Correction faille CSRF

2019-01-05 23:02:28 +01:00 · 2019-01-05 23:02:28 +01:00 · 30e06ef2e2
commit 30e06ef2e2
parent b56696d651
1 changed files with 8 additions and 2 deletions
--- a/core/module/page/page.php
+++ b/core/module/page/page.php
@ -95,8 +95,14 @@ class page extends common {
 			]);
 		}
 		// Jeton incorrect
-		elseif(!isset ($_GET['csrf']) AND
+		elseif(!isset($_GET['csrf'])) {
-			$_GET['csrf'] !== $_SESSION['csrf']) {
+			// Valeurs en sortie
 			$this->addOutput([
 				'redirect' => helper::baseUrl() . 'page/edit/' . $url[0],
 				'notification' => 'Jeton invalide'
 			]);
 		}
 		elseif ($_GET['csrf'] !== $_SESSION['csrf']) {
 			// Valeurs en sortie
 			$this->addOutput([
 				'redirect' => helper::baseUrl() . 'page/edit/' . $url[0],