strk/friendica
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add header support for security token check

Browse source
This commit is contained in:
Hypolite Petovan 2018-04-11 23:28:51 -04:00
parent cc40dcf83c
commit 54b75026fc
1 changed files with 13 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
include/security.php
View file

@ -405,12 +405,21 @@ function get_form_security_token($typename = '')
function check_form_security_token($typename = '', $formname = 'form_security_token') function check_form_security_token($typename = '', $formname = 'form_security_token')
{ {
if (!x($_REQUEST, $formname)) { $hash = null;
return false;
}
if (!empty($_REQUEST[$formname])) {
/// @TODO Careful, not secured! /// @TODO Careful, not secured!
$hash = $_REQUEST[$formname]; $hash = $_REQUEST[$formname];
}
if (!empty($_SERVER['HTTP_X_CSRF_TOKEN'])) {
/// @TODO Careful, not secured!
$hash = $_SERVER['HTTP_X_CSRF_TOKEN'];
}
if (empty($hash)) {
return false;
}
$max_livetime = 10800; // 3 hours $max_livetime = 10800; // 3 hours