Fix Anti-CSRF check condition

Pervious version is made chandler unusable if it runs on port different from 443.
This commit is contained in:
fkwa 2020-08-02 20:14:54 +03:00 committed by GitHub
parent 3093be04a6
commit 3cc25bec51
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -85,7 +85,7 @@ class Router
[$hash, $nonce] = $data;
if(sodium_memcmp($this->makeCSRFToken($route, hex2bin($nonce)), "$hash#$nonce") === 0)
$GLOBALS["csrfCheck"] = parse_url($_SERVER["HTTP_REFERER"], PHP_URL_HOST) === $_SERVER["HTTP_HOST"];
$GLOBALS["csrfCheck"] = parse_url($_SERVER["HTTP_REFERER"], PHP_URL_HOST) === parse_url($_SERVER["HTTP_HOST"], PHP_URL_HOST);
} catch(\SodiumException $ex) {}
}