]> git.mxchange.org Git - friendica.git/commitdiff
projects / friendica.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cc40dcf)
Add header support for security token check
authorHypolite Petovan <mrpetovan@gmail.com>
Thu, 12 Apr 2018 03:28:51 +0000 (23:28 -0400)
committerHypolite Petovan <mrpetovan@gmail.com>
Tue, 17 Apr 2018 02:22:58 +0000 (22:22 -0400)
include/security.php patch | blob | history

diff --git a/include/security.php b/include/security.php
index af424df26c65c6122ff76a2070c936b426cdc46d..b13a507cf483c124e5e1de3ed3817b205784d3aa 100644 (file)
--- a/include/security.php
+++ b/include/security.php
@@ -405,12 +405,21 @@ function get_form_security_token($typename = '')
 
 function check_form_security_token($typename = '', $formname = 'form_security_token')
 {
-       if (!x($_REQUEST, $formname)) {
-               return false;
+       $hash = null;
+
+       if (!empty($_REQUEST[$formname])) {
+               /// @TODO Careful, not secured!
+               $hash = $_REQUEST[$formname];
+       }
+
+       if (!empty($_SERVER['HTTP_X_CSRF_TOKEN'])) {
+               /// @TODO Careful, not secured!
+               $hash = $_SERVER['HTTP_X_CSRF_TOKEN'];
        }
 
-       /// @TODO Careful, not secured!
-       $hash = $_REQUEST[$formname];
+       if (empty($hash)) {
+               return false;
+       }
 
        $max_livetime = 10800; // 3 hours
 
Unnamed repository; edit this file 'description' to name the repository.