lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow to disable CSRF permission

Browse Source
This commit is contained in:
Laurent Destailleur 2010-10-01 18:48:00 +00:00
parent 7948b0e0d3
commit 85635cdeea
2 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
htdocs/conf/conf.php.example
View File

@ -181,6 +181,15 @@ $dolibarr_main_authentication='dolibarr';
#
$dolibarr_main_force_https='0';
# dolibarr_nocsrfcheck
# This parameter can be used to disable CSRF protection.
# This might be required if you access Dolibarr behind a proxy that make
# URL rewriting to avoid false alarms.
# Default value: 0
# Possible values: 0 or 1
# Examples:
# $dolibarr_nocsrfcheck='0';
#
##################

11
htdocs/master.inc.php
View File

@ -76,22 +76,21 @@ if (! $result && ! empty($_SERVER["GATEWAY_INTERFACE"])) // If install not do
if (! defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && ! empty($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] != 'GET' && ! empty($_SERVER['HTTP_HOST']) && ! empty($_SERVER['HTTP_REFERER']) && ! preg_match('/'.preg_quote($_SERVER['HTTP_HOST'],'/').'/i', $_SERVER['HTTP_REFERER']))
{
//print 'HTTP_POST='.$_SERVER['HTTP_HOST'].' HTTP_REFERER='.$_SERVER['HTTP_REFERER'];
print "Access refused by CSRF protection in main.inc.php\n";
print "If you access your server behind a proxy using url rewriting, you might add the line \$dolibarr_nocsrfcheck=1 into your conf.php file.";
exit;
print "Access refused by CSRF protection in main.inc.php.\n";
print "If you access your server behind a proxy using url rewriting, you might add the line \$dolibarr_nocsrfcheck=1 into your conf.php file.\n";
die;
}
if (empty($dolibarr_main_db_host))
{
print 'Dolibarr setup was run but was not completed.<br>'."\n";
print 'Please, click <a href="install/index.php">here to finish Dolibarr install process</a> ...'."\n";
exit;
die;
}
if (empty($dolibarr_main_url_root))
{
print 'Value for parameter \'dolibarr_main_url_root\' is not defined in your \'htdocs\conf\conf.php\' file.<br>'."\n";
print 'You must add this parameter with your full Dolibarr root Url (Example: http://myvirtualdomain/ or http://mydomain/mydolibarrurl/)'."\n";
exit;
die;
}
if (empty($dolibarr_main_db_type)) $dolibarr_main_db_type='mysql'; // Pour compatibilite avec anciennes configs, si non defini, on prend 'mysql'
if (empty($dolibarr_main_data_root))