Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix menu "New" when using paranoiac MAIN_SECURITY_CSRF_WITH_TOKEN = 3

Browse Source
This commit is contained in:
Laurent Destailleur
2022-02-11 15:30:45 +01:00
parent 9ba998e3ba
commit 56f5b471bc
2 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/main.inc.php
View File

@@ -475,7 +475,9 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt(
$sensitiveget = false;
if ((GETPOSTISSET('massaction') || GETPOST('action', 'aZ09')) && getDolGlobalInt('MAIN_SECURITY_CSRF_WITH_TOKEN') >= 3) {
// All GET actions and mass actions are processed as sensitive.
$sensitiveget = true;
if (GETPOSTISSET('massaction') || !in_array(GETPOST('action', 'aZ09'), array('create', 'file_manager'))) { // We exclude the case action='create' and action='file_manager' that are legitimate
$sensitiveget = true;
}
} elseif (getDolGlobalInt('MAIN_SECURITY_CSRF_WITH_TOKEN') >= 2) {
// Few GET actions coded with a &token into url are processed as sensitive.
$arrayofactiontoforcetokencheck = array(