From 572d09f8459de0a4f186cb4402265ffaa74f7ad5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 8 Apr 2023 03:51:15 +0200 Subject: [PATCH] Do not show token expired on error on ajax components --- htdocs/main.inc.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 97a24d54538..bfcb5dab7ce 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -594,7 +594,10 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt( dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (invalid token), so we disable POST and some GET parameters - referer=".(empty($_SERVER['HTTP_REFERER'])?'':$_SERVER['HTTP_REFERER']).", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha'), LOG_WARNING); //dol_syslog("_SESSION['token']=".$sessiontokenforthisurl, LOG_DEBUG); // Do not output anything on standard output because this create problems when using the BACK button on browsers. So we just set a message into session. - setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings', '', 1); + if (!defined('NOTOKENRENEWAL')) { + // If the page is not a page that disable the token renewal, we report a warning message to explain token has epired. + setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings', '', 1); + } $savid = null; if (isset($_POST['id'])) { $savid = ((int) $_POST['id']);