Correction faille CSRF

This commit is contained in:
fredtempez 2019-01-05 23:03:23 +01:00
parent bbc9a43067
commit 0e6ae80233

View File

@ -93,8 +93,14 @@ class page extends common {
]); ]);
} }
// Jeton incorrect // Jeton incorrect
elseif(!isset ($_GET['csrf']) AND elseif(!isset($_GET['csrf'])) {
$_GET['csrf'] !== $_SESSION['csrf']) { // Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'page/edit/' . $url[0],
'notification' => 'Jeton invalide'
]);
}
elseif ($_GET['csrf'] !== $_SESSION['csrf']) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . 'page/edit/' . $url[0], 'redirect' => helper::baseUrl() . 'page/edit/' . $url[0],