composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove header check in ajax.render.php

Browse Source
This commit is contained in:
jf-cbd
2024-06-07 10:03:49 +02:00
committed by GitHub
parent bda7f58ddd
commit 46929ce43f
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pages/ajax.render.php
View File

@@ -29,12 +29,12 @@ require_once('../approot.inc.php');
// check if header contains X-Combodo-Ajax for POST request (CSRF protection for ajax calls)
if (!isset($_SERVER['HTTP_X_COMBODO_AJAX']) && $_SERVER['REQUEST_METHOD'] === 'POST') {
/*if (!isset($_SERVER['HTTP_X_COMBODO_AJAX']) && $_SERVER['REQUEST_METHOD'] === 'POST') {
$sReferer = utils::HtmlEntities($_SERVER['HTTP_REFERER']);
IssueLog::Error("Unprotected ajax call from: $sReferer", 'SECURITY');
header('HTTP/1.1 401 Unauthorized');
die('Unauthorized access. Please see https://www.itophub.io/wiki/page?id=3_2_0:release:developer#checking_for_the_presence_of_specific_header_in_the_post_to_enhance_protection_against_csrf_attacks');
}
}*/
function LogErrorMessage($sMsgPrefix, $aContextInfo) {