From b1e630a3fab668a0240b87a1cfbc25f78ff3c2fa Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Fri, 15 May 2009 14:41:19 +0000
Subject: [PATCH] =?UTF-8?q?Fix:=20ajout=20d'un=20jeton=20al=E9atoire=20dan?=
=?UTF-8?q?s=20les=20requetes=20POST?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
htdocs/commande/fiche.php | 6 ++++++
htdocs/commande/index.php | 1 +
htdocs/commande/note.php | 1 +
htdocs/compta/bank/account.php | 2 ++
htdocs/compta/bank/bankid_fr.php | 1 +
htdocs/compta/bank/categ.php | 1 +
htdocs/compta/bank/fiche.php | 2 ++
htdocs/compta/bank/rappro.php | 1 +
htdocs/compta/bank/search.php | 1 +
htdocs/compta/commande/fiche.php | 2 ++
htdocs/compta/dons/fiche.php | 2 ++
htdocs/compta/facture.php | 5 +++++
htdocs/compta/facture/apercu.php | 1 +
htdocs/compta/facture/contact.php | 2 ++
htdocs/compta/facture/fiche-rec.php | 1 +
htdocs/compta/facture/impayees.php | 1 +
htdocs/compta/facture/note.php | 2 ++
htdocs/compta/index.php | 2 ++
htdocs/compta/paiement.php | 1 +
htdocs/compta/paiement/rapport.php | 1 +
htdocs/compta/paiement_charge.php | 1 +
htdocs/compta/param/comptes/fiche.php | 1 +
htdocs/compta/param/comptes/index.php | 1 +
htdocs/compta/prelevement/config.php | 2 ++
htdocs/compta/prelevement/fiche.php | 2 ++
htdocs/compta/prelevement/ligne.php | 1 +
htdocs/compta/sociales/charges.php | 1 +
htdocs/compta/ventilation/fiche.php | 1 +
htdocs/compta/ventilation/fournisseur/fiche.php | 1 +
29 files changed, 47 insertions(+)
diff --git a/htdocs/commande/fiche.php b/htdocs/commande/fiche.php
index 4dd13d3be9a..2a23f0d3c36 100644
--- a/htdocs/commande/fiche.php
+++ b/htdocs/commande/fiche.php
@@ -921,6 +921,7 @@ if ($_GET['action'] == 'create' && $user->rights->commande->creer)
$nbrow=10;
print '<form name="crea_commande" action="fiche.php" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
print '<input type="hidden" name="socid" value="'.$soc->id.'">' ."\n";
print '<input type="hidden" name="remise_percent" value="'.$soc->remise_client.'">';
@@ -1293,6 +1294,7 @@ else
if ($user->rights->commande->creer && $_GET['action'] == 'RefCustomerOrder')
{
print '<form action="fiche.php?id='.$id.'" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="set_ref_client">';
print '<input type="text" class="flat" size="20" name="ref_client" value="'.$commande->ref_client.'">';
print ' <input type="submit" class="button" value="'.$langs->trans('Modify').'">';
@@ -1367,6 +1369,7 @@ else
if ($_GET['action'] == 'editdate_livraison')
{
print '<form name="setdate_livraison" action="'.$_SERVER["PHP_SELF"].'?id='.$commande->id.'" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="setdate_livraison">';
$html->select_date($commande->date_livraison,'liv_','','','',"setdate_livraison");
print '<input type="submit" class="button" value="'.$langs->trans('Modify').'">';
@@ -1669,6 +1672,7 @@ else
if ($_GET['action'] == 'editline' && $user->rights->commande->creer && $_GET['rowid'] == $objp->rowid)
{
print '<form action="'.$_SERVER["PHP_SELF"].'#'.$objp->rowid.'" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="updateligne">';
print '<input type="hidden" name="id" value="'.$id.'">';
print '<input type="hidden" name="elrowid" value="'.$_GET['rowid'].'">';
@@ -1779,6 +1783,7 @@ else
// Add free products/services form
print '<form action="fiche.php?id='.$id.'#add" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="id" value="'.$id.'">';
print '<input type="hidden" name="action" value="addligne">';
@@ -1848,6 +1853,7 @@ else
print '</tr>';
print '<form id="addpredefinedproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$id.'#add" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="id" value="'.$id.'">';
print '<input type="hidden" name="action" value="addligne">';
diff --git a/htdocs/commande/index.php b/htdocs/commande/index.php
index 510ba60919b..737056e5852 100644
--- a/htdocs/commande/index.php
+++ b/htdocs/commande/index.php
@@ -66,6 +66,7 @@ print '<tr><td valign="top" width="30%" class="notopnoleft">';
$var=false;
print '<table class="noborder" width="100%">';
print '<form method="post" action="liste.php">';
+print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<tr class="liste_titre"><td colspan="3">'.$langs->trans("SearchOrder").'</td></tr>';
print '<tr '.$bc[$var].'><td>';
print $langs->trans("Ref").':</td><td><input type="text" class="flat" name="sf_ref" size=18></td><td rowspan="2"><input type="submit" value="'.$langs->trans("Search").'" class="button"></td></tr>';
diff --git a/htdocs/commande/note.php b/htdocs/commande/note.php
index d73468cc269..6f50a6a5738 100644
--- a/htdocs/commande/note.php
+++ b/htdocs/commande/note.php
@@ -121,6 +121,7 @@ if ($id > 0 || ! empty($ref))
if ($_GET["action"] == 'edit')
{
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'?id='.$commande->id.'">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="update">';
print '<textarea name="note_public" cols="80" rows="8">'.$commande->note_public."</textarea><br>";
}
diff --git a/htdocs/compta/bank/account.php b/htdocs/compta/bank/account.php
index 8aab077fada..93827dc894c 100644
--- a/htdocs/compta/bank/account.php
+++ b/htdocs/compta/bank/account.php
@@ -331,6 +331,7 @@ if ($account || $_GET["ref"])
if ($user->rights->banque->modifier && $_GET["action"]=='addline')
{
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
print '<input type="hidden" name="vline" value="' . $vline . '">';
print '<input type="hidden" name="account" value="' . $acct->id . '">';
@@ -395,6 +396,7 @@ if ($account || $_GET["ref"])
print '</td></tr>';
print '<form action="'.$_SERVER["PHP_SELF"].'" name="search" method="POST">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="search">';
print '<input type="hidden" name="account" value="' . $acct->id . '">';
diff --git a/htdocs/compta/bank/bankid_fr.php b/htdocs/compta/bank/bankid_fr.php
index 5ad9ec80254..fe99f64b8ce 100644
--- a/htdocs/compta/bank/bankid_fr.php
+++ b/htdocs/compta/bank/bankid_fr.php
@@ -238,6 +238,7 @@ if ($_GET["id"] && $_GET["action"] == 'edit' && $user->rights->banque->configure
if ($message) { print "$message<br>\n"; }
print '<form action="'.$_SERVER["PHP_SELF"].'?id='.$account->id.'" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="update">';
print '<input type="hidden" name="id" value="'.$_GET["id"].'">'."\n\n";
diff --git a/htdocs/compta/bank/categ.php b/htdocs/compta/bank/categ.php
index 5fb062d330a..a9f6ace57e3 100644
--- a/htdocs/compta/bank/categ.php
+++ b/htdocs/compta/bank/categ.php
@@ -89,6 +89,7 @@ print_fiche_titre($langs->trans("Rubriques"));
print '<form method="post" action="categ.php">';
+print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"add\">";
print '<table class="noborder" width="100%">';
print '<tr class="liste_titre">';
diff --git a/htdocs/compta/bank/fiche.php b/htdocs/compta/bank/fiche.php
index f8eb0f57659..aff4369bc6c 100644
--- a/htdocs/compta/bank/fiche.php
+++ b/htdocs/compta/bank/fiche.php
@@ -166,6 +166,7 @@ if ($_GET["action"] == 'create')
if ($message) { print "$message<br>\n"; }
print '<form action="'.$_SERVER["PHP_SELF"].'" name="createbankaccount" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
print '<input type="hidden" name="clos" value="0">';
@@ -393,6 +394,7 @@ else
if ($message) { print "$message<br>\n"; }
print '<form action="'.$_SERVER["PHP_SELF"].'?id='.$account->id.'" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="update">';
print '<input type="hidden" name="id" value="'.$_GET["id"].'">'."\n\n";
diff --git a/htdocs/compta/bank/rappro.php b/htdocs/compta/bank/rappro.php
index 79093fbe799..341e21dab5e 100644
--- a/htdocs/compta/bank/rappro.php
+++ b/htdocs/compta/bank/rappro.php
@@ -197,6 +197,7 @@ if ($resql)
$var=!$var;
print "<tr $bc[$var]>";
print '<form method="post" action="rappro.php?account='.$_GET["account"].'">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"rappro\">";
print "<input type=\"hidden\" name=\"account\" value=\"".$_GET["account"]."\">";
print "<input type=\"hidden\" name=\"rowid\" value=\"".$objp->rowid."\">";
diff --git a/htdocs/compta/bank/search.php b/htdocs/compta/bank/search.php
index 6abedd3bf3d..68c8ec64b40 100644
--- a/htdocs/compta/bank/search.php
+++ b/htdocs/compta/bank/search.php
@@ -146,6 +146,7 @@ if ($resql)
print "</tr>\n";
print '<form method="post" action="search.php">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<tr class="liste_titre">';
print '<td class="liste_titre"> </td>';
print '<td class="liste_titre"> </td>';
diff --git a/htdocs/compta/commande/fiche.php b/htdocs/compta/commande/fiche.php
index de382230e7d..5c4cb94b59c 100644
--- a/htdocs/compta/commande/fiche.php
+++ b/htdocs/compta/commande/fiche.php
@@ -161,6 +161,7 @@ if ($id > 0 || ! empty($ref))
if ($user->rights->commande->creer && $_GET['action'] == 'RefCustomerOrder')
{
print '<form action="fiche.php?id='.$id.'" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="set_ref_client">';
print '<input type="text" class="flat" size="20" name="ref_client" value="'.$commande->ref_client.'">';
print ' <input type="submit" class="button" value="'.$langs->trans('Modify').'">';
@@ -235,6 +236,7 @@ if ($id > 0 || ! empty($ref))
if ($_GET['action'] == 'editdate_livraison')
{
print '<form name="setdate_livraison" action="'.$_SERVER["PHP_SELF"].'?id='.$commande->id.'" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="setdate_livraison">';
$html->select_date($commande->date_livraison,'liv_','','','',"setdate_livraison");
print '<input type="submit" class="button" value="'.$langs->trans('Modify').'">';
diff --git a/htdocs/compta/dons/fiche.php b/htdocs/compta/dons/fiche.php
index 183b62fbe44..3e93b6fb7c3 100644
--- a/htdocs/compta/dons/fiche.php
+++ b/htdocs/compta/dons/fiche.php
@@ -212,6 +212,7 @@ if ($_GET["action"] == 'create')
if ($mesg) print '<div class="error">'.$mesg.'</div>';
print '<form name="add" action="fiche.php" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<table class="border" width="100%">';
print '<input type="hidden" name="action" value="add">';
@@ -278,6 +279,7 @@ if ($_GET["rowid"] && $_GET["action"] == 'edit')
dol_fiche_head($head, $hselected, $langs->trans("Ref"));
print '<form name="update" action="fiche.php" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<table class="border" width="100%">';
print '<input type="hidden" name="action" value="update">';
diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php
index b8934c8e296..6a3d6239e47 100644
--- a/htdocs/compta/facture.php
+++ b/htdocs/compta/facture.php
@@ -1424,6 +1424,7 @@ if ($_GET['action'] == 'create')
if (empty($cond_reglement_id)) $cond_reglement_id=1;
print '<form name="add" action="'.$_SERVER["PHP_SELF"].'" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
print '<input type="hidden" name="socid" value="'.$soc->id.'">' ."\n";
print '<input name="facnumber" type="hidden" value="provisoire">';
@@ -2193,6 +2194,7 @@ else
if ($user->rights->facture->creer && $_GET['action'] == 'RefCustomerOrder')
{
print '<form action="facture.php?facid='.$id.'" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="set_ref_client">';
print '<input type="text" class="flat" size="20" name="ref_client" value="'.$fac->ref_client.'">';
print ' <input type="submit" class="button" value="'.$langs->trans('Modify').'">';
@@ -2890,6 +2892,7 @@ else
if ($_GET['action'] == 'editline' && $user->rights->facture->creer && $_GET['rowid'] == $objp->rowid)
{
print '<form name="updateligne" action="'.$_SERVER["PHP_SELF"].'#'.$objp->rowid.'" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="updateligne">';
print '<input type="hidden" name="facid" value="'.$fac->id.'">';
print '<input type="hidden" name="rowid" value="'.$_GET['rowid'].'">';
@@ -3003,6 +3006,7 @@ else
// Add free products/services form
print '<form name="addligne" action="'.$_SERVER['PHP_SELF'].'#add" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="facid" value="'.$fac->id.'">';
print '<input type="hidden" name="action" value="addligne">';
@@ -3071,6 +3075,7 @@ else
print '</tr>';
print '<form id="addpredefinedproduct" action="'.$_SERVER['PHP_SELF'].'#add" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="facid" value="'.$fac->id.'">';
print '<input type="hidden" name="action" value="addligne_predef">';
diff --git a/htdocs/compta/facture/apercu.php b/htdocs/compta/facture/apercu.php
index d1d5ba0e819..74dd9f8a7b3 100644
--- a/htdocs/compta/facture/apercu.php
+++ b/htdocs/compta/facture/apercu.php
@@ -117,6 +117,7 @@ if ($_GET["facid"] > 0)
if ($fac->brouillon == 1 && $user->rights->facture->creer)
{
print '<form action="facture.php?facid='.$fac->id.'" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="setremise">';
print '<td colspan="3"><input type="text" name="remise" size="1" value="'.$fac->remise_percent.'">% ';
print '<input type="submit" class="button" value="'.$langs->trans('Modify').'"></td>';
diff --git a/htdocs/compta/facture/contact.php b/htdocs/compta/facture/contact.php
index de4a435cb3b..6ca4fcd6418 100644
--- a/htdocs/compta/facture/contact.php
+++ b/htdocs/compta/facture/contact.php
@@ -207,6 +207,7 @@ if ($id > 0)
$var = false;
print '<form action="contact.php?facid='.$id.'" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="addcontact">';
print '<input type="hidden" name="source" value="internal">';
print '<input type="hidden" name="id" value="'.$id.'">';
@@ -236,6 +237,7 @@ if ($id > 0)
print '</form>';
print '<form action="contact.php?facid='.$id.'" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="addcontact">';
print '<input type="hidden" name="source" value="external">';
print '<input type="hidden" name="id" value="'.$id.'">';
diff --git a/htdocs/compta/facture/fiche-rec.php b/htdocs/compta/facture/fiche-rec.php
index 967216cf8e0..491c7c9632f 100644
--- a/htdocs/compta/facture/fiche-rec.php
+++ b/htdocs/compta/facture/fiche-rec.php
@@ -110,6 +110,7 @@ if ($_GET["action"] == 'create')
if ($facture->fetch($_GET["facid"]) > 0)
{
print '<form action="fiche-rec.php" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
print '<input type="hidden" name="facid" value="'.$facture->id.'">';
diff --git a/htdocs/compta/facture/impayees.php b/htdocs/compta/facture/impayees.php
index f8dd006469b..b1d1be6c8f1 100644
--- a/htdocs/compta/facture/impayees.php
+++ b/htdocs/compta/facture/impayees.php
@@ -308,6 +308,7 @@ if ($result)
$total_payed=0;
print '<form id="form_generate_pdf" method="post" action="'.$_SERVER["PHP_SELF"].'?sortfield='. $_GET['sortfield'] .'&sortorder='. $_GET['sortorder'] .'">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
while ($i < $num)
{
diff --git a/htdocs/compta/facture/note.php b/htdocs/compta/facture/note.php
index 11023885a9b..461c3c54ecc 100644
--- a/htdocs/compta/facture/note.php
+++ b/htdocs/compta/facture/note.php
@@ -117,6 +117,7 @@ if ($_GET["facid"])
if ($_GET["action"] == 'edit')
{
print '<form method="post" action="note.php?facid='.$fac->id.'">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="update_public">';
print '<textarea name="note_public" cols="80" rows="8">'.$fac->note_public."</textarea><br>";
print '<input type="submit" class="button" value="'.$langs->trans("Save").'">';
@@ -136,6 +137,7 @@ if ($_GET["facid"])
if ($_GET["action"] == 'edit')
{
print '<form method="post" action="note.php?facid='.$fac->id.'">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="update">';
print '<textarea name="note" cols="80" rows="8">'.$fac->note."</textarea><br>";
print '<input type="submit" class="button" value="'.$langs->trans("Save").'">';
diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php
index d3aa81e0bd7..20e494aab17 100644
--- a/htdocs/compta/index.php
+++ b/htdocs/compta/index.php
@@ -115,6 +115,7 @@ $max=3;
if ($conf->facture->enabled && $user->rights->facture->lire)
{
print '<form method="post" action="'.DOL_URL_ROOT.'/compta/facture.php">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<table class="noborder" width="100%">';
print "<tr class=\"liste_titre\">";
print '<td colspan="3">'.$langs->trans("SearchACustomerInvoice").'</td></tr>';
@@ -128,6 +129,7 @@ if ($conf->facture->enabled && $user->rights->facture->lire)
if ($conf->fournisseur->enabled && $user->rights->fournisseur->lire)
{
print '<form method="post" action="'.DOL_URL_ROOT.'/fourn/facture/index.php">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<table class="noborder" width="100%">';
print '<tr class="liste_titre"><td colspan="3">'.$langs->trans("SearchASupplierInvoice").'</td></tr>';
print "<tr ".$bc[0].">";
diff --git a/htdocs/compta/paiement.php b/htdocs/compta/paiement.php
index 020d6229a56..b1ebc23e0c5 100644
--- a/htdocs/compta/paiement.php
+++ b/htdocs/compta/paiement.php
@@ -266,6 +266,7 @@ if ($_GET['action'] == 'create' || $_POST['action'] == 'confirm_paiement' || $_P
}
print '<form name="add_paiement" action="paiement.php" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add_paiement">';
print '<input type="hidden" name="facid" value="'.$facture->id.'">';
print '<input type="hidden" name="socid" value="'.$facture->socid.'">';
diff --git a/htdocs/compta/paiement/rapport.php b/htdocs/compta/paiement/rapport.php
index 032cdd6e5cc..f37424c153a 100644
--- a/htdocs/compta/paiement/rapport.php
+++ b/htdocs/compta/paiement/rapport.php
@@ -89,6 +89,7 @@ print_fiche_titre($titre);
// Formulaire de g�n�ration
print '<form method="post" action="rapport.php?year='.$year.'">';
+print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="gen">';
$cmonth = date("n", time());
$syear = date("Y", time());
diff --git a/htdocs/compta/paiement_charge.php b/htdocs/compta/paiement_charge.php
index 91ea9a9d4a5..0171f6bb8b7 100755
--- a/htdocs/compta/paiement_charge.php
+++ b/htdocs/compta/paiement_charge.php
@@ -172,6 +172,7 @@ if ($_GET["action"] == 'create')
}
print '<form name="add_paiement" action="paiement_charge.php" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"id\" value=\"$charge->id\">";
print '<input type="hidden" name="action" value="add_paiement">';
diff --git a/htdocs/compta/param/comptes/fiche.php b/htdocs/compta/param/comptes/fiche.php
index 8a3a9a19a0b..b07a6a83b7f 100644
--- a/htdocs/compta/param/comptes/fiche.php
+++ b/htdocs/compta/param/comptes/fiche.php
@@ -78,6 +78,7 @@ if ($_GET["action"] == 'create' && $user->rights->compta->ventilation->parametre
print_fiche_titre($langs->trans("NewAccount"));
print '<form action="fiche.php" method="post">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
print '<input type="hidden" name="type" value="'.$_GET["type"].'">'."\n";
diff --git a/htdocs/compta/param/comptes/index.php b/htdocs/compta/param/comptes/index.php
index f3c2fd89a71..8ba4c14bbaa 100644
--- a/htdocs/compta/param/comptes/index.php
+++ b/htdocs/compta/param/comptes/index.php
@@ -57,6 +57,7 @@ print '<tr><td valign="top" width="30%" class="notopnoleft">';
* Zone recherche facture
*/
print '<form method="post" action="facture.php">';
+print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<table class="noborder" width="100%">';
print "<tr class=\"liste_titre\">";
diff --git a/htdocs/compta/prelevement/config.php b/htdocs/compta/prelevement/config.php
index 4b6c4b235af..819fa46e8ca 100644
--- a/htdocs/compta/prelevement/config.php
+++ b/htdocs/compta/prelevement/config.php
@@ -74,6 +74,7 @@ print "<br>";
if ($user->rights->prelevement->bons->configurer)
print '<form method="post" action="config.php?action=set">';
+print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<table class="noborder" width="100%">';
print '<tr class="liste_titre">';
@@ -193,6 +194,7 @@ if ($conf->global->MAIN_MODULE_NOTIFICATION)
if ($user->rights->prelevement->bons->configurer)
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'?action=addnotif">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<table class="noborder" width="100%">';
print '<tr class="liste_titre">';
diff --git a/htdocs/compta/prelevement/fiche.php b/htdocs/compta/prelevement/fiche.php
index c983e1b049e..51a3d2abe7d 100644
--- a/htdocs/compta/prelevement/fiche.php
+++ b/htdocs/compta/prelevement/fiche.php
@@ -195,6 +195,7 @@ if ($_GET["id"])
if($bon->date_trans == 0)
{
print '<form method="post" name="userfile" action="fiche.php?id='.$bon->id.'" enctype="multipart/form-data">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="infotrans">';
print '<table class="border" width="100%">';
print '<tr><td width="20%">Date Transmission</td><td>';
@@ -216,6 +217,7 @@ if ($_GET["id"])
if($bon->date_trans <> 0 && $bon->date_credit == 0)
{
print '<form name="infocredit" method="post" action="fiche.php?id='.$bon->id.'">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="infocredit">';
print '<table class="border" width="100%">';
print '<tr><td width="20%">Cr�dit� le</td><td>';
diff --git a/htdocs/compta/prelevement/ligne.php b/htdocs/compta/prelevement/ligne.php
index e79fc18abb6..e61d4753aa6 100644
--- a/htdocs/compta/prelevement/ligne.php
+++ b/htdocs/compta/prelevement/ligne.php
@@ -148,6 +148,7 @@ if ($_GET["id"])
$rej = new RejetPrelevement($db, $user);
print '<form name="confirm_rejet" method="post" action="ligne.php?id='.$_GET["id"].'">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="confirm_rejet">';
print '<table class="border" width="100%">';
print '<tr><td colspan="3">Rejet de pr�l�vement</td></tr>';
diff --git a/htdocs/compta/sociales/charges.php b/htdocs/compta/sociales/charges.php
index 2f1784e83af..0bf2f242b7a 100644
--- a/htdocs/compta/sociales/charges.php
+++ b/htdocs/compta/sociales/charges.php
@@ -181,6 +181,7 @@ if ($_GET["action"] == 'create')
$var=false;
print '<form name="charge" method="post" action="'.$_SERVER["PHP_SELF"].'">';
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
print "<table class=\"noborder\" width=\"100%\">";
diff --git a/htdocs/compta/ventilation/fiche.php b/htdocs/compta/ventilation/fiche.php
index b855b7e83f6..317748f211a 100644
--- a/htdocs/compta/ventilation/fiche.php
+++ b/htdocs/compta/ventilation/fiche.php
@@ -112,6 +112,7 @@ if($_GET["id"])
if($objp->fk_code_ventilation == 0)
{
print '<form action="fiche.php?id='.$_GET["id"].'" method="post">'."\n";
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="ventil">';
}
diff --git a/htdocs/compta/ventilation/fournisseur/fiche.php b/htdocs/compta/ventilation/fournisseur/fiche.php
index bc3981d4570..9bc05e2b84b 100644
--- a/htdocs/compta/ventilation/fournisseur/fiche.php
+++ b/htdocs/compta/ventilation/fournisseur/fiche.php
@@ -101,6 +101,7 @@ if($_GET["id"])
if($objp->fk_code_ventilation == 0)
{
print '<form action="fiche.php?id='.$_GET["id"].'" method="post">'."\n";
+ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="ventil">';
}
--
GitLab