frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2025-03-01 10:31:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

always verify csrf token for resource-modifying requests,

Browse Source 
that is post, put, patch, delete
This commit is contained in:
glaszig
2019-07-30 17:05:00 +02:00
parent 93b458197a
commit f989b8060b
2 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
index.php
View File

@@ -39,6 +39,10 @@ include_once('includes/about.php');
$output = $return = 0;
$page = $_GET['page'];
if (csrfValidateRequest() && !CSRFValidate()) {
handleInvalidCSRFToken();
}
if (empty($_SESSION['csrf_token'])) {
if (function_exists('mcrypt_create_iv')) {
$_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));