forked from ZwiiCMS-Team/ZwiiCMS
Correction faille CSRF
This commit is contained in:
parent
bbc9a43067
commit
0e6ae80233
@ -93,8 +93,14 @@ class page extends common {
|
||||
]);
|
||||
}
|
||||
// Jeton incorrect
|
||||
elseif(!isset ($_GET['csrf']) AND
|
||||
$_GET['csrf'] !== $_SESSION['csrf']) {
|
||||
elseif(!isset($_GET['csrf'])) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . 'page/edit/' . $url[0],
|
||||
'notification' => 'Jeton invalide'
|
||||
]);
|
||||
}
|
||||
elseif ($_GET['csrf'] !== $_SESSION['csrf']) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . 'page/edit/' . $url[0],
|
||||
|
Loading…
Reference in New Issue
Block a user