Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix encryption of sensitive constants

Browse Source
This commit is contained in:
Laurent Destailleur
2022-08-24 12:27:50 +02:00
parent cca55bdb53
commit eb8ff378e6
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
htdocs/admin/const.php
View File

@@ -26,6 +26,7 @@
require '../main.inc.php'; require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php';
// Load translation files required by the page // Load translation files required by the page
$langs->load("admin"); $langs->load("admin");
@@ -255,16 +256,18 @@ if ($result) {
while ($i < $num) { while ($i < $num) {
$obj = $db->fetch_object($result); $obj = $db->fetch_object($result);
$value = dolDecrypt($obj->value);
print "\n"; print "\n";
print '<tr class="oddeven" data-checkbox-id="check_'.$i.'"><td>'.$obj->name.'</td>'."\n"; print '<tr class="oddeven" data-checkbox-id="check_'.$i.'"><td>'.dol_escape_htmltag($obj->name).'</td>'."\n";
// Value // Value
print '<td>'; print '<td>';
print '<input type="hidden" name="const['.$i.'][rowid]" value="'.$obj->rowid.'">'; print '<input type="hidden" name="const['.$i.'][rowid]" value="'.$obj->rowid.'">';
print '<input type="hidden" name="const['.$i.'][name]" value="'.$obj->name.'">'; print '<input type="hidden" name="const['.$i.'][name]" value="'.$obj->name.'">';
print '<input type="hidden" name="const['.$i.'][type]" value="'.$obj->type.'">'; print '<input type="hidden" name="const['.$i.'][type]" value="'.$obj->type.'">';
print '<input type="text" id="value_'.$i.'" class="flat inputforupdate minwidth150" name="const['.$i.'][value]" value="'.htmlspecialchars($obj->value).'">'; print '<input type="text" id="value_'.$i.'" class="flat inputforupdate minwidth150" name="const['.$i.'][value]" value="'.htmlspecialchars($value).'">';
print '</td>'; print '</td>';
// Note // Note
@@ -280,12 +283,12 @@ if ($result) {
// Entity limit to superadmin // Entity limit to superadmin
if (!empty($conf->multicompany->enabled) && !$user->entity) { if (!empty($conf->multicompany->enabled) && !$user->entity) {
print '<td>'; print '<td>';
print '<input type="text" class="flat" size="1" name="const['.$i.'][entity]" value="'.$obj->entity.'">'; print '<input type="text" class="flat" size="1" name="const['.$i.'][entity]" value="'.((int) $obj->entity).'">';
print '</td>'; print '</td>';
print '<td class="center">'; print '<td class="center">';
} else { } else {
print '<td class="center">'; print '<td class="center">';
print '<input type="hidden" name="const['.$i.'][entity]" value="'.$obj->entity.'">'; print '<input type="hidden" name="const['.$i.'][entity]" value="'.((int) $obj->entity).'">';
} }
if ($conf->use_javascript_ajax) { if ($conf->use_javascript_ajax) {