CVE-2017-17898: FIX security vulnerability reported by ADLab of Venustech · Dolibarr/dolibarr@6a62e13

@@ -26,6 +26,13 @@ * $elementtype */
// Protection to avoid direct call of template if (empty($conf) || ! is_object($conf)) { print "Error, template page can’t be called as URL"; exit; }
?>
<!-- BEGIN PHP TEMPLATE admin_extrafields_add.tpl.php --> @@ -56,11 +63,11 @@ function init_typeoffields(type)
// Case of computed field console.log(type); if (type == ‘’ || type == ‘varchar’ || type == ‘int’ || type == ‘double’ || type == ‘price’) { jQuery(“tr.extra_computed_value”).show(); if (type == ‘’ || type == ‘varchar’ || type == ‘int’ || type == ‘double’ || type == ‘price’) { jQuery(“tr.extra_computed_value”).show(); } else { computed_value.val(‘’); jQuery(“tr.extra_computed_value”).hide(); } } if (computed_value.val()) { console.log(“We enter a computed formula”); @@ -75,7 +82,7 @@ function init_typeoffields(type) jQuery(“#default_value, #unique, #required, #alwayseditable, #ishidden, #list”).attr('disabled’, false); jQuery(“tr.extra_default_value, tr.extra_unique, tr.extra_required, tr.extra_alwayseditable, tr.extra_ishidden, tr.extra_list”).show(); }
if (type == ‘date’) { size.val(‘’).prop('disabled’, true); unique.removeAttr(‘disabled’); jQuery(“#value_choice”).hide();jQuery(“#helpchkbxlst”).hide(); } else if (type == ‘datetime’) { size.val(‘’).prop('disabled’, true); unique.removeAttr(‘disabled’); jQuery(“#value_choice”).hide(); jQuery(“#helpchkbxlst”).hide();} else if (type == ‘double’) { size.val(‘24,8’).removeAttr(‘disabled’); unique.removeAttr(‘disabled’); jQuery(“#value_choice”).hide(); jQuery(“#helpchkbxlst”).hide();} @@ -90,8 +97,8 @@ function init_typeoffields(type) else if (type == ‘checkbox’) { size.val(‘’).prop('disabled’, true); unique.removeAttr(‘checked’).prop('disabled’, true); jQuery(“#value_choice”).show();jQuery(“#helpselect”).show();jQuery(“#helpsellist”).hide();jQuery(“#helpchkbxlst”).hide();jQuery(“#helplink”).hide();} else if (type == ‘chkbxlst’) { size.val(‘’).prop('disabled’, true); unique.removeAttr(‘checked’).prop('disabled’, true); jQuery(“#value_choice”).show();jQuery(“#helpselect”).hide();jQuery(“#helpsellist”).hide();jQuery(“#helpchkbxlst”).show();jQuery(“#helplink”).hide();} else if (type == ‘link’) { size.val(‘’).prop('disabled’, true); unique.removeAttr(‘disabled’); jQuery(“#value_choice”).show();jQuery(“#helpselect”).hide();jQuery(“#helpsellist”).hide();jQuery(“#helpchkbxlst”).hide();jQuery(“#helplink”).show();} else if (type == ‘separate’) { size.val(‘’).prop('disabled’, true); unique.removeAttr(‘checked’).prop('disabled’, true); required.val(‘’).prop('disabled’, true); else if (type == ‘separate’) { size.val(‘’).prop('disabled’, true); unique.removeAttr(‘checked’).prop('disabled’, true); required.val(‘’).prop('disabled’, true); jQuery(“#value_choice”).hide();jQuery(“#helpselect”).hide();jQuery(“#helpsellist”).hide();jQuery(“#helpchkbxlst”).hide();jQuery(“#helplink”).hide(); } else { // type = string @@ -102,12 +109,12 @@ function init_typeoffields(type) if (type == ‘separate’) { required.removeAttr(‘checked’).prop('disabled’, true); alwayseditable.removeAttr(‘checked’).prop('disabled’, true); list.val(‘’).prop('disabled’, true); jQuery(‘#size, #default_value’).val(‘’).prop('disabled’, true); jQuery(‘#size, #default_value’).val(‘’).prop('disabled’, true); } else { default_value.removeAttr(‘disabled’); required.removeAttr(‘disabled’); alwayseditable.removeAttr(‘disabled’); list.val(‘’).removeAttr(‘disabled’); required.removeAttr(‘disabled’); alwayseditable.removeAttr(‘disabled’); list.val(‘’).removeAttr(‘disabled’); } } init_typeoffields(‘<?php echo GETPOST(‘type’); ?>’);