Lanmikeman/chandler
1
1
Fork 0
mirror of https://github.com/openvk/chandler.git synced 2025-02-02 04:25:25 +03:00
Code Issues Projects Releases Packages Wiki Activity

Fix CSRF vulnerability

Browse source
This commit is contained in:
Jill Stingray 2020-06-11 12:47:33 +03:00
parent 52c05f2301
commit 5f29e67c56
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
chandler/MVC/Routing/Router.php
View file

@ -85,7 +85,7 @@ class Router
[$hash, $nonce] = $data;
if(sodium_memcmp($this->makeCSRFToken($route, hex2bin($nonce)), "$hash#$nonce") === 0)
$GLOBALS["csrfCheck"] = true;
$GLOBALS["csrfCheck"] = parse_url($_SERVER["HTTP_REFERER"], PHP_URL_HOST) === $_SERVER["HTTP_HOST"];
} catch(\SodiumException $ex) {}
}