From 1fddad190f60fffe77a111bbe4ce058b6bc46edf Mon Sep 17 00:00:00 2001
From: glaszig <glaszig@gmail.com>
Date: Wed, 7 Aug 2019 23:21:14 +0200
Subject: [PATCH 1/2] fix require paths

---
 ajax/bandwidth/get_bandwidth.php        | 2 +-
 ajax/bandwidth/get_bandwidth_hourly.php | 2 +-
 ajax/networking/gen_int_config.php      | 2 +-
 ajax/networking/get_all_interfaces.php  | 2 +-
 ajax/networking/get_int_config.php      | 2 +-
 ajax/networking/get_ip_summary.php      | 2 +-
 ajax/networking/save_int_config.php     | 2 +-
 includes/csrf.php                       | 4 ++--
 8 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/ajax/bandwidth/get_bandwidth.php b/ajax/bandwidth/get_bandwidth.php
index 1f11b556..37d4adc9 100644
--- a/ajax/bandwidth/get_bandwidth.php
+++ b/ajax/bandwidth/get_bandwidth.php
@@ -1,6 +1,6 @@
 <?php
 
-require('includes/csrf.php');
+require('../../includes/csrf.php');
 
 require_once '../../includes/config.php';
 require_once RASPI_CONFIG.'/raspap.php';
diff --git a/ajax/bandwidth/get_bandwidth_hourly.php b/ajax/bandwidth/get_bandwidth_hourly.php
index e9875f73..482b6c6f 100644
--- a/ajax/bandwidth/get_bandwidth_hourly.php
+++ b/ajax/bandwidth/get_bandwidth_hourly.php
@@ -1,6 +1,6 @@
 <?php 
 
-require('includes/csrf.php');
+require('../../includes/csrf.php');
 
 if (filter_input(INPUT_GET, 'tu') == 'h') {
 
diff --git a/ajax/networking/gen_int_config.php b/ajax/networking/gen_int_config.php
index 2dd07089..c892bb0a 100644
--- a/ajax/networking/gen_int_config.php
+++ b/ajax/networking/gen_int_config.php
@@ -1,6 +1,6 @@
 <?php
 
-require('includes/csrf.php');
+require('../../includes/csrf.php');
 
 include_once('../../includes/config.php');
 include_once('../../includes/functions.php');
diff --git a/ajax/networking/get_all_interfaces.php b/ajax/networking/get_all_interfaces.php
index f76cc78e..2c6b5a3d 100644
--- a/ajax/networking/get_all_interfaces.php
+++ b/ajax/networking/get_all_interfaces.php
@@ -1,6 +1,6 @@
 <?php
 
-    require('includes/csrf.php');
+    require('../../includes/csrf.php');
 
     exec("ls /sys/class/net | grep -v lo", $interfaces);
     echo json_encode($interfaces);
diff --git a/ajax/networking/get_int_config.php b/ajax/networking/get_int_config.php
index 21f41ed6..2c6c6df2 100644
--- a/ajax/networking/get_int_config.php
+++ b/ajax/networking/get_int_config.php
@@ -1,6 +1,6 @@
 <?php
 
-require('includes/csrf.php');
+require('../../includes/csrf.php');
 
 include_once('../../includes/config.php');
 include_once('../../includes/functions.php');
diff --git a/ajax/networking/get_ip_summary.php b/ajax/networking/get_ip_summary.php
index 28d479e1..0342e116 100644
--- a/ajax/networking/get_ip_summary.php
+++ b/ajax/networking/get_ip_summary.php
@@ -1,6 +1,6 @@
 <?php
 
-require('includes/csrf.php');
+require('../../includes/csrf.php');
 
 include_once('../../includes/functions.php');
 
diff --git a/ajax/networking/save_int_config.php b/ajax/networking/save_int_config.php
index 742304fb..b3d707ae 100644
--- a/ajax/networking/save_int_config.php
+++ b/ajax/networking/save_int_config.php
@@ -1,6 +1,6 @@
 <?php
 
-    require('includes/csrf.php');
+    require('../../includes/csrf.php');
 
     include_once('../../includes/config.php');
     include_once('../../includes/functions.php');
diff --git a/includes/csrf.php b/includes/csrf.php
index 5acb047e..7cfc1302 100644
--- a/includes/csrf.php
+++ b/includes/csrf.php
@@ -1,7 +1,7 @@
 <?php
 
-include_once('includes/functions.php');
-include_once('includes/session.php');
+include_once('functions.php');
+include_once('session.php');
 
 if (csrfValidateRequest() && !CSRFValidate()) {
   handleInvalidCSRFToken();

From 56097d5629a65781c8a1b42aa70e426b43e9fc53 Mon Sep 17 00:00:00 2001
From: glaszig <glaszig@gmail.com>
Date: Wed, 7 Aug 2019 23:53:04 +0200
Subject: [PATCH 2/2] send proper csrf header

---
 includes/csrf.php | 3 ---
 index.php         | 1 +
 js/custom.js      | 9 ---------
 3 files changed, 1 insertion(+), 12 deletions(-)

diff --git a/includes/csrf.php b/includes/csrf.php
index 7cfc1302..1977dca4 100644
--- a/includes/csrf.php
+++ b/includes/csrf.php
@@ -6,6 +6,3 @@ include_once('session.php');
 if (csrfValidateRequest() && !CSRFValidate()) {
   handleInvalidCSRFToken();
 }
-
-ensureCSRFSessionToken();
-header('X-CSRF-Token', $_SESSION['csrf_token']);
diff --git a/index.php b/index.php
index d797587a..b0816c37 100755
--- a/index.php
+++ b/index.php
@@ -19,6 +19,7 @@
  */
 
 require('includes/csrf.php');
+ensureCSRFSessionToken();
 
 include_once('includes/config.php');
 include_once(RASPI_CONFIG.'/raspap.php');
diff --git a/js/custom.js b/js/custom.js
index 01c355cf..ac1ec75b 100644
--- a/js/custom.js
+++ b/js/custom.js
@@ -167,14 +167,6 @@ function setCSRFTokenHeader(event, xhr, settings) {
     }
 }
 
-function updateCSRFTokens(event, xhr, settings) {
-    var newToken = xhr.getResponseHeader("X-CSRF-Token");
-    if (newToken) {
-        $('meta[name=csrf_token]').attr('content', newToken);
-        $('[name=csrf_token]:input').attr('value', newToken);
-    }
-}
-
 function contentLoaded() {
     pageCurrent = window.location.href.split("?")[1].split("=")[1];
     pageCurrent = pageCurrent.replace("#","");
@@ -190,5 +182,4 @@ function contentLoaded() {
 
 $(document)
     .ajaxSend(setCSRFTokenHeader)
-    .ajaxComplete(updateCSRFTokens)
     .ready(contentLoaded);