Can also disable WAF for PHP_SELF

This commit is contained in:
Laurent Destailleur 2022-11-28 20:18:12 +01:00
parent 3b0d44c435
commit 590fac0345

View File

@ -226,7 +226,8 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type)
}
}
// To disable the WAF for GET and POST, uncomment this
// To disable the WAF for GET and POST and PHP_SELF, uncomment this
//define('NOSCANPHPSELFFORINJECTION', 1);
//define('NOSCANGETFORINJECTION', 1);
//define('NOSCANPOSTFORINJECTION', 1);
@ -241,7 +242,7 @@ if (defined('NOREQUIREUSER') && !defined('NOREQUIREMENU')) {
}
// Sanity check on URL
if (!empty($_SERVER["PHP_SELF"])) {
if (!defined('NOSCANPHPSELFFORINJECTION') && !empty($_SERVER["PHP_SELF"])) {
$morevaltochecklikepost = array($_SERVER["PHP_SELF"]);
analyseVarsForSqlAndScriptsInjection($morevaltochecklikepost, 2);
}