From c64bdb42c8bc94e0a44a36595b0d01dd401650c8 Mon Sep 17 00:00:00 2001 From: billz Date: Wed, 6 Sep 2023 09:54:20 +0200 Subject: [PATCH] Fix php notices w/ proper var checks --- includes/functions.php | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/includes/functions.php b/includes/functions.php index 8f7d1111..ca264ff7 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -318,23 +318,23 @@ function CSRFMetaTag() */ function CSRFValidate() { - $post_token = $_POST['csrf_token']; - $header_token = $_SERVER['HTTP_X_CSRF_TOKEN']; + if(isset($_POST['csrf_token'])) { + $post_token = $_POST['csrf_token']; + $header_token = $_SERVER['HTTP_X_CSRF_TOKEN']; - if (empty($post_token) && empty($header_token)) { - return false; - } - - $request_token = $post_token; - if (empty($post_token)) { - $request_token = $header_token; - } - - if (hash_equals($_SESSION['csrf_token'], $request_token)) { - return true; - } else { - error_log('CSRF violation'); - return false; + if (empty($post_token) && empty($header_token)) { + return false; + } + $request_token = $post_token; + if (empty($post_token)) { + $request_token = $header_token; + } + if (hash_equals($_SESSION['csrf_token'], $request_token)) { + return true; + } else { + error_log('CSRF violation'); + return false; + } } } @@ -685,8 +685,10 @@ function getColorOpt() } function getSidebarState() { - if ($_COOKIE['sidebarToggled'] == 'true' ) { - return"toggled"; + if(isset($_COOKIE['sidebarToggled'])) { + if ($_COOKIE['sidebarToggled'] == 'true' ) { + return "toggled"; + } } }