lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1 from mufeedvh/develop

Browse Source 
Merging fix - on-behalf of @mufeedvh, executed by huntr.dev (011-php-dolibarr).
This commit is contained in:
Jamie Slome 2020-02-17 10:33:46 +00:00 committed by GitHub
commit 1bbe4469f1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/filefunc.inc.php
View File

@ -165,7 +165,7 @@ if (! defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck))
if ($csrfattack)
{
//print 'NOCSRFCHECK='.defined('NOCSRFCHECK').' REQUEST_METHOD='.$_SERVER['REQUEST_METHOD'].' HTTP_HOST='.$_SERVER['HTTP_HOST'].' HTTP_REFERER='.$_SERVER['HTTP_REFERER'];
print "Access refused by CSRF protection in main.inc.php. Referer of form (".$_SERVER['HTTP_REFERER'].") is outside the server that serve this page (with method = ".$_SERVER['REQUEST_METHOD'].").\n";
print "Access refused by CSRF protection in main.inc.php. Referer of form (".htmlspecialchars($_SERVER['HTTP_REFERER'], ENT_QUOTES, 'UTF-8').") is outside the server that serve this page (with method = ".$_SERVER['REQUEST_METHOD'].").\n";
print "If you access your server behind a proxy using url rewriting, you might check that all HTTP headers are propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file to remove this security check).\n";
die;
}