From 90172fba83f7fbc183fed0bbefd6f949d5c94626 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 16 Mar 2024 22:00:55 +0100 Subject: [PATCH] Code simpler --- htdocs/admin/hrm.php | 60 +++++++++-------- htdocs/admin/knowledgemanagement.php | 59 +++++++++-------- htdocs/admin/workstation.php | 61 +++++++++--------- htdocs/asset/admin/setup.php | 59 ++++++++--------- htdocs/modulebuilder/template/admin/setup.php | 64 +++++++++---------- htdocs/recruitment/admin/setup.php | 60 +++++++++-------- .../recruitment/admin/setup_candidatures.php | 59 ++++++++--------- htdocs/webportal/admin/setup.php | 54 +++++++--------- 8 files changed, 223 insertions(+), 253 deletions(-) diff --git a/htdocs/admin/hrm.php b/htdocs/admin/hrm.php index 0078a384f8f..6736f26e290 100644 --- a/htdocs/admin/hrm.php +++ b/htdocs/admin/hrm.php @@ -71,6 +71,11 @@ $myTmpObjects = array(); // TODO Scan list of objects to fill this array $myTmpObjects['evaluation'] = array('label' => 'Evaluation', 'includerefgeneration' => 1, 'includedocgeneration' => 0); +$tmpobjectkey = GETPOST('object', 'aZ09'); +if ($tmpobjectkey && !array_key_exists($tmpobjectkey, $myTmpObjects)) { + accessforbidden('Bad value for object. Hack attempt ?'); +} + /* * Actions @@ -114,45 +119,41 @@ if ($action == 'update') { } } elseif ($action == 'specimen') { $modele = GETPOST('module', 'alpha'); - $tmpobjectkey = GETPOST('object', 'aZ09'); - if (array_key_exists($tmpobjectkey, $myTmpObjects)) { - $nameofclass = ucfirst($tmpobjectkey); - $tmpobject = new $nameofclass($db); - $tmpobject->initAsSpecimen(); + $nameofclass = ucfirst($tmpobjectkey); + $tmpobject = new $nameofclass($db); + $tmpobject->initAsSpecimen(); - // Search template files - $file = ''; - $classname = ''; - $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); - foreach ($dirmodels as $reldir) { - $file = dol_buildpath($reldir."core/modules/hrm/doc/pdf_".$modele."_".strtolower($tmpobjectkey).".modules.php", 0); - if (file_exists($file)) { - $classname = "pdf_".$modele; - break; - } + // Search template files + $file = ''; + $classname = ''; + $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); + foreach ($dirmodels as $reldir) { + $file = dol_buildpath($reldir."core/modules/hrm/doc/pdf_".$modele."_".strtolower($tmpobjectkey).".modules.php", 0); + if (file_exists($file)) { + $classname = "pdf_".$modele; + break; } + } - if ($classname !== '') { - require_once $file; + if ($classname !== '') { + require_once $file; - $module = new $classname($db); + $module = new $classname($db); - if ($module->write_file($tmpobject, $langs) > 0) { - header("Location: ".DOL_URL_ROOT."/document.php?modulepart=".strtolower($tmpobjectkey)."&file=SPECIMEN.pdf"); - return; - } else { - setEventMessages($module->error, null, 'errors'); - dol_syslog($module->error, LOG_ERR); - } + if ($module->write_file($tmpobject, $langs) > 0) { + header("Location: ".DOL_URL_ROOT."/document.php?modulepart=".strtolower($tmpobjectkey)."&file=SPECIMEN.pdf"); + return; } else { - setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); - dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); + setEventMessages($module->error, null, 'errors'); + dol_syslog($module->error, LOG_ERR); } + } else { + setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); + dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); } } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated by calling method canBeActivated - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'HRMTEST_'.strtoupper($tmpobjectkey)."_ADDON"; dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity); @@ -163,7 +164,6 @@ if ($action == 'update') { } elseif ($action == 'del') { $ret = delDocumentModel($value, $type); if ($ret > 0) { - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'HRMTEST_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (getDolGlobalString($constforval) == "$value") { @@ -173,7 +173,6 @@ if ($action == 'update') { } } elseif ($action == 'setdoc') { // Set or unset default model - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'HRMTEST_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { @@ -189,7 +188,6 @@ if ($action == 'update') { } } } elseif ($action == 'unsetdoc') { - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'HRMTEST_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; dolibarr_del_const($db, $constforval, $conf->entity); diff --git a/htdocs/admin/knowledgemanagement.php b/htdocs/admin/knowledgemanagement.php index 6e9aef924c6..132eecdada3 100644 --- a/htdocs/admin/knowledgemanagement.php +++ b/htdocs/admin/knowledgemanagement.php @@ -68,6 +68,11 @@ $myTmpObjects = array(); // TODO Scan list of objects to fill this array $myTmpObjects['knowledgemanagement'] = array('label' => 'KnowledgeManagement', 'includerefgeneration' => 1, 'includedocgeneration' => 0, 'class' => 'KnowledgeRecord'); +$tmpobjectkey = GETPOST('object', 'aZ09'); +if ($tmpobjectkey && !array_key_exists($tmpobjectkey, $myTmpObjects)) { + accessforbidden('Bad value for object. Hack attempt ?'); +} + /* * Actions @@ -93,45 +98,41 @@ if ($action == 'updateMask') { } } elseif ($action == 'specimen') { $modele = GETPOST('module', 'alpha'); - $tmpobjectkey = GETPOST('object', 'aZ09'); - if (array_key_exists($tmpobjectkey, $myTmpObjects)) { - $className = $myTmpObjects[$tmpobjectkey]['class']; - $tmpobject = new $className($db); - $tmpobject->initAsSpecimen(); + $className = $myTmpObjects[$tmpobjectkey]['class']; + $tmpobject = new $className($db); + $tmpobject->initAsSpecimen(); - // Search template files - $file = ''; - $className = ''; - $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); - foreach ($dirmodels as $reldir) { - $file = dol_buildpath($reldir."core/modules/knowledgemanagement/doc/pdf_".$modele."_".strtolower($tmpobjectkey).".modules.php", 0); - if (file_exists($file)) { - $className = "pdf_".$modele; - break; - } + // Search template files + $file = ''; + $className = ''; + $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); + foreach ($dirmodels as $reldir) { + $file = dol_buildpath($reldir."core/modules/knowledgemanagement/doc/pdf_".$modele."_".strtolower($tmpobjectkey).".modules.php", 0); + if (file_exists($file)) { + $className = "pdf_".$modele; + break; } + } - if ($className !== '') { - require_once $file; + if ($className !== '') { + require_once $file; - $module = new $className($db); + $module = new $className($db); - if ($module->write_file($tmpobject, $langs) > 0) { - header("Location: ".DOL_URL_ROOT."/document.php?modulepart=".strtolower($tmpobjectkey)."&file=SPECIMEN.pdf"); - return; - } else { - setEventMessages($module->error, null, 'errors'); - dol_syslog($module->error, LOG_ERR); - } + if ($module->write_file($tmpobject, $langs) > 0) { + header("Location: ".DOL_URL_ROOT."/document.php?modulepart=".strtolower($tmpobjectkey)."&file=SPECIMEN.pdf"); + return; } else { - setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); - dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); + setEventMessages($module->error, null, 'errors'); + dol_syslog($module->error, LOG_ERR); } + } else { + setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); + dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); } } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated by calling method canBeActivated - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'KNOWLEDGEMANAGEMENT_'.strtoupper($tmpobjectkey)."_ADDON"; dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity); @@ -152,7 +153,6 @@ if ($action == 'updateMask') { } } elseif ($action == 'setdoc') { // Set or unset default model - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'KNOWLEDGEMANAGEMENT_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { @@ -168,7 +168,6 @@ if ($action == 'updateMask') { } } } elseif ($action == 'unsetdoc') { - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'KNOWLEDGEMANAGEMENT_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; dolibarr_del_const($db, $constforval, $conf->entity); diff --git a/htdocs/admin/workstation.php b/htdocs/admin/workstation.php index 818a9c014f4..11d0b08e7f3 100644 --- a/htdocs/admin/workstation.php +++ b/htdocs/admin/workstation.php @@ -53,8 +53,12 @@ if (!$user->admin) { $moduledir = 'workstation'; $myTmpObjects = array(); -$myTmpObjects['workstation'] = array('includerefgeneration' => 1, 'includedocgeneration' => 0); +$myTmpObjects['workstation'] = array('label' => 'Workstation', 'includerefgeneration' => 1, 'includedocgeneration' => 0, 'class' => 'Workstation'); +$tmpobjectkey = GETPOST('object', 'aZ09'); +if ($tmpobjectkey && !array_key_exists($tmpobjectkey, $myTmpObjects)) { + accessforbidden('Bad value for object. Hack attempt ?'); +} /* @@ -82,48 +86,43 @@ if ($action == 'updateMask') { } } elseif ($action == 'specimen') { $modele = GETPOST('module', 'alpha'); - $tmpobjectkey = GETPOST('object', 'aZ09'); - if (array_key_exists($tmpobjectkey, $myTmpObjects)) { - $nameofclass = ucfirst($tmpobjectkey); - $tmpobject = new $nameofclass($db); - $tmpobject->initAsSpecimen(); + $nameofclass = ucfirst($tmpobjectkey); + $tmpobject = new $nameofclass($db); + $tmpobject->initAsSpecimen(); - // Search template files - $file = ''; - $classname = ''; - $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); - foreach ($dirmodels as $reldir) { - $file = dol_buildpath($reldir."core/modules/workstation/doc/pdf_".$modele."_".strtolower($tmpobjectkey).".modules.php", 0); - if (file_exists($file)) { - $classname = "pdf_".$modele; - break; - } + // Search template files + $file = ''; + $classname = ''; + $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); + foreach ($dirmodels as $reldir) { + $file = dol_buildpath($reldir."core/modules/workstation/doc/pdf_".$modele."_".strtolower($tmpobjectkey).".modules.php", 0); + if (file_exists($file)) { + $classname = "pdf_".$modele; + break; } + } - if ($classname !== '') { - require_once $file; + if ($classname !== '') { + require_once $file; - $module = new $classname($db); + $module = new $classname($db); - if ($module->write_file($tmpobject, $langs) > 0) { - header("Location: ".DOL_URL_ROOT."/document.php?modulepart=".strtolower($tmpobjectkey)."&file=SPECIMEN.pdf"); - return; - } else { - setEventMessages($module->error, null, 'errors'); - dol_syslog($module->error, LOG_ERR); - } + if ($module->write_file($tmpobject, $langs) > 0) { + header("Location: ".DOL_URL_ROOT."/document.php?modulepart=".strtolower($tmpobjectkey)."&file=SPECIMEN.pdf"); + return; } else { - setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); - dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); + setEventMessages($module->error, null, 'errors'); + dol_syslog($module->error, LOG_ERR); } + } else { + setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); + dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); } } elseif ($action == 'set') { // Activate a model $ret = addDocumentModel($value, $type, $label, $scandir); } elseif ($action == 'del') { - $tmpobjectkey = GETPOST('object', 'aZ09'); - $ret = delDocumentModel($value, $type); if ($ret > 0) { $constforval = strtoupper($tmpobjectkey).'_ADDON_PDF'; @@ -133,7 +132,6 @@ if ($action == 'updateMask') { } } elseif ($action == 'setdoc') { // Set default model - $tmpobjectkey = GETPOST('object', 'aZ09'); $constforval = strtoupper($tmpobjectkey).'_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { // The constant that was read before the new set @@ -149,7 +147,6 @@ if ($action == 'updateMask') { } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated // by calling method canBeActivated - $tmpobjectkey = GETPOST('object', 'aZ09'); $constforval = 'WORKSTATION_'.strtoupper($tmpobjectkey)."_ADDON"; dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity); } diff --git a/htdocs/asset/admin/setup.php b/htdocs/asset/admin/setup.php index 2f30bca4e3e..91daeaaf19f 100644 --- a/htdocs/asset/admin/setup.php +++ b/htdocs/asset/admin/setup.php @@ -66,10 +66,10 @@ $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); $moduledir = 'asset'; $myTmpObjects = array(); -$myTmpObjects['Asset'] = array('includerefgeneration' => 1, 'includedocgeneration' => 0); +$myTmpObjects['asset'] = array('label' => 'Asset', 'includerefgeneration' => 1, 'includedocgeneration' => 0, 'class' => 'Asset'); $tmpobjectkey = GETPOST('object', 'aZ09'); -if ($tmpobjectkey && array_key_exists($tmpobjectkey, $myTmpObjects)) { +if ($tmpobjectkey && !array_key_exists($tmpobjectkey, $myTmpObjects)) { accessforbidden('Bad value for object. Hack attempt ?'); } @@ -98,45 +98,41 @@ if ($action == 'updateMask') { } } elseif ($action == 'specimen') { $modele = GETPOST('module', 'alpha'); - $tmpobjectkey = GETPOST('object', 'aZ09'); - if (array_key_exists($tmpobjectkey, $myTmpObjects)) { - $nameofclass = ucfirst($tmpobjectkey); - $tmpobject = new $nameofclass($db); - $tmpobject->initAsSpecimen(); + $nameofclass = ucfirst($tmpobjectkey); + $tmpobject = new $nameofclass($db); + $tmpobject->initAsSpecimen(); - // Search template files - $file = ''; - $classname = ''; - $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); - foreach ($dirmodels as $reldir) { - $file = dol_buildpath($reldir."core/modules/asset/doc/pdf_".$modele."_".strtolower($tmpobjectkey).".modules.php", 0); - if (file_exists($file)) { - $classname = "pdf_".$modele; - break; - } + // Search template files + $file = ''; + $classname = ''; + $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); + foreach ($dirmodels as $reldir) { + $file = dol_buildpath($reldir."core/modules/asset/doc/pdf_".$modele."_".strtolower($tmpobjectkey).".modules.php", 0); + if (file_exists($file)) { + $classname = "pdf_".$modele; + break; } + } - if ($classname !== '') { - require_once $file; + if ($classname !== '') { + require_once $file; - $module = new $classname($db); + $module = new $classname($db); - if ($module->write_file($tmpobject, $langs) > 0) { - header("Location: ".DOL_URL_ROOT."/document.php?modulepart=".strtolower($tmpobjectkey)."&file=SPECIMEN.pdf"); - return; - } else { - setEventMessages($module->error, null, 'errors'); - dol_syslog($module->error, LOG_ERR); - } + if ($module->write_file($tmpobject, $langs) > 0) { + header("Location: ".DOL_URL_ROOT."/document.php?modulepart=".strtolower($tmpobjectkey)."&file=SPECIMEN.pdf"); + return; } else { - setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); - dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); + setEventMessages($module->error, null, 'errors'); + dol_syslog($module->error, LOG_ERR); } + } else { + setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); + dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); } } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated by calling method canBeActivated - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'ASSET_'.strtoupper($tmpobjectkey)."_ADDON"; dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity); @@ -147,7 +143,6 @@ if ($action == 'updateMask') { } elseif ($action == 'del') { $ret = delDocumentModel($value, $type); if ($ret > 0) { - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'ASSET_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (getDolGlobalString($constforval) == "$value") { @@ -157,7 +152,6 @@ if ($action == 'updateMask') { } } elseif ($action == 'setdoc') { // Set or unset default model - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'ASSET_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { @@ -173,7 +167,6 @@ if ($action == 'updateMask') { } } } elseif ($action == 'unsetdoc') { - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'ASSET_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; dolibarr_del_const($db, $constforval, $conf->entity); diff --git a/htdocs/modulebuilder/template/admin/setup.php b/htdocs/modulebuilder/template/admin/setup.php index 311fc2472a4..71537be6691 100644 --- a/htdocs/modulebuilder/template/admin/setup.php +++ b/htdocs/modulebuilder/template/admin/setup.php @@ -176,6 +176,11 @@ $myTmpObjects = array(); // TODO Scan list of objects to fill this array $myTmpObjects['myobject'] = array('label'=>'MyObject', 'includerefgeneration'=>0, 'includedocgeneration'=>0, 'class'=>'MyObject'); +$tmpobjectkey = GETPOST('object', 'aZ09'); +if ($tmpobjectkey && !array_key_exists($tmpobjectkey, $myTmpObjects)) { + accessforbidden('Bad value for object. Hack attempt ?'); +} + /* * Actions @@ -206,47 +211,43 @@ if ($action == 'updateMask') { } } elseif ($action == 'specimen') { $modele = GETPOST('module', 'alpha'); - $tmpobjectkey = GETPOST('object', 'aZ09'); - if (array_key_exists($tmpobjectkey, $myTmpObjects)) { - $className = $myTmpObjects[$tmpobjectkey]['class']; - $tmpobject = new $className($db); - $tmpobject->initAsSpecimen(); + $className = $myTmpObjects[$tmpobjectkey]['class']; + $tmpobject = new $className($db); + $tmpobject->initAsSpecimen(); - // Search template files - $file = ''; - $className = ''; - $filefound = 0; - $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); - foreach ($dirmodels as $reldir) { - $file = dol_buildpath($reldir."core/modules/mymodule/doc/pdf_".$modele."_".strtolower($tmpobjectkey).".modules.php", 0); - if (file_exists($file)) { - $filefound = 1; - $className = "pdf_".$modele."_".strtolower($tmpobjectkey); - break; - } + // Search template files + $file = ''; + $className = ''; + $filefound = 0; + $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); + foreach ($dirmodels as $reldir) { + $file = dol_buildpath($reldir."core/modules/mymodule/doc/pdf_".$modele."_".strtolower($tmpobjectkey).".modules.php", 0); + if (file_exists($file)) { + $filefound = 1; + $className = "pdf_".$modele."_".strtolower($tmpobjectkey); + break; } + } - if ($filefound) { - require_once $file; + if ($filefound) { + require_once $file; - $module = new $className($db); + $module = new $className($db); - if ($module->write_file($tmpobject, $langs) > 0) { - header("Location: ".DOL_URL_ROOT."/document.php?modulepart=mymodule-".strtolower($tmpobjectkey)."&file=SPECIMEN.pdf"); - return; - } else { - setEventMessages($module->error, null, 'errors'); - dol_syslog($module->error, LOG_ERR); - } + if ($module->write_file($tmpobject, $langs) > 0) { + header("Location: ".DOL_URL_ROOT."/document.php?modulepart=mymodule-".strtolower($tmpobjectkey)."&file=SPECIMEN.pdf"); + return; } else { - setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); - dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); + setEventMessages($module->error, null, 'errors'); + dol_syslog($module->error, LOG_ERR); } + } else { + setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); + dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); } } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated by calling method canBeActivated - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'MYMODULE_'.strtoupper($tmpobjectkey)."_ADDON"; dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity); @@ -257,7 +258,6 @@ if ($action == 'updateMask') { } elseif ($action == 'del') { $ret = delDocumentModel($value, $type); if ($ret > 0) { - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'MYMODULE_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (getDolGlobalString($constforval) == "$value") { @@ -267,7 +267,6 @@ if ($action == 'updateMask') { } } elseif ($action == 'setdoc') { // Set or unset default model - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'MYMODULE_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { @@ -283,7 +282,6 @@ if ($action == 'updateMask') { } } } elseif ($action == 'unsetdoc') { - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'MYMODULE_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; dolibarr_del_const($db, $constforval, $conf->entity); diff --git a/htdocs/recruitment/admin/setup.php b/htdocs/recruitment/admin/setup.php index 67257d6e875..21a965437ae 100644 --- a/htdocs/recruitment/admin/setup.php +++ b/htdocs/recruitment/admin/setup.php @@ -89,7 +89,12 @@ $setupnotempty = 0; $moduledir = 'recruitment'; $myTmpObjects = array(); -$myTmpObjects['RecruitmentJobPosition'] = array('includerefgeneration' => 1, 'includedocgeneration' => 1); +$myTmpObjects['recruitmentjobposition'] = array('label' => 'RecruitmentJobPosition', 'includerefgeneration' => 1, 'includedocgeneration' => 1, 'class' => 'RecruitmentJobPosition'); + +$tmpobjectkey = GETPOST('object', 'aZ09'); +if ($tmpobjectkey && !array_key_exists($tmpobjectkey, $myTmpObjects)) { + accessforbidden('Bad value for object. Hack attempt ?'); +} /* @@ -117,40 +122,37 @@ if ($action == 'updateMask') { } } elseif ($action == 'specimen') { $modele = GETPOST('module', 'alpha'); - $tmpobjectkey = GETPOST('object', 'aZ09'); - if (in_array($tmpobjectkey, $myTmpObjects)) { - $tmpobject = new $tmpobjectkey($db); - $tmpobject->initAsSpecimen(); + $tmpobject = new $tmpobjectkey($db); + $tmpobject->initAsSpecimen(); - // Search template files - $file = ''; - $classname = ''; - $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); - foreach ($dirmodels as $reldir) { - $file = dol_buildpath($reldir."core/modules/recruitment/doc/pdf_".$modele."_".strtolower($tmpobjectkey).".modules.php", 0); - if (file_exists($file)) { - $classname = "pdf_".$modele."_".strtolower($tmpobjectkey); - break; - } + // Search template files + $file = ''; + $classname = ''; + $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); + foreach ($dirmodels as $reldir) { + $file = dol_buildpath($reldir."core/modules/recruitment/doc/pdf_".$modele."_".strtolower($tmpobjectkey).".modules.php", 0); + if (file_exists($file)) { + $classname = "pdf_".$modele."_".strtolower($tmpobjectkey); + break; } + } - if ($classname !== '') { - require_once $file; + if ($classname !== '') { + require_once $file; - $module = new $classname($db); + $module = new $classname($db); - if ($module->write_file($tmpobject, $langs) > 0) { - header("Location: ".DOL_URL_ROOT."/document.php?modulepart=recruitment-".strtolower($tmpobjectkey)."&file=SPECIMEN.pdf"); - return; - } else { - setEventMessages($module->error, null, 'errors'); - dol_syslog($module->error, LOG_ERR); - } + if ($module->write_file($tmpobject, $langs) > 0) { + header("Location: ".DOL_URL_ROOT."/document.php?modulepart=recruitment-".strtolower($tmpobjectkey)."&file=SPECIMEN.pdf"); + return; } else { - setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); - dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); + setEventMessages($module->error, null, 'errors'); + dol_syslog($module->error, LOG_ERR); } + } else { + setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); + dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); } } elseif ($action == 'set') { // Activate a model @@ -158,7 +160,6 @@ if ($action == 'updateMask') { } elseif ($action == 'del') { $ret = delDocumentModel($value, $type); if ($ret > 0) { - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'RECRUITMENT_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (getDolGlobalString($constforval) == "$value") { @@ -168,7 +169,6 @@ if ($action == 'updateMask') { } } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated by calling method canBeActivated - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'RECRUITMENT_'.strtoupper($tmpobjectkey)."_ADDON"; @@ -176,7 +176,6 @@ if ($action == 'updateMask') { } } elseif ($action == 'setdoc') { // Set default model - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'RECRUITMENT_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { @@ -192,7 +191,6 @@ if ($action == 'updateMask') { } } } elseif ($action == 'unsetdoc') { - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'RECRUITMENT_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; dolibarr_del_const($db, $constforval, $conf->entity); diff --git a/htdocs/recruitment/admin/setup_candidatures.php b/htdocs/recruitment/admin/setup_candidatures.php index c72257e9d2a..9706487e6e3 100644 --- a/htdocs/recruitment/admin/setup_candidatures.php +++ b/htdocs/recruitment/admin/setup_candidatures.php @@ -58,9 +58,10 @@ $arrayofparameters = array( $error = 0; $setupnotempty = 0; +$tmpobjectkey = GETPOST('object', 'aZ09'); $moduledir = 'recruitment'; $myTmpObjects = array(); -$myTmpObjects['RecruitmentCandidature'] = array('includerefgeneration' => 1, 'includedocgeneration' => 0); +$myTmpObjects['recruitmentcandidature'] = array('label' => 'RecruitmentCandidature', 'includerefgeneration' => 1, 'includedocgeneration' => 0, 'class' => 'RecruitmentCandidature'); /* @@ -88,48 +89,43 @@ if ($action == 'updateMask') { } } elseif ($action == 'specimen') { $modele = GETPOST('module', 'alpha'); - $tmpobjectkey = GETPOST('object', 'aZ09'); - if (array_key_exists($tmpobjectkey, $myTmpObjects)) { - $className = $myTmpObjects[$tmpobjectkey]['class']; - $tmpobject = new $className($db); - $tmpobject->initAsSpecimen(); + $className = $myTmpObjects[$tmpobjectkey]['class']; + $tmpobject = new $className($db); + $tmpobject->initAsSpecimen(); - // Search template files - $file = ''; - $classname = ''; - $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); - foreach ($dirmodels as $reldir) { - $file = dol_buildpath($reldir."core/modules/mymodule/doc/pdf_".$modele."_".strtolower($tmpobjectkey).".modules.php", 0); - if (file_exists($file)) { - $classname = "pdf_".$modele; - break; - } + // Search template files + $file = ''; + $classname = ''; + $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); + foreach ($dirmodels as $reldir) { + $file = dol_buildpath($reldir."core/modules/mymodule/doc/pdf_".$modele."_".strtolower($tmpobjectkey).".modules.php", 0); + if (file_exists($file)) { + $classname = "pdf_".$modele; + break; } + } - if ($classname !== '') { - require_once $file; + if ($classname !== '') { + require_once $file; - $module = new $classname($db); + $module = new $classname($db); - if ($module->write_file($tmpobject, $langs) > 0) { - header("Location: ".DOL_URL_ROOT."/document.php?modulepart=".strtolower($tmpobjectkey)."&file=SPECIMEN.pdf"); - return; - } else { - setEventMessages($module->error, null, 'errors'); - dol_syslog($module->error, LOG_ERR); - } + if ($module->write_file($tmpobject, $langs) > 0) { + header("Location: ".DOL_URL_ROOT."/document.php?modulepart=".strtolower($tmpobjectkey)."&file=SPECIMEN.pdf"); + return; } else { - setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); - dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); + setEventMessages($module->error, null, 'errors'); + dol_syslog($module->error, LOG_ERR); } + } else { + setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); + dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); } } elseif ($action == 'set') { // Activate a model $ret = addDocumentModel($value, $type, $label, $scandir); } elseif ($action == 'del') { - $tmpobjectkey = GETPOST('object', 'aZ09'); - $ret = delDocumentModel($value, $type); if ($ret > 0) { $constforval = 'RECRUITMENT_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; @@ -139,7 +135,6 @@ if ($action == 'updateMask') { } } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated by calling method canBeActivated - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'RECRUITMENT_'.strtoupper($tmpobjectkey)."_ADDON"; @@ -147,7 +142,6 @@ if ($action == 'updateMask') { } } elseif ($action == 'setdoc') { // Set default model - $tmpobjectkey = GETPOST('object', 'aZ09'); $constforval = 'RECRUITMENT_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { // The constant that was read before the new set @@ -161,7 +155,6 @@ if ($action == 'updateMask') { $ret = addDocumentModel($value, $type, $label, $scandir); } } elseif ($action == 'unsetdoc') { - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'RECRUITMENT_'.strtoupper($tmpobjectkey).'_ADDON_PDF'; dolibarr_del_const($db, $constforval, $conf->entity); diff --git a/htdocs/webportal/admin/setup.php b/htdocs/webportal/admin/setup.php index d2bcd74f8e1..55006cab01f 100644 --- a/htdocs/webportal/admin/setup.php +++ b/htdocs/webportal/admin/setup.php @@ -119,7 +119,7 @@ $myTmpObjects = array(); $myTmpObjects['WebPortal'] = array('label' => 'WebPortal', 'includerefgeneration' => 0, 'includedocgeneration' => 0); $tmpobjectkey = GETPOST('object', 'aZ09'); -if ($tmpobjectkey && array_key_exists($tmpobjectkey, $myTmpObjects)) { +if ($tmpobjectkey && !array_key_exists($tmpobjectkey, $myTmpObjects)) { accessforbidden('Bad value for object. Hack attempt ?'); } @@ -148,44 +148,40 @@ if ($action == 'updateMask') { } } elseif ($action == 'specimen') { $modele = GETPOST('module', 'alpha'); - $tmpobjectkey = GETPOST('object', 'aZ09'); - if (array_key_exists($tmpobjectkey, $myTmpObjects)) { - $tmpobject = new $tmpobjectkey($db); - $tmpobject->initAsSpecimen(); + $tmpobject = new $tmpobjectkey($db); + $tmpobject->initAsSpecimen(); - // Search template files - $file = ''; - $classname = ''; - $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); - foreach ($dirmodels as $reldir) { - $file = dol_buildpath($reldir . "core/modules/webportal/doc/pdf_" . $modele . "_" . strtolower($tmpobjectkey) . ".modules.php", 0); - if (file_exists($file)) { - $classname = "pdf_" . $modele . "_" . strtolower($tmpobjectkey); - break; - } + // Search template files + $file = ''; + $classname = ''; + $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); + foreach ($dirmodels as $reldir) { + $file = dol_buildpath($reldir . "core/modules/webportal/doc/pdf_" . $modele . "_" . strtolower($tmpobjectkey) . ".modules.php", 0); + if (file_exists($file)) { + $classname = "pdf_" . $modele . "_" . strtolower($tmpobjectkey); + break; } + } - if ($classname !== '') { - require_once $file; + if ($classname !== '') { + require_once $file; - $module = new $classname($db); + $module = new $classname($db); - if ($module->write_file($tmpobject, $langs) > 0) { - header("Location: " . DOL_URL_ROOT . "/document.php?modulepart=webportal-" . strtolower($tmpobjectkey) . "&file=SPECIMEN.pdf"); - return; - } else { - setEventMessages($module->error, null, 'errors'); - dol_syslog($module->error, LOG_ERR); - } + if ($module->write_file($tmpobject, $langs) > 0) { + header("Location: " . DOL_URL_ROOT . "/document.php?modulepart=webportal-" . strtolower($tmpobjectkey) . "&file=SPECIMEN.pdf"); + return; } else { - setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); - dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); + setEventMessages($module->error, null, 'errors'); + dol_syslog($module->error, LOG_ERR); } + } else { + setEventMessages($langs->trans("ErrorModuleNotFound"), null, 'errors'); + dol_syslog($langs->trans("ErrorModuleNotFound"), LOG_ERR); } } elseif ($action == 'setmod') { // TODO Check if numbering module chosen can be activated by calling method canBeActivated - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'WEBPORTAL_' . strtoupper($tmpobjectkey) . "_ADDON"; dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity); @@ -206,7 +202,6 @@ if ($action == 'updateMask') { } } elseif ($action == 'setdoc') { // Set or unset default model - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'WEBPORTAL_' . strtoupper($tmpobjectkey) . '_ADDON_PDF'; if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { @@ -222,7 +217,6 @@ if ($action == 'updateMask') { } } } elseif ($action == 'unsetdoc') { - $tmpobjectkey = GETPOST('object', 'aZ09'); if (!empty($tmpobjectkey)) { $constforval = 'WEBPORTAL_' . strtoupper($tmpobjectkey) . '_ADDON_PDF'; dolibarr_del_const($db, $constforval, $conf->entity);