Fix: Disables token renewal in Ajax request

2009-05-26 17:01:18 +00:00 · 2009-05-26 17:01:18 +00:00 · fa55e65e54
commit fa55e65e54
parent 1f8b2d0d3a
4 changed files with 17 additions and 8 deletions
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@ -170,11 +170,14 @@ if (! defined('NOREQUIREAJAX') && $conf->use_javascript_ajax) require_once(DOL_D
 //stopwithmem();

 // Creation d'un jeton contre les failles CSRF
-$token = md5(uniqid(mt_rand(),TRUE)); // Genere un hash d'un nombre aleatoire
-// roulement des jetons car cree a chaque appel
-if (isset($_SESSION['token_level_1'])) $_SESSION['token_level_2'] = $_SESSION['token_level_1'];
-if (isset($_SESSION['newtoken'])) $_SESSION['token_level_1'] = $_SESSION['newtoken'];
-$_SESSION['newtoken'] = $token;
+if (! defined('NOTOKENRENEWAL'))
+{
+	$token = md5(uniqid(mt_rand(),TRUE)); // Genere un hash d'un nombre aleatoire
+	// roulement des jetons car cree a chaque appel
+	if (isset($_SESSION['token_level_1'])) $_SESSION['token_level_2'] = $_SESSION['token_level_1'];
+	if (isset($_SESSION['newtoken'])) $_SESSION['token_level_1'] = $_SESSION['newtoken'];
+	$_SESSION['newtoken'] = $token;
+}
 if (empty($conf->global->MAIN_FEATURES_LEVEL))	// Check validity of token, only if not a dev instance (this make developper tests no more working)
 {
 	if (isset($_POST['token']) && isset($_SESSION['token_level_1']) && isset($_SESSION['token_level_2']))
--- a/htdocs/product/ajaxproducts.php
+++ b/htdocs/product/ajaxproducts.php
@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2006      Andre Cianfarani     <acianfa@free.fr>
- * Copyright (C) 2005-2007 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
 * Copyright (C) 2007-2009 Laurent Destailleur  <eldy@users.sourceforge.net>
 *
 * This program is free software; you can redistribute it and/or modify
@ -24,6 +24,8 @@
 *       \version    $Id$
 */

+define('NOTOKENRENEWAL',1); // Disables token renewal
+
 require('../main.inc.php');

 $langs->load("products");
--- a/htdocs/societe/ajaxcompanies.php
+++ b/htdocs/societe/ajaxcompanies.php
@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2006      Andre Cianfarani     <acianfa@free.fr>
- * Copyright (C) 2005-2007 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
 * Copyright (C) 2007      Laurent Destailleur  <eldy@users.sourceforge.net>
 * 
 * This program is free software; you can redistribute it and/or modify
@ -26,6 +26,8 @@
        \version    $Revision$
 */

+define('NOTOKENRENEWAL',1); // Disables token renewal
+
 require('../main.inc.php');

 top_htmlhead("", "", 1, 1);
--- a/htdocs/societe/ajaxcountries.php
+++ b/htdocs/societe/ajaxcountries.php
@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2006      Andre Cianfarani     <acianfa@free.fr>
- * Copyright (C) 2005-2007 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -26,6 +26,8 @@
        \version    $Revision$
 */

+define('NOTOKENRENEWAL',1); // Disables token renewal
+
 require('../main.inc.php');

 top_htmlhead("", "", 1, 1);