#1467 [Public] fix: fatal access with multicompany and not login

Evarisk · Aug 17, 2023 · a27cf0e · a27cf0e
1 parent 130487d
commit a27cf0e
Show file tree

Hide file tree

Showing 7 changed files with 26 additions and 5 deletions.
diff --git a/class/actions_digiquali.class.php b/class/actions_digiquali.class.php
@@ -271,7 +271,7 @@ public function printCommonFooter($parameters)
             $productLot = new ProductLot($this->db);
             $productLot->fetch(GETPOST('id'));
             $objectB64 = $productLot->array_options['options_control_history_link'];
-            $publicControlInterfaceUrl = dol_buildpath('custom/digiquali/public/control/public_control_history.php?track_id=' . $objectB64, 3);
+            $publicControlInterfaceUrl = dol_buildpath('custom/digiquali/public/control/public_control_history.php?track_id=' . $objectB64 . '&entity=' . $conf->entity, 3);
 
             $out = showValueWithClipboardCPButton($publicControlInterfaceUrl, 0, '&nbsp;');
             $out .= '<a target="_blank" href="'. $publicControlInterfaceUrl .'"><div class="butAction">';

diff --git a/class/control.class.php b/class/control.class.php
@@ -260,7 +260,7 @@ public function create(User $user, bool $notrigger = false): int
 
             require_once TCPDF_PATH . 'tcpdf_barcodes_2d.php';
 
-            $url = dol_buildpath('custom/digiquali/public/control/public_control.php?track_id=' . $this->track_id, 3);
+            $url = dol_buildpath('custom/digiquali/public/control/public_control.php?track_id=' . $this->track_id . '&entity=' . $conf->entity, 3);
 
             $barcode = new TCPDF2DBarcode($url, 'QRCODE,L');
 

diff --git a/core/modules/modDigiQuali.class.php b/core/modules/modDigiQuali.class.php
@@ -658,7 +658,7 @@ public function init($options = ''): int
                 $control->track_id = generate_random_id();
                 $control->update($user, true);
 
-                $url = dol_buildpath('custom/digiquali/public/control/public_control.php?track_id=' . $control->track_id, 3);
+                $url = dol_buildpath('custom/digiquali/public/control/public_control.php?track_id=' . $control->track_id . '&entity=' . $conf->entity, 3);
 
                 $barcode = new TCPDF2DBarcode($url, 'QRCODE,L');
                 dol_mkdir(DOL_DATA_ROOT . (($conf->entity == 1 ) ? '/' : '/' . $conf->entity . '/') . 'digiquali/control/' . $control->ref . '/qrcode/');

diff --git a/public/control/public_control.php b/public/control/public_control.php
@@ -73,13 +73,20 @@
 
 // Get parameters.
 $track_id = GETPOST('track_id', 'alpha');
+$entity   = GETPOST('entity');
 
 // Initialize technical objects.
 $object = new Control($db);
 $sheet  = new Sheet($db);
 
 $hookmanager->initHooks(['publiccontrol']); // Note that conf->hooks_modules contains array.
 
+if (!isModEnabled('multicompany')) {
+    $entity = $conf->entity;
+}
+
+$conf->setEntityValues($db, $entity);
+
 // Load object.
 $object->fetch(0, '', ' AND track_id =' . "'" . $track_id . "'");
 

diff --git a/public/control/public_control_history.php b/public/control/public_control_history.php
@@ -74,6 +74,7 @@
 
 // Get parameters.
 $trackId         = GETPOST('track_id', 'alpha');
+$entity          = GETPOST('entity');
 $showLastControl = GETPOST('show_last_control');
 $showControlList = GETPOST('show_control_list');
 
@@ -85,6 +86,12 @@
 
 $hookmanager->initHooks(['publiccontrolhistory']); // Note that conf->hooks_modules contains array.
 
+if (!isModEnabled('multicompany')) {
+    $entity = $conf->entity;
+}
+
+$conf->setEntityValues($db, $entity);
+
 // Load object.
 $objectDataJson = base64_decode($trackId);
 $objectData     = json_decode($objectDataJson);

diff --git a/public/control/public_survey.php b/public/control/public_survey.php
@@ -78,6 +78,7 @@
 
 // Get parameters.
 $track_id  = GETPOST('track_id', 'alpha');
+$entity    = GETPOST('entity');
 $action    = GETPOST('action');
 $subaction = GETPOST('subaction');
 
@@ -91,6 +92,12 @@
 
 $hookmanager->initHooks(['publicsurvey']); // Note that conf->hooks_modules contains array.
 
+if (!isModEnabled('multicompany')) {
+    $entity = $conf->entity;
+}
+
+$conf->setEntityValues($db, $entity);
+
 // Load object.
 $object->fetch(0, '', ' AND track_id =' . "'" . $track_id . "'");
 

diff --git a/view/control/control_card.php b/view/control/control_card.php
@@ -621,7 +621,7 @@
 	unset($object->fields['projectid']); // Hide field already shown in banner
 
   if (getDolGlobalInt('SATURNE_ENABLE_PUBLIC_INTERFACE')) {
-      $publicControlInterfaceUrl = dol_buildpath('custom/digiquali/public/control/public_control.php?track_id=' . $object->track_id, 3);
+      $publicControlInterfaceUrl = dol_buildpath('custom/digiquali/public/control/public_control.php?track_id=' . $object->track_id . '&entity=' . $conf->entity, 3);
       print '<input hidden class="copy-to-clipboard" value="'. $publicControlInterfaceUrl .'">';
       print '<tr><td class="titlefield">' . $langs->trans('PublicControl') . ' <a href="' . $publicControlInterfaceUrl . '" target="_blank"><i class="fas fa-qrcode"></i></a>';
       print ' <i class="fas fa-clipboard clipboard-copy"></i>';
@@ -631,7 +631,7 @@
 
       //Survey public interface
       print '<tr><td class="titlefield">';
-      $publicSurveyUrl = dol_buildpath('custom/digiquali/public/control/public_survey.php?track_id=' . $object->track_id, 3);
+      $publicSurveyUrl = dol_buildpath('custom/digiquali/public/control/public_survey.php?track_id=' . $object->track_id . '&entity=' . $conf->entity, 3);
       print $langs->trans('PublicSurvey');
       print ' <a href="' . $publicSurveyUrl . '" target="_blank"><i class="fas fa-qrcode"></i></a>';
       print showValueWithClipboardCPButton($publicSurveyUrl, 0, '&nbsp;');