lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: protection faille CSRF !!!

Browse Source
This commit is contained in:
Regis Houssin 2009-05-15 12:59:39 +00:00
parent d73aac6e4e
commit 1ea80f4f57
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/admin/const.php
View File

@ -30,10 +30,6 @@ require_once(DOL_DOCUMENT_ROOT."/lib/admin.lib.php");
$langs->load("admin"); $langs->load("admin");
//Todo: protection faille CSRF !!!
if (! empty($_SERVER['HTTP_REFERER']) && !eregi(DOL_MAIN_URL_ROOT, $_SERVER['HTTP_REFERER']))
accessforbidden();
if (!$user->admin) if (!$user->admin)
accessforbidden(); accessforbidden();

4
htdocs/main.inc.php
View File

@ -122,6 +122,10 @@ set_include_path($_SERVER['DOCUMENT_ROOT'].'/htdocs');
// This include will set: $conf, $langs and $mysoc objects // This include will set: $conf, $langs and $mysoc objects
require_once("master.inc.php"); require_once("master.inc.php");
// Protection faille CSRF !!!
if (! empty($_SERVER['HTTP_REFERER']) && !eregi(DOL_MAIN_URL_ROOT, $_SERVER['HTTP_REFERER']))
accessforbidden();
// Check if HTTPS // Check if HTTPS
if ($conf->file->main_force_https) if ($conf->file->main_force_https)
{ {