Add message to avoid to search

2009-05-21 17:45:13 +00:00 · 2009-05-21 17:45:13 +00:00 · 9d57b9ec71
commit 9d57b9ec71
parent 8332aaa952
1 changed files with 3 additions and 1 deletions
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@ -111,7 +111,9 @@ analyse_sql_injection($_POST);
 // The test to do is to check if referrer ($_SERVER['HTTP_REFERER']) is same web site than Dolibarr ($_SERVER['HTTP_HOST']).
 if (! defined('NOCSRFCHECK') && ! empty($_SERVER['HTTP_HOST']) && ! empty($_SERVER['HTTP_REFERER']) && ! eregi($_SERVER['HTTP_HOST'], $_SERVER['HTTP_REFERER']))
 {
-	exit;	//Why not using simply an exit ? Yes we can...
+	//print 'HTTP_POST='.$_SERVER['HTTP_HOST'].' HTTP_REFERER='.$_SERVER['HTTP_REFERER'];
+	print 'Access refused by CSRF protection in main.inc.php.';
+	exit;
 }

 // This is to make Dolibarr working with Plesk