From 0fcbdcb4085fa21d03e9a3c0a315ec2dc8d6f0ef Mon Sep 17 00:00:00 2001 From: Philippe Grand Date: Fri, 10 May 2024 01:25:35 +0200 Subject: [PATCH] Fix : Warning: Undefined array key "help" in /home/httpd/vhosts/aflac.fr/domains/dol190.aflac.fr/httpdocs/admin/dict.php on line 1810 (#29642) * fix : Warning: Undefined variable in /home/httpd/vhosts/aflac.fr/domains/dol190.aflac.fr/httpdocs/compta/bank/various_payment/list.php on line 370 * backward * update * fix : Warning: Undefined array key help in /home/httpd/vhosts/aflac.fr/domains/dol190.aflac.fr/httpdocs/admin/dict.php on line 1810 * fix typo in extrafields.class.php --- htdocs/admin/dict.php | 2 +- htdocs/core/class/extrafields.class.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index 820fe6b9425..2fabbfd3b03 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -1807,7 +1807,7 @@ if ($id > 0) { } if (in_array($value, array('label', 'libelle', 'libelle_facture')) && empty($tabcomplete[$tabname[$id]]['help'][$value])) { - if (!is_array($tabcomplete[$tabname[$id]]['help'])) { // protection when $tabcomplete[$tabname[$id]]['help'] is a an empty string, we must force it into an array + if (!isset($tabcomplete[$tabname[$id]]['help']) || !is_array($tabcomplete[$tabname[$id]]['help'])) { // protection when $tabcomplete[$tabname[$id]]['help'] is a an empty string, we must force it into an array $tabcomplete[$tabname[$id]]['help'] = array(); } $tabcomplete[$tabname[$id]]['help'][$value] = $langs->trans('LabelUsedByDefault'); diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index 9455273f140..1ba349c8cfb 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1589,7 +1589,7 @@ class ExtraFields } elseif ($type == 'link') { $param_list = array_keys($param['options']); // $param_list[0] = 'ObjectName:classPath' but can also be 'ObjectName:classPath:1:(status:=:1)' /* Removed. - The selectForForms is called with parameter $objectfield defined, so the app can retreive the filter inside the ajax component instead of being provided as parameters. The + The selectForForms is called with parameter $objectfield defined, so the app can retrieve the filter inside the ajax component instead of being provided as parameters. The filter was used to pass SQL requests leading to serious SQL injection problem. This should not be possible. Also the call of the ajax was broken by some WAF. if (strpos($param_list[0], '$ID$') !== false && !empty($objectid)) { $param_list[0] = str_replace('$ID$', $objectid, $param_list[0]);