Fix test pages

htdocs/public/test/test_csrf.php

@@ -3,14 +3,16 @@
 
 ?>
 
-This is a form to test a CSRF.<br>
+This is a form to test if a CSRF exists into a Dolibarr page.<br>
 <br>
-Open this form into a Virtual server A.<br>
-Change url to send request to into file to send request to virtual server B.<br>
+- Change url to send request to into this file (server B, hard coded page)<br>
+- Open this form into a virtual server A.<br>
+- Send the request to the virtual server B by clicking submit.<br>
+- Check that Anticsrf protection is triggered.<br>
 
 <br>
 <?php
-	$urltosendrequest = "http://localhostgit/dolibarr_dev/htdocs/user/group/card.php";
+	$urltosendrequest = "http://127.0.0.1/dolibarr/htdocs/user/group/card.php";
 	print 'urltosendrequest = '.$urltosendrequest.'<br><br>';
 ?>
 

htdocs/public/test/test_sessionlock.php

@@ -17,13 +17,14 @@ if (!defined("NOLOGIN"))        define("NOLOGIN", '1'); // If this page is publi
 // TODO We can close session with session_write_close() as soon as we just need read access everywhere in code.
 if (!defined("NOSESSION"))      define("NOSESSION", '1');
 
-
-print PHP_SESSION_DISABLED;
-print PHP_SESSION_NONE;
-print PHP_SESSION_ACTIVE;
+print "Legend:<br>\n";
+print 'PHP_SESSION_DISABLED='.PHP_SESSION_DISABLED."<br>\n";
+print 'PHP_SESSION_NONE='.PHP_SESSION_NONE."<br>\n";
+print 'PHP_SESSION_ACTIVE='.PHP_SESSION_ACTIVE."<br>\n";
 print '<br>';
 
-print session_status();
+print 'session_status='.session_status().' (before main.inc.php)';
+print '<br>';
 
 require '../../main.inc.php';
 
@@ -33,11 +34,11 @@ if ($dolibarr_main_prod) {
 }
 */
 
-print session_status();
+print 'session_status='.session_status().' (after main.inc.php)';
 print '<br>';
 
 //print 'a'.$_SESSION['disablemodules'].'b';
 
-print 'This page is visible. It means you are not locked by another page called in same session.';
+print "\n<br>This page is visible. It means you are not locked by another page called in same session.";
 
 //session_write_close();