mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-12-10 19:41:26 +01:00
Can limit message in sessions if similar to a previous one
Fix token for static code into lib_foot.js.php
This commit is contained in:
Laurent Destailleur
@@ -86,9 +86,10 @@ if (empty($conf->dol_no_mouse_hover)) {
|
||||
open: function (event, ui) {
|
||||
var elem = $(this);
|
||||
var params = JSON.parse($(this).attr("data-params"));
|
||||
params.token = "'.currentToken().'";
|
||||
var currenttoken = jQuery("meta[name=anti-csrf-currenttoken]").attr("content");
|
||||
params.token = currenttoken;
|
||||
$.ajax({
|
||||
url:"' . dol_buildpath('/core/ajax/ajaxtooltip.php', 1) . '",
|
||||
url:"'. DOL_URL_ROOT.'/core/ajax/ajaxtooltip.php",
|
||||
type: "post",
|
||||
async: false,
|
||||
data: params,
|
||||
@@ -306,11 +307,12 @@ print '
|
||||
jQuery(document).ready(function() {
|
||||
jQuery(".cssforclicktodial").click(function() {
|
||||
event.preventDefault();
|
||||
console.log("We click on a cssforclicktodial class with url="+this.href);
|
||||
var currenttoken = jQuery("meta[name=anti-csrf-currenttoken]").attr("content");
|
||||
console.log("We click on a cssforclicktodial class with href="+this.href);
|
||||
$.ajax({
|
||||
url: this.href,
|
||||
type: \'GET\',
|
||||
data: { token: \''.newToken().'\' }
|
||||
data: { token: currenttoken }
|
||||
}).done(function(xhr, textStatus, errorThrown) {
|
||||
/* do nothing */
|
||||
}).fail(function(xhr, textStatus, errorThrown) {
|
||||
|
||||
@@ -8523,21 +8523,28 @@ function dolGetFirstLastname($firstname, $lastname, $nameorder = -1)
|
||||
*
|
||||
* @param string|string[] $mesgs Message string or array
|
||||
* @param string $style Which style to use ('mesgs' by default, 'warnings', 'errors')
|
||||
* @param int $noduplicate 1 means we do not add the message if already present in session stack
|
||||
* @return void
|
||||
* @see dol_htmloutput_events()
|
||||
*/
|
||||
function setEventMessage($mesgs, $style = 'mesgs')
|
||||
function setEventMessage($mesgs, $style = 'mesgs', $noduplicate = 0)
|
||||
{
|
||||
//dol_syslog(__FUNCTION__ . " is deprecated", LOG_WARNING); This is not deprecated, it is used by setEventMessages function
|
||||
if (!is_array($mesgs)) {
|
||||
// If mesgs is a string
|
||||
if ($mesgs) {
|
||||
if (!empty($noduplicate) && isset($_SESSION['dol_events'][$style]) && in_array($mesgs, $_SESSION['dol_events'][$style])) {
|
||||
return;
|
||||
}
|
||||
$_SESSION['dol_events'][$style][] = $mesgs;
|
||||
}
|
||||
} else {
|
||||
// If mesgs is an array
|
||||
foreach ($mesgs as $mesg) {
|
||||
if ($mesg) {
|
||||
if (!empty($noduplicate) && isset($_SESSION['dol_events'][$style]) && in_array($mesg, $_SESSION['dol_events'][$style])) {
|
||||
return;
|
||||
}
|
||||
$_SESSION['dol_events'][$style][] = $mesg;
|
||||
}
|
||||
}
|
||||
@@ -8552,13 +8559,14 @@ function setEventMessage($mesgs, $style = 'mesgs')
|
||||
* @param array|null $mesgs Message array
|
||||
* @param string $style Which style to use ('mesgs' by default, 'warnings', 'errors')
|
||||
* @param string $messagekey A key to be used to allow the feature "Never show this message again"
|
||||
* @param int $noduplicate 1 means we do not add the message if already present in session stack
|
||||
* @return void
|
||||
* @see dol_htmloutput_events()
|
||||
*/
|
||||
function setEventMessages($mesg, $mesgs, $style = 'mesgs', $messagekey = '')
|
||||
function setEventMessages($mesg, $mesgs, $style = 'mesgs', $messagekey = '', $noduplicate = 0)
|
||||
{
|
||||
if (empty($mesg) && empty($mesgs)) {
|
||||
dol_syslog("Try to add a message in stack with empty message", LOG_WARNING);
|
||||
dol_syslog("Try to add a message in stack, but value to add is empty message", LOG_WARNING);
|
||||
} else {
|
||||
if ($messagekey) {
|
||||
// Complete message with a js link to set a cookie "DOLHIDEMESSAGE".$messagekey;
|
||||
@@ -8570,12 +8578,12 @@ function setEventMessages($mesg, $mesgs, $style = 'mesgs', $messagekey = '')
|
||||
dol_print_error('', 'Bad parameter style='.$style.' for setEventMessages');
|
||||
}
|
||||
if (empty($mesgs)) {
|
||||
setEventMessage($mesg, $style);
|
||||
setEventMessage($mesg, $style, $noduplicate);
|
||||
} else {
|
||||
if (!empty($mesg) && !in_array($mesg, $mesgs)) {
|
||||
setEventMessage($mesg, $style); // Add message string if not already into array
|
||||
setEventMessage($mesg, $style, $noduplicate); // Add message string if not already into array
|
||||
}
|
||||
setEventMessage($mesgs, $style);
|
||||
setEventMessage($mesgs, $style, $noduplicate);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -594,7 +594,7 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt(
|
||||
dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (invalid token), so we disable POST and some GET parameters - referer=".(empty($_SERVER['HTTP_REFERER'])?'':$_SERVER['HTTP_REFERER']).", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha'), LOG_WARNING);
|
||||
//dol_syslog("_SESSION['token']=".$sessiontokenforthisurl, LOG_DEBUG);
|
||||
// Do not output anything on standard output because this create problems when using the BACK button on browsers. So we just set a message into session.
|
||||
setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings');
|
||||
setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings', '', 1);
|
||||
$savid = null;
|
||||
if (isset($_POST['id'])) {
|
||||
$savid = ((int) $_POST['id']);
|
||||
|
||||
Reference in New Issue
Block a user