From b8d7a4373c2deeba697b592eb6eb23fa19812e85 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 15 May 2020 14:34:24 +0200 Subject: [PATCH] Update viewimage.php --- htdocs/viewimage.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index c72a4e0424e..b2534ee92dd 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -52,7 +52,7 @@ if (isset($_GET["hashp"]) && !defined("NOLOGIN")) if (!defined("NOIPCHECK")) define("NOIPCHECK", 1); // Do not check IP defined into conf $dolibarr_main_restrict_ip } // Some value of modulepart can be used to get resources that are public so no login are required. -if ((isset($_GET["modulepart"]) && $_GET["modulepart"] == 'medias')) +if (isset($_GET["modulepart"]) && $_GET["modulepart"] == 'medias') { if (!defined("NOLOGIN")) define("NOLOGIN", 1); if (!defined("NOCSRFCHECK")) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. @@ -60,7 +60,7 @@ if ((isset($_GET["modulepart"]) && $_GET["modulepart"] == 'medias')) } // Used by TakePOS Auto Order -if (isset($_GET["publictakepos"])) +if (isset($_GET["modulepart"]) && $_GET["modulepart"] == 'product' && isset($_GET["publictakepos"])) { if (!defined("NOLOGIN")) define("NOLOGIN", 1); if (!defined("NOCSRFCHECK")) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. @@ -203,9 +203,11 @@ if (!empty($hashp)) $accessallowed = 1; // When using hashp, link is public so we force $accessallowed $sqlprotectagainstexternals = ''; } -elseif (! empty($conf->global->TAKEPOS_AUTO_ORDER) && isset($_GET["publictakepos"])) +elseif (isset($_GET["publictakepos"])) { - $accessallowed = 1; // Only if TakePOS Public Auto Order is enabled and received publictakepos variable + if (! empty($conf->global->TAKEPOS_AUTO_ORDER)) { + $accessallowed = 1; // Only if TakePOS Public Auto Order is enabled and received publictakepos variable + } } else {