forked from Wavyzz/dolibarr
Add CSRF protection
This commit is contained in:
Laurent Destailleur
@@ -1,6 +1,6 @@
|
|||||||
<?php
|
<?php
|
||||||
/* Copyright (C) 2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
/* Copyright (C) 2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||||
* Copyright (C) 2004-2005 Laurent Destailleur <eldy@users.sourceforge.net>
|
* Copyright (C) 2004-2021 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||||
* Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
|
* Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
|
||||||
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
|
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
|
||||||
* Copyright (C) 2005-2012 Regis Houssin <regis.houssin@inodbox.com>
|
* Copyright (C) 2005-2012 Regis Houssin <regis.houssin@inodbox.com>
|
||||||
@@ -21,9 +21,13 @@
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* \file htdocs/admin/system/database-tables.php
|
* \file htdocs/admin/system/database-tables.php
|
||||||
* \brief Page with information on database tables
|
* \brief Page with information on database tables. Add also some maintenance action to convert tables.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
if (! defined('CSRFCHECK_WITH_TOKEN')) {
|
||||||
|
define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET
|
||||||
|
}
|
||||||
|
|
||||||
require '../../main.inc.php';
|
require '../../main.inc.php';
|
||||||
require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
|
require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
|
||||||
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
|
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
|
||||||
@@ -126,14 +130,14 @@ if (!$base) {
|
|||||||
print '</td>';
|
print '</td>';
|
||||||
print '<td>'.$obj->Engine.'</td>';
|
print '<td>'.$obj->Engine.'</td>';
|
||||||
if (isset($obj->Engine) && $obj->Engine == "MyISAM") {
|
if (isset($obj->Engine) && $obj->Engine == "MyISAM") {
|
||||||
print '<td><a class="reposition" href="database-tables.php?action=convert&table='.$obj->Name.'">'.$langs->trans("Convert").' InnoDb</a></td>';
|
print '<td><a class="reposition" href="database-tables.php?action=convert&table='.urlencode($obj->Name).'&token='.newToken().'">'.$langs->trans("Convert").' InnoDb</a></td>';
|
||||||
} else {
|
} else {
|
||||||
print '<td> </td>';
|
print '<td> </td>';
|
||||||
}
|
}
|
||||||
print '<td>';
|
print '<td>';
|
||||||
print $obj->Row_format;
|
print $obj->Row_format;
|
||||||
if (isset($obj->Row_format) && (in_array($obj->Row_format, array("Compact")))) {
|
if (isset($obj->Row_format) && (in_array($obj->Row_format, array("Compact")))) {
|
||||||
print '<br><a class="reposition" href="database-tables.php?action=convertdynamic&table='.$obj->Name.'">'.$langs->trans("Convert").' Dynamic</a>';
|
print '<br><a class="reposition" href="database-tables.php?action=convertdynamic&table='.urlencode($obj->Name).'&token='.newToken().'">'.$langs->trans("Convert").' Dynamic</a>';
|
||||||
}
|
}
|
||||||
print '</td>';
|
print '</td>';
|
||||||
print '<td align="right">'.$obj->Rows.'</td>';
|
print '<td align="right">'.$obj->Rows.'</td>';
|
||||||
@@ -145,7 +149,7 @@ if (!$base) {
|
|||||||
print '<td align="right">'.$obj->Check_time.'</td>';
|
print '<td align="right">'.$obj->Check_time.'</td>';
|
||||||
print '<td align="right">'.$obj->Collation;
|
print '<td align="right">'.$obj->Collation;
|
||||||
if (isset($obj->Collation) && (in_array($obj->Collation, array("utf8mb4_general_ci", "utf8mb4_unicode_ci", "latin1_swedish_ci")))) {
|
if (isset($obj->Collation) && (in_array($obj->Collation, array("utf8mb4_general_ci", "utf8mb4_unicode_ci", "latin1_swedish_ci")))) {
|
||||||
print '<br><a class="reposition" href="database-tables.php?action=convertutf8&table='.$obj->Name.'">'.$langs->trans("Convert").' UTF8</a>';
|
print '<br><a class="reposition" href="database-tables.php?action=convertutf8&table='.urlencode($obj->Name).'&token='.newtoken().'">'.$langs->trans("Convert").' UTF8</a>';
|
||||||
}
|
}
|
||||||
print '</td>';
|
print '</td>';
|
||||||
print '</tr>';
|
print '</tr>';
|
||||||
|
|||||||
Reference in New Issue
Block a user