From 9d57b9ec71a165d6c1bc0e7c9f76793b4f3ddb30 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 21 May 2009 17:45:13 +0000 Subject: [PATCH] Add message to avoid to search --- htdocs/main.inc.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 737d4ad8499..4ee1f32a311 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -111,7 +111,9 @@ analyse_sql_injection($_POST); // The test to do is to check if referrer ($_SERVER['HTTP_REFERER']) is same web site than Dolibarr ($_SERVER['HTTP_HOST']). if (! defined('NOCSRFCHECK') && ! empty($_SERVER['HTTP_HOST']) && ! empty($_SERVER['HTTP_REFERER']) && ! eregi($_SERVER['HTTP_HOST'], $_SERVER['HTTP_REFERER'])) { - exit; //Why not using simply an exit ? Yes we can... + //print 'HTTP_POST='.$_SERVER['HTTP_HOST'].' HTTP_REFERER='.$_SERVER['HTTP_REFERER']; + print 'Access refused by CSRF protection in main.inc.php.'; + exit; } // This is to make Dolibarr working with Plesk