fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 17:21:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

Enforce CSRF tokens if option is enabled

Browse source
This commit is contained in:
Kijin Sung 2018-10-10 18:20:48 +09:00
parent 73e79fe547
commit 1d35511e04
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
common/framework/security.php
View file

@ -326,13 +326,14 @@ class Security
}
else
{
if (Session::getMemberSrl())
$is_logged = Session::getMemberSrl();
if ($is_logged)
{
trigger_error('CSRF token missing in POST request: ' . (\Context::get('act') ?: '(no act)'), \E_USER_WARNING);
}
$referer = strval($referer ?: $_SERVER['HTTP_REFERER']);
if ($referer !== '')
if ($referer !== '' && (!config('security.check_csrf_token') || !$is_logged))
{
return URL::isInternalURL($referer);
}