From 0bd1156782c4108a902e1b2cbe56cae6ed4f1e60 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Fri, 15 May 2009 10:27:38 +0000
Subject: [PATCH] Todo: protection faille CSRF !!!

---
 htdocs/admin/const.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/htdocs/admin/const.php b/htdocs/admin/const.php
index 8827b2199c3..2b6c6b5f08f 100644
--- a/htdocs/admin/const.php
+++ b/htdocs/admin/const.php
@@ -30,9 +30,12 @@ require_once(DOL_DOCUMENT_ROOT."/lib/admin.lib.php");
 
 $langs->load("admin");
 
-if (!$user->admin)
+//Todo protection faille CSRF !!!
+if (!eregi(DOL_MAIN_URL_ROOT, $_SERVER['HTTP_REFERER']))
 accessforbidden();
 
+if (!$user->admin)
+accessforbidden();
 
 
 $typeconst=array('yesno','texte','chaine');