Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-11-27 21:56:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixes to csrf protection

Browse Source
This commit is contained in:
slawkens
2024-01-27 15:35:24 +01:00
parent 9b781d09a9
commit 41022727bd
8 changed files with 55 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
system/functions.php
View File

@@ -1070,7 +1070,7 @@ function csrfToken(): string {
function isValidToken(): bool {
$token = $_POST['csrf_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;
return ($_SERVER['REQUEST_METHOD'] !== 'POST' || (isset($token) && CsrfToken::isValid($token)));
return (!isRequestMethod('post') || (isset($token) && CsrfToken::isValid($token)));
}
function csrfProtect(): void
@@ -1665,6 +1665,10 @@ function makeLinksClickable($text, $blank = true) {
return preg_replace('!(((f|ht)tp(s)?://)[-a-zA-Zа-яА-Я()0-9@:%_+.~#?&;//=]+)!i', '<a href="$1"' . (!$blank ?: ' target="_blank"') . '>$1</a>', $text);
}
function isRequestMethod(string $method): bool {
return strtolower($_SERVER['REQUEST_METHOD']) == strtolower($method);
}
// validator functions
require_once SYSTEM . 'compat/base.php';