fix token to link (#28141)

* fix token to link

* pre-commit

---------

Co-authored-by: jpb <jean-pascal.boudet@atm-consulting>

ChangeLog

@@ -23,7 +23,7 @@ FIX: Accountancy - Update Quadra export format
 FIX: add action update_extras to don card
 FIX: add_customer_ref_on_linked_shipment (#26349)
 FIX: add display of an error when attempting to delete a committed transaction (#26573)
-FIX: Adding the $encode parrameter to recursive _replaceHtmlWithOdtTag() utilisation
+FIX: Adding the $encode parameter to recursive _replaceHtmlWithOdtTag() utilisation
 FIX: add warning in the changelog
 FIX: avoid php8 warnings (#25596)
 FIX: avoid warning : Cannot use a scalar value as an array (#26437)
@@ -103,7 +103,7 @@ FIX: template invoice list extrafield filters (backport v17) (#26227)
 FIX: thirdparty object in proposal card is not loaded
 FIX: too long output
 FIX: translation button
-FIX: use event.key instead event.wich to avoid keyboard difference
+FIX: use event.key instead event.which to avoid keyboard difference
 FIX: Use of line->insert instead of line->create
 FIX: user creation when LDAP is configured (#26332)
 FIX: Use the wrong logo size on PDF

htdocs/product/stock/stocktransfer/stocktransfer_card.php

@@ -39,6 +39,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/modules/stocktransfer/modules_stocktransfe
 $langs->loadLangs(array("stocks", "other", "productbatch", "companies"));
  if (isModEnabled('incoterm')) $langs->load('incoterm');
 
+
 // Get parameters
 $id = GETPOST('id', 'int');
 $ref        = GETPOST('ref', 'alpha');
@@ -954,12 +955,12 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
 					}
 				}
 			} elseif ($object->status == $object::STATUS_VALIDATED && $permissiontoadd) {
-				print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=destock">'.$langs->trans("StockTransferDecrementation").'</a>';
+				print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=destock&token='.newToken().'">'.$langs->trans("StockTransferDecrementation").'</a>';
 			} elseif ($object->status == $object::STATUS_TRANSFERED && $permissiontoadd) {
-				print '<a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=destockcancel">'.$langs->trans("StockTransferDecrementationCancel").'</a>';
-				print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=addstock">'.$langs->trans("StockTransferIncrementation").'</a>';
+				print '<a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=destockcancel&token='.newToken().'">'.$langs->trans("StockTransferDecrementationCancel").'</a>';
+				print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=addstock&token='.newToken().'">'.$langs->trans("StockTransferIncrementation").'</a>';
 			} elseif ($object->status == $object::STATUS_CLOSED && $permissiontoadd) {
-				print '<a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=addstockcancel">'.$langs->trans("StockTransferIncrementationCancel").'</a>';
+				print '<a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=addstockcancel&token='.newToken().'">'.$langs->trans("StockTransferIncrementationCancel").'</a>';
 			}
 
 			// Clone