Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix security hole. Add quick and fast hack to fix it

Browse Source
This commit is contained in:
Laurent Destailleur
2016-11-29 17:08:44 +01:00
parent 6e43910932
commit f6734be1a1
1 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
htdocs/cron/admin/cron.php
View File

@@ -88,9 +88,20 @@ print "</tr>";
print '<tr class="impair">'; print '<tr class="impair">';
print '<td class="fieldrequired">'.$langs->trans("KeyForCronAccess").'</td>'; print '<td class="fieldrequired">'.$langs->trans("KeyForCronAccess").'</td>';
print '<td><input type="text" class="flat" id="CRON_KEY" name="CRON_KEY" value="'. (GETPOST('CRON_KEY')?GETPOST('CRON_KEY'):(! empty($conf->global->CRON_KEY)?$conf->global->CRON_KEY:'')) . '" size="40">'; $disabled='';
if (! empty($conf->global->CRON_DISABLE_KEY_CHANGE)) $disabled=' disabled="disabled"';
print '<td>';
if (empty($conf->global->CRON_DISABLE_KEY_CHANGE))
{
print '<input type="text" class="flat minwidth200"'.$disabled.' id="CRON_KEY" name="CRON_KEY" value="'. (GETPOST('CRON_KEY')?GETPOST('CRON_KEY'):(! empty($conf->global->CRON_KEY)?$conf->global->CRON_KEY:'')) . '">';
if (! empty($conf->use_javascript_ajax)) if (! empty($conf->use_javascript_ajax))
print '&nbsp;'.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_token" class="linkobject"'); print '&nbsp;'.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_token" class="linkobject"');
}
else
{
print (! empty($conf->global->CRON_KEY)?$conf->global->CRON_KEY:'');
print '<input type="hidden" id="CRON_KEY" name="CRON_KEY" value="'. (GETPOST('CRON_KEY')?GETPOST('CRON_KEY'):(! empty($conf->global->CRON_KEY)?$conf->global->CRON_KEY:'')) . '">';
}
print '</td>'; print '</td>';
print '<td>&nbsp;</td>'; print '<td>&nbsp;</td>';
print '</tr>'; print '</tr>';