Dolibarr/sendrecurringinvoicebymail
1
0
Fork 0
Code Issues Pull requests Releases 6 Activity Actions

CSRF-protect the form + update the version

Browse source 
Fix #8
This commit is contained in:
Chl 2023-12-17 00:22:21 +01:00
parent cdde859aea
commit d3bac76b2e
2 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
fiche-rec-tab1.php
View file

@ -234,6 +234,12 @@ do {
$output .= '<div class="titre inline-block">' . $langs->trans("Options") . "</div>\n";
$output .= '<form id="sribmform" name="sribmform" method="POST" action="#sribmform">';
if (function_exists('newToken')) {
$output .= '<input type="hidden" name="token" value="'.newToken().'">'; // CSRF protection
} else {
// Used before Dolibar 13
$output .= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">'; // CSRF protection
}
$output .= '<table class="liste" summary="mail options"><tbody>';
$output .= '<tr class="oddeven">';
$output .= ' <td><label for="active">' . $langs->trans('OptionEnable') . "</label></td>\n";