From eececbe72b1e026aca759d5faac029b220b78ac3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 16 Mar 2024 17:34:58 +0100 Subject: [PATCH] More secured parameter for $tmpobjectkey --- htdocs/admin/eventorganization.php | 8 +-- htdocs/admin/hrm.php | 8 +-- htdocs/admin/knowledgemanagement.php | 8 +-- htdocs/admin/webhook.php | 8 +-- htdocs/admin/workstation.php | 6 +- htdocs/ai/admin/setup.php | 8 +-- htdocs/asset/admin/setup.php | 8 +-- htdocs/bookcal/admin/setup.php | 8 +-- htdocs/modulebuilder/template/admin/setup.php | 12 ++-- htdocs/recruitment/admin/setup.php | 67 +++++++++--------- .../recruitment/admin/setup_candidatures.php | 68 ++++++++++--------- htdocs/webportal/admin/setup.php | 10 +-- 12 files changed, 111 insertions(+), 108 deletions(-) diff --git a/htdocs/admin/eventorganization.php b/htdocs/admin/eventorganization.php index f6e6361fa34..839125a8da3 100644 --- a/htdocs/admin/eventorganization.php +++ b/htdocs/admin/eventorganization.php @@ -104,7 +104,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated by calling method canBeActivated - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'EVENTORGANIZATION_'.strtoupper($tmpobjectkey)."_ADDON"; dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity); @@ -115,7 +115,7 @@ if ($action == 'updateMask') { } elseif ($action == 'del') { $ret = delDocumentModel($value, $type); if ($ret > 0) { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'EVENTORGANIZATION_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (getDolGlobalString($constforval) == "$value") { @@ -125,7 +125,7 @@ if ($action == 'updateMask') { } }/* elseif ($action == 'setdoc') { // Set or unset default model - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'EVENTORGANIZATION_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { @@ -141,7 +141,7 @@ if ($action == 'updateMask') { } } } elseif ($action == 'unsetdoc') { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'EVENTORGANIZATION_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; dolibarr_del_const($db, $constforval, $conf->entity); diff --git a/htdocs/admin/hrm.php b/htdocs/admin/hrm.php index fecafa518f5..0078a384f8f 100644 --- a/htdocs/admin/hrm.php +++ b/htdocs/admin/hrm.php @@ -152,7 +152,7 @@ if ($action == 'update') { } } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated by calling method canBeActivated - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'HRMTEST_'.strtoupper($tmpobjectkey)."_ADDON"; dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity); @@ -163,7 +163,7 @@ if ($action == 'update') { } elseif ($action == 'del') { $ret = delDocumentModel($value, $type); if ($ret > 0) { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'HRMTEST_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (getDolGlobalString($constforval) == "$value") { @@ -173,7 +173,7 @@ if ($action == 'update') { } } elseif ($action == 'setdoc') { // Set or unset default model - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'HRMTEST_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { @@ -189,7 +189,7 @@ if ($action == 'update') { } } } elseif ($action == 'unsetdoc') { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'HRMTEST_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; dolibarr_del_const($db, $constforval, $conf->entity); diff --git a/htdocs/admin/knowledgemanagement.php b/htdocs/admin/knowledgemanagement.php index 731f703f1cd..6e9aef924c6 100644 --- a/htdocs/admin/knowledgemanagement.php +++ b/htdocs/admin/knowledgemanagement.php @@ -131,7 +131,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated by calling method canBeActivated - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'KNOWLEDGEMANAGEMENT_'.strtoupper($tmpobjectkey)."_ADDON"; dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity); @@ -142,7 +142,7 @@ if ($action == 'updateMask') { } elseif ($action == 'del') { $ret = delDocumentModel($value, $type); if ($ret > 0) { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'KNOWLEDGEMANAGEMENT_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (getDolGlobalString($constforval) == "$value") { @@ -152,7 +152,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setdoc') { // Set or unset default model - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'KNOWLEDGEMANAGEMENT_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { @@ -168,7 +168,7 @@ if ($action == 'updateMask') { } } } elseif ($action == 'unsetdoc') { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'KNOWLEDGEMANAGEMENT_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; dolibarr_del_const($db, $constforval, $conf->entity); diff --git a/htdocs/admin/webhook.php b/htdocs/admin/webhook.php index 879c17af00d..a0ef3ee897c 100644 --- a/htdocs/admin/webhook.php +++ b/htdocs/admin/webhook.php @@ -92,7 +92,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated by calling method canBeActivated - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'WEBHOOK_'.strtoupper($tmpobjectkey)."_ADDON"; dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity); @@ -103,7 +103,7 @@ if ($action == 'updateMask') { } elseif ($action == 'del') { $ret = delDocumentModel($value, $type); if ($ret > 0) { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'WEBHOOK_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (getDolGlobalString($constforval) == "$value") { @@ -113,7 +113,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setdoc') { // Set or unset default model - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'WEBHOOK_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { @@ -129,7 +129,7 @@ if ($action == 'updateMask') { } } } elseif ($action == 'unsetdoc') { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'WEBHOOK_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; dolibarr_del_const($db, $constforval, $conf->entity); diff --git a/htdocs/admin/workstation.php b/htdocs/admin/workstation.php index c98e036c1d3..818a9c014f4 100644 --- a/htdocs/admin/workstation.php +++ b/htdocs/admin/workstation.php @@ -122,7 +122,7 @@ if ($action == 'updateMask') { // Activate a model $ret = addDocumentModel($value, $type, $label, $scandir); } elseif ($action == 'del') { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); $ret = delDocumentModel($value, $type); if ($ret > 0) { @@ -133,7 +133,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setdoc') { // Set default model - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); $constforval = strtoupper($tmpobjectkey).'_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { // The constant that was read before the new set @@ -149,7 +149,7 @@ if ($action == 'updateMask') { } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated // by calling method canBeActivated - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); $constforval = 'WORKSTATION_'.strtoupper($tmpobjectkey)."_ADDON"; dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity); } diff --git a/htdocs/ai/admin/setup.php b/htdocs/ai/admin/setup.php index a2bb8f77a23..a4b7f2f5499 100644 --- a/htdocs/ai/admin/setup.php +++ b/htdocs/ai/admin/setup.php @@ -106,7 +106,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated by calling method canBeActivated - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'Ai_'.strtoupper($tmpobjectkey)."_ADDON"; dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity); @@ -117,7 +117,7 @@ if ($action == 'updateMask') { } elseif ($action == 'del') { $ret = delDocumentModel($value, $type); if ($ret > 0) { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'Ai_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (getDolGlobalString($constforval) == "$value") { @@ -127,7 +127,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setdoc') { // Set or unset default model - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'Ai_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { @@ -143,7 +143,7 @@ if ($action == 'updateMask') { } } } elseif ($action == 'unsetdoc') { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'Ai_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; dolibarr_del_const($db, $constforval, $conf->entity); diff --git a/htdocs/asset/admin/setup.php b/htdocs/asset/admin/setup.php index 5850128b3d2..dbe1593199e 100644 --- a/htdocs/asset/admin/setup.php +++ b/htdocs/asset/admin/setup.php @@ -131,7 +131,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated by calling method canBeActivated - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'ASSET_'.strtoupper($tmpobjectkey)."_ADDON"; dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity); @@ -142,7 +142,7 @@ if ($action == 'updateMask') { } elseif ($action == 'del') { $ret = delDocumentModel($value, $type); if ($ret > 0) { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'ASSET_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (getDolGlobalString($constforval) == "$value") { @@ -152,7 +152,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setdoc') { // Set or unset default model - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'ASSET_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { @@ -168,7 +168,7 @@ if ($action == 'updateMask') { } } } elseif ($action == 'unsetdoc') { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'ASSET_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; dolibarr_del_const($db, $constforval, $conf->entity); diff --git a/htdocs/bookcal/admin/setup.php b/htdocs/bookcal/admin/setup.php index 737ad9558a8..43bd3bb66d7 100644 --- a/htdocs/bookcal/admin/setup.php +++ b/htdocs/bookcal/admin/setup.php @@ -138,7 +138,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated by calling method canBeActivated - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'BOOKCAL_'.strtoupper($tmpobjectkey)."_ADDON"; dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity); @@ -149,7 +149,7 @@ if ($action == 'updateMask') { } elseif ($action == 'del') { $ret = delDocumentModel($value, $type); if ($ret > 0) { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'BOOKCAL_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (getDolGlobalString($constforval) == "$value") { @@ -159,7 +159,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setdoc') { // Set or unset default model - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'BOOKCAL_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { @@ -175,7 +175,7 @@ if ($action == 'updateMask') { } } } elseif ($action == 'unsetdoc') { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'BOOKCAL_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; dolibarr_del_const($db, $constforval, $conf->entity); diff --git a/htdocs/modulebuilder/template/admin/setup.php b/htdocs/modulebuilder/template/admin/setup.php index 602d8ffa685..311fc2472a4 100644 --- a/htdocs/modulebuilder/template/admin/setup.php +++ b/htdocs/modulebuilder/template/admin/setup.php @@ -208,8 +208,8 @@ if ($action == 'updateMask') { $modele = GETPOST('module', 'alpha'); $tmpobjectkey = GETPOST('object', 'aZ09'); - if (in_array($tmpobjectkey, $myTmpObjects)) { - $className = $myTmpObjects[$tmpobjectkey]; + if (array_key_exists($tmpobjectkey, $myTmpObjects)) { + $className = $myTmpObjects[$tmpobjectkey]['class']; $tmpobject = new $className($db); $tmpobject->initAsSpecimen(); @@ -246,7 +246,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated by calling method canBeActivated - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'MYMODULE_'.strtoupper($tmpobjectkey)."_ADDON"; dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity); @@ -257,7 +257,7 @@ if ($action == 'updateMask') { } elseif ($action == 'del') { $ret = delDocumentModel($value, $type); if ($ret > 0) { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'MYMODULE_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (getDolGlobalString($constforval) == "$value") { @@ -267,7 +267,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setdoc') { // Set or unset default model - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'MYMODULE_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { @@ -283,7 +283,7 @@ if ($action == 'updateMask') { } } } elseif ($action == 'unsetdoc') { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'MYMODULE_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; dolibarr_del_const($db, $constforval, $conf->entity); diff --git a/htdocs/recruitment/admin/setup.php b/htdocs/recruitment/admin/setup.php index 296c20bffb5..67257d6e875 100644 --- a/htdocs/recruitment/admin/setup.php +++ b/htdocs/recruitment/admin/setup.php @@ -87,6 +87,10 @@ $arrayofparameters = array( $error = 0; $setupnotempty = 0; +$moduledir = 'recruitment'; +$myTmpObjects = array(); +$myTmpObjects['RecruitmentJobPosition'] = array('includerefgeneration' => 1, 'includedocgeneration' => 1); + /* * Actions @@ -113,38 +117,40 @@ if ($action == 'updateMask') { } } elseif ($action == 'specimen') { $modele = GETPOST('module', 'alpha'); - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); - $tmpobject = new $tmpobjectkey($db); - $tmpobject->initAsSpecimen(); + if (in_array($tmpobjectkey, $myTmpObjects)) { + $tmpobject = new $tmpobjectkey($db); + $tmpobject->initAsSpecimen(); - // Search template files - $file = ''; - $classname = ''; - $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); - foreach ($dirmodels as $reldir) { - $file = dol_buildpath($reldir."core/modules/recruitment/doc/pdf_".$modele."_".strtolower($tmpobjectkey).".modules.php", 0); - if (file_exists($file)) { - $classname = "pdf_".$modele."_".strtolower($tmpobjectkey); - break; + // Search template files + $file = ''; + $classname = ''; + $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); + foreach ($dirmodels as $reldir) { + $file = dol_buildpath($reldir."core/modules/recruitment/doc/pdf_".$modele."_".strtolower($tmpobjectkey).".modules.php", 0); + if (file_exists($file)) { + $classname = "pdf_".$modele."_".strtolower($tmpobjectkey); + break; + } } - } - if ($classname !== '') { - require_once $file; + if ($classname !== '') { + require_once $file; - $module = new $classname($db); + $module = new $classname($db); - if ($module->write_file($tmpobject, $langs) > 0) { - header("Location: ".DOL_URL_ROOT."/document.php?modulepart=recruitment-".strtolower($tmpobjectkey)."&file=SPECIMEN.pdf"); - return; + if ($module->write_file($tmpobject, $langs) > 0) { + header("Location: ".DOL_URL_ROOT."/document.php?modulepart=recruitment-".strtolower($tmpobjectkey)."&file=SPECIMEN.pdf"); + return; + } else { + setEventMessages($module->error, null, 'errors'); + dol_syslog($module->error, LOG_ERR); + } } else { - setEventMessages($module->error, null, 'errors'); - dol_syslog($module->error, LOG_ERR); + setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); + dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); } - } else { - setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); - dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); } } elseif ($action == 'set') { // Activate a model @@ -152,7 +158,7 @@ if ($action == 'updateMask') { } elseif ($action == 'del') { $ret = delDocumentModel($value, $type); if ($ret > 0) { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'RECRUITMENT_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (getDolGlobalString($constforval) == "$value") { @@ -162,7 +168,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated by calling method canBeActivated - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'RECRUITMENT_'.strtoupper($tmpobjectkey)."_ADDON"; @@ -170,7 +176,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setdoc') { // Set default model - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'RECRUITMENT_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { @@ -186,7 +192,7 @@ if ($action == 'updateMask') { } } } elseif ($action == 'unsetdoc') { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'RECRUITMENT_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; dolibarr_del_const($db, $constforval, $conf->entity); @@ -264,11 +270,6 @@ if ($action == 'edit') { } -$moduledir = 'recruitment'; -$myTmpObjects = array(); -$myTmpObjects['RecruitmentJobPosition'] = array('includerefgeneration' => 1, 'includedocgeneration' => 1); - - foreach ($myTmpObjects as $myTmpObjectKey => $myTmpObjectArray) { if ($myTmpObjectArray['includerefgeneration']) { /* diff --git a/htdocs/recruitment/admin/setup_candidatures.php b/htdocs/recruitment/admin/setup_candidatures.php index c8324656aa3..c72257e9d2a 100644 --- a/htdocs/recruitment/admin/setup_candidatures.php +++ b/htdocs/recruitment/admin/setup_candidatures.php @@ -58,6 +58,10 @@ $arrayofparameters = array( $error = 0; $setupnotempty = 0; +$moduledir = 'recruitment'; +$myTmpObjects = array(); +$myTmpObjects['RecruitmentCandidature'] = array('includerefgeneration' => 1, 'includedocgeneration' => 0); + /* * Actions @@ -84,44 +88,47 @@ if ($action == 'updateMask') { } } elseif ($action == 'specimen') { $modele = GETPOST('module', 'alpha'); - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); - $tmpobject = new $tmpobjectkey($db); - $tmpobject->initAsSpecimen(); + if (array_key_exists($tmpobjectkey, $myTmpObjects)) { + $className = $myTmpObjects[$tmpobjectkey]['class']; + $tmpobject = new $className($db); + $tmpobject->initAsSpecimen(); - // Search template files - $file = ''; - $classname = ''; - $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); - foreach ($dirmodels as $reldir) { - $file = dol_buildpath($reldir."core/modules/mymodule/doc/pdf_".$modele."_".strtolower($tmpobjectkey).".modules.php", 0); - if (file_exists($file)) { - $classname = "pdf_".$modele; - break; + // Search template files + $file = ''; + $classname = ''; + $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); + foreach ($dirmodels as $reldir) { + $file = dol_buildpath($reldir."core/modules/mymodule/doc/pdf_".$modele."_".strtolower($tmpobjectkey).".modules.php", 0); + if (file_exists($file)) { + $classname = "pdf_".$modele; + break; + } } - } - if ($classname !== '') { - require_once $file; + if ($classname !== '') { + require_once $file; - $module = new $classname($db); + $module = new $classname($db); - if ($module->write_file($tmpobject, $langs) > 0) { - header("Location: ".DOL_URL_ROOT."/document.php?modulepart=".strtolower($tmpobjectkey)."&file=SPECIMEN.pdf"); - return; + if ($module->write_file($tmpobject, $langs) > 0) { + header("Location: ".DOL_URL_ROOT."/document.php?modulepart=".strtolower($tmpobjectkey)."&file=SPECIMEN.pdf"); + return; + } else { + setEventMessages($module->error, null, 'errors'); + dol_syslog($module->error, LOG_ERR); + } } else { - setEventMessages($module->error, null, 'errors'); - dol_syslog($module->error, LOG_ERR); + setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); + dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); } - } else { - setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); - dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); } } elseif ($action == 'set') { // Activate a model $ret = addDocumentModel($value, $type, $label, $scandir); } elseif ($action == 'del') { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); $ret = delDocumentModel($value, $type); if ($ret > 0) { @@ -132,7 +139,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated by calling method canBeActivated - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'RECRUITMENT_'.strtoupper($tmpobjectkey)."_ADDON"; @@ -140,7 +147,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setdoc') { // Set default model - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); $constforval = 'RECRUITMENT_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { // The constant that was read before the new set @@ -154,7 +161,7 @@ if ($action == 'updateMask') { $ret = addDocumentModel($value, $type, $label, $scandir); } } elseif ($action == 'unsetdoc') { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'RECRUITMENT_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; dolibarr_del_const($db, $constforval, $conf->entity); @@ -232,11 +239,6 @@ if ($action == 'edit') { } -$moduledir = 'recruitment'; -$myTmpObjects = array(); -$myTmpObjects['RecruitmentCandidature'] = array('includerefgeneration' => 1, 'includedocgeneration' => 0); - - foreach ($myTmpObjects as $myTmpObjectKey => $myTmpObjectArray) { if ($myTmpObjectArray['includerefgeneration']) { /* diff --git a/htdocs/webportal/admin/setup.php b/htdocs/webportal/admin/setup.php index 7680e08cd9a..1d919cb1950 100644 --- a/htdocs/webportal/admin/setup.php +++ b/htdocs/webportal/admin/setup.php @@ -139,7 +139,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'specimen') { $modele = GETPOST('module', 'alpha'); - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); $tmpobject = new $tmpobjectkey($db); $tmpobject->initAsSpecimen(); @@ -174,7 +174,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated by calling method canBeActivated - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'WEBPORTAL_' . strtoupper($tmpobjectkey) . "_ADDON"; dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity); @@ -185,7 +185,7 @@ if ($action == 'updateMask') { } elseif ($action == 'del') { $ret = delDocumentModel($value, $type); if ($ret > 0) { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'WEBPORTAL_' . strtoupper($tmpobjectkey) . '_ADDON_PDF'; if (getDolGlobalString($constforval) == "$value") { @@ -195,7 +195,7 @@ if ($action == 'updateMask') { } } elseif ($action == 'setdoc') { // Set or unset default model - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'WEBPORTAL_' . strtoupper($tmpobjectkey) . '_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { @@ -211,7 +211,7 @@ if ($action == 'updateMask') { } } } elseif ($action == 'unsetdoc') { - $tmpobjectkey = GETPOST('object'); + $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'WEBPORTAL_' . strtoupper($tmpobjectkey) . '_ADDON_PDF'; dolibarr_del_const($db, $constforval, $conf->entity);