mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-02-20 13:46:52 +01:00
Fix: niveau alatoire du jeton sur le confirm_form, on le scurise que si il contient
des donnes POST
This commit is contained in:
Regis Houssin
parent
36c58c62fc
commit
9f86fcc443
|
|
@ -20,7 +20,7 @@
|
|||
/**
|
||||
* \file htdocs/comm/mailing/fiche.php
|
||||
* \ingroup mailing
|
||||
* \brief Fiche mailing, onglet g<EFBFBD>n<EFBFBD>ral
|
||||
* \brief Fiche mailing, onglet general
|
||||
* \version $Id$
|
||||
*/
|
||||
|
||||
|
|
@ -527,21 +527,21 @@ else
|
|||
// Confirmation de la validation du mailing
|
||||
if ($_GET["action"] == 'valide')
|
||||
{
|
||||
$ret=$html->form_confirm("fiche.php?id=".$mil->id,$langs->trans("ValidMailing"),$langs->trans("ConfirmValidMailing"),"confirm_valide");
|
||||
$ret=$html->form_confirm($_SERVER["PHP_SELF"]."?id=".$mil->id,$langs->trans("ValidMailing"),$langs->trans("ConfirmValidMailing"),"confirm_valide");
|
||||
if ($ret == 'html') print '<br>';
|
||||
}
|
||||
|
||||
// Confirm reset
|
||||
if ($_GET["action"] == 'reset')
|
||||
{
|
||||
$ret=$html->form_confirm("fiche.php?id=".$mil->id,$langs->trans("ResetMailing"),$langs->trans("ConfirmResetMailing",$mil->ref),"confirm_reset");
|
||||
$ret=$html->form_confirm($_SERVER["PHP_SELF"]."?id=".$mil->id,$langs->trans("ResetMailing"),$langs->trans("ConfirmResetMailing",$mil->ref),"confirm_reset");
|
||||
if ($ret == 'html') print '<br>';
|
||||
}
|
||||
|
||||
// Confirm delete
|
||||
if ($_GET["action"] == 'delete')
|
||||
{
|
||||
$ret=$html->form_confirm("fiche.php?id=".$mil->id,$langs->trans("DeleteAMailing"),$langs->trans("ConfirmDeleteMailing"),"confirm_delete");
|
||||
$ret=$html->form_confirm($_SERVER["PHP_SELF"]."?id=".$mil->id,$langs->trans("DeleteAMailing"),$langs->trans("ConfirmDeleteMailing"),"confirm_delete");
|
||||
if ($ret == 'html') print '<br>';
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1619,7 +1619,7 @@ class Form
|
|||
{
|
||||
print '<form method="post" action="'.$page.'" class="notoptoleftroright">';
|
||||
print '<input type="hidden" name="action" value="'.$action.'">';
|
||||
print '<input type="hidden" name="token_level_2" value="'.$_SESSION['newtoken'].'">';
|
||||
if (is_array($formquestion)) print '<input type="hidden" name="token_level_2" value="'.$_SESSION['newtoken'].'">';
|
||||
|
||||
print '<table width="100%" class="valid">';
|
||||
|
||||
|
|
|
|||
|
|
@ -183,8 +183,8 @@ if (isset($_POST['token_level_1']) && isset($_SESSION['token_level_1']))
|
|||
//print 'session_token_level_1='.$_SESSION['token_level_1'].'<br>';
|
||||
if ($_POST['token_level_1'] != $_SESSION['token_level_1'])
|
||||
{
|
||||
unset($_POST);
|
||||
dol_syslog("Invalid token_level_1 in ".$_SERVER['HTTP_REFERER'].", action=".$_POST['action'].", _POST['token_level_1']=".$_POST['token_level_1'].", _SESSION['token_level_1']=".$_SESSION['token_level_1']);
|
||||
unset($_POST);
|
||||
}
|
||||
}
|
||||
else if (isset($_POST['token_level_2']) && isset($_SESSION['token_level_2']))
|
||||
|
|
@ -193,8 +193,8 @@ else if (isset($_POST['token_level_2']) && isset($_SESSION['token_level_2']))
|
|||
//print 'session_token_level_2='.$_SESSION['token_level_2'].'<br>';
|
||||
if ($_POST['token_level_2'] != $_SESSION['token_level_2'])
|
||||
{
|
||||
unset($_POST);
|
||||
dol_syslog("Invalid token_level_2 in ".$_SERVER['HTTP_REFERER'].", action=".$_POST['action'].", _POST['token_level_2']=".$_POST['token_level_2'].", _SESSION['token_level_2']=".$_SESSION['token_level_2']);
|
||||
unset($_POST);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user