correction faille CSRF

This commit is contained in:
fredtempez 2019-01-05 22:31:59 +01:00
parent 547693709e
commit f93df1e243
1 changed files with 2 additions and 1 deletions

View File

@ -93,7 +93,8 @@ class page extends common {
]);
}
// Jeton incorrect
elseif($_GET['csrf'] !== $_SESSION['csrf']) {
elseif(isset ($_GET['csrf']) AND
$_GET['csrf'] !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'page/edit/' . $url[0],