From ebf3ea39bf1da98172bb079ea9e5434f293c54b0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 15 Jan 2019 13:55:14 +0100 Subject: [PATCH] Fix missing token in POST --- htdocs/ecm/tpl/enablefiletreeajax.tpl.php | 2 +- htdocs/main.inc.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/ecm/tpl/enablefiletreeajax.tpl.php b/htdocs/ecm/tpl/enablefiletreeajax.tpl.php index ad992da84dc..ba3c2a20b96 100644 --- a/htdocs/ecm/tpl/enablefiletreeajax.tpl.php +++ b/htdocs/ecm/tpl/enablefiletreeajax.tpl.php @@ -46,7 +46,7 @@ $(document).ready(function() { $('#filetree').fileTree({ root: '', // Ajax called if we click to expand a dir (not a file). Parameter 'dir' is provided as a POST parameter by fileTree code to this following URL. - script: '', + script: '', folderEvent: 'click', // 'dblclick' multiFolder: false }, // Called if we click on a file (not a dir) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 19eaee3e4fb..3f901ed0922 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -379,7 +379,7 @@ if ((! defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && ! empty($conf-> { if ($_SERVER['REQUEST_METHOD'] == 'POST' && ! GETPOSTISSET('token')) // Note, offender can still send request by GET { - print "Access refused by CSRF protection in main.inc.php. Token not provided.\n"; + print "Access by POST method refused by CSRF protection in main.inc.php. Token not provided.\n"; print "If you access your server behind a proxy using url rewriting, you might check that all HTTP header is propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file).\n"; die; }