Skip to content

Commit d3f9c49

Browse files
mevdscheemevdschee
committed
Improve CSRF handling
1 parent 177daca commit d3f9c49

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

api.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2336,7 +2336,7 @@ public function executeCommand() {
23362336
// 'secret'=>'someVeryLongPassPhraseChangeMe',
23372337
// ));
23382338
// if ($auth->executeCommand()) exit(0);
2339-
// if (empty($_SESSION['user']) || $_GET['csrf']!=$_SESSION['csrf']) {
2339+
// if (empty($_SESSION['user']) || !$auth->hasValidCsrfToken()) {
23402340
// header('HTTP/1.0 401 Unauthorized');
23412341
// exit(0);
23422342
// }
@@ -2347,7 +2347,7 @@ public function executeCommand() {
23472347
// 'authenticator'=>function($user,$pass){ $_SESSION['user']=($user=='admin' && $pass=='admin'); }
23482348
// ));
23492349
// if ($auth->executeCommand()) exit(0);
2350-
// if (empty($_SESSION['user']) || $_GET['csrf']!=$_SESSION['csrf']) {
2350+
// if (empty($_SESSION['user']) || !$auth->hasValidCsrfToken()) {
23512351
// header('HTTP/1.0 401 Unauthorized');
23522352
// exit(0);
23532353
// }

0 commit comments

Comments
 (0)