Lanmikeman/chandler
1
1
Fork 0
mirror of https://github.com/openvk/chandler.git synced 2025-01-22 15:24:15 +03:00
Code Issues Projects Releases Packages Wiki Activity

Fix Anti-CSRF check condition

Browse source 
Pervious version is made chandler unusable if it runs on port different from 443.
This commit is contained in:
fkwa 2020-08-02 20:14:54 +03:00 committed by GitHub
parent 3093be04a6
commit 3cc25bec51
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
chandler/MVC/Routing/Router.php
View file

@ -85,7 +85,7 @@ class Router
[$hash, $nonce] = $data;
if(sodium_memcmp($this->makeCSRFToken($route, hex2bin($nonce)), "$hash#$nonce") === 0)
$GLOBALS["csrfCheck"] = parse_url($_SERVER["HTTP_REFERER"], PHP_URL_HOST) === $_SERVER["HTTP_HOST"];
$GLOBALS["csrfCheck"] = parse_url($_SERVER["HTTP_REFERER"], PHP_URL_HOST) === parse_url($_SERVER["HTTP_HOST"], PHP_URL_HOST);
} catch(\SodiumException $ex) {}
}