forked from Wavyzz/dolibarr
factoring token usage
This commit is contained in:
ATM John BOTELLA
@@ -412,7 +412,7 @@ if ($user->rights->adherent->creer)
|
||||
|
||||
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
|
||||
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="formfilteraction" id="formfilteraction" value="list">';
|
||||
print '<input type="hidden" name="action" value="list">';
|
||||
print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
|
||||
|
||||
@@ -99,7 +99,7 @@ if ($object->id)
|
||||
//$morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'projectid', 0, 0, 1, 1);
|
||||
$morehtmlref.='<form method="post" action="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'">';
|
||||
$morehtmlref.='<input type="hidden" name="action" value="classin">';
|
||||
$morehtmlref.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$morehtmlref.='<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$morehtmlref.=$formproject->select_projects(0, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1);
|
||||
$morehtmlref.='<input type="submit" class="button valignmiddle" value="'.$langs->trans("Modify").'">';
|
||||
$morehtmlref.='</form>';
|
||||
|
||||
@@ -92,7 +92,7 @@ if ($sortorder) $param .= '&sortorder='.$sortorder;
|
||||
|
||||
print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
|
||||
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="formfilteraction" id="formfilteraction" value="list">';
|
||||
print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
|
||||
print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
|
||||
|
||||
@@ -317,7 +317,7 @@ if ($resql)
|
||||
|
||||
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
|
||||
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="formfilteraction" id="formfilteraction" value="list">';
|
||||
print '<input type="hidden" name="action" value="list">';
|
||||
print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
|
||||
|
||||
@@ -637,7 +637,7 @@ if ($resql)
|
||||
print '<form method="POST" name="searchFormList" action="'.$_SERVER["PHP_SELF"].'">'."\n";
|
||||
|
||||
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="formfilteraction" id="formfilteraction" value="list">';
|
||||
print '<input type="hidden" name="action" value="list">';
|
||||
print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
|
||||
|
||||
@@ -239,7 +239,7 @@ class box_graph_invoices_permonth extends ModeleBoxes
|
||||
</script>';
|
||||
$stringtoshow.='<div class="center hideobject" id="idfilter'.$this->boxcode.'">'; // hideobject is to start hidden
|
||||
$stringtoshow.='<form class="flat formboxfilter" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
|
||||
$stringtoshow.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$stringtoshow.='<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$stringtoshow.='<input type="hidden" name="action" value="'.$refreshaction.'">';
|
||||
$stringtoshow.='<input type="hidden" name="page_y" value="">';
|
||||
$stringtoshow.='<input type="hidden" name="DOL_AUTOSET_COOKIE" value="DOLUSERCOOKIE_box_'.$this->boxcode.':year,shownb,showtot">';
|
||||
|
||||
@@ -237,7 +237,7 @@ class box_graph_invoices_supplier_permonth extends ModeleBoxes
|
||||
</script>';
|
||||
$stringtoshow.='<div class="center hideobject" id="idfilter'.$this->boxcode.'">'; // hideobject is to start hidden
|
||||
$stringtoshow.='<form class="flat formboxfilter" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
|
||||
$stringtoshow.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$stringtoshow.='<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$stringtoshow.='<input type="hidden" name="action" value="'.$refreshaction.'">';
|
||||
$stringtoshow.='<input type="hidden" name="page_y" value="">';
|
||||
$stringtoshow.='<input type="hidden" name="DOL_AUTOSET_COOKIE" value="DOLUSERCOOKIE_box_'.$this->boxcode.':year,shownb,showtot">';
|
||||
|
||||
@@ -236,7 +236,7 @@ class box_graph_orders_permonth extends ModeleBoxes
|
||||
</script>';
|
||||
$stringtoshow.='<div class="center hideobject" id="idfilter'.$this->boxcode.'">'; // hideobject is to start hidden
|
||||
$stringtoshow.='<form class="flat formboxfilter" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
|
||||
$stringtoshow.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$stringtoshow.='<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$stringtoshow.='<input type="hidden" name="action" value="'.$refreshaction.'">';
|
||||
$stringtoshow.='<input type="hidden" name="page_y" value="">';
|
||||
$stringtoshow.='<input type="hidden" name="DOL_AUTOSET_COOKIE" value="DOLUSERCOOKIE_box_'.$this->boxcode.':year,shownb,showtot">';
|
||||
|
||||
@@ -235,7 +235,7 @@ class box_graph_orders_supplier_permonth extends ModeleBoxes
|
||||
</script>';
|
||||
$stringtoshow.='<div class="center hideobject" id="idfilter'.$this->boxcode.'">'; // hideobject is to start hidden
|
||||
$stringtoshow.='<form class="flat formboxfilter" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
|
||||
$stringtoshow.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$stringtoshow.='<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$stringtoshow.='<input type="hidden" name="action" value="'.$refreshaction.'">';
|
||||
$stringtoshow.='<input type="hidden" name="page_y" value="">';
|
||||
$stringtoshow.='<input type="hidden" name="DOL_AUTOSET_COOKIE" value="DOLUSERCOOKIE_box_'.$this->boxcode.':year,shownb,showtot">';
|
||||
|
||||
@@ -332,7 +332,7 @@ class box_graph_product_distribution extends ModeleBoxes
|
||||
</script>';
|
||||
$stringtoshow.='<div class="center hideobject" id="idfilter'.$this->boxcode.'">'; // hideobject is to start hidden
|
||||
$stringtoshow.='<form class="flat formboxfilter" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
|
||||
$stringtoshow.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$stringtoshow.='<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$stringtoshow.='<input type="hidden" name="action" value="'.$refreshaction.'">';
|
||||
$stringtoshow.='<input type="hidden" name="page_y" value="">';
|
||||
$stringtoshow.='<input type="hidden" name="DOL_AUTOSET_COOKIE" value="DOLUSERCOOKIE_box_'.$this->boxcode.':year,showinvoicenb,showpropalnb,showordernb">';
|
||||
|
||||
@@ -236,7 +236,7 @@ class box_graph_propales_permonth extends ModeleBoxes
|
||||
</script>';
|
||||
$stringtoshow.='<div class="center hideobject divboxfilter" id="idfilter'.$this->boxcode.'">'; // hideobject is to start hidden
|
||||
$stringtoshow.='<form class="flat formboxfilter" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
|
||||
$stringtoshow.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$stringtoshow.='<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$stringtoshow.='<input type="hidden" name="action" value="'.$refreshaction.'">';
|
||||
$stringtoshow.='<input type="hidden" name="page_y" value="">';
|
||||
$stringtoshow.='<input type="hidden" name="DOL_AUTOSET_COOKIE" value="DOLUSERCOOKIE_box_'.$this->boxcode.':year,shownb,showtot">';
|
||||
|
||||
@@ -121,7 +121,7 @@ class box_task extends ModeleBoxes
|
||||
$boxcontent.= '<div id="ancor-idfilter'.$this->boxcode.'" style="display: block; position: absolute; margin-top: -100px"></div>'."\n";
|
||||
$boxcontent.= '<div id="idfilter'.$this->boxcode.'" class="center" >'."\n";
|
||||
$boxcontent.= '<form class="flat " method="POST" action="'.$_SERVER["PHP_SELF"].'#ancor-idfilter'.$this->boxcode.'">'."\n";
|
||||
$boxcontent.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">'."\n";
|
||||
$boxcontent.= '<input type="hidden" name="token" value="'.newToken().'">'."\n";
|
||||
$selectArray = array('all' => $langs->trans("NoFilter"), 'im_task_contact' => $langs->trans("WhichIamLinkedTo"), 'im_project_contact' => $langs->trans("WhichIamLinkedToProject"));
|
||||
$boxcontent.= $form->selectArray($cookie_name, $selectArray, $filterValue);
|
||||
$boxcontent.= '<button type="submit" class="button">'.$langs->trans("Refresh").'</button>';
|
||||
|
||||
@@ -185,7 +185,7 @@ class Form
|
||||
$ret .= "\n";
|
||||
$ret .= '<form method="post" action="'.$_SERVER["PHP_SELF"].($moreparam ? '?'.$moreparam : '').'">';
|
||||
$ret .= '<input type="hidden" name="action" value="set'.$htmlname.'">';
|
||||
$ret .= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$ret .= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$ret .= '<input type="hidden" name="'.$paramid.'" value="'.$object->id.'">';
|
||||
if (empty($notabletag)) $ret .= '<table class="nobordernopadding centpercent" cellpadding="0" cellspacing="0">';
|
||||
if (empty($notabletag)) $ret .= '<tr><td>';
|
||||
@@ -825,7 +825,7 @@ class Form
|
||||
{
|
||||
$out .= '<form method="post" action="'.$page.'">';
|
||||
$out .= '<input type="hidden" name="action" value="set_incoterms">';
|
||||
$out .= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$out .= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
}
|
||||
|
||||
$out .= '<select id="'.$htmlname.'" class="flat selectincoterm minwidth100imp noenlargeonsmartphone" name="'.$htmlname.'" '.$htmloption.'>';
|
||||
@@ -3642,7 +3642,7 @@ class Form
|
||||
if ($htmlname != "none") {
|
||||
print '<form method="POST" action="'.$page.'">';
|
||||
print '<input type="hidden" name="action" value="setshippingmethod">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$this->selectShippingMethod($selected, $htmlname, '', $addempty);
|
||||
print '<input type="submit" class="button valignmiddle" value="'.$langs->trans("Modify").'">';
|
||||
print '</form>';
|
||||
@@ -3918,7 +3918,7 @@ class Form
|
||||
if ($htmlname != "none") {
|
||||
print '<form method="POST" action="'.$page.'">';
|
||||
print '<input type="hidden" name="action" value="setbankaccount">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$nbaccountfound = $this->select_comptes($selected, $htmlname, 0, '', $addempty);
|
||||
if ($nbaccountfound > 0) print '<input type="submit" class="button valignmiddle" value="'.$langs->trans("Modify").'">';
|
||||
print '</form>';
|
||||
@@ -4256,7 +4256,7 @@ class Form
|
||||
closeOnEscape: false,
|
||||
buttons: {
|
||||
"'.dol_escape_js($langs->transnoentities("Yes")).'": function() {
|
||||
var options = "&token='.urlencode($_SESSION['newtoken']).'";
|
||||
var options = "&token='.urlencode(newToken()).'";
|
||||
var inputok = '.json_encode($inputok).';
|
||||
var pageyes = "'.dol_escape_js(!empty($pageyes) ? $pageyes : '').'";
|
||||
if (inputok.length>0) {
|
||||
@@ -4275,7 +4275,7 @@ class Form
|
||||
$(this).dialog("close");
|
||||
},
|
||||
"'.dol_escape_js($langs->transnoentities("No")).'": function() {
|
||||
var options = "&token='.urlencode($_SESSION['newtoken']).'";
|
||||
var options = "&token='.urlencode(newToken()).'";
|
||||
var inputko = '.json_encode($inputko).';
|
||||
var pageno="'.dol_escape_js(!empty($pageno) ? $pageno : '').'";
|
||||
if (inputko.length>0) {
|
||||
@@ -4314,7 +4314,7 @@ class Form
|
||||
if (empty($disableformtag)) $formconfirm .= '<form method="POST" action="'.$page.'" class="notoptoleftroright">'."\n";
|
||||
|
||||
$formconfirm .= '<input type="hidden" name="action" value="'.$action.'">'."\n";
|
||||
$formconfirm .= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">'."\n";
|
||||
$formconfirm .= '<input type="hidden" name="token" value="'.newToken().'">'."\n";
|
||||
|
||||
$formconfirm .= '<table class="valid centpercent">'."\n";
|
||||
|
||||
@@ -4382,7 +4382,7 @@ class Form
|
||||
$out .= "\n";
|
||||
$out .= '<form method="post" action="'.$page.'">';
|
||||
$out .= '<input type="hidden" name="action" value="classin">';
|
||||
$out .= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$out .= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$out .= $formproject->select_projects($socid, $selected, $htmlname, $maxlength, 0, 1, $discard_closed, $forcefocus, 0, 0, '', 1);
|
||||
$out .= '<input type="submit" class="button" value="'.$langs->trans("Modify").'">';
|
||||
$out .= '</form>';
|
||||
@@ -4428,7 +4428,7 @@ class Form
|
||||
{
|
||||
print '<form method="post" action="'.$page.'">';
|
||||
print '<input type="hidden" name="action" value="setconditions">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$this->select_conditions_paiements($selected, $htmlname, -1, $addempty);
|
||||
print '<input type="submit" class="button valignmiddle" value="'.$langs->trans("Modify").'">';
|
||||
print '</form>';
|
||||
@@ -4463,7 +4463,7 @@ class Form
|
||||
{
|
||||
print '<form method="post" action="'.$page.'">';
|
||||
print '<input type="hidden" name="action" value="setavailability">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$this->selectAvailabilityDelay($selected, $htmlname, -1, $addempty);
|
||||
print '<input type="submit" class="button" value="'.$langs->trans("Modify").'">';
|
||||
print '</form>';
|
||||
@@ -4497,7 +4497,7 @@ class Form
|
||||
{
|
||||
print '<form method="post" action="'.$page.'">';
|
||||
print '<input type="hidden" name="action" value="setdemandreason">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$this->selectInputReason($selected, $htmlname, -1, $addempty);
|
||||
print '<input type="submit" class="button" value="'.$langs->trans("Modify").'">';
|
||||
print '</form>';
|
||||
@@ -4545,7 +4545,7 @@ class Form
|
||||
{
|
||||
$ret .= '<form method="post" action="'.$page.'" name="form'.$htmlname.'">';
|
||||
$ret .= '<input type="hidden" name="action" value="set'.$htmlname.'">';
|
||||
$ret .= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$ret .= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$ret .= '<table class="nobordernopadding" cellpadding="0" cellspacing="0">';
|
||||
$ret .= '<tr><td>';
|
||||
$ret .= $this->selectDate($selected, $htmlname, $displayhour, $displaymin, 1, 'form'.$htmlname, 1, 0);
|
||||
@@ -4584,7 +4584,7 @@ class Form
|
||||
{
|
||||
print '<form method="POST" action="'.$page.'" name="form'.$htmlname.'">';
|
||||
print '<input type="hidden" name="action" value="set'.$htmlname.'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print $this->select_dolusers($selected, $htmlname, 1, $exclude, 0, $include);
|
||||
print '<input type="submit" class="button valignmiddle" value="'.$langs->trans("Modify").'">';
|
||||
print '</form>';
|
||||
@@ -4624,7 +4624,7 @@ class Form
|
||||
{
|
||||
print '<form method="POST" action="'.$page.'">';
|
||||
print '<input type="hidden" name="action" value="setmode">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$this->select_types_paiements($selected, $htmlname, $filtertype, 0, $addempty, 0, 0, $active);
|
||||
print '<input type="submit" class="button valignmiddle" value="'.$langs->trans("Modify").'">';
|
||||
print '</form>';
|
||||
@@ -4658,7 +4658,7 @@ class Form
|
||||
{
|
||||
print '<form method="POST" action="'.$page.'">';
|
||||
print '<input type="hidden" name="action" value="setmulticurrencycode">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print $this->selectMultiCurrency($selected, $htmlname, 0);
|
||||
print '<input type="submit" class="button valignmiddle" value="'.$langs->trans("Modify").'">';
|
||||
print '</form>';
|
||||
@@ -4689,7 +4689,7 @@ class Form
|
||||
{
|
||||
print '<form method="POST" action="'.$page.'">';
|
||||
print '<input type="hidden" name="action" value="setmulticurrencyrate">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="text" name="'.$htmlname.'" value="'.(!empty($rate) ? price($rate) : 1).'" size="10" /> ';
|
||||
print '<select name="calculation_mode">';
|
||||
print '<option value="1">'.$currency.' > '.$conf->currency.'</option>';
|
||||
@@ -4737,7 +4737,7 @@ class Form
|
||||
{
|
||||
print '<form method="post" action="'.$page.'">';
|
||||
print '<input type="hidden" name="action" value="setabsolutediscount">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<div class="inline-block">';
|
||||
if (!empty($discount_type)) {
|
||||
if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS))
|
||||
@@ -4829,7 +4829,7 @@ class Form
|
||||
{
|
||||
print '<form method="post" action="'.$page.'">';
|
||||
print '<input type="hidden" name="action" value="set_contact">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<table class="nobordernopadding" cellpadding="0" cellspacing="0">';
|
||||
print '<tr><td>';
|
||||
$num = $this->select_contacts($societe->id, $selected, $htmlname);
|
||||
@@ -4881,7 +4881,7 @@ class Form
|
||||
{
|
||||
$out .= '<form method="post" action="'.$page.'">';
|
||||
$out .= '<input type="hidden" name="action" value="set_thirdparty">';
|
||||
$out .= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$out .= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$out .= $this->select_company($selected, $htmlname, $filter, $showempty, $showtype, $forcecombo, $events);
|
||||
$out .= '<input type="submit" class="button valignmiddle" value="'.$langs->trans("Modify").'">';
|
||||
$out .= '</form>';
|
||||
@@ -6940,7 +6940,7 @@ class Form
|
||||
print '<br>';
|
||||
print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST" name="formlinked'.$key.'">';
|
||||
print '<input type="hidden" name="action" value="addlink">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="id" value="'.$object->id.'">';
|
||||
print '<input type="hidden" name="addlink" value="'.$key.'">';
|
||||
print '<table class="noborder">';
|
||||
|
||||
@@ -90,7 +90,7 @@ class FormBarCode
|
||||
if (!empty($conf->use_javascript_ajax))
|
||||
{
|
||||
$select_encoder = '<form action="'.DOL_URL_ROOT.'/admin/barcode.php" method="POST" id="form'.$idForm.'">';
|
||||
$select_encoder.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$select_encoder.= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$select_encoder.= '<input type="hidden" name="action" value="update">';
|
||||
$select_encoder.= '<input type="hidden" name="code_id" value="'.$code_id.'">';
|
||||
}
|
||||
@@ -213,7 +213,7 @@ class FormBarCode
|
||||
$out = '';
|
||||
if ($htmlname != "none") {
|
||||
$out .= '<form method="post" action="' . $page . '">';
|
||||
$out .= '<input type="hidden" name="token" value="' . $_SESSION['newtoken'] . '">';
|
||||
$out .= '<input type="hidden" name="token" value="' . newToken() . '">';
|
||||
$out .= '<input type="hidden" name="action" value="set'.$htmlname.'">';
|
||||
$out .= '<table class="nobordernopadding" cellpadding="0" cellspacing="0">';
|
||||
$out .= '<tr><td>';
|
||||
|
||||
@@ -135,7 +135,7 @@ class FormCompany extends Form
|
||||
|
||||
print '<form method="post" action="'.$page.'">';
|
||||
print '<input type="hidden" name="action" value="setprospectlevel">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
|
||||
dol_syslog(get_class($this).'::form_prospect_level', LOG_DEBUG);
|
||||
$sql = "SELECT code, label";
|
||||
|
||||
@@ -183,7 +183,7 @@ class FormContract
|
||||
print "\n";
|
||||
print '<form method="post" action="'.$page.'">';
|
||||
print '<input type="hidden" name="action" value="setcontract">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$this->select_contract($socid, $selected, $htmlname, $maxlength, $showempty);
|
||||
print '<input type="submit" class="button valignmiddle" value="'.$langs->trans("Modify").'">';
|
||||
print '</form>';
|
||||
|
||||
@@ -118,7 +118,7 @@ class FormFile
|
||||
if (empty($usewithoutform)) // Try to avoid this and set instead the form by the caller.
|
||||
{
|
||||
$out .= '<form name="'.$htmlname.'" id="'.$htmlname.'" action="'.$url.'" enctype="multipart/form-data" method="POST">';
|
||||
$out .= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$out .= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$out .= '<input type="hidden" id="'.$htmlname.'_section_dir" name="section_dir" value="'.$sectiondir.'">';
|
||||
$out .= '<input type="hidden" id="'.$htmlname.'_section_id" name="section_id" value="'.$sectionid.'">';
|
||||
$out .= '<input type="hidden" name="sortfield" value="'.GETPOST('sortfield', 'alpha').'">';
|
||||
@@ -232,7 +232,7 @@ class FormFile
|
||||
if (empty($usewithoutform))
|
||||
{
|
||||
$out .= '<form name="'.$htmlname.'_link" id="'.$htmlname.'_link" action="'.$url.'" method="POST">'."\n";
|
||||
$out .= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">'."\n";
|
||||
$out .= '<input type="hidden" name="token" value="'.newToken().'">'."\n";
|
||||
$out .= '<input type="hidden" id="'.$htmlname.'_link_section_dir" name="link_section_dir" value="">'."\n";
|
||||
$out .= '<input type="hidden" id="'.$htmlname.'_link_section_id" name="link_section_id" value="'.$sectionid.'">'."\n";
|
||||
}
|
||||
@@ -707,7 +707,7 @@ class FormFile
|
||||
if ($conf->browser->layout == 'phone') $urlsource .= '#'.$forname.'_form'; // So we switch to form after a generation
|
||||
if (empty($noform)) $out .= '<form action="'.$urlsource.(empty($conf->global->MAIN_JUMP_TAG) ? '' : '#builddoc').'" id="'.$forname.'_form" method="post">';
|
||||
$out .= '<input type="hidden" name="action" value="builddoc">';
|
||||
$out .= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$out .= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
|
||||
$out .= load_fiche_titre($titletoshow, '', '');
|
||||
$out .= '<div class="div-table-responsive-no-min">';
|
||||
@@ -1178,7 +1178,7 @@ class FormFile
|
||||
if (GETPOST('action', 'aZ09') == 'editfile' && $permtoeditline)
|
||||
{
|
||||
print '<form action="'.$_SERVER["PHP_SELF"].'?'.$param.'" method="POST">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="renamefile">';
|
||||
print '<input type="hidden" name="id" value="'.$object->id.'">';
|
||||
print '<input type="hidden" name="modulepart" value="'.$modulepart.'">';
|
||||
@@ -1496,7 +1496,7 @@ class FormFile
|
||||
if (!empty($addfilterfields))
|
||||
{
|
||||
print '<form action="'.$_SERVER['PHP_SELF'].'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="module" value="'.$modulepart.'">';
|
||||
}
|
||||
|
||||
@@ -1790,7 +1790,7 @@ class FormFile
|
||||
print load_fiche_titre($langs->trans("LinkedFiles"));
|
||||
|
||||
print '<form action="'.$_SERVER['PHP_SELF'].($param ? '?'.$param : '').'" method="POST">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
|
||||
print '<table width="100%" class="liste noborder nobottom">';
|
||||
print '<tr class="liste_titre">';
|
||||
|
||||
@@ -410,7 +410,7 @@ class FormMail extends Form
|
||||
|
||||
$out.= '<a id="formmail" name="formmail"></a>';
|
||||
$out.= '<input style="display:none" type="submit" id="sendmail" name="sendmail">';
|
||||
$out.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'" />';
|
||||
$out.= '<input type="hidden" name="token" value="'.newToken().'" />';
|
||||
$out.= '<input type="hidden" name="trackid" value="'.$this->trackid.'" />';
|
||||
}
|
||||
if (! empty($this->withfrom))
|
||||
|
||||
@@ -135,7 +135,7 @@ function limitChars(textarea, limit, infodiv)
|
||||
|
||||
if ($showform) print "<form method=\"POST\" name=\"smsform\" enctype=\"multipart/form-data\" action=\"".$this->param["returnurl"]."\">\n";
|
||||
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
foreach ($this->param as $key=>$value)
|
||||
{
|
||||
print "<input type=\"hidden\" name=\"$key\" value=\"$value\">\n";
|
||||
|
||||
@@ -153,7 +153,7 @@ class FormTicket
|
||||
if ($withdolfichehead) dol_fiche_head(null, 'card', '', 0, '');
|
||||
|
||||
print '<form method="POST" '.($withdolfichehead ? '' : 'style="margin-bottom: 30px;" ').'name="ticket" id="form_create_ticket" enctype="multipart/form-data" action="'.$this->param["returnurl"].'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="'.$this->action.'">';
|
||||
foreach ($this->param as $key => $value) {
|
||||
print '<input type="hidden" name="'.$key.'" value="'.$value.'">';
|
||||
@@ -859,7 +859,7 @@ class FormTicket
|
||||
</script>';
|
||||
|
||||
print '<form method="post" name="ticket" enctype="multipart/form-data" action="'.$this->param["returnurl"].'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="'.$this->action.'">';
|
||||
print '<input type="hidden" name="actionbis" value="add_message">';
|
||||
foreach ($this->param as $key => $value) {
|
||||
|
||||
@@ -8473,3 +8473,12 @@ function isAFileWithExecutableContent($filename)
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return new session token
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function newToken(){
|
||||
return $_SESSION['newtoken'];
|
||||
}
|
||||
|
||||
@@ -119,7 +119,7 @@ class doc_generic_order_odt extends ModelePDFCommandes
|
||||
|
||||
$texte = $this->description.".<br>\n";
|
||||
$texte.= '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$texte.= '<input type="hidden" name="action" value="setModuleOptions">';
|
||||
$texte.= '<input type="hidden" name="param1" value="COMMANDE_ADDON_PDF_ODT_PATH">';
|
||||
$texte.= '<table class="nobordernopadding" width="100%">';
|
||||
|
||||
@@ -66,7 +66,7 @@ class mod_commande_saphir extends ModeleNumRefCommandes
|
||||
|
||||
$texte = $langs->trans('GenericNumRefModelDesc')."<br>\n";
|
||||
$texte.= '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$texte.= '<input type="hidden" name="action" value="updateMask">';
|
||||
$texte.= '<input type="hidden" name="maskconstorder" value="COMMANDE_SAPHIR_MASK">';
|
||||
$texte.= '<table class="nobordernopadding" width="100%">';
|
||||
|
||||
@@ -118,7 +118,7 @@ class doc_generic_contract_odt extends ModelePDFContract
|
||||
|
||||
$texte = $this->description.".<br>\n";
|
||||
$texte.= '<form action="'.$_SERVER["PHP_SELF"].'" method="POST" enctype="multipart/form-data">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$texte.= '<input type="hidden" name="action" value="setModuleOptions">';
|
||||
$texte.= '<input type="hidden" name="param1" value="CONTRACT_ADDON_PDF_ODT_PATH">';
|
||||
$texte.= '<table class="nobordernopadding" width="100%">';
|
||||
|
||||
@@ -73,7 +73,7 @@ class mod_contract_magre extends ModelNumRefContracts
|
||||
|
||||
$texte = $langs->trans('GenericNumRefModelDesc')."<br>\n";
|
||||
$texte.= '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$texte.= '<input type="hidden" name="action" value="updateMask">';
|
||||
$texte.= '<input type="hidden" name="maskconstcontract" value="CONTRACT_MAGRE_MASK">';
|
||||
$texte.= '<table class="nobordernopadding" width="100%">';
|
||||
|
||||
@@ -117,7 +117,7 @@ class doc_generic_product_odt extends ModelePDFProduct
|
||||
|
||||
$texte = $this->description.".<br>\n";
|
||||
$texte.= '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$texte.= '<input type="hidden" name="action" value="setModuleOptions">';
|
||||
$texte.= '<input type="hidden" name="param1" value="PRODUCT_ADDON_PDF_ODT_PATH">';
|
||||
if ($conf->global->MAIN_PROPAL_CHOOSE_ODT_DOCUMENT > 0)
|
||||
|
||||
@@ -103,7 +103,7 @@ class mod_codeproduct_elephant extends ModeleProductCode
|
||||
|
||||
$texte = $langs->trans('GenericNumRefModelDesc')."<br>\n";
|
||||
$texte.= '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$texte.= '<input type="hidden" name="action" value="setModuleOptions">';
|
||||
$texte.= '<input type="hidden" name="param1" value="PRODUCT_ELEPHANT_MASK_PRODUCT">';
|
||||
$texte.= '<input type="hidden" name="param2" value="PRODUCT_ELEPHANT_MASK_SERVICE">';
|
||||
|
||||
@@ -390,7 +390,7 @@ class doc_generic_project_odt extends ModelePDFProjects
|
||||
|
||||
$texte = $this->description.".<br>\n";
|
||||
$texte .= '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
$texte .= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$texte .= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$texte .= '<input type="hidden" name="action" value="setModuleOptions">';
|
||||
$texte .= '<input type="hidden" name="param1" value="PROJECT_ADDON_PDF_ODT_PATH">';
|
||||
$texte .= '<table class="nobordernopadding" width="100%">';
|
||||
|
||||
@@ -70,7 +70,7 @@ class mod_project_universal extends ModeleNumRefProjects
|
||||
|
||||
$texte = $langs->trans('GenericNumRefModelDesc')."<br>\n";
|
||||
$texte.= '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$texte.= '<input type="hidden" name="action" value="updateMask">';
|
||||
$texte.= '<input type="hidden" name="maskconstproject" value="PROJECT_UNIVERSAL_MASK">';
|
||||
$texte.= '<table class="nobordernopadding" width="100%">';
|
||||
|
||||
@@ -350,7 +350,7 @@ class doc_generic_task_odt extends ModelePDFTask
|
||||
|
||||
$texte = $this->description.".<br>\n";
|
||||
$texte.= '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$texte.= '<input type="hidden" name="action" value="setModuleOptions">';
|
||||
$texte.= '<input type="hidden" name="param1" value="PROJECT_TASK_ADDON_PDF_ODT_PATH">';
|
||||
$texte.= '<table class="nobordernopadding" width="100%">';
|
||||
|
||||
@@ -70,7 +70,7 @@ class mod_task_universal extends ModeleNumRefTask
|
||||
|
||||
$texte = $langs->trans('GenericNumRefModelDesc')."<br>\n";
|
||||
$texte.= '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$texte.= '<input type="hidden" name="action" value="updateMaskTask">';
|
||||
$texte.= '<input type="hidden" name="maskconsttask" value="PROJECT_TASK_UNIVERSAL_MASK">';
|
||||
$texte.= '<table class="nobordernopadding" width="100%">';
|
||||
|
||||
@@ -116,7 +116,7 @@ class doc_generic_proposal_odt extends ModelePDFPropales
|
||||
|
||||
$texte = $this->description.".<br>\n";
|
||||
$texte.= '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$texte.= '<input type="hidden" name="action" value="setModuleOptions">';
|
||||
$texte.= '<input type="hidden" name="param1" value="PROPALE_ADDON_PDF_ODT_PATH">';
|
||||
if ($conf->global->MAIN_PROPAL_CHOOSE_ODT_DOCUMENT > 0)
|
||||
|
||||
@@ -72,7 +72,7 @@ class mod_propale_saphir extends ModeleNumRefPropales
|
||||
|
||||
$texte = $langs->trans('GenericNumRefModelDesc')."<br>\n";
|
||||
$texte.= '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$texte.= '<input type="hidden" name="action" value="updateMask">';
|
||||
$texte.= '<input type="hidden" name="maskconstpropal" value="PROPALE_SAPHIR_MASK">';
|
||||
$texte.= '<table class="nobordernopadding" width="100%">';
|
||||
|
||||
@@ -101,7 +101,7 @@ class doc_generic_odt extends ModeleThirdPartyDoc
|
||||
|
||||
$texte = $this->description.".<br>\n";
|
||||
$texte.= '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$texte.= '<input type="hidden" name="action" value="setModuleOptions">';
|
||||
$texte.= '<input type="hidden" name="param1" value="COMPANY_ADDON_PDF_ODT_PATH">';
|
||||
$texte.= '<table class="nobordernopadding" width="100%">';
|
||||
|
||||
@@ -96,7 +96,7 @@ class mod_codeclient_elephant extends ModeleThirdPartyCode
|
||||
|
||||
$texte = $langs->trans('GenericNumRefModelDesc')."<br>\n";
|
||||
$texte.= '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$texte.= '<input type="hidden" name="action" value="setModuleOptions">';
|
||||
$texte.= '<input type="hidden" name="param1" value="COMPANY_ELEPHANT_MASK_CUSTOMER">';
|
||||
$texte.= '<input type="hidden" name="param2" value="COMPANY_ELEPHANT_MASK_SUPPLIER">';
|
||||
|
||||
@@ -77,7 +77,7 @@ class mod_codecompta_aquarium extends ModeleAccountancyCode
|
||||
|
||||
$tooltip='';
|
||||
$texte = '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$texte.= '<input type="hidden" name="action" value="setModuleOptions">';
|
||||
$texte.= '<input type="hidden" name="param1" value="COMPANY_AQUARIUM_MASK_SUPPLIER">';
|
||||
$texte.= '<input type="hidden" name="param2" value="COMPANY_AQUARIUM_MASK_CUSTOMER">';
|
||||
|
||||
@@ -78,7 +78,7 @@ class mod_codecompta_digitaria extends ModeleAccountancyCode
|
||||
|
||||
$tooltip='';
|
||||
$texte = '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$texte.= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$texte.= '<input type="hidden" name="action" value="setModuleOptions">';
|
||||
$texte.= '<input type="hidden" name="param1" value="COMPANY_DIGITARIA_MASK_SUPPLIER">';
|
||||
$texte.= '<input type="hidden" name="param2" value="COMPANY_DIGITARIA_MASK_CUSTOMER">';
|
||||
|
||||
@@ -139,7 +139,7 @@ $langs->load("modulebuilder");
|
||||
|
||||
<!-- Form to edit an extra field -->
|
||||
<form action="<?php echo $_SERVER["PHP_SELF"]; ?>?attrname=<?php echo $attrname; ?>" id="formeditextrafield" method="post">
|
||||
<input type="hidden" name="token" value="<?php echo $_SESSION['newtoken']; ?>">
|
||||
<input type="hidden" name="token" value="<?php echo newToken(); ?>">
|
||||
<input type="hidden" name="attrname" value="<?php echo $attrname; ?>">
|
||||
<input type="hidden" name="action" value="update">
|
||||
<input type="hidden" name="rowid" value="<?php echo $rowid ?>">
|
||||
|
||||
@@ -21,7 +21,7 @@ $varpage = empty($contextpage) ? $_SERVER["PHP_SELF"] : $contextpage;
|
||||
print '<br>';
|
||||
print '<div id="comment">';
|
||||
print '<form method="POST" action="'.$varpage.'?id='.$object->id.'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="addcomment">';
|
||||
print '<input type="hidden" name="id" value="'.$object->id.'">';
|
||||
print '<input type="hidden" name="comment_element_type" value="'.$object->element.'">';
|
||||
@@ -99,7 +99,7 @@ if (!empty($object->comments))
|
||||
if ($action === 'editcomment' && $comment->id == $idcomment)
|
||||
{
|
||||
print '<form method="POST" action="'.$varpage.'?id='.$object->id.'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="updatecomment">';
|
||||
print '<input type="hidden" name="id" value="'.$object->id.'">';
|
||||
print '<input type="hidden" name="idcomment" value="'.$idcomment.'">';
|
||||
|
||||
@@ -169,7 +169,7 @@ if (empty($reshook) && is_array($extrafields->attributes[$object->table_element]
|
||||
print '<form enctype="multipart/form-data" action="' . $_SERVER["PHP_SELF"] . '" method="post" name="formextra">';
|
||||
print '<input type="hidden" name="action" value="update_extras">';
|
||||
print '<input type="hidden" name="attribute" value="' . $key . '">';
|
||||
print '<input type="hidden" name="token" value="' . $_SESSION['newtoken'] . '">';
|
||||
print '<input type="hidden" name="token" value="' . newToken() . '">';
|
||||
print '<input type="hidden" name="'.$fieldid.'" value="' . $object->id . '">';
|
||||
print $extrafields->showInputField($key, $value, '', '', '', 0, $object->id, $object->table_element);
|
||||
|
||||
|
||||
@@ -90,7 +90,7 @@ $(document).ready(function () {
|
||||
<div class="login_vertical_align">
|
||||
|
||||
<form id="login" name="login" method="post" action="<?php echo $php_self; ?>">
|
||||
<input type="hidden" name="token" value="<?php echo $_SESSION['newtoken']; ?>" />
|
||||
<input type="hidden" name="token" value="<?php echo newToken(); ?>" />
|
||||
<input type="hidden" name="actionlogin" value="login">
|
||||
<input type="hidden" name="loginfunction" value="loginfunction" />
|
||||
<!-- Add fields to send local user information -->
|
||||
|
||||
@@ -17,7 +17,7 @@ $formresources = new FormResource($db);
|
||||
$out = '<div class="tagtable centpercent noborder borderbottom allwidth nohover">';
|
||||
|
||||
$out .= '<form class="tagtr nohover '.($var==true?'pair':'impair').'" action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
$out .= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$out .= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$out .= '<input type="hidden" name="action" value="add_element_resource">';
|
||||
$out .= '<input type="hidden" name="element" value="'.$element.'">';
|
||||
$out .= '<input type="hidden" name="element_id" value="'.$element_id.'">';
|
||||
|
||||
@@ -132,7 +132,7 @@ $(document).ready(function() {
|
||||
|
||||
|
||||
print '<form name="createecheancier" action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="loanid" value="'.$loanid.'">';
|
||||
if (count($echeance->lines) > 0)
|
||||
{
|
||||
|
||||
@@ -121,7 +121,7 @@ if ($resql)
|
||||
|
||||
print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">'."\n";
|
||||
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="list">';
|
||||
print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
|
||||
print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
|
||||
|
||||
@@ -198,7 +198,7 @@ if ($action == 'create')
|
||||
print load_fiche_titre($langs->trans("DoPayment"));
|
||||
|
||||
print '<form name="add_payment" action="'.$_SERVER['PHP_SELF'].'" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="id" value="'.$chid.'">';
|
||||
print '<input type="hidden" name="chid" value="'.$chid.'">';
|
||||
print '<input type="hidden" name="line_id" value="'.$line_id.'">';
|
||||
|
||||
@@ -138,7 +138,7 @@ $(document).ready(function() {
|
||||
|
||||
|
||||
print '<form name="createecheancier" action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="loanid" value="'.$loanid.'">';
|
||||
if (count($echeance->lines) > 0)
|
||||
{
|
||||
|
||||
@@ -342,7 +342,7 @@ if ((!empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && ($conf->global->MAIN_VE
|
||||
}
|
||||
}
|
||||
|
||||
//var_dump(GETPOST('token').' '.$_SESSION['token'].' - '.$_SESSION['newtoken'].' '.$_SERVER['SCRIPT_FILENAME']);
|
||||
//var_dump(GETPOST('token').' '.$_SESSION['token'].' - '.newToken().' '.$_SERVER['SCRIPT_FILENAME']);
|
||||
|
||||
// Creation of a token against CSRF vulnerabilities
|
||||
if (!defined('NOTOKENRENEWAL'))
|
||||
@@ -355,7 +355,7 @@ if (!defined('NOTOKENRENEWAL'))
|
||||
$_SESSION['newtoken'] = $token;
|
||||
}
|
||||
|
||||
//var_dump(GETPOST('token').' '.$_SESSION['token'].' - '.$_SESSION['newtoken'].' '.$_SERVER['SCRIPT_FILENAME']);
|
||||
//var_dump(GETPOST('token').' '.$_SESSION['token'].' - '.newToken().' '.$_SERVER['SCRIPT_FILENAME']);
|
||||
//$dolibarr_nocsrfcheck=1;
|
||||
// Check token
|
||||
//var_dump((! defined('NOCSRFCHECK')).' '.empty($dolibarr_nocsrfcheck).' '.(! empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN)).' '.$_SERVER['REQUEST_METHOD'].' '.(! GETPOSTISSET('token')));
|
||||
@@ -2389,7 +2389,7 @@ function printSearchForm($urlaction, $urlobject, $title, $htmlmorecss, $htmlinpu
|
||||
|
||||
$ret = '';
|
||||
$ret .= '<form action="'.$urlaction.'" method="post" class="searchform nowraponall tagtr">';
|
||||
$ret .= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$ret .= '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
$ret .= '<input type="hidden" name="mode" value="search">';
|
||||
$ret .= '<input type="hidden" name="savelogin" value="'.dol_escape_htmltag($user->login).'">';
|
||||
if ($showtitlebefore) $ret .= '<div class="tagtd left">'.$title.'</div> ';
|
||||
|
||||
@@ -520,7 +520,7 @@ if ($action == 'create' && $user->rights->projet->creer && (empty($object->third
|
||||
else
|
||||
{
|
||||
print '<form action="'.$_SERVER['PHP_SELF'].'" method="POST">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="createtask">';
|
||||
print '<input type="hidden" name="backtopage" value="'.$backtopage.'">';
|
||||
if (!empty($object->id)) print '<input type="hidden" name="id" value="'.$object->id.'">';
|
||||
@@ -664,7 +664,7 @@ elseif ($id > 0 || !empty($ref))
|
||||
|
||||
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'">';
|
||||
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="list">';
|
||||
print '<input type="hidden" name="formfilteraction" id="formfilteraction" value="list">';
|
||||
print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
|
||||
|
||||
@@ -146,7 +146,7 @@ llxHeader('', $langs->trans("UserSetup"), '', '', 0, 0, $arrayofjs, $arrayofcss)
|
||||
|
||||
print '<form name="extsitesconfig" action="'.$_SERVER["PHP_SELF"].'" method="post">';
|
||||
print '<input type="hidden" name="id" value="'.$id.'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
|
||||
$head=user_prepare_head($object);
|
||||
|
||||
|
||||
@@ -168,7 +168,7 @@ if (empty($account->userid)) $account->userid = $object->id;
|
||||
if ($id && $bankid && $action == 'edit' && $user->rights->user->user->creer)
|
||||
{
|
||||
print '<form action="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="update">';
|
||||
print '<input type="hidden" name="id" value="'.GETPOST("id", 'int').'">';
|
||||
print '<input type="hidden" name="bankid" value="'.$bankid.'">';
|
||||
@@ -176,7 +176,7 @@ if ($id && $bankid && $action == 'edit' && $user->rights->user->user->creer)
|
||||
if ($id && $action == 'create' && $user->rights->user->user->creer)
|
||||
{
|
||||
print '<form action="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="add">';
|
||||
print '<input type="hidden" name="bankid" value="'.$bankid.'">';
|
||||
}
|
||||
|
||||
@@ -763,7 +763,7 @@ if ($action == 'create' || $action == 'adduserldap')
|
||||
print "\n\n<!-- Form liste LDAP debut -->\n";
|
||||
|
||||
print '<form name="add_user_ldap" action="'.$_SERVER["PHP_SELF"].'" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<table class="border centpercent"><tr>';
|
||||
print '<td width="160">';
|
||||
print $langs->trans("LDAPUsers");
|
||||
@@ -786,7 +786,7 @@ if ($action == 'create' || $action == 'adduserldap')
|
||||
|
||||
|
||||
print '<form action="'.$_SERVER['PHP_SELF'].'" method="POST" name="createuser">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="add">';
|
||||
if (!empty($ldap_sid)) print '<input type="hidden" name="ldap_sid" value="'.dol_escape_htmltag($ldap_sid).'">';
|
||||
print '<input type="hidden" name="entity" value="'.$conf->entity.'">';
|
||||
@@ -2015,7 +2015,7 @@ else
|
||||
if ($caneditgroup)
|
||||
{
|
||||
print '<form action="'.$_SERVER['PHP_SELF'].'?id='.$id.'" method="POST">'."\n";
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'" />';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'" />';
|
||||
print '<input type="hidden" name="action" value="addgroup" />';
|
||||
}
|
||||
|
||||
@@ -2086,7 +2086,7 @@ else
|
||||
if ($action == 'edit' && ($canedituser || $caneditfield || $caneditpassword || ($user->id == $object->id)))
|
||||
{
|
||||
print '<form action="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'" method="POST" name="updateuser" enctype="multipart/form-data">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="update">';
|
||||
print '<input type="hidden" name="entity" value="'.$object->entity.'">';
|
||||
|
||||
|
||||
@@ -91,7 +91,7 @@ if ($id > 0)
|
||||
|
||||
|
||||
print '<form action="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="update">';
|
||||
|
||||
dol_fiche_head($head, 'clicktodial', $title, -1, 'user');
|
||||
|
||||
@@ -271,7 +271,7 @@ if ($action == 'create')
|
||||
print dol_set_focus('#nom');
|
||||
|
||||
print '<form action="'.$_SERVER["PHP_SELF"].'" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="add">';
|
||||
|
||||
dol_fiche_head('', '', '', 0, '');
|
||||
@@ -441,7 +441,7 @@ else
|
||||
if ($caneditperms)
|
||||
{
|
||||
print '<form action="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'" method="POST">'."\n";
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="adduser">';
|
||||
print '<table class="noborder centpercent">'."\n";
|
||||
print '<tr class="liste_titre"><td class="titlefield liste_titre">'.$langs->trans("NonAffectedUsers").'</td>'."\n";
|
||||
@@ -539,7 +539,7 @@ else
|
||||
if ($action == 'edit' && $caneditperms)
|
||||
{
|
||||
print '<form action="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'" method="post" name="updategroup" enctype="multipart/form-data">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="update">';
|
||||
|
||||
dol_fiche_head($head, 'group', $title, 0, 'group');
|
||||
|
||||
@@ -148,7 +148,7 @@ if ($resql)
|
||||
|
||||
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">'."\n";
|
||||
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="formfilteraction" id="formfilteraction" value="list">';
|
||||
print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
|
||||
print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
|
||||
|
||||
@@ -157,7 +157,7 @@ else
|
||||
|
||||
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">'."\n";
|
||||
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
|
||||
print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
|
||||
print '<input type="hidden" name="page" value="'.$page.'">';
|
||||
|
||||
@@ -71,7 +71,7 @@ print '<div class="fichecenter"><div class="fichethirdleft">';
|
||||
|
||||
// Search User
|
||||
print '<form method="post" action="'.DOL_URL_ROOT.'/core/search.php">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<table class="noborder nohover centpercent">';
|
||||
print '<tr class="liste_titre"><td colspan="2">'.$langs->trans("Search").'</td></tr>';
|
||||
print '<tr><td>';
|
||||
|
||||
@@ -311,7 +311,7 @@ if ($canadduser)
|
||||
|
||||
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">'."\n";
|
||||
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="formfilteraction" id="formfilteraction" value="list">';
|
||||
print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
|
||||
print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
|
||||
|
||||
@@ -101,7 +101,7 @@ if ($id)
|
||||
print '<div class="underbanner clearboth"></div>';
|
||||
|
||||
print "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">";
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
|
||||
print '<div class="fichecenter">';
|
||||
print '<table class="border centpercent tableforfield">';
|
||||
|
||||
@@ -190,7 +190,7 @@ $title = $langs->trans("User");
|
||||
if ($action == 'edit')
|
||||
{
|
||||
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="update">';
|
||||
print '<input type="hidden" name="id" value="'.$id.'">';
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user