From 889c35e8df53fcc427816c39471827316204491d Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 30 Mar 2022 12:02:20 +0200
Subject: [PATCH] NEW Default value for MAIN_SECURITY_CSRF_WITH_TOKEN is now 2

---
 htdocs/core/class/conf.class.php | 2 +-
 htdocs/main.inc.php              | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/htdocs/core/class/conf.class.php b/htdocs/core/class/conf.class.php
index 1494e9b991d..602e6b560d0 100644
--- a/htdocs/core/class/conf.class.php
+++ b/htdocs/core/class/conf.class.php
@@ -910,7 +910,7 @@ class Conf
 				// Value 1 makes CSRF check for all POST parameters only
 				// Value 2 makes also CSRF check for GET requests with action = a sensitive requests like action=del, action=remove...
 				// Value 3 makes also CSRF check for all GET requests with a param action or massaction
-				$this->global->MAIN_SECURITY_CSRF_WITH_TOKEN = 1;
+				$this->global->MAIN_SECURITY_CSRF_WITH_TOKEN = 2;
 				// Note: Set MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL=1 to have a renewal of token at each page call instead of each session (not recommended)
 			}
 
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 1b3684b7d34..18f8591032f 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -492,6 +492,7 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt(
 			$sensitiveget = true;
 		}
 	}
+
 	// Check a token is provided for all cases that need a mandatory token
 	// (all POST actions + all login, actions and mass actions on pages with CSRFCHECK_WITH_TOKEN set + all sensitive GET actions)
 	if (