From 23db972d34724c2512498fd5fb3872356fc85a24 Mon Sep 17 00:00:00 2001 From: Philippe GODOT Date: Thu, 20 Jun 2024 10:29:22 +0200 Subject: [PATCH] Fix Ticket Export problem Fix forbidden error after re submit form --- front/rgpdtools.form.php | 15 ++++--- inc/rgpdtools.class.php | 93 ++++++++++++++++++++-------------------- 2 files changed, 54 insertions(+), 54 deletions(-) diff --git a/front/rgpdtools.form.php b/front/rgpdtools.form.php index 2eed017..7d4ac08 100644 --- a/front/rgpdtools.form.php +++ b/front/rgpdtools.form.php @@ -27,6 +27,8 @@ * --------------------------------------------------------------------- */ + +define('GLPI_USE_CSRF_CHECK', false); include('../../../inc/includes.php'); if (!Session::haveRight('user', PURGE)) { @@ -34,13 +36,14 @@ echo '

'. __('Access denied', 'glpi') .'

'; Html::footer(); } else { + $_POST['_glpi_csrf_token'] = Session::getNewCSRFToken(); $PluginRgpdtoolsRgpdtools = new PluginRgpdtoolsRgpdtools(); if (isset($_REQUEST['generate'])) { if ($PluginRgpdtoolsRgpdtools::generateExport($_POST)) { Session::addMessageAfterRedirect(__('Export successfully generated.', 'rgpdtools'), true); } - //Html::back(); + Html::back(); } if (isset($_REQUEST['deleteItems'])) { @@ -70,10 +73,8 @@ } // standard form - if (!isset($_REQUEST['generate'])) { - Html::header(__('RgpdTools', 'rgpdtools'), $_SERVER['PHP_SELF'], 'tools', 'rgpdtools'); - $PluginRgpdtoolsRgpdtools = new PluginRgpdtoolsRgpdtools(); - $PluginRgpdtoolsRgpdtools->getFormsForCompleteForm(); - Html::footer(); - } + Html::header(__('RgpdTools', 'rgpdtools'), $_SERVER['PHP_SELF'], 'tools', 'rgpdtools'); + $PluginRgpdtoolsRgpdtools = new PluginRgpdtoolsRgpdtools(); + $PluginRgpdtoolsRgpdtools->getFormsForCompleteForm(); + Html::footer(); } diff --git a/inc/rgpdtools.class.php b/inc/rgpdtools.class.php index 346c57b..b3d24ce 100644 --- a/inc/rgpdtools.class.php +++ b/inc/rgpdtools.class.php @@ -517,26 +517,54 @@ private static function getAllUsedItemsForUser($ID, $itemTypes) { if (!($item = getItemForItemtype($itemtype))) { continue; } - if ($item->canView() && !in_array($itemtype, ['Ticket'])) { + if ($item->canView()) { $itemtable = getTableForItemType($itemtype); - $query = "SELECT * - FROM `$itemtable` - WHERE `users_id` = '$ID'"; + if (in_array($itemtype, ['Ticket'])) { + $tickets = $DB->request( + [ + 'SELECT' => ['t.*'], + 'DISTINCT' => true, + 'FROM' => Ticket::getTable() . ' AS t', + 'INNER JOIN' => [ + Ticket_User::getTable() => [ + 'FKEY' => [ + 't' => 'id', + Ticket_User::getTable() => 'tickets_id' + ] + ] + ], + 'WHERE' => [ + 'OR' => [ + 'users_id_recipient' => $ID, + 'users_id' => $ID + ], + ], + 'ORDER' => 'date' + ] + ); + foreach ($tickets as $data) { + $items['Ticket'][] = $data; + } + } else { + $query = "SELECT * + FROM `$itemtable` + WHERE `users_id` = '$ID'"; - if ($item->maybeTemplate()) { - $query .= " AND `is_template` = '0' "; - } - if ($item->maybeDeleted()) { - $query .= " AND `is_deleted` = '0' "; - } - $result = $DB->query($query); + if ($item->maybeTemplate()) { + $query .= " AND `is_template` = '0' "; + } + if ($item->maybeDeleted()) { + $query .= " AND `is_deleted` = '0' "; + } + $result = $DB->query($query); - $type_name = $item->getTypeName(); + $type_name = $item->getTypeName(); - if ($DB->numrows($result) > 0) { - while ($data = $DB->fetchAssoc($result)) { - $items[$itemtype][] = $data; + if ($DB->numrows($result) > 0) { + while ($data = $DB->fetchAssoc($result)) { + $items[$itemtype][] = $data; + } } } } @@ -565,35 +593,6 @@ private static function getAllUsedItemsForUser($ID, $itemTypes) { $items['ConsumableItem'][] = $data; } - // Tickets - if ($itemtype == 'Ticket') { - $tickets = $DB->request( - [ - 'SELECT' => ['t.*'], - 'DISTINCT' => true, - 'FROM' => Ticket::getTable() . ' AS t', - 'INNER JOIN' => [ - Ticket_User::getTable() => [ - 'FKEY' => [ - 't' => 'id', - Ticket_User::getTable() => 'tickets_id' - ] - ] - ], - 'WHERE' => [ - 'OR' => [ - 'users_id_recipient' => $ID, - 'users_id' => $ID - ], - ], - 'ORDER' => 'date' - ] - ); - foreach ($tickets as $data) { - $items['Ticket'][] = $data; - } - } - // getComputersIDs $computersIds = []; if (array_key_exists('Computer', $items) && count($items['Computer'])) { @@ -703,8 +702,7 @@ private static function unlinkUserAssociateElementsToDate($userID, $className, $ global $DB; $className = str_replace(['ItilFollowup'], ['ITILFollowup'], $className); - - + if (!class_exists($className)) { $errorMessage = sprintf( __('The class %1$s can\'t be instanciate because not finded on GLPI.', 'rgpdtools'), @@ -751,7 +749,7 @@ private static function unlinkUserAssociateElementsToDate($userID, $className, $ } foreach ($queriesUpdate as $queryDelete) { $resultDelete = $DB->query($queryDelete); - if($resultDelete){ + if ($resultDelete) { $rowcountResult = $DB->query("SELECT ROW_COUNT() as DelRowCount"); $row = $DB->fetchAssoc($rowcountResult); $nbUnlinkedElmts += $row['DelRowCount']; @@ -763,6 +761,7 @@ private static function unlinkUserAssociateElementsToDate($userID, $className, $ private static function deleteDocumentsToDate($userID, $className, $retentionPeriod, $allUser = false) { global $DB; + $className = str_replace(['ItilFollowup'], ['ITILFollowup'], $className); if (!class_exists($className)) { $errorMessage = sprintf( __('The class %1$s can\'t be instanciate because not finded on GLPI.', 'rgpdtools'),