Fix: creation et verification d'un jeton al�atoire afin de valider une requete POST, voici la ligne � ajouter dans une requete POST

print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
2009-05-15 12:48:13 +00:00
parent df37827eb7
commit d73aac6e4e
2 changed files with 8 additions and 8 deletions
--- a/htdocs/admin/const.php
+++ b/htdocs/admin/const.php
@@ -34,12 +34,6 @@ $langs->load("admin");
 if (! empty($_SERVER['HTTP_REFERER']) && !eregi(DOL_MAIN_URL_ROOT, $_SERVER['HTTP_REFERER']))
 accessforbidden();

-//Todo: Verification de la presence et de la validite du jeton pr<70>c<EFBFBD>dent
-if (isset($_POST['token']) && isset($_SESSION['oldtoken']))
-{
-	if ($_POST['token'] != $_SESSION['oldtoken']) accessforbidden();
-}
-
 if (!$user->admin)
 accessforbidden();