Mirrors/ICEcoder
2
0
Fork 0
mirror of https://github.com/icecoder/ICEcoder.git synced 2026-03-03 07:13:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

!isset($_REQUEST["csrf"]) is extra fail cond

Browse Source
This commit is contained in:
Matt Pass
2014-05-03 14:19:24 +01:00
parent a470daf9f5
commit 8133adeab8
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/headers.php
View File

@@ -7,7 +7,7 @@ if (!isset($_SESSION["csrf"])) {
$_SESSION["csrf"] = md5(uniqid(mt_rand(), true));
}
if (($_GET || $_POST) && $_REQUEST["csrf"] !== $_SESSION["csrf"]) {
if (($_GET || $_POST) && (!isset($_REQUEST["csrf"]) || $_REQUEST["csrf"] !== $_SESSION["csrf"])) {
die("Bad CSRF token. Please report the error info at https://github.com/mattpass/ICEcoder so it can be fixed.<br><br>
CSRF issue:<br>
REQUEST: ".$_REQUEST["csrf"]."<br>