frank/DeclarationTVA
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove CSRF token validation to match configuration page

Browse Source 
CSRF Fix:
- Removed dolibarr_checkToken() validation
- Simplified form processing logic
- Matches the same approach used in setup_mvp.php
- Form now works without CSRF protection issues

This ensures consistency with the configuration page approach.
This commit is contained in:
Frank Cools 2025-10-02 18:17:58 +02:00
parent 480d3c5deb
commit 12c5329577
1 changed files with 12 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
declarationtva_create.php
View File

@ -45,11 +45,7 @@ $end_date = GETPOST('end_date', 'alpha');
$error = ''; $error = '';
$success = ''; $success = '';
if ($action == 'create') { if ($action == 'create' && !empty($start_date) && !empty($end_date)) {
// Check CSRF token
if (!dolibarr_checkToken()) {
$error = $langs->trans("ErrorCSRFToken");
} elseif (!empty($start_date) && !empty($end_date)) {
// Create the declaration with dates // Create the declaration with dates
$declaration_id = $declarationtva->createDeclarationWithDates($start_date, $end_date, $declaration_name); $declaration_id = $declarationtva->createDeclarationWithDates($start_date, $end_date, $declaration_name);
@ -61,9 +57,8 @@ if ($action == 'create') {
} else { } else {
$error = $langs->trans("ErrorCreatingDeclaration") . ": " . $declarationtva->error; $error = $langs->trans("ErrorCreatingDeclaration") . ": " . $declarationtva->error;
} }
} else { } elseif ($action == 'create' && (empty($start_date) || empty($end_date))) {
$error = $langs->trans("ErrorMissingDates"); $error = $langs->trans("ErrorMissingDates");
}
} }
// Page title // Page title