Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

More secured parameter for $tmpobjectkey

Browse Source
This commit is contained in:
Laurent Destailleur
2024-03-16 17:34:58 +01:00
parent 5e458bbda8
commit eececbe72b
12 changed files with 111 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
htdocs/modulebuilder/template/admin/setup.php
View File

@@ -208,8 +208,8 @@ if ($action == 'updateMask') {
$modele = GETPOST('module', 'alpha');
$tmpobjectkey = GETPOST('object', 'aZ09');
if (in_array($tmpobjectkey, $myTmpObjects)) {
$className = $myTmpObjects[$tmpobjectkey];
if (array_key_exists($tmpobjectkey, $myTmpObjects)) {
$className = $myTmpObjects[$tmpobjectkey]['class'];
$tmpobject = new $className($db);
$tmpobject->initAsSpecimen();
@@ -246,7 +246,7 @@ if ($action == 'updateMask') {
}
} elseif ($action == 'setmod') {
// TODO Check if numbering module chosen can be activated by calling method canBeActivated
$tmpobjectkey = GETPOST('object');
$tmpobjectkey = GETPOST('object', 'aZ09');
if (!empty($tmpobjectkey)) {
$constforval = 'MYMODULE_'.strtoupper($tmpobjectkey)."_ADDON";
dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity);
@@ -257,7 +257,7 @@ if ($action == 'updateMask') {
} elseif ($action == 'del') {
$ret = delDocumentModel($value, $type);
if ($ret > 0) {
$tmpobjectkey = GETPOST('object');
$tmpobjectkey = GETPOST('object', 'aZ09');
if (!empty($tmpobjectkey)) {
$constforval = 'MYMODULE_'.strtoupper($tmpobjectkey).'_ADDON_PDF';
if (getDolGlobalString($constforval) == "$value") {
@@ -267,7 +267,7 @@ if ($action == 'updateMask') {
}
} elseif ($action == 'setdoc') {
// Set or unset default model
$tmpobjectkey = GETPOST('object');
$tmpobjectkey = GETPOST('object', 'aZ09');
if (!empty($tmpobjectkey)) {
$constforval = 'MYMODULE_'.strtoupper($tmpobjectkey).'_ADDON_PDF';
if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) {
@@ -283,7 +283,7 @@ if ($action == 'updateMask') {
}
}
} elseif ($action == 'unsetdoc') {
$tmpobjectkey = GETPOST('object');
$tmpobjectkey = GETPOST('object', 'aZ09');
if (!empty($tmpobjectkey)) {
$constforval = 'MYMODULE_'.strtoupper($tmpobjectkey).'_ADDON_PDF';
dolibarr_del_const($db, $constforval, $conf->entity);