From 0dc16b135d27d30c546808ddcd7c3df1924a7b34 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 21 Jun 2021 00:05:01 +0200
Subject: [PATCH] FIX allow disabling of a module (not dangerous) even if pb
 with token.

---
 htdocs/admin/modules.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php
index 56b6e6e1f01..674cbbf52f5 100644
--- a/htdocs/admin/modules.php
+++ b/htdocs/admin/modules.php
@@ -28,7 +28,7 @@
  *  \brief      Page to activate/disable all modules
  */
 
-if (!defined('CSRFCHECK_WITH_TOKEN')) {
+if (!defined('CSRFCHECK_WITH_TOKEN') && (empty($_GET['action']) || $_GET['action'] != 'reset')) {	// We do not force security to disable modules so we can do it if problem
 	define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET
 }