fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-07 02:31:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

Cast to string before verifying untrusted input

Browse source
This commit is contained in:
Kijin Sung 2025-03-08 14:57:24 +09:00
parent 641bb89a9d
commit f33c52b20f
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
common/framework/Security.php
View file

@ -317,11 +317,11 @@ class Security
$check_csrf_token = config('security.check_csrf_token') ? true : false;
if ($token = isset($_SERVER['HTTP_X_CSRF_TOKEN']) ? $_SERVER['HTTP_X_CSRF_TOKEN'] : null)
{
return Session::verifyToken($token, '', $check_csrf_token);
return Session::verifyToken((string)$token, '', $check_csrf_token);
}
elseif ($token = isset($_REQUEST['_rx_csrf_token']) ? $_REQUEST['_rx_csrf_token'] : null)
{
return Session::verifyToken($token, '', $check_csrf_token);
return Session::verifyToken((string)$token, '', $check_csrf_token);
}
elseif ($_SERVER['REQUEST_METHOD'] === 'GET')
{