send CSRF token in a response header,

update the page's CSRF tokens with the new token from the response header, verify csrf token in ajax endpoints, initialize a session for every endpoint
2025-03-01 10:31:47 +00:00 · 2019-08-06 21:34:58 +02:00
parent 8f3489cd4a
commit da69d3d768
11 changed files with 48 additions and 13 deletions
--- a/ajax/networking/gen_int_config.php
+++ b/ajax/networking/gen_int_config.php
@@ -1,5 +1,7 @@
 <?php
-session_start();
+
+require('includes/csrf.php');
+
 include_once('../../includes/config.php');
 include_once('../../includes/functions.php');

--- a/ajax/networking/get_all_interfaces.php
+++ b/ajax/networking/get_all_interfaces.php
@@ -1,4 +1,7 @@
 <?php
+
+    require('includes/csrf.php');
+
    exec("ls /sys/class/net | grep -v lo", $interfaces);
    echo json_encode($interfaces);
 ?>
--- a/ajax/networking/get_int_config.php
+++ b/ajax/networking/get_int_config.php
@@ -1,5 +1,7 @@
 <?php
-session_start();
+
+require('includes/csrf.php');
+
 include_once('../../includes/config.php');
 include_once('../../includes/functions.php');

--- a/ajax/networking/get_ip_summary.php
+++ b/ajax/networking/get_ip_summary.php
@@ -1,5 +1,7 @@
 <?php
-session_start();
+
+require('includes/csrf.php');
+
 include_once('../../includes/functions.php');

 if(isset($_POST['interface'])) {
--- a/ajax/networking/save_int_config.php
+++ b/ajax/networking/save_int_config.php
@@ -1,5 +1,7 @@
 <?php
-    session_start();
+
+    require('includes/csrf.php');
+
    include_once('../../includes/config.php');
    include_once('../../includes/functions.php');
    if(isset($_POST['interface'])) {