Todo: protection faille CSRF !!!

2009-05-15 10:27:38 +00:00 · 2009-05-15 10:27:38 +00:00 · 0bd1156782
commit 0bd1156782
parent c75a724693
1 changed files with 4 additions and 1 deletions
--- a/htdocs/admin/const.php
+++ b/htdocs/admin/const.php
@ -30,9 +30,12 @@ require_once(DOL_DOCUMENT_ROOT."/lib/admin.lib.php");

 $langs->load("admin");

-if (!$user->admin)
+//Todo protection faille CSRF !!!
+if (!eregi(DOL_MAIN_URL_ROOT, $_SERVER['HTTP_REFERER']))
 accessforbidden();

+if (!$user->admin)
+accessforbidden();


 $typeconst=array('yesno','texte','chaine');