diff --git a/Core/Base/PluginManager.php b/Core/Base/PluginManager.php index 2965332b7d..7ddbe2665a 100644 --- a/Core/Base/PluginManager.php +++ b/Core/Base/PluginManager.php @@ -31,7 +31,7 @@ final class PluginManager /** * FacturaScripts core version. */ - const CORE_VERSION = 2022.5; + const CORE_VERSION = 2022.51; /** * Path to list plugins on file. diff --git a/Core/Controller/Wizard.php b/Core/Controller/Wizard.php index 74c8700518..3ed0086b8c 100644 --- a/Core/Controller/Wizard.php +++ b/Core/Controller/Wizard.php @@ -38,7 +38,6 @@ */ class Wizard extends Controller { - const ITEM_SELECT_LIMIT = 500; const NEW_DEFAULT_PAGE = 'Dashboard'; @@ -322,6 +321,10 @@ private function saveNewPassword(string $pass): bool private function saveStep1() { + if (false === $this->validateFormToken()) { + return; + } + $codpais = $this->request->request->get('codpais', $this->empresa->codpais); $this->preSetAppSettings($codpais); @@ -347,6 +350,10 @@ private function saveStep1() private function saveStep2() { + if (false === $this->validateFormToken()) { + return; + } + $this->empresa->regimeniva = $this->request->request->get('regimeniva'); $this->empresa->save(); diff --git a/Core/Html.php b/Core/Html.php index b6610a97c3..0015559466 100644 --- a/Core/Html.php +++ b/Core/Html.php @@ -109,15 +109,19 @@ private static function attachedFileFunction(): TwigFunction private static function formTokenFunction(): TwigFunction { - return new TwigFunction('formToken', function (bool $input = true) { - $tokenClass = new MultiRequestProtection(); - return $input ? - '' : - $tokenClass->newToken(); - }, [ - 'is_safe' => ['html'], - 'is_safe_callback' => ['html'] - ]); + return new TwigFunction( + 'formToken', + function (bool $input = true) { + $tokenClass = new MultiRequestProtection(); + return $input ? + '' : + $tokenClass->newToken(); + }, + [ + 'is_safe' => ['html'], + 'is_safe_callback' => ['html'] + ] + ); } private static function getIncludeViews(): TwigFunction diff --git a/Core/Lib/MultiRequestProtection.php b/Core/Lib/MultiRequestProtection.php index 0d47dcf373..b488641690 100644 --- a/Core/Lib/MultiRequestProtection.php +++ b/Core/Lib/MultiRequestProtection.php @@ -34,9 +34,7 @@ class MultiRequestProtection const MAX_TOKENS = 500; const RANDOM_STRING_LENGTH = 6; - /** - * @var string - */ + /** @var string */ protected static $seed; public function __construct() @@ -47,9 +45,6 @@ public function __construct() } } - /** - * @param string $seed - */ public function addSeed(string $seed) { self::$seed .= $seed; @@ -88,11 +83,6 @@ public function tokenExist(string $token): bool return false; } - /** - * @param string $token - * - * @return bool - */ public function validate(string $token): bool { $tokenParts = explode('|', $token); @@ -114,18 +104,12 @@ public function validate(string $token): bool return in_array($tokenParts[0], $valid); } - /** - * @return string - */ protected function getRandomStr(): string { $chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; return substr(str_shuffle($chars), 0, self::RANDOM_STRING_LENGTH); } - /** - * @return array - */ protected function getTokens(): array { $values = Cache::get(self::CACHE_KEY); diff --git a/Core/View/Wizard-2.html.twig b/Core/View/Wizard-2.html.twig index 75460c0994..ca21cd5a1b 100644 --- a/Core/View/Wizard-2.html.twig +++ b/Core/View/Wizard-2.html.twig @@ -54,6 +54,7 @@
+ {{ formToken() }}
diff --git a/Core/View/Wizard.html.twig b/Core/View/Wizard.html.twig index bd3b10a849..bb3e2c5f11 100644 --- a/Core/View/Wizard.html.twig +++ b/Core/View/Wizard.html.twig @@ -55,6 +55,7 @@
+ {{ formToken() }}