frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2025-03-01 10:31:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into feat/plugin-manager

Browse Source
This commit is contained in:
Bill Zimmerman
2025-01-26 10:33:49 +01:00
committed by GitHub
parent a8bd85cc80 eb25142e03
commit a619e7a25b
47 changed files with 335 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
includes/functions.php
View File

@@ -1,3 +1,4 @@
<?php require_once 'session.php'; ?>
<?php
/* Functions for Networking */
@@ -336,23 +337,26 @@ function CSRFMetaTag()
*/
function CSRFValidate()
{
if(isset($_POST['csrf_token'])) {
$post_token = $_POST['csrf_token'];
$header_token = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;
if (empty($_SESSION['csrf_token']) || !is_string($_SESSION['csrf_token'])) {
error_log('Session expired or CSRF token is missing.');
header('Location: /login');
exit;
}
if (empty($post_token) && is_null($header_token)) {
return false;
}
$request_token = $post_token;
if (empty($post_token)) {
$request_token = $header_token;
}
if (hash_equals($_SESSION['csrf_token'], $request_token)) {
return true;
} else {
error_log('CSRF violation');
return false;
}
$post_token = $_POST['csrf_token'] ?? null;
$header_token = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;
if (empty($post_token) && is_null($header_token)) {
error_log('CSRF token missing in the request');
return false;
}
$request_token = $post_token ?: $header_token;
if (hash_equals($_SESSION['csrf_token'], $request_token)) {
return true;
} else {
error_log('CSRF token mismatch');
return false;
}
}