From a2e74e37f50fd81cf3b55fb33f98d33d467fcdd0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Nov 2022 18:09:54 +0100 Subject: [PATCH] Fix missing GETPOST --- htdocs/admin/security.php | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/htdocs/admin/security.php b/htdocs/admin/security.php index a1281351176..4d4b9b5247b 100644 --- a/htdocs/admin/security.php +++ b/htdocs/admin/security.php @@ -45,7 +45,7 @@ $allow_disable_encryption = true; */ if ($action == 'setgeneraterule') { - if (!dolibarr_set_const($db, 'USER_PASSWORD_GENERATED', $_GET["value"], 'chaine', 0, '', $conf->entity)) { + if (!dolibarr_set_const($db, 'USER_PASSWORD_GENERATED', GETPOST("value", "none"), 'chaine', 0, '', $conf->entity)) { dol_print_error($db); } else { header("Location: ".$_SERVER["PHP_SELF"]); @@ -58,7 +58,11 @@ if ($action == 'activate_encrypt') { $db->begin(); - dolibarr_set_const($db, "DATABASE_PWD_ENCRYPTED", "1", 'chaine', 0, '', $conf->entity); + // On old version a bug created the constant into user entity, so we delete it to be sure, such entry won't exists. We want it in entity 0 or nowhere. + dolibarr_del_const($db, "DATABASE_PWD_ENCRYPTED", "1", 'chaine', 0, '', $conf->entity); + // We set entity=0 (all) because DATABASE_PWD_ENCRYPTED is a setup into conf file, so always shared for everybody + $entityforall = 0; + dolibarr_set_const($db, "DATABASE_PWD_ENCRYPTED", "1", 'chaine', 0, '', $entityforall); $sql = "SELECT u.rowid, u.pass, u.pass_crypted"; $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; @@ -385,7 +389,8 @@ if ($conf->global->USER_PASSWORD_GENERATED == "Perso") { } -// Cryptage mot de passe +// Crypt passwords in database + print '
'; print "
"; print ''; @@ -401,20 +406,20 @@ print ''; // Disable clear password in database print ''; print ''.$langs->trans("DoNotStoreClearPassword").''; -print ''; +print ''; if (getDolGlobalString('DATABASE_PWD_ENCRYPTED')) { print img_picto($langs->trans("Active"), 'tick'); } print ''; if (!getDolGlobalString('DATABASE_PWD_ENCRYPTED')) { - print ''; + print ''; print ''.$langs->trans("Activate").''; print ""; } // Database conf file encryption if (getDolGlobalString('DATABASE_PWD_ENCRYPTED')) { - print ''; + print ''; if ($allow_disable_encryption) { //On n'autorise pas l'annulation de l'encryption car les mots de passe ne peuvent pas etre decodes //Do not allow "disable encryption" as passwords cannot be decrypted @@ -427,7 +432,8 @@ if (getDolGlobalString('DATABASE_PWD_ENCRYPTED')) { print ""; print ''; -// Cryptage du mot de base de la base dans conf.php + +// Crypt password into config file conf.php print ''; print ''.$langs->trans("MainDbPasswordFileConfEncrypted").''; @@ -438,7 +444,7 @@ if (preg_match('/crypted:/i', $dolibarr_main_db_pass) || !empty($dolibarr_main_d print ''; -print ''; +print ''; if (empty($dolibarr_main_db_pass) && empty($dolibarr_main_db_encrypted_pass)) { $langs->load("errors"); print img_warning($langs->trans("WarningPassIsEmpty")); @@ -460,18 +466,18 @@ print ''; print ''; print ''.$langs->trans("DisableForgetPasswordLinkOnLogonPage").''; -print ''; +print ''; if (getDolGlobalString('MAIN_SECURITY_DISABLEFORGETPASSLINK')) { print img_picto($langs->trans("Active"), 'tick'); } print ''; if (!getDolGlobalString('MAIN_SECURITY_DISABLEFORGETPASSLINK')) { - print ''; + print ''; print ''.$langs->trans("Activate").''; print ""; } if (getDolGlobalString('MAIN_SECURITY_DISABLEFORGETPASSLINK')) { - print ''; + print ''; print ''.$langs->trans("Disable").''; print ""; }