1 files changed, 6 insertions, 6 deletions
diff --git a/index.php b/index.php
index 654403c8..19774bb6 100644
--- a/index.php
+++ b/index.php
@@ -11,12 +11,12 @@
 include dirname(__FILE__).'/inc/poche/config.inc.php';
 #XSRF protection with token
-if (!empty($_POST)) {
+// if (!empty($_POST)) {
-    if (!Session::isToken($_POST['token'])) {
+//     if (!Session::isToken($_POST['token'])) {
-        die(_('Wrong token'));
+//         die(_('Wrong token'));
-    }
+//     }
-    unset($_SESSION['tokens']);
+//     unset($_SESSION['tokens']);
-}
+// }
 $referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
 $view = Tools::checkVar('view', 'home');

diff --git a/index.php b/index.php index 654403c8..19774bb6 100644 --- a/index.php +++ b/index.php
@@ -11,12 +11,12 @@
11	include dirname(__FILE__).'/inc/poche/config.inc.php';	11	include dirname(__FILE__).'/inc/poche/config.inc.php';
12		12
13	#XSRF protection with token	13	#XSRF protection with token
14	if (!empty($_POST)) {	14	// if (!empty($_POST)) {
15	if (!Session::isToken($_POST['token'])) {	15	// if (!Session::isToken($_POST['token'])) {
16	die(_('Wrong token'));	16	// die(_('Wrong token'));
17	}	17	// }
18	unset($_SESSION['tokens']);	18	// unset($_SESSION['tokens']);
19	}	19	// }
20		20
21	$referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];	21	$referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
22	$view = Tools::checkVar('view', 'home');	22	$view = Tools::checkVar('view', 'home');