/htdocs/barcode/printsheet.php +++ b/htdocs/barcode/printsheet.php @@ -374,24 +374,24 @@ jQuery(document).ready(function() { '; // Checkbox to select from free text -print ' '.$langs->trans("FillBarCodeTypeAndValueManually").'   '; +print ''; print '
'; if (!empty($user->rights->produit->lire) || !empty($user->rights->service->lire)) { - print ' '.$langs->trans("FillBarCodeTypeAndValueFromProduct").'   '; + print ''; print '
'; print '
'; $form->select_produits(GETPOST('productid', 'int'), 'productid', '', '', 0, -1, 2, '', 0, array(), 0, '1', 0, 'minwidth400imp', 1); - print '   '; + print '   '; print '
'; } if (!empty($user->rights->societe->lire)) { - print ' '.$langs->trans("FillBarCodeTypeAndValueFromThirdParty").'   '; + print ''; print '
'; print '
'; print $form->select_company(GETPOST('socid', 'int'), 'socid', '', 'SelectThirdParty', 0, 0, array(), 0, 'minwidth300'); - print '   '; + print '   '; print '
'; } diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 2d977e5a288..8dd5c45642f 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -475,7 +475,9 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt( $sensitiveget = false; if ((GETPOSTISSET('massaction') || GETPOST('action', 'aZ09')) && getDolGlobalInt('MAIN_SECURITY_CSRF_WITH_TOKEN') >= 3) { // All GET actions and mass actions are processed as sensitive. - $sensitiveget = true; + if (GETPOSTISSET('massaction') || !in_array(GETPOST('action', 'aZ09'), array('create', 'file_manager'))) { // We exclude the case action='create' and action='file_manager' that are legitimate + $sensitiveget = true; + } } elseif (getDolGlobalInt('MAIN_SECURITY_CSRF_WITH_TOKEN') >= 2) { // Few GET actions coded with a &token into url are processed as sensitive. $arrayofactiontoforcetokencheck = array(