2 年之前 · 9d29ae8f10
--- a/htdocs/core/modules/mailings/modules_mailings.php
+++ b/htdocs/core/modules/mailings/modules_mailings.php
@@ -180,7 +180,6 @@ class MailingTargets // This can't be abstract as it is used for some method
 
				 	public function addTargetsToDatabase($mailing_id, $cibles)
			
 
				 	{
			
 
				 		global $conf;
			
 
				-		global $dolibarr_main_instance_unique_id;
			
 
				 
			
 
				 		$this->db->begin();
			
 
				 
			
@@ -203,7 +202,7 @@ class MailingTargets // This can't be abstract as it is used for some method
 
				 				$sql .= "'".$this->db->escape($targetarray['other'])."',";
			
 
				 				$sql .= "'".$this->db->escape($targetarray['source_url'])."',";
			
 
				 				$sql .= (empty($targetarray['source_id']) ? 'null' : "'".$this->db->escape($targetarray['source_id'])."'").",";
			
 
				-				$sql .= "'".$this->db->escape(dol_hash($dolibarr_main_instance_unique_id.";".$targetarray['email'].";".$targetarray['lastname'].";".((int) $mailing_id).";".getDolGlobalString('MAILING_EMAIL_UNSUBSCRIBE_KEY'), 'md5'))."',";
			
 
				+				$sql .= "'".$this->db->escape(dol_hash($conf->file->instance_unique_id.";".$targetarray['email'].";".$targetarray['lastname'].";".((int) $mailing_id).";".getDolGlobalString('MAILING_EMAIL_UNSUBSCRIBE_KEY'), 'md5'))."',";
			
 
				 				$sql .= "'".$this->db->escape($targetarray['source_type'])."')";
			
 
				 				dol_syslog(__METHOD__, LOG_DEBUG);
			
 
				 				$result = $this->db->query($sql);
			
--- a/htdocs/core/tpl/passwordreset.tpl.php
+++ b/htdocs/core/tpl/passwordreset.tpl.php
@@ -97,10 +97,10 @@ if ($setnewpassword && $username && $passworduidhash) {
 
				 	if ($result < 0) {
			
 
				 		$message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorTechnicalError")).'</div>';
			
 
				 	} else {
			
 
				-		global $dolibarr_main_instance_unique_id;
			
 
				+		global $conf;
			
 
				 
			
 
				-		//print $edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id.' '.$passworduidhash;
			
 
				-		if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id, $passworduidhash)) {
			
 
				+		//print $edituser->pass_temp.'-'.$edituser->id.'-'.$conf->file->instance_unique_id.' '.$passworduidhash;
			
 
				+		if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$conf->file->instance_unique_id, $passworduidhash)) {
			
 
				 			// Clear session
			
 
				 			unset($_SESSION['dol_login']);
			
 
				 
			
--- a/htdocs/public/users/view.php
+++ b/htdocs/public/users/view.php
@@ -62,8 +62,8 @@ $object->fetch($id, '', '', 1);
 
				 $urlwithroot = DOL_MAIN_URL_ROOT; // This is to use same domain name than current. For Paypal payment, we can use internal URL like localhost.
			
 
				 
			
 
				 // Security check
			
 
				-global $dolibarr_main_instance_unique_id;
			
 
				-$encodedsecurekey = dol_hash($dolibarr_main_instance_unique_id.'uservirtualcard'.$object->id.'-'.$object->login, 'md5');
			
 
				+global $conf;
			
 
				+$encodedsecurekey = dol_hash($conf->file->instance_unique_id.'uservirtualcard'.$object->id.'-'.$object->login, 'md5');
			
 
				 if ($encodedsecurekey != $securekey) {
			
 
				 	httponly_accessforbidden('Bad value for securitykey or public profile not enabled');
			
 
				 }