From c3e88579abc4ed70ae8353a2de4b0be2aa3a3572 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 18 Sep 2021 22:24:51 +0200 Subject: [PATCH] Fix add remove_* action as sensitive action --- htdocs/main.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 3fe6e8d8d5676..f785ed43e002a 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -473,7 +473,7 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type) if (in_array(GETPOST('action', 'aZ09'), $arrayofactiontoforcetokencheck)) { $sensitiveget = true; } - if (preg_match('/^(classify|confirm_|delete|disable|enable|setremise)/', GETPOST('action', 'aZ09'))) { + if (preg_match('/^(classify|confirm_|delete|disable|enable|remove_|setremise)/', GETPOST('action', 'aZ09'))) { $sensitiveget = true; }