forked from ZwiiCMS-Team/ZwiiCMS
Correction faille CSRF
This commit is contained in:
parent
bbc9a43067
commit
0e6ae80233
@ -93,8 +93,14 @@ class page extends common {
|
|||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
// Jeton incorrect
|
// Jeton incorrect
|
||||||
elseif(!isset ($_GET['csrf']) AND
|
elseif(!isset($_GET['csrf'])) {
|
||||||
$_GET['csrf'] !== $_SESSION['csrf']) {
|
// Valeurs en sortie
|
||||||
|
$this->addOutput([
|
||||||
|
'redirect' => helper::baseUrl() . 'page/edit/' . $url[0],
|
||||||
|
'notification' => 'Jeton invalide'
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
elseif ($_GET['csrf'] !== $_SESSION['csrf']) {
|
||||||
// Valeurs en sortie
|
// Valeurs en sortie
|
||||||
$this->addOutput([
|
$this->addOutput([
|
||||||
'redirect' => helper::baseUrl() . 'page/edit/' . $url[0],
|
'redirect' => helper::baseUrl() . 'page/edit/' . $url[0],
|
||||||
|
Loading…
Reference in New Issue
Block a user