lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix security. Login check must be done if action=login only.

Browse Source
This commit is contained in:
Laurent Destailleur 2019-11-10 14:01:59 +01:00
parent 7cd8d82636
commit 197bf61cfd
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/main.inc.php
View File

@ -553,7 +553,7 @@ if (! defined('NOLOGIN'))
// Validation of login/pass/entity
// If ok, the variable login will be returned
// If error, we will put error message in session under the name dol_loginmesg
if ($test && $goontestloop)
if ($test && $goontestloop && GETPOST('action', 'aZ09') == 'login')
{
$login = checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode);
if ($login)