FIX Token issue when deleting a line (#35935)

* Sécurisation du jeton CSRF pour la suppression de transfert de stock * Sécuriser les actions de suppression de transfert de stock * Corriger l'indentation du lien de suppression de ligne * Supprimer les commentaires français des protections CSRF * Remove CSRF token check for delete actions Removed CSRF token validation for delete actions.
2025-12-05 09:08:09 +01:00 · 2025-10-25 23:05:52 +02:00
parent a31a02dbe5
commit 4d69d875f0
1 changed files with 4 additions and 1 deletions
--- a/htdocs/product/stock/stocktransfer/stocktransfer_card.php
+++ b/htdocs/product/stock/stocktransfer/stocktransfer_card.php
@@ -2,6 +2,7 @@
 /* Copyright (C) 2017 		Laurent Destailleur  	<eldy@users.sourceforge.net>
 * Copyright (C) 2024-2025	MDW						<mdeweerd@users.noreply.github.com>
 * Copyright (C) 2024-2025  Frédéric France             <frederic.france@free.fr>
+ * Copyright (C) 2025          Pierre Ardoin            <developpeur@lesmetiersdubatiment.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -884,7 +885,9 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
 				print img_edit() . '</a>';
 				print '</td>';
 				print '<td class="right">';
-				print '<a href="' . $_SERVER["PHP_SELF"] . '?id=' . $id . '&action=deleteline&lineid=' . $line->id . '">' . img_delete($langs->trans("Remove")) . '</a>';
+				// Ensure the delete line link embeds a CSRF token.
+				$deleteLineUrl = $_SERVER["PHP_SELF"] . '?id=' . $id . '&action=deleteline&lineid=' . $line->id . '&token=' . newToken();
+				print '<a href="' . $deleteLineUrl . '">' . img_delete($langs->trans("Remove")) . '</a>';
 				print '</td>';
 			}