From 2fd861ab7d6e789bd6348f2c957ab7279cd7db74 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Fri, 15 May 2009 10:32:21 +0000
Subject: [PATCH] Todo: protection faille CSRF !!!

---
 htdocs/admin/const.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/admin/const.php b/htdocs/admin/const.php
index 2b6c6b5f08f..e4f0ea50c48 100644
--- a/htdocs/admin/const.php
+++ b/htdocs/admin/const.php
@@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT."/lib/admin.lib.php");
 $langs->load("admin");
 
 //Todo protection faille CSRF !!!
-if (!eregi(DOL_MAIN_URL_ROOT, $_SERVER['HTTP_REFERER']))
+if (! empty($_SERVER['HTTP_REFERER']) && !eregi(DOL_MAIN_URL_ROOT, $_SERVER['HTTP_REFERER']))
 accessforbidden();
 
 if (!$user->admin)