Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-10 03:28:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Can limit message in sessions if similar to a previous one

Browse Source 
Fix token for static code into lib_foot.js.php
This commit is contained in:
Laurent Destailleur
2023-04-08 03:43:21 +02:00
parent 1bab847278
commit 3127975aeb
3 changed files with 21 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
htdocs/core/js/lib_foot.js.php
View File

@@ -86,9 +86,10 @@ if (empty($conf->dol_no_mouse_hover)) {
open: function (event, ui) { open: function (event, ui) {
var elem = $(this); var elem = $(this);
var params = JSON.parse($(this).attr("data-params")); var params = JSON.parse($(this).attr("data-params"));
params.token = "'.currentToken().'"; var currenttoken = jQuery("meta[name=anti-csrf-currenttoken]").attr("content");
params.token = currenttoken;
$.ajax({ $.ajax({
url:"' . dol_buildpath('/core/ajax/ajaxtooltip.php', 1) . '", url:"'. DOL_URL_ROOT.'/core/ajax/ajaxtooltip.php",
type: "post", type: "post",
async: false, async: false,
data: params, data: params,
@@ -306,11 +307,12 @@ print '
jQuery(document).ready(function() { jQuery(document).ready(function() {
jQuery(".cssforclicktodial").click(function() { jQuery(".cssforclicktodial").click(function() {
event.preventDefault(); event.preventDefault();
console.log("We click on a cssforclicktodial class with url="+this.href); var currenttoken = jQuery("meta[name=anti-csrf-currenttoken]").attr("content");
console.log("We click on a cssforclicktodial class with href="+this.href);
$.ajax({ $.ajax({
url: this.href, url: this.href,
type: \'GET\', type: \'GET\',
data: { token: \''.newToken().'\' } data: { token: currenttoken }
}).done(function(xhr, textStatus, errorThrown) { }).done(function(xhr, textStatus, errorThrown) {
/* do nothing */ /* do nothing */
}).fail(function(xhr, textStatus, errorThrown) { }).fail(function(xhr, textStatus, errorThrown) {

20
htdocs/core/lib/functions.lib.php
View File

@@ -8523,21 +8523,28 @@ function dolGetFirstLastname($firstname, $lastname, $nameorder = -1)
* *
* @param string|string[] $mesgs Message string or array * @param string|string[] $mesgs Message string or array
* @param string $style Which style to use ('mesgs' by default, 'warnings', 'errors') * @param string $style Which style to use ('mesgs' by default, 'warnings', 'errors')
* @param int $noduplicate 1 means we do not add the message if already present in session stack
* @return void * @return void
* @see dol_htmloutput_events() * @see dol_htmloutput_events()
*/ */
function setEventMessage($mesgs, $style = 'mesgs') function setEventMessage($mesgs, $style = 'mesgs', $noduplicate = 0)
{ {
//dol_syslog(__FUNCTION__ . " is deprecated", LOG_WARNING); This is not deprecated, it is used by setEventMessages function //dol_syslog(__FUNCTION__ . " is deprecated", LOG_WARNING); This is not deprecated, it is used by setEventMessages function
if (!is_array($mesgs)) { if (!is_array($mesgs)) {
// If mesgs is a string // If mesgs is a string
if ($mesgs) { if ($mesgs) {
if (!empty($noduplicate) && isset($_SESSION['dol_events'][$style]) && in_array($mesgs, $_SESSION['dol_events'][$style])) {
return;
}
$_SESSION['dol_events'][$style][] = $mesgs; $_SESSION['dol_events'][$style][] = $mesgs;
} }
} else { } else {
// If mesgs is an array // If mesgs is an array
foreach ($mesgs as $mesg) { foreach ($mesgs as $mesg) {
if ($mesg) { if ($mesg) {
if (!empty($noduplicate) && isset($_SESSION['dol_events'][$style]) && in_array($mesg, $_SESSION['dol_events'][$style])) {
return;
}
$_SESSION['dol_events'][$style][] = $mesg; $_SESSION['dol_events'][$style][] = $mesg;
} }
} }
@@ -8552,13 +8559,14 @@ function setEventMessage($mesgs, $style = 'mesgs')
* @param array|null $mesgs Message array * @param array|null $mesgs Message array
* @param string $style Which style to use ('mesgs' by default, 'warnings', 'errors') * @param string $style Which style to use ('mesgs' by default, 'warnings', 'errors')
* @param string $messagekey A key to be used to allow the feature "Never show this message again" * @param string $messagekey A key to be used to allow the feature "Never show this message again"
* @param int $noduplicate 1 means we do not add the message if already present in session stack
* @return void * @return void
* @see dol_htmloutput_events() * @see dol_htmloutput_events()
*/ */
function setEventMessages($mesg, $mesgs, $style = 'mesgs', $messagekey = '') function setEventMessages($mesg, $mesgs, $style = 'mesgs', $messagekey = '', $noduplicate = 0)
{ {
if (empty($mesg) && empty($mesgs)) { if (empty($mesg) && empty($mesgs)) {
dol_syslog("Try to add a message in stack with empty message", LOG_WARNING); dol_syslog("Try to add a message in stack, but value to add is empty message", LOG_WARNING);
} else { } else {
if ($messagekey) { if ($messagekey) {
// Complete message with a js link to set a cookie "DOLHIDEMESSAGE".$messagekey; // Complete message with a js link to set a cookie "DOLHIDEMESSAGE".$messagekey;
@@ -8570,12 +8578,12 @@ function setEventMessages($mesg, $mesgs, $style = 'mesgs', $messagekey = '')
dol_print_error('', 'Bad parameter style='.$style.' for setEventMessages'); dol_print_error('', 'Bad parameter style='.$style.' for setEventMessages');
} }
if (empty($mesgs)) { if (empty($mesgs)) {
setEventMessage($mesg, $style); setEventMessage($mesg, $style, $noduplicate);
} else { } else {
if (!empty($mesg) && !in_array($mesg, $mesgs)) { if (!empty($mesg) && !in_array($mesg, $mesgs)) {
setEventMessage($mesg, $style); // Add message string if not already into array setEventMessage($mesg, $style, $noduplicate); // Add message string if not already into array
} }
setEventMessage($mesgs, $style); setEventMessage($mesgs, $style, $noduplicate);
} }
} }
} }

2
htdocs/main.inc.php
View File

@@ -594,7 +594,7 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt(
dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (invalid token), so we disable POST and some GET parameters - referer=".(empty($_SERVER['HTTP_REFERER'])?'':$_SERVER['HTTP_REFERER']).", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha'), LOG_WARNING); dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (invalid token), so we disable POST and some GET parameters - referer=".(empty($_SERVER['HTTP_REFERER'])?'':$_SERVER['HTTP_REFERER']).", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha'), LOG_WARNING);
//dol_syslog("_SESSION['token']=".$sessiontokenforthisurl, LOG_DEBUG); //dol_syslog("_SESSION['token']=".$sessiontokenforthisurl, LOG_DEBUG);
// Do not output anything on standard output because this create problems when using the BACK button on browsers. So we just set a message into session. // Do not output anything on standard output because this create problems when using the BACK button on browsers. So we just set a message into session.
setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings'); setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings', '', 1);
$savid = null; $savid = null;
if (isset($_POST['id'])) { if (isset($_POST['id'])) {
$savid = ((int) $_POST['id']); $savid = ((int) $_POST['id']);