Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

NEW Default value for MAIN_SECURITY_CSRF_WITH_TOKEN is now 2

Browse Source
This commit is contained in:
Laurent Destailleur 2022-03-30 12:02:20 +02:00
parent 636188f28a
commit 889c35e8df
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/class/conf.class.php
View File

@ -910,7 +910,7 @@ class Conf
// Value 1 makes CSRF check for all POST parameters only
// Value 2 makes also CSRF check for GET requests with action = a sensitive requests like action=del, action=remove...
// Value 3 makes also CSRF check for all GET requests with a param action or massaction
$this->global->MAIN_SECURITY_CSRF_WITH_TOKEN = 1;
$this->global->MAIN_SECURITY_CSRF_WITH_TOKEN = 2;
// Note: Set MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL=1 to have a renewal of token at each page call instead of each session (not recommended)
}

1
htdocs/main.inc.php
View File

@ -492,6 +492,7 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt(
$sensitiveget = true;
}
}
// Check a token is provided for all cases that need a mandatory token
// (all POST actions + all login, actions and mass actions on pages with CSRFCHECK_WITH_TOKEN set + all sensitive GET actions)
if (