friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity

Add header support for security token check

This commit is contained in:
Hypolite Petovan 2018-04-11 23:28:51 -04:00
parent cc40dcf83c
commit 54b75026fc
1 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
include/security.php
View File

@ -405,12 +405,21 @@ function get_form_security_token($typename = '')
function check_form_security_token($typename = '', $formname = 'form_security_token') function check_form_security_token($typename = '', $formname = 'form_security_token')
{ {
if (!x($_REQUEST, $formname)) { $hash = null;
return false;
if (!empty($_REQUEST[$formname])) {
/// @TODO Careful, not secured!
$hash = $_REQUEST[$formname];
} }
/// @TODO Careful, not secured! if (!empty($_SERVER['HTTP_X_CSRF_TOKEN'])) {
$hash = $_REQUEST[$formname]; /// @TODO Careful, not secured!
$hash = $_SERVER['HTTP_X_CSRF_TOKEN'];
}
if (empty($hash)) {
return false;
}
$max_livetime = 10800; // 3 hours $max_livetime = 10800; // 3 hours