frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2025-03-01 10:31:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

send CSRF token in a response header,

Browse Source 
update the page's CSRF tokens with the new token
from the response header,
verify csrf token in ajax endpoints,
initialize a session for every endpoint
This commit is contained in:
glaszig
2019-08-06 21:34:58 +02:00
parent 8f3489cd4a
commit da69d3d768
11 changed files with 48 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
index.php
View File

@@ -18,7 +18,7 @@
* @see http://sirlagz.net/2013/02/08/raspap-webgui/
*/
session_start();
require('includes/csrf.php');
include_once('includes/config.php');
include_once(RASPI_CONFIG.'/raspap.php');
@@ -39,12 +39,6 @@ include_once('includes/about.php');
$output = $return = 0;
$page = $_GET['page'];
if (csrfValidateRequest() && !CSRFValidate()) {
handleInvalidCSRFToken();
}
ensureCSRFSessionToken();
if (!isset($_COOKIE['theme'])) {
$theme = "custom.css";
} else {