PrestaShop · Hlavtox · Feb 8, 2024 · Jan 31, 2024
@@ -27,7 +27,9 @@
 session_start();
 
 if (!defined('_PS_ADMIN_DIR_')) {
-    define('_PS_ADMIN_DIR_', dirname(__FILE__).'/../../');
+    // Properly assign admin directory path, we don't want to use relative traversal here,
+    // it creates problems in some methods that use basename(_PS_ADMIN_DIR_), like Link class.
+    define('_PS_ADMIN_DIR_', dirname(__DIR__, 2));
 }
 
 require_once _PS_ADMIN_DIR_.'/../config/config.inc.php';

@@ -24,6 +24,10 @@
  * @license   https://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
  */
 
+/**
+ * This file is currently only used for admin filemanager.
+ * Some things in this file are probably not needed to be initialized anymore.
+ */
 use PrestaShop\PrestaShop\Core\Util\Url\UrlCleaner;
 
 ob_start();
@@ -36,7 +40,7 @@
     }
 
     if (!isset($context->employee) || !$context->employee->isLoggedBack()) {
-        Tools::redirectAdmin('index.php?controller=AdminLogin&redirect='.$_SERVER['REQUEST_URI']);
+        Tools::redirectAdmin($context->link->getAdminLink('AdminLogin', false, [], ['redirect' => $_SERVER['REQUEST_URI']]));
     }
 
     $iso = $context->language->iso_code;

@@ -50,7 +50,7 @@
 
 	function uploadCarrierLogo() {
 		$.ajaxFileUpload({
-			url: 'index.php?ajax=1&controller=AdminCarrierWizard&token={$token|addslashes}&action=uploadLogo',
+			url: '{$link->getAdminLink('AdminCarrierWizard', true, [], ['ajax' => 1, 'action' => 'uploadLogo'])}',
 			secureuri: false,
 			fileElementId: 'carrier_logo_input',
 			dataType: 'xml',

@@ -32,7 +32,7 @@
 			{else}
 				<i class="icon-user"></i>
 				{if !empty($message.id_customer)}
-					<a href="index.php?controller=AdminCustomers&amp;id_customer={$message.id_customer}&amp;viewcustomer&amp;token={getAdminToken tab='AdminCustomers'}" title="{l|escape s='View customer' d='Admin.Orderscustomers.Feature'}">
+					<a href="{$link->getAdminLink('AdminCustomers', true, [], ['id_customer' => $message.id_customer, 'viewcustomer' => 1])}" title="{l|escape s='View customer' d='Admin.Orderscustomers.Feature'}">
 						{$message.customer_name}
 					</a>
 				{else}
@@ -45,7 +45,7 @@
 			<dl class="dl-horizontal">
 				<dt>{l s='Customer ID:' d='Admin.Orderscustomers.Feature'}</dt>
 				<dd>
-					<a href="index.php?controller=AdminCustomers&amp;id_customer={$message.id_customer}&amp;viewcustomer&amp;token={getAdminToken tab='AdminCustomers'}" title="{l|escape s='View customer' d='Admin.Orderscustomers.Feature'}">
+					<a href="{$link->getAdminLink('AdminCustomers', true, [], ['id_customer' => $message.id_customer, 'viewcustomer' => 1])}" title="{l|escape s='View customer' d='Admin.Orderscustomers.Feature'}">
 						{$message.id_customer} <i class="icon-search"></i>
 					</a>
 				</dd>
@@ -65,7 +65,7 @@
 			<dl class="dl-horizontal">
 				<dt>{l s='File attachment' d='Admin.Orderscustomers.Feature'}</dt>
 				<dd>
-					<a href="index.php?controller=AdminCustomerThreads&amp;id_customer_thread={$message.id_customer_thread}&amp;viewcustomer_thread&amp;token={getAdminToken tab='AdminCustomerThreads'}&amp;filename={$message.file_name}"
+					<a href="{$link->getAdminLink('AdminCustomerThreads', true, [], ['id_customer_thread' => $message.id_customer_thread, 'viewcustomer_thread' => 1, 'filename' => $message.file_name])}"
 					title="{l|escape s='View file' d='Admin.Orderscustomers.Feature'}">
 						<i class="icon-search"></i>
 					</a>
@@ -75,7 +75,7 @@
 			{if !empty($message.id_order) && $is_valid_order_id && empty($message.id_employee)}
 				<dl class="dl-horizontal">
 					<dt>{l s='Order #' d='Admin.Orderscustomers.Feature'}</dt>
-					<dd><a href="index.php?controller=AdminOrders&amp;id_order={$message.id_order}&amp;vieworder&amp;token={getAdminToken tab='AdminOrders'}" title="{l|escape s='View order' d='Admin.Orderscustomers.Feature'}">{$message.id_order} <img src="../img/admin/search.gif" alt="{l s='View' d='Admin.Actions'}" /></a>
+					<dd><a href="{$link->getAdminLink('AdminOrders', true, [], ['id_order' => $message.id_order, 'vieworder' => 1])}" title="{l|escape s='View order' d='Admin.Orderscustomers.Feature'}">{$message.id_order} <img src="../img/admin/search.gif" alt="{l s='View' d='Admin.Actions'}" /></a>
 					</dd>
 				</dl>
 			{/if}

@@ -55,7 +55,7 @@
 					<div>{l s='Back' d='Admin.Global'}</div>
 				</a>
 			</li>
-			{if isset($trad_link)}
+			{if !empty($translateLinks)}
 			<li>
 				<a id="desc-module-translate" data-toggle="modal" data-target="#moduleTradLangSelect" class="toolbar_btn" href="#" title="{l s='Translate'}">
 					<i class="process-icon-flag"></i>

@@ -22,7 +22,7 @@
  * @copyright Since 2007 PrestaShop SA and Contributors
  * @license   https://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
  *}
-<form id="header_search" class="component bo_search_form" method="post" action="{$baseAdminUrl}index.php?controller=AdminSearch&amp;token={getAdminToken tab='AdminSearch'}" role="search">
+<form id="header_search" class="component bo_search_form" method="post" action="{$link->getAdminLink('AdminSearch')}" role="search">
 	<div class="form-group">
 		<input type="hidden" name="bo_search_type" id="bo_search_type" />
 		<div class="input-group">

@@ -26,7 +26,7 @@
 <form id="header_search"
       class="bo_search_form dropdown-form js-dropdown-form collapsed"
       method="post"
-      action="{$baseAdminUrl}index.php?controller=AdminSearch&amp;token={getAdminToken tab='AdminSearch'}"
+      action="{$link->getAdminLink('AdminSearch')}"
       role="search">
   <input type="hidden" name="bo_search_type" id="bo_search_type" class="js-search-type" />
   {if isset($show_clear_btn) && $show_clear_btn}

@@ -608,16 +608,6 @@ public function displayDeleteLink($token, $id, $name = null)
 
         $href = $this->currentIndex . '&' . $this->identifier . '=' . $id . '&delete' . $this->table . '&token=' . ($token != null ? $token : $this->token);
 
-        switch ($this->currentIndex) {
-            case 'index.php?controller=AdminProducts':
-                if ($this->identifier == 'id_product') {
-                    $href = Context::getContext()->link->getAdminLink('AdminProducts', true, ['id_product' => $id, 'deleteproduct' => 1]);
-                }
-
-                break;
-            default:
-        }
-
         $data = [
             $this->identifier => $id,
             'href' => $href,

@@ -368,7 +368,7 @@ protected function getWarningDomainName()
                 ) . $this->trans(
                     'If this is your main domain, please {link}change it now{/link}.',
                     [
-                        '{link}' => '<a href="index.php?controller=AdminShopUrl&id_shop_url=' . (int) $shop->id . '&updateshop_url&token=' . Tools::getAdminTokenLite('AdminShopUrl') . '">',
+                        '{link}' => '<a href="' . $this->context->link->getAdminLink('AdminShopUrl', true, [], ['id_shop_url' => (int) $shop->id, 'updateshop_url' => 1]) . '">',
                         '{/link}' => '</a>',
                     ],
                     'Admin.Dashboard.Notification'
@@ -378,7 +378,7 @@ protected function getWarningDomainName()
 				' . $this->trans(
                     'If this is your main domain, please {link}change it now{/link}.',
                     [
-                        '{link}' => '<a href="index.php?controller=AdminMeta&token=' . Tools::getAdminTokenLite('AdminMeta') . '#meta_fieldset_shop_url">',
+                        '{link}' => '<a href="' . $this->context->link->getAdminLink('AdminMeta') . '#meta_fieldset_shop_url">',
                         '{/link}' => '</a>',
                     ],
                     'Admin.Dashboard.Notification'

@@ -179,9 +179,6 @@ public function initContent()
 
         $this->show_page_header_toolbar = (bool) $this->showContentHeader;
 
-        // @todo remove once the product page has been made responsive
-        $isProductPage = ('AdminProducts' === $this->controller_name);
-
         $vars = [
             'maintenance_mode' => !(bool) Configuration::get('PS_SHOP_ENABLE'),
             'maintenance_allow_admins' => (bool) Configuration::get('PS_MAINTENANCE_ALLOW_ADMINS'),

@@ -198,7 +198,6 @@ public function initModal()
         }
 
         $this->context->smarty->assign([
-            'trad_link' => 'index.php?controller=AdminTranslations&token=' . Tools::getAdminTokenLite('AdminTranslations') . '&type=modules&module=' . Tools::getValue('configure') . '&lang=',
             'module_languages' => $languages,
             'module_name' => Tools::getValue('configure'),
             'translateLinks' => $translateLinks,

@@ -105,7 +105,7 @@ public function postProcess()
                 if ($searchType == 1 && Validate::isUnsignedInt((int) $this->query)) {
                     $product = new Product((int) $this->query);
                     if (Validate::isLoadedObject($product)) {
-                        Tools::redirectAdmin('index.php?controller=AdminProducts&id_product=' . (int) ($product->id) . '&token=' . Tools::getAdminTokenLite('AdminProducts'));
+                        Tools::redirectAdmin($this->context->link->getAdminLink('AdminProducts', true, ['id_product' => (int) $product->id, 'updateproduct' => '1']));
                     }
                 }
 
@@ -145,7 +145,7 @@ public function postProcess()
             if (!$searchType || $searchType == 3) {
                 if (Validate::isUnsignedInt(trim($this->query)) && Validate::isLoadedObject($order = new Order((int) $this->query))) {
                     if ($searchType == 3) {
-                        Tools::redirectAdmin('index.php?controller=AdminOrders&id_order=' . (int) $order->id . '&vieworder' . '&token=' . Tools::getAdminTokenLite('AdminOrders'));
+                        Tools::redirectAdmin($this->context->link->getAdminLink('AdminOrders', true, [], ['id_order' => (int) $order->id, 'vieworder' => '1']));
                     } else {
                         $row = get_object_vars($order);
                         $row['id_order'] = $row['id'];
@@ -159,7 +159,7 @@ public function postProcess()
                     $orders = Order::getByReference($this->query);
                     $nb_orders = count($orders);
                     if ($nb_orders == 1 && $searchType == 3) {
-                        Tools::redirectAdmin('index.php?controller=AdminOrders&id_order=' . (int) $orders[0]->id . '&vieworder' . '&token=' . Tools::getAdminTokenLite('AdminOrders'));
+                        Tools::redirectAdmin($this->context->link->getAdminLink('AdminOrders', true, [], ['id_order' => (int) $orders[0]->id, 'vieworder' => '1']));
                     } elseif ($nb_orders) {
                         $this->_list['orders'] = [];
                         foreach ($orders as $order) {
@@ -198,7 +198,7 @@ public function postProcess()
             /* Cart */
             if ($searchType == 5) {
                 if (Validate::isUnsignedInt((int) $this->query) && Validate::isLoadedObject($cart = new Cart((int) $this->query))) {
-                    Tools::redirectAdmin('index.php?controller=AdminCarts&id_cart=' . (int) ($cart->id) . '&viewcart' . '&token=' . Tools::getAdminToken('AdminCarts' . (int) (Tab::getIdFromClassName('AdminCarts')) . (int) $this->context->employee->id));
+                    Tools::redirectAdmin($this->context->link->getAdminLink('AdminOrders', true, [], ['id_cart' => (int) $cart->id, 'viewcart' => 1]));
                 }
                 $this->errors[] = $this->trans('No cart was found with this ID:', [], 'Admin.Orderscustomers.Notification') . ' ' . Tools::htmlentitiesUTF8($this->query);
             }
@@ -210,7 +210,7 @@ public function postProcess()
                 /* Handle module name */
                 if ($searchType == 7 && Validate::isModuleName($this->query) && ($module = Module::getInstanceByName($this->query)) && Validate::isLoadedObject($module)) {
                     // @todo redirect directly to module manager with search prefilled, because this won't work anymore
-                    Tools::redirectAdmin('index.php?controller=AdminModules&tab_module=' . $module->tab . '&module_name=' . $module->name . '&anchor=' . ucfirst($module->name) . '&token=' . Tools::getAdminTokenLite('AdminModules'));
+                    Tools::redirectAdmin($this->context->link->getAdminLink('AdminModules', true, [], ['tab_module' => $module->tab, 'module_name' => $module->name, 'anchor' => ucfirst($module->name)]));
                 }
 
                 /* Normal catalog search */

@@ -249,7 +249,7 @@ public function initMain()
             'themes' => $this->themes,
             'modules' => $modules,
             'current_theme_name' => $this->context->shop->theme_name,
-            'url_create_language' => 'index.php?controller=AdminLanguages&addlang&token=' . $token,
+            'url_create_language' => $this->context->link->getAdminLink('AdminLanguages', true, [], ['addlang' => '']),
             'level' => $this->authorizationLevel(),
         ];