mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-05-03 00:09:27 -05:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Protect set-password with CSRF token"

Browse Source 
This reverts commit f3c862cde1.
This commit is contained in:
bergware
2021-08-13 21:05:23 +02:00
parent c9b7a1da1c
commit a31b169dc2
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
plugins/dynamix/include/set-password.php
+1 -2
View File
@@ -14,7 +14,7 @@ $POST_ERROR = '';
/**
* POST handler
*/
if (!empty($_POST['password']) && !empty($_POST['confirmPassword']) && $_POST['csrf_token']==$var['csrf_token']) {
if (!empty($_POST['password']) && !empty($_POST['confirmPassword'])) {
if ($_POST['password'] !== $_POST['confirmPassword']) return $POST_ERROR = $VALIDATION_MESSAGES['mismatch'];
if (strlen($_POST['password']) > $MAX_PASS_LENGTH) return $POST_ERROR = $VALIDATION_MESSAGES['maxLength'];
@@ -347,7 +347,6 @@ $THEME_DARK = in_array($display['theme'],['black','gray']);
<p class="error"><?=_('Please also ensure you have cookies enabled')?>.</p>
</noscript>
<form action="/login" method="POST" class="js-validate w-full flex flex-col">
<input type="hidden" name="csrf_token" value="<?=$var['csrf_token']?>">
<label for="password"><?= _('Username') ?></label>
<input name="username" type="text" value="root" disabled title="<?=_('Username not changeable')?>">