From e3f3956bedaa6022773e168cd2f1fd87218af357 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 14 Jan 2015 19:10:48 +0100
Subject: [PATCH] Sec: Bad security test

---
 htdocs/public/test/test_arrays.php | 7 +++++--
 htdocs/public/test/test_forms.php  | 4 ++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/htdocs/public/test/test_arrays.php b/htdocs/public/test/test_arrays.php
index 6725c776cd4..5ff161f0b1a 100644
--- a/htdocs/public/test/test_arrays.php
+++ b/htdocs/public/test/test_arrays.php
@@ -4,11 +4,14 @@ define("NOCSRFCHECK",1);	// We accept to go on this page from external web site.
 
 
 require '../../main.inc.php';
-if ($_SERVER['HTTP_HOST'] != 'localhost')
+
+if ($_SERVER['REMOTE_ADDR'] != '127.0.0.1')
 {
-	print "Page available only with url  http://localhost/...";
+	print "Page available only frome remote address 127.0.0.1";
 	exit;
 }
+
+
 $usedolheader=0;	// 1 = Test inside a dolibarr page, 0 = Use hard coded header
 
 
diff --git a/htdocs/public/test/test_forms.php b/htdocs/public/test/test_forms.php
index c600e9b0acd..deb3e2fe0c4 100644
--- a/htdocs/public/test/test_forms.php
+++ b/htdocs/public/test/test_forms.php
@@ -6,9 +6,9 @@ define('REQUIRE_JQUERY_MULTISELECT','select2');
 require '../../main.inc.php';
 include_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
 
-if ($_SERVER['HTTP_HOST'] != 'localhost')
+if ($_SERVER['REMOTE_ADDR'] != '127.0.0.1')
 {
-	print "Page available only with url  http://localhost/...";
+	print "Page available only frome remote address 127.0.0.1";
 	exit;
 }
 
-- 
GitLab