data/mahnung
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix: verifCsrf() entfernt — Funktion existiert nicht in Dolibarr, CSRF wird via newToken() gehandhabt [deploy]
All checks were successful
Deploy mahnung / deploy (push) Successful in 12s
Details

Browse source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Eduard Wisch 2026-05-10 16:30:55 +02:00
parent f3b70788d2
commit c5ec39a258
1 changed files with 56 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
admin/setup.php
View file

@ -58,9 +58,6 @@ $action = GETPOST('action', 'aZ09');
// POST: Allgemeine Konstanten speichern // POST: Allgemeine Konstanten speichern
// --------------------------------------------------------------- // ---------------------------------------------------------------
if ($action === 'save_consts' && $user->hasRight('mahnung', 'setup')) { if ($action === 'save_consts' && $user->hasRight('mahnung', 'setup')) {
if (!verifCsrf($_POST['token'] ?? '', 'admin_mahnung')) {
setEventMessages($langs->trans('ErrorBadValueForToken'), null, 'errors');
} else {
$basis = str_replace(',', '.', GETPOST('MAHNUNG_BASISZINS', 'alphanohtml')); $basis = str_replace(',', '.', GETPOST('MAHNUNG_BASISZINS', 'alphanohtml'));
$b2c = str_replace(',', '.', GETPOST('MAHNUNG_AUFSCHLAG_B2C', 'alphanohtml')); $b2c = str_replace(',', '.', GETPOST('MAHNUNG_AUFSCHLAG_B2C', 'alphanohtml'));
$b2b = str_replace(',', '.', GETPOST('MAHNUNG_AUFSCHLAG_B2B', 'alphanohtml')); $b2b = str_replace(',', '.', GETPOST('MAHNUNG_AUFSCHLAG_B2B', 'alphanohtml'));
@ -77,15 +74,11 @@ if ($action === 'save_consts' && $user->hasRight('mahnung', 'setup')) {
header('Location: '.$_SERVER['PHP_SELF']); header('Location: '.$_SERVER['PHP_SELF']);
exit; exit;
} }
}
// --------------------------------------------------------------- // ---------------------------------------------------------------
// POST: Stufen-Tabelle speichern (Bulk-Update aller 3 Stufen) // POST: Stufen-Tabelle speichern (Bulk-Update aller 3 Stufen)
// --------------------------------------------------------------- // ---------------------------------------------------------------
if ($action === 'save_stufen' && $user->hasRight('mahnung', 'setup')) { if ($action === 'save_stufen' && $user->hasRight('mahnung', 'setup')) {
if (!verifCsrf($_POST['token'] ?? '', 'admin_mahnung')) {
setEventMessages($langs->trans('ErrorBadValueForToken'), null, 'errors');
} else {
$stufeObj = new MahnungStufe($db); $stufeObj = new MahnungStufe($db);
$alle = $stufeObj->fetchAllActive(); $alle = $stufeObj->fetchAllActive();
// Auch inaktive laden (active=0) — fetchAllActive filtert; hier inkl. inaktive: // Auch inaktive laden (active=0) — fetchAllActive filtert; hier inkl. inaktive:
@ -100,11 +93,6 @@ if ($action === 'save_stufen' && $user->hasRight('mahnung', 'setup')) {
} }
$ok = true; $ok = true;
foreach ($ids as $id) { foreach ($ids as $id) {
$s = new MahnungStufe($db);
if ($s->fetch($id) <= 0 && method_exists($s, 'fetchByStufe')) {
// Fallback: per stufe laden
}
// fetch() existiert in MahnungStufe nicht direkt; wir laden per direktem SQL
$s = loadStufeById($db, $id, $conf->entity); $s = loadStufeById($db, $id, $conf->entity);
if (!$s) { if (!$s) {
continue; continue;
@ -137,7 +125,6 @@ if ($action === 'save_stufen' && $user->hasRight('mahnung', 'setup')) {
exit; exit;
} }
} }
}
/** /**
* Helfer: Stufe per rowid + entity laden (CRUD-Klasse hat nur fetchByStufe). * Helfer: Stufe per rowid + entity laden (CRUD-Klasse hat nur fetchByStufe).
@ -189,7 +176,7 @@ print '<span class="opacitymedium">'.$langs->trans('MahnungSetupDescription').'<
// --- Block: Konstanten ------------------------------------------------------- // --- Block: Konstanten -------------------------------------------------------
print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">'; print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">';
print '<input type="hidden" name="token" value="'.newToken('admin_mahnung').'">'; print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="save_consts">'; print '<input type="hidden" name="action" value="save_consts">';
print '<table class="noborder centpercent">'; print '<table class="noborder centpercent">';
@ -233,7 +220,7 @@ if ($resql) {
print '<br><br>'; print '<br><br>';
print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">'; print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">';
print '<input type="hidden" name="token" value="'.newToken('admin_mahnung').'">'; print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="save_stufen">'; print '<input type="hidden" name="action" value="save_stufen">';
print '<table class="noborder centpercent">'; print '<table class="noborder centpercent">';