Mirrors/ICEcoder
2
0
Fork 0
mirror of https://github.com/icecoder/ICEcoder.git synced 2026-03-19 23:07:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Cannot use $_REQUEST, should be $_GET || $_POST

Browse Source 
$_REQUEST appears to contain other system info, need to check on the
existence of $_GET or $_POST data
This commit is contained in:
Matt Pass
2014-04-23 07:23:02 +01:00
parent 078068e252
commit 1306853e1e
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/headers.php
View File

@@ -6,7 +6,8 @@ if(!isset($_SESSION)) {@session_start();}
if (!isset($_SESSION["csrf"])) {
$_SESSION["csrf"] = md5(uniqid(mt_rand(), true));
}
if ($_REQUEST && $_REQUEST["csrf"] !== $_SESSION["csrf"]) {
if (($_GET || $_POST) && $_REQUEST["csrf"] !== $_SESSION["csrf"]) {
echo '<script>alert("Bad CSRF token. Please press F12, view the console and report the error, including file & line number, so it can be fixed. Many thanks!");</script>';
echo '<script>console.log("CSRF issue: REQUEST: "+$_REQUEST["csrf"]+", SESSION: "+$_SESSION["csrf"]);</script>';
die('Bad CSRF token');