nas
/
todo_api
Watch 2
Star 1
Fork 0
Code Issues 1 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Improve CSRF handling

Maurits van der Schee 7 years ago
parent
177daca6ae
commit
d3f9c49f84
1 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 2
    2
      api.php

+ 2
- 2
api.php View File 

@@ -2336,7 +2336,7 @@ class PHP_CRUD_API {
2336 2336 
 // 	'secret'=>'someVeryLongPassPhraseChangeMe',
2337 2337 
 // ));
2338 2338 
 // if ($auth->executeCommand()) exit(0);
2339 
-// if (empty($_SESSION['user']) || $_GET['csrf']!=$_SESSION['csrf']) {
2339 
+// if (empty($_SESSION['user']) || !$auth->hasValidCsrfToken()) {
2340 2340 
 //	header('HTTP/1.0 401 Unauthorized');
2341 2341 
 //	exit(0);
2342 2342 
 // }
 
@@ -2347,7 +2347,7 @@ class PHP_CRUD_API {
2347 2347 
 // 	'authenticator'=>function($user,$pass){ $_SESSION['user']=($user=='admin' && $pass=='admin'); }
2348 2348 
 // ));
2349 2349 
 // if ($auth->executeCommand()) exit(0);
2350 
-// if (empty($_SESSION['user']) || $_GET['csrf']!=$_SESSION['csrf']) {
2350 
+// if (empty($_SESSION['user']) || !$auth->hasValidCsrfToken()) {
2351 2351 
 //	header('HTTP/1.0 401 Unauthorized');
2352 2352 
 //	exit(0);
2353 2353 
 // }

Write Preview
Loading…
Cancel
Save