From 3723bb350afeb5e41d51aa906ec278b34121120d Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sat, 16 May 2009 07:16:12 +0000 Subject: [PATCH] Fix: on supprime le GET ET POST si la requete ne vient pas du serveur --- htdocs/main.inc.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index cc59f0633fc..d24cc46ba93 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -110,7 +110,8 @@ analyse_sql_injection($_POST); // Security: CSRF protection if (! defined('NOCSRFCHECK') && ! empty($_SERVER['HTTP_REFERER']) && !eregi(DOL_MAIN_URL_ROOT, $_SERVER['HTTP_REFERER'])) { - return; + unset($_GET); + unset($_POST); } // This is to make Dolibarr working with Plesk