Jump to content

disable token on forms and add to cart


jpayam

Recommended Posts

A simple way (apparently, as I haven't verified this works everywhere) to disable checking the token, regardless if it exists or not, is:

In /classes/sanitize.class.php, in the checkToken() function, there are two places:

The first applies to the admin section. We will leave that as it is for now.

The second applies to when payment gateways call back with transaction results. An exception is created. We will make that exception apply regardless.

In this function, find:

if (!empty($_POST)) {
  $csrf_exception = false;

Change to:

if (!empty($_POST)) {
  $csrf_exception = true; // Set this to false to restore normal CSRF protection!

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...