Skip to content
GitLab
Unverified Commit e9c574a2 authored by Côme Chilliet's avatar Côme Chilliet
Browse files

:ambulance: fix(CSRF) Use a different message when CSRF token is unexpected 

Attempt at easing CSRF protection problems debugging.

issue #6023
parent 92d3f781
dev 6342-update-the-locales-for-1-5 6344-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen 6365-core-locking-mechanism-is-not-changing-the-mail-ressource-it-does-lock-the-mail-account 6365-core-when-lock-mechanism-is-trigger-the-user-should-not-be-editable-if-not-unlock 6378-orcid-test-method-is-wrong-and-break-orcid-saving core-php8 master fusiondirectory-1.5 fusiondirectory-1.4
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 5 additions and 1 deletion
+5 -1
include/class_CSRFProtection.inc
+ 5
1
View file @ e9c574a2
<?php <?php
/* /*
This code is part of FusionDirectory (http://www.fusiondirectory.org/) This code is part of FusionDirectory (http://www.fusiondirectory.org/)
Copyright (C) 2017-2018 FusionDirectory Copyright (C) 2017-2019 FusionDirectory
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
...@@ -31,6 +31,10 @@ class CSRFProtection ...@@ -31,6 +31,10 @@ class CSRFProtection
static::checkHeaders(); static::checkHeaders();
if (!session::is_set('CSRFtoken')) {
throw new FusionDirectoryException('Unexpected CSRF protection token');
}
if ($_POST['CSRFtoken'] !== static::getToken()) { if ($_POST['CSRFtoken'] !== static::getToken()) {
throw new FusionDirectoryException('CSRF protection token invalid'); throw new FusionDirectoryException('CSRF protection token invalid');
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment