Fix: verifCsrf() entfernt — Funktion existiert nicht in Dolibarr, CSRF wird via newToken() gehandhabt [deploy]
All checks were successful
Deploy mahnung / deploy (push) Successful in 12s
All checks were successful
Deploy mahnung / deploy (push) Successful in 12s
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
f3b70788d2
commit
c5ec39a258
1 changed files with 56 additions and 69 deletions
125
admin/setup.php
125
admin/setup.php
|
|
@ -58,85 +58,72 @@ $action = GETPOST('action', 'aZ09');
|
|||
// POST: Allgemeine Konstanten speichern
|
||||
// ---------------------------------------------------------------
|
||||
if ($action === 'save_consts' && $user->hasRight('mahnung', 'setup')) {
|
||||
if (!verifCsrf($_POST['token'] ?? '', 'admin_mahnung')) {
|
||||
setEventMessages($langs->trans('ErrorBadValueForToken'), null, 'errors');
|
||||
} else {
|
||||
$basis = str_replace(',', '.', GETPOST('MAHNUNG_BASISZINS', 'alphanohtml'));
|
||||
$b2c = str_replace(',', '.', GETPOST('MAHNUNG_AUFSCHLAG_B2C', 'alphanohtml'));
|
||||
$b2b = str_replace(',', '.', GETPOST('MAHNUNG_AUFSCHLAG_B2B', 'alphanohtml'));
|
||||
$pau = str_replace(',', '.', GETPOST('MAHNUNG_PAUSCHALE_B2B', 'alphanohtml'));
|
||||
$topic = GETPOST('MAHNUNG_NTFY_TOPIC', 'alphanohtml');
|
||||
$basis = str_replace(',', '.', GETPOST('MAHNUNG_BASISZINS', 'alphanohtml'));
|
||||
$b2c = str_replace(',', '.', GETPOST('MAHNUNG_AUFSCHLAG_B2C', 'alphanohtml'));
|
||||
$b2b = str_replace(',', '.', GETPOST('MAHNUNG_AUFSCHLAG_B2B', 'alphanohtml'));
|
||||
$pau = str_replace(',', '.', GETPOST('MAHNUNG_PAUSCHALE_B2B', 'alphanohtml'));
|
||||
$topic = GETPOST('MAHNUNG_NTFY_TOPIC', 'alphanohtml');
|
||||
|
||||
dolibarr_set_const($db, 'MAHNUNG_BASISZINS', (string) (float) $basis, 'chaine', 0, '', 0);
|
||||
dolibarr_set_const($db, 'MAHNUNG_AUFSCHLAG_B2C', (string) (float) $b2c, 'chaine', 0, '', 0);
|
||||
dolibarr_set_const($db, 'MAHNUNG_AUFSCHLAG_B2B', (string) (float) $b2b, 'chaine', 0, '', 0);
|
||||
dolibarr_set_const($db, 'MAHNUNG_PAUSCHALE_B2B', (string) (float) $pau, 'chaine', 0, '', 0);
|
||||
dolibarr_set_const($db, 'MAHNUNG_NTFY_TOPIC', (string) $topic, 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, 'MAHNUNG_BASISZINS', (string) (float) $basis, 'chaine', 0, '', 0);
|
||||
dolibarr_set_const($db, 'MAHNUNG_AUFSCHLAG_B2C', (string) (float) $b2c, 'chaine', 0, '', 0);
|
||||
dolibarr_set_const($db, 'MAHNUNG_AUFSCHLAG_B2B', (string) (float) $b2b, 'chaine', 0, '', 0);
|
||||
dolibarr_set_const($db, 'MAHNUNG_PAUSCHALE_B2B', (string) (float) $pau, 'chaine', 0, '', 0);
|
||||
dolibarr_set_const($db, 'MAHNUNG_NTFY_TOPIC', (string) $topic, 'chaine', 0, '', $conf->entity);
|
||||
|
||||
setEventMessages($langs->trans('MahnungSettingsSaved'), null, 'mesgs');
|
||||
header('Location: '.$_SERVER['PHP_SELF']);
|
||||
exit;
|
||||
}
|
||||
setEventMessages($langs->trans('MahnungSettingsSaved'), null, 'mesgs');
|
||||
header('Location: '.$_SERVER['PHP_SELF']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------
|
||||
// POST: Stufen-Tabelle speichern (Bulk-Update aller 3 Stufen)
|
||||
// ---------------------------------------------------------------
|
||||
if ($action === 'save_stufen' && $user->hasRight('mahnung', 'setup')) {
|
||||
if (!verifCsrf($_POST['token'] ?? '', 'admin_mahnung')) {
|
||||
setEventMessages($langs->trans('ErrorBadValueForToken'), null, 'errors');
|
||||
} else {
|
||||
$stufeObj = new MahnungStufe($db);
|
||||
$alle = $stufeObj->fetchAllActive();
|
||||
// Auch inaktive laden (active=0) — fetchAllActive filtert; hier inkl. inaktive:
|
||||
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."mahnung_stufe WHERE entity = ".((int) $conf->entity)." ORDER BY stufe";
|
||||
$resql = $db->query($sql);
|
||||
$ids = array();
|
||||
if ($resql) {
|
||||
while ($obj = $db->fetch_object($resql)) {
|
||||
$ids[] = (int) $obj->rowid;
|
||||
}
|
||||
$db->free($resql);
|
||||
$stufeObj = new MahnungStufe($db);
|
||||
$alle = $stufeObj->fetchAllActive();
|
||||
// Auch inaktive laden (active=0) — fetchAllActive filtert; hier inkl. inaktive:
|
||||
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."mahnung_stufe WHERE entity = ".((int) $conf->entity)." ORDER BY stufe";
|
||||
$resql = $db->query($sql);
|
||||
$ids = array();
|
||||
if ($resql) {
|
||||
while ($obj = $db->fetch_object($resql)) {
|
||||
$ids[] = (int) $obj->rowid;
|
||||
}
|
||||
$ok = true;
|
||||
foreach ($ids as $id) {
|
||||
$s = new MahnungStufe($db);
|
||||
if ($s->fetch($id) <= 0 && method_exists($s, 'fetchByStufe')) {
|
||||
// Fallback: per stufe laden
|
||||
}
|
||||
// fetch() existiert in MahnungStufe nicht direkt; wir laden per direktem SQL
|
||||
$s = loadStufeById($db, $id, $conf->entity);
|
||||
if (!$s) {
|
||||
continue;
|
||||
}
|
||||
$prefix = 'stufe_'.$s->stufe.'_';
|
||||
$s->label = GETPOST($prefix.'label', 'alphanohtml');
|
||||
$s->frist_tage = (int) GETPOST($prefix.'frist_tage', 'int');
|
||||
$s->neue_frist_tage = (int) GETPOST($prefix.'neue_frist_tage', 'int');
|
||||
$s->mahngebuehr_b2c = (float) str_replace(',', '.', GETPOST($prefix.'mahngebuehr_b2c', 'alphanohtml'));
|
||||
$s->mahngebuehr_b2b = (float) str_replace(',', '.', GETPOST($prefix.'mahngebuehr_b2b', 'alphanohtml'));
|
||||
$s->pauschale_b2b_einmalig = GETPOSTISSET($prefix.'pauschale_b2b_einmalig') ? 1 : 0;
|
||||
$ovB2c = trim((string) GETPOST($prefix.'zinssatz_b2c', 'alphanohtml'));
|
||||
$ovB2b = trim((string) GETPOST($prefix.'zinssatz_b2b', 'alphanohtml'));
|
||||
$s->zinssatz_b2c_uebersteuern = $ovB2c === '' ? null : (float) str_replace(',', '.', $ovB2c);
|
||||
$s->zinssatz_b2b_uebersteuern = $ovB2b === '' ? null : (float) str_replace(',', '.', $ovB2b);
|
||||
$s->versandart_default = GETPOST($prefix.'versandart', 'alphanohtml') ?: 'pdf';
|
||||
$s->pdf_intro = GETPOST($prefix.'pdf_intro', 'restricthtml');
|
||||
$s->email_subject = GETPOST($prefix.'email_subject', 'alphanohtml');
|
||||
$s->email_body = GETPOST($prefix.'email_body', 'restricthtml');
|
||||
$s->active = GETPOSTISSET($prefix.'active') ? 1 : 0;
|
||||
$db->free($resql);
|
||||
}
|
||||
$ok = true;
|
||||
foreach ($ids as $id) {
|
||||
$s = loadStufeById($db, $id, $conf->entity);
|
||||
if (!$s) {
|
||||
continue;
|
||||
}
|
||||
$prefix = 'stufe_'.$s->stufe.'_';
|
||||
$s->label = GETPOST($prefix.'label', 'alphanohtml');
|
||||
$s->frist_tage = (int) GETPOST($prefix.'frist_tage', 'int');
|
||||
$s->neue_frist_tage = (int) GETPOST($prefix.'neue_frist_tage', 'int');
|
||||
$s->mahngebuehr_b2c = (float) str_replace(',', '.', GETPOST($prefix.'mahngebuehr_b2c', 'alphanohtml'));
|
||||
$s->mahngebuehr_b2b = (float) str_replace(',', '.', GETPOST($prefix.'mahngebuehr_b2b', 'alphanohtml'));
|
||||
$s->pauschale_b2b_einmalig = GETPOSTISSET($prefix.'pauschale_b2b_einmalig') ? 1 : 0;
|
||||
$ovB2c = trim((string) GETPOST($prefix.'zinssatz_b2c', 'alphanohtml'));
|
||||
$ovB2b = trim((string) GETPOST($prefix.'zinssatz_b2b', 'alphanohtml'));
|
||||
$s->zinssatz_b2c_uebersteuern = $ovB2c === '' ? null : (float) str_replace(',', '.', $ovB2c);
|
||||
$s->zinssatz_b2b_uebersteuern = $ovB2b === '' ? null : (float) str_replace(',', '.', $ovB2b);
|
||||
$s->versandart_default = GETPOST($prefix.'versandart', 'alphanohtml') ?: 'pdf';
|
||||
$s->pdf_intro = GETPOST($prefix.'pdf_intro', 'restricthtml');
|
||||
$s->email_subject = GETPOST($prefix.'email_subject', 'alphanohtml');
|
||||
$s->email_body = GETPOST($prefix.'email_body', 'restricthtml');
|
||||
$s->active = GETPOSTISSET($prefix.'active') ? 1 : 0;
|
||||
|
||||
if ($s->update($user) <= 0) {
|
||||
$ok = false;
|
||||
setEventMessages($s->error, null, 'errors');
|
||||
}
|
||||
}
|
||||
if ($ok) {
|
||||
setEventMessages($langs->trans('MahnungSettingsSaved'), null, 'mesgs');
|
||||
header('Location: '.$_SERVER['PHP_SELF']);
|
||||
exit;
|
||||
if ($s->update($user) <= 0) {
|
||||
$ok = false;
|
||||
setEventMessages($s->error, null, 'errors');
|
||||
}
|
||||
}
|
||||
if ($ok) {
|
||||
setEventMessages($langs->trans('MahnungSettingsSaved'), null, 'mesgs');
|
||||
header('Location: '.$_SERVER['PHP_SELF']);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -189,7 +176,7 @@ print '<span class="opacitymedium">'.$langs->trans('MahnungSetupDescription').'<
|
|||
|
||||
// --- Block: Konstanten -------------------------------------------------------
|
||||
print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken('admin_mahnung').'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="save_consts">';
|
||||
|
||||
print '<table class="noborder centpercent">';
|
||||
|
|
@ -233,7 +220,7 @@ if ($resql) {
|
|||
|
||||
print '<br><br>';
|
||||
print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken('admin_mahnung').'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="save_stufen">';
|
||||
|
||||
print '<table class="noborder centpercent">';
|
||||
|
|
|
|||
Loading…
Reference in a new issue