frank/DeclarationTVA
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix CSRF protection error in configuration form

Browse Source 
CSRF Protection Implementation:
- Added CSRF token to form with newToken() function
- Added token validation with checkToken() function
- Proper error handling for CSRF token validation
- Security compliance with Dolibarr standards

Form Security:
- Hidden token field in form submission
- Token validation before processing form data
- Error message display for invalid tokens
- Proper security workflow

Language Support:
- Added English error message for CSRF token error
- Added French error message for CSRF token error
- Complete bilingual support for security messages

The configuration form now properly handles CSRF protection and should work without security errors!
This commit is contained in:
Frank Cools 2025-10-02 17:21:34 +02:00
parent 5026308446
commit 147361524c
3 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
admin/setup_mvp.php
View File

@ -37,17 +37,22 @@ $form = new Form($db);
// Handle form submission // Handle form submission
$action = GETPOST('action', 'alpha'); $action = GETPOST('action', 'alpha');
if ($action == 'update_mappings') { if ($action == 'update_mappings') {
$ca3_definitions = $config->getCA3LineDefinitions(); // CSRF protection
if (!checkToken()) {
foreach ($ca3_definitions as $line => $definition) { setEventMessages($langs->trans("ErrorCSRFToken"), null, 'errors');
$account_codes = GETPOST('account_codes_' . $line, 'array'); } else {
$ca3_definitions = $config->getCA3LineDefinitions();
if (!empty($account_codes)) { foreach ($ca3_definitions as $line => $definition) {
$config->updateAccountMapping($line, $account_codes); $account_codes = GETPOST('account_codes_' . $line, 'array');
if (!empty($account_codes)) {
$config->updateAccountMapping($line, $account_codes);
}
} }
setEventMessages($langs->trans("ConfigurationUpdated"), null, 'mesgs');
} }
setEventMessages($langs->trans("ConfigurationUpdated"), null, 'mesgs');
} }
// Get current mappings // Get current mappings
@ -72,6 +77,7 @@ print '</div><br>';
// Print configuration form // Print configuration form
print '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '">'; print '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '">';
print '<input type="hidden" name="action" value="update_mappings">'; print '<input type="hidden" name="action" value="update_mappings">';
print '<input type="hidden" name="token" value="' . newToken() . '">';
print '<div class="fiche">'; print '<div class="fiche">';
print '<div class="titre">' . $langs->trans("DeclarationTVAPCGMapping") . '</div>'; print '<div class="titre">' . $langs->trans("DeclarationTVAPCGMapping") . '</div>';

1
langs/en_US/declarationtva.lang
View File

@ -369,3 +369,4 @@ AccountSelection = Account Selection
SelectedAccounts = Selected Accounts SelectedAccounts = Selected Accounts
AccountCount = Account Count AccountCount = Account Count
MultiSelectHelp = Hold Ctrl (or Cmd on Mac) to select multiple accounts MultiSelectHelp = Hold Ctrl (or Cmd on Mac) to select multiple accounts
ErrorCSRFToken = Security token error. Please try again.

1
langs/fr_FR/declarationtva.lang
View File

@ -358,3 +358,4 @@ AccountSelection = Sélection de comptes
SelectedAccounts = Comptes sélectionnés SelectedAccounts = Comptes sélectionnés
AccountCount = Nombre de comptes AccountCount = Nombre de comptes
MultiSelectHelp = Maintenez Ctrl (ou Cmd sur Mac) pour sélectionner plusieurs comptes MultiSelectHelp = Maintenez Ctrl (ou Cmd sur Mac) pour sélectionner plusieurs comptes
ErrorCSRFToken = Erreur de jeton de sécurité. Veuillez réessayer.