Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Csrf #200

Merged
merged 4 commits into from
Aug 7, 2022
Merged

Csrf #200

merged 4 commits into from
Aug 7, 2022

Conversation

delcroip
Copy link
Owner

@delcroip delcroip commented Aug 7, 2022

No description provided.

houndci-bot
houndci-bot reviewed Aug 7, 2022
View reviewed changes
htdocs/timesheet/AttendanceEventAdmin.php
@@ -515,6 +515,8 @@ function init_myfunc()
dol_print_error($db);
}
print '</table>'."\n";
print '<input type = "hidden" id="csrf-token" name = "token" value = "'.$token.'"/>';
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line exceeds 85 characters; contains 89 characters

htdocs/timesheet/TimesheetProjectInvoice.php
@@ -492,6 +495,7 @@
// $sqlTailWhere .= ' AND fk_socpeople = \''.$userid.'\' and t.fk_statut = \'1\'';
//}
$Form = '<form name = "settings" action="?step=2" method = "POST" >'."\n\t";
$Form .= '<input type = "hidden" id="csrf-token" name = "token" value = "'.$token.'"/>';
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line exceeds 85 characters; contains 100 characters

htdocs/timesheet/TimesheetProjectInvoice.php
@@ -105,6 +106,8 @@
$Form .= '<input type = "hidden" name = "socid" value = "'.$socid.'">';
$Form .= '<input type = "hidden" name = "invoicingMethod" value = "'.$mode.'">';
$Form .= '<input type = "hidden" name = "ts2Invoice" value = "'.$ts2Invoice.'">';
$Form .= '<input type = "hidden" id="csrf-token" name = "token" value = "'.$token.'"/>';
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line exceeds 85 characters; contains 100 characters

htdocs/timesheet/TimesheetReportProject.php
if (!empty($querryRes))$form_output .=
'<a class = "butAction" href="?action=reportproject&dateStart='
.dol_print_date($dateStart, 'dayxcard').'&dateEnd='
.dol_print_date($dateEnd, 'dayxcard').'&projectSelected='.$projectSelectedId
.'&mode='.$mode.'&invoicabletaskOnly='.$invoicabletaskOnly
."&hidetab=".$hidetab.'&ungroup='.$ungroup.'" >'.$langs->trans('Refresh').'</a>';
."&hidetab=".$hidetab.'&ungroup='.$ungroup.'&token='.$token.'" >'.$langs->trans('Refresh').'</a>';
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line exceeds 85 characters; contains 102 characters

htdocs/timesheet/TimesheetReportProject.php
if (!empty($querryRes) && $conf->global->MAIN_MODULE_EXPORT)$form_output .=
'<a class = "butAction" href="?action=getExport&dateStart='
.dol_print_date($dateStart, 'dayxcard').'&dateEnd='
.dol_print_date($dateEnd, 'dayxcard').'&projectSelected='.$projectSelectedId
.'&mode='.$mode.'&model='.$model.'&invoicabletaskOnly='.$invoicabletaskOnly
."&hidetab=".$hidetab.'&ungroup='.$ungroup.'" >'.$langs->trans('Export').'</a>';
."&hidetab=".$hidetab.'&ungroup='.$ungroup.'&token='.$token.'" >'.$langs->trans('Export').'</a>';
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line exceeds 85 characters; contains 101 characters

htdocs/timesheet/TimesheetUserTasksAdmin.php
@@ -556,6 +556,7 @@ function init_myfunc()
//print_barre_liste function defined in /core/lib/function.lib.php, possible to add a picto
print_barre_liste($langs->trans("Timesheetuser"), $page, $PHP_SELF, $param, $sortfield, $sortorder, '', $num, $nbtotalofrecords);
print '<form method = "POST" action = "'.$_SERVER["PHP_SELF"].'">';
print '<input type = "hidden" id="csrf-token" name = "token" value = "'.$token.'"/>';
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line exceeds 85 characters; contains 97 characters
Line indented incorrectly; expected at least 16 spaces, found 12

htdocs/timesheet/class/AttendanceEvent.class.php
@@ -758,6 +758,9 @@ public function getHTMLGetOtherUserTs($idsList, $selected, $admin)
$HTML .= $form->select_dolusers($selected, 'userid');
}
$HTML .= '<input type = "submit" value = "'.$langs->trans('Submit').'"/></form> ';
//FIXME should take token as input
$token = getToken();
$HTML .= '<input type = "hidden" id="csrf-token" name = "token" value = "'.$token.'"/>';
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line exceeds 85 characters; contains 92 characters
Line indented incorrectly; expected at least 8 spaces, found 4

htdocs/timesheet/class/AttendanceEvent.class.php
@@ -758,6 +758,9 @@ public function getHTMLGetOtherUserTs($idsList, $selected, $admin)
$HTML .= $form->select_dolusers($selected, 'userid');
}
$HTML .= '<input type = "submit" value = "'.$langs->trans('Submit').'"/></form> ';
//FIXME should take token as input
$token = getToken();
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line indented incorrectly; expected at least 8 spaces, found 4

htdocs/timesheet/class/AttendanceEvent.class.php
@@ -758,6 +758,9 @@ public function getHTMLGetOtherUserTs($idsList, $selected, $admin)
$HTML .= $form->select_dolusers($selected, 'userid');
}
$HTML .= '<input type = "submit" value = "'.$langs->trans('Submit').'"/></form> ';
//FIXME should take token as input
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line indented incorrectly; expected at least 8 spaces, found 4

htdocs/timesheet/class/TimesheetUserTasks.class.php
@@ -1155,7 +1147,12 @@ public function getHTMLGetOtherUserTs($idsList, $selected, $admin)
} else{
$HTML .= $form->select_dolusers($selected, 'userid');
}
//FIXME should take token as input
$token = getToken();
$HTML .= '<input type = "hidden" id="csrf-token" name = "token" value = "'.$token.'"/>';
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line exceeds 85 characters; contains 96 characters

@delcroip delcroip merged commit 62204e4 into develop Aug 7, 2022
@delcroip delcroip deleted the csrf branch August 7, 2022 19:00
houndci-bot
houndci-bot reviewed Aug 7, 2022
View reviewed changes
htdocs/timesheet/class/TimesheetUserTasks.class.php
//} else{
$Nav .= '<a href="?dateStart='.getStartDate($this->date_start, 1).$tail;
//}
$Nav .= '<a href="?dateStart='.getStartDate($this->date_start, 1).$tail;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line indented incorrectly; expected at least 8 spaces, found 4

htdocs/timesheet/class/TimesheetUserTasks.class.php
$Nav .= '<form name = "goToDate" action="?action=goToDate'.$tail.'" method = "POST" >'."\n\t\t\t";
//FIXME should take token as input
$token = getToken();
$Nav .= '<input type = "hidden" id="csrf-token" name = "token" value = "'.$token.'"/>';
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line exceeds 85 characters; contains 91 characters
Line indented incorrectly; expected at least 8 spaces, found 4

htdocs/timesheet/class/TimesheetUserTasks.class.php
//}
$Nav .= '<form name = "goToDate" action="?action=goToDate'.$tail.'" method = "POST" >'."\n\t\t\t";
//FIXME should take token as input
$token = getToken();
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line indented incorrectly; expected at least 8 spaces, found 4

htdocs/timesheet/class/TimesheetUserTasks.class.php
$Nav .= '<form name = "goToDate" action="?action=goToDate'.$tail.'" method = "POST" >'."\n\t\t\t";
//}
$Nav .= '<form name = "goToDate" action="?action=goToDate'.$tail.'" method = "POST" >'."\n\t\t\t";
//FIXME should take token as input
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line indented incorrectly; expected at least 8 spaces, found 4

htdocs/timesheet/class/TimesheetUserTasks.class.php
//} else{
$Nav .= '<form name = "goToDate" action="?action=goToDate'.$tail.'" method = "POST" >'."\n\t\t\t";
//}
$Nav .= '<form name = "goToDate" action="?action=goToDate'.$tail.'" method = "POST" >'."\n\t\t\t";
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line exceeds 85 characters; contains 102 characters
Line indented incorrectly; expected at least 8 spaces, found 4

htdocs/timesheet/core/boxes/box_time.php
$sqlweek = "SELECT SUM(pt.task_duration)/3600 as duration, TO_CHAR(generate_series, 'YYYYWW') as week, u.weeklyhours
FROM generate_series(DATE_TRUNC('week', (now() - INTERVAL '".$conf->global->TIMESHEET_OVERTIME_CHECK_WEEKS." week'))::timestamp, DATE_TRUNC('week', (now() - INTERVAL '1 WEEK' ))::timestamp, interval '1 week')
LEFT JOIN llx_projet_task_time pt ON (generate_series = DATE_TRUNC('week',pt.task_date))
LEFT JOIN llx_user u on (pt.fk_user = ".$userid.") WHERE pt.fk_user = ".$userid." OR pt.fk_user is null
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line exceeds 85 characters; contains 120 characters

htdocs/timesheet/core/boxes/box_time.php
GROUP BY generate_series;";
$sqlweek = "SELECT SUM(pt.task_duration)/3600 as duration, TO_CHAR(generate_series, 'YYYYWW') as week, u.weeklyhours
FROM generate_series(DATE_TRUNC('week', (now() - INTERVAL '".$conf->global->TIMESHEET_OVERTIME_CHECK_WEEKS." week'))::timestamp, DATE_TRUNC('week', (now() - INTERVAL '1 WEEK' ))::timestamp, interval '1 week')
LEFT JOIN llx_projet_task_time pt ON (generate_series = DATE_TRUNC('week',pt.task_date))
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line exceeds 85 characters; contains 105 characters

htdocs/timesheet/core/boxes/box_time.php
WHERE pt.fk_user = ".$userid." OR pt.fk_user is null
GROUP BY generate_series;";
$sqlweek = "SELECT SUM(pt.task_duration)/3600 as duration, TO_CHAR(generate_series, 'YYYYWW') as week, u.weeklyhours
FROM generate_series(DATE_TRUNC('week', (now() - INTERVAL '".$conf->global->TIMESHEET_OVERTIME_CHECK_WEEKS." week'))::timestamp, DATE_TRUNC('week', (now() - INTERVAL '1 WEEK' ))::timestamp, interval '1 week')
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line exceeds 85 characters; contains 225 characters

htdocs/timesheet/core/boxes/box_time.php
LEFT JOIN llx_user u on pt.fk_user = ".$userid."
WHERE pt.fk_user = ".$userid." OR pt.fk_user is null
GROUP BY generate_series;";
$sqlweek = "SELECT SUM(pt.task_duration)/3600 as duration, TO_CHAR(generate_series, 'YYYYWW') as week, u.weeklyhours
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line exceeds 85 characters; contains 133 characters

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@houndci-bot houndci-bot houndci-bot left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@delcroip @houndci-bot