diff --git a/htdocs/admin/const.php b/htdocs/admin/const.php
index 8827b2199c3..2b6c6b5f08f 100644
--- a/htdocs/admin/const.php
+++ b/htdocs/admin/const.php
@@ -30,9 +30,12 @@ require_once(DOL_DOCUMENT_ROOT."/lib/admin.lib.php");
 
 $langs->load("admin");
 
-if (!$user->admin)
+//Todo protection faille CSRF !!!
+if (!eregi(DOL_MAIN_URL_ROOT, $_SERVER['HTTP_REFERER']))
 accessforbidden();
 
+if (!$user->admin)
+accessforbidden();
 
 
 $typeconst=array('yesno','texte','chaine');