Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-01-06 09:02:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Security: Fix more security holes

Browse Source
This commit is contained in:
Laurent Destailleur
2011-11-02 22:15:59 +01:00
parent 7f4944da31
commit ee92964ef7
6 changed files with 32 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/usergroups.lib.php
View File

@@ -233,7 +233,7 @@ function show_theme($fuser,$edit=0,$foruserprofile=false)
$url=$urltheme."/".$subdir."/thumb.png";
if (! file_exists($file)) $url=$urltheme."/common/nophoto.jpg";
print '<table><tr><td>';
print '<a href="'.$_SERVER["PHP_SELF"].($edit?'?action=edit&theme=':'?theme=').$subdir.(! empty($_GET["optioncss"])?'&optioncss='.$_GET["optioncss"]:'').($fuser?'&id='.$fuser->id:'').'" style="font-weight: normal;" alt="'.$langs->trans("Preview").'">';
print '<a href="'.$_SERVER["PHP_SELF"].($edit?'?action=edit&theme=':'?theme=').$subdir.(GETPOST("optioncss")?'&optioncss='.GETPOST("optioncss",'alpha',1):'').($fuser?'&id='.$fuser->id:'').'" style="font-weight: normal;" alt="'.$langs->trans("Preview").'">';
if ($subdir == $conf->global->MAIN_THEME) $title=$langs->trans("ThemeCurrentlyActive");
else $title=$langs->trans("ShowPreview");
print '<img src="'.$url.'" border="0" width="80" height="60" alt="'.$title.'" title="'.$title.'">';