From 3e8dd2f4a576627ddcf36f05b7fe1c788deb733c Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Thu, 18 Nov 2021 08:54:10 +0100 Subject: [PATCH] =?UTF-8?q?N=C2=B04286=20Setup=20:=20fix=20loop=20in=20fir?= =?UTF-8?q?st=20steps=20Setup=20token=20wasn't=20removed=20at=20the=20righ?= =?UTF-8?q?t=20place=20:/?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- setup/ajax.dataloader.php | 2 +- setup/wizardsteps.class.inc.php | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/ajax.dataloader.php b/setup/ajax.dataloader.php index 2c9692b9f..fdc189114 100644 --- a/setup/ajax.dataloader.php +++ b/setup/ajax.dataloader.php @@ -147,7 +147,7 @@ header("Expires: Fri, 17 Jul 1970 05:00:00 GMT"); // Date in the past $sOperation = Utils::ReadParam('operation', ''); try { - SetupUtils::CheckSetupToken(true); + SetupUtils::CheckSetupToken(); switch($sOperation) { diff --git a/setup/wizardsteps.class.inc.php b/setup/wizardsteps.class.inc.php index ce7a3902c..65c09e687 100644 --- a/setup/wizardsteps.class.inc.php +++ b/setup/wizardsteps.class.inc.php @@ -2663,6 +2663,7 @@ class WizStepDone extends WizardStep public function AsyncAction(WebPage $oPage, $sCode, $aParameters) { + SetupUtils::EraseSetupToken(); // For security reasons: add the extension now so that this action can be used to read *only* .tar.gz files from the disk... $sBackupFile = $aParameters['backup'].'.tar.gz'; if (file_exists($sBackupFile))