From 0e6ae802337338befa3a12c3c4e43b4e6408f3d5 Mon Sep 17 00:00:00 2001 From: fredtempez Date: Sat, 5 Jan 2019 23:03:23 +0100 Subject: [PATCH] Correction faille CSRF --- core/module/page/page.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/core/module/page/page.php b/core/module/page/page.php index 6e232c23..ae247db6 100755 --- a/core/module/page/page.php +++ b/core/module/page/page.php @@ -93,8 +93,14 @@ class page extends common { ]); } // Jeton incorrect - elseif(!isset ($_GET['csrf']) AND - $_GET['csrf'] !== $_SESSION['csrf']) { + elseif(!isset($_GET['csrf'])) { + // Valeurs en sortie + $this->addOutput([ + 'redirect' => helper::baseUrl() . 'page/edit/' . $url[0], + 'notification' => 'Jeton invalide' + ]); + } + elseif ($_GET['csrf'] !== $_SESSION['csrf']) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . 'page/edit/' . $url[0],