mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-04-29 06:19:30 -05:00
Code Issues Packages Projects Releases Wiki Activity

do not log actual csrf token values when missing or wrong

Browse Source
This commit is contained in:
Tom Mortensen
2017-10-03 08:04:16 -07:00
parent 44b878c8fb
commit 29a7c83ba9
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
plugins/dynamix/include/local_prepend.php
+1 -1
View File
@@ -26,7 +26,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!isset($var)) $var = parse_ini_file('state/var.ini');
if (!isset($var['csrf_token'])) csrf_terminate("uninitialized");
if (!isset($_POST['csrf_token'])) csrf_terminate("missing");
if ($var['csrf_token'] != $_POST['csrf_token']) csrf_terminate("wrong {$_POST['csrf_token']}:{$var['csrf_token']}");
if ($var['csrf_token'] != $_POST['csrf_token']) csrf_terminate("wrong");
unset($_POST['csrf_token']);
}
?>