Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 09:38:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX #16096 #16085 Any call of ajax pages must provide the token

Browse Source
This commit is contained in:
Laurent Destailleur
2021-02-23 11:13:57 +01:00
parent 34dcebea78
commit d2e1f9fce9
1 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
htdocs/core/js/lib_head.js.php
View File

@@ -520,9 +520,9 @@ function hideMessage(fieldId,message) {
* Used by button to set on/off. * Used by button to set on/off.
* Call url then make complementary action (like show/hide, enable/disable or set another option). * Call url then make complementary action (like show/hide, enable/disable or set another option).
* *
* @param string url Url * @param string url Url (warning: as any url called in ajax mode, the url called here must not renew the token)
* @param string code Code * @param string code Code
* @param string intput Input * @param string intput Array of complementary actions to do if success
* @param int entity Entity * @param int entity Entity
* @param int strict Strict * @param int strict Strict
* @param int forcereload Force reload * @param int forcereload Force reload
@@ -574,11 +574,12 @@ function setConstant(url, code, input, entity, strict, forcereload, userid, toke
$.each(data, function(key, value) { $.each(data, function(key, value) {
$("#set_" + key).hide(); $("#set_" + key).hide();
$("#del_" + key).show(); $("#del_" + key).show();
$.get( url, { $.post( url, {
action: "set", action: "set",
name: key, name: key,
value: value, value: value,
entity: entity entity: entity,
token: token
}); });
}); });
} }
@@ -593,9 +594,9 @@ function setConstant(url, code, input, entity, strict, forcereload, userid, toke
* Used by button to set on/off * Used by button to set on/off
* Call url then make complementary action (like show/hide, enable/disable or set another option). * Call url then make complementary action (like show/hide, enable/disable or set another option).
* *
* @param string url Url * @param string url Url (warning: as any url called in ajax mode, the url called here must not renew the token)
* @param string code Code * @param string code Code
* @param string intput Input * @param string intput Array of complementary actions to do if success
* @param int entity Entity * @param int entity Entity
* @param int strict Strict * @param int strict Strict
* @param int forcereload Force reload * @param int forcereload Force reload
@@ -644,10 +645,11 @@ function delConstant(url, code, input, entity, strict, forcereload, userid, toke
$.each(data, function(key, value) { $.each(data, function(key, value) {
$("#del_" + value).hide(); $("#del_" + value).hide();
$("#set_" + value).show(); $("#set_" + value).show();
$.get( url, { $.post( url, {
action: "del", action: "del",
name: value, name: value,
entity: entity entity: entity,
token: token
}); });
}); });
} }