首页 发现 帮助
登录
iProspective
/
dolibarr
3
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

FIX #18968

Laurent Destailleur 3 年之前
父节点
68bb625ec7
当前提交
ee6780c46e
共有 1 个文件被更改,包括 3 次插入1 次删除
分列视图 显示文件统计
  1. 3 1
      htdocs/filefunc.inc.php

+ 3 - 1
htdocs/filefunc.inc.php
查看文件 

@@ -176,6 +176,8 @@ if (empty($dolibarr_strict_mode)) {
 
 	$dolibarr_strict_mode = 0; // For debug in php strict mode
 
 }
 
 
+define('DOL_DOCUMENT_ROOT', $dolibarr_main_document_root); // Filesystem core php (htdocs)
 
+
 
 // Security: CSRF protection
 
 // This test check if referrer ($_SERVER['HTTP_REFERER']) is same web site than Dolibarr ($_SERVER['HTTP_HOST'])
 
 // when we post forms (we allow GET and HEAD to accept direct link from a particular page).
 
@@ -196,6 +198,7 @@ if (!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck)) {
 
 		if ($csrfattack) {
 
 			//print 'NOCSRFCHECK='.defined('NOCSRFCHECK').' REQUEST_METHOD='.$_SERVER['REQUEST_METHOD'].' HTTP_HOST='.$_SERVER['HTTP_HOST'].' HTTP_REFERER='.$_SERVER['HTTP_REFERER'];
 
 			// Note: We can't use dol_escape_htmltag here to escape output because lib functions.lib.ph is not yet loaded.
 
+			include_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php';
 
 			dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"])?'':$_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (Bad referer).", LOG_WARNING);
 
 			print "Access refused by CSRF protection in main.inc.php. Referer of form (".htmlentities($_SERVER['HTTP_REFERER'], ENT_COMPAT, 'UTF-8').") is outside the server that serve this page (with method = ".htmlentities($_SERVER['REQUEST_METHOD'], ENT_COMPAT, 'UTF-8').").\n";
 
 			print "If you access your server behind a proxy using url rewriting, you might check that all HTTP headers are propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file to remove this security check).\n";
 
@@ -228,7 +231,6 @@ if (empty($dolibarr_main_data_root)) {
 
 // Define some constants
 
 define('DOL_CLASS_PATH', 'class/'); // Filesystem path to class dir (defined only for some code that want to be compatible with old versions without this parameter)
 
 define('DOL_DATA_ROOT', $dolibarr_main_data_root); // Filesystem data (documents)
 
-define('DOL_DOCUMENT_ROOT', $dolibarr_main_document_root); // Filesystem core php (htdocs)
 
 // Try to autodetect DOL_MAIN_URL_ROOT and DOL_URL_ROOT.
 
 // Note: autodetect works only in case 1, 2, 3 and 4 of phpunit test CoreTest.php. For case 5, 6, only setting value into conf.php will works.
 
 $tmp = '';