Can also disable WAF for PHP_SELF

2022-11-28 20:18:12 +01:00 · 2022-11-28 20:18:12 +01:00 · 590fac0345
commit 590fac0345
parent 3b0d44c435
1 changed files with 3 additions and 2 deletions
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@ -226,7 +226,8 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type)
 	}
 }

-// To disable the WAF for GET and POST, uncomment this
+// To disable the WAF for GET and POST and PHP_SELF, uncomment this
+//define('NOSCANPHPSELFFORINJECTION', 1);
 //define('NOSCANGETFORINJECTION', 1);
 //define('NOSCANPOSTFORINJECTION', 1);

@ -241,7 +242,7 @@ if (defined('NOREQUIREUSER') && !defined('NOREQUIREMENU')) {
 }

 // Sanity check on URL
-if (!empty($_SERVER["PHP_SELF"])) {
+if (!defined('NOSCANPHPSELFFORINJECTION') && !empty($_SERVER["PHP_SELF"])) {
 	$morevaltochecklikepost = array($_SERVER["PHP_SELF"]);
 	analyseVarsForSqlAndScriptsInjection($morevaltochecklikepost, 2);
 }