mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-01-14 05:30:07 -06:00
Code Issues Packages Projects Releases Wiki Activity

Translation support updates + csrf correction

Browse Source
This commit is contained in:
bergware
2021-05-31 09:48:54 +02:00
parent bba1d930a4
commit 345feb910d
3 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/dynamix/include/local_prepend.php
View File

@@ -27,7 +27,7 @@ ini_set("session.use_strict_mode", "1");
ini_set("session.cookie_samesite", $secure?'Strict':'Lax');
session_name("unraid_".md5(strstr($_SERVER['HTTP_HOST'].':', ':', true)));
session_set_cookie_params(0, '/', null, $secure, true);
if ($_SERVER['SCRIPT_NAME'] != '/login.php' && $_SERVER['SCRIPT_NAME'] != '/auth_request.php' && isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'POST') {
if ($_SERVER['SCRIPT_NAME'] != '/login.php' && $_SERVER['SCRIPT_NAME'] != '/auth-request.php' && isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'POST') {
if (!isset($var)) $var = parse_ini_file('state/var.ini');
if (!isset($var['csrf_token'])) csrf_terminate("uninitialized");
if (!isset($_POST['csrf_token'])) csrf_terminate("missing");