Mirrors/sysPass
2
0
Fork 0
mirror of https://github.com/nuxsmin/sysPass.git synced 2026-03-13 11:57:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

* [MOD] Improved CSRF handling by using HTTP header to set the token

Browse Source 
Signed-off-by: Rubén D <nuxsmin@syspass.org>
This commit is contained in:
Rubén D
2020-01-08 13:18:03 +01:00
parent b7da69de79
commit bec1d21d8c
84 changed files with 578 additions and 658 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/modules/web/Controllers/ConfigEncryptionController.php
View File

@@ -64,8 +64,6 @@ final class ConfigEncryptionController extends SimpleControllerBase
*/
public function saveAction()
{
$this->checkSecurityToken($this->previousSk, $this->request);
$mastePassService = $this->dic->get(MasterPassService::class);
$currentMasterPass = $this->request->analyzeEncrypted('current_masterpass');
@@ -189,8 +187,6 @@ final class ConfigEncryptionController extends SimpleControllerBase
public function refreshAction()
{
try {
$this->checkSecurityToken($this->previousSk, $this->request);
if ($this->config->getConfigData()->isDemoEnabled()) {
return $this->returnJsonResponse(JsonResponse::JSON_WARNING, __u('Ey, this is a DEMO!!'));
}
@@ -218,8 +214,6 @@ final class ConfigEncryptionController extends SimpleControllerBase
public function saveTempAction()
{
try {
$this->checkSecurityToken($this->previousSk, $this->request);
$temporaryMasterPassService = $this->dic->get(TemporaryMasterPassService::class);
$key = $temporaryMasterPassService->create($this->request->analyzeInt('temporary_masterpass_maxtime', 3600));