Commit 3e19bca9 authored by Johan Cwiklinski's avatar Johan Cwiklinski

Better way to restrict content_update.php direct access

parent 55a2e0a3
......@@ -124,13 +124,12 @@ function update_importDropdown ($table, $name) {
* @return nothing (displays)
*/
function showContentUpdateForm() {
$_SESSION['do_content_update'] = true;
echo "<form action='update_content.php' method='post'>";
echo "<div class='center'>";
echo "<h3>".__('Update successful, your database is up to date')."</h3>";
echo "<p>".__('You must now proceed to updating your database content')."</p></div>";
echo "<p>";
echo "<input typ='hidden' name='do_continue' value='1'/>";
echo "<input type='submit' class='vsubmit' value='.__('Continue?').'/>";
echo "</form>";
}
......
......@@ -30,10 +30,6 @@
* ---------------------------------------------------------------------
*/
if (!isset($_POST['do_continue'])) {
die("Sorry. You can't access this file directly");
}
//#################### INCLUDE & SESSIONS ############################
define('GLPI_ROOT', realpath('..'));
......@@ -47,6 +43,10 @@ include_once (GLPI_CONFIG_DIR . "/config_db.php");
Session::setPath();
Session::start();
if (!isset($_SESSION['do_content_update'])) {
die("Sorry. You can't access this file directly");
}
// Init debug variable
Toolbox::setDebugMode(Session::DEBUG_MODE, 0, 0, 1);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment