From 8a5469abcd282fe1c916fa960995561ff3954bbd Mon Sep 17 00:00:00 2001
From: myvesta <38690722+myvesta@users.noreply.github.com>
Date: Sun, 29 Aug 2021 12:39:48 +0200
Subject: [PATCH] Update secure_login.php

---
 web/inc/secure_login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/inc/secure_login.php b/web/inc/secure_login.php
index 1dfe25413..dcfc2b822 100644
--- a/web/inc/secure_login.php
+++ b/web/inc/secure_login.php
@@ -84,7 +84,7 @@ function prevent_get_csrf () {
     if (file_exists('/usr/local/vesta/conf_web/dont_check_csrf')) return;
     if ($_SERVER['REQUEST_METHOD'] == "GET") {
         if (isset($_GET[$login_url])) return;
-        if ($_SERVER['REQUEST_URI']=="" || $_SERVER['REQUEST_URI']=="/" || $_SERVER['REQUEST_URI']=="/login/" || $_SERVER['REQUEST_URI']=="/list/web/") return;
+        if ($_SERVER['REQUEST_URI']=="" || $_SERVER['REQUEST_URI']=="/" || $_SERVER['REQUEST_URI']=="/login/" || $_SERVER['REQUEST_URI']=="/list/user/" || $_SERVER['REQUEST_URI']=="/list/web/") return;
     }
     if (isset($_SERVER['HTTP_HOST']) == false) return;
     if (isset($_SERVER['SERVER_PORT']) == false) return;