Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 01:28:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX #16096 #16085 Any call of ajax pages must provide the token

Browse Source
This commit is contained in:
Laurent Destailleur
2021-02-23 11:13:57 +01:00
parent 34dcebea78
commit d2e1f9fce9
1 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
htdocs/core/js/lib_head.js.php
View File

@@ -520,9 +520,9 @@ function hideMessage(fieldId,message) {
* Used by button to set on/off.
* Call url then make complementary action (like show/hide, enable/disable or set another option).
*
* @param string url Url
* @param string url Url (warning: as any url called in ajax mode, the url called here must not renew the token)
* @param string code Code
* @param string intput Input
* @param string intput Array of complementary actions to do if success
* @param int entity Entity
* @param int strict Strict
* @param int forcereload Force reload
@@ -574,11 +574,12 @@ function setConstant(url, code, input, entity, strict, forcereload, userid, toke
$.each(data, function(key, value) {
$("#set_" + key).hide();
$("#del_" + key).show();
$.get( url, {
$.post( url, {
action: "set",
name: key,
value: value,
entity: entity
entity: entity,
token: token
});
});
}
@@ -593,9 +594,9 @@ function setConstant(url, code, input, entity, strict, forcereload, userid, toke
* Used by button to set on/off
* Call url then make complementary action (like show/hide, enable/disable or set another option).
*
* @param string url Url
* @param string url Url (warning: as any url called in ajax mode, the url called here must not renew the token)
* @param string code Code
* @param string intput Input
* @param string intput Array of complementary actions to do if success
* @param int entity Entity
* @param int strict Strict
* @param int forcereload Force reload
@@ -644,10 +645,11 @@ function delConstant(url, code, input, entity, strict, forcereload, userid, toke
$.each(data, function(key, value) {
$("#del_" + value).hide();
$("#set_" + value).show();
$.get( url, {
$.post( url, {
action: "del",
name: value,
entity: entity
entity: entity,
token: token
});
});
}