lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix for the Cross-site Scripting (XSS) Vulnerability

Browse Source
This commit is contained in:
Mufeed VH 2020-02-04 01:02:16 +05:30 committed by GitHub
parent 7b661e707e
commit a2bd77ef58
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/filefunc.inc.php
View File

@ -165,7 +165,7 @@ if (! defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck))
if ($csrfattack)
{
//print 'NOCSRFCHECK='.defined('NOCSRFCHECK').' REQUEST_METHOD='.$_SERVER['REQUEST_METHOD'].' HTTP_HOST='.$_SERVER['HTTP_HOST'].' HTTP_REFERER='.$_SERVER['HTTP_REFERER'];
print "Access refused by CSRF protection in main.inc.php. Referer of form (".$_SERVER['HTTP_REFERER'].") is outside the server that serve this page (with method = ".$_SERVER['REQUEST_METHOD'].").\n";
print "Access refused by CSRF protection in main.inc.php. Referer of form (".htmlspecialchars($_SERVER['HTTP_REFERER'], ENT_QUOTES, 'UTF-8').") is outside the server that serve this page (with method = ".$_SERVER['REQUEST_METHOD'].").\n";
print "If you access your server behind a proxy using url rewriting, you might check that all HTTP headers are propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file to remove this security check).\n";
die;
}