From 30e06ef2e2d80d99979a7d24ab3bb48724a8ed70 Mon Sep 17 00:00:00 2001
From: fredtempez <ftempez@gmail.com>
Date: Sat, 5 Jan 2019 23:02:28 +0100
Subject: [PATCH] Correction faille CSRF

---
 core/module/page/page.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/core/module/page/page.php b/core/module/page/page.php
index 17edaa8a..f33cad4c 100755
--- a/core/module/page/page.php
+++ b/core/module/page/page.php
@@ -95,8 +95,14 @@ class page extends common {
 			]);
 		}
 		// Jeton incorrect
-		elseif(!isset ($_GET['csrf']) AND
-			$_GET['csrf'] !== $_SESSION['csrf']) {
+		elseif(!isset($_GET['csrf'])) {
+			// Valeurs en sortie
+			$this->addOutput([
+				'redirect' => helper::baseUrl() . 'page/edit/' . $url[0],
+				'notification' => 'Jeton invalide'
+			]);
+		}
+		elseif ($_GET['csrf'] !== $_SESSION['csrf']) {
 			// Valeurs en sortie
 			$this->addOutput([
 				'redirect' => helper::baseUrl() . 'page/edit/' . $url[0],