lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Todo: protection faille CSRF !!!

Browse Source
This commit is contained in:
Regis Houssin 2009-05-15 10:32:21 +00:00
parent 0bd1156782
commit 2fd861ab7d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/admin/const.php
View File

@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT."/lib/admin.lib.php");
$langs->load("admin");
//Todo protection faille CSRF !!!
if (!eregi(DOL_MAIN_URL_ROOT, $_SERVER['HTTP_REFERER']))
if (! empty($_SERVER['HTTP_REFERER']) && !eregi(DOL_MAIN_URL_ROOT, $_SERVER['HTTP_REFERER']))
accessforbidden();
if (!$user->admin)