FIX allow disabling of a module (not dangerous) even if pb with token.

2021-06-21 00:05:01 +02:00 · 2021-06-21 00:05:01 +02:00 · 0dc16b135d
commit 0dc16b135d
parent 5d6b26ddb7
1 changed files with 1 additions and 1 deletions
--- a/htdocs/admin/modules.php
+++ b/htdocs/admin/modules.php
@ -28,7 +28,7 @@
 *  \brief      Page to activate/disable all modules
 */

-if (!defined('CSRFCHECK_WITH_TOKEN')) {
+if (!defined('CSRFCHECK_WITH_TOKEN') && (empty($_GET['action']) || $_GET['action'] != 'reset')) {	// We do not force security to disable modules so we can do it if problem
 	define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET
 }