lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix switch to login page

Browse Source
This commit is contained in:
Laurent Destailleur 2022-02-20 18:07:10 +01:00
parent 6b8793e171
commit 678c3bdb76
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
htdocs/main.inc.php
View File

@ -533,7 +533,10 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt(
dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (invalid token), so we disable POST and some GET parameters - referer=".$_SERVER['HTTP_REFERER'].", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha').", _SESSION['token']=".$_SESSION['token'], LOG_WARNING);
//print 'Unset POST by CSRF protection in main.inc.php.'; // Do not output anything because this create problems when using the BACK button on browsers.
setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings');
if (isset($_POST['id'])) $savid = ((int) $_POST['id']);
$savid = null;
if (isset($_POST['id'])) {
$savid = ((int) $_POST['id']);
}
unset($_POST);
//unset($_POST['action']); unset($_POST['massaction']);
//unset($_POST['confirm']); unset($_POST['confirmmassaction']);
@ -541,7 +544,10 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt(
unset($_GET['action']);
unset($_GET['confirmmassaction']);
unset($_GET['massaction']);
if (isset($savid)) $_POST['id'] = ((int) $savid);
unset($_GET['token']); // TODO Make a redirect if we have a token in url to remove it ?
if (isset($savid)) {
$_POST['id'] = ((int) $savid);
}
}
// Note: There is another CSRF protection into the filefunc.inc.php