CSRF-protect the form + update the version

Fix #8
This commit is contained in:
Chl 2023-12-17 00:22:21 +01:00
parent cdde859aea
commit d3bac76b2e
2 changed files with 7 additions and 1 deletions

View file

@ -69,7 +69,7 @@ class modsendrecurringinvoicebymail extends DolibarrModules
$this->editor_url = 'https://code.bugness.org/Dolibarr/sendrecurringinvoicebymail'; $this->editor_url = 'https://code.bugness.org/Dolibarr/sendrecurringinvoicebymail';
// Possible values for version are: 'development', 'experimental', 'dolibarr', 'dolibarr_deprecated' or a version string like 'x.y.z' // Possible values for version are: 'development', 'experimental', 'dolibarr', 'dolibarr_deprecated' or a version string like 'x.y.z'
$this->version = '0.3.2'; $this->version = '0.3.3';
//Url to the file with your last numberversion of this module //Url to the file with your last numberversion of this module
//$this->url_last_version = 'http://www.example.com/versionmodule.txt'; //$this->url_last_version = 'http://www.example.com/versionmodule.txt';

View file

@ -234,6 +234,12 @@ do {
$output .= '<div class="titre inline-block">' . $langs->trans("Options") . "</div>\n"; $output .= '<div class="titre inline-block">' . $langs->trans("Options") . "</div>\n";
$output .= '<form id="sribmform" name="sribmform" method="POST" action="#sribmform">'; $output .= '<form id="sribmform" name="sribmform" method="POST" action="#sribmform">';
if (function_exists('newToken')) {
$output .= '<input type="hidden" name="token" value="'.newToken().'">'; // CSRF protection
} else {
// Used before Dolibar 13
$output .= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">'; // CSRF protection
}
$output .= '<table class="liste" summary="mail options"><tbody>'; $output .= '<table class="liste" summary="mail options"><tbody>';
$output .= '<tr class="oddeven">'; $output .= '<tr class="oddeven">';
$output .= ' <td><label for="active">' . $langs->trans('OptionEnable') . "</label></td>\n"; $output .= ' <td><label for="active">' . $langs->trans('OptionEnable') . "</label></td>\n";