Prevent script to be called directly

glpi-project · May 24, 2018 · 1f511e5 · 1f511e5
1 parent aa81840
commit 1f511e5
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/install/update.php b/install/update.php
@@ -125,11 +125,14 @@ function update_importDropdown ($table, $name) {
  */
 function showContentUpdateForm() {
 
+   echo "<form action='update_content.php' method='post'>";
    echo "<div class='center'>";
    echo "<h3>".__('Update successful, your database is up to date')."</h3>";
    echo "<p>".__('You must now proceed to updating your database content')."</p></div>";
    echo "<p>";
-   echo "<a class='vsubmit' href='update_content.php'>".__('Continue?')."</a>";
+   echo "<input typ='hidden' name='do_continue' value='1'/>";
+   echo "<input type='submit' class='vsubmit' value='.__('Continue?').'/>";
+   echo "</form>";
 }
 
 

diff --git a/install/update_content.php b/install/update_content.php
@@ -30,6 +30,10 @@
  * ---------------------------------------------------------------------
  */
 
+if (!isset($_POST['do_continue'])) {
+   die("Sorry. You can't access this file directly");
+}
+
 //#################### INCLUDE & SESSIONS ############################
 define('GLPI_ROOT', realpath('..'));