Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Add CSRF protection

Browse Source
This commit is contained in:
Laurent Destailleur
2021-08-04 13:05:07 +02:00
parent a84c994368
commit 2f3105d884
1 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/admin/system/database-tables.php
View File

@@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2005 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2021 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
* Copyright (C) 2005-2012 Regis Houssin <regis.houssin@inodbox.com>
@@ -21,9 +21,13 @@
/**
* \file htdocs/admin/system/database-tables.php
* \brief Page with information on database tables
* \brief Page with information on database tables. Add also some maintenance action to convert tables.
*/
if (! defined('CSRFCHECK_WITH_TOKEN')) {
define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET
}
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
@@ -126,14 +130,14 @@ if (!$base) {
print '</td>';
print '<td>'.$obj->Engine.'</td>';
if (isset($obj->Engine) && $obj->Engine == "MyISAM") {
print '<td><a class="reposition" href="database-tables.php?action=convert&amp;table='.$obj->Name.'">'.$langs->trans("Convert").' InnoDb</a></td>';
print '<td><a class="reposition" href="database-tables.php?action=convert&table='.urlencode($obj->Name).'&token='.newToken().'">'.$langs->trans("Convert").' InnoDb</a></td>';
} else {
print '<td>&nbsp;</td>';
}
print '<td>';
print $obj->Row_format;
if (isset($obj->Row_format) && (in_array($obj->Row_format, array("Compact")))) {
print '<br><a class="reposition" href="database-tables.php?action=convertdynamic&amp;table='.$obj->Name.'">'.$langs->trans("Convert").' Dynamic</a>';
print '<br><a class="reposition" href="database-tables.php?action=convertdynamic&table='.urlencode($obj->Name).'&token='.newToken().'">'.$langs->trans("Convert").' Dynamic</a>';
}
print '</td>';
print '<td align="right">'.$obj->Rows.'</td>';
@@ -145,7 +149,7 @@ if (!$base) {
print '<td align="right">'.$obj->Check_time.'</td>';
print '<td align="right">'.$obj->Collation;
if (isset($obj->Collation) && (in_array($obj->Collation, array("utf8mb4_general_ci", "utf8mb4_unicode_ci", "latin1_swedish_ci")))) {
print '<br><a class="reposition" href="database-tables.php?action=convertutf8&amp;table='.$obj->Name.'">'.$langs->trans("Convert").' UTF8</a>';
print '<br><a class="reposition" href="database-tables.php?action=convertutf8&table='.urlencode($obj->Name).'&token='.newtoken().'">'.$langs->trans("Convert").' UTF8</a>';
}
print '</td>';
print '</tr>';