mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-04-23 18:48:49 -05:00
Code Issues Packages Projects Releases Wiki Activity

remove csrf token from login page

Browse Source
This commit is contained in:
Eric Schultz
2019-09-20 14:57:36 -05:00
parent 655b3ed883
commit 0f03ad6f98
2 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
login.php
-1
View File
@@ -333,7 +333,6 @@ $theme_dark = in_array($display['theme'],['black','gray']);
<p>
<input name="username" type="text" placeholder="Username" required>
<input name="password" type="password" placeholder="Password" required>
<input name="csrf_token" type="hidden" value="<?=$var['csrf_token']?>">
</p>
<? if ($error) echo '<p class="error">'.$error.'</p>'; ?>
<script type="text/javascript">
plugins/dynamix/include/local_prepend.php
+1 -1
View File
@@ -22,7 +22,7 @@ putenv('PATH=.:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin');
chdir('/usr/local/emhttp');
setlocale(LC_ALL,'en_US.UTF-8');
date_default_timezone_set(substr(readlink('/etc/localtime-copied-from'),20));
if ($_SERVER['SCRIPT_NAME'] != '/auth_request.php' && isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'POST') {
if ($_SERVER['SCRIPT_NAME'] != '/login.php' && $_SERVER['SCRIPT_NAME'] != '/auth_request.php' && isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'POST') {
if (!isset($var)) $var = parse_ini_file('state/var.ini');
if (!isset($var['csrf_token'])) csrf_terminate("uninitialized");
if (!isset($_POST['csrf_token'])) csrf_terminate("missing");