Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add more action to GET action to check

Browse Source
This commit is contained in:
Laurent Destailleur 2021-10-02 12:58:15 +02:00
parent 2671eeb4e5
commit d064ab2b17
25 changed files with 56 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/adherents/subscription.php
View File

@ -670,7 +670,7 @@ if ($rowid > 0) {
print '<div class="tabsAction">';
if ($object->statut > 0) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?rowid='.$rowid.'&action=addsubscription">'.$langs->trans("AddSubscription")."</a></div>";
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?rowid='.$rowid.'&action=addsubscription&token='.newToken().'">'.$langs->trans("AddSubscription")."</a></div>";
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("ValidateBefore")).'">'.$langs->trans("AddSubscription").'</a></div>';
}

2
htdocs/admin/menus/edit.php
View File

@ -281,7 +281,7 @@ if ($action == 'create') {
print load_fiche_titre($langs->trans("NewMenu"), '', 'title_setup');
print '<form action="./edit.php?action=add&menuId='.GETPOST('menuId', 'int').'" method="post" name="formmenucreate">';
print '<form action="'.DOL_URL_ROOT.'/admin/menus/edit.php?action=add&token='.newToken().'&menuId='.GETPOST('menuId', 'int').'" method="post" name="formmenucreate">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print dol_get_fiche_head();

2
htdocs/admin/paymentbybanktransfer.php
View File

@ -429,7 +429,7 @@ if (! empty($conf->global->MAIN_MODULE_NOTIFICATION))
}
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'?action=addnotif">';
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'?action=addnotif&token='.newToken().'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';

2
htdocs/admin/perms.php
View File

@ -236,7 +236,7 @@ if ($result) {
print '</td>';
} else {
print '<td class="center">';
print '<a class="reposition" href="perms.php?pid='.$obj->id.'&amp;action=add">';
print '<a class="reposition" href="perms.php?pid='.$obj->id.'&action=add&token='.newToken().'">';
//print img_edit_add();
print img_picto('', 'switch_off');
print '</a>';

2
htdocs/admin/prelevement.php
View File

@ -443,7 +443,7 @@ if (! empty($conf->global->MAIN_MODULE_NOTIFICATION))
}
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'?action=addnotif">';
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'?action=addnotif&token='.newToken().'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';

2
htdocs/categories/photos.php
View File

@ -231,7 +231,7 @@ if ($object->id) {
// On propose la generation de la vignette si elle n'existe pas et si la taille est superieure aux limites
if (!$obj['photo_vignette'] && preg_match('/(\.bmp|\.gif|\.jpg|\.jpeg|\.png)$/i', $obj['photo']) && ($object->imgWidth > $maxWidth || $object->imgHeight > $maxHeight)) {
print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addthumb&amp;type='.$type.'&amp;file='.urlencode($pdir.$viewfilename).'">'.img_picto($langs->trans('GenerateThumb'), 'refresh').'&nbsp;&nbsp;</a>';
print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&token='.newToken().'&action=addthumb&type='.$type.'&file='.urlencode($pdir.$viewfilename).'">'.img_picto($langs->trans('GenerateThumb'), 'refresh').'&nbsp;&nbsp;</a>';
}
if ($user->rights->categorie->creer) {
print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delete&token='.newToken().'&type='.$type.'&file='.urlencode($pdir.$viewfilename).'">';

2
htdocs/comm/mailing/cibles.php
View File

@ -378,7 +378,7 @@ if ($object->fetch($id) >= 0) {
$var = !$var;
if ($allowaddtarget) {
print '<form '.$bctag[$var].' name="'.$modulename.'" action="'.$_SERVER['PHP_SELF'].'?action=add&id='.$object->id.'&module='.$modulename.'" method="POST" enctype="multipart/form-data">';
print '<form '.$bctag[$var].' name="'.$modulename.'" action="'.$_SERVER['PHP_SELF'].'?action=add&token='.newToken().'&id='.$object->id.'&module='.$modulename.'" method="POST" enctype="multipart/form-data">';
print '<input type="hidden" name="token" value="'.newToken().'">';
} else {
print '<div '.$bctag[$var].'>';

4
htdocs/compta/bank/bankentries_list.php
View File

@ -932,10 +932,10 @@ if ($resql) {
$newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/bank/various_payment/card.php?action=create&accountid='.urlencode($search_account).'&backtopage='.urlencode($_SERVER['PHP_SELF'].'?id='.urlencode($search_account)), '', $user->rights->banque->modifier);
} else // If direct entries is not done using miscellaneous payments
{
$newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"].'?action=addline&page='.$page.$param, '', $user->rights->banque->modifier);
$newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"].'?action=addline&token='.newToken().'&page='.$page.$param, '', $user->rights->banque->modifier);
}
} else {
$newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"].'?action=addline&page='.$page.$param, '', -1);
$newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"].'?action=addline&token='.newToken().'&page='.$page.$param, '', -1);
}
}

2
htdocs/core/class/commonobject.class.php
View File

@ -8220,7 +8220,7 @@ abstract class CommonObject
$return .= '<br>';
// On propose la generation de la vignette si elle n'existe pas et si la taille est superieure aux limites
if ($photo_vignette && (image_format_supported($photo) > 0) && ($this->imgWidth > $maxWidth || $this->imgHeight > $maxHeight)) {
$return .= '<a href="'.$_SERVER["PHP_SELF"].'?id='.$this->id.'&amp;action=addthumb&amp;file='.urlencode($pdir.$viewfilename).'">'.img_picto($langs->trans('GenerateThumb'), 'refresh').'&nbsp;&nbsp;</a>';
$return .= '<a href="'.$_SERVER["PHP_SELF"].'?id='.$this->id.'&action=addthumb&token='.newToken().'&file='.urlencode($pdir.$viewfilename).'">'.img_picto($langs->trans('GenerateThumb'), 'refresh').'&nbsp;&nbsp;</a>';
}
// Special cas for product
if ($modulepart == 'product' && ($user->rights->produit->creer || $user->rights->service->creer)) {

2
htdocs/fourn/class/fournisseur.product.class.php
View File

@ -1183,7 +1183,7 @@ class ProductFournisseur extends Product
$label .= $this->displayPriceProductFournisseurLog($logPrices);
}
$url = dol_buildpath('/product/fournisseurs.php', 1).'?id='.$this->id.'&action=add_price&socid='.$this->fourn_id.'&rowid='.$this->product_fourn_price_id;
$url = dol_buildpath('/product/fournisseurs.php', 1).'?id='.$this->id.'&action=add_price&token='.newToken().'&socid='.$this->fourn_id.'&rowid='.$this->product_fourn_price_id;
if ($option != 'nolink') {
// Add param to save lastsearch_values or not

2
htdocs/imports/import.php
View File

@ -1205,7 +1205,7 @@ if ($step == 4 && $datatoimport) {
// async: false
// });'."\n";
// Now reload page
print 'var newlocation= \''.$_SERVER["PHP_SELF"].'?step=4'.$param.'&action=saveorder&boxorder=\' + boxorder;'."\n";
print 'var newlocation= \''.$_SERVER["PHP_SELF"].'?step=4'.$param.'&action=saveorder&token='.newToken().'&boxorder=\' + boxorder;'."\n";
//print 'alert(newlocation);';
print 'window.location.href=newlocation;'."\n";
print '}'."\n";

4
htdocs/main.inc.php
View File

@ -471,7 +471,7 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt(
} elseif (getDolGlobalInt('MAIN_SECURITY_CSRF_WITH_TOKEN') >= 2) {
// Few GET actions coded with a &token into url are processed as sensitive.
$arrayofactiontoforcetokencheck = array(
'activate', 'add', 'addrights', 'addtimespent',
'activate',
'doprev', 'donext', 'dvprev', 'dvnext',
'install',
'reopen'
@ -479,7 +479,7 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt(
if (in_array(GETPOST('action', 'aZ09'), $arrayofactiontoforcetokencheck)) {
$sensitiveget = true;
}
if (preg_match('/^(classify|close|confirm|del|disable|enable|remove|set|unset|update)/', GETPOST('action', 'aZ09'))) {
if (preg_match('/^(add|classify|close|confirm|copy|del|disable|enable|remove|set|unset|update|save|)/', GETPOST('action', 'aZ09'))) {
$sensitiveget = true;
}
}

4
htdocs/mrp/mo_production.php
View File

@ -704,7 +704,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
$newlinetext = '';
if ($object->status != $object::STATUS_PRODUCED && $object->status != $object::STATUS_CANCELED && $action != 'consumeorproduce' && $action != 'consumeandproduceall') {
$newlinetext = '<a href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addconsumeline">'.$langs->trans("AddNewConsumeLines").'</a>';
$newlinetext = '<a href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addconsumeline&token='.newToken().'">'.$langs->trans("AddNewConsumeLines").'</a>';
}
print load_fiche_titre($langs->trans('Consumption'), '', '', 0, '', '', $newlinetext);
@ -996,7 +996,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
$newlinetext = '';
if ($object->status != $object::STATUS_PRODUCED && $object->status != $object::STATUS_CANCELED && $action != 'consumeorproduce' && $action != 'consumeandproduceall') {
if ($nblinetoproduce == 0 || $object->mrptype == 1) {
$newlinetext = '<a href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addproduceline">'.$langs->trans("AddNewProduceLines").'</a>';
$newlinetext = '<a href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addproduceline&token='.newToken().'">'.$langs->trans("AddNewProduceLines").'</a>';
}
}
print load_fiche_titre($langs->trans('Production'), '', '', 0, '', '', $newlinetext);

39
htdocs/product/fournisseurs.php
View File

@ -767,11 +767,6 @@ END;
// Barcode
if (!empty($conf->barcode->enabled)) {
// Option to define a transport cost on supplier price
print '<tr>';
print '<td>'.$langs->trans('BarcodeValue').'</td>';
print '<td>'.img_picto('', 'barcode', 'class="pictofixedwidth"').'<input class="flat" name="barcode" value="'.($rowid ? $object->supplier_barcode : '').'"></td>';
print '</tr>';
$formbarcode = new FormBarCode($db);
// Barcode type
@ -781,6 +776,12 @@ END;
print $formbarcode->selectBarcodeType(($rowid ? $object->supplier_fk_barcode_type : $conf->global->PRODUIT_DEFAULT_BARCODE_TYPE), 'fk_barcode_type', 1);
print '</td>';
print '</tr>';
// Barcode value
print '<tr>';
print '<td>'.$langs->trans('BarcodeValue').'</td>';
print '<td>'.img_picto('', 'barcode', 'class="pictofixedwidth"').'<input class="flat" name="barcode" value="'.($rowid ? $object->supplier_barcode : '').'"></td>';
print '</tr>';
}
// Option to define a transport cost on supplier price
@ -788,7 +789,7 @@ END;
if (!empty($conf->margin->enabled)) {
print '<tr>';
print '<td>'.$langs->trans("Charges").'</td>';
print '<td><input class="flat" name="charges" size="8" value="'.(GETPOST('charges') ?price(GETPOST('charges')) : (isset($object->fourn_charges) ?price($object->fourn_charges) : '')).'">';
print '<td><input class="flat width75" name="charges" value="'.(GETPOST('charges') ? price(GETPOST('charges')) : (isset($object->fourn_charges) ? price($object->fourn_charges) : '')).'">';
print '</td>';
print '</tr>';
}
@ -893,7 +894,7 @@ END;
$reshook = $hookmanager->executeHooks('addMoreActionsButtons', $parameters, $object, $action); // Note that $action and $object may have been modified by hook
if (empty($reshook)) {
if ($usercancreate) {
print '<a class="butAction" href="'.DOL_URL_ROOT.'/product/fournisseurs.php?id='.$object->id.'&amp;action=add_price">';
print '<a class="butAction" href="'.DOL_URL_ROOT.'/product/fournisseurs.php?id='.$object->id.'&action=add_price&token='.newToken().'">';
print $langs->trans("AddSupplierPrice").'</a>';
}
}
@ -933,8 +934,8 @@ END;
'pfp.multicurrency_unitprice'=>array('label'=>$langs->trans("UnitPriceHTCurrency"), 'enabled' => $conf->multicurrency->enabled, 'checked'=>0, 'position'=>10),
'pfp.delivery_time_days'=>array('label'=>$langs->trans("NbDaysToDelivery"), 'checked'=>1, 'position'=>13),
'pfp.supplier_reputation'=>array('label'=>$langs->trans("ReputationForThisProduct"), 'checked'=>1, 'position'=>14),
'pfp.barcode'=>array('label'=>$langs->trans("BarcodeValue"), 'enabled' => $conf->barcode->enabled, 'checked'=>0, 'position'=>15),
'pfp.fk_barcode_type'=>array('label'=>$langs->trans("BarcodeType"), 'enabled' => $conf->barcode->enabled, 'checked'=>0, 'position'=>16),
'pfp.fk_barcode_type'=>array('label'=>$langs->trans("BarcodeType"), 'enabled' => $conf->barcode->enabled, 'checked'=>0, 'position'=>15),
'pfp.barcode'=>array('label'=>$langs->trans("BarcodeValue"), 'enabled' => $conf->barcode->enabled, 'checked'=>0, 'position'=>16),
'pfp.packaging'=>array('label'=>$langs->trans("PackagingForThisProduct"), 'enabled' => !empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING), 'checked'=>0, 'position'=>17),
'pfp.tms'=>array('label'=>$langs->trans("DateModification"), 'enabled' => $conf->barcode->enabled, 'checked'=>1, 'position'=>18),
);
@ -1007,12 +1008,12 @@ END;
if (!empty($arrayfields['pfp.supplier_reputation']['checked'])) {
print_liste_field_titre("ReputationForThisProduct", $_SERVER["PHP_SELF"], "pfp.supplier_reputation", "", $param, '', $sortfield, $sortorder, 'center ');
}
if (!empty($arrayfields['pfp.barcode']['checked'])) {
print_liste_field_titre("BarcodeValue", $_SERVER["PHP_SELF"], "pfp.barcode", "", $param, '', $sortfield, $sortorder, 'center ');
}
if (!empty($arrayfields['pfp.fk_barcode_type']['checked'])) {
print_liste_field_titre("BarcodeType", $_SERVER["PHP_SELF"], "pfp.fk_barcode_type", "", $param, '', $sortfield, $sortorder, 'center ');
}
if (!empty($arrayfields['pfp.barcode']['checked'])) {
print_liste_field_titre("BarcodeValue", $_SERVER["PHP_SELF"], "pfp.barcode", "", $param, '', $sortfield, $sortorder, 'center ');
}
if (!empty($arrayfields['pfp.packaging']['checked'])) {
print_liste_field_titre("PackagingForThisProduct", $_SERVER["PHP_SELF"], "pfp.packaging", "", $param, 'align="center"', $sortfield, $sortorder);
}
@ -1152,13 +1153,6 @@ END;
print'</td>';
}
// Barcode
if (!empty($arrayfields['pfp.barcode']['checked'])) {
print '<td align="right">';
print $productfourn->supplier_barcode;
print '</td>';
}
// Barcode type
if (!empty($arrayfields['pfp.fk_barcode_type']['checked'])) {
print '<td class="center">';
@ -1168,6 +1162,13 @@ END;
print '</td>';
}
// Barcode
if (!empty($arrayfields['pfp.barcode']['checked'])) {
print '<td align="right">';
print $productfourn->supplier_barcode;
print '</td>';
}
// Packaging
if (!empty($arrayfields['pfp.packaging']['checked'])) {
print '<td align="center">';

2
htdocs/product/price.php
View File

@ -1161,7 +1161,7 @@ if (!$action || $action == 'delete' || $action == 'showlog_customer_price' || $a
if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) {
if ($user->rights->produit->creer || $user->rights->service->creer) {
print '<div class="inline-block divButAction"><a class="butAction" href="' . $_SERVER["PHP_SELF"] . '?action=add_customer_price&token='.newToken().'&id=' . $object->id . '">' . $langs->trans("AddCustomerPrice") . '</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="' . $_SERVER["PHP_SELF"] . '?action=add_customer_price&token='.newToken().'token='.newToken().'&id=' . $object->id . '">' . $langs->trans("AddCustomerPrice") . '</a></div>';
}
}

2
htdocs/public/members/new.php
View File

@ -381,7 +381,7 @@ if (empty($reshook) && $action == 'add') {
$urlback = $conf->global->MEMBER_URL_REDIRECT_SUBSCRIPTION;
// TODO Make replacement of __AMOUNT__, etc...
} else {
$urlback = $_SERVER["PHP_SELF"]."?action=added";
$urlback = $_SERVER["PHP_SELF"]."?action=added&token=".newToken();
}
if (!empty($conf->global->MEMBER_NEWFORM_PAYONLINE) && $conf->global->MEMBER_NEWFORM_PAYONLINE != '-1') {

2
htdocs/public/project/new.php
View File

@ -311,7 +311,7 @@ if (empty($reshook) && $action == 'add') {
$urlback = $conf->global->PROJECT_URL_REDIRECT_LEAD;
// TODO Make replacement of __AMOUNT__, etc...
} else {
$urlback = $_SERVER["PHP_SELF"]."?action=added";
$urlback = $_SERVER["PHP_SELF"]."?action=added&token=".newToken();
}
if (!empty($entity)) {

2
htdocs/societe/price.php
View File

@ -525,7 +525,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) {
print "\n".'<div class="tabsAction">'."\n";
if ($user->rights->produit->creer || $user->rights->service->creer) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?action=add_customer_price&amp;socid='.$object->id.'">'.$langs->trans("AddCustomerPrice").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?action=add_customer_price&token='.newToken().'&socid='.$object->id.'">'.$langs->trans("AddCustomerPrice").'</a></div>';
}
print "\n</div>\n";

4
htdocs/takepos/floors.php
View File

@ -212,9 +212,9 @@ $( document ).ready(function() {
<?php if ($user->admin) {?>
<div style="position: absolute; left: 0.1%; top: 0.8%; width:8%; height:11%;">
<?php if ($mode == "edit") {?>
<a id="add" onclick="window.location.href='floors.php?mode=edit&action=add&floor=<?php echo $floor; ?>';"><?php echo $langs->trans("AddTable"); ?></a>
<a id="add" onclick="window.location.href='floors.php?mode=edit&action=add&token=<?php echo newToken() ?>&floor=<?php echo $floor; ?>';"><?php echo $langs->trans("AddTable"); ?></a>
<?php } else { ?>
<a onclick="window.location.href='floors.php?mode=edit&floor=<?php echo $floor; ?>';"><?php echo $langs->trans("Edit"); ?></a>
<a onclick="window.location.href='floors.php?mode=edit&token=<?php echo newToken() ?>&floor=<?php echo $floor; ?>';"><?php echo $langs->trans("Edit"); ?></a>
<?php } ?>
</div>
<?php }

2
htdocs/takepos/index.php
View File

@ -434,7 +434,7 @@ function ClickProduct(position) {
console.log("Click on product at position "+position+" for idproduct "+idproduct);
if (idproduct=="") return;
// Call page invoice.php to generate the section with product lines
$("#poslines").load("invoice.php?action=addline&place="+place+"&idproduct="+idproduct+"&selectedline="+selectedline, function() {
$("#poslines").load("invoice.php?action=addline&token=<?php echo newToken() ?>&place="+place+"&idproduct="+idproduct+"&selectedline="+selectedline, function() {
<?php if (!empty($conf->global->TAKEPOS_CUSTOMER_DISPLAY)) echo "CustomerDisplay();";?>
});
}

4
htdocs/takepos/invoice.php
View File

@ -1056,12 +1056,12 @@ function DolibarrTakeposPrinting(id) {
}
function CreditNote() {
$("#poslines").load("invoice.php?action=creditnote&invoiceid="+placeid, function() {
$("#poslines").load("invoice.php?action=creditnote&token=<?php echo newToken() ?>&invoiceid="+placeid, function() {
});
}
function SetNote() {
$("#poslines").load("invoice.php?action=addnote&invoiceid="+placeid+"&idline="+selectedline+"&addnote="+$("#textinput").val(), function() {
$("#poslines").load("invoice.php?action=addnote&token=<?php echo newToken() ?>&invoiceid="+placeid+"&idline="+selectedline+"&addnote="+$("#textinput").val(), function() {
});
}

4
htdocs/takepos/phone.php
View File

@ -238,10 +238,10 @@ function AddProductConfirm(placeid, productid){
place=placeid;
<?php
if (defined('INCLUDE_PHONEPAGE_FROM_PUBLIC_PAGE')) {
echo '$("#phonediv2").load("auto_order.php?mobilepage=invoice&action=addline&place="+place+"&idproduct="+productid, function() {
echo '$("#phonediv2").load("auto_order.php?mobilepage=invoice&action=addline&token='.newToken().'&place="+place+"&idproduct="+productid, function() {
});';
} else {
echo '$("#phonediv2").load("invoice.php?mobilepage=invoice&action=addline&place="+place+"&idproduct="+productid, function() {
echo '$("#phonediv2").load("invoice.php?mobilepage=invoice&action=addline&token='.newToken().'&place="+place+"&idproduct="+productid, function() {
});';
}
?>

10
htdocs/user/group/perms.php
View File

@ -248,9 +248,9 @@ if ($object->id > 0) {
print '<td>'.$langs->trans("Module").'</td>';
if ($caneditperms) {
print '<td class="center nowrap">';
print '<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;module=allmodules&amp;confirm=yes&amp;token='.newToken().'">'.$langs->trans("All")."</a>";
print '<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&token='.newToken().'&entity='.$entity.'&module=allmodules&confirm=yes">'.$langs->trans("All")."</a>";
print '/';
print '<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.dol_escape_htmltag($langs->trans("None")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=delrights&amp;entity='.$entity.'&amp;module=allmodules&amp;confirm=yes&amp;token='.newToken().'">'.$langs->trans("None")."</a>";
print '<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.dol_escape_htmltag($langs->trans("None")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delrights&&token='.newToken().'&entity='.$entity.'&module=allmodules&confirm=yes">'.$langs->trans("None")."</a>";
print '</td>';
}
print '<td class="center" width="24">&nbsp;</td>';
@ -302,9 +302,9 @@ if ($object->id > 0) {
print '</td>';
if ($caneditperms) {
print '<td class="center nowrap">';
print '<a class="reposition" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.$langs->trans("All").'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;module='.$obj->module.'&amp;token='.newToken().'">'.$langs->trans("All")."</a>";
print '<a class="reposition" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.$langs->trans("All").'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&entity='.$entity.'&module='.$obj->module.'&token='.newToken().'">'.$langs->trans("All")."</a>";
print '/';
print '<a class="reposition" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.$langs->trans("None").'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=delrights&amp;entity='.$entity.'&amp;module='.$obj->module.'&amp;token='.newToken().'">'.$langs->trans("None")."</a>";
print '<a class="reposition" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.$langs->trans("None").'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delrights&entity='.$entity.'&module='.$obj->module.'&token='.newToken().'">'.$langs->trans("None")."</a>";
print '</td>';
} else {
print '<td>&nbsp;</td>';
@ -353,7 +353,7 @@ if ($object->id > 0) {
} else {
// Do not own permission
if ($caneditperms) {
print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;rights='.$obj->id.'&amp;confirm=yes&amp;token='.newToken().'">';
print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&entity='.$entity.'&rights='.$obj->id.'&confirm=yes&token='.newToken().'">';
//print img_edit_add($langs->trans("Add"));
print img_picto($langs->trans("Add"), 'switch_off');
print '</a></td>';

4
htdocs/user/perms.php
View File

@ -420,7 +420,7 @@ if ($result) {
} else {
// Do not own permission
if ($caneditperms) {
print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;rights='.$obj->id.'&amp;confirm=yes&amp;token='.newToken().'">';
print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&entity='.$entity.'&rights='.$obj->id.'&confirm=yes&token='.newToken().'">';
//print img_edit_add($langs->trans("Add"));
print img_picto($langs->trans("Add"), 'switch_off');
print '</a></td>';
@ -430,7 +430,7 @@ if ($result) {
} else {
// Do not own permission
if ($caneditperms) {
print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;rights='.$obj->id.'&amp;confirm=yes&amp;token='.newToken().'">';
print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&entity='.$entity.'&rights='.$obj->id.'&confirm=yes&token='.newToken().'">';
//print img_edit_add($langs->trans("Add"));
print img_picto($langs->trans("Add"), 'switch_off');
print '</a></td>';

4
htdocs/variants/combinations.php
View File

@ -587,7 +587,7 @@ if (!empty($id) || !empty($ref)) {
$htmltext = $langs->trans("GoOnMenuToCreateVairants", $langs->transnoentities("Product"), $langs->transnoentities("VariantAttributes"));
print $form->textwithpicto('', $htmltext);
/*print ' &nbsp; &nbsp; <a href="'.DOL_URL_ROOT.'/variants/create.php?action=create&backtopage='.urlencode($_SERVER["PHP_SELF"].'?action=add&id='.$object->id).'">';
/*print ' &nbsp; &nbsp; <a href="'.DOL_URL_ROOT.'/variants/create.php?action=create&backtopage='.urlencode($_SERVER["PHP_SELF"].'?action=add&token='.newToken().'&id='.$object->id).'">';
print $langs->trans("Create");
print '</a>';*/
@ -605,7 +605,7 @@ if (!empty($id) || !empty($ref)) {
$htmltext = $langs->trans("GoOnMenuToCreateVairants", $langs->transnoentities("Product"), $langs->transnoentities("VariantAttributes"));
print $form->textwithpicto('', $htmltext);
/*
print ' &nbsp; &nbsp; <a href="'.DOL_URL_ROOT.'/variants/create.php?action=create&backtopage='.urlencode($_SERVER["PHP_SELF"].'?action=add&id='.$object->id).'">';
print ' &nbsp; &nbsp; <a href="'.DOL_URL_ROOT.'/variants/create.php?action=create&backtopage='.urlencode($_SERVER["PHP_SELF"].'?action=add&token='.newToken().'&id='.$object->id).'">';
print $langs->trans("Create");
print '</a>';
*/