Is it why I can't create new module from modulebuilder? $_POST is
cleaned after include of main.inc.php
---
Frédéric FRANCE
Le 2019-03-03 13:45, Laurent Destailleur a écrit :
> A new option to enhance the security in Dolibarr exists... But it need some
> test to check this new option is correctly implemented.
>
> Please add this new constant in your development environment:
> MAIN_SECURITY_CSRF_WITH_TOKEN to value 1
>
> This will add a token into all forms and when the form is submitted, dolibarr
> will check tat the form was submitted by a previous page of Dolibarr
> generated by itself and not by another website. This is a very efficient
> solution to fight against CSRF attacks. But it may recreate some regression
> if it was not implemented everywhere (the field "token" must be set into
> every form).
> So please enable the option and if you find some forms that does not work
> anymore, please report them on this mailing list.
> Above all if you develop external module : This feature may become enabled by
> default in a future version and your own module must be ready and must add
> this field "token", like any other form into the core are doing.
>
> --
>
> Laurent, aka eldy
> ------------------------------------------------------------------------------------
> Google+: https://plus.google.com/+LaurentDestailleur-Open-Source-Expert/
> Facebook: https://www.facebook.com/Destailleur.Laurent
> Twitter: https://www.twitter.com/eldy10
> _______________________________________________
> Dolibarr-dev mailing list
> Dolibarr-dev@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/dolibarr-dev
_______________________________________________
Dolibarr-dev mailing list
Dolibarr-dev@nongnu.org
https://lists.nongnu.org/mailman/listinfo/dolibarr-dev
