Home Explore Help
Sign In
iProspective
/
dolibarr
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix #yogosha16184

Laurent Destailleur 2 years ago
parent
6b942aed6f
commit
155c52bc30
4 changed files with 48 additions and 18 deletions
Split View Show Diff Stats
  1. 35 8
      htdocs/admin/system/security.php
  2. 9 8
      htdocs/core/lib/security2.lib.php
  3. 3 1
      htdocs/langs/en_US/admin.lang
  4. 1 1
      htdocs/paypal/admin/paypal.php

+ 35 - 8
htdocs/admin/system/security.php
View File 

@@ -173,7 +173,7 @@ print '<br>';
 
 print '<strong>'.$langs->trans("XDebug").'</strong>: ';
 
 $test = !function_exists('xdebug_is_enabled') && !extension_loaded('xdebug');
 
 if ($test) {
 
-	print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
 
+	print img_picto('', 'tick').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
 
 } else {
 
 	print img_picto('', 'warning').' '.$langs->trans("ModuleActivatedMayExposeInformation", $langs->transnoentities("XDebug"));
 
 	print ' - '.$langs->trans("MoreInformation").' <a href="'.DOL_URL_ROOT.'/admin/system/xdebug.php">XDebug admin page</a>';
 
@@ -480,30 +480,57 @@ print load_fiche_titre($langs->trans("Modules"), '', 'folder');
 
 
 // Module log
 
 print '<strong>'.$langs->trans("Syslog").'</strong>: ';
 
-$test = !isModEnabled('syslog');
 
-if ($test) {
 
-	print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
 
+$test = isModEnabled('syslog');
 
+if (!$test) {
 
+	print img_picto('', 'tick').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
 
 } else {
 
 	if (getDolGlobalInt('SYSLOG_LEVEL') > LOG_NOTICE) {
 
 		print img_picto('', 'warning').' '.$langs->trans("ModuleActivatedWithTooHighLogLevel", $langs->transnoentities("Syslog"));
 
 	} else {
 
-		print img_picto('', 'tick.png').' '.$langs->trans("ModuleSyslogActivatedButLevelNotTooVerbose", $langs->transnoentities("Syslog"), getDolGlobalInt('SYSLOG_LEVEL'));
 
+		print img_picto('', 'tick').' '.$langs->trans("ModuleSyslogActivatedButLevelNotTooVerbose", $langs->transnoentities("Syslog"), getDolGlobalInt('SYSLOG_LEVEL'));
 
 	}
 
 	//print ' '.$langs->trans("MoreInformation").' <a href="'.DOL_URL_ROOT.'/admin/system/xdebug.php'.'">XDebug admin page</a>';
 
 }
 
 print '<br>';
 
 
+print '<br>';
 
+
 
 // Module debugbar
 
 print '<strong>'.$langs->trans("DebugBar").'</strong>: ';
 
-$test = empty($conf->debugbar->enabled);
 
-if ($test) {
 
-	print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
 
+$test = isModEnabled('debugbar');
 
+if (!$test) {
 
+	print img_picto('', 'tick').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
 
 } else {
 
 	print img_picto('', 'error').' '.$langs->trans("ModuleActivatedDoNotUseInProduction", $langs->transnoentities("DebugBar"));
 
 	//print ' '.$langs->trans("MoreInformation").' <a href="'.DOL_URL_ROOT.'/admin/system/xdebug.php'.'">XDebug admin page</a>';
 
 }
 
 print '<br>';
 
 
+print '<br>';
 
+
 
+// Modules for Payments
 
+$test = isModEnabled('stripe');
 
+if ($test) {
 
+	print '<strong>'.$langs->trans("Stripe").'</strong>: ';
 
+	if (!getDolGlobalString('PAYMENT_SECURITY_TOKEN_UNIQUE')) {
 
+		print img_picto('', 'error').' '.$langs->trans("OptionXShouldBeEnabledInModuleY", $langs->transnoentities("SecurityTokenIsUnique"), $langs->transnoentities("Stripe"));
 
+	} else {
 
+		print img_picto('', 'tick').' '.$langs->trans("OptionXIsCorrectlyEnabledInModuleY", $langs->transnoentities("SecurityTokenIsUnique"), $langs->transnoentities("Stripe"));
 
+	}
 
+	print '<br>';
 
+} else {
 
+	$test = isModEnabled('paypal');
 
+	if ($test) {
 
+		print '<strong>'.$langs->trans("Paypal").'</strong>: ';
 
+		if (!getDolGlobalString('PAYMENT_SECURITY_TOKEN_UNIQUE')) {
 
+			print img_picto('', 'error').' '.$langs->trans("OptionXShouldBeEnabledInModuleY", $langs->transnoentities("SecurityTokenIsUnique"), $langs->transnoentities("Paypal"));
 
+		} else {
 
+			print img_picto('', 'tick').' '.$langs->trans("OptionXIsCorrectlyEnabledInModuleY", $langs->transnoentities("SecurityTokenIsUnique"), $langs->transnoentities("Paypal"));
 
+		}
 
+		print '<br>';
 
+	}
 
+}
 
+
 
 
 // APIs

+ 9 - 8
htdocs/core/lib/security2.lib.php
View File 

@@ -572,19 +572,20 @@ function dolJSToSetRandomPassword($htmlname, $htmlnameofbutton = 'generate_token
 
 	if (!empty($conf->use_javascript_ajax)) {
 
 		print "\n".'<!-- Js code to suggest a security key -->';
 
 		print '<script nonce="'.getNonce().'" type="text/javascript">';
 
-		print '$(document).ready(function () {
 
-            $("#'.dol_escape_js($htmlnameofbutton).'").click(function() {
 
-				console.log("We click on the button '.dol_escape_js($htmlnameofbutton).' to suggest a key. We will fill '.dol_escape_js($htmlname).'");
 
-            	$.get( "'.DOL_URL_ROOT.'/core/ajax/security.php", {
 
+		print 'jQuery(document).ready(function () {
 
+            jQuery("#'.dol_escape_js($htmlnameofbutton).'").click(function() {
 
+				var currenttoken = jQuery("meta[name=anti-csrf-currenttoken]").attr("content");
 
+				console.log("We click on the button '.dol_escape_js($htmlnameofbutton).' to suggest a key. anti-csrf-currentotken is "+currenttoken+". We will fill '.dol_escape_js($htmlname).'");
 
+				jQuery.get( "'.DOL_URL_ROOT.'/core/ajax/security.php", {
 
             		action: \'getrandompassword\',
 
             		generic: '.($generic ? '1' : '0').',
 
-					token: \''.dol_escape_js(newToken()).'\'
 
+					token: currenttoken
 
 				},
 
 				function(result) {
 
-					if ($("input#'.dol_escape_js($htmlname).'").attr("type") == "password") {
 
-						$("input#'.dol_escape_js($htmlname).'").attr("type", "text");
 
+					if (jQuery("input#'.dol_escape_js($htmlname).'").attr("type") == "password") {
 
+						jQuery("input#'.dol_escape_js($htmlname).'").attr("type", "text");
 
 					}
 
-					$("#'.dol_escape_js($htmlname).'").val(result);
 
+					jQuery("#'.dol_escape_js($htmlname).'").val(result);
 
 				});
 
             });
 
 		});'."\n";

+ 3 - 1
htdocs/langs/en_US/admin.lang
View File 

@@ -2382,4 +2382,6 @@ MAIN_CHECKBOX_LEFT_COLUMN=Show the column for field and line selection on the le
 
 NotAvailableByDefaultEnabledOnModuleActivation=Not created by default. Created on module activation only.
 
 CSSPage=CSS Style
 
 Defaultfortype=Default
 
-DefaultForTypeDesc=Template used by default when creating a new email for the template type
 
+DefaultForTypeDesc=Template used by default when creating a new email for the template type
 
+OptionXShouldBeEnabledInModuleY=Option "<b>%s</b>" should be enabled into module <b>%s</b>
 
+OptionXIsCorrectlyEnabledInModuleY=Option "<b>%s</b>" is enabled into module <b>%s</b>

+ 1 - 1
htdocs/paypal/admin/paypal.php
View File 

@@ -367,7 +367,7 @@ if (!empty($conf->use_javascript_ajax)) {
 
 	print '$(document).ready(function () {
 
 	            $("#apidoc").hide();
 
 	            $("#apidoca").click(function() {
 
-					console.log("We click on apidoca show/hide");
 
+					console.log("We click on apidoca so we show/hide");
 
 	                $("#apidoc").show();
 
 	            	$("#apidoca").hide();
 
 					return false;